Presentation is loading. Please wait.

Presentation is loading. Please wait.

Field Systems Engineer F5 Networks Central Europe

Published byHanna Lorentz Modified over 5 years ago

Similar presentations

Presentation on theme: "Field Systems Engineer F5 Networks Central Europe"— Presentation transcript:

1 Field Systems Engineer F5 Networks Central Europe
SSL VPN - FirePass This presentation provides a short overview of the F5 FirePass controller. Rainer Singer Field Systems Engineer F5 Networks Central Europe

2 Market Opportunity High-growth market
“Spending on SSL VPN’s will grow at a 53% compound annual growth rate, and SSL VPNs will surpass traditional IPsec VPNs as the de-facto remote access security standard by 2008.” (Forrester Research)

3 Recognised as Best-of-Breed
TOP RATED GOLD AWARD ENTERPRISE VPN SOLUTION HOT PICK “Sets a new standard for ease of use in setup and configuration, and for the wide array of client OS’s and browsers supported.” “The best remote access solution we've seen to date.” “It trumps other SSL VPN offerings with its ease of use, industrial strength hardware platform and advanced security features for unmanaged endpoint devices, one of the biggest risks emerging in this space." “Taking the primo prize is our Gold Award winner, the FirePass Controller v5.2 from F5 Networks Inc. Most important to our judges was the ease of integration that FirePass exhibits… FirePass also stands out because it offers full network access support to any IP application across multiple platforms.” FirePass 1000 F5 Networks, F5networks.com Excellent 9 criteria score weight Security Interoperability Setup Ease-of-use Value 9 30% 25% 20% 15% 10% October 2004 January 2005 January 2005

4 Authorized Applications
FirePass® Overview Any User Any Device Authorized Applications Dynamic Policies Portal Access Secured by SSL Laptop FirePass® Specific Application Access Internet Kiosk F5’s FirePass Controller provides a comprehensive remote access solution consisting of: Access from Any User on Any Device – FirePass supports virtually any device with a web browser Dynamic policies – FirePass dynamically can adapt policies to ensure that users can only access their authorized applications. In addition, FirePass can adapt the level of access based on the type of device (e.g. corporate laptop, kiosk, mobile phone) used for remote access. Authorized applications – FirePass provides 3 types of application access Full network access – IPSec replacement with full access to all IP applications Portal access – secure access to a customer portal or a FirePass web portal Specific application access – access to specific applications, such as a single client/server application or specific web site Network Access Mobile Device Intranet Partner

5 Adaptive Client Security
Kiosk/Untrusted PC PDA Laptop Kiosk Policy Cache/Temp File Cleaner Corporate Policy Firewall/Virus Check Mini Browser Policy One of the real strengths of a SSL VPN solution is the breadth of access. However, customers don’t want to open up access from any device to any application – this would be a huge security exposure. With adaptive client security the FirePass controller enables an administrator to enable different levels of access based on the device and user. For example: Kiosk users with the cache cleanup feature can access terminal servers, files, intranet, and PDA users can access the intranet, Laptop users are provided full network access with support for all client /server applications Client/Server Application Full Network Terminal Servers Files Intranet

6 Dynamic Policy Engine User / Device Security Seamless Integration
Dynamically adapt user policy based on device used Seamless Integration Utilize existing AAA servers Automatic user group mapping Detailed audit trail Application level visibility Dynamic Policy Engine Application Access Mobile Device Policy Kiosk Policy Default Policy Laptop Policy The FirePass dynamic policy engine allows organizations to set up rules to match their business needs governing groups, authentication and access rights. These rules tell FirePass how the organization would like specific situations to be handled and ultimately reported on. FirePass Authentication LDAP RADIUS WIN NT/2K Web-Based Group Sales Financial Auditors etc…. Access Rights Intranet SAP Siebel File Shares Audit Usage Reporting Who accessed What was accessed From Where

7 Unmatched End-Point Security
Anti-Virus Integration Symantec (Norton) McAfee Trend Micro Computer Associates (eTrust) F-Secure Sophos Kaspersky Lab Panda Software FRISK Software (F-Prot) Zone Labs Authentium SOFTWIN (BitDefender) Grisoft (AVG) Doctor Web Eset (NOD32) Firewall Integration Zone Labs Sygate Microsoft McAfee Symantec Tiny Software OS Integration Presence and absence of any specific process OS service packs IE service packs System registry settings Routing table entry change detection Digital certificates Trusted IP or MAC etc. Checks for presence and prevents any information from being cached or indexed.

8 Visual Policy Editor Visual policy editor graphically associates a policy relationship between end-points, users and resources. Makes it extremely easy to setup even sophisticated policies lowering TCO. Reduces configuration mistakes and avoid security holes Graphically associates a policy relationship between end-points, users and resources

9 FirePass – Positioning
VPN Connector Network Access Portal Access Application Access My Intranet Windows & Unix File Adapter Mobile Adapter App Tunnels Terminal Server Adapter Host Access X-Windows In V5 the FirePass webifyer features are grouped into major usage modes. These include: Network Access – SSL-VPN or VPN Connector Portal Access – Web based access to files, s, web applications – intranet & extranet portals Application Access – AppTunnels or specific client/server application access Desktop Access Helps to make it easier to communicate and message Depending on customer requirements they may need to use FirePass in one or more of these use-scenarios

10 Network Access VPN Connector

11 Comprehensive Application Access Extend Network Access
Corporate Laptop Corporate Network Microsoft Exchange Server Browser Network Access FirePass® SSL VPN Tunnel Mobile users today often utilize an IPSec client to extend the corporate network to the client laptop. FirePass offers a similar, yet superior solution by using SSL to deliver all of the same applications as an IPSec client without the hassles of installation and support of a IPSec client. Application access - With FirePass laptop users can connect using any standard browser. Using the FirePass VPN connector users establish a tunnel connection to any TCP/UDP applications. This indeed does replace IPSec for client-to-site. FirePass provides the same functionality, same transparent access, same access to applications without all the frustrations, costs and limitations associated with IPSec. Strong security - FirePass checks the integrity of the client (active firewall, antivirus) before allowing a full network connection – these policies are all maintained centrally on the FirePass controller. Plus FirePass provides flexibility so you can provide full network access when appropriate, or limit that access as necessary. It’s the best of both worlds Enterprise integration - Finally, FirePass integrates with the existing security infrastructure to simplify deployment. Users do not have to preinstall a VPN client (the necessary client technology is installed via the browser) so deployment is greatly simplified when compared to IPSec solutions. Secure access to all IP applications Client support – Windows, Linux, MacOS – Java/ActiveX download – Windows client Enterprise integration – Automated deployment – Centralized policies – Client quarantine Application access – Any IP-based application UDP, TCP, ICMP

12 Extending Secure Access to All Desktops
Mac Users Execs • Marketing • Graphic Designer • Non-technical users Linux Users System Administrators ● Developers ● Technicians Windows (~ 85%) Mac (~10%) Linux (~ 5%) Add developers Extending secure access to all the users in an organization “Our most strategic users needing secure remote access are developers and they use Linux.” - Oracle Technology Business Unit

13 Policy Checking with Network Quarantine
Deep Integrity Checking – Specific antivirus checks – Windows OS patch levels – Registry settings Quarantine Policy Support – Ensure Policy Compliance – Direct to quarantine network Full Network FirePass® Quarantine Network Please update your machine!

14 Portal Access My Intranet Windows & Unix File Adapter Mobile Email

15 Portal Access Policy-based security controls
Corporate Network Kiosk/Home PC Protected Workspace (WIN2K/XP) • Web • File Servers Content Inspection Engine Portal Access FirePass® SSL Mobile users today often utilize an IPSec client to extend the corporate network to the client laptop. FirePass offers a similar, yet superior solution by using SSL to deliver all of the same applications as an IPSec client without the hassles of installation and support of a IPSec client. Application access - With FirePass laptop users can connect using any standard browser. Using the FirePass VPN connector users establish a tunnel connection to any TCP/UDP applications. This indeed does replace IPSec for client-to-site. FirePass provides the same functionality, same transparent access, same access to applications without all the frustrations, costs and limitations associated with IPSec. Strong security - FirePass checks the integrity of the client (active firewall, antivirus) before allowing a full network connection – these policies are all maintained centrally on the FirePass controller. Plus FirePass provides flexibility so you can provide full network access when appropriate, or limit that access as necessary. It’s the best of both worlds Enterprise integration - Finally, FirePass integrates with the existing security infrastructure to simplify deployment. Users do not have to preinstall a VPN client (the necessary client technology is installed via the browser) so deployment is greatly simplified when compared to IPSec solutions. Secure access to corporate portals Client protection Protected workspace Secure virtual keyboard SSO Integration – SSO interoperability – FirePass autologin Content Inspection – Application security – Virus scanner – Block access

16 Secure Portal Access from Un-Trusted Clients
Protected Workspace – Private workspace for all downloaded files – Removes any trace of downloaded files after session – Separate I/O (protected boundary) Secure Virtual Keyboard – Keyless password entry protects from key-stroke loggers – Patent pending

17 Enterprise SSO Integration
Netegrity SiteMinder Dynamic Policies 1. User ID, Password FirePass® 2. Session Cookie Internet Web Servers 3. Session Cookie HTTP forms-based authentication Single sign-on to all web applications Major SSO & Identify Mgmt Vendor Support Netegrity, Oblix and others

18 Application Security X Policy-based virus scanning Integrated scanner
Web Servers ICAP AntiVirus 1. SQL Injection X FirePass® Internet Policy-based virus scanning File uploads Webmail attachments Integrated scanner Open ICAP interface Web application security Cross-site scripting Buffer overflow SQL injection Cookie management

19 Application Access X-Windows Terminal Server Host App Tunnels Adapter

20 Specific Application Access Secure Extranet or Employee Access
Partner PC Corporate Network Browser • Terminal Servers • Legacy Hosts • Desktops • Client/Server Applications Application Access FirePass® SSL VPN Tunnel Mobile users today often utilize an IPSec client to extend the corporate network to the client laptop. FirePass offers a similar, yet superior solution by using SSL to deliver all of the same applications as an IPSec client without the hassles of installation and support of a IPSec client. Application access - With FirePass laptop users can connect using any standard browser. Using the FirePass VPN connector users establish a tunnel connection to any TCP/UDP applications. This indeed does replace IPSec for client-to-site. FirePass provides the same functionality, same transparent access, same access to applications without all the frustrations, costs and limitations associated with IPSec. Strong security - FirePass checks the integrity of the client (active firewall, antivirus) before allowing a full network connection – these policies are all maintained centrally on the FirePass controller. Plus FirePass provides flexibility so you can provide full network access when appropriate, or limit that access as necessary. It’s the best of both worlds Enterprise integration - Finally, FirePass integrates with the existing security infrastructure to simplify deployment. Users do not have to preinstall a VPN client (the necessary client technology is installed via the browser) so deployment is greatly simplified when compared to IPSec solutions. Benefits: • Strong Security • Application-level auditing Client support – Standard web browsers – Java/ActiveX capable Restricted access – Defined applications – No network connection Detailed logging – Session details – Specific applications

21 FirePass Product Line FirePass 600 FirePass 1000 FirePass 4100
A product sized and priced appropriately for every customer FirePass 600 Small Business VPN FirePass 1000 Medium Enterprise FirePass 4100 Large Enterprise 10-25 Concurrent Users Concurrent Users Concurrent Users 10 to 100 employees Easy to install and use Cost-effective 100% Channel Product Standard support Limited Featureset 25 to 500 employees Comprehensive access End-to-End security Flexible support Failover 500+ employees High performance platform Comprehensive access End-to-End security Flexible support Failover Cluster up to 10

22 Summary: FirePass Delivers
Key Features Enterprise-class, High Availability platform Built-in, load balanced clustering SSL acceleration and server side caching Visual Policy Editor and 30 Minute install Supports Windows, Mac, Linux, Solaris and other clients Built-in Protected Workspace and end-point security Integrates with existing enterprise infrastructure and applications Key differentiators Out-of-box Scalability, Performance and Reliability Powerful, easy to use management interface Breadth of clients, applications and infrastructure Comprehensive Risk Management including end-point security Competitive Advantage Best combination of capabilities, usability and security Lowest Total Cost of Ownership and Highest ROI

23 Questions ?

Download ppt "Field Systems Engineer F5 Networks Central Europe"

Similar presentations

Encrypting Wireless Data with VPN Techniques

Encrypting Wireless Data with VPN Techniques
Heroix Longitude - multiplatform, automated application performance monitoring and management software.

Heroix Longitude - multiplatform, automated application performance monitoring and management software.
| Copyright © 2009 Juniper Networks, Inc. | www.juniper.net 1 WX Client Rajoo Nagar PLM, WABU.

| Copyright © 2009 Juniper Networks, Inc. | 1 WX Client Rajoo Nagar PLM, WABU.
2  Industry trends and challenges  Windows Server 2012: Modern workstyle, enabled  Access from virtually anywhere, any device  Full Windows experience.

2  Industry trends and challenges  Windows Server 2012: Modern workstyle, enabled  Access from virtually anywhere, any device  Full Windows experience.
 What Is Desktop Virtualization?  How Does Application Virtualization Help?  How does V3 Systems help?  Getting Started AGENDA.

 What Is Desktop Virtualization?  How Does Application Virtualization Help?  How does V3 Systems help?  Getting Started AGENDA.
Security that is... Ergonomic, Economical and Efficient! In every way! Stonesoft SSL VPN SSL VPN.

Security that is... Ergonomic, Economical and Efficient! In every way! Stonesoft SSL VPN SSL VPN.
Setting Up a Virtual Private Network Chapter 9. Learning Objectives Understand the components and essential operations of virtual private networks (VPNs)

Setting Up a Virtual Private Network Chapter 9. Learning Objectives Understand the components and essential operations of virtual private networks (VPNs)
Securing Remote Network Access FirePass ®. Business Case VirginiaCORIS is an initiative to modernize the way that offender information is managed, to.

Securing Remote Network Access FirePass ®. Business Case VirginiaCORIS is an initiative to modernize the way that offender information is managed, to.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Introduction to ISA 2004 Dana Epp Microsoft Security MVP.

Introduction to ISA 2004 Dana Epp Microsoft Security MVP.
©2005 Check Point Software Technologies Ltd. Proprietary & Confidential Check Point Software SSL VPN Solutions Technical Overview Thorsten Schuberth Technical.

©2005 Check Point Software Technologies Ltd. Proprietary & Confidential Check Point Software SSL VPN Solutions Technical Overview Thorsten Schuberth Technical.
Exchange 2010 Overview Name Title Group. What You Tell Us Communication overload Globally distributed customers and partners High cost of communications.

Exchange 2010 Overview Name Title Group. What You Tell Us Communication overload Globally distributed customers and partners High cost of communications.
Barracuda Networks Steve Scheidegger Commercial Account Manager 734-887-2422

Barracuda Networks Steve Scheidegger Commercial Account Manager
© 2005,2006 NeoAccel Inc. Training Access Modes. © 2005,2006 NeoAccel Inc. Agenda 2. Access Terminals 6. Quick Access Terminal Client 3. SSL VPN-Plus.

© 2005,2006 NeoAccel Inc. Training Access Modes. © 2005,2006 NeoAccel Inc. Agenda 2. Access Terminals 6. Quick Access Terminal Client 3. SSL VPN-Plus.
Introducing Kerio Control Unified Threat Management Solution Release date: June 1, 2010 Kerio Technologies, Inc.

Introducing Kerio Control Unified Threat Management Solution Release date: June 1, 2010 Kerio Technologies, Inc.
Course 201 – Administration, Content Inspection and SSL VPN

Course 201 – Administration, Content Inspection and SSL VPN
Copyright © 2004 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 1 IPSec or SSL VPN? Decision Criteria.

Copyright © 2004 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 1 IPSec or SSL VPN? Decision Criteria.
Market Trends Enterprise Web Applications Cloud Computing SaaS Applications BYOD Data Compliance Regulations 30 Second Elevator Pitch Web browsers have.

Market Trends Enterprise Web Applications Cloud Computing SaaS Applications BYOD Data Compliance Regulations 30 Second Elevator Pitch Web browsers have.
Barracuda Load Balancer Server Availability and Scalability.

Barracuda Load Balancer Server Availability and Scalability.
© 2005,2006 NeoAccel Inc. Partners Presentation SSL VPN-Plus 2.0 Quick Start Guide.

© 2005,2006 NeoAccel Inc. Partners Presentation SSL VPN-Plus 2.0 Quick Start Guide.

Similar presentations

Ads by Google