530 likes | 778 Views
F5 Security Products FirePass SSL VPN. Presented by: Product Management . Version 3 Oct. 17, 2008. Presentation Topics. SSL VPN market and Trends FirePass SSL VPN Base Functional Overview. Features and Benefits – Reflects release 6.0.2 Release 6.0.3 – Sept. 08
E N D
F5 Security ProductsFirePass SSL VPN Presented by: Product Management Version 3 Oct. 17, 2008
Presentation Topics • SSL VPN market and Trends • FirePass SSL VPN Base Functional Overview. • Features and Benefits – Reflects release 6.0.2 • Release 6.0.3 – Sept. 08 • FirePass Look-ahead Strategy • Selling our solution • Resource help • Summary
Microsoft Exchange Server At Home On the Road The Leader in Application Delivery Networking Remote Users Datacenter Application Delivery Network FirePass Browser
TheInfoPro Wave 3 Survey – Spring 2007 • TheInfopro interview with all 133 Fortune 1000 and midsize enterprise customers • Top Concerns: • Network security continues to top the list of areas of concern, along with managing growth while keeping costs under control, managing network performance under demanding conditions, including addressing the issue of aging hardware
SSL VPN Market • Source: Gartner Dataquest (April 2007)
SSL World Wide Revenue 2005-2010 From Gartner®SSL VPN Vendor Revenue Forecast Published 7/06
Market Trends • Enterprise • Anytime/Anywhere Access • Continuous Business Operations • Lower Costs • IT Staff • Overworked • Expanding Security Needs Squeezed • Users • Reliable and Easy to use • Support for non-Windows machines • More than just webmail
Market Trends SSL VPN is becoming the mainstream technology of choice for remote access. Key trends and drivers for the SSL VPN market and the potential impacts are:
Application Delivery Network Security is a key technology and Solution component of ADN International Data Center Users Applications Big-IP Secure Access Acceleration WAN- optimization Web – Acceleration Storage Virtualization Acopia Local Traffic Manager Global Traffic Manager Link Controller FirePass SSL VPN ASM - Web App Firewall TMOS iControl/ iRules Enterprise Manager
Key FirePass Features • Access Control • Authentication • Authorization • Endpoint Security • Audit • Application Access Modes ( Connectivity Options ) • Network Access • Application Access • Portal Access • Visual Policy Management • Clustering & Failover • Platforms – SMB to large enterprises
FirePass 6.0.3 Key Feature Summary (Released September 2008) • Support for FullArmor Group Policy Anywhere functions • Protected Workspace enhancements • Java bases AppTunnels and terminal services • FirePass Reverse Proxy enhancements • Windows Vista SP1 and Windows XP 3 support • MAC Intel client 10.5 support and enhancements • Standalone client enhancements • Product serviceability, guide, and online help improvements
User Authentication with Master Groups • Wide range of Authentication • Active Directory • LDAP • RADIUS • Client Certificates • 2-Factor Auth (RSA SecurID and others) • HTTP Forms based and Basic Auth • Authentication based on Group • For e.g., 2-Factor auth for employees, RADIUS auth for partners
FirePass Features & Functions • Resource Alias – Automated update of access policies based on resource • Resource Groups – Drastically reduces changes to individual access policies new resources are added/modified • Enterprise Integration – Integration with AD, RADIUS, LDAP, Citrix MetaFrame etc. Business Benefit: Multiple User Groups Multiple Resources Corporate Resource Group • Simplification by reducing configuration changes Automated policy updates via Instant Access Policy Provisioning Adaptable to new business needs Instantly provision new resources Change resources without having to update individual access policies Microsoft Exchange HR Application • Intranet Employee Group • • Sales Resource Group • Sales Dept Group Simplified Access Policy Management using Resource Groups
Strong Endpoint Security • Client Integrity Checking • – Checks for AV/FW software, OS patch etc. • Protected (Secure) Workspace • – Prevent accidental file leakage • Cache Cleaner • – Clear temp. files, browser cache • Device level authentication • – Machine certificates • – Well known process • – Pre-defined registry entry
Access Modes • Portal Access • Access to Web applications & portals via FirePass Reverse Proxy • Web based access to email, windows files • Any browser based client device including mobile devices • Application Access • Access to specific client/server applications (hosts, ports) • Application level audit and access control • Windows 2000/XP/Vista clients • Network Access • Support for ANY TCP/UDP network applications • Full layer 3 network access (IPSec equivalent) • Broad client support Windows, Mac, Linux, PocketPC & SmartPhone
Browser Network Access Microsoft Exchange Server FirePass® Network AccessExtend Corporate Network to Employees from Corporate Device Benefits: Corporate Network Corporate Laptop FirePass® SSL VPN Tunnel • • Increased productivity • Reduced operational costs • Client support • Windows Vista, XP, 2000 • Windows Mobile 5 & 6 • (Pocket PC & Smartphone) • Linux • Mac (incl. Intel based Mac) • Application access • Any Internet connection • Any IP-based application • Optimization • Enterprise integration • Automated deployment • Centralized policies • VLAN Support
Full Network Quarantine Network Please update your machine! FirePass® Network AccessEndpoint Security Features Benefits: FirePass® • • Strong Security • Protection against attacks • Quarantine policy support • Ensure policy compliance • Automatic direction to quarantine • Deep integrity check • Specific antivirus / FW checks • Registry, client cert, file checks • Windows OS patch levels
• Terminal Servers • Legacy Hosts • Citrix • Client/Server Applications Browser Application Access Application AccessSecure Extranet or Employee Access Benefits: Corporate Network Partner PC FirePass® SSL VPN Tunnel • • Strong Security • Application-level auditing Client support– Standard web browsers– Java/ActiveX capable Restricted access – Defined applications – No network connection Detailed logging – Session details – Specific applications
Flexible Integration Options Session Reliability Support Terminal Services Static AppTunnels Portal Access Citrix DeploymentGuide on f5.com Citrix Application Interoperability Citrix Seamless Windows Support
• Web • Email • File Servers Browser Portal Access Portal AccessSecure Ubiquitous Access from Any Web-Enabled Device Benefits: Corporate Network Kiosk/Home PC FirePass® SSL • • Improved productivity • Reduced operational costs • Application Ready Access • OWA 2007, SharePoint 2007, Oracle, SAP Portal, Peoplesoft HR Portal etc. • Wide range of web app content • Directory integration • Automated group mapping • SSO integration • Client support • Any web-enabled device • SSL security
Web Application Interoperability Web Server Client FirePass Reverse Proxy • Next generation reverse proxy • New and improved HTML and JavaScript Parsing Engines • Application Ready Access • Outlook Web Access (OWA) 2007 • SharePoint 2007 • iNotes 7.0 • Oracle Portal (3.1) to 10g • PeopleSoft HR Portal 8.1 • SAP Portal • .. • Emerging Web 2.0 Content Support • HTML, Javascript, Java, Flash, AJAX Internet
Desktop / Laptop Client OS Support • XP 64 bit • Client/Server Apps • Web based Apps • Web based Files • Intel Macs • Client/Server Apps • Web based Apps • Web based Files • Vista 64 bit • Client/Server Apps • Web based Apps • Web based Files
MS SharePoint & OWA 2007 Application Delivery • Security • Firepass Reverse Proxy • Granular Access Policy • Performance • Web Acceleration • Local Traffic Management • Availability • Access from any device • Global Load Balancing
• Web • Email • File Servers Cache/Temp File Cleanup Protected Workspace Content Inspection Engine Portal Access Portal AccessPolicy-based security controls Corporate Network Benefits: Kiosk/Home PC FirePass® SSL • • Enhanced Security Content Inspection– Block inappropriate traffic– Integrated virus scanner Public Access Security – Cache cleanup – Protected workspace Reverse proxy – URL obfuscation – Cookie protection – Browser cache control
Enhanced Mobile User Support “Holy cow!! Forget MobileMe, I now have my entire work calendar on my iPhone so I can manage my work and personal life much better. It also worked extremely well for mail.” — F5 Beta Tester Feedback
Mobile User Support Application ready Access Authorized Applications Mobile user Visual Policy Editor Windows Mobile 5 & 6 Support Portal Access End-Point Secure Access Policy Management - - Firewall FirePass® Internet Specific Application Access SSL VPN + Tunnel + Standard (Safari) Browser iPhone support Network Access Intranet
Visual Policy Editor • Simplified policy management • Point and click interface to easily define end-point access policies • Single point of management for FirePass clusters
Visual Policy Editor Graphically associates a policy relationship between end-points, users and resources
Group Policy for Remote & Mobile Users Extend Group Policy to non-Domain endpoints. Protects against loss of sensitive data. Regulatory concerns? Comply with HIPAA, PCI & GLBA. Integrated with Visual Policy Editor for easy deployment.
Pre-defined templates for common policies Custom template upload option Group Policy Creation
Scalability Supports up to 2,000 concurrent users per device Support up to 20,000 users per cluster Availability Out of the box clustering (no 3rd party products required) Built in load-balancing Optimized integration with F5 traffic management products Redundant Hardware and Software Options Available “The reliability is very good. The FirePass boxes have been running flawlessly for about a year now” - Salvatore Ranazzisi, Global Network Architect, Organon Pharmaceuticals “FirePass failover capabilityis excellent. ” - Joseph Girodo, Group Manager, Sports Authority FirePass Provides Enterprise Class Scale and Availability
Best in Class SSL VPN The FirePass 4100 is the best remote access solution we've seen to date. It trumps other SSL VPN offerings with its ease of use, industrial strength hardware platform and advanced security features for unmanaged endpoint devices, one of the biggest risks emerging in this space. --George Wrenn - editor, Information Security Magazine Lowest Cost of Ownership Established Market Leadership Best in Class Features & Performance • Broad Infrastructure Support • Any Client / Application • 3rd Party Infrastructure • - Active Directory, LDAP, etc Reader Trust • Security • Broad End Point Security • - Anti virus, Firewall, OS, File Checks • Granular Access Policies Product cited in Best IPSec/SSL VPN category of Reader Trust Awards 2007 • Lowest Cost Pricing Structure • Most features included with core price • Flat fee failover device • Productivity • Secure Remote Access • - Any Time, Any Place • - Any Application • - Any Device Network World Network World 2006 ‘Best of Tests’ Finalist Award • Easy Maintenance & Deployment • Award-winning GUI • Visual Based Policy Editor • Home page and GUI localization Frost & Sullivan Frost & Sullivan Award for Market Penetration Leadership Award • Scalability • Up to 2,000 conc. users • Up to 20,000 conc. user clustering • Scale with LTM Integration October 2007 EAL-2 ADV_SDM ALC_FLR.1
FirePass Clustering • Cluster Nodes can be located anywhere • Policy, Resource, Access information is distributed • Logs are centralized • IP config is not distributed • IP, DNS, Routes are local to cluster • For example, the same RADIUS server can be defined identically but will resolve differently US Cluster master EMEA APAC
FirePass platform selection guide *Pricing is same on 4100 and 4300 for 1000 conc. users and above
FirePass Product Range Medium to Large Enterprise Small to Medium Enterprise FirePass 4300 Series FirePass 1200 Series FirePass 4100 Series Entry level server designed for the small to medium enterprise; supports from 10 to 100 concurrent users Designed for the medium to large enterprise; supports up to 2000 concurrent users per server Designed for the medium size enterprise; recommended up to 500 concurrent users per server • 2U rack-mount server • 2 Dual core CPU • Cluster expandable to 10 • nodes – 1 master node and 9 • slave nodes • Recommended concurrent user • add-ons: • up to 2000 concurrent • users per node, 20,000 max • in a cluster • Host adapter • Hardware factory options • SSL Card • FIPS SSL Card • Additional memory • 2U rack-mount server • 2 Single core CPU • Cluster expandable to 10 • nodes – 1 master node • and 9 slave nodes • Recommended concurrent user add-ons: • up to 500 concurrent • users per node, 20,000 max • in a cluster • Host Adapter • Hardware factory options • SSL Card • FIPS SSL card • Additional memory • 1U rack-mount server • Single core CPU • Non-expandable • 10 – 100 concurrent users • Host adapter • Mobile adapter
FirePass Customers • Large enterprises, small/medium enterprises (SME) • Service providers (Carriers & MSP) • Government organizations • Multiple industries • Reference Success Stories on F5.com
Key Discovery Questions • Who are the remote users (employees/partners/suppliers etc.) ? • What applications do your users need to access securely ? • What client devices/OS do you allow on your network ? • How many concurrent users require secure access ? • How do you enforce your endpoint security policy ? • How are your users authenticated ?
Who are the FirePass Competitors? • Juniper • Secure Access (SA) Platform • Citrix • NetScaler • Cisco • ASA • Aventail • EX Series • Others • Microsoft Internet Access Gateway, NeoAccel, Nortel, Array, and many more….
Key Differentiators Best Endpoint Security Solution Protected Workspace and Cache Cleaner OS and AV inspection Group Policy Templates Broader Client & Application Interoperability Windows, iMac and Linux iPhone and WinMobile Devices Browser based and standalone client software Simplified Management and Deployment Visual Policy Editor Integration with BIG-IP GTM
Resource Help • PMM/TMM • Peter Silva – TMM • Andy Oehler - PM • Jonathan George - PMM • Product Management Engineers • Technical Team working with Product Management • Keith R. FirePass, MSM, EM • Brian T. WanJet, Web Accelerator • Dan G. ASM, LTM • Nat T. New Technology Research • Mike L. LTM, GTM, Everything Else • Resources: • *CAT (Outlook): Searchable Archives! • Mainstreet Site (Competitive Repository Goldmine) • http://mainstreet/sites/sales/competitive/ • “Engaging the CAT team” PDF • “Monthly” Newsletter
Resource Help • F5.com - Product • http://f5.com/products/firePass • F5.Com White Papers • http://f5.com/solution-center/white-papers • Edge Site being refreshed – complete by Feb 7th • Sales/customer presentations • Collateral • White Papers • Deployment Guide
What Can I Do To Expand FirePass Market Share? Theme: Market Leading Remote Secure Access Strategy - New releases in April will make us a True market leader in: Unified Access • Start talking about it • Get a “buzz” going today for sales tomorrow • Leverage existing customers; many still don’t know we have a remote access security solution • It is old news for us, but the majority of folks are still not educated on the advantages of SSL VPN and/or FirePass in particular • Know the product, and have confidence in it • Customers can smell fear and uncertainty; Juniper excels at creating both • The product is only as saleable as the people selling it • Leverage the F5 name • F5 is synonymous with success!
F5 Strengths • F5 is the Application Delivery Networking Leader! • BIG-IP dominates all the markets where it participates • TMOS platform is revolutionary approach that no one else can offer • Strong partnerships with leading application vendors • Microsoft, Oracle, SAP, etc. • Applications are our core competence • Most of our competitors have first begun to focus on the ADN market within the last couple of months; they are not prepared to make the transition (i.e. Juniper, Citrix, Cisco, etc.) • F5 now has a market leading security solutions strategy • Summary: We own the secure application delivery networking space, so own the SSL VPN!
FirePass Look-ahead Strategy • FirePass will continue to support new features and product support for some time by supporting a separate FirePass and BIG-IP product line • FirePass will maintain product competitiveness by adding further product feature differentiation • FirePass will focus on functionality that can be leveraged by both FirePass and BIG-IP SAM • First release of BIG-IP SAM will support Granular Network Access only. Will adopt FirePass Application access proxy and other features over time
Summary: FirePass Delivers • Key Features • Enterprise-class, High Availability platform • Built-in, load balanced clustering • Visual Policy Editor and 30 Minute install • Supports Windows, Mac, Linux, Solaris and other clients • Built-in Protected Workspace and end-point security • Integrates with existing enterprise infrastructure and applications • Key differentiators • Comprehensive end-point security • Powerful, easy to use management interface • Scalability, Performance and Reliability • Breadth of clients, applications and infrastructure • Competitive Advantage • Best combination of capabilities, usability and security • Lowest Total Cost of Ownership and Highest ROI