1 / 48

F5 Security Products FirePass SSL VPN

F5 Security Products FirePass SSL VPN. Presented by: Product Management . Version 3 Oct. 17, 2008. Presentation Topics. SSL VPN market and Trends FirePass SSL VPN Base Functional Overview. Features and Benefits – Reflects release 6.0.2 Release 6.0.3 – Sept. 08

thetis
Download Presentation

F5 Security Products FirePass SSL VPN

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. F5 Security ProductsFirePass SSL VPN Presented by: Product Management Version 3 Oct. 17, 2008

  2. Presentation Topics • SSL VPN market and Trends • FirePass SSL VPN Base Functional Overview. • Features and Benefits – Reflects release 6.0.2 • Release 6.0.3 – Sept. 08 • FirePass Look-ahead Strategy • Selling our solution • Resource help • Summary

  3. Microsoft Exchange Server At Home On the Road The Leader in Application Delivery Networking Remote Users Datacenter Application Delivery Network FirePass Browser

  4. TheInfoPro Wave 3 Survey – Spring 2007 • TheInfopro interview with all 133 Fortune 1000 and midsize enterprise customers • Top Concerns: • Network security continues to top the list of areas of concern, along with managing growth while keeping costs under control, managing network performance under demanding conditions, including addressing the issue of aging hardware

  5. SSL VPN Market • Source: Gartner Dataquest (April 2007)

  6. SSL World Wide Revenue 2005-2010 From Gartner®SSL VPN Vendor Revenue Forecast Published 7/06

  7. Market Trends • Enterprise • Anytime/Anywhere Access • Continuous Business Operations • Lower Costs • IT Staff • Overworked • Expanding Security Needs Squeezed • Users • Reliable and Easy to use • Support for non-Windows machines • More than just webmail

  8. Market Trends SSL VPN is becoming the mainstream technology of choice for remote access. Key trends and drivers for the SSL VPN market and the potential impacts are:

  9. Application Delivery Network Security is a key technology and Solution component of ADN International Data Center Users Applications Big-IP Secure Access Acceleration WAN- optimization Web – Acceleration Storage Virtualization Acopia Local Traffic Manager Global Traffic Manager Link Controller FirePass SSL VPN ASM - Web App Firewall TMOS iControl/ iRules Enterprise Manager

  10. Key FirePass Features • Access Control • Authentication • Authorization • Endpoint Security • Audit • Application Access Modes ( Connectivity Options ) • Network Access • Application Access • Portal Access • Visual Policy Management • Clustering & Failover • Platforms – SMB to large enterprises

  11. FirePass 6.0.3 Key Feature Summary (Released September 2008) • Support for FullArmor Group Policy Anywhere functions • Protected Workspace enhancements • Java bases AppTunnels and terminal services • FirePass Reverse Proxy enhancements • Windows Vista SP1 and Windows XP 3 support • MAC Intel client 10.5 support and enhancements • Standalone client enhancements • Product serviceability, guide, and online help improvements

  12. User Authentication with Master Groups • Wide range of Authentication • Active Directory • LDAP • RADIUS • Client Certificates • 2-Factor Auth (RSA SecurID and others) • HTTP Forms based and Basic Auth • Authentication based on Group • For e.g., 2-Factor auth for employees, RADIUS auth for partners

  13. FirePass Features & Functions • Resource Alias – Automated update of access policies based on resource • Resource Groups – Drastically reduces changes to individual access policies new resources are added/modified • Enterprise Integration – Integration with AD, RADIUS, LDAP, Citrix MetaFrame etc. Business Benefit: Multiple User Groups Multiple Resources Corporate Resource Group • Simplification by reducing configuration changes Automated policy updates via Instant Access Policy Provisioning Adaptable to new business needs Instantly provision new resources Change resources without having to update individual access policies Microsoft Exchange HR Application • Intranet Employee Group • • Sales Resource Group • Sales Dept Group Simplified Access Policy Management using Resource Groups

  14. Strong Endpoint Security • Client Integrity Checking • – Checks for AV/FW software, OS patch etc. • Protected (Secure) Workspace • – Prevent accidental file leakage • Cache Cleaner • – Clear temp. files, browser cache • Device level authentication • – Machine certificates • – Well known process • – Pre-defined registry entry

  15. Access Modes • Portal Access • Access to Web applications & portals via FirePass Reverse Proxy • Web based access to email, windows files • Any browser based client device including mobile devices • Application Access • Access to specific client/server applications (hosts, ports) • Application level audit and access control • Windows 2000/XP/Vista clients • Network Access • Support for ANY TCP/UDP network applications • Full layer 3 network access (IPSec equivalent) • Broad client support Windows, Mac, Linux, PocketPC & SmartPhone

  16. Browser Network Access Microsoft Exchange Server FirePass® Network AccessExtend Corporate Network to Employees from Corporate Device Benefits: Corporate Network Corporate Laptop FirePass® SSL VPN Tunnel • • Increased productivity • Reduced operational costs • Client support • Windows Vista, XP, 2000 • Windows Mobile 5 & 6 • (Pocket PC & Smartphone) • Linux • Mac (incl. Intel based Mac) • Application access • Any Internet connection • Any IP-based application • Optimization • Enterprise integration • Automated deployment • Centralized policies • VLAN Support

  17. Full Network Quarantine Network Please update your machine! FirePass® Network AccessEndpoint Security Features Benefits: FirePass® • • Strong Security • Protection against attacks • Quarantine policy support • Ensure policy compliance • Automatic direction to quarantine • Deep integrity check • Specific antivirus / FW checks • Registry, client cert, file checks • Windows OS patch levels

  18. • Terminal Servers • Legacy Hosts • Citrix • Client/Server Applications Browser Application Access Application AccessSecure Extranet or Employee Access Benefits: Corporate Network Partner PC FirePass® SSL VPN Tunnel • • Strong Security • Application-level auditing Client support– Standard web browsers– Java/ActiveX capable Restricted access – Defined applications – No network connection Detailed logging – Session details – Specific applications

  19. Flexible Integration Options Session Reliability Support Terminal Services Static AppTunnels Portal Access Citrix DeploymentGuide on f5.com Citrix Application Interoperability Citrix Seamless Windows Support

  20. • Web • Email • File Servers Browser Portal Access Portal AccessSecure Ubiquitous Access from Any Web-Enabled Device Benefits: Corporate Network Kiosk/Home PC FirePass® SSL • • Improved productivity • Reduced operational costs • Application Ready Access • OWA 2007, SharePoint 2007, Oracle, SAP Portal, Peoplesoft HR Portal etc. • Wide range of web app content • Directory integration • Automated group mapping • SSO integration • Client support • Any web-enabled device • SSL security

  21. Web Application Interoperability Web Server Client FirePass Reverse Proxy • Next generation reverse proxy • New and improved HTML and JavaScript Parsing Engines • Application Ready Access • Outlook Web Access (OWA) 2007 • SharePoint 2007 • iNotes 7.0 • Oracle Portal (3.1) to 10g • PeopleSoft HR Portal 8.1 • SAP Portal • .. • Emerging Web 2.0 Content Support • HTML, Javascript, Java, Flash, AJAX Internet

  22. Desktop / Laptop Client OS Support • XP 64 bit • Client/Server Apps • Web based Apps • Web based Files • Intel Macs • Client/Server Apps • Web based Apps • Web based Files • Vista 64 bit • Client/Server Apps • Web based Apps • Web based Files

  23. MS SharePoint & OWA 2007 Application Delivery • Security • Firepass Reverse Proxy • Granular Access Policy • Performance • Web Acceleration • Local Traffic Management • Availability • Access from any device • Global Load Balancing

  24. • Web • Email • File Servers Cache/Temp File Cleanup Protected Workspace Content Inspection Engine Portal Access Portal AccessPolicy-based security controls Corporate Network Benefits: Kiosk/Home PC FirePass® SSL • • Enhanced Security Content Inspection– Block inappropriate traffic– Integrated virus scanner Public Access Security – Cache cleanup – Protected workspace Reverse proxy – URL obfuscation – Cookie protection – Browser cache control

  25. Improving the User Experience

  26. Enhanced Mobile User Support “Holy cow!!  Forget MobileMe, I now have my entire work calendar on my iPhone so I can manage my work and personal life much better.  It also worked extremely well for mail.” — F5 Beta Tester Feedback

  27. Mobile User Support Application ready Access Authorized Applications Mobile user Visual Policy Editor Windows Mobile 5 & 6 Support Portal Access End-Point Secure Access Policy Management - - Firewall FirePass® Internet Specific Application Access SSL VPN + Tunnel + Standard (Safari) Browser iPhone support Network Access Intranet

  28. Visual Policy Editor • Simplified policy management • Point and click interface to easily define end-point access policies • Single point of management for FirePass clusters

  29. Visual Policy Editor Graphically associates a policy relationship between end-points, users and resources

  30. Group Policy for Remote & Mobile Users Extend Group Policy to non-Domain endpoints. Protects against loss of sensitive data. Regulatory concerns? Comply with HIPAA, PCI & GLBA. Integrated with Visual Policy Editor for easy deployment.

  31. Pre-defined templates for common policies Custom template upload option Group Policy Creation

  32. Customization

  33. Scalability Supports up to 2,000 concurrent users per device Support up to 20,000 users per cluster Availability Out of the box clustering (no 3rd party products required) Built in load-balancing Optimized integration with F5 traffic management products Redundant Hardware and Software Options Available “The reliability is very good. The FirePass boxes have been running flawlessly for about a year now” - Salvatore Ranazzisi, Global Network Architect, Organon Pharmaceuticals “FirePass failover capabilityis excellent. ” - Joseph Girodo, Group Manager, Sports Authority FirePass Provides Enterprise Class Scale and Availability

  34. Best in Class SSL VPN The FirePass 4100 is the best remote access solution we've seen to date. It trumps other SSL VPN offerings with its ease of use, industrial strength hardware platform and advanced security features for unmanaged endpoint devices, one of the biggest risks emerging in this space. --George Wrenn - editor, Information Security Magazine  Lowest Cost of Ownership Established Market Leadership Best in Class Features & Performance • Broad Infrastructure Support • Any Client / Application • 3rd Party Infrastructure • - Active Directory, LDAP, etc Reader Trust • Security • Broad End Point Security • - Anti virus, Firewall, OS, File Checks • Granular Access Policies Product cited in Best IPSec/SSL VPN category of Reader Trust Awards 2007 • Lowest Cost Pricing Structure • Most features included with core price • Flat fee failover device • Productivity • Secure Remote Access • - Any Time, Any Place • - Any Application • - Any Device Network World Network World 2006 ‘Best of Tests’ Finalist Award • Easy Maintenance & Deployment • Award-winning GUI • Visual Based Policy Editor • Home page and GUI localization Frost & Sullivan Frost & Sullivan Award for Market Penetration Leadership Award • Scalability • Up to 2,000 conc. users • Up to 20,000 conc. user clustering • Scale with LTM Integration October 2007 EAL-2 ADV_SDM ALC_FLR.1

  35. FirePass Clustering • Cluster Nodes can be located anywhere • Policy, Resource, Access information is distributed • Logs are centralized • IP config is not distributed • IP, DNS, Routes are local to cluster • For example, the same RADIUS server can be defined identically but will resolve differently US Cluster master EMEA APAC

  36. FirePass platform selection guide *Pricing is same on 4100 and 4300 for 1000 conc. users and above

  37. FirePass Product Range Medium to Large Enterprise Small to Medium Enterprise FirePass 4300 Series FirePass 1200 Series FirePass 4100 Series Entry level server designed for the small to medium enterprise; supports from 10 to 100 concurrent users Designed for the medium to large enterprise; supports up to 2000 concurrent users per server Designed for the medium size enterprise; recommended up to 500 concurrent users per server • 2U rack-mount server • 2 Dual core CPU • Cluster expandable to 10 • nodes – 1 master node and 9 • slave nodes • Recommended concurrent user • add-ons: • up to 2000 concurrent • users per node, 20,000 max • in a cluster • Host adapter • Hardware factory options • SSL Card • FIPS SSL Card • Additional memory • 2U rack-mount server • 2 Single core CPU • Cluster expandable to 10 • nodes – 1 master node • and 9 slave nodes • Recommended concurrent user add-ons: • up to 500 concurrent • users per node, 20,000 max • in a cluster • Host Adapter • Hardware factory options • SSL Card • FIPS SSL card • Additional memory • 1U rack-mount server • Single core CPU • Non-expandable • 10 – 100 concurrent users • Host adapter • Mobile adapter

  38. FirePass Customers • Large enterprises, small/medium enterprises (SME) • Service providers (Carriers & MSP) • Government organizations • Multiple industries • Reference Success Stories on F5.com

  39. Key Discovery Questions • Who are the remote users (employees/partners/suppliers etc.) ? • What applications do your users need to access securely ? • What client devices/OS do you allow on your network ? • How many concurrent users require secure access ? • How do you enforce your endpoint security policy ? • How are your users authenticated ?

  40. Who are the FirePass Competitors? • Juniper • Secure Access (SA) Platform • Citrix • NetScaler • Cisco • ASA • Aventail • EX Series • Others • Microsoft Internet Access Gateway, NeoAccel, Nortel, Array, and many more….

  41. Key Differentiators Best Endpoint Security Solution Protected Workspace and Cache Cleaner OS and AV inspection Group Policy Templates Broader Client & Application Interoperability Windows, iMac and Linux iPhone and WinMobile Devices Browser based and standalone client software Simplified Management and Deployment Visual Policy Editor Integration with BIG-IP GTM

  42. Resource Help • PMM/TMM • Peter Silva – TMM • Andy Oehler - PM • Jonathan George - PMM • Product Management Engineers • Technical Team working with Product Management • Keith R. FirePass, MSM, EM • Brian T. WanJet, Web Accelerator • Dan G. ASM, LTM • Nat T. New Technology Research • Mike L. LTM, GTM, Everything Else • Resources: • *CAT (Outlook): Searchable Archives! • Mainstreet Site (Competitive Repository Goldmine) • http://mainstreet/sites/sales/competitive/ • “Engaging the CAT team” PDF • “Monthly” Newsletter

  43. Resource Help • F5.com - Product • http://f5.com/products/firePass • F5.Com White Papers • http://f5.com/solution-center/white-papers • Edge Site being refreshed – complete by Feb 7th • Sales/customer presentations • Collateral • White Papers • Deployment Guide

  44. What Can I Do To Expand FirePass Market Share? Theme: Market Leading Remote Secure Access Strategy - New releases in April will make us a True market leader in: Unified Access • Start talking about it • Get a “buzz” going today for sales tomorrow • Leverage existing customers; many still don’t know we have a remote access security solution • It is old news for us, but the majority of folks are still not educated on the advantages of SSL VPN and/or FirePass in particular • Know the product, and have confidence in it • Customers can smell fear and uncertainty; Juniper excels at creating both • The product is only as saleable as the people selling it • Leverage the F5 name • F5 is synonymous with success!

  45. F5 Strengths • F5 is the Application Delivery Networking Leader! • BIG-IP dominates all the markets where it participates • TMOS platform is revolutionary approach that no one else can offer • Strong partnerships with leading application vendors • Microsoft, Oracle, SAP, etc. • Applications are our core competence • Most of our competitors have first begun to focus on the ADN market within the last couple of months; they are not prepared to make the transition (i.e. Juniper, Citrix, Cisco, etc.) • F5 now has a market leading security solutions strategy • Summary: We own the secure application delivery networking space, so own the SSL VPN!

  46. FirePass Look-ahead Strategy • FirePass will continue to support new features and product support for some time by supporting a separate FirePass and BIG-IP product line • FirePass will maintain product competitiveness by adding further product feature differentiation • FirePass will focus on functionality that can be leveraged by both FirePass and BIG-IP SAM • First release of BIG-IP SAM will support Granular Network Access only. Will adopt FirePass Application access proxy and other features over time

  47. Summary: FirePass Delivers • Key Features • Enterprise-class, High Availability platform • Built-in, load balanced clustering • Visual Policy Editor and 30 Minute install • Supports Windows, Mac, Linux, Solaris and other clients • Built-in Protected Workspace and end-point security • Integrates with existing enterprise infrastructure and applications • Key differentiators • Comprehensive end-point security • Powerful, easy to use management interface • Scalability, Performance and Reliability • Breadth of clients, applications and infrastructure • Competitive Advantage • Best combination of capabilities, usability and security • Lowest Total Cost of Ownership and Highest ROI

More Related