increase productivity with flexible, secure remote access existing network infrastructure, identity...
Post on 07-May-2019
218 Views
Preview:
TRANSCRIPT
F5 BIG-IPLocalTraffic
Manager
F5 BIG-IPLocalTraffic
Manager
F5 BIG-IPLocalTraffic
Manager
F5 BIG-IPLocalTraffic
Manager
Server
What’s Inside:
2 ImprovedUserExperience
3 NetworkAccess
5 ApplicationAccess— SecureAccesstoSpecific Applications
6 PortalAccess—Proxy-Based AccesstoWebApplications, Files,andEmail
8 PortalAccess— ComprehensiveSecurity
9 DynamicPolicyEngine— TotalAdministrativeControl
11 Customization
12 iControlSSLVPNClient APIforSecureApplication Access
12 FirePassProductDetails
14 FirePassSpecifications
16 MoreInformation
DATASHEET
Key Benefits:
Increase worker productivity Providefastandsecure,alwaysconnectedremoteaccessfromanylocation,fromanydevice.
Gain ultimate flexibility Quicklyandeasilydeployavirtualappliancetoaddremoteaccessfunctionalitytoyourexistingvirtualinfrastructure.
Decrease costs Reducedeploymentandsupportcostswitheasymanagement,simpledeployment,andsecureapplicationaccess.
Increase security Delivergranularaccesscontroltointranetresourcesonagroupbasis,enhancingsecurity.
Reduce risk with endpoint security Verifytheuserquicklyandeasilywithendpointsecuritytovalidatecompliancewithcorporatepolicy.
IncreaseProductivitywithFlexible,SecureRemoteAccessAsmoremobileandremoteworkersuseanincreasingnumberofdifferentdevicestoaccesscorporateapplicationsanddatafrommanylocations,yourbusinessbenefitsfrommoreflexibleandproductiveusers.Butsecuringapplications,data,thenetwork,andclientdevicesfromunauthorizedaccessandattackscanquicklyaddmanagementcomplexityandcost.
TheFirePass®SSLVPNapplianceandVirtualEdition(VE)providesecureremoteaccesstoenterpriseapplicationsanddataforusersoveranydeviceornetwork.FirePassensureseasyaccesstoapplicationsbydeliveringoutstandingperformance,scalability,availability,policymanagement,andendpointsecurity.Theresultisunifiedsecurityenforcementandaccesscontrolthatincreasestheagilityandproductivityofyourworkforce.
FirePassSSLVPN
DATASHEET FirePass SSL VPN
2
Improved User Experience
FirePasshelpsensureuserproductivitybyminimizingthetimeandeffortrequiredtogainaccesstoauthorizedfilesandapplications.
“Always connected” remote access
Someaccessclientsneedconstantreconnectionthroughoutthedayasusersmovelocationsorrestartapplications.TheBIG-IP®EdgeClient™solutionisastate-of-the-art,integratedclientthatprovideslocationawarenessandzonedeterminationtodeliveraremoteaccesssolutionunlikeanyother.Cutting-edgeroaming,domaindetection,andautomaticconnectioncreateaseamlesstransitionasusersmovebetweenlocations.BIG-IPEdgeClienthelpsensurecontinueduserproductivitywhethertheuserisathomeonawirelessnetwork,usinganaircardintransit,givingapresentationfromcorporatewireless,inacaféonguestwireless,ordockedonaLANconnection.BIG-IPEdgeClientissupportedinFirePass6.1and 7.0.
BIG-IP Edge Client
BIG-IP Edge Client
At home (wireless)
Always connected application access
In the office (docked LAN connection)
In the café(wireless)
Presenting (corporate wireless)
Commuting(air card)
BIG-IP Edge Client
BIG-IP Edge Client
BIG-IP Edge Client BIG-IP
Edge Client
Seamless VPN access
WhentheuserfirstenterscredentialsaspartoftheWindowslogonprocess,BIG-IPEdgeClientcachesthemandthenautomaticallytriestheminthefirstattempttologontotheVPN.Thisstreamlinestheuserexperiencetohelpimproveproductivity.
BIG-IP Edge Client uses cutting edge roaming, domain detection, and automatic connection to deliver a seamless transition between locations.
DATASHEET FirePass SSL VPN
3
Network Access
FirePassprovidesLAN-typenetworkaccessconnectivityforallapplicationsbysupportingexistingnetworkinfrastructure,identitymanagementsystems,andclient-serveroperatingsystems.
FirePass Network Access for Microsoft Windows (Windows 7, Vista, XP), Mac, and Linux Systems
•EliminatestheneedforspecialadministrativeprivilegesforFirePassclientcomponentupdateswithWindowsInstallerService,loweringmanagementcosts.
•ProvidessecureremoteaccesstotheentirenetworkforallIP-based(TCP,UDP)applications.
•Includesstandardfeaturesacrossalldesktopandlaptopplatforms,aswellassplittunneling,compression,activity-basedtimeouts,andautomaticapplicationlaunching.
•Providesremoteaccess—unlikeIPSecVPNs—withoutrequiringpreinstalledclientsoftwareandconfigurationoftheremotedevice.Client-orserver-sideapplicationchangesarenotrequired.
•Enablesadministratorstorestrictandprotectresourcesaccessiblethroughtheconnectorbyinstitutingrulesthatlimitaccesstoaspecificnetworkorport.
•UsesthestandardHTTPSprotocolwithSSLasthetransport,sothedeviceworksthroughallHTTPproxiesincludingpublicaccesspoints,privateLANs,andovernetworksandISPsthatdon’tsupportIPSecVPNs.
•UtilizesGZIPcompressiontocompresstrafficbeforeitisencrypted,reducingtheamountoftrafficthatissentacrosstheInternetandimprovingperformance.
•SupportsthelatestOSsandBrowsers—FirePass7.0supports32-bitversionsof:Windows 7,Vista,andXP;MacOSXLeopardandSnowLeopard;InternetExplorer6,7,and8;Firefox3.x;andSafari4.Itsupports64-bitversionsof:Windows7,Vista,andXP;Linux(contactF5orResellerforlist),InternetExplorer7(exceptWin7)and8;andFirefox3.0.TalktoanF5salesrepresentativeorresellertoreviewcompatibilityforyourenvironment.
Client Security
•SafeSplitTunneling—Toprotectagainstback-doorattackswhenaccessingthenetworkwithsplittunneling,FirePassprovidesadynamicfirewallthatprotectsWindows,Mac,andLinuxuserswhenusingthefullnetworkaccessfeature.Thispreventshackersfromroutingthroughtheclienttothecorporatenetworkorusersfrominadvertentlysendingtraffictothepublicnetwork.
•EndpointClientChecking—FirePassincreasessecuritybydetectingthepresenceofrequiredprocesses(forexample,virusscans,anti-malware,personalfirewalls,OSpatchlevels,registrysettings,andmore)andtheabsenceofotherprocesses(forexample,keylogger)ontheMac,LinuxorWindowsclientbeforeenablingfullnetworkaccess.
•HardwareEndpointInspectors—FirePassinspectsclientmachinefeaturessuchMACaddress,CPUID,andHDDIDtoidentifyremotedevices.FirePassauthorizesmachineswithoutthecomplexityofdeployingmachinecertificates.
DATASHEET FirePass SSL VPN
4
Windows Network Access Features
•StandaloneWindowsClient—FirePassestablishesanetworkconnectionafterenteringusercredentials.SoftwarecanbeautomaticallydistributedtotheclientusingMicrosoft’sMSIinstallertechnology.
•WindowsLogon/GINAIntegration—Enablesimplied,transparentuserlogontothecorporatenetworkbyintegratingwiththeGINA(“Ctrl+Alt+Del”prompt)logonprocess.
•StandaloneVPNClientCLI—Command-lineinterfacesupportofferssinglesign-onsupportthroughintegrationwiththird-partyapplications(suchasremotedialersoftware).
•WindowsVPNDialer—Providesasimplifieduserexperienceforthosemorecomfortablewiththedialupinterface.
•AutomaticDriveMapping—Networkdrivescanbeautomaticallymappedtoauser’sWindowsPC.
•StaticIPSupport—AssignsastaticIPbasedontheuserwhentheuserestablishesanetworkaccessVPNconnection,loweringadministrativesupportcosts.
•TransparentNetworkAccess—Eliminatesnetworkaccessbrowserwindowpop-upsandpreventsusersfromaccidentallyterminatingtheconnection.
Mobile Device Support
•EnablessecureapplicationaccessfromWindowsMobileandsmartphones.
•Providesaccesstobothclient/server-andweb-basedapplications.
FirePass policies enable secure application access to a full set of corporate services, including kiosks, mobile devices, or laptops.
Intranet Email
C/S ApplicationFull Network
Corporate Services
Kiosk Mobile Device Laptop
Kiosk PolicyCache/Temp File
Cleaner
Mini BrowserPolicy
Corporate PolicyFirewall/Virus
Check
FirePass SSL VPN Value Proposition• Browser-based ubiquitous access• Lower support and management costs• Endpoint security• Granular access control• Group policy enforcement
Terminal Servers Files
DATASHEET FirePass SSL VPN
5
Application Access—Secure Access to Specific Applications
FirePassenablesadministratorstograntcertainusers—forexample,businesspartnersusingequipmentnotmaintainedbythecompany—accesstospecificextranetapplicationsandsites.FirePassprotectsnetworkresourcesbyonlypermittingaccesstoapplicationsthatareclearedbythesystemadministrator.
Specific Client/Server Application Access
•Enablesanativeclient-sideapplicationtocommunicatebacktocertaincorporateapplicationserversviaasecureconnectionbetweenthebrowserandtheFirePassdevice.
•Requiresnopre-installationorconfiguringofanysoftware.
•Involvesnoadditionalnetwork-sidesoftwaretoaccesstheapplicationservers.
•Accessesapplicationsviastandardprotocols:HTTPandSSL/TLS.ItworkswithallHTTPproxies,accesspoints,andprivateLANs,andovernetworksandISPsthatdonotsupporttraditionalIPSecVPNs.
•IncludessupportedapplicationssuchasOutlooktoExchangeClusters,PassiveFTP,CitrixNfuse,andnetworkdrivemapping.
•SupportscustomCRMapplicationsaswellasapplicationsthatusestaticTCPports.
•Supportsauto-logintoAppTunnels,Citrix,andWTSapplicationstosimplifytheuserexperience.
•IntegrateswithCitrixSmartAccesstodeliverendpointinspectionresultstoCitrixapplicationsandsendSmartAccessfilterstoXenAppbasedontheresultsofendpointscans.
•Supportstheauto-launchofclient-sideapplicationstosimplifyuserexperienceandlowersupportcosts.
•Enableslock-downJava-basedapplicationtunnelsfornon-WindowsandWindowssystemstopreventtheexecutionofActiveXcontrols.
•OfferscompleteDHCPsupportforclientsusingnetworkaccess,automatingIPaddressassignmentanddynamicDNSregistrationofaddresses.DHCPsupportprovideseasiermulti-unitdeploymentswhileremote-accessIPaddressrangecanoverlapwithinternalLAN.
•DeliverssupportforMicrosoftCommunicatorviaPortalAccess,enhancingVoIPcommunications.
•Offersuniquesupportforthecompressionofclient/serverapplicationtrafficovertheWAN,enhancingperformance.
Terminal Server Access
•Providessecureweb-basedaccesstoMicrosoftTerminalServers,CitrixMetaFrameapplications,WindowsXPRemoteDesktops,andVNCservers.
•ProvidesTerminalServicesforVMwareViewwebclienttoenableuseraccessfromvirtualdesktops.
•Supportsgroupaccessoptions,userauthentication,andautomaticlog-oncapabilitiesforauthorizedusers.
•SupportsautomaticdownloadingandinstallationofthecorrectTerminalServicesorCitrixremoteplatformclientcomponent,ifnotcurrentlyinstalledontheremotedevice,savingtime.
DATASHEET FirePass SSL VPN
6
•SupportsremoteaccesstoXPdesktopsforremotetroubleshootingusingRDPandnon-XPdesktopswiththebuilt-inVNCfeature.
•ProvidesJava-basedTerminalServicessupportforCitrixandMicrosoft.
Dynamic App Tunnels
•Providesmaximumsupportforaccessingawidevarietyofclient/server-andweb-basedapplications.
•OffersabetteralternativetoreverseproxiesforaccessingapplicationsfromWindowsclientdevices.
•Eliminatestheneedforwebapplicationcontentinteroperabilitytesting.
•Requiresonly“poweruser”privilegesforinstallationandnospecialprivilegesforexecution.
•Providesaddedsupportforauto-launchingwebapplicationtunnels,simplifyingtheuserexperience.
Host Access
•Enablessecureweb-basedaccesstolegacyVT100,VT320,Telnet,X-Term,andIBM3270/5250applications.
•Requiresnomodificationstotheapplicationsorapplicationservers.
•Eliminatestheneedforthird-partyhostaccesssoftware,reducingtotalcostof ownership(TCO).
Portal Access—Proxy-Based Access to Web Applications, Files, and Email
FirePassPortalAccesscapabilityworksonanyclientOSwithabrowser:Windows,Linux,Mac,smartphones,PDAs,andmore.
Web Applications
•Providesaccesstointernalwebservers,includingMicrosoftOutlookWebAccess,LotusiNotes,andMicrosoftSharePointServeraseasilyasfrominsidethecorporateLAN.
•Deliversgranularaccesscontroltointranetresourcesonagrouppolicybasis.Forexample,employeescangainaccesstoallintranetsites;partnerscanberestrictedtoaspecificwebhost.
•DynamicallymapsinternalURLstoexternalURLs,sotheinternalnetworkstructuredoesnotrevealthem.
•ManagesusercookiesattheFirePassdeviceleveltoavoidexposingsensitiveinformation.
•Passesusercredentialstowebhoststosupportautomaticloginandotheruser-specificaccesstoapplications.FirePassalsointegrateswithexistingidentitymanagementservers(forexample,CANetegrity)toenablesinglesign-ontoapplications.
•Proxiesloginrequestsfromwebhoststoavoidhavinguserscachetheirpasswordsonclientbrowsers.
•Enablesorrestrictsaccesstospecificpartsofanapplicationwithgranularaccesscontrollist(ACL)forincreasedsecurityandreducedbusinessrisks.
DATASHEET FirePass SSL VPN
7
•Providessplit-tunnelingsupportforwebapplications,resultinginfasteruserperformancewhenaccessingpublicwebsites.
•Validatesback-endcertificatewithrapidreverse-proxytoquicklyauthenticatetheserver’scertificate.
•Offersdynamicserver-sideandDNScachingforincreasedwebapplication(reverseproxy)performanceandfasterpagedownloadtimes.
•Deliversout-of-the-boxreverseproxysupportforrewritingawidevarietyofJavaScriptcontentinwebpages,savingtime.
•ProvidesJavapatchACLsupporttolimitclient-initiatedconnectionsthroughFirePassusingPortalAccess.
•EnablesNTLMv2supportforaccesstowebapplications.
•DeliversDNSrelayproxyservice,enablingclient-sidenameresolutionwithoutrequiringanyspecialruntimerights(forexample,modificationofhosts).AlsoenablesredirectionofportstomorefullysupportapplicationssuchasOutlookandWindowsdrivemapping.
File Server Access
•Enablesuserstobrowse,upload,download,copy,move,ordeletefilesonshareddirectories.
•Supports:SMBShares;WindowsWorkgroups;NT4.0andWin2000domains;Novell5.1/6.0withNativeFileSystempack;andNFSservers.
Email Access
•Providessecureweb-basedaccesstoPOP/IMAP/SMTPemailserversfromstandardandmobiledevicebrowsers.
•Enablesuserstosendandreceivemessages,downloadattachments,andattachnetworkfilestoemails.
Mobile Device Support
•ProvidessecureaccessfromAppleiPhone,WindowsMobile,PDAs,smartphones,cellphones,WAP,andiModephonestoemailandotherweb-basedapplications.
•DynamicallyformatsemailfromPOP/IMAP/SMTPemailserverstofitthesmallerscreensofmobilephonesandPDAs.
•SupportsthesendingofnetworkfilesasemailattachmentsandtheviewingoftextandWorddocuments.
•SupportsActiveSyncapplications,enablingPDAsynchronizationofemailandcalendaronExchangeServerfromaPDAdevice,withoutrequiringthepre-installedVPNclientcomponent.
DATASHEET FirePass SSL VPN
8
Portal Access—Comprehensive Security
FirePassdeliversmultiplelayersofcontrolforsecuringinformationaccessfrompublicsystems.
Client Security
•ProtectedWorkspace—Usersofthe32-bitversionofWindowsXP/Vista/7orthe64-bitversionofWindowsVista/7canbeautomaticallyswitchedtoaprotectedworkspacefortheirremoteaccesssession.Inaprotectedworkspacemode,theusercannotwritefilestolocationsoutsidetheprotectedworkspace;thetemporaryfoldersandalloftheircontentsaredeletedattheendofthesession.
•CacheCleanup—Thecachecleanupcontrolremoves—andemptiesfromtherecyclebin—thefollowingdatafromtheclientPC:cookies,browserhistory,auto-completeinformation,browsercache,tempfiles,andallActiveXcontrolsinstalledduringtheremoteaccesssession.
•SecureVirtualKeyboard—Foradditionalpasswordsecurity,FirePassoffersthepatent-pendingSecureVirtualKeyboardwhichenablessecurepasswordentryfromthemouseinsteadofthekeyboard.
•DownloadBlocking—Forsystemsunabletoinstalla“cleanup”control,FirePasscanbeconfiguredtoblockallfiledownloadstoavoidtheissueofinadvertentlyleavingbehindtemporaryfiles,yetstillenableaccesstoapplications.
•AutomaticFileVirtualization—Inprotectedworkspacemode,temporaryfilesandregistrysettingsarewrittentoavirtualfilesystemratherthantothelocalmachine.
•EncryptedSavedContent—Alltemporarycontentsavedontheremotesystemisencryptedintheeventthattheprotectedworkspacedoesn’texitnormally,suchasinapowerfailure,renderingthecontentunreadable.
•PortalSupportforPopularMobileClients—FirePasssupportsportalaccesswithiPhone,BlackBerry,andOperaMinibrowsers.
Content Inspection and Web Application Security
Forusersaccessingwebapplicationsonthecorporatenetwork,FirePassenhancesapplicationsecurityandpreventsapplication-layerattacks(forexample,cross-sitescripting,invalidcharacters,SQLinjection,bufferoverflow)byscanningwebapplicationaccessforapplicationlayerattacks—thenblockinguseraccesswhenanattackisdetected.
Integrated Virus Protection
FirePasscanscanwebandfileuploadsusingeitheranintegratedscannerorexternalscannerviaICAPAPI.Infectedfilesareblockedatthegatewayandnotallowedontoemailorfileserversonthenetwork,forincreasedprotection.
Flexible Remote Access
FirePassVirtualEdition(VE)makesiteasytoquicklydeployavirtualappliancetoaddSSLVPNfunctionalitytoanexistingvirtualinfrastructure.Thisoffersgreaterflexibilityindisasterrecoveryscenariosorduringasurgeinremoteaccessdemand.VirtualeditionsofFirePassandBIG-IPLocalTrafficManagercanbecombinedtoprovideindustry-leadingapplicationdeliveryandremoteaccessinthesameenvironment.
DATASHEET FirePass SSL VPN
9
Dynamic Policy Engine—Total Administrative Control
TheFirePasspolicyengineenablesadministratorstoeasilymanageuserauthenticationandauthorizationprivileges.
Dynamic Policy-Based Access
Administratorshavequickandgranularcontrolovertheirnetworkresources.Throughpolicymanagementsupport,theycanauthorizeaccesstoapplicationsbasedontheuseranddevice.Administratorscaneasilyimplementexistingpolicieswithimportandexportofpre-logonpolicies.
Visual Policy Editor
TheVisualPolicyEditorcreatesaflow-chartstylegraphicalviewofyouraccesspolicies,givingyoupoint-and-clickeaseinprofilingandmanaginggroups,users,devices,oranycombinationofthethree.Thissimplifiesthedefinitionandmanagementofendpointpolicies,lowersadministrativecosts,andincreasestheabilitytoquicklyensuretheprotectionofcompanyresources.
Physical
Virtual
Internal
External
Employees
Contractors
Customers
Users
ServerBIG-IPLocalTraffic
Manager FirePass
BIG-IPLocalTraffic
Manager FirePass
Server
FirePass
DMZ
FirePass
Firewall
FirePass VE is an easy way to add flexible remote access to your current virtual environment.
DATASHEET FirePass SSL VPN
10
User Authentication
UserscanbeauthenticatedagainstaninternalFirePassdatabase,usingpasswords.FirePasscanalsobeeasilyconfiguredtoworkwithRADIUS,ActiveDirectory,RSA2-Factor,LDAPauthenticationmethods,basicandform-basedHTTPauthentication,identitymanagementservers(forexample,Netegrity),andWindowsdomainservers.WithActiveDirectory,userscanchangecurrentorexpiredpasswordsandreceivewarningswhenpasswordsaresettoexpire.SupportfornestedActiveDirectoryconfigurationsenablestheuseofamorecomplex,hierarchicaldirectorystructure.
Two-Factor Authentication
Manyorganizationsuse“two-factor”authentication(suchastokensorSmartCards)thatrequiremorethanjustauserIDandpassword.FirePasssupportstwo-factorauthenticationincludingRSASecurID®NativeACEauthentication.
Challenge Response Test
AdministratorscanimplementCAPTCHA,aneasychallengeresponsetestforhumansthatprotectstheorganizationfromDoSandscript-basedbruteforceattacks.
Client-side and Machine Certificates/PKI Support
FirePassintegratesseamlesslywiththeexistingPKIinfrastructureandenablestheadministratortorestrictorpermitaccessbasedonthedevicebeingusedtoaccessFirePass.FirePasscancheckforthepresenceofaclient-sidedigitalcertificateorWindowsmachinecertificateduringuserlogin.Basedonthepresenceofavalidcertificate,FirePasscansupportaccesstoabroaderrangeofapplications.FirePasscanalsouseclient-sideormachinecertificatesasaformoftwo-factorauthenticationandprohibitallnetworkaccessforuserswithoutavalidcertificate.
Group Management
Accessprivilegescanbegrantedtoindividualsortogroupsofusers(forexample:sales,partners,orIT).ThisenablesFirePasstorestrictindividualsandgroupstoparticularresources.
Group Policy Enforcement
Grouppolicyprovidesanexclusivemechanismtoapplyandenforcepoliciesonclientsystemsnotpartofthenetworkdomain.YoucanusetheVisualPolicyEditortodesigngrouppolicies,intheformoftemplates,thatrestrictuserauthorityandaccesswhileenforcingcompliancewithPCI,HIPAA,andGLBA.(Note:GroupPolicyObjectsareonlyavailableonActiveDirectory.)
The Visual Policy Editor makes it easy to create access policies.
CAPTCHA protects against DoS and script-based brute force attacks.
DATASHEET FirePass SSL VPN
11
Dynamic Group Mapping
FirePassdynamicallymapsuserstoFirePassgroupsusingvariousdynamicgroupmappingmechanismssuchasActiveDirectory,RADIUS,LDAP,clientcertificates,landingURI,andvirtualhostnameaswellaspre-logonsessionvariables.
Single Sign-On (SSO) Support
SSOconfigurationusesauthenticationsessionvariablestoextractSSOinformationfromcertificatesandauthenticationinformationfromusernameandpasswordsettings.AdvancedsessionvariableshelpsystemadministratorsextendandcustomizeFirePass,enablingthemtomanipulateandcreatenewsessionvariablesforcustomdeployments.TheyalsocancollectandcaptureRADIUSattributesplusLDAP,ActiveDirectory,andcertificatefieldvalues.
Session Timeouts and Limits
Administratorscanconfigureinactivityandsessiontimeoutstoprotectagainstahackerattemptingtotakeoverasessionfromauserwhoforgetstologoffatakiosk.
Role-Based Administration
Organizationshavetheflexibilitytoprovidesomeadministrativefunctions(enrollingnewusers,terminatingsessions,re-settingpasswords)tosomeadministrator-users,withoutexposingallfunctionstothem(forexample,shuttingdowntheserverordeletingacertificate).
Logging and Reporting
FirePassdeliversbuilt-inloggingsupportforlogginguser,administrator,session,application,andsystemevents.Additionally,FirePassprovideslogsinsiloformatforintegrationwithanexternalsyslogserver.Theadministrationconsoleoffersawiderangeofauditreportstohelpcomplywithsecurityaudits.Summaryreportsaggregateusagebydayoftheweek,timeofday,accessingOS,featuresused,websitesaccessed,sessionduration,sessionterminationtype,andotherinformationforauser-specifiedtimeinterval.AsingleURLisusedtoretrievesummary/groupreportsineitherHTMLorspreadsheetformat.
Customization
FirePassprovidesadvancedcustomizationfeatures,enablingtheadministratortodesignauniqueGUIorexistingcorporatewebsiteportaltobestreflectcorporateanduserrequirements.
Localized User GUI
FirePassenablesallfieldsontheuserwebpagetobelocalized,includingthenamesofthefeature(forexample,webapplications).Thishelpscompanieslocalizetheuser’sGUI,notjustuserfavorites—increasingbusinessvalueandloweringTCO.
Complete Login and Webtop Customization
WithFirePass,administratorscancompletelycustomizeanentireloginandwebtopwebpagetobestsuittheirexistingcorporatewebsiteportals.AdministratorscanuseWebDAVcapabilitiestouploadcustompages,foranenhanceduserexperience.
DATASHEET FirePass SSL VPN
12
iControl SSL VPN Client API for Secure Application Access
AstheonlySSLVPNproductwithanopenclientAPIandSDK,FirePassenablesautomated,secureaccessfromtheWin32clientOS(XP,Vista,7)byprovidingsecuresystem-to-systemorapplication-to-applicationcommunication.ApplicationscanautomaticallystartandstopnetworkconnectionstransparentlywithoutrequiringuserstologintotheVPN.Thisenablesfaster,easierconnectionsforuserswhilereducingclientapplicationinstallationcosts.
FirePass Product Details
TherangeofFirePassappliancesandVirtualEditionaddresstheconcurrentuseraccessneedsofsmalltolargeenterprises.
FirePass 1200
TheFirePass1200deviceisdesignedforsmalltomediumenterprisesandbranchoffices,andsupportsfrom10to100concurrentusers.
FirePass 4100
TheFirePass4100controllerisdesignedformedium-sizeenterprisesand,fromaprice/performancestandpoint,isrecommendedforupto500concurrentusers.
FirePass 4300
TheFirePass4300applianceisdesignedformediumtolargeenterprisesandserviceprovidersandsupportsupto2000concurrentusers.
FirePass Virtual Edition
FirePassVirtualEditionrunsinaVMwareESX4.0virtualenvironmentandisdesignedformediumtolargeenterprisesandserviceproviderssupportingupto2000concurrentusers.
Clustering
TheFirePass4100and4300appliancesandVirtualEditionhavebuilt-inclusteringsupport.TheycanbecombinedwithF5BIG-IP®GlobalTrafficManager™andBIG-IP®LocalTrafficManager™toprovideindustry-leadingscalability,performance,andavailability.
Failover
FirePassappliancesandVirtualEditioncanalsobeconfiguredforstatefulfailoverbetweenpairsofservers(anactiveserverandastandbyserver)toavoidhavingtore-logontoanotherFirePassdeviceorVirtualEditionintheunlikelyeventofaprimaryunitfailure.
SSL Accelerator Hardware Option
FirePass4100offersauniqueHardwareSSLAccelerationoptiontooffloadtheSSLkeyexchangeaswellastheencryptionanddecryptionofSSLtraffic.Thisenablessignificantperformancegainsinlargeenterpriseenvironmentsforprocessor-intensivecipherssuchas3DESandAES.
DATASHEET FirePass SSL VPN
13
FIPS SSL Accelerator Hardware Option
FirePassisFIPScompliant*tomeetthestrongsecurityneedsofgovernment,finance,healthcare,andothersecurity-consciousorganizations.FirePass4100and4300devicesoffersupportforFIPS140Level-2enabledtamper-proofstorageofSSLkeys,aswellasFIPS-certifiedciphersupportforencryptinganddecryptingSSLtrafficinhardware.FIPSSSLAcceleratorisavailableasafactoryinstalloptiontothebase4100and4300platform.
*FIPS140-2meetsthesecuritycriteriaofCESG(UK’sNationalTechnicalAuthorityForInformationAssurance)foruseinprivatedatatraffic.
14
DATASHEET FirePass SSL VPN
Virtual Specifications
Recommended Conc. Users: Up to 2000*
Clustering Support: Yes – up to 10 virtual appliances
*Note:Actualperformancevariesdependingonhardwareplatform,resourcesavailable,andconfiguration.
CustomerisresponsibleforperformancetestingandscalingofFirePassVirtualEdition.
Host System Requirements
It is highly recommended that the host system contain CPUs based on AMD-V or Intel-VT technology.
Hypervisor:
VMware ESX 4.0 or ESXi 4.0
VMware vSphere Client
VMware virtual hardware version 7
Processor:
1 CPU
(4 CPUs or more are recommended for more than 500 concurrent users.)
Memory:
2 GB RAM
(8 GB or more are recommended for more than 500 concurrent users.)
Network Adapters: 3 network interfaces
Disk Space: 30 GB hard drive of thin provisioning
DATASHEET FirePass SSL VPN
FirePass Virtual Edition
FirePass Specifications
TheFirePassapplianceisavailableinthreemodelsandasaVirtualEditiontoaddresstheconcurrentuseraccessneedsofsmalltolargeenterprises.
F5 BIG-IPLocalTraffic
Manager
F5 BIG-IPLocalTraffic
Manager
F5 BIG-IPLocalTraffic
Manager
F5 BIG-IPLocalTraffic
Manager
Server
DATASHEET FirePass SSL VPN
Physical Specifications 4300 4100 1200
Recommended Conc. Users: 2000 500 100
Max. Conc. Users per Appliance : 2000 2000 100
Interfaces: 4 (10/100/1000) LAN ports 4 (10/100/1000) LAN ports 2 (10/100) LAN ports
Dimensions:3.5” H x 17.5” W x 23.5” D 2U industry standard rack mount chassis
3.5” H x 17.5” W x 23.5” D 2U industry standard rack mount chassis
1.7”H x 16.7” W x 11” D 1U industry standard rack mount chassis
Weight: 43 lbs 40 lbs 10 lbs
Processors: Two Opteron 2.2 GHz - dual core Two Opteron 2.0 GHz - single core Intel Celeron 2.0GHz - single core
Power Supply:Dual 475 W 90/240 +/- 10% VAC auto switching
425 W 90/240 +/- 10% VAC auto switching Optional redundant power supply
Single full-range 250 W
Typical Power Consumption: 275 W 275 W 180 W
Maximum Heat Output: 939 BTU/hr 939 BTU/hr 785 BTU/hr
Device Redundancy:Watchdog timer, failsafe cable (primary and secondary)
Watchdog timer, failsafe cable (primary and secondary)
Watchdog timer, failsafe cable (primary and secondary)
Clustering support: Yes – up to 10 appliances Yes – up to 10 appliances No
FIPS SSL Accelerator Card Option: Yes – factory only Yes – factory only No
Hard Drive Capacity: 160 GB 160 GB 40 GB
RAM: 8 GB standard4 GB standard on 4110, 4120, 4130 – factory upgradable to 8 GB (4140 and 4150 8 GB standard)
512 MB
Temperature (operating): 41° F to 104° F (5° C to 40° C) 41° F to 104° F (5° C to 40° C) 41° F to 104° F (5° C to 40° C)
Non-Operating Ambient Temperature Range:
-40° F to 149° F (-40° C to 65° C) Relative humidity 10% to 95% at 40° C non-condensing
-40° F to 149° F (-40° C to 65° C) Relative humidity 10% to 95% at 40° C non-condensing
-40° F to 149° F (-40° C to 65° C) Relative humidity 5% to 85% at 40° C non-condensing
Humidity (relative): 20% to 90% at 40° C 20% to 90% at 40° C 20% to 90% at 40° C
Safety Agency Approval:
UL 60950 (UL 1950-3), CSA-C22.2 No 60950-00 (Bi-national standard with UL 60950 CB test certification to IEC 950, EN 60950
UL 60950 (UL 1950-3), CSA-C22.2 No 60950-00 (Bi-national standard with UL 60950) CB test certification to IEC 950, EN 60950
UL 60950 (UL 1950-3), CSA-C22.2 No 60950-00 (Bi-national standard with UL 60950) CB test certification to IEC 950, EN 60950
Electromagnetic Emissions Certifications:
EN55022 1998 Class A EN55022 1998 Class A FCC Part 15B Class A VCCI Class A
EN55022 1998 Class A EN55022 1998 Class A FCC Part 15B Class A VCCI Class A
EN55022 1998 Class A EN55022 1998 Class A FCC Part 15B Class A VCCI Class A
4300 and 4100 Series 1200 Series
DATASHEET FirePass SSL VPN
F5 Networks, Inc.Corporate Headquartersinfo@f5.com
F5 Networks, Inc. 401 Elliott Avenue West, Seattle, WA 98119 888-882-4447 www.f5.com
F5 NetworksAsia-Pacificapacinfo@f5.com
F5 Networks Ltd.Europe/Middle-East/Africaemeainfo@f5.com
F5 NetworksJapan K.K.f5j-info@f5.com
© 2010 F5 Networks, Inc. All rights reserved. F5, F5 Networks, the F5 logo, BIG-IP, FirePass, iControl, TMOS, and VIPRION are trademarks or registered trademarks of F5 Networks, Inc. in the U.S. and in certain other countries. CS03-00005 0710
16
More Information
VisittheseresourcesonF5.comtolearnmoreaboutFirePass.
White papers
F5 FirePass Endpoint Security
Get to Know GPO
Podcast
Secure Remote Access for Disaster Recovery
Case study
City of Diamond Bar Deploys FirePass
Deployment guides
F5 FirePass controller with BIG-IP LTM and GTM (FirePass v6.x, LTM, and GTM 9.4.2), Deployment Guide
FirePass and VMware View Deployment Guide
top related