advertisement
SECURE REMOTE ACCESS
SonicWALL Secure Remote Access Series for the SMB
Easy-to-use, affordable and clientless secure remote access
n
Seamless integration
behind virtually any
firewall n
Clientless connectivity n
NetExtender technology n
Granular policy
configuration controls n
Personalized Web portal n
Remote support n
Tokenless two-factor
authentication n
Mobile device support n
Application offloading n
Context-sensitive help n
Enhanced layered security
in a SonicWALL
environment
In recent years, there has been an increased dependence on mobile workers. This has prompted a need for providing secure remote access to network resources as well as remote control PC access. SonicWALL® provides a solution that meets the needs of organizations with demanding remote workforce requirements. SonicWALL Secure Remote Access (SRA) solutions are simple to deploy and even easier to use for a fraction of the price of most other products.
Remote access has never been so simple to use. Mobile employees only require a standard browser to log into a portal which provides access to e-mail, files, Web applications and internal Web sites. For even more powerful capabilities such as secure access to any resource on the corporate network including servers and local applications, the appliances transparently push a downloadable thin client (NetExtender) to the user’s desktop or laptop.
Remote support is also easy to implement using SonicWALL Virtual Assist.* It is a clientless tool that enables a technician to assume control of a customer’s computer in order to provide assistance. As a result, service can be provided on-demand while keeping costs low.
Features and Benefits
Seamless integration behind virtually any
firewall enables organizations to leverage the existing network infrastructure.
Clientless connectivity removes the need for a pre-installed VPN client, thus freeing administrators from a tedious and costly task.
NetExtender technology enables network level access to resources, services and applications.
Granular policy configuration controls enable network administrators to create policies that “lock down” a user to specific applications/resources and prevent unauthorized access to them.
A personalized Web portal displays only those resources that are available to the user based on company policy.
Remote support using SonicWALL Virtual Assist* enables technicians to provide secure on-demand assistance to customers while leveraging the existing infrastructure.
Tokenless two-factor authentication provides enhanced protection against key loggers by combining a unique onetime password, generated by the SSL VPN appliance and sent to a remote user’s mobile device or e-mail address, with the user’s network user name and password.
Mobile device support to access an entire intranet as well as Web-based applications provides greater flexibility for a remote workforce.
Application offloading** enables users to access
Web applications securely by leveraging strong authentication and granular access policy features.
Context-sensitive help is provided throughout the administrative interface and end-user portal, increasing management flexibility and ease-of-use.
Enhanced layered security is enabled when deployed alongside a SonicWALL Network Security
Appliance which utilizes powerful deep packet inspection technology to scan traffic for malicious threats such as viruses, worms, Trojans and spyware.
The combined solution is known as SonicWALL Clean VPN.
*Additional license required; only available as a software add-on
module for the SSL-VPN 4000 and SRA 4200
**Available only on the SSL-VPN 4000 and SRA 4200
SonicWALL Secure Remote Access Series for SMB – Any time, anywhere access to resources
Granular Access to Authorized Users
The SonicWALL Secure Remote Access (SRA) Series for small- to medium-sized businesses (SMB) extends secure remote access beyond managed employees to unmanaged remote employees, partners, and customers. A customizable portal enables users to access specific resources via a Web browser as defined by a company’s IT policy.
Employee on Corporate
Laptop in Hotel Files and
Applications
Intranet User
Desktop
Employee on
Home Computer
Tightly Controlled and Managed by
IT Department
Secure remote access that’s easy to deploy, use and won’t break your budget
Awards
(SSL-VPN 200)
Certifications
Employee on
Airport Kiosk
Authorized
Partner
Authorized
Customer
SonicWALL Appliance at Corporate Network
Not Controlled and Managed by
IT Department
Other
Servers and
Applicatons
Citrix Presentation
Servers™ (ICA) and
Microsoft Terminal
Servers
Corporate LAN
Other
Desktops
Broad Access to Resources
SonicWALL SRA solutions for SMB can be used to provide users with access to a broad range of resources.
n
NetExtender enables native access to corporate network applications such as
Microsoft® Outlook n The Virtual Office portal enables Web-based access to intranet (HTTP, HTTPS), file (FTP, CIFS), desktop (Citrix®*, Terminal Server, VNC), and terminal (Telnet, SSH) resources
Simple to Manage
SonicWALL SSL VPN solutions feature an intuitive Web-based management interface which offers context sensitive help to enhance usability. In addition, multiple products can be centrally managed using the SonicWALL Global Management System (GMS v4.0+). Resource access via the products can be effortlessly monitored using the
SonicWALL ViewPoint reporting tool.
(SSL-VPN 200/4000)
Remote Support
SonicWALL Virtual Assist* can be easily configured and licensed via the administrative interface as a cost effective alternative to traditional remote support tools. Browserbased thin clients are pushed to Technicians and Customers in order to establish a session through the cloud via an SSL VPN product.
(SSL-VPN 4000)
Enhanced Solution
SonicWALL Secure Remote Access appliances integrate seamlessly into virtually any network topology and can be easily deployed alongside any third-party firewall. When deployed with a SonicWALL Network Security/Unified Threat Management
(UTM) firewall appliance running Gateway Anti-Virus, Anti-Spyware and Intrusion Prevention Service along with Application
Firewall, enhanced security benefits are realized. Moreover, endpoint security can be enforced by deploying NetExtender in conjunction with Enforced Client Anti-Virus and Anti-Spyware on managed PCs. Virtual Assist also benefits from the seamless integration by leveraging the appliance’s local and external authentication facilities.
*Available only on the SSL-VPN 4000 and SRA 4200
*Available only on the SSL-VPN 4000 and SRA 4200
3
Personalized
Web Portal
SonicWALL
SRA Appliance
3 Files and
Applications Intranet
User
Desktop
Remote User
SSL Encrypted
Traffic
1
Internet
SonicWALL NSA or
TZ Security Appliances
Decrypted
Traffic
4
Unified Threat
Management
Scanning
Other
Servers and
Applications
Citrix
XenApp and
Microsoft
Terminal Servers
Other
Desktops
Corporate LAN
2
RSA*,
Vasco*,
Active
Directory,
RADIUS,
LDAP or local database
Remote User
3
Personalized
Web Portal
SonicWALL
SRA Appliance
3 Files and
Applications Intranet
User
Desktop
SSL Encrypted
Traffic
1
SonicWALL SRA Appliance
Traffic
Internet
Customer SonicWALL NSA or
TZ Security Appliances
Decrypted
Traffic
4
2
Technician
3
Personalized
Web Portal
Files and
Applications Intranet
SonicWALL
SRA Appliance
Remote Access Solution
With an increasingly mobile workforce and greater threats of unexpected disruptions, remote access has become a business necessity. A SonicWALL SRA appliances for the SMB product deployed
Traffic
3
User
Desktop
Personalized
Web Portal
Unified Threat
Management
Scanning
Other
Servers and
Applications
Citrix
XenApp and
Microsoft
Terminal Servers
Other
Desktops
Corporate LAN
2
3 Files and
Applications Intranet
User
Desktop
SonicWALL
SRA Appliance
1
2
3
4
SonicWALL NSA or corporate network resources from anywhere outside the LAN.
Management
Scanning
SSL Encrypted
Traffic and
Applications
Citrix
XenApp and
Microsoft
Terminal Servers
1
Other
Desktops
RSA*,
Vasco*,
Active
Directory,
RADIUS,
LDAP or local database
Decrypted
Traffic
SonicWALL SRA Appliance
2
Technician
Incoming HTTPS traffic is seamlessly forwarded by the SonicWALL NSA or TZ Series network security appliance to the SonicWALL SSL VPN appliance, which decrypts and authenticates network traffic.
Users are authenticated using the onboard database or through third-party authentication methods
4
Remote User
Unified Threat
Management
Scanning
Internet
Other
Servers and
Applications
Citrix
XenApp and
Microsoft
Terminal Servers
Other
Desktops
RSA*,
Vasco*,
Active
Directory,
RADIUS,
LDAP or local database
NetExtender Client
A personalized Web portal provides access to only those resources that the user is authorized to view based on company policies.
Corporate LAN
Traffic is passed back to the NSA or TZ Series network security appliance where it is fully inspected for viruses, worms, Trojans, spyware and other sophisticated threats by the SonicWALL
Location 1
*
SonicWALL
SRA Appliance
SonicWALL SRA Appliance
VPN
Location 2
RSA*,
Vasco*,
Active
Directory,
RADIUS,
LDAP or local database
Technician
Hub/
Switch Modem
Internet
Customer
Remote Support Solution
Location 3 it is becoming increasingly important for organizations to provide remote
SonicWALL CDP Appliance
Local Area Network
Location 4
Technician
Location 5 support using expensive and cumbersome tools can undermine IT service level agreements and inhibit remote worker productivity. Using a SonicWALL
Customer instantly access a remote device over the Web, transfer files, and chat with the end user, enabling rapid diagnosis and problem resolution, without the need for pre-installed “fat” client.
NetExtender Client running SonicWALL Agent
Disaster Recovery Solution
Disaster recovery can be triggered by a catastrophic event like a hurricane
Local Client or epidemic, or by something as simple as a regional power outage, severe weather, flu outbreaks, or flooding of an office building because of a burst water pipe. Business disruption can mean lost opportunities, revenues, or reputation. SonicWALL SSL VPN and CDP products with a subscription to
SonicWALL CDP Offsite Data Backup Service enable employees that are not able to physically get to the corporate office, access your corporate resources remotely via a secure SSL VPN connection. Corporate resources are always accessible as they are backed up both locally and offsite.
NetExtender Client running SonicWALL Agent
Hub/
Switch
SonicWALL
SRA Appliance
SonicWALL CDP Appliance
Router/
Modem
VPN
Internet
Location 1
Location 2
Location 3
Location 4
Local Area Network
Internet
Location 5
Wireless Authentication
The SonicWALL appliance can be configured to authenticate WLAN users, granting these users
WLAN
SonicWALL
SRA Appliance
SonicPoint N access to internal resources while keeping the session secure. The benefit to this method of acccess is “clientless”
Hub/
Switch
Local Area Network
Wireless user obtains DHCP lease on the
WLAN network.
Firewall
Location 1
VPN
Clean Wireless Solution NetExtender Client
LAN
Location 2
Encrypted Traffic
Router/
Modem
DMZ/SSLVPN
Internet
SonicWALL
SRA Appliance
Step 2:
When browser is opened, the user is redirected to the appliance and prompted for authentication.
organizations are implementing wireless networks and using SSL
Local Client
Workstations
Location 3
SonicWALL
SRA Appliance
AD Server
SSL VPNs integrate seamlessly with SonicWALL wireless access
VPN solutions. A SonicWALL SSL VPN deployed alongside a SonicWALL
UTM firewall and several SonicPoints ensure that users get access
Step 3:
Location 4
Once authenticated, the user can open a
NetExtender session which will create a
“tunnel all” route from the client’s system to the appliance. The user will be given a from anywhere on campus and the wireless connections are
Router/
Modem
Internet encrypted via the SSL protocol. As an added bonus, remote workers
SSL VPN connection. IT maintains centralized, granular access control
SonicWALL CDP Appliance access internal and external resources.
over who can access what resources from using a single gateway.
Location 4
Local Area Network
Location 5
Internet
Wireless Authentication
The SonicWALL appliance can be configured to authenticate WLAN users, granting these users access to internal resources while keeping the session secure. The benefit to this method of acccess is “clientless” access from the WLAN.
WLAN
SonicPoint N
Firewall
LAN
Encrypted Traffic
DMZ/SSLVPN
Step 1:
Wireless user obtains DHCP lease on the
WLAN network.
Wireless User SonicWALL
SRA Appliance
Workstations AD Server
Wireless Authentication
The SonicWALL appliance can be configured to authenticate WLAN users, granting these users access to internal resources while keeping the session secure. The benefit to this method of acccess is “clientless” access from the WLAN.
Wireless User
Step 1:
Wireless user obtains DHCP lease on the
WLAN network.
WLAN
SonicPoint N
Internet
Firewall
Step 1:
Wireless user obtains DHCP lease on the
WLAN network.
LAN
Encrypted Traffic
Step 2:
When browser is opened, the user is redirected to the appliance and prompted for authentication.
DMZ/SSLVPN
SonicWALL
SRA Appliance
Wireless Authentication
The SonicWALL appliance can be configured to authenticate WLAN users, granting these users
WLAN
SonicPoint N
Workstations AD Server resources while keeping
Step 3: the session secure. The benefit to this method
Once authenticated, the user can open a of acccess is “clientless” access from the WLAN.
“tunnel all” route from the client’s system to the appliance. The user will be given a
Wireless User access internal and external resources.
Internet
Step 2:
When browser is opened, the user is redirected to the appliance and prompted for authentication.
Firewall
DMZ/SSLVPN
SonicWALL
SRA Appliance
LAN
Encrypted Traffic
Workstations
Step 3:
Once authenticated, the user can open a
NetExtender session which will create a
“tunnel all” route from the client’s system to the appliance. The user will be given a
NetExtender client subnet and can now access internal and external resources.
AD Server
Step 2:
When browser is opened, the user is redirected to the appliance and prompted for authentication.
Step 3:
Once authenticated, the user can open a
NetExtender session which will create a
“tunnel all” route from the client’s system to the appliance. The user will be given a
NetExtender client subnet and can now access internal and external resources.
SonicWALL SSL-VPN 200
(US/Canada) 01-SSC-5946
SonicWALL Dynamic Support
8x5 (1-year)
01-SSC-5642
SonicWALL Dynamic Support
8x5 (2-year)
01-SSC-6244
SonicWALL Dynamic Support
8x5 (3-year)
01-SSC-6245
SonicWALL Dynamic Support
24x7 (1-year)
01-SSC-5643
SonicWALL Dynamic Support
24x7 (2-year)
01-SSC-6246
SonicWALL Dynamic Support
24x7 (3-year)
01-SSC-6247
SonicWALL SRA 4200
50 User
01-SSC-5980
SonicWALL Dynamic Support 8x5
Up to 50 users (1-year)
01-SSC-5687
SonicWALL Dynamic Support 8x5
Up to 50 users (2-year)
01-SSC-5988
SonicWALL Dynamic Support 8x5
Up to 50 users (3-year)
01-SSC-5989
SonicWALL Dynamic Support 24x7
Up to 50 users (1-year)
01-SSC-5984
SonicWALL Dynamic Support 24x7
Up to 50 users (2-year)
01-SSC-5985
SonicWALL Dynamic Support 24x7
Up to 50 users (3-year)
01-SSC-5986
SonicWALL SSL-VPN 4000
(US/Canada)
01-SSC-5960
SonicWALL Dynamic Support
8x5 (1-year)
01-SSC-6248
SonicWALL Dynamic Support
8x5 (2-year)
01-SSC-6249
SonicWALL Dynamic Support
8x5 (3-year)
01-SSC-6250
SonicWALL Dynamic Support
24x7 (1-year)
01-SSC-6251
SonicWALL Dynamic Support
24x7 (2-year)
01-SSC-6252
SonicWALL Dynamic Support
24x7 (3-year)
01-SSC-6253
Specifications
SonicWALL SSL VPN Series
Performance
SSL-VPN 200 Recommended for organizations with 50 or fewer employees
Concurrent User License: Unrestricted
Recommended Maximum
Concurrent Users: 10
SRA 4200 Recommended for organizations with 500 or fewer employees
Maximum allowable concurrent Virtual
Assist technicians: 5
Concurrent User License: Unrestricted
Recommended Maximum
Concurrent Users: 50
SSL-VPN 4000 Recommended for organizations with 500 or more employees
Maximum allowable concurrent Virtual
Assist technicians: 25
Concurrent User License: Unrestricted
Recommended Maximum
Concurrent Users: 200
Key Features
Applications Supported
Proxy
NetExtender
Encryption
Citrix (ICA),* HTTP, HTTPS, FTP, SSH, Telnet, RDP,
VNC, Windows® file sharing (Windows SMB/CIFS)
Any TCP/IP based application: ICMP, VoIP, IMAP,
POP, SMTP, etc.
DES (128), 3DES (128, 256), AES (128, 192, 256),
ARC4 (128), MD5, SHA-1
Authentication RSA,* Vasco, One-time Passwords, Internal user database RADIUS, LDAP, Microsoft, Active
Directory, Windows NT Domain
Multiple Domain Support Yes
Fine Grain Access control At the user, user group and network resource level
Session Security
Certificates
Server
Client
Inactivity timeouts prevent unauthorized use of inactive sessions
Self-signed with editable common name and and imported from third parties
Optional client certificates supported*
Cache Cleaner
Client PC Operating Systems
Supported
Proxy
NetExtender
Configurable. Upon logout all cached downloads, cookies and URLs downloaded through the SSL tunnel are erased from the remote computer
All operating systems
Windows 2000, 2003, XP/Vista (32-bit and 64-bit)
Win Mobile 5 (Pocket PC), Win Mobile 6
(Classic/Professional), MacOS 10.4+ (PowerPC and
Intel), Linux Fedora Core 3+ / Ubuntu 7+ / OpenSUSE
Web Browsers Supported
Personalized Portal
Management
Usage Monitoring
Microsoft Internet Explorer, Firefox Mozilla
The remote user sees only those resources that the administrator has granted access to based on company policy
Web GUI (HTTP, HTTPS), Send syslog and heartbeat messages to GMS (4.0 and higher)
Graphical monitoring of memory, CPU, users and bandwidth usage*
Logging Detailed logging in an easy-to-read format,
Syslog supported e-mail alerts
Single-Arm Mode Yes
SonicWALL Virtual Assist* Connection to remote PC, chat, FTP and diagnostic tools
IPv6 Support*
Application offloading*
Basic
Yes
Hardware
Dimensions
SSL-VPN 200
SRA 4200
SSL-VPN 4000
Weight
SSL-VPN 200
SRA 4200
SSL-VPN 4000
Major Regulatory
Compliance
Environment
MTBF
SSL-VPN 200
SRA 4200
SSL-VPN 4000
Hardened Security Appliance
SSL-VPN 200 Yes
SRA 4200
SSL-VPN 4000
Yes
Yes
Cryptographic Hardware Acceleration
SSL-VPN 200
SRA 4200
SSL-VPN 4000
Yes
Yes
Yes
Interfaces
SSL-VPN 200
SRA 4200
SSL-VPN 4000
(5) 10/100 Ethernet
(4) Gigabit Ethernet, (2) USB, (1) Console
(6) 10/100 Ethernet, (1) Serial port
Processors
SSL-VPN 200
SRA 4200
SSL-VPN 4000
Memory (RAM)
SSL-VPN 200
SRA 4200
SSL-VPN 4000
SonicWALL security processor, cryptographic accelerator x86 main processor, cryptographic accelerator
P4 Celeron main processor, cryptographic accelerator
128 MB
2 GB
1 GB
Flash Memory
SSL-VPN 200
SRA 4200
SSL-VPN 4000
Power Supply
SSL-VPN 200
SRA 4200
SSL-VPN 4000
Max Power Consumption
SSL-VPN 200
SRA 4200
SSL-VPN 4000
Total Heat Dissipation
SSL-VPN 200
SRA 4200
SSL-VPN 4000
16 MB
1 GB
128 MB
20W, 12VDC, 1.66A
Internal
Internal
10.4 W
75 W
108 W
35.6 BTU
256.0 BTU
368.3 BTU
7.45 x 4.55 x 1.06 in
18.92 x 11.56 x 2.69 cm
17.00 x 10.13 x 1.75 in
43.18 x 25.73 x 4.45 cm
17.00 x 13.25 x 1.75 in
43.18 x 33.66 x 4.45 cm
3.00 lbs
1.36 kg
15.00 lbs
6.80 kgs
18.50 lbs
8.39 kg
FCC Class A, ICES Class A, CE, C-Tick, VCCI
Class A, MIC, NOM, UL, cUL, TUV/GS, CB
32-105˚ F, 0-40˚ C
Humidity 5-95% RH, non-condensing
9.0 years
8.3 years
9.2 years
* Available only on the SSL-VPN 4000 and SRA 4200
For more information on SonicWALL Secure Remote Access for SMB solutions, visit www.sonicwall.com.
SonicWALL, Inc.
2001 Logic Drive
San Jose, CA 95124
T +1 408.745.9600
F +1 408.745.9300
www.sonicwall.com
©2009 SonicWALL and the SonicWALL logo are registered trademark of SonicWALL, Inc. Other product names mentioned herein may be trademarks and/or registered trademarks of their respective companies. Specifications and descriptions subject to change without notice. 10/09 SW 750
advertisement
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project