SonicWALL Secure Remote Access Series for the SMB

SonicWALL Secure Remote Access Series
for the SMB
SECU R E R E M OT E ACCE SS
Easy-to-use, affordable and clientless secure remote access
In recent years, there has been an increased dependence on mobile workers. This has prompted
a need for providing secure remote access to network resources as well as remote control PC
access. SonicWALL® provides a solution that meets the needs of organizations with demanding
remote workforce requirements. SonicWALL Secure Remote Access (SRA) solutions are simple to
deploy and even easier to use for a fraction of the price of most other products.
n Seamless
integration
behind virtually any
firewall
n Clientless
connectivity
n NetExtender
technology
n Granular
policy configuration controls
n Personalized
n Remote
Web portal
support
n Tokenless
two-factor authentication
n Mobile
device support
n Application
offloading
n Context-sensitive
n Enhanced
help
layered
security in a SonicWALL
environment
Remote access has never been so simple to use. Mobile employees only require a standard
browser to log into a portal which provides access to e-mail, files, Web applications and
internal Web sites. For even more powerful capabilities such as secure access to any
resource on the corporate network including servers and local applications, the appliances
transparently push a downloadable thin client (NetExtender) to the user’s desktop or laptop.
Remote support is also easy to implement using SonicWALL Virtual Assist.* It is a clientless
tool that enables a technician to assume control of a customer’s computer in order to provide
assistance. As a result, service can be provided on-demand while keeping costs low.
Features and Benefits
Seamless integration behind virtually any
firewall enables organizations to leverage the existing
network infrastructure.
Clientless connectivity removes the need for
a pre-installed VPN client, thus freeing administrators
from a tedious and costly task.
NetExtender technology enables network level
access to resources, services and applications.
Granular policy configuration controls enable
network administrators to create policies that “lock
down” a user to specific applications/resources and
prevent unauthorized access to them.
A personalized Web portal displays only those
resources that are available to the user based on
company policy.
Remote support using SonicWALL Virtual Assist*
enables technicians to provide secure on-demand
assistance to customers while leveraging the existing
infrastructure.
*Additional license required; only available as a software add-on module for the SSL-VPN 4000 and SRA 4200
**Available only on the SSL-VPN 4000 and SRA 4200
Tokenless two-factor authentication provides enhanced
protection against key loggers by combining a unique onetime password, generated by the SSL VPN appliance and
sent to a remote user’s mobile device or e-mail address, with
the user’s network user name and password.
Mobile device support to access an entire intranet
as well as Web-based applications provides greater
flexibility for a remote workforce.
Application offloading** enables users to access
Web applications securely by leveraging strong
authentication and granular access policy features.
Context-sensitive help is provided throughout
the administrative interface and end-user portal,
increasing management flexibility and ease-of-use.
Enhanced layered security is enabled when
deployed alongside a SonicWALL Network Security
Appliance which utilizes powerful deep packet
inspection technology to scan traffic for malicious
threats such as viruses, worms, Trojans and spyware.
The combined solution is known as SonicWALL Clean VPN.
SonicWALL Secure Remote Access Series for SMB – Any time, anywhere access to resources
Granular Access to Authorized Users
The SonicWALL Secure Remote Access (SRA) Series for small- to medium-sized businesses (SMB) extends secure remote access
beyond managed employees to unmanaged remote employees, partners, and customers. A customizable portal enables users
to access specific resources via a Web browser as defined by a company’s IT policy.
Employee on Corporate
Laptop in Hotel
Secure
Files and
Applications
Intranet
User
Desktop
Tightly Controlled
and Managed by
IT Department
Employee on
Home Computer
remote access
Employee on
Airport Kiosk
SonicWALL Appliance
at Corporate Network
that’s easy to
Authorized
Partner
deploy, use and
Not Controlled
and Managed by
IT Department
Authorized
Customer
Other
Servers and
Applicatons
won’t break
Citrix Presentation
Servers™ (ICA) and
Microsoft Terminal
Servers
Other
Desktops
Corporate LAN
Broad Access to Resources
your budget
SonicWALL SRA solutions for SMB can be used to provide users with access to a broad
range of resources.
Awards
n
NetExtender enables native access to corporate network applications such as
Microsoft® Outlook
n
The Virtual Office portal enables Web-based access to intranet (HTTP, HTTPS),
file (FTP, CIFS), desktop (Citrix®*, Terminal Server, VNC), and terminal (Telnet, SSH)
resources
Simple to Manage
(SSL-VPN 200)
Certifications
SonicWALL SSL VPN solutions feature an intuitive Web-based management interface
which offers context sensitive help to enhance usability. In addition, multiple products
can be centrally managed using the SonicWALL Global Management System (GMS
v4.0+). Resource access via the products can be effortlessly monitored using the
SonicWALL ViewPoint reporting tool.
Remote Support
SonicWALL Virtual Assist* can be easily configured and licensed via the administrative
interface as a cost effective alternative to traditional remote support tools. Browserbased thin clients are pushed to Technicians and Customers in order to establish a
session through the cloud via an SSL VPN product.
(SSL-VPN 200/4000)
Enhanced Solution
(SSL-VPN 4000)
SonicWALL Secure Remote Access appliances integrate seamlessly into virtually any network topology and can be easily
deployed alongside any third-party firewall. When deployed with a SonicWALL Network Security/Unified Threat Management
(UTM) firewall appliance running Gateway Anti-Virus, Anti-Spyware and Intrusion Prevention Service along with Application
Firewall, enhanced security benefits are realized. Moreover, endpoint security can be enforced by deploying NetExtender in
conjunction with Enforced Client Anti-Virus and Anti-Spyware on managed PCs. Virtual Assist also benefits from the seamless
integration by leveraging the appliance’s local and external authentication facilities.
*Available only on the SSL-VPN 4000 and SRA 4200
ypted
ffic
Traffic
SonicWALL SRA Appliance
SonicWALL NSA or
TZ Security Appliances
Remote User
Technician
3
Personalized
Web Portal
Customer
Internet
SonicWALL Secure Remote Access Solutions
forandSMB
3 Files
Applications
SonicWALL
SRA Appliance
Decrypted
Traffic
Internet
4
Unified Threat
Management
Scanning
User
Desktop
Intranet
2
Citrix
Other
Other
XenApp and
Servers
Desktops
Microsoft
and
Applications Terminal Servers
RSA*,
Vasco*,
Active
Directory,
RADIUS,
LDAP
or local
database
Corporate LAN
Remote Access Solution
3
With an increasingly mobile workforce and greater threats of
1
unexpected disruptions,
remote access has become a business
Decrypted
necessity. A SonicWALL SRA appliances
for the SMB product deployed
Traffic
Internet
in one-arm mode alongside a SonicWALL UTM product or virtually
4
any other third
partyNSA
firewall
enables remote users to securely access
SonicWALL
or
TZ Security Appliances
corporate network resources from anywhere
outside the LAN.
Unified Threat
Personalized
Web Portal
3
2
SonicWALL
SRA Appliance
RSA*,
Vasco*,
Active
Directory,
RADIUS,
LDAP
or local
database
1
Management
Scanning SSL Encrypted
Citrix
Other
Other
Traffic
XenApp and
Servers
Desktops
Microsoft
and
Internet
Applications Terminal Servers
SonicWALL NSA or
Corporate
LAN Appliances
Remote User
TZ Security
Technician
1 Incoming HTTPS traffic is seamlessly forwarded by the SonicWALL NSA or TZ Series network security
Files and
Applications
User
Desktop
Intranet
Decrypted
Traffic
4
Unified Threat
Management
Scanning
2
SonicWALL SRA Appliance
RSA*,
Vasco*,
Active
Directory,
Customer
RADIUS,
LDAP
or local
database
Internet
Citrix
Other
Other
appliance to the SonicWALL SSL VPN appliance, which decrypts and authenticates network traffic.
XenApp and
Servers
Desktops
Microsoft
and
2 Users are authenticated using the onboard database or through third-party authentication methods
Applications Terminal Servers
such as RSA*, Vasco, RADIUS, LDAP, Microsoft Active Directory or Windows NT Domain.
Corporate LAN
3 A personalized Web portal provides access to only those resources that the user is authorized to view based
on company policies.
NetExtender Client
running
Agent for viruses, worms, Trojans, spyware and other sophisticated threats by the
4 Traffic is passed back to the NSA or TZ Series network security appliance where
it SonicWALL
is fully inspected
SonicWALL Unified Threat Management solution.
*
*Available only on the SRA 4200 and SSL-VPN 4000
Local Client
SonicWALL
SRA Appliance
Location 1
SonicWALL SRA Appliance
VPN
Technician
Internet
Hub/
Switch
Location 2
Customer
Remote Support Solution
With more employees working remotely and customers dispersed
globally, it is becoming increasingly important for organizations to
SonicWALL
SRA Appliance
provide
remote
support
for off-site business devices such as laptops or
Location
3
home PCs. Ineffective support using expensive and cumbersome tools
can undermine IT service level agreements and inhibit remote worker
Customer
Technician
a SonicWALL Virtual Assist on an SSL-VPN 4000 or SRA
Location 4 productivity. UsingInternet
4200 appliance, a Technician can instantly access a remote device over the
Location 5
Web, transfer files, and chat with the end user, enabling rapid diagnosis
and problem resolution, without the need for pre-installed “fat” client.
Internet
Router/
Modem
SonicWALL CDP Appliance
Local Area Network
NetExtender Client
running SonicWALL Agent
Disaster Recovery Solution
Disaster recovery can be triggered by a catastrophic event like a
Local Client
hurricane or epidemic, or by something as simple as a regional power
outage, severe weather, flu outbreaks, or flooding of an office building
because of a burst water pipe. Business disruption can mean lost
opportunities, revenues, or reputation. SonicWALL SSL VPN and CDP
products with a subscription to SonicWALL CDP Offsite Data Backup
Hub/
Service enable employees that are not able to physically get to the
Switch
corporate office, access your corporate resources remotely via a secure
SSL VPN connection. Corporate resources are always accessible asNetExtender
they
Client
running SonicWALL Agent
are backed up both locally and offsite.
Location 1
SonicWALL
SRA Appliance
VPN
Location 2
Internet
Router/
Modem
Location 3
SonicWALL CDP Appliance
Location 4
Local Area Network
Location 5
Internet
Local Client
Wireless Authentication SonicWALL
The SonicWALL applianceSRA Appliance
WLAN
can be configured to
authenticate WLAN users,
granting these users
SonicPoint N
access to internal
resources while keeping
the session
secure. The
Hub/
benefitSwitch
to this method
of acccess is “clientless”
access from the WLAN.
SonicWALL CDP Appliance
Wireless
User
Local
Area Network
Step 1:
Wireless user
obtains DHCP
lease on the
WLAN
network.
Firewall
Location 1
VPN
NetExtender Client
running SonicWALL Agent
Location 2
LAN
Internet
Encrypted Traffic
Local Client
Router/ DMZ/SSLVPN
Modem
SonicWALL
SRA Appliance
Step 2:
When browser is
opened, the user is
redirected to the
appliance and
prompted for
authentication.
Clean Wireless Solution
More corporations, universities, hospitals and governmental
Location 1
organizations are implementing wireless networks and using
VPN
SSL VPN as a secure and centralized access control solution.
2
SonicWALL SSL VPNs integrate seamlesslyLocation
with SonicWALL
wireless access solutions. A SonicWALL SSL VPN deployed
Location 4
Internet
Workstations
AD Server
alongside a SonicWALL UTM
firewall and several SonicPoints
Location
5
Hub/
Router/
ensure that
users get access from anywhere on
campus
Location
3 and
Step 3:
Switch
Modem
the wireless connections are encrypted via the SSL protocol.
Once authenticated, the user can open a
NetExtender session which will create a
SonicWALL
CDP ApplianceAs an added bonus, remote workers away from campus can
“tunnel all” route from the
client’s system
to the appliance. The user will be given a
connect into the corporate network via an
SSL VPN
connection.
Location
4
NetExtender client subnet
and can
nowNetwork
Local
Area
IT
maintains
centralized,
granular
access
control
over
who can
access internal and external resources.
5
access what resources from using a Location
single gateway.
Location 3
SonicWALL
SRA Appliance
Internet
Wireless Authentication
The SonicWALL appliance
Firewall
Specifications
SonicWALL SSL VPN Series
Performance
SonicWALL SSL-VPN 200
(US/Canada) 01-SSC-5946
SonicWALL Dynamic Support
8x5 (1-year)
01-SSC-5642
SonicWALL Dynamic Support
8x5 (2-year)
01-SSC-6244
SonicWALL Dynamic Support
8x5 (3-year)
01-SSC-6245
SonicWALL Dynamic Support
24x7 (1-year)
01-SSC-5643
SonicWALL Dynamic Support
24x7 (2-year)
01-SSC-6246
SonicWALL Dynamic Support
24x7 (3-year)
01-SSC-6247
SSL-VPN 200
Hardware
Recommended for organizations with 50 or
fewer employees
Concurrent User License: Unrestricted
Recommended Maximum
Concurrent Users: 10
SRA 4200
Recommended for organizations with 500 or fewer employees
Maximum allowable concurrent Virtual
Assist technicians: 5
Concurrent User License: Unrestricted
Recommended Maximum
Concurrent Users:
50
Recommended for organizations with 500 or more employees
25
Concurrent User License: Unrestricted
Cryptographic Hardware Acceleration
SSL-VPN 200 Yes
SRA 4200 Yes
SSL-VPN 4000
Yes
Interfaces
SSL-VPN 200 SRA 4200 SSL-VPN 4000
SSL-VPN 4000
Maximum allowable concurrent Virtual
Assist technicians:
Hardened Security Appliance
SSL-VPN 200 Yes
SRA 4200 Yes
SSL-VPN 4000
Yes
Recommended Maximum
Concurrent Users: 200
Key Features
Processors
SSL-VPN 200 SRA 4200 SSL-VPN 4000 Memory (RAM)
SSL-VPN 200 SRA 4200 SSL-VPN 4000
(5) 10/100 Ethernet
(4) Gigabit Ethernet, (2) USB, (1) Console
(6) 10/100 Ethernet, (1) Serial port
SonicWALL security processor, cryptographic
accelerator
x86 main processor, cryptographic
accelerator
P4 Celeron main processor, cryptographic accelerator
128 MB
2 GB
1 GB
Flash Memory
SSL-VPN 200 SRA 4200 SSL-VPN 4000
16 MB
1 GB
128 MB
Applications Supported
Proxy NetExtender
Citrix (ICA),* HTTP, HTTPS, FTP, SSH, Telnet, RDP,
VNC, Windows® file sharing (Windows SMB/CIFS)
Any TCP/IP based application: ICMP, VoIP, IMAP, POP, SMTP, etc.
Power Supply
SSL-VPN 200 SRA 4200 SSL-VPN 4000
20W, 12VDC, 1.66A
Internal
Internal
Encryption
DES (128), 3DES (128, 256), AES (128, 192, 256), ARC4 (128), MD5, SHA-1
Authentication
RSA,* Vasco, One-time Passwords, Internal user database RADIUS, LDAP, Microsoft, Active Directory, Windows NT Domain
Max Power Consumption
SSL-VPN 200 SRA 4200 SSL-VPN 4000
10.4 W
75 W
108 W
Multiple Domain Support
Yes
Fine Grain Access control
At the user, user group and network resource level
Total Heat Dissipation
SSL-VPN 200 SRA 4200 SSL-VPN 4000
35.6 BTU
256.0 BTU
368.3 BTU
Session Security
Inactivity timeouts prevent unauthorized use
of inactive sessions
SonicWALL Dynamic Support 24x7
Up to 50 users (1-year)
01-SSC-5984
Certificates
Server
Client
Self-signed with editable common name and
and imported from third parties
Optional client certificates supported*
Configurable. Upon logout all cached downloads,
cookies and URLs downloaded through the SSL tunnel are erased from the remote computer
7.45 x 4.55 x 1.06 in
18.92 x 11.56 x 2.69 cm
17.00 x 10.13 x 1.75 in
43.18 x 25.73 x 4.45 cm
17.00 x 13.25 x 1.75 in
43.18 x 33.66 x 4.45 cm
SonicWALL Dynamic Support 24x7
Up to 50 users (2-year)
01-SSC-5985
Cache Cleaner
Dimensions
SSL-VPN 200 SRA 4200
SSL-VPN 4000
SonicWALL Dynamic Support 24x7
Up to 50 users (3-year)
01-SSC-5986
Client PC Operating Systems
Supported
Proxy
NetExtender
All operating systems
Windows 2000, 2003, XP/Vista (32-bit and 64-bit)
Win Mobile 5 (Pocket PC), Win Mobile 6 (Classic/Professional), MacOS 10.4+ (PowerPC and Intel), Linux Fedora Core 3+ / Ubuntu 7+ / OpenSUSE
Weight
SSL-VPN 200 SRA 4200 SSL-VPN 4000 3.00 lbs
1.36 kg
15.00 lbs
6.80 kgs
18.50 lbs
8.39 kg
Major Regulatory
Compliance FCC Class A, ICES Class A, CE, C-Tick, VCCI
Class A, MIC, NOM, UL, cUL, TUV/GS, CB
Web Browsers Supported
Microsoft Internet Explorer, Firefox Mozilla
Personalized Portal
The remote user sees only those resources
that the administrator has granted access to
based on company policy
Environment
32-105˚ F, 0-40˚ C
Humidity 5-95% RH, non-condensing
Management
Web GUI (HTTP, HTTPS), Send syslog and heartbeat messages to GMS (4.0 and higher)
MTBF
SSL-VPN 200 SRA 4200 SSL-VPN 4000 9.0 years
8.3 years
9.2 years
Usage Monitoring
Graphical monitoring of memory, CPU, users and bandwidth usage*
SonicWALL Dynamic Support
8x5 (2-year)
01-SSC-6249
Logging
Detailed logging in an easy-to-read format,
Syslog supported e-mail alerts
Single-Arm Mode
Yes
SonicWALL Dynamic Support
8x5 (3-year)
01-SSC-6250
SonicWALL Virtual Assist*
Connection to remote PC, chat, FTP and diagnostic tools
IPv6 Support*
Basic
Application offloading*
Yes
SonicWALL SRA 4200
50 User
01-SSC-5980
SonicWALL Dynamic Support 8x5
Up to 50 users (1-year)
01-SSC-5687
SonicWALL Dynamic Support 8x5
Up to 50 users (2-year)
01-SSC-5988
SonicWALL Dynamic Support 8x5
Up to 50 users (3-year)
01-SSC-5989
SonicWALL SSL-VPN 4000
(US/Canada)
01-SSC-5960
SonicWALL Dynamic Support
8x5 (1-year)
01-SSC-6248
SonicWALL Dynamic Support
24x7 (1-year)
01-SSC-6251
* Available only on the SSL-VPN 4000 and SRA 4200
SonicWALL Dynamic Support
24x7 (2-year)
01-SSC-6252
SonicWALL Dynamic Support
24x7 (3-year)
01-SSC-6253
For more information on SonicWALL Secure Remote Access for SMB solutions, visit www.sonicwall.com.
SonicWALL, Inc.
2001 Logic Drive
T +1 408.745.9600
San Jose, CA 95124
F +1 408.745.9300
www.sonicwall.com
©2009 SonicWALL and the SonicWALL logo are registered trademark of SonicWALL, Inc. Other product names mentioned herein may be trademarks and/or registered trademarks of their
respective companies. Specifications and descriptions subject to change without notice. 10/09 SW 750