Transcript Presentation_-_FirePass_SSL_VPNv3.pptx

1
F5 Security Products
FirePass SSL VPN
Presented by:
Product Management
Version 3
Oct. 17, 2008
2
Presentation Topics
SSL VPN market and Trends
FirePass SSL VPN Base Functional Overview.
Features and Benefits – Reflects release 6.0.2
Release 6.0.3 – Sept. 08
FirePass Look-ahead Strategy
Selling our solution
Resource help
Summary
3
The Leader in Application Delivery Networking
Remote Users
At Home
On the Road
Datacenter
Application
Delivery
Network
FirePass
Microsoft
Outlook
Browser
Microsoft
Exchange Server
4
TheInfoPro Wave 3 Survey – Spring 2007
TheInfopro interview with all 133 Fortune 1000 and midsize enterprise customers
Top Concerns:
–
Network security continues to top the list of areas of concern, along with managing growth while keeping costs under
control, managing network performance under demanding conditions, including addressing the issue of aging
hardware
5
SSL VPN Market
 Source: Gartner Dataquest (April 2007)
6
SSL World Wide Revenue 2005-2010
SSL Total Sales
500
450
400
350
300
M illions of
250
Dollars
200
150
100
50
0
2005
2006
2007
2008
From Gartner® SSL VPN Vendor Revenue Forecast Published 7/06
2009
2010
7
Market Trends
Enterprise
• Anytime/Anywhere Access
• Continuous Business Operations
• Lower Costs
IT Staff
Squeezed
• Overworked
• Expanding Security Needs
Users
• Reliable and Easy to use
• Support for non-Windows machines
• More than just webmail
8
Market Trends
SSL VPN is becoming the mainstream technology of choice for remote
access. Key trends and drivers for the SSL VPN market and the potential
impacts are:
Market Trend
Potential Impact
Consolidation of remote access across the
enterprise
Need for highly scalable, high performance SSL
VPNs for ALL remote access needs
Increasing use of mobile devices in the enterprise
Need for remote access from emerging mobile
device/client Operating Systems
Disaster recovery and business continuity planning
Need for anytime, anywhere access during
emergencies using SSL VPN technology
Increasing use of wireless LAN in the enterprise
for employee and guest access
Need for securing access to wireless LAN
Securing internal LAN access from un-authorized
users and client devices
Need for high performance access control solution
to secure internal LAN access
9
Application Delivery Network
Security is a key technology and Solution component of ADN
International
Data Center
Users
Applications
Big-IP
Local
Global
Link
Traffic
Traffic Controller
Manager
Manager
Secure
Acceleration
Access
WANFirePass
optimization
SSL VPN
Web –
Acceleration ASM - Web
App Firewall
TMOS
iControl/ iRules
Enterprise Manager
Storage
Virtualization
Acopia
11
Key FirePass Features
Access Control
– Authentication
– Authorization
– Endpoint Security
– Audit
Application Access Modes ( Connectivity Options )
– Network Access
– Application Access
– Portal Access
Visual Policy Management
Clustering & Failover
Platforms – SMB to large enterprises
12
FirePass 6.0.3 Key Feature Summary
(Released September 2008)
Support for FullArmor Group Policy Anywhere functions
Protected Workspace enhancements
Java bases AppTunnels and terminal services
FirePass Reverse Proxy enhancements
Windows Vista SP1 and Windows XP 3 support
MAC Intel client 10.5 support and enhancements
Standalone client enhancements
Product serviceability, guide, and online help
improvements
13
User Authentication with Master Groups
Wide range of Authentication
–
–
–
–
–
–
Active Directory
LDAP
RADIUS
Client Certificates
2-Factor Auth (RSA SecurID and others)
HTTP Forms based and Basic Auth
Authentication based on Group
– For e.g., 2-Factor auth for employees, RADIUS auth
for partners
14
Simplified Access Policy Management using
Resource Groups
FirePass Features & Functions
• Resource Alias – Automated update of access policies based on resource
• Resource Groups – Drastically reduces changes to individual access policies new
resources are added/modified
• Enterprise Integration – Integration with AD, RADIUS, LDAP, Citrix MetaFrame etc.
Multiple User Groups
Multiple Resources
Corporate
Resource Group
HR Application
Intranet
Employee Group
Business Benefit:
•
Simplification by reducing
configuration changes
•
Automated policy updates
via Instant Access Policy
Provisioning
•
Adaptable to new
business needs
•
Instantly provision new
resources
•
Change resources without
having to update individual
access policies
Microsoft
Exchange
Sales
Resource Group
Sales Dept Group
15
Strong Endpoint Security
• Client Integrity Checking
– Checks for AV/FW software, OS patch etc.
• Protected (Secure) Workspace
– Prevent accidental file leakage
• Cache Cleaner
– Clear temp. files, browser cache
• Device level authentication
– Machine certificates
– Well known process
– Pre-defined registry entry
16
Access Modes
Portal Access
– Access to Web applications & portals via FirePass Reverse Proxy
– Web based access to email, windows files
– Any browser based client device including mobile devices
Application Access
– Access to specific client/server applications (hosts, ports)
– Application level audit and access control
– Windows 2000/XP/Vista clients
Network Access
– Support for ANY TCP/UDP network applications
– Full layer 3 network access (IPSec equivalent)
– Broad client support Windows, Mac, Linux, PocketPC &
SmartPhone
17
FirePass Network Access
®
Extend Corporate Network to Employees from Corporate Device
Corporate Network
Corporate Laptop
Browser
Microsoft
Outlook
Microsoft
Exchange Server
Network Access
FirePass®
SSL VPN Tunnel
Benefits:
• Increased productivity
• Reduced operational costs
Client support
Enterprise integration
Application access
• Windows Vista, XP, 2000
• Windows Mobile 5 & 6
(Pocket PC & Smartphone)
• Linux
• Automated deployment
• Centralized policies
• VLAN Support
• Any Internet connection
• Mac (incl. Intel based Mac)
• Any IP-based application
• Optimization
18
FirePass Network Access
®
Endpoint Security Features
FirePass®
Full
Network
Quarantine
Network
Please update
your machine!
Benefits: • Strong Security • Protection against attacks
Deep integrity check
Quarantine policy support
• Specific antivirus / FW checks
• Registry, client cert, file checks
• Windows OS patch levels
• Ensure policy compliance
• Automatic direction to quarantine
19
Application Access
Secure Extranet or Employee Access
Corporate Network
Partner PC
• Terminal Servers
• Legacy Hosts
• Citrix
Browser
Microsoft
Outlook
Application Access
FirePass®
SSL VPN Tunnel
Benefits: • Strong Security
• Client/Server
Applications
• Application-level auditing
Client support
Restricted access
Detailed logging
– Standard web browsers
– Java/ActiveX capable
– Defined applications
– No network connection
– Session details
– Specific applications
20
Citrix Application Interoperability
Flexible Integration
Options
Session Reliability
Support
– Terminal Services
– Static AppTunnels
– Portal Access
Citrix Seamless Windows Support
Citrix Deployment
Guide on f5.com
21
Portal Access
Secure Ubiquitous Access from Any Web-Enabled Device
Corporate Network
Kiosk/Home PC
• Web
• Email
• File Servers
Browser
Portal Access
FirePass®
SSL
Benefits: • Improved productivity
• Reduced operational costs
Client support
Directory integration
Application Ready Access
• Any web-enabled device
• SSL security
• Automated group mapping
• OWA 2007, SharePoint 2007, Oracle,
• SSO integration
SAP Portal, Peoplesoft HR Portal etc.
• Wide range of web app content
22
Web Application Interoperability
Next generation reverse proxy
– New and improved HTML and JavaScript
Parsing Engines
Application Ready Access
– Outlook Web Access (OWA) 2007
– SharePoint 2007
– iNotes 7.0
– Oracle Portal (3.1) to 10g
– PeopleSoft HR Portal 8.1
– SAP Portal
– ..
Emerging Web 2.0 Content Support
– HTML, Javascript, Java, Flash,
AJAX
Web Server
Client
FirePass
Reverse Proxy
Internet
23
Desktop / Laptop Client OS Support
• Intel Macs
• Client/Server Apps
• Web based Apps
• Web based Files
• Vista 64 bit
• Client/Server Apps
• Web based Apps
• Web based Files
• XP 64 bit
• Client/Server Apps
• Web based Apps
• Web based Files
24
MS SharePoint & OWA 2007 Application
Delivery
• Security
• Firepass Reverse Proxy
• Granular Access Policy
• Performance
• Web Acceleration
• Local Traffic Management
• Availability
• Access from any device
• Global Load Balancing
25
Portal Access
Policy-based security controls
Corporate Network
Kiosk/Home PC
• Web
• Email
• File Servers
Cache/Temp File
Cleanup
Content Inspection
Engine
Protected Workspace
Portal Access
FirePass®
SSL
Benefits: • Enhanced Security
Public Access Security
Reverse proxy
Content Inspection
– Cache cleanup
– Protected workspace
– URL obfuscation
– Cookie protection
– Browser cache control
– Block inappropriate traffic
– Integrated virus scanner
26
Improving the User Experience
27
Enhanced Mobile User Support
“Holy cow!! Forget MobileMe, I now have my
entire work calendar on my iPhone so I can
manage my work and personal life much
better. It also worked extremely well for mail.”
— F5 Beta Tester Feedback
28
Mobile User Support
Application ready
Access
Mobile user
Authorized
Applications
Visual Policy Editor
Windows Mobile 5
& 6 Support
+
-
Portal
Access
End-Point Secure
Access Policy
Management
+
Firewall
Internet
FirePass®
Specific
Application
Access
Tunnel
iPhone
support
Standard (Safari)
Browser
Intranet
Network
Access
29
Visual Policy Editor
Simplified policy management
Point and click interface to easily define end-point access policies
Single point of management for FirePass clusters
30
Visual Policy Editor
Graphically associates a
policy relationship between
end-points, users and
resources
31
Group Policy for Remote & Mobile Users
Extend Group Policy to nonDomain endpoints.
Protects against loss of
sensitive data.
Regulatory concerns?
Comply with HIPAA, PCI &
GLBA.
Integrated with Visual Policy
Editor for easy deployment.
32
Group Policy Creation
Pre-defined
templates for
common
policies
Custom
template
upload option
33
Customization
34
FirePass Provides Enterprise
Class Scale and Availability
Scalability
Supports up to 2,000 concurrent
users per device
Support up to 20,000 users per
cluster
“The reliability is very good. The
FirePass boxes have been running
flawlessly for about a year now”
- Salvatore Ranazzisi, Global Network
Architect, Organon Pharmaceuticals
Availability
Out of the box clustering (no 3rd
party products required)
Built in load-balancing
Optimized integration with F5
traffic management products
Redundant Hardware and
Software Options Available
“FirePass failover capability is
excellent. ”
- Joseph Girodo, Group Manager, Sports
Authority
35
Best in Class SSL VPN
The FirePass 4100 is the best remote access solution we've seen to date. It trumps other SSL VPN
offerings with its ease of use, industrial strength hardware platform and advanced security features for
unmanaged endpoint devices, one of the biggest risks emerging in this space.
--George Wrenn - editor, Information Security Magazine
Best in Class Features &
Performance
Security
• Broad End Point Security
- Anti virus, Firewall, OS, File Checks
• Granular Access Policies
Productivity
• Secure Remote Access
- Any Time, Any Place
- Any Application
- Any Device
Scalability
• Up to 2,000 conc. users
• Up to 20,000 conc. user clustering
•Scale with LTM Integration
Lowest Cost
of Ownership
Broad Infrastructure Support
• Any Client / Application
• 3rd Party Infrastructure
- Active Directory, LDAP, etc
Lowest Cost Pricing Structure
• Most features included with core price
• Flat fee failover device
Easy Maintenance & Deployment
• Award-winning GUI
• Visual Based Policy Editor
• Home page and GUI localization
Established Market
Leadership
Reader Trust
Product cited in Best
IPSec/SSL VPN category
of Reader Trust Awards
2007
Network World
Network World 2006
‘Best of Tests’ Finalist
Award
Frost & Sullivan
Frost & Sullivan Award
for Market Penetration
Leadership Award
October 2007
EAL-2
ADV_SDM
ALC_FLR.1
36
FirePass Clustering
Cluster Nodes can be
located anywhere
Policy, Resource, Access
information is distributed
US
Cluster master
– Logs are centralized
EMEA
IP config is not distributed
– IP, DNS, Routes are local to
cluster
– For example, the same
RADIUS server can be
defined identically but will
resolve differently
APAC
37
FirePass platform selection guide
1200
4100
4300
SME
Medium Enterprise
Medium to Large Enterprise,
Service Providers
50 to 250
250 to 5500
2500 to several 10,000s
Recommended conc. users
(per price/performance)*
100
500
2000
Max. conc. users per device
100
2000
2000
2 (10/100)
4 (10/100/1000)
4 (10/100/1000)
Single
Core
Two Single Core
(Better Performance)
Two Dual Core
(Best Performance)
512 MB
4GB (on 4110, 4120, 4130)
and 8 GB (4140,
4150)
8GB
Redundant Power Supply
No
Optional
Yes (Built-in)
Optional fiber ports
No
No
Yes (2)
Clustering
No
Yes
Yes
Yes
Yes
Yes
Target company size
(# of Employees)
Included Ethernet ports
CPU Speed
Base memory
Failover
*Pricing is same on 4100 and 4300 for 1000 conc. users and above
38
FirePass Product Range
Small to Medium
Enterprise
FirePass 1200 Series
Entry level server designed for
the small to medium enterprise;
supports from 10 to 100
concurrent users
•1U rack-mount server
•Single core CPU
•Non-expandable
•10 – 100 concurrent users
•Host adapter
•Mobile adapter
Medium to Large
Enterprise
FirePass 4100 Series
FirePass 4300 Series
Designed for the medium size
enterprise; recommended up to
500 concurrent users per server
Designed for the medium to large
enterprise; supports up to 2000
concurrent users per server
•2U rack-mount server
•2 Single core CPU
•Cluster expandable to 10
nodes – 1 master node
and 9 slave nodes
•Recommended concurrent
user add-ons:
up to 500 concurrent
users per node, 20,000 max
in a cluster
•Host Adapter
• Hardware factory options
•SSL Card
•FIPS SSL card
•Additional memory
•2U rack-mount server
•2 Dual core CPU
•Cluster expandable to 10
nodes – 1 master node and 9
slave nodes
•Recommended concurrent user
•add-ons:
up to 2000 concurrent
users per node, 20,000 max
in a cluster
•Host adapter
• Hardware factory options
•SSL Card
•FIPS SSL Card
•Additional memory
39
FirePass Customers
Large enterprises, small/medium enterprises
(SME)
Service providers (Carriers & MSP)
Government organizations
Multiple industries
Reference Success Stories on F5.com
40
Key Discovery Questions
Who are the remote users (employees/partners/suppliers etc.) ?
What applications do your users need to access securely ?
What client devices/OS do you allow on your network ?
How many concurrent users require secure access ?
How do you enforce your endpoint security policy ?
How are your users authenticated ?
41
Who are the FirePass Competitors?
Juniper
– Secure Access (SA) Platform
Citrix
– NetScaler
Cisco
– ASA
Aventail
– EX Series
Others
– Microsoft Internet Access Gateway, NeoAccel, Nortel, Array, and
many more….
42
Key Differentiators
Best Endpoint Security Solution
– Protected Workspace and Cache Cleaner
– OS and AV inspection
– Group Policy Templates
Broader Client & Application
Interoperability
– Windows, iMac and Linux
– iPhone and WinMobile Devices
– Browser based and standalone client
software
Simplified Management and
Deployment
– Visual Policy Editor
– Integration with BIG-IP GTM
43
Resource Help
PMM/TMM
– Peter Silva – TMM
– Andy Oehler - PM
– Jonathan George - PMM
Product Management Engineers
–
Technical Team working with Product Management
• Keith R. FirePass, MSM, EM
• Brian T. WanJet, Web Accelerator
• Dan G. ASM, LTM
• Nat T. New Technology Research
• Mike L. LTM, GTM, Everything Else
Resources:
– *CAT (Outlook): Searchable Archives!
– Mainstreet Site (Competitive Repository Goldmine)
• http://mainstreet/sites/sales/competitive/
• “Engaging the CAT team” PDF
– “Monthly” Newsletter
44
Resource Help
F5.com - Product
–
http://f5.com/products/firePass
F5.Com White Papers
–
http://f5.com/solution-center/white-papers
Edge
Site being refreshed – complete by Feb 7th
– Sales/customer presentations
– Collateral
– White Papers
– Deployment Guide
45
What Can I Do To Expand FirePass Market
Share?
Theme: Market Leading Remote Secure Access Strategy New releases in April will make us a True market leader in:
Unified Access
Start talking about it
– Get a “buzz” going today for sales tomorrow
– Leverage existing customers; many still don’t know we have a
remote access security solution
– It is old news for us, but the majority of folks are still not educated
on the advantages of SSL VPN and/or FirePass in particular
Know the product, and have confidence in it
– Customers can smell fear and uncertainty; Juniper excels at
creating both
– The product is only as saleable as the people selling it
Leverage the F5 name
– F5 is synonymous with success!
46
F5 Strengths
F5 is the Application Delivery Networking Leader!
– BIG-IP dominates all the markets where it participates
– TMOS platform is revolutionary approach that no one else can
offer
– Strong partnerships with leading application vendors
• Microsoft, Oracle, SAP, etc.
– Applications are our core competence
• Most of our competitors have first begun to focus on the ADN market
within the last couple of months; they are not prepared to make the
transition (i.e. Juniper, Citrix, Cisco, etc.)
– F5 now has a market leading security solutions strategy
Summary: We own the secure application delivery
networking space, so own the SSL VPN!
47
FirePass Look-ahead Strategy
FirePass will continue to support new features and product support
for some time by supporting a separate FirePass and BIG-IP product
line
FirePass will maintain product competitiveness by adding further
product feature differentiation
FirePass will focus on functionality that can be leveraged by both
FirePass and BIG-IP SAM
First release of BIG-IP SAM will support Granular Network Access
only. Will adopt FirePass Application access proxy and other features
over time
48
Summary: FirePass Delivers
Key Features
–
–
–
–
–
–
Enterprise-class, High Availability platform
Built-in, load balanced clustering
Visual Policy Editor and 30 Minute install
Supports Windows, Mac, Linux, Solaris and other clients
Built-in Protected Workspace and end-point security
Integrates with existing enterprise infrastructure and applications
Key differentiators
–
–
–
–
Comprehensive end-point security
Powerful, easy to use management interface
Scalability, Performance and Reliability
Breadth of clients, applications and infrastructure
Competitive Advantage
– Best combination of capabilities, usability and security
– Lowest Total Cost of Ownership and Highest ROI
49