SonicWALL Clean VPN. Protect applications with granular access control based on user identity and device identity/integrity



Similar documents
10 Strategies to Optimize IT Spending in an Economic Downturn. Wong Kang Yeong, CISA, CISM, CISSP Regional Security Architect, ASEAN

Clean VPN Approach to Secure Remote Access

Protecting Network Infrastructure. Mobile Workers. Florian Malecki - SonicWALL EMEA Enterprise Product Marketing Manager

Clean VPN Approach to Secure Remote Access for the SMB

SSL-VPN 200 Getting Started Guide

Table of Contents. 1 Overview 1-1 Introduction 1-1 Product Design 1-1 Appearance 1-2

Astaro Gateway Software Applications

Network Security Solution. Arktos Lam

Securing the Small Business Network. Keeping up with the changing threat landscape

SonicWALL Corporate Design System. The SonicWALL Brand Identity

Dell SonicWALL Next Generation Firewall(Gen6) and Integrated Solution. Colin Wu / 吳 炳 東 Colin_Wu1@dell.com

SonicWALL Unified Threat Management. Alvin Mann April 2009

Unified Threat Management: The Best Defense Against Blended Threats

Chapter 9 Firewalls and Intrusion Prevention Systems

A host-based firewall can be used in addition to a network-based firewall to provide multiple layers of protection.

Next-Generation Firewalls: Critical to SMB Network Security

SonicOS 5.9 One Touch Configuration Guide

Move over, TMG! Replacing TMG with Sophos UTM

Professional Integrated SSL-VPN Appliance for Small and Medium-sized businesses

Best Practices in Deploying a Secure Wireless Network

Is Your Network Ready for VoIP?

Firewall and UTM Solutions Guide

Network Security. Protective and Dependable. 52 Network Security. UTM Content Security Gateway CS-2000

SonicWALL Aventail SSL VPNs Working Together With SonicWALL End Point Security Solutions for Granular End Point Control

Product Line Brochure

Game changing Technology für Ihre Kunden. Thomas Bürgis System Engineering Manager CEE

The Cisco ASA 5500 as a Superior Firewall Solution

Chapter 4: Networking and the Internet

Total Cost of Ownership: Benefits of Comprehensive, Real-Time Gateway Security

Building A Secure Microsoft Exchange Continuity Appliance

How NETGEAR ProSecure UTM Helps Small Businesses Meet PCI Requirements

Networking and High Availability

Applications erode the secure network How can malware be stopped?

Security+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 6 Network Security

INTRODUCTION TO FIREWALL SECURITY

Network Security. Tampere Seminar 23rd October Overview Switch Security Firewalls Conclusion

Deploying Firewalls Throughout Your Organization

Firewalls. Securing Networks. Chapter 3 Part 1 of 4 CA M S Mehta, FCA

Application Note Secure Enterprise Guest Access August 2004

Dell SonicWALL Portfolio

FIREWALL. Features SECURITY OF INFORMATION TECHNOLOGIES

SonicWALL PCI 1.1 Implementation Guide

ForeScout CounterACT. Device Host and Detection Methods. Technology Brief

Networking and High Availability

Networking for Caribbean Development

Providing Secure IT Management & Partnering Solution for Bendigo South East College

Contents. Platform Compatibility. GMS SonicWALL Global Management System 5.0

Unified Threat Management, Managed Security, and the Cloud Services Model

Secure Content Management: Protected, Productive Networks for Today s Businesses

Competitive Testing of the Cisco ISA500 Security Appliance

SonicWALL Secure Wireless Network

How To Use A Cisco Wvvvdns4400N Wireless-N Gigabit Security Router For Small Businesses

Data Sheet: Endpoint Security Symantec Network Access Control Comprehensive Endpoint Enforcement

Cisco Small Business ISA500 Series Integrated Security Appliances

Firewall Defaults, Public Server Rule, and Secondary WAN IP Address

10 Cool Things Your Firewall Should Do. A firewall that blocks threats is only the beginning

Consolidating SMB Network Security Infrastructure. Ways to Cut Costs and Complexity

Application Firewall Configuration Examples

Nominee: Barracuda Networks

Symantec Enterprise Firewalls. From the Internet Thomas Jerry Scott

Secure Remote Access Solutions Balancing security and remote access Bob Hicks, Rockwell Automation

Streamline your network security

Cisco IOS Advanced Firewall

Getting Started Guide

Ranch Networks for Hosted Data Centers

EUCIP - IT Administrator. Module 5 IT Security. Version 2.0

Release Notes. Release Purpose... 1 Platform Compatibility... 1 Upgrading Information... 1 Browser Support... 2 Known Issues... 3 Resolved Issues...

CTS2134 Introduction to Networking. Module Network Security

PRODUCT CATEGORY BROCHURE. Juniper Networks Integrated

Release Notes. SonicOS is the initial release for the Dell SonicWALL NSA 2600 network security appliance.

Fortigate Features & Demo

Network protection and UTM Buyers Guide

Lucent VPN Firewall Security in x Wireless Networks

Content Scanning for secure transactions using Radware s SecureFlow and AppXcel together with Aladdin s esafe Gateway

Application Firewall in SonicOS Enhanced 4.0

Using Ranch Networks for Internal LAN Security

PROTECTING INFORMATION SYSTEMS WITH FIREWALLS: REVISED GUIDELINES ON FIREWALL TECHNOLOGIES AND POLICIES

Security Solutions Portfolio

Cisco ASA 5500 Series Business Edition

How To Protect Your Network From Attack From A Virus And Attack From Your Network (D-Link)

Content Security Gateway Series Real-time Gateway Web Security Against Spyware and Viruses

For more information refer: UTM - FAQ: What are the basics of SSLVPN setup on Gen5 UTM appliances running SonicOS Enhanced 5.2?

SonicWALL Team Nordic Recommendations for safe Unified Threat Management (UTM) Deployments*

Using Palo Alto Networks to Protect the Datacenter

Why Switch from IPSec to SSL VPN. And Four Steps to Ease Transition

Configuring PA Firewalls for a Layer 3 Deployment

Cisco WRVS4400N Wireless-N Gigabit Security Router: Cisco Small Business Routers

Securing Networks with PIX and ASA

Getting Started Guide

State of New Mexico Statewide Architectural Configuration Requirements. Title: Network Security Standard S-STD Effective Date: April 7, 2005

CS 356 Lecture 19 and 20 Firewalls and Intrusion Prevention. Spring 2013

Deploying a Secure Wireless VoIP Solution in Healthcare

1. Built-In SPI Firewall to Protect Your Enterprise Network 2. Multi-Spam-Filtering Function Providing High Spam-Filtering Accuracy

Security Portfolio. Juniper Networks Integrated Firewall/VPN Platforms. Product Brochure. Internet SRX Fixed Telecommuter or Small Medium Office

How To Control Your Network With A Firewall On A Network With An Internet Security Policy On A Pc Or Ipad (For A Web Browser)

Introduction to Endpoint Security

Cisco IOS Firewall. Scenarios

Cyberoam Next-Generation Security. 11 de Setembro de 2015

1 Data information is sent onto the network cable using which of the following? A Communication protocol B Data packet

IREBOX X. Firebox X Family of Security Products. Comprehensive Unified Threat Management Solutions That Scale With Your Business

Transcription:

SSL-VPN Combined With Network Security Introducing A popular feature of the SonicWALL Aventail SSL VPN appliances is called End Point Control (EPC). This allows the administrator to define specific criteria or attributes which an endpoint must meet to adhere to the company security policy. EPC can check for running applications, domain membership, certificates, files, and common anti-virus, anti-spyware, and personal firewall applications. Even with these checks though, it is still possible for malicious packets to enter the corporate network over the SonicWALL Aventail SSL VPN connection. This is especially true when connections are established from untrusted endpoints like home computers or kiosks where specific security applications can not be enforced. To provide another layer of network protection, the SonicWALL Network Security Appliance (NSA) product can be deployed in conjunction with a SonicWALL Aventail SSL VPN appliance to provide SonicWALL Clean VPN solution. This protection is enabled through the NSA multi-core architecture which provides ultra high-speed Deep Packet Inspection, Intrusion Prevention Service (IPS), Gateway Anti-Virus, Gateway Anti-Spyware, Content Filtering, and Application Firewall capabilities. The NSA ensures that all VPN traffic is scanned in real-time and decontaminated before it is placed on the internal network. The combination of SonicWALL Aventail SSL VPN and SonicWALL NSA products provides organizations with a single solution for defense-in-depth security. The Clean VPN configuration allows organizations to establish trust for users, devices, and traffic before allowing a connection to any sensitive information on the network. The addition of SonicWALL Global Management System (GMS) means administrators can configure and manage their Secure Remote Access solution and their Network Security solution all from a single management interface. SonicWALL Network Security combined with SonicWALL Aventail Secure Remote Access provides a defense-in-depth combination of high performance real time network security with granular application and end point remote access control Remote Access Traveling at a Kiosk Detect Protect Protect Connect Connect Detect the identity and integrity of the end point device via end point interrogation Detect malicious threats, viruses, worms and spyware via inline threat prevention at the gateway Day Extender Using a Wireless Hotspot PDA User Protect applications with granular access control based on user identity and device identity/integrity Protect the network with high speed unified threat management protection and prevention SonicWALL Aventail Secure Remote Access SonicWALL NSA Network Security Protected Clean Traffic Connect users securely and easily to any applications from any access point/device Connect users seamlessly to the network with high performance real time inspection Corporate Data Center Directories LDAP LDAP AD RADIUS Applications Web Apps Client/Server Apps File Shares Databases VoIP Extranet Access Internal Access Customer/Supplier Behind a Firewall 6 Business Partner from any Browser All Rights Reserved Wireless LAN Access Internal Users

NSA Overview The SonicWALL Network Security Appliance (NSA) is an industry first: a multi-core Unified Threat Management (UTM) appliance that delivers enterprise-class deep packet inspection without significantly impacting network throughput. Combining a powerful deep packet inspection firewall, with multiple layers of protection technology and a suite of high-availability features, the NSA is the ultimate choice for a variety of enterprise deployments including distributed environments, campus networks and data centers. Key Features: Multi-core Performance Architecture At the heart of the NSA is the SonicWALL multi-core performance architecture designed to provide breakthrough deep packet inspection and granular network intelligence without impacting network throughput. The SonicWALL NSA can effectively deliver ultra high-speed performance through the combined use of up to sixteen specialized security processing cores. Using the processing power of multiple cores in unison dramatically increases throughput and simultaneous inspection capabilities while lowering overhead impact. Highly Redundant Security and Connectivity Platform - The NSA delivers a highly redundant security and connectivity platform purpose-built for high-speed internal and external network protection, virtual private network (VPN) implementations, and deployment flexibility. SonicWALL NSA integrates real-time gateway antivirus, anti-spyware, and intrusion prevention to secure the network against a comprehensive array of dynamic threats including viruses, spyware, worms, Trojans, phishing attacks and software vulnerabilities. With built-in secure wireless switch functionality, dual power supplies and fans, the NSA is an ideal solution for a host of wired and wireless applications requiring high-speed access, highly redundant operation and heavy workgroup segmentation. 24x7 Dynamic Protection - The NSA integrates dynamic threat protection, content filtering and application control to maximize security and decrease cost. These services are continually updated on a 24x7 basis to provide the latest in protection and control, improving overall network reliability and increasing IT productivity while eliminating the requirement of ad-hoc patch management for servers and workstations. Deep Packet Inspection Signature Service - Comprehensive signature database. Peer-to peer and instant messaging control and signature updates through Distributed Enforcement Architecture. Content Filtering Service - HTTP URL, HTTPS IP, keyword and content scanning, ActiveX, Java Applet, and Cookie blocking Gateway-enforced Client Anti-Virus and Anti-Spyware - HTTP/S, SMTP, POP3, IMAP and FTP, Enforced Client Anti-Virus Configuration Scenario 1: Firewall & Unified Threat Management (UTM) The SonicWALL NSA can be placed in front of a SonicWALL Aventail appliance to provide both firewall and UTM capabilities. Utilizing the security zone capabilities of the NSA (which is a logical method of grouping one or more firewall interfaces), all VPN traffic from the SonicWALL Aventail appliance to the internal network can be scanned. In this configuration, network traffic from the Internet passes through the NSA firewall to the external interface of the SonicWALL Aventail appliance. If permitted by the Aventail access control rules, traffic is then proxied to the internal interface of the SonicWALL Aventail appliance back into the NSA where the traffic is then scanned for malicious content before being passed to the internal network, as depicted below: 2

Internet Note: this same configuration can also be used for a single-homed SonicWALL Aventail appliance Application Firewall In addition to the UTM capabilities, another important NSA security feature for SonicWALL Aventail deployments is the Application Firewall. Application Firewall is a set of application-specific policies that gives granular control over network traffic on the level of users, email users, schedules, and IP-subnets. Application Firewall advantages: Provides application access control and bandwidth management Regulates web traffic, email, email attachments and file transfers Allows scanning of files and documents for keywords and specified content Flexible configuration to allow creation of custom IDS/IPS signatures Application Firewall s digital rights management component provides the ability to scan files and documents for content and keywords. Using application firewall, you can restrict transfer of certain file names, file types, email attachments, attachment types, email with certain subjects, and email or attachments with certain keywords or byte patterns. You can deny internal or external network access based on various criteria. Based on SonicWALL Deep Packet Inspection technology, Application Firewall also features intelligent prevention functionality which allows you to create custom, policy-based actions. Examples of custom actions include: Disabling an attachment Sending a custom block page Sending a custom email reply Redirecting an HTTP request Sending a custom FTP reply over an FTP control channel Bandwidth throttling for file types when using the HTTP or FTP protocols Examples of Application Firewall usage: Provide bandwidth management of BitTorrent applications Restrict user access of internet radio and video streaming sites like www.youtube.com Restrict outgoing confidential data using watermarks Restrict email send/receive for temps and contractors Manage bandwidth or block file downloads and uploads and much more.. 3

Configuration Scenario 2: Unified Threat Management (UTM) SonicWALL NSA appliances can also be placed behind a SonicWALL Aventail appliance to provide only Unified Threat Management (UTM) capabilities. In this configuration, traffic from the internal interface of the SonicWALL Aventail appliance passes through the NSA before being placed on the internal network as depicted below: Internet SonicWall NSA-7500 SonicWall Aventail EX-2500 Clean VPN traffic Internal Network External Interface Internal Interface Layer 2 Bridge Mode The SonicWALL NSA firmware has a feature called L2 (Layer 2) Bridge Mode which makes it very simple to deploy the NSA behind a SonicWALL Aventail appliance to implement a Clean VPN. L2 (Layer 2) Bridge Mode enables a SonicWALL NSA to share a common subnet across two interfaces, and to perform stateful and deep-packet inspection on all traversing IP traffic. It employs a secure learning bridge architecture, enabling it to pass and inspect traffic types that cannot be handled by many other methods of transparent security appliance integration. Using L2 Bridge Mode, a SonicWALL NSA can be nondisruptively added to any Ethernet network to provide in-line deep-packet inspection for all traversing IPv4 TCP and UDP traffic. Unlike other transparent solutions, L2 Bridge Mode can pass all traffic types, including IEEE 802.1Q VLANs, Spanning Tree Protocol, multicast, broadcast, and IPv6, ensuring that all network communications will continue uninterrupted. 4

L2 Bridge Mode provides an ideal solution for networks that already have an existing firewall, and do not have immediate plans to replace their existing firewall but wish to add the security of SonicWALL Unified Threat Management (UTM) deep-packet inspection, such as Intrusion Prevention Services, Gateway Anti Virus, and Gateway Anti Spyware. 5

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information