SonicWALL SSL-VPN Series

Easy Secure Remote Access

Cafferata Cristiano

SE Italia

CONFIDENTIAL All Rights Reserved2

Remote access today

Most organizations use IPSec VPN clients for remote access

However, IPSec has the following technical limitations IPSec needs a "fat" software client pre-installed and

preconfigured on the remote device Some IPSec remote user may experience difficulty getting

through the firewall protecting the remote network

Resulting use case limitations IPSec is great when you tightly control the end-point

computers but limited in other cases (e.g. home computer) End-user support burden on the IT administrator

CONFIDENTIAL All Rights Reserved3

What is SSL VPN Remote Access?

Anytime anywhere access to network resources

All you need is a Web browser

Like IPSec but easier because no need for pre-installed client

Secure connection through SSL encryption

CONFIDENTIAL All Rights Reserved4

The Need for Easy Secure Remote Access

Over 80% of SMBs use some form of VPN, but the vast majority use IPSec Over 85% of those who use VPN use IPSec VPN Only 18% claim to be using SSL VPN

~80% of both small and medium network customers have heard of SSL VPN but half of them don’t know exactly what it is

However, when explained the benefits of SSL VPN almost ~50% (!) of both small and medium sized business said they were interested in an SSL VPN appliance

Source: SonicWALL end-customer survey (~1000 respondents)

CONFIDENTIAL All Rights Reserved5

Introducing . . .

SonicWALL SSL-VPN 200 and SSL-VPN 2000

Dedicated SSL-VPN Appliances

Affordable, simple, secure remote access Compatible with any firewall appliance

Authentication provided by SSL-VPN appliance Internal data base, Radius, LDAP or Active Directory

When used with SonicWALL appliance You get all the benefits of activated UTM services

CONFIDENTIAL All Rights Reserved6

IPSec Versus SSL VPN: TechnicalCharacteristic SSL VPN IPSec VPN

Transport Protocol SSL IPSec

Remote Access versus Site-to-Site

Lowest cost support for Remote Access usages

Remote Access and Site-to-Site

Access Control Highly granular limiting risk of unauthorized access

Limited: network and service level only

Proxy or Protocol Conversion

Required for “webified” view of applications; SSL-VPN 200/2000 also operates at network layer giving IPSec VPN like experience

No (operates at network layer)

Type of Client Requires only a browser as a client for web view or seamless “thin” client for network access

Requires a pre-installed “fat client”

CONFIDENTIAL All Rights Reserved7

SonicWALL SSL-VPN Series: Customer Value Proposition

Secure and easy-to-use remote access

Easy deployment, configuration and ongoing management

Powerful underlying security foundation

Low total cost of ownership

CONFIDENTIAL All Rights Reserved8

SonicWALL SSL-VPN 200 and 2000Customer Needs & Key Product Features

Customer need

Secure and easy-to-use remote access

Easy deployment, configuration and ongoing management

SonicWALL SSL-VPN Feature

Access to e-mail, files and applications on the corporate LAN

Personalized portal experience

No NAT traversal issues

No need for a pre-installed “fat” client

Granular policy configuration

Intuitive Web management interface

Granular logging capabilities

CONFIDENTIAL All Rights Reserved9

SonicWALL SSL-VPN 200 and 2000Customer Needs & Key Product Features

Customer need

Powerful underlying security foundation

Low total cost of ownership

SonicWALL SSL-VPN Feature Transparent end-user authentication

(local database, LDAP, RADIUS, AD, Windows NT Domain)

SSL encryption (DES, 3DES, ARC4) Cryptographic hardware acceleration Endpoint cache cleaner UTM protection when deployed alongside

a SonicWALL PRO or TZ appliance

No restriction on number of concurrent user tunnels

No need for a pre-installed “fat” client reduces administrative burden

CONFIDENTIAL All Rights Reserved10

What Resources can End-users Access and How? Using only a standard Web browser

Files and file systems (Includes support for FTP and Windows Network File Sharing) Web-based applications Microsoft Outlook Web Access and other Web-enabled applications HTTP and HTTPS intranets

Using SonicWALL NetExtender (ActiveX client*) Any TCP/IP based application including:

E-mail access through native clients residing on the user’s laptop (Microsoft Outlook, Lotus Notes, etc.)

Commercial and home-grown applications Flexible network access as granted by the network administrator

Using a downloadable* ActiveX or Java client Applications installed on desktop machines or hosted on an application server Full remote control of remote desktop or server machines Terminal Services, VNC, Telnet and SSH

* Transparently downloaded through the end-user Web browser

CONFIDENTIAL All Rights Reserved11

SSL-VPN 200 and 2000: Performance and Target Customer Profile

SSL-VPN 200Recommended for organizations with 50 employees or lessRecommended Maximum Concurrent Users:

Assuming all heavy users* 10/15

Assuming most common usage scenarios 25/35

SSL-VPN 2000Recommended for organizations with 1000 employees or lessRecommended Maximum Concurrent Users:

Assuming all heavy users* 50/75

Assuming most common usage scenarios 100/150

* Requiring for example continuously downloading of files

No restrictions on the number of users connecting in concurrently!

CONFIDENTIAL All Rights Reserved12

Product Differentiation

Affordability: Both affordable for and widely available to small and medium sized businesses No restriction on number of concurrent users connecting into the SSL-VPN appliance

Most solutions today are licensed based on the number of supported concurrent users

Ease-of-use: For the administrator:

Very easy to install Secure easy-to-use Web management interface Granular policy configuration provides complete control over who can access what network

resources

For the end-user: Personalized portal experience: the user only sees those resources that are allowed based on

company policy Secure remote access from any standard Web browser No configuration required by the end-user

Enhanced Security when integrated with SonicWALL TZ or PRO

CONFIDENTIAL All Rights Reserved13

Deployment Scenarios

SSL VPN Traffic

Other Traffic

SSL VPN Traffic

Other Traffic

SSL VPN Traffic

SonicWALL environmentNon-SonicWALL environment

SSL VPN Traffic

With NetExtender enhanced endpoint security: all client

traffic can be forced through the SSL tunnel

Limited by scanning capabilities of

third party firewall

Scanned for Gateway Anti-virus, IPS,

Anti-Spyware, Content Filtering

CONFIDENTIAL All Rights Reserved14

Value Proposition to Our Channel Partners

First affordable SSL VPN remote access solution for SMB!

New revenue opportunity Upsell small and medium sized network customers who

already own a firewall (SonicWALL or non-SonicWALL) Increase deal size when selling a gateway security appliance

(SonicWALL or non-SonicWALL)

Reduce burden to support remote access customers Less administrative burden than IPSec VPN

CONFIDENTIAL All Rights Reserved15

But I Already Sell SSL VPN Appliances from Another Vendor!

Add SSL-VPN 200 and 2000 to your portfolio

Very Large

(5000+)

Large

(1000 to 5000)

Medium

(250 to 1000)

Small

(50 to 250)

Very Small

(under 50)

Cus

tom

er S

ize

Market Size

SonicWALL SSL-VPN 200

SonicWALLSSL-VPN 2000

Array, Juniper, F5,

Netilla, Aventail

Thank you

ccafferata@sonicwall.com

333.2735518