sonicwall ssl-vpn series easy secure remote access cafferata cristiano se italia
TRANSCRIPT
SonicWALL SSL-VPN Series
Easy Secure Remote Access
Cafferata Cristiano
SE Italia
CONFIDENTIAL All Rights Reserved2
Remote access today
Most organizations use IPSec VPN clients for remote access
However, IPSec has the following technical limitations IPSec needs a "fat" software client pre-installed and
preconfigured on the remote device Some IPSec remote user may experience difficulty getting
through the firewall protecting the remote network
Resulting use case limitations IPSec is great when you tightly control the end-point
computers but limited in other cases (e.g. home computer) End-user support burden on the IT administrator
CONFIDENTIAL All Rights Reserved3
What is SSL VPN Remote Access?
Anytime anywhere access to network resources
All you need is a Web browser
Like IPSec but easier because no need for pre-installed client
Secure connection through SSL encryption
CONFIDENTIAL All Rights Reserved4
The Need for Easy Secure Remote Access
Over 80% of SMBs use some form of VPN, but the vast majority use IPSec Over 85% of those who use VPN use IPSec VPN Only 18% claim to be using SSL VPN
~80% of both small and medium network customers have heard of SSL VPN but half of them don’t know exactly what it is
However, when explained the benefits of SSL VPN almost ~50% (!) of both small and medium sized business said they were interested in an SSL VPN appliance
Source: SonicWALL end-customer survey (~1000 respondents)
CONFIDENTIAL All Rights Reserved5
Introducing . . .
SonicWALL SSL-VPN 200 and SSL-VPN 2000
Dedicated SSL-VPN Appliances
Affordable, simple, secure remote access Compatible with any firewall appliance
Authentication provided by SSL-VPN appliance Internal data base, Radius, LDAP or Active Directory
When used with SonicWALL appliance You get all the benefits of activated UTM services
CONFIDENTIAL All Rights Reserved6
IPSec Versus SSL VPN: TechnicalCharacteristic SSL VPN IPSec VPN
Transport Protocol SSL IPSec
Remote Access versus Site-to-Site
Lowest cost support for Remote Access usages
Remote Access and Site-to-Site
Access Control Highly granular limiting risk of unauthorized access
Limited: network and service level only
Proxy or Protocol Conversion
Required for “webified” view of applications; SSL-VPN 200/2000 also operates at network layer giving IPSec VPN like experience
No (operates at network layer)
Type of Client Requires only a browser as a client for web view or seamless “thin” client for network access
Requires a pre-installed “fat client”
CONFIDENTIAL All Rights Reserved7
SonicWALL SSL-VPN Series: Customer Value Proposition
Secure and easy-to-use remote access
Easy deployment, configuration and ongoing management
Powerful underlying security foundation
Low total cost of ownership
CONFIDENTIAL All Rights Reserved8
SonicWALL SSL-VPN 200 and 2000Customer Needs & Key Product Features
Customer need
Secure and easy-to-use remote access
Easy deployment, configuration and ongoing management
SonicWALL SSL-VPN Feature
Access to e-mail, files and applications on the corporate LAN
Personalized portal experience
No NAT traversal issues
No need for a pre-installed “fat” client
Granular policy configuration
Intuitive Web management interface
Granular logging capabilities
CONFIDENTIAL All Rights Reserved9
SonicWALL SSL-VPN 200 and 2000Customer Needs & Key Product Features
Customer need
Powerful underlying security foundation
Low total cost of ownership
SonicWALL SSL-VPN Feature Transparent end-user authentication
(local database, LDAP, RADIUS, AD, Windows NT Domain)
SSL encryption (DES, 3DES, ARC4) Cryptographic hardware acceleration Endpoint cache cleaner UTM protection when deployed alongside
a SonicWALL PRO or TZ appliance
No restriction on number of concurrent user tunnels
No need for a pre-installed “fat” client reduces administrative burden
CONFIDENTIAL All Rights Reserved10
What Resources can End-users Access and How? Using only a standard Web browser
Files and file systems (Includes support for FTP and Windows Network File Sharing) Web-based applications Microsoft Outlook Web Access and other Web-enabled applications HTTP and HTTPS intranets
Using SonicWALL NetExtender (ActiveX client*) Any TCP/IP based application including:
E-mail access through native clients residing on the user’s laptop (Microsoft Outlook, Lotus Notes, etc.)
Commercial and home-grown applications Flexible network access as granted by the network administrator
Using a downloadable* ActiveX or Java client Applications installed on desktop machines or hosted on an application server Full remote control of remote desktop or server machines Terminal Services, VNC, Telnet and SSH
* Transparently downloaded through the end-user Web browser
CONFIDENTIAL All Rights Reserved11
SSL-VPN 200 and 2000: Performance and Target Customer Profile
SSL-VPN 200Recommended for organizations with 50 employees or lessRecommended Maximum Concurrent Users:
Assuming all heavy users* 10/15
Assuming most common usage scenarios 25/35
SSL-VPN 2000Recommended for organizations with 1000 employees or lessRecommended Maximum Concurrent Users:
Assuming all heavy users* 50/75
Assuming most common usage scenarios 100/150
* Requiring for example continuously downloading of files
No restrictions on the number of users connecting in concurrently!
CONFIDENTIAL All Rights Reserved12
Product Differentiation
Affordability: Both affordable for and widely available to small and medium sized businesses No restriction on number of concurrent users connecting into the SSL-VPN appliance
Most solutions today are licensed based on the number of supported concurrent users
Ease-of-use: For the administrator:
Very easy to install Secure easy-to-use Web management interface Granular policy configuration provides complete control over who can access what network
resources
For the end-user: Personalized portal experience: the user only sees those resources that are allowed based on
company policy Secure remote access from any standard Web browser No configuration required by the end-user
Enhanced Security when integrated with SonicWALL TZ or PRO
CONFIDENTIAL All Rights Reserved13
Deployment Scenarios
SSL VPN Traffic
Other Traffic
SSL VPN Traffic
Other Traffic
SSL VPN Traffic
SonicWALL environmentNon-SonicWALL environment
SSL VPN Traffic
With NetExtender enhanced endpoint security: all client
traffic can be forced through the SSL tunnel
Limited by scanning capabilities of
third party firewall
Scanned for Gateway Anti-virus, IPS,
Anti-Spyware, Content Filtering
CONFIDENTIAL All Rights Reserved14
Value Proposition to Our Channel Partners
First affordable SSL VPN remote access solution for SMB!
New revenue opportunity Upsell small and medium sized network customers who
already own a firewall (SonicWALL or non-SonicWALL) Increase deal size when selling a gateway security appliance
(SonicWALL or non-SonicWALL)
Reduce burden to support remote access customers Less administrative burden than IPSec VPN
CONFIDENTIAL All Rights Reserved15
But I Already Sell SSL VPN Appliances from Another Vendor!
Add SSL-VPN 200 and 2000 to your portfolio
Very Large
(5000+)
Large
(1000 to 5000)
Medium
(250 to 1000)
Small
(50 to 250)
Very Small
(under 50)
Cus
tom
er S
ize
Market Size
SonicWALL SSL-VPN 200
SonicWALLSSL-VPN 2000
Array, Juniper, F5,
Netilla, Aventail