Presentation is loading. Please wait.

Presentation is loading. Please wait.

StoneGate SSL VPN 1.2 Technical Overview

Published byJoella Short Modified over 9 years ago

Similar presentations

Presentation on theme: "StoneGate SSL VPN 1.2 Technical Overview"— Presentation transcript:

1 StoneGate SSL VPN 1.2 Technical Overview
April 23, 2017

2 Contents Introduction The Six A’s Administration
New features, technology overview and StoneGate SSL VPN appliances The Six A’s Assessment, authentication, authorization, access, auditing and abolishment Administration Administration and GUI overview

3 Contents Introduction The Six A’s Administration
New features in version 1.2 Technology overview High availability StoneGate SSL VPN appliances

4 New features since version 1.1
SMC integration Logs and monitoring integration Server Pool Monitoring Agent Support for load balancing using mirrored pairs and StoneGate firewall Sginfo SSL VPN gateway includes the sginfo command to collect diagnostics information for support

5 Integration with StoneGate Management Center
SSL VPN gateways can be centrally monitored and controlled with StoneGate Management Center Logs can be browsed and managed with Log Browser and log data management tools

6 Technology Overview TCP/443 Client Server Remote access solution independent from client and location Traffic tunneled through SSL/TLS using a single port (TCP/443) Technology based on PortWise SSL VPN 500+ customers and over 8 million users worldwide

7 High Availability StoneGate SSL VPN 1.2 offers high availability
Two nodes can be joined together as primary and secondary After the initial setup all configurations are done through the primary node If one node fails, user sessions continue using the other Requires an external load balancer, such as StoneGate Firewall’s server pool feature. SSL VPN gateway includes the server pool monitoring agent. External load balancer is needed always in HA configuration.

8 StoneGate SSL VPN Appliances
Stand-alone SSL VPN appliances Operating system hardened for SSL VPN use No additional security patches needed Remotely upgradeable HA pair configuration possibility Centralized logging and monitoring with StoneGate SMC SSL-6000 for thousands of users SSL-2000 For hundreds of users

9 The Six A’s Introduction The Six A’s Administration Assessment
Authentication Authorization Access Auditing Abolishment

10 1. Assessment Inspection of user device (e.g. Windows) before it connects to the corporate network Check for firewall Real-time scans for continuous integrity checking Access client security Only approved applications can be used for VPN connections Protects from incoming (non-VPN) connections Assessment checks can be based on Existence of named files, registry entries File checksums Inspection of user device (e.g. Windows laptop) before it connects to the corporate network Firewall and anti-virus software Operating system and patches Spyware checking Device type Network configuration Access client security: Prevents device to be used as a stepping-stone into the corporate network

11 2. Authentication Integrates with external directory services (e.g., Microsoft Active Directory) 15 different authentication methods Authentication method can be chosen for each resource separately Single sign-on for transparent authentication to multiple systems Support for identity federation User authentication across multiple IT systems or even organizations Based on SAML 2.0 standard Supports Microsoft ADFS Supported directory services Internal LDAP included Microsoft Active Directory 2000 Microsoft Active Directory 2003 Novell eDirectory Server 8.7 OpenLDAP 2.3 Sun Java System Directory Server 5.2 Federated identity (source: wikipedia): For example, a traveler could be a flight passenger as well as a hotel guest. If the airline and the hotel use a federated identity management system, this means that they have a contracted mutual trust in each other's authentication of the user. The traveler could identify themselves once as a customer for booking the flight and this identity can be carried over to be used for the reservation of a hotel room.

12 Examples of integrated authentication methods
Mobile Text One-time password (OTP) distributed via SMS Web Java applet or ActiveX component is launched prompting the password Password is hashed and encrypted before it is returned Challenge Response is generated with Mobile ID software using PIN OTP: Seed + PIN + Challenge Synchronized OTP synchronized between the client and server Password Static password authentication All integrated authentication methods are based on RADIUS protocol

13 Additional Authentication Methods
SafeWorld SecurID LDAP Active Directory User Certificate NTLM & NTLM v2 Basic General RADIUS Extended User Bind Form Based Authentication Windows Integrated Login BankID BankID Signer

14 3. Authorization Accessible resources defined with granular access rules IP address of incoming client Client device Authentication method(s) Date and time restrictions User group memberships Resources are typically applications Web-enabled applications Files accessible from the Web Client-server applications accessed through tunnels

15 4. Access SSL VPN gateway proxies all the traffic between clients and servers Clientless SSL VPN for Web resources Full TCP and UDP tunneling using automatically downloaded (Java or ActiveX) access client Static tunnels (localhost:port is forwarded to a destination through SSL tunnel) Dynamic tunnels (<real destination>:port is forwarded through SSL tunnel to a destination) Dynamic tunnels with native Windows client only Preconfigured tunnels for common applications, such as Windows file shares

16 Supported Access Client Platforms
Microsoft Windows XP Home, XP Pro, 2003 Server, Vista Enterprise, Vista Business, Home, Premium Sun Java Runtime Environment or later ActiveX client Apple Mac OS X and 10.4 (Tiger) Safari (Mac OS X ) Safari (Mac OS X ) Mozilla Firefox 2.0 Red Hat Enterprise Linux 5.0 SUSE Linux Enterprise Server 10 - Access client is a Java applet that requires specified Java Runtime Environment (JRE) - Previous Access Client versions must be updated to use 1.1 version -> admin rights needed. - On Vista Access Client requires administrator rights

17 5. Auditing Consolidated and comprehensive audit
SOX, Gramm-Leach-Bliley, HIPAA, Basel II, and 21 CFR Part 11 Permanent, central and time-consistent trail of all identity and access activities across the enterprise Gathers deep device assessment, authentication, authorization and access information in one place Real-time and historical reporting Extensive VPN, authentication, policy, EPI, EPP, system and performance reports Report export to Excel and Crystal Reports

18 6. Abolishment Session clean-up removes ALL traces of access from the end-point on completion of the session Cookies URL history Cached pages Registry entries Downloaded components Available on Windows Available on Windows only.

19 Administration Introduction The Six A’s Administration
Administration overview Initial system and network configuration SSL VPN configuration Application portal

20 Administration Overview
Web-based configuration for all the administrating tasks Dedicated Ethernet console with fixed IP address ( ) Delegated management Real-time alerts and SMS notification channels

21 Initial System and Network Configuration
Web interface for OS level configuration Remote upgrades Services (including SSH for remote shell) Network interfaces Routes DNS System time HTTPS port 10000 Port eth0 has fixed IP address Point your web browser to

22 SSL VPN Configuration Wizard-driven for all SSL VPN configuration
HTTPS port 8443

23 Application Portal Fully customizable Web portal for
Web resources Tunnel sets External sites Multi-domain support Different portals with single SSL VPN gateway

24 www.stonesoft.com stonesoft@stonesoft.com

Download ppt "StoneGate SSL VPN 1.2 Technical Overview"

Similar presentations

Enabling Secure Internet Access with ISA Server

Enabling Secure Internet Access with ISA Server
Heroix Longitude - multiplatform, automated application performance monitoring and management software.

Heroix Longitude - multiplatform, automated application performance monitoring and management software.
Stonesoft Roadmap WHAT FEATURES WILL COME IN 2013-2014.

Stonesoft Roadmap WHAT FEATURES WILL COME IN
Security that is... Ergonomic, Economical and Efficient! In every way! Stonesoft SSL VPN SSL VPN.

Security that is... Ergonomic, Economical and Efficient! In every way! Stonesoft SSL VPN SSL VPN.
Mike Bayne 15 September 2011

Mike Bayne 15 September 2011
Nada Abdulla Ahmed.  SmoothWall Express is an open source firewall distribution based on the GNU/Linux operating system. Designed for ease of use, SmoothWall.

Nada Abdulla Ahmed.  SmoothWall Express is an open source firewall distribution based on the GNU/Linux operating system. Designed for ease of use, SmoothWall.
1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.

1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.
Securing Remote Network Access FirePass ®. Business Case VirginiaCORIS is an initiative to modernize the way that offender information is managed, to.

Securing Remote Network Access FirePass ®. Business Case VirginiaCORIS is an initiative to modernize the way that offender information is managed, to.
A Technical Overview of Microsoft Forefront Client Security (FCS) Howard Chow Microsoft MVP.

A Technical Overview of Microsoft Forefront Client Security (FCS) Howard Chow Microsoft MVP.
Citrix Access Gateway Enterprise Edition Technical Overview Seceidos GmbH&Co. KG Robert Hochrein

Citrix Access Gateway Enterprise Edition Technical Overview Seceidos GmbH&Co. KG Robert Hochrein
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Introduction to ISA 2004 Dana Epp Microsoft Security MVP.

Introduction to ISA 2004 Dana Epp Microsoft Security MVP.
Red Hat Linux Network. Red Hat Network Red Hat Network is the environment for system- level support and management of Red Hat Linux networks. Red Hat.

Red Hat Linux Network. Red Hat Network Red Hat Network is the environment for system- level support and management of Red Hat Linux networks. Red Hat.
1 SharePoint Momentum 17K+ Customers, 100M Licenses Leader in Gartner ® Magic Quadrants, Forrester Wave TM Continued Platform and Application Innovation.

1 SharePoint Momentum 17K+ Customers, 100M Licenses Leader in Gartner ® Magic Quadrants, Forrester Wave TM Continued Platform and Application Innovation.
How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.

How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 10: Server Administration.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 10: Server Administration.
M2M Gateway Features Jari Lahti, CTO www.violasystems.com.

M2M Gateway Features Jari Lahti, CTO
Barracuda Web Filter Overview March 26, 2008 Alan Pearson, Monroe County School District Marcus Burge, Network Engineer.

Barracuda Web Filter Overview March 26, 2008 Alan Pearson, Monroe County School District Marcus Burge, Network Engineer.
Server 2008 Terminal Services and Remote Desktop Services Basic application access is possible without Citrix, and Server 2008 R2 adds on some key features.

Server 2008 Terminal Services and Remote Desktop Services Basic application access is possible without Citrix, and Server 2008 R2 adds on some key features.
Installing Windows XP Professional Using Attended Installation Slide 1 of 41Session 2 Ver. 1.0 CompTIA A+ Certification: A Comprehensive Approach for all.

Installing Windows XP Professional Using Attended Installation Slide 1 of 41Session 2 Ver. 1.0 CompTIA A+ Certification: A Comprehensive Approach for all.

Similar presentations

Ads by Google