SonicWall Secure Remote Access Series - SonicGuard

Transcription

Secure Remote Access SeriesEnable mobile and remote worker productivity while protecting from threatsThe proliferation of mobile devices inthe workplace has increased thedemand for secure access to missioncritical applications, data and resources.Granting that access offers importantproductivity benefits to the organization,but introduces significant risks as well.For example, an unauthorized personmight access company resources using alost or stolen device; an employee’s mobiledevice might act as a conduit to infect thenetwork with malware; or corporate datamight be intercepted over third-partywireless networks. Also, loss of businessdata stored on devices can occur if roguepersonal apps or unauthorized users gainaccess to that data.Securing these devices is becomingincreasingly difficult, as organizationsmay no longer influence device selectionor control device management.Organizations must implement solutionsthat safeguard access to ensure onlyauthorized users and devices that meetsecurity policy are granted networkaccess and that company data in-flightand at rest on the device are secure.Unfortunately, this often involvescomplex multi-box solutions frommultiple vendors and adds significantlyto the total cost of ownership behindproviding mobile access. Organizationsare looking for easy-to-use, costeffective and secure mobile accesssolutions that address the needs of theirincreasingly mobile workforces.The Dell SonicWALL Secure RemoteAccess (SRA) Series provides mobile andremote workers using smartphones,tablets or laptops —whether managed orunmanaged BYOD —with fast, easy,policy-enforced access to missioncritical applications, data and resourceswithout compromising security.For mobile devices, the solution includesthe intuitive SonicWALL Mobile Connect application that provides iOS, Android,Kindle Fire, Windows, and Mac OSXdevices secure access to allowednetwork resources, including sharedfolders, client-server applications,intranet sites and email.Users and IT administrators candownload the SonicWALL MobileConnect application via the Apple AppStore, Google Play and the Kindle store.New with Windows 8.1, Windows tabletsand laptops ship pre-installed with theMobile Connect application. For PCs andlaptops, including Windows , Mac OSand Linux computers, the solutionsupports clientless, secure browseraccess and thin-client VPN access.To protect from rogue access andmalware, the SRA Series applianceconnects only authorized users andtrusted devices to permitted resources.When integrated with a Dell SonicWALLnext-generation firewall as a CleanVPN , the combined solution deliverscentralized access control, malwareprotection, application control andcontent filtering. The multi-layeredprotection of Dell SonicWALL CleanVPN decrypts and decontaminates allauthorized SSL VPN traffic before itenters the network environment.Benefits: Cross-platform support for increasedmobile worker productivity Single access gateway to all networkresources; mobile app, clientless orweb-delivered clients work to lowerIT overhead and TCO Common user experience across alloperating systems facilitates ease ofuse from any endpoint Mobile Connect app for iOS, Android,Windows 8.1 and Mac OSX offersmobile device ease of use Context aware authenticationensures only authorized users andtrusted mobile devices are grantedaccess One-click Secure Intranet FileBrowse and On-Device DataProtection Adaptive addressing and routingdeploys appropriate access methodsand security levels Setup wizard makes deployment easy Efficient object-based policymanagement of all users, groups,resources and devices Web application firewall enables PCIcompliance

FeaturesCross-platform support—SRA can bedeployed across a wide range ofenvironments and devices, includingsmartphones, tablets, laptops, desktopsand kiosks for both managed andunmanaged devices. Dell SonicWALLSRA makes your users more productiveby providing easy access to email, files,applications and more from populardevices including iOS and Androidsmartphones and tablets; Windows 8.1tablets and laptops; and Mac OS ,Windows and Linux computers.Single access gateway; mobile app,clientless or web-delivered clients—SRA lowers IT costs by enabling networkmanagers to easily deploy and manage asingle secure access gateway thatextends remote access via SSL VPN forboth internal and external users to allnetwork resources —including webbased, client/server, host-based andback-connect applications like VoIP.SRAs are either clientless with browseraccess to the customizable SRAWorkplace portable or use mobile appsor lightweight web-delivered clients,reducing management overhead andsupport calls. Administrators have evengreater control over portal access,content and design with the DellSonicWALL WorkPlace Portal.2Common user experience across alloperating systems—SRA technologyprovides transparent access to networkresources from any network environmentor device. An SRA provides a singlegateway for smartphone, tablet, laptopand desktop access and a common userexperience across all operating systems— including Windows, Mac OS, iOS,Android, Kindle and Linux — frommanaged or unmanaged devices.SonicWALL Mobile Connect app—SonicWALL Mobile Connect app foriOS, Mac OSX, Android, Kindle andWindows 8.1 mobile devices providesusers with easy, network-level access tocorporate and academic resources overencrypted SSL VPN connections. MobileConnect is easily downloadable from theApple App StoreSM ,Google Play or Kindlestores and embedded with Windows 8.1devices.Context awareness—Access to thecorporate network is granted only afterthe user has been authenticated andmobile device integrity has been verified.Protects data at rest on mobiledevices—Authenticated users cansecurely browse and view allowedintranet file shares and files from withinthe Mobile Connect app. Administratorscan establish and enforce mobileapplication management policy.Adaptive addressing and routing—Adaptive addressing and routingdynamically adapts to networks,eliminating addressing and routingconflicts common with other solutions.Dell SonicWALL setup wizard—All SRAsare easy to set up and deploy in justminutes. The set-up wizard providesan easy, intuitive “out-of-the-box”experience with rapid installation anddeployment.Unified Policy—Dell SonicWALL SRAUnified Policy offers easy, object-basedpolicy management of all users, groups,resources and devices while enforcinggranular control based on both userauthentication and endpointinterrogation.

Dell SonicWALL SRA Series for SMB– anytime, anywhere accessSimple, secure mobile access toresourcesThe SRA Series for SMB can be used toprovide Windows, Mac OS, iOS, Linux,Android and Kindle users with access toa broad range of resources.Granular access to authorized usersThe SRA Series for SMB extends securemobile and remote access beyondmanaged employees to unmanagedmobile and remote employees, partners,and customers by employing policyenforced fine-grained access controls.Employee oncorporate laptopin hotelEmployee onsmartphone/tabletEmployee atkioskAuthorizedpartnerFiles andapplicationsAuthorizedcustomerNot controlledand managed byIT departmentTightly controlledand managed byIT departmentCorporate LAN3Employee onhome computerDell SonicWALL SRAat corporate networkIntranetUserdesktopOther serversandapplicatonsCitrix PresentationServers (ICA) and Microsoft TerminalServersOtherdesktops

Context-aware authenticationBest-in-class, context-awareauthentication grants access only totrusted devices and authorized users.Mobile devices are interrogated foressential security information such asjailbreak or root status, device ID,certificate status and OS versions priorto granting access. Laptops and PCs arealso interrogated for the presence orabsence of security software, clientcertificates, and device ID. Devices thatdo not meet policy requirements are notallowed network access and the user isnotified of non-compliance.Protection of data at rest onmobile devicesAuthenticated Mobile Connect users cansecurely browse and view allowedintranet file shares and files from withinthe Mobile Connect app. Administratorscan establish and enforce mobileapplication management policy for theMobile Connect app to control whetherfiles viewed can be opened in other apps(iOS7 only), copied to the clipboard,printed or cached securely within theMobile Connect app. For iOS7 devices,this allows administrators to isolatebusiness data from personal data storedon the device and reduces the risk ofdata loss. In addition, if the user’scredentials are revoked, content storedin the Mobile Connect app is locked andcan no longer be accessed or viewed.4

Clean VPNWhen deployed with a Dell SonicWALLnext-generation firewall, MobileConnect establishes a Clean VPN , anextra layer of protection that decryptsand scans all SSL VPN traffic for malwarebefore it enters the network.Web Application Firewall and PCIcomplianceThe Dell SonicWALL Web ApplicationFirewall Service offers businesses acomplete, affordable, well integratedcompliance solution for web-basedapplications that is easy to manage anddeploy. It supports OWASP Top Ten andPCI DSS compliance, providingprotection against injection and crosssite scripting attacks (XSS), credit cardand Social Security number theft, cookietampering and cross-site request forgery(CSRF). Dynamic signature updates andcustom rules protect against known andunknown vulnerabilities. WebApplication Firewall can detectsophisticated web-based attacks andprotect web applications (including SSLVPN portals), deny access upondetecting web application malware, andredirect users to an explanatory errorpage. It provides an easy-to-deployoffering with advanced statistics andreporting options for meetingcompliance mandates.Personalizedweb portal3Corporate LAN3 Files andapplicationsDell SonicWALLSRA ptedSSL trafficRemote user1 Incoming HTTPS traffic is seamlesslyforwarded by the Dell SonicWALL NSA orTZ Series firewall to the Dell SonicWALLSRA appliance, which decrypts andauthenticates network traffic.2 Users are authenticated using theonboard database or through third-partyauthentication methods such as LDAP,Simple to manageSRA Series solutions feature UnifiedPolicy and an intuitive web-basedmanagement interface that offerscontext-sensitive help to enhanceusability. In addition, multiple productscan be centrally managed using the DellSonicWALL Global Management System(GMS 4.0 ). Resource access via theproducts can be effortlessly monitoredusing the Dell SonicWALL Analyzerreporting tool.5Dell SonicWALLNSA or TZfirewall24Unified threatmanagementScanningActive Directory, Radius, Dell QuestDefender and other two-factorauthentication solutions.3 A personalized web portal providesaccess to only those resources that theuser is authorized to view based oncompany policies.OtherserversandapplicationsCitrixXenApp ctory,RADIUS,LDAPor localdatabase4 To create a Clean VPN environment,traffic is passed through to the NSA orTZ Series firewall (running GatewayAnti-Virus, Anti-Spyware, IntrusionPrevention, and Application Intelligenceand Control), where it is fully inspectedfor viruses, worms, Trojans, spyware andother sophisticated threats.

SpecificationsDell SonicWALL SRA for SMB SeriesPerformanceSRA 1600Concurrent user license:Secure VirtualAssist technicians:User capacity*:Recommended for organizations with 50 orfewer employeesStarts with 5 concurrent users. Additional userlicenses available in 5 and 10 user increments.30-day trial-included/10-concurrenttechnicians maximum5-included/50-licensable/25-recommendedSRA 4600Concurrent user license:Secure VirtualAssist technicians:User capacity*:Recommended for organizations with 250 orfewer employeesStarts with 25 users. Additional user licencesare available in 10, 25 and 100 user increments.30-day trial-included/25-concurrenttechnicians aximum allowableMeeting participants:75SRA Virtual ApplianceConcurrent user license:Secure VirtualAssist technicians:User capacity*:Maximum allowableMeeting participants:Recommended for organizations of any sizeUser licenses available in 5, 10, and 25 userincrements30-day trial-included/25-concurrenttechnicians maximum5-included/50-licensable75Unified policyYes. Also supports policies which have multipleAD groupsLoggingDetailed logging in an easy-to-read format,Syslog supported email alertsSRA 1600, 5 user 01-SCC-6594Single-arm modeYesDell SonicWALL SecureVirtual Assist or SecureVirtual Access(licensed together)Connection to remote PC, chat, FTP, sessionrecording and diagnostic toolsSRA 1600 additional users(50 user maximum)Add 5 Concurrent users 01-SSC-7138Add 10 Concurrent users 01-SSC-7139Secure Virtual Meeting**Instantly brings meeting participants togethersecurely and cost-effectivelyIPv6 supportBasicLoad balancingHTTP/HTTPS load balancing with failover.Mechanisms include weighted requests,weighted traffic, least requestsHigh AvailabilitySRA 4600 onlyApplication offloadingYesWeb Application FirewallYesEnd Point Control (EPC)YesGeolocation-basedpoliciesYesBotnet filteringYesKey FeaturesApplications supportedProxyNetExtenderHardwareCitrix (ICA), HTTP, HTTPS, FTP, SSH, Telnet, RDP,VNC, Windows file sharing (Windows SMB/CIFS),OWA 2003/2007/2010Any TCP/IP based application: ICMP, VoIP, IMAP,POP, SMTP, etc.EncryptionAuthenticationRDP supportMultiple domain supportMultiple portal supportFine grain access controlSession securityCertificatesServerClientSelf-signed with editable common name andand imported from third partiesOptional client certificates supportedCache cleanerConfigurable. Upon logout all cacheddownloads, cookies and URLs downloadedthrough the SSL tunnel are erased from theremote computerClient device operatingsystems supportedProxyNetExtenderMobile ConnectAll operating systemsWindows 2003, 2008, XP/Vista (32-bit and64-bit), 7 (32-bit and 64-bit), 8 (32-bit and 64bit), Mac OS 10.4 , Linux Fedora Core 3 /Ubuntu 7 / OpenSUSE, Linux 64-bitiOS 4.2 and higher, OS X 10.9 and higher, Android 4.0and higher, Kindle Fire running Android 4.0 andhigher and Windows 8.1ARC4 (128), MD5, SHA-1, SHA-256, SHA-384,SSLv3, TLSv1, TLS 1.1, TLS 1.2, 3DES (168, 256),AES (256), RSA, DHEDell Quest Defender, other two-factorauthentication solutions, One-time Passwords,Internal user database, RADIUS, LDAP, MicrosoftActive DirectoryYes. Terminal Server farm (JAVA client only) andRemote Application support (Active-X onlyincluded), HTML5YesYesAt the user, user group and network resourcelevelInactivity timeouts prevent unauthorized useof inactive sessionsWeb browsers supported Internet Explorer, Mozilla, Chrome, Opera, SafariPersonalized portalThe remote user sees only those resourcesthat the administrator has granted access tobased on company policyManagementWeb GUI (HTTP, HTTPS), Send syslog andheartbeat messages to GMS (4.0 and higher)SNMP SupportUsage monitoringGraphical monitoring of memory, CPU, usersand bandwidth usageHardened security applianceSRA 1600YesSRA 4600YesInterfacesSRA 1600SRA 4600(2) gigabit Ethernet, (2) USB, (1) console(4) gigabit Ethernet, (2) USB, (1) consoleProcessorsSRA 1600SRA 4600x86 main processorx86 main processorMemory (RAM)SRA 1600SRA 46001 GB2 GBFlash memorySRA 1600SRA 46001 GB1 GBPower supply/inputSRA 1600SRA 4600Internal, 100-240VAC, 50-60MHzInternal, 100-240VAC, 50-60MHzMax power consumptionSRA 1600SRA 460047 W50 WTotal heat dissipationSRA 1600SRA 4600158.0 BTU171.0 BTUDimensionsSRA 160017.00 x 10.13 x 1.75 in43.18 x 25.73 x 4.45 cmSRA 4600Appliance weightSRA 160017.00 x 10.13 x 1.75 in43.18 x 25.73 x 4.45 cmSRA 46009.50 lbs4.30 kgsWEEE weightSRA 160010.0 lbs4.50 kgSRA 460010.0 lbs4.50 kgsMajor regulatorycomplianceFCC Class A, ICES Class A, CE, C-Tick, VCCIClass A, KCC, ANATEL, BSMI, NOM, UL, cUL,TUV/GS, CBEnvironment32-105 F, 0-40 CHumidity 5-95% RH, non-condensingMTBFSRA 1600SRA 460018.3 years17.8 years9.50 lbs4.30 kgSRA 1600 supportDell SonicWALL Dynamic Support 24x7for up to 25 Users (1-year) 01-SSC-7141Dell SonicWALL Dynamic Support 8x5for up to 25 Users (1-year) 01-SSC-7144SRA 4600, 25 user 01-SSC-6596SRA 4600 additional users(500 user maximum)Add 10 Concurrent Users 01-SSC-7118Add 25 Concurrent Users 01-SSC-7119Add 100 Concurrent Users 01-SSC-7120SRA 4600 SupportDell SonicWALL Dynamic Support 24x7for up to 100 Users (1-year) 01-SSC-7123Dell SonicWALL Dynamic Support 8x5for up to 100 users (1-year) 01-SSC-7126Dell SonicWALL Dynamic Support 24x7for 101 to 500 users (1-year) 01-SSC-7129Dell SonicWALL Dynamic Support 8x5for 101 to 500 users (1-year) 01-SSC-7132SRA virtual applianceDell SonicWALL SRA Virtual Appliance,5 User 01-SSC-8469SRA virtual applianceadditional users(50 user maximum)Add 5 concurrent users 01-SSC-9182Add 10 concurrent users 01-SSC-9183Add 25 concurrent users 01-SSC-9184SRA virtual appliance supportDell SonicWALL Dynamic Support 8x5for up to 25 users (1-year) 01-SSC-9188Dell SonicWALL Dynamic Support 24x7for up to 25 users (1-year) 01-SSC-9191Dell SonicWALL Dynamic Support 8x5for up to 50 users (1-year) 01-SSC-9194Dell SonicWALL Dynamic Support 24x7for up to 50 users (1-year) 01-SSC-9197For more information on Dell SonicWALLSecure Remote Access solutions, visitwww.sonicwall.com.Security Monitoring Services from DellSecureWorks are available for this applianceSeries. For more information, visitwww.dell.com/secureworksSRA Virtual ApplianceFor more informationDell SonicWALL2001 Logic DriveSan Jose, CA 95124www.sonicwall.comT 1 408.745.9600F 1 408.745.9300SRA virtual appliance virtualized environment requirements (Minimum)Hypervisor:VMWare ESXi and ESX (version 4.0 and newer)Appliance size (on disk): 2 GBAllocated memory:2 GB* The recommended number of users supported is based on factors suchas access mechanisms, applications accessed and application trafficbeing sent.**Available in conjunction with Secure Virtual Assist for SRA 4600 and SRAVirtual Appliances onlyDell Software5 Polaris Way, Aliso Viejo, CA 92656 www.dell.comIf you are located outside North America, you can find localoffice information on our Web site. 2014 Dell, Inc. ALL RIGHTS RESERVED. Dell, Dell Software, the Dell Software logo and products—asidentified in this document—are registered trademarks of Dell, Inc. in the U.S.A. and/or other countries.All other trademarks and registered trademarks are property of their respective owners.DataSheet-SRASeries-US-TD611-20140207

Web Application Firewall and PCI compliance The Dell SonicWALL Web Application Firewall Service offers businesses a complete, affordable, well integrated compliance solution for web-based applications that is easy to manage and deploy. It supports OWASP Top Ten and PCI DSS compliance