Watchguard Firebox SSL Core Manual de usuario descargar pdf (Pagina 7)

MIDWESTERN INTERMEDIATE UNIT IV – A CASE STUDY IN INTERNET SECURITY

WatchGuard Technologies, Inc. 505 Fifth Avenue South Suite 500, Seattle, WA 98104 www.watchguard.com

SSL VPNs Summarized

SSL VPN solutions will work from most computers, even behind various firewall configurations. However, they do

have drawbacks:

1. SSL VPNs are not a complete remote access solution. They only work for certain types of Web applications, and

fail on advanced Web applications that use binary object technology, such as Java applets and ActiveX

controls. They are incompatible with client/server applications without using custom connectors or high-cost

Webification.

2. SSL VPNs are slow for the limited number of client/server applications they support

3. SSL VPNs are slow for Web applications; the server-side logic involves parsing and rewriting Web applications.

4. SSL VPNs do not allow for peer-to-peer or real-time applications, where two applications need to open separate

IP connections with each other to establish data paths so as to allow the peer-to-peer, or even client/server,

protocol to work.

5. SSL VPNs provide “unnatural” access to limited applications, instead of access that is similar to what

employees experience when at their desk.

Clearly, SSL VPN remote access technology falls short of being able to address all remote access needs.

Prevailing Technologies Fail to Meet the Challenge

IPSec can encapsulate just about any sort of traffic and forward it on to the destination host, giving the user the

illusion that they are on the home network. However, it is complicated and costly to deploy and maintain, and is

notoriously unreliable when passing through NAT devices, firewalls, and even some ISP networks. SSL on the other

hand passes gracefully through almost any network environment by leveraging the ubiquity of Web access, and in

many cases requires no additional client-side installation, since most people already have a Web browser. Because

of its reliance on Web technology however, SSL presents some serious limitations as well. Performance is a

problem due to the need to re-write Web sites on the fly, and Web applications which use binary technologies like

Java and Microsoft ActiveX® can't be translated at all. Client/server applications like Microsoft Outlook, CRM

Implementations, and databases must all either be Webified or have custom connectors written for them in order

to work over the SSL VPN—all at significant cost to the organization.

What is needed is a solution which combines the strengths of each approach while not indulging in the weaknesses

of either. While many organizations meet this challenge by using both technologies where they are most

appropriate, this approach necessitates parallel infrastructures and inflated support costs, while still not providing

seamless access under all circumstances.

THE WATCHGUARD® SOLUTION: THE STRENGTHS OF IPSEC AND SSL WITHOUT THE

DRAWBACKS

The WatchGuard® Firebox® SSL Core™ VPN Gateway uses Citrix® Secure Access technology which, while based

on SSL VPN technology, combines all of the benefits of IPSec in terms of network connectivity with the SSL VPN

ability to gain access from almost any network regardless of firewall or NAT configuration.

1 2 3 4 5 6 7 8 9 10 11 12

Sin comentarios

Watchguard Firebox SSL Core Manual de usuario Pagina 7