Watchguard Firebox SSL Core Manual de usuario descargar pdf (Pagina 9)

MIDWESTERN INTERMEDIATE UNIT IV – A CASE STUDY IN INTERNET SECURITY

WatchGuard Technologies, Inc. 505 Fifth Avenue South Suite 500, Seattle, WA 98104 www.watchguard.com

because network routes are not advertised on the client machine, worms cannot use this tunnel to propagate from

the client machine back into the corporate network. This is what provides "in office experience" in the WatchGuard

Firebox SSL VPN solution.

Terminating the Secure Tunnel and Regenerating Packets on the Private Network

The Firebox SSL terminates the SSL tunnel and accepts any incoming packets destined for the private network. If

the traffic meets the authorization and access control criteria, it is first re-written (IP headers are regenerated to

appear from the Firebox SSL's private network IP address range, or the client-assigned private IP), then passed into

the private network. For circuit-oriented connections, the Gateway maintains a port-mapped NAT table, so that

connections can be matched and packets can be sent back over the tunnel to the client with the correct port

numbers so they make it to the correct application.

SECURE ACCESS CLIENT: STRONG SECURITY

Configurable “Always-On” Functionality

When the laptop or PC is disconnected from the network, the Citrix® Secure Access client continues to run in

memory. This advanced “Always-On” functionality provides user benefits like auto-reconnect (the VPN connection is

automatically restored when the network connection returns), remote voice connectivity, remote control of user PCs

by the IT department, etc. This mode provides a powerful way to always ensure security over 802.11 networks

without having to deploy and maintain a WEP or WPA/PSK environment. This functionality is not currently available

in either IPSec or other SSL VPNs.

Integrated Endpoint Security

Integrated Endpoint Security provides continuous, real-time monitoring of items such as file, checksum, and

registry checks, as well as whether the endpoint is an approved corporate asset. Access to the corporate network is

only allowed if the security policy for the client computer is met and continues to be met during the SSL VPN

session. Competing implementations rely on third-party products to provide this functionality, leading to additional

costs and integration challenges. Of the few SSL VPNs that can do limited checks as part of the product, the check

still occurs only once, and only when accessing their portal of Webified applications. Endpoint Assurance is

included with the WatchGuard Firebox SSL VPN Gateway.

Worm Traversal Blocking

Because the network routing information is not propagated onto the client machine from the network over the SSL

VPN tunnel, worms cannot use the SSL VPN tunnel to traverse from the client machine back into the corporate

network, providing inherently better security.

Remote Control

Integrated remote control eliminates the time and expense of third-party applications such as Microsoft

NetMeeting®, Virtual Network Computing, or expensive Web conferencing software in order to access, assess, and

repair remote computers. In addition to providing IT and network administrators with improved troubleshooting

options, remote control can be used by employees as an on-the-fly collaboration tool. Employees can now share

1 2 3 4 5 6 7 8 9 10 11 12

Sin comentarios

Watchguard Firebox SSL Core Manual de usuario Pagina 9