SSL-VPN Secure Remote Access

• Remote Access Solutions
• Mobility Solutions
• Disaster Recovery Solutions
• Wireless Solutions
• Extranet Solutions
• Policy Enforcement Solutions
• Network Access Control (NAC) Solutions

Remote access solutions.

With more employees working from more locations, with more diverse groups, such as partners, accessing network resources and with threats of pandemics, disasters, or terrorist attacks, remote access has become a business necessity. SonicWALL Aventail E-Class SRAs make secure remote access easy to use and control.

Remote Access Deployment Scenario 1

• Need:  An organization has decided to allow employees greater access from home as a way to extend productivity without requiring employees to spend more time in the office. They need a reliable and easy solution for employees to gain secure access to e-mail, file shares and specific applications at any time from anywhere.
• Solution:  A SonicWALL Aventail E-Class SRA EX-750, EX6000 or EX7000 can be easily deployed using the Aventail® WorkPlace™ portal so that employees can gain secure access to applications from virtually any device with a standard Web browser (including mobile phone browsers). Aventail® End Point Control™ with cache control is enabled through the WorkPlace portal, ensuring policy-driven security on non-IT-managed end point devices.
  Results: End users get secure access from anywhere using their wireless devices and IT maintains centralized, granular access control from a single gateway.
  
• Results: End users get secure access from anywhere using their wireless devices and IT maintains centralized, granular access control from a single gateway.

Remote Access Deployment Scenario 2

• Need:  A company has a large number of employees using IT-managed devices who are constantly on the go. They need a solution that works from any network with the capability to enforce the company’s corporate security policy. The solution has to "just work."
• Solution:  A SonicWALL Aventail E-Class SRA EX-750, EX6000 or EX7000 configured with Aventail® Connect Tunnel, an easy-to-manage, Web-delivered agent designed for security and reliability. Aventail End Point Control verifies that the device is identified as an IT-managed asset and that it is compliant with the corporate security policies.
• Results: End users get access from anywhere, without IP address conflicts or NAT traversal issues.

Mobility solutions.

Mobile devices ranging from smartphones to PDAs have evolved into sophisticated and powerful mobile computers that are being used to remotely access Web and client-server applications. Once limited to a few executives, mobile devices are becoming common in the modern enterprise-and require appropriate access controls. The SonicWALL Aventail E-Class SRA solution delivers best-of-breed secure mobile access seamlessly across multiple devices and platforms.

Mobility Deployment Scenario

• Need:  Certain key employees would benefit from having access to specific mission-critical applications from their mobile devices. Sales reps need access to their CRM application to keep their records updated and maximize their productivity. Inventory managers can update records while in the field. Executives need access to their e-mail and calendar. However, these very portable devices need to be secure to make sure access is not compromised if the device falls into the wrong hands. IT also does not want to have to manage a separate e-mail-only solution as part of their IT infrastructure, instead preferring to find a single remote access solution that works for e-mail and much more on mobile devices.
• Solution: A SonicWALL Aventail E-Class EX-750, EX6000 or EX7000 set up with Aventail® Connect Mobile™ can provide access to a broad range of client/server and Web-based applications from Windows® Mobile-powered devices. Aventail End Point Control ensures that the user and device is fully authorized at login, as well as at administrator-defined recurring intervals. One-Time Password (OTP) support enables IT to easily and cost-effectively add two-factor authentication for additional security from the mobile device. IT can also use client certificates as a device watermark to revoke access if the device is lost or stolen.
• Results: With the SonicWALL Aventail E-Class SRA solution, access from mobile devices is always controlled. The organization can extend access and improve productivity to users leveraging mobile devices. IT now manages a solution that works for any scenario for remote access control, instead of only a niche solution just for mobile device e-mail access.

Disaster recovery solutions.

Disaster recovery can be triggered by a catastrophic event like a hurricane or epidemic, or by something as simple as a regional power outage or a burst water pipe. Whatever the cause, business disruption can mean lost opportunities, revenues, or reputation. In an emergency, remote access via SSL VPN can let employees work from home as if they were still in the office.

Disaster Recovery Deployment Scenario

• Need:  The organization wants all employees have the ability to work remotely. They also need a fast and efficient way to increase their remote access capacity in the event of an unplanned business disruption.
• Solution: A SonicWALL Aventail E-Class SRA EX6000 or EX7000 is set up so that employees can gain access from IT-managed devices via Aventail Connect Tunnel or non-managed devices via the Aventail WorkPlace portal. Multiple SonicWALL Aventail E-Class SRA appliances can be deployed in different geographic locations using Policy Replication.  Optionally, the SonicWALL Aventail E-Class SRA solution can be deployed in conjunction with SonicWALL CDP for comprehensive business continuity protection. Additionally, the organization has purchased an Aventail Spike License pack which allows temporary increases in licensed capacity in the event of a large scale business disruption.
• Results: The organization has prepared themselves for all employees to work remotely if an unexpected business disruption prevents employees from reaching a central business location.

Wireless solutions.

More corporations, universities, hospitals and governmental organizations are implementing wireless networks and using SonicWALL Aventail E-Class SRAs as a secure and centralized access control solution. With seamless support of multiple device platforms and access to resources based upon unified policy through a single gateway, the SonicWALL Aventail E-Class SRA solution helps tightly control access to an enterprise’s wireless network.

Wireless Deployment Scenario

• Need:  The organization is implementing a wireless network and wants to ensure a certain level of strong access control and end point control for any access to the wireless network. Devices used for access are highly mobile, going in and out of the wireless network on a daily basis. Additionally, since the wireless network may be accessible to contractors or guests, they want to make sure that once on the network that access is controlled to a specific set of applications.
• Solution: A SonicWALL Aventail E-Class SRA EX-750, EX6000 or EX7000  is set up so all wireless users are required to gain access to corporate resources via the Aventail WorkPlace portal for guest access and via Aventail Connect Tunnel for employees using IT-managed devices. Wireless connections are encrypted via the SSL protocol. Before allowing access, Aventail End Point Control scanning ensures that devices are identified and have an appropriate security profile before allowing any access to the corporate network. Guests using the WorkPlace portal are presented with a narrowly-defined set of resources specific to their need. The SonicWALL Aventail E-Class SRA solution can be integrated with  a SonicWALL UTM firewall  to establish a Clean VPN™ environment, and deployed with several SonicWALL SonicPoints placed as "hot spots" at strategic locations.
• Results: The organization ensured that any device accessing the wireless network meets the minimum criteria for gaining access, as well as ensuring that users gain authorized access to information that is only relevant to them.

Extranet solutions.

Growing businesses need to extend authorized access to partners and suppliers via extranets to increase collaboration and productivity. However, extranet access must meet security demands, while minimizing deployment and support overhead. SonicWALL SSL VPNs provide secure anywhere access without the difficulties associated with “fat” client deployments.

Extranet Deployment Scenario

• Need:  The organization needs to set up secure access to a specific set of applications for their business partners. However, each business partner needs unique access to a certain set of applications. They also want access set up in such a way that the security of their overall network is not compromised.
• Solution: A SonicWALL Aventail E-Class SRA EX-750, EX-6000 or EX-7000 is easily configured to provide unique Aventail WorkPlace portal sites for each business partner. Partners gain access to their own URLs for portal access and see a portal that is customized with their company’s look-and-feel. Partner access is governed by access control rules limit access to information that is important to them. As needed, access rules allow certain partners to have client-server agents provisioned to the user as part of the portal login experience.
• Results: The organization provides their partners with secure application access, while ensuring that partners only access relevant, authorized information.

Policy enforcement solutions.

Organizations today face many different requirements for implementing security policies, from threats entering the network to compliance with regulations on appropriate content. SonicWALL Aventail SSL VPNs with Aventail® Unified Policy™ offers a centralized object-based policy model with a single rule set to easily manage and automatically cascade policy across all users, groups, resources and devices. This makes it easy for IT to establish policy decisions based on the security of the end point, allowing granular access control for collaboration and compliance.

Policy Enforcement Deployment Scenario

• Need:  The organization wants to enforce their security policies as well as compliance policy. They want to make sure that threats are not introduced to the network, as well as making sure that only the right people have access to specific data for compliance reasons.  However, IT does not want to manage separate complex solutions for mobile devices, Extranets, IT-managed devices, home PCs and wireless networks.
• Solution: Any SonicWALL Aventail E-Class SRA solution can provide a single policy interface to control access from a broad range of devices, users and network environments. Additionally, policy is unified across all access environments. IT can write a single set of policies for users, regardless if they are using a Linux device one day, and a Macintosh the next. Aventail End Point Control ensures that access is controlled on a per device basis (e.g., access for mobile phone users is defined differently than access for laptop users.)  The solution is deployed in conjunction with SonicWALL Content Security Management appliance.
• Results: The organization has a single cost-effective method for controlling all access.

Network Access Control (NAC) solutions.

Network Access Control, or NAC, is a strategic approach to automatically restricting or allowing access to network resources based upon how users and their end-point environments match predefined policy criteria. The SonicWALL Aventail solution is the easiest remote access controller on the market. SonicWALL Aventail SSL VPNs provide the core elements of NAC today and form the foundation for the evolution of NAC in the future.

Network Access Control Deployment Scenario

• Need:  The organization is confronted with a myriad of NAC-based approaches. Whether a user’s device moves in and out of the network, or exists solely outside the perimeter, IT needs to appropriately control access to network resources.
• Solution: Any SonicWALL Aventail E-Class SRA solution can be set up with Allow, Deny or Quarantine Zones that dictate the requirements the end point device must meet in order to gain access to the SSL VPN. Allow Zones can require different anti-virus solutions (including settings for signature file updates and file system scans), personal firewall solutions and anti-spyware solutions, as well as device identifiers. Deny Zones use such criteria to immediately deny access. Quarantine Zones identify devices that don’t meet access criteria, specifying to the user that they are in quarantine and allowing IT to customize a message to the user and provide them with some useful links to update their device.
• Results: The organization leverages the SonicWALL Aventail SSL VPNs to provide a highly granular yet easy to control NAC solution for remote access scenarios.