|
| Advantages of SINFOR SSL VPN |
|
| Functions list of SINFOR SSL VPN |
|
|
|
Choice
of the Trustworthy SSL VPN Products
SSL VPN is the main technology for remote access,
and through SSL VPN, enterprises can achieve applications
to be transmitted to remote employees for working.
Now SSL has been widely used in various browsers,
it also applies to C/S based applications like Outlook.
Because SSL protocol is built in browsers such as
IE, SSL VPN which uses SSL protocol in authentication
and data encryption needn¡¯t be installed in client
end. Compared to conventional IPSEC VPN, SSL VPN has
a lot of feature, e.g. easy to deploy, no client,
low maintenance cost, strong adaptability to network,
the difference between the two types of VPN resembles
the difference between C/S architecture and B/S architecture.
In general, SSL VPN is used for two purposes:
¡ô Use SSL protocol for authentication and
encryption
SSL is an industrial security standard protocol generally
accepted in the industry, so the VPN definitely using
SSL protocol will achieve adequate security.
¡ô Directly use browser to finish
operations, no need to install independent client.
SSL VPN eliminates the need of users to install any
VPN client end, as long as there is browser compliant
to SSL protocol in PC, user can access internal application
system using SSL VPN network, it is virtually easy
and pragmatical.
As technology advances and customer demand
grows, compared to the SSL VPN born years ago which
supports WEB visits only, the leading SSL VPN in current
market has changed a lot, it mainly reflects in the
following respects:
¡ô Supports wider range of applications
The earliest SSL VPN only supports WEB applications,
however, today¡¯s SSL VPNs nearly all support use of
plugins, reorient data of TCP application to SSL tunnels,
thus support most TCP-based applications. Some advanced
SSL VPN products even support applications of UDP
and ICMP protocol. SSL VPN can automatically install
different plug-ins by judging the requests from different
platforms.
¡ô Wider support to network
Earlier SSL VPN doesn¡¯t support two-way access between
servers and client end and UDP application; nor support
allocation of virtual IP to mobile users, thus realize
secure audit in IP identification. However, today¡¯s
distinct SSL VPNs can allocate virtual IP for end
users through option plug-ins at client end, and create
Level 3 tunnel through SSL tunnel, so as to realize
nearly as strong terminal network functions as that
of IPSEC VPN client end.
¡ô Stricter requirements for terminal security.
SSL VPN originally is designed to realize access through
browser if any, but as the threats coming from spy
and phishing software is increasingly serious, access
to intranet on unsafe terminals may result in unexpected
disclosure of important information from terminals.
To solve this problem, SSL VPN adds security inspection
function at client end: which inspects the version
of terminal operating system, deployment of terminal
safety software through plug-ins, so as to determine
its access authority.
|
|
|
|
| Advantages of SINFOR SSL VPN |
|
| Functions list of SINFOR SSL VPN |
|
|
|
Advantages
of SINFOR SSL VPN
SINFOR M5X00-S SSL VPN series gateways provide unique
and specific solution to various problems that user
may encounter in using SSL VPN to access intranet
applications, the following paragraphs will explain
the advantages of SINFOR M5X00-S SSL VPN on authentication,
safety, speed, humanity:
Advanced technology
Advanced VPN products
¡ô Being conferred 20 invention patents and numerous
awards;
¡ô SSL VPN supports IP applications
¡ô Product supports intensive management and maintenance,
intelligent upgrade and real-time monitoring;
Faster speed
Intelligent multi-line technology
¡ô Web-based intelligent line selection, provide remote
users with fastest cross-operator access
¡ô Multiplex technology improves VPN access speed
¡ô VPN line backup ensures high-reliability VPN connection
Speed advantages in
accessing application system
¡ô Optional speed acceleration enhances SSL encryption
performance;
¡ô Optimum LZO flow compression technology speeds up
application transfer (especially in wireless operation);
¡ô WEB PUSH technology can analyze pages first, then
read several elements a time in parallel way in LAN
environment and push to SSL client end, this significantly
lifts the speed of visit to pages.
Higher security
Supports overall authentication
¡ô Supports password authentication for local users;
¡ô Supports digital certificate authentication. Combined
with existing CA systems, it supports PKI system;
¡ô Provides local CA center function, reduces cost;
¡ô Seamlessly integrated with the third party authentication
system such as LDAP, RADIUS
Robust ID authentication
mechanism
¡ô Supports password authentication for local users;
¡ô Supports combination ID authentication and USB KEY
, this not only increases easiness of use, but enhances
security;
¡ô Supports authentication of one-time password by
short message, combines user authentication and personal
identity;
¡ô Dynamic token authentication system (optional),
reduces lower cost of ownership;
¡ô Provides hardware binding function at client end,
free user from trouble of password disclosure.
More security mechanism
¡ô Prevent violent decryption, protect security of
password;
¡ô Provide soft keyboard and graphic code verification,
protect against attack of Malicious;
¡ô Security inspection at client, define security level
of client end
¡ô No trace left, clear all log-in information of users,
avoid information disclosure
¡ô Powerful logging function, robust visit access.
Easier to use
Differentiated authority
management
¡ô Role-based management helps effectively control
authority of VPN access users;
¡ô User grouping management, in conjunction with role
management, allow manager to allocate authority more
easily;
¡ô Provide fine-grained access control and management
over SSL VPN access user by URL, service, IP and various
resources.
Enhanced humanity design
¡ô Provides overall support to single-point access
of various application systems, eliminate need to
reenter account No. or password, simplifies work flow;
¡ô Supports various client end environment, including
mobile device such as PDA, intelligent cell phone,
3G cell phone;
¡ô Customizable log-in interface, including pre-login
and post-login interface
|
|
|
|
| Advantages of SINFOR SSL VPN |
|
| Functions list of SINFOR SSL VPN |
|
|
|
SINFOR SSL VPN has integrated SSL VPN
functions, and provides the best solution to remote
access for enterprises, the tables below list its
functions:
Basic functions
| Features |
Advantages |
| Functions
of SSL VPN |
Provides multiple access
approaches including domain name, dynamic
IP addressing, fixed IP;
Supports all B/S and C/S applications above
network layer;
Able to combine with existing CA authentication
center, supports PKI system, besides, it has
own CA center, saving cost needed for building
a separate CA centre;
Short message-based on short-message ID authentication,
HARD CA ID authentication, USB Key authentication,
dynamic token authentication and fine-grained
authority control within VPN, ensure that
only defined user or defined computer could
access VPN to visit defined resources;
Provides role-based management, able to provide
fine access control by user, user group, provide
different authority to different access users;
Supports security inspection at client end,
provide custom login interface at clientend;
|
| Firewall |
Enterprise-level packet filter firewall;
Prevents DOS attacks, not only prevents from
outside (such as SYN Flood), but also prevents
internal DOS attacks;
|
High security
SINFOR SSL VPN provides multiple
security mechanisms, which provides good security
in user access, data transfer and access.
| Features |
Advantages |
| Tunnel encryption |
Uses standard browser built-in SSL protocol
to ensure security of data; |
| Advanced access authentication |
One-time password short message (SMS) authentication,
dynamic token authentication, and CA centre,
Hardware-based HARD CA ID authentication, USB
Key dual-factor authentication; |
| Supports multiple authentication mechanism |
Supports the third-party authentication such
as Local DB, LDAP/AD, Radius;
realizes safe access to VPN users more effectively;
Supports the third-party CA authentication and
PKI system; |
| Security of client end |
Client end access rules, check security of
remote log-in;
Automatically clean all buffer and temporary
files after write-off, realize zero-trace visit;
Test engine while it is inactive, exit when
time is out, prevent information leaving; |
| Firewall |
Supports pack filtration, URL filtration,
visit monitoring, network access control, user
authentication, flow control, Qos, DHCP services,
etc.;
Unique firewall rule virtual online test technology
avoids possible safety problems arising of manned
setup mistakes;
Prevents DOS attacks, not only prevents from
outside (such as SYN Flood), but also prevents
internal DOS attacks; |
Control of resource access authority
There are multiple object management
modes built in SINFOR SSL VPN product, which provide
fine-grained authority control for user access, as
well as several customizable strategies.
| Features |
Advantages |
| Multiple object management |
Supports user, group management modes, provides
fine-grained access control and management over
SSL VPN access user by URL, service, IP and
various resources. |
| Fine authority control |
Role-based management, fine access authority
division, effectively control authority of VPN
access users; |
| Uniform authority |
Authority setup is synchronous to domain server/LDAP
server |
High-speed
SINFOR SSL VPN product integrates multiplex technology,
multiple-line intelligent selection function and high-efficiency
compression algorithm and performance acceleration
card, speeds up VPN access.
| Features |
Advantages |
| Multiplex technology |
Supports band width addition and backup of
2 Internet lines, realizes mutual backup of
Internet and load balance of net access lines,
improves network stability of VPN network. |
| Line intelligent selection |
Automatically select the best line, solve
the problems of delay and speed existing in
access to VPN resources between different network
operators; |
| Hardware-based SSL acceleration |
Optional high-speed SSL VPN hardware acceleration
card, improves band width of SSL VPN; |
| Built-in LZO algorithm |
Lifts VPN transfer speed, realizes application
faster; |
High availability
SINFOR SSL VPN product provides users with basic platform
to access rich application resources, easy single-point
login function, lift working efficiency of users.
| Features |
Advantages |
| Supports all applications |
Can realize all C/S, B/S applications based
on IP (TCP, UDP, ICMP) protocols; |
| Single-point login |
Reduce user¡¯s operations of reentering account
No. or password in using application systems; |
| Multiple working modes |
Supports gateway mode, parallel mode |
| Supports PDA |
Portable device based on Windows Mobile series
portable device operating system |
Extendibility
SINFOR SSL VPN product provides flexible authorization
strategies and extendibility, and can acquire new
functions through upgrade.
| Features |
Advantages |
| Flexible authorization strategies |
Acquire more access authority by upgrading
SN; |
| Acquire new features by upgrading OS |
Supports local and remote upgrade of SINFOR
OS and SINFOR SSL VPN, able to acquire new features |
| Supports interconnection of all SINFOR products |
All SINFOR VPN products can be interconnected
to each other, and create whole VPN network
on demand; |
High stability
The unique multi-line technology of SINFOR SSL VPN
product provides user with steady line backup and
redundancy, besides, it has dual-machine dual-system
backup function, which provides user with a steady
and high-efficiency VPN basic platform.
| Features |
Advantages |
| Multi-line backup and load balance |
Supports line backup and load balance of up
to 2 Internet lines; |
| Multiple working mode |
Supports router mode, bypass mode, flexible
deployment |
| Dual-machine hot backup |
Supports dual-machine hot backup, auto configure
information, once fault occurs, the device will
shift automatically, and ensure VPN runs well; |
| MTBF |
40000 hours |
Simplified management
SINFOR SSL VPN product provides friendly management
interface, rich log center and intensive management,
a few simple steps will complete VPN deployment and
management.
| Features |
Advantages |
| Web management interface |
Intuitive Web management interface, CLI senior
configuration and remote management, humanity
configuration wizard, the deployment can be
finished within 30 minutes; |
| Customizable client-end login interface |
Provides custom login interface for users
acting different roles, thus improve user¡¯s
experience; |
| SNMP |
Integrates the third-party management system
in standard method, realizes more powerful monitoring
function; |
| Backup function |
Supports local and remote backup and restoration,
the log is backed-up in form of files |
| Rich log center |
Provides fine-grained audit and log function,
log all successful or unsuccessful access requests,
access time, access address, access resources,
session duration, provides detailed system information,
supports independent the third-party log server;
|
List of SSL VPN series device
SINFOR M5100-S SSL VPN (Small to mid-sized
enterprises)
SINFOR M5400-S SSL VPN (Mid-sized to
large enterprises)
SINFOR M5600-S SSL VPN (Large and multinational
enterprises)
SINFOR M5800-S SSL VPN (Super-Large
Enterprises)
SINFOR M5900-S SSL VPN (Service Provider
Managed Services)
USB DKEY
SMS
Dynamic Token
Equipment Performance Table
| Features |
M5100-S |
M5400-S |
M5600-S |
M5800-S |
M5900-S |
| SSL VPN encryption speed£¨RC4 128bits£© |
70 Mbps |
189.4 Mbps |
240 Mbps |
320 Mbps |
600Mbps |
| Number of SSL VPN concurrent user sessions
|
2000 |
15,000 |
25,000 |
38,000 |
80,000 |
| SSL VPN forward delay |
0.3-0.5 ms |
0.3-0.5 ms |
0.3-0.5ms |
0.3-0.4ms |
0.3-0.4ms |
| Number of concurrent SSL users |
200 |
1000 |
2,500 |
3,000 |
8,000 |
| Number of new users per second |
20 |
80 |
90 |
120 |
400 |
| LAN port |
100BASE-T (RJ-45) * 2 |
1000BASE-T (RJ-45) * 2 |
1000BASE-T (RJ-45) * 2 |
1000BASE-T (RJ-45) * 2 |
1000BASE-T (RJ-45) * 2 |
| WAN port |
100BASE-T (RJ-45) * 2 |
1000BASE-T (RJ-45) * 2 |
1000BASE-T (RJ-45) * 1 |
1000BASE-T (RJ-45) * 1 |
1000BASE-T (RJ-45) * 1 |
| 100 BASE-T (RJ-45) * 2 |
1000BASE-T(GBIC) * 2 |
1000BASE-T (GBIC) * 2 |
| 1000BASE-T (Mini GBIC) * 2 |
| Serial port |
RS232 * 1 |
RS232 * 1 |
RS232 * 2 |
RS232 * 1 |
RS232 * 1 |
| Input voltage |
180-240V |
180-240V |
180-240V |
180-240V |
180-240V |
| Redundant power supply |
No |
No |
No |
Yes |
Yes |
| Working temperature |
-5~45 ¡æ |
-5~45 ¡æ |
-10~ 50 ¡æ |
-10~ 50 ¡æ |
-10~ 50 ¡æ |
| Working RH (relative humidity) |
5~90%, Non-condensing |
5~90%, Non-condensing |
5~90%, Non-condensing |
5~90%, Non-condensing |
5~90%, Non-condensing |
| Weight |
4.5Kg |
7Kg |
20 Kg |
22 Kg |
30 Kg |
|
|
|
|
| Advantages of SINFOR SSL VPN |
|
| Functions list of SINFOR SSL VPN |
|
|
|
| |
|
