F5 BIG-IPLocalTraffic

Manager

F5 BIG-IPLocalTraffic

Manager

F5 BIG-IPLocalTraffic

Manager

F5 BIG-IPLocalTraffic

Manager

Server

What’s Inside:

2 ImprovedUserExperience

3 NetworkAccess

5 ApplicationAccess— SecureAccesstoSpecific Applications

6 PortalAccess—Proxy-Based AccesstoWebApplications, Files,andEmail

8 PortalAccess— ComprehensiveSecurity

9 DynamicPolicyEngine— TotalAdministrativeControl

11 Customization

12 iControlSSLVPNClient APIforSecureApplication Access

12 FirePassProductDetails

14 FirePassSpecifications

16 MoreInformation

DATASHEET

Key Benefits:

Increase worker productivity Providefastandsecure,alwaysconnectedremoteaccessfromanylocation,fromanydevice.

Gain ultimate flexibility Quicklyandeasilydeployavirtualappliancetoaddremoteaccessfunctionalitytoyourexistingvirtualinfrastructure.

Decrease costs Reducedeploymentandsupportcostswitheasymanagement,simpledeployment,andsecureapplicationaccess.

Increase security Delivergranularaccesscontroltointranetresourcesonagroupbasis,enhancingsecurity.

Reduce risk with endpoint security Verifytheuserquicklyandeasilywithendpointsecuritytovalidatecompliancewithcorporatepolicy.

IncreaseProductivitywithFlexible,SecureRemoteAccessAsmoremobileandremoteworkersuseanincreasingnumberofdifferentdevicestoaccesscorporateapplicationsanddatafrommanylocations,yourbusinessbenefitsfrommoreflexibleandproductiveusers.Butsecuringapplications,data,thenetwork,andclientdevicesfromunauthorizedaccessandattackscanquicklyaddmanagementcomplexityandcost.

TheFirePass®SSLVPNapplianceandVirtualEdition(VE)providesecureremoteaccesstoenterpriseapplicationsanddataforusersoveranydeviceornetwork.FirePassensureseasyaccesstoapplicationsbydeliveringoutstandingperformance,scalability,availability,policymanagement,andendpointsecurity.Theresultisunifiedsecurityenforcementandaccesscontrolthatincreasestheagilityandproductivityofyourworkforce.

FirePassSSLVPN

DATASHEET FirePass SSL VPN

2

Improved User Experience

FirePasshelpsensureuserproductivitybyminimizingthetimeandeffortrequiredtogainaccesstoauthorizedfilesandapplications.

“Always connected” remote access

Someaccessclientsneedconstantreconnectionthroughoutthedayasusersmovelocationsorrestartapplications.TheBIG-IP®EdgeClient™solutionisastate-of-the-art,integratedclientthatprovideslocationawarenessandzonedeterminationtodeliveraremoteaccesssolutionunlikeanyother.Cutting-edgeroaming,domaindetection,andautomaticconnectioncreateaseamlesstransitionasusersmovebetweenlocations.BIG-IPEdgeClienthelpsensurecontinueduserproductivitywhethertheuserisathomeonawirelessnetwork,usinganaircardintransit,givingapresentationfromcorporatewireless,inacaféonguestwireless,ordockedonaLANconnection.BIG-IPEdgeClientissupportedinFirePass6.1and 7.0.

BIG-IP Edge Client

BIG-IP Edge Client

At home (wireless)

Always connected application access

In the office (docked LAN connection)

In the café(wireless)

Presenting (corporate wireless)

Commuting(air card)

BIG-IP Edge Client

BIG-IP Edge Client

BIG-IP Edge Client BIG-IP

Edge Client

Seamless VPN access

WhentheuserfirstenterscredentialsaspartoftheWindowslogonprocess,BIG-IPEdgeClientcachesthemandthenautomaticallytriestheminthefirstattempttologontotheVPN.Thisstreamlinestheuserexperiencetohelpimproveproductivity.

BIG-IP Edge Client uses cutting edge roaming, domain detection, and automatic connection to deliver a seamless transition between locations.

DATASHEET FirePass SSL VPN

3

Network Access

FirePassprovidesLAN-typenetworkaccessconnectivityforallapplicationsbysupportingexistingnetworkinfrastructure,identitymanagementsystems,andclient-serveroperatingsystems.

FirePass Network Access for Microsoft Windows (Windows 7, Vista, XP), Mac, and Linux Systems

•EliminatestheneedforspecialadministrativeprivilegesforFirePassclientcomponentupdateswithWindowsInstallerService,loweringmanagementcosts.

•ProvidessecureremoteaccesstotheentirenetworkforallIP-based(TCP,UDP)applications.

•Includesstandardfeaturesacrossalldesktopandlaptopplatforms,aswellassplittunneling,compression,activity-basedtimeouts,andautomaticapplicationlaunching.

•Providesremoteaccess—unlikeIPSecVPNs—withoutrequiringpreinstalledclientsoftwareandconfigurationoftheremotedevice.Client-orserver-sideapplicationchangesarenotrequired.

•Enablesadministratorstorestrictandprotectresourcesaccessiblethroughtheconnectorbyinstitutingrulesthatlimitaccesstoaspecificnetworkorport.

•UsesthestandardHTTPSprotocolwithSSLasthetransport,sothedeviceworksthroughallHTTPproxiesincludingpublicaccesspoints,privateLANs,andovernetworksandISPsthatdon’tsupportIPSecVPNs.

•UtilizesGZIPcompressiontocompresstrafficbeforeitisencrypted,reducingtheamountoftrafficthatissentacrosstheInternetandimprovingperformance.

•SupportsthelatestOSsandBrowsers—FirePass7.0supports32-bitversionsof:Windows 7,Vista,andXP;MacOSXLeopardandSnowLeopard;InternetExplorer6,7,and8;Firefox3.x;andSafari4.Itsupports64-bitversionsof:Windows7,Vista,andXP;Linux(contactF5orResellerforlist),InternetExplorer7(exceptWin7)and8;andFirefox3.0.TalktoanF5salesrepresentativeorresellertoreviewcompatibilityforyourenvironment.

Client Security

•SafeSplitTunneling—Toprotectagainstback-doorattackswhenaccessingthenetworkwithsplittunneling,FirePassprovidesadynamicfirewallthatprotectsWindows,Mac,andLinuxuserswhenusingthefullnetworkaccessfeature.Thispreventshackersfromroutingthroughtheclienttothecorporatenetworkorusersfrominadvertentlysendingtraffictothepublicnetwork.

•EndpointClientChecking—FirePassincreasessecuritybydetectingthepresenceofrequiredprocesses(forexample,virusscans,anti-malware,personalfirewalls,OSpatchlevels,registrysettings,andmore)andtheabsenceofotherprocesses(forexample,keylogger)ontheMac,LinuxorWindowsclientbeforeenablingfullnetworkaccess.

•HardwareEndpointInspectors—FirePassinspectsclientmachinefeaturessuchMACaddress,CPUID,andHDDIDtoidentifyremotedevices.FirePassauthorizesmachineswithoutthecomplexityofdeployingmachinecertificates.

DATASHEET FirePass SSL VPN

4

Windows Network Access Features

•StandaloneWindowsClient—FirePassestablishesanetworkconnectionafterenteringusercredentials.SoftwarecanbeautomaticallydistributedtotheclientusingMicrosoft’sMSIinstallertechnology.

•WindowsLogon/GINAIntegration—Enablesimplied,transparentuserlogontothecorporatenetworkbyintegratingwiththeGINA(“Ctrl+Alt+Del”prompt)logonprocess.

•StandaloneVPNClientCLI—Command-lineinterfacesupportofferssinglesign-onsupportthroughintegrationwiththird-partyapplications(suchasremotedialersoftware).

•WindowsVPNDialer—Providesasimplifieduserexperienceforthosemorecomfortablewiththedialupinterface.

•AutomaticDriveMapping—Networkdrivescanbeautomaticallymappedtoauser’sWindowsPC.

•StaticIPSupport—AssignsastaticIPbasedontheuserwhentheuserestablishesanetworkaccessVPNconnection,loweringadministrativesupportcosts.

•TransparentNetworkAccess—Eliminatesnetworkaccessbrowserwindowpop-upsandpreventsusersfromaccidentallyterminatingtheconnection.

Mobile Device Support

•EnablessecureapplicationaccessfromWindowsMobileandsmartphones.

•Providesaccesstobothclient/server-andweb-basedapplications.

FirePass policies enable secure application access to a full set of corporate services, including kiosks, mobile devices, or laptops.

Intranet Email

C/S ApplicationFull Network

Corporate Services

Kiosk Mobile Device Laptop

Kiosk PolicyCache/Temp File

Cleaner

Mini BrowserPolicy

Corporate PolicyFirewall/Virus

Check

FirePass SSL VPN Value Proposition• Browser-based ubiquitous access• Lower support and management costs• Endpoint security• Granular access control• Group policy enforcement

Terminal Servers Files

DATASHEET FirePass SSL VPN

5

Application Access—Secure Access to Specific Applications

FirePassenablesadministratorstograntcertainusers—forexample,businesspartnersusingequipmentnotmaintainedbythecompany—accesstospecificextranetapplicationsandsites.FirePassprotectsnetworkresourcesbyonlypermittingaccesstoapplicationsthatareclearedbythesystemadministrator.

Specific Client/Server Application Access

•Enablesanativeclient-sideapplicationtocommunicatebacktocertaincorporateapplicationserversviaasecureconnectionbetweenthebrowserandtheFirePassdevice.

•Requiresnopre-installationorconfiguringofanysoftware.

•Involvesnoadditionalnetwork-sidesoftwaretoaccesstheapplicationservers.

•Accessesapplicationsviastandardprotocols:HTTPandSSL/TLS.ItworkswithallHTTPproxies,accesspoints,andprivateLANs,andovernetworksandISPsthatdonotsupporttraditionalIPSecVPNs.

•IncludessupportedapplicationssuchasOutlooktoExchangeClusters,PassiveFTP,CitrixNfuse,andnetworkdrivemapping.

•SupportscustomCRMapplicationsaswellasapplicationsthatusestaticTCPports.

•Supportsauto-logintoAppTunnels,Citrix,andWTSapplicationstosimplifytheuserexperience.

•IntegrateswithCitrixSmartAccesstodeliverendpointinspectionresultstoCitrixapplicationsandsendSmartAccessfilterstoXenAppbasedontheresultsofendpointscans.

•Supportstheauto-launchofclient-sideapplicationstosimplifyuserexperienceandlowersupportcosts.

•Enableslock-downJava-basedapplicationtunnelsfornon-WindowsandWindowssystemstopreventtheexecutionofActiveXcontrols.

•OfferscompleteDHCPsupportforclientsusingnetworkaccess,automatingIPaddressassignmentanddynamicDNSregistrationofaddresses.DHCPsupportprovideseasiermulti-unitdeploymentswhileremote-accessIPaddressrangecanoverlapwithinternalLAN.

•DeliverssupportforMicrosoftCommunicatorviaPortalAccess,enhancingVoIPcommunications.

•Offersuniquesupportforthecompressionofclient/serverapplicationtrafficovertheWAN,enhancingperformance.

Terminal Server Access

•Providessecureweb-basedaccesstoMicrosoftTerminalServers,CitrixMetaFrameapplications,WindowsXPRemoteDesktops,andVNCservers.

•ProvidesTerminalServicesforVMwareViewwebclienttoenableuseraccessfromvirtualdesktops.

•Supportsgroupaccessoptions,userauthentication,andautomaticlog-oncapabilitiesforauthorizedusers.

•SupportsautomaticdownloadingandinstallationofthecorrectTerminalServicesorCitrixremoteplatformclientcomponent,ifnotcurrentlyinstalledontheremotedevice,savingtime.

DATASHEET FirePass SSL VPN

6

•SupportsremoteaccesstoXPdesktopsforremotetroubleshootingusingRDPandnon-XPdesktopswiththebuilt-inVNCfeature.

•ProvidesJava-basedTerminalServicessupportforCitrixandMicrosoft.

Dynamic App Tunnels

•Providesmaximumsupportforaccessingawidevarietyofclient/server-andweb-basedapplications.

•OffersabetteralternativetoreverseproxiesforaccessingapplicationsfromWindowsclientdevices.

•Eliminatestheneedforwebapplicationcontentinteroperabilitytesting.

•Requiresonly“poweruser”privilegesforinstallationandnospecialprivilegesforexecution.

•Providesaddedsupportforauto-launchingwebapplicationtunnels,simplifyingtheuserexperience.

Host Access

•Enablessecureweb-basedaccesstolegacyVT100,VT320,Telnet,X-Term,andIBM3270/5250applications.

•Requiresnomodificationstotheapplicationsorapplicationservers.

•Eliminatestheneedforthird-partyhostaccesssoftware,reducingtotalcostof ownership(TCO).

Portal Access—Proxy-Based Access to Web Applications, Files, and Email

FirePassPortalAccesscapabilityworksonanyclientOSwithabrowser:Windows,Linux,Mac,smartphones,PDAs,andmore.

Web Applications

•Providesaccesstointernalwebservers,includingMicrosoftOutlookWebAccess,LotusiNotes,andMicrosoftSharePointServeraseasilyasfrominsidethecorporateLAN.

•Deliversgranularaccesscontroltointranetresourcesonagrouppolicybasis.Forexample,employeescangainaccesstoallintranetsites;partnerscanberestrictedtoaspecificwebhost.

•DynamicallymapsinternalURLstoexternalURLs,sotheinternalnetworkstructuredoesnotrevealthem.

•ManagesusercookiesattheFirePassdeviceleveltoavoidexposingsensitiveinformation.

•Passesusercredentialstowebhoststosupportautomaticloginandotheruser-specificaccesstoapplications.FirePassalsointegrateswithexistingidentitymanagementservers(forexample,CANetegrity)toenablesinglesign-ontoapplications.

•Proxiesloginrequestsfromwebhoststoavoidhavinguserscachetheirpasswordsonclientbrowsers.

•Enablesorrestrictsaccesstospecificpartsofanapplicationwithgranularaccesscontrollist(ACL)forincreasedsecurityandreducedbusinessrisks.

DATASHEET FirePass SSL VPN

7

•Providessplit-tunnelingsupportforwebapplications,resultinginfasteruserperformancewhenaccessingpublicwebsites.

•Validatesback-endcertificatewithrapidreverse-proxytoquicklyauthenticatetheserver’scertificate.

•Offersdynamicserver-sideandDNScachingforincreasedwebapplication(reverseproxy)performanceandfasterpagedownloadtimes.

•Deliversout-of-the-boxreverseproxysupportforrewritingawidevarietyofJavaScriptcontentinwebpages,savingtime.

•ProvidesJavapatchACLsupporttolimitclient-initiatedconnectionsthroughFirePassusingPortalAccess.

•EnablesNTLMv2supportforaccesstowebapplications.

•DeliversDNSrelayproxyservice,enablingclient-sidenameresolutionwithoutrequiringanyspecialruntimerights(forexample,modificationofhosts).AlsoenablesredirectionofportstomorefullysupportapplicationssuchasOutlookandWindowsdrivemapping.

File Server Access

•Enablesuserstobrowse,upload,download,copy,move,ordeletefilesonshareddirectories.

•Supports:SMBShares;WindowsWorkgroups;NT4.0andWin2000domains;Novell5.1/6.0withNativeFileSystempack;andNFSservers.

Email Access

•Providessecureweb-basedaccesstoPOP/IMAP/SMTPemailserversfromstandardandmobiledevicebrowsers.

•Enablesuserstosendandreceivemessages,downloadattachments,andattachnetworkfilestoemails.

Mobile Device Support

•ProvidessecureaccessfromAppleiPhone,WindowsMobile,PDAs,smartphones,cellphones,WAP,andiModephonestoemailandotherweb-basedapplications.

•DynamicallyformatsemailfromPOP/IMAP/SMTPemailserverstofitthesmallerscreensofmobilephonesandPDAs.

•SupportsthesendingofnetworkfilesasemailattachmentsandtheviewingoftextandWorddocuments.

•SupportsActiveSyncapplications,enablingPDAsynchronizationofemailandcalendaronExchangeServerfromaPDAdevice,withoutrequiringthepre-installedVPNclientcomponent.

DATASHEET FirePass SSL VPN

8

Portal Access—Comprehensive Security

FirePassdeliversmultiplelayersofcontrolforsecuringinformationaccessfrompublicsystems.

Client Security

•ProtectedWorkspace—Usersofthe32-bitversionofWindowsXP/Vista/7orthe64-bitversionofWindowsVista/7canbeautomaticallyswitchedtoaprotectedworkspacefortheirremoteaccesssession.Inaprotectedworkspacemode,theusercannotwritefilestolocationsoutsidetheprotectedworkspace;thetemporaryfoldersandalloftheircontentsaredeletedattheendofthesession.

•CacheCleanup—Thecachecleanupcontrolremoves—andemptiesfromtherecyclebin—thefollowingdatafromtheclientPC:cookies,browserhistory,auto-completeinformation,browsercache,tempfiles,andallActiveXcontrolsinstalledduringtheremoteaccesssession.

•SecureVirtualKeyboard—Foradditionalpasswordsecurity,FirePassoffersthepatent-pendingSecureVirtualKeyboardwhichenablessecurepasswordentryfromthemouseinsteadofthekeyboard.

•DownloadBlocking—Forsystemsunabletoinstalla“cleanup”control,FirePasscanbeconfiguredtoblockallfiledownloadstoavoidtheissueofinadvertentlyleavingbehindtemporaryfiles,yetstillenableaccesstoapplications.

•AutomaticFileVirtualization—Inprotectedworkspacemode,temporaryfilesandregistrysettingsarewrittentoavirtualfilesystemratherthantothelocalmachine.

•EncryptedSavedContent—Alltemporarycontentsavedontheremotesystemisencryptedintheeventthattheprotectedworkspacedoesn’texitnormally,suchasinapowerfailure,renderingthecontentunreadable.

•PortalSupportforPopularMobileClients—FirePasssupportsportalaccesswithiPhone,BlackBerry,andOperaMinibrowsers.

Content Inspection and Web Application Security

Forusersaccessingwebapplicationsonthecorporatenetwork,FirePassenhancesapplicationsecurityandpreventsapplication-layerattacks(forexample,cross-sitescripting,invalidcharacters,SQLinjection,bufferoverflow)byscanningwebapplicationaccessforapplicationlayerattacks—thenblockinguseraccesswhenanattackisdetected.

Integrated Virus Protection

FirePasscanscanwebandfileuploadsusingeitheranintegratedscannerorexternalscannerviaICAPAPI.Infectedfilesareblockedatthegatewayandnotallowedontoemailorfileserversonthenetwork,forincreasedprotection.

Flexible Remote Access

FirePassVirtualEdition(VE)makesiteasytoquicklydeployavirtualappliancetoaddSSLVPNfunctionalitytoanexistingvirtualinfrastructure.Thisoffersgreaterflexibilityindisasterrecoveryscenariosorduringasurgeinremoteaccessdemand.VirtualeditionsofFirePassandBIG-IPLocalTrafficManagercanbecombinedtoprovideindustry-leadingapplicationdeliveryandremoteaccessinthesameenvironment.

DATASHEET FirePass SSL VPN

9

Dynamic Policy Engine—Total Administrative Control

TheFirePasspolicyengineenablesadministratorstoeasilymanageuserauthenticationandauthorizationprivileges.

Dynamic Policy-Based Access

Administratorshavequickandgranularcontrolovertheirnetworkresources.Throughpolicymanagementsupport,theycanauthorizeaccesstoapplicationsbasedontheuseranddevice.Administratorscaneasilyimplementexistingpolicieswithimportandexportofpre-logonpolicies.

Visual Policy Editor

TheVisualPolicyEditorcreatesaflow-chartstylegraphicalviewofyouraccesspolicies,givingyoupoint-and-clickeaseinprofilingandmanaginggroups,users,devices,oranycombinationofthethree.Thissimplifiesthedefinitionandmanagementofendpointpolicies,lowersadministrativecosts,andincreasestheabilitytoquicklyensuretheprotectionofcompanyresources.

Physical

Virtual

Internal

External

Employees

Contractors

Customers

Users

ServerBIG-IPLocalTraffic

Manager FirePass

BIG-IPLocalTraffic

Manager FirePass

Server

FirePass

DMZ

FirePass

Firewall

FirePass VE is an easy way to add flexible remote access to your current virtual environment.

DATASHEET FirePass SSL VPN

10

User Authentication

UserscanbeauthenticatedagainstaninternalFirePassdatabase,usingpasswords.FirePasscanalsobeeasilyconfiguredtoworkwithRADIUS,ActiveDirectory,RSA2-Factor,LDAPauthenticationmethods,basicandform-basedHTTPauthentication,identitymanagementservers(forexample,Netegrity),andWindowsdomainservers.WithActiveDirectory,userscanchangecurrentorexpiredpasswordsandreceivewarningswhenpasswordsaresettoexpire.SupportfornestedActiveDirectoryconfigurationsenablestheuseofamorecomplex,hierarchicaldirectorystructure.

Two-Factor Authentication

Manyorganizationsuse“two-factor”authentication(suchastokensorSmartCards)thatrequiremorethanjustauserIDandpassword.FirePasssupportstwo-factorauthenticationincludingRSASecurID®NativeACEauthentication.

Challenge Response Test

AdministratorscanimplementCAPTCHA,aneasychallengeresponsetestforhumansthatprotectstheorganizationfromDoSandscript-basedbruteforceattacks.

Client-side and Machine Certificates/PKI Support

FirePassintegratesseamlesslywiththeexistingPKIinfrastructureandenablestheadministratortorestrictorpermitaccessbasedonthedevicebeingusedtoaccessFirePass.FirePasscancheckforthepresenceofaclient-sidedigitalcertificateorWindowsmachinecertificateduringuserlogin.Basedonthepresenceofavalidcertificate,FirePasscansupportaccesstoabroaderrangeofapplications.FirePasscanalsouseclient-sideormachinecertificatesasaformoftwo-factorauthenticationandprohibitallnetworkaccessforuserswithoutavalidcertificate.

Group Management

Accessprivilegescanbegrantedtoindividualsortogroupsofusers(forexample:sales,partners,orIT).ThisenablesFirePasstorestrictindividualsandgroupstoparticularresources.

Group Policy Enforcement

Grouppolicyprovidesanexclusivemechanismtoapplyandenforcepoliciesonclientsystemsnotpartofthenetworkdomain.YoucanusetheVisualPolicyEditortodesigngrouppolicies,intheformoftemplates,thatrestrictuserauthorityandaccesswhileenforcingcompliancewithPCI,HIPAA,andGLBA.(Note:GroupPolicyObjectsareonlyavailableonActiveDirectory.)

The Visual Policy Editor makes it easy to create access policies.

CAPTCHA protects against DoS and script-based brute force attacks.

DATASHEET FirePass SSL VPN

11

Dynamic Group Mapping

FirePassdynamicallymapsuserstoFirePassgroupsusingvariousdynamicgroupmappingmechanismssuchasActiveDirectory,RADIUS,LDAP,clientcertificates,landingURI,andvirtualhostnameaswellaspre-logonsessionvariables.

Single Sign-On (SSO) Support

SSOconfigurationusesauthenticationsessionvariablestoextractSSOinformationfromcertificatesandauthenticationinformationfromusernameandpasswordsettings.AdvancedsessionvariableshelpsystemadministratorsextendandcustomizeFirePass,enablingthemtomanipulateandcreatenewsessionvariablesforcustomdeployments.TheyalsocancollectandcaptureRADIUSattributesplusLDAP,ActiveDirectory,andcertificatefieldvalues.

Session Timeouts and Limits

Administratorscanconfigureinactivityandsessiontimeoutstoprotectagainstahackerattemptingtotakeoverasessionfromauserwhoforgetstologoffatakiosk.

Role-Based Administration

Organizationshavetheflexibilitytoprovidesomeadministrativefunctions(enrollingnewusers,terminatingsessions,re-settingpasswords)tosomeadministrator-users,withoutexposingallfunctionstothem(forexample,shuttingdowntheserverordeletingacertificate).

Logging and Reporting

FirePassdeliversbuilt-inloggingsupportforlogginguser,administrator,session,application,andsystemevents.Additionally,FirePassprovideslogsinsiloformatforintegrationwithanexternalsyslogserver.Theadministrationconsoleoffersawiderangeofauditreportstohelpcomplywithsecurityaudits.Summaryreportsaggregateusagebydayoftheweek,timeofday,accessingOS,featuresused,websitesaccessed,sessionduration,sessionterminationtype,andotherinformationforauser-specifiedtimeinterval.AsingleURLisusedtoretrievesummary/groupreportsineitherHTMLorspreadsheetformat.

Customization

FirePassprovidesadvancedcustomizationfeatures,enablingtheadministratortodesignauniqueGUIorexistingcorporatewebsiteportaltobestreflectcorporateanduserrequirements.

Localized User GUI

FirePassenablesallfieldsontheuserwebpagetobelocalized,includingthenamesofthefeature(forexample,webapplications).Thishelpscompanieslocalizetheuser’sGUI,notjustuserfavorites—increasingbusinessvalueandloweringTCO.

Complete Login and Webtop Customization

WithFirePass,administratorscancompletelycustomizeanentireloginandwebtopwebpagetobestsuittheirexistingcorporatewebsiteportals.AdministratorscanuseWebDAVcapabilitiestouploadcustompages,foranenhanceduserexperience.

DATASHEET FirePass SSL VPN

12

iControl SSL VPN Client API for Secure Application Access

AstheonlySSLVPNproductwithanopenclientAPIandSDK,FirePassenablesautomated,secureaccessfromtheWin32clientOS(XP,Vista,7)byprovidingsecuresystem-to-systemorapplication-to-applicationcommunication.ApplicationscanautomaticallystartandstopnetworkconnectionstransparentlywithoutrequiringuserstologintotheVPN.Thisenablesfaster,easierconnectionsforuserswhilereducingclientapplicationinstallationcosts.

FirePass Product Details

TherangeofFirePassappliancesandVirtualEditionaddresstheconcurrentuseraccessneedsofsmalltolargeenterprises.

FirePass 1200

TheFirePass1200deviceisdesignedforsmalltomediumenterprisesandbranchoffices,andsupportsfrom10to100concurrentusers.

FirePass 4100

TheFirePass4100controllerisdesignedformedium-sizeenterprisesand,fromaprice/performancestandpoint,isrecommendedforupto500concurrentusers.

FirePass 4300

TheFirePass4300applianceisdesignedformediumtolargeenterprisesandserviceprovidersandsupportsupto2000concurrentusers.

FirePass Virtual Edition

FirePassVirtualEditionrunsinaVMwareESX4.0virtualenvironmentandisdesignedformediumtolargeenterprisesandserviceproviderssupportingupto2000concurrentusers.

Clustering

TheFirePass4100and4300appliancesandVirtualEditionhavebuilt-inclusteringsupport.TheycanbecombinedwithF5BIG-IP®GlobalTrafficManager™andBIG-IP®LocalTrafficManager™toprovideindustry-leadingscalability,performance,andavailability.

Failover

FirePassappliancesandVirtualEditioncanalsobeconfiguredforstatefulfailoverbetweenpairsofservers(anactiveserverandastandbyserver)toavoidhavingtore-logontoanotherFirePassdeviceorVirtualEditionintheunlikelyeventofaprimaryunitfailure.

SSL Accelerator Hardware Option

FirePass4100offersauniqueHardwareSSLAccelerationoptiontooffloadtheSSLkeyexchangeaswellastheencryptionanddecryptionofSSLtraffic.Thisenablessignificantperformancegainsinlargeenterpriseenvironmentsforprocessor-intensivecipherssuchas3DESandAES.

DATASHEET FirePass SSL VPN

13

FIPS SSL Accelerator Hardware Option

FirePassisFIPScompliant*tomeetthestrongsecurityneedsofgovernment,finance,healthcare,andothersecurity-consciousorganizations.FirePass4100and4300devicesoffersupportforFIPS140Level-2enabledtamper-proofstorageofSSLkeys,aswellasFIPS-certifiedciphersupportforencryptinganddecryptingSSLtrafficinhardware.FIPSSSLAcceleratorisavailableasafactoryinstalloptiontothebase4100and4300platform.

*FIPS140-2meetsthesecuritycriteriaofCESG(UK’sNationalTechnicalAuthorityForInformationAssurance)foruseinprivatedatatraffic.

14

DATASHEET FirePass SSL VPN

Virtual Specifications

Recommended Conc. Users: Up to 2000*

Clustering Support: Yes – up to 10 virtual appliances

*Note:Actualperformancevariesdependingonhardwareplatform,resourcesavailable,andconfiguration.

CustomerisresponsibleforperformancetestingandscalingofFirePassVirtualEdition.

Host System Requirements

It is highly recommended that the host system contain CPUs based on AMD-V or Intel-VT technology.

Hypervisor:

VMware ESX 4.0 or ESXi 4.0

VMware vSphere Client

VMware virtual hardware version 7

Processor:

1 CPU

(4 CPUs or more are recommended for more than 500 concurrent users.)

Memory:

2 GB RAM

(8 GB or more are recommended for more than 500 concurrent users.)

Network Adapters: 3 network interfaces

Disk Space: 30 GB hard drive of thin provisioning

DATASHEET FirePass SSL VPN

FirePass Virtual Edition

FirePass Specifications

TheFirePassapplianceisavailableinthreemodelsandasaVirtualEditiontoaddresstheconcurrentuseraccessneedsofsmalltolargeenterprises.

F5 BIG-IPLocalTraffic

Manager

F5 BIG-IPLocalTraffic

Manager

F5 BIG-IPLocalTraffic

Manager

F5 BIG-IPLocalTraffic

Manager

Server

DATASHEET FirePass SSL VPN

Physical Specifications 4300 4100 1200

Recommended Conc. Users: 2000 500 100

Max. Conc. Users per Appliance : 2000 2000 100

Interfaces: 4 (10/100/1000) LAN ports 4 (10/100/1000) LAN ports 2 (10/100) LAN ports

Dimensions:3.5” H x 17.5” W x 23.5” D 2U industry standard rack mount chassis

3.5” H x 17.5” W x 23.5” D 2U industry standard rack mount chassis

1.7”H x 16.7” W x 11” D 1U industry standard rack mount chassis

Weight: 43 lbs 40 lbs 10 lbs

Processors: Two Opteron 2.2 GHz - dual core Two Opteron 2.0 GHz - single core Intel Celeron 2.0GHz - single core

Power Supply:Dual 475 W 90/240 +/- 10% VAC auto switching

425 W 90/240 +/- 10% VAC auto switching Optional redundant power supply

Single full-range 250 W

Typical Power Consumption: 275 W 275 W 180 W

Maximum Heat Output: 939 BTU/hr 939 BTU/hr 785 BTU/hr

Device Redundancy:Watchdog timer, failsafe cable (primary and secondary)

Watchdog timer, failsafe cable (primary and secondary)

Watchdog timer, failsafe cable (primary and secondary)

Clustering support: Yes – up to 10 appliances Yes – up to 10 appliances No

FIPS SSL Accelerator Card Option: Yes – factory only Yes – factory only No

Hard Drive Capacity: 160 GB 160 GB 40 GB

RAM: 8 GB standard4 GB standard on 4110, 4120, 4130 – factory upgradable to 8 GB (4140 and 4150 8 GB standard)

512 MB

Temperature (operating): 41° F to 104° F (5° C to 40° C) 41° F to 104° F (5° C to 40° C) 41° F to 104° F (5° C to 40° C)

Non-Operating Ambient Temperature Range:

-40° F to 149° F (-40° C to 65° C) Relative humidity 10% to 95% at 40° C non-condensing

-40° F to 149° F (-40° C to 65° C) Relative humidity 10% to 95% at 40° C non-condensing

-40° F to 149° F (-40° C to 65° C) Relative humidity 5% to 85% at 40° C non-condensing

Humidity (relative): 20% to 90% at 40° C 20% to 90% at 40° C 20% to 90% at 40° C

Safety Agency Approval:

UL 60950 (UL 1950-3), CSA-C22.2 No 60950-00 (Bi-national standard with UL 60950 CB test certification to IEC 950, EN 60950

UL 60950 (UL 1950-3), CSA-C22.2 No 60950-00 (Bi-national standard with UL 60950) CB test certification to IEC 950, EN 60950

UL 60950 (UL 1950-3), CSA-C22.2 No 60950-00 (Bi-national standard with UL 60950) CB test certification to IEC 950, EN 60950

Electromagnetic Emissions Certifications:

EN55022 1998 Class A EN55022 1998 Class A FCC Part 15B Class A VCCI Class A

EN55022 1998 Class A EN55022 1998 Class A FCC Part 15B Class A VCCI Class A

EN55022 1998 Class A EN55022 1998 Class A FCC Part 15B Class A VCCI Class A

4300 and 4100 Series 1200 Series

DATASHEET FirePass SSL VPN

F5 Networks, Inc.Corporate Headquartersinfo@f5.com

F5 Networks, Inc. 401 Elliott Avenue West, Seattle, WA 98119 888-882-4447 www.f5.com

F5 NetworksAsia-Pacificapacinfo@f5.com

F5 Networks Ltd.Europe/Middle-East/Africaemeainfo@f5.com

F5 NetworksJapan K.K.f5j-info@f5.com

© 2010 F5 Networks, Inc. All rights reserved. F5, F5 Networks, the F5 logo, BIG-IP, FirePass, iControl, TMOS, and VIPRION are trademarks or registered trademarks of F5 Networks, Inc. in the U.S. and in certain other countries. CS03-00005 0710

16

More Information

VisittheseresourcesonF5.comtolearnmoreaboutFirePass.

White papers

F5 FirePass Endpoint Security

Get to Know GPO

Podcast

Secure Remote Access for Disaster Recovery

Case study

City of Diamond Bar Deploys FirePass

Deployment guides

F5 FirePass controller with BIG-IP LTM and GTM (FirePass v6.x, LTM, and GTM 9.4.2), Deployment Guide

FirePass and VMware View Deployment Guide