SSL VPN - Simple & Secure Clientless Remote Network Access

Easy-to-use and manage remote worker access to corporate applications and information

Download PDF

Your army of road warriors and remote workers require a quick, flexible, reliable and completely secure way to connect to your internal enterprise applications, information and network resources. In addition, they want to do this from anywhere in the world, at any time and from any suitable device. The Barracuda CloudGen Firewall F-Series SSL VPN provides the security and connectivity to deliver this access, via a web browser, without the need for a full VPN client or pre-installed software.

Secure remote access to your applications

Remote Workers can easily use a wide variety of internal corporate applications, in a web browser, via the Java Applets and other extensions. Alternatively a generic port forwarder may be used for applications like ERP clients. Access to intranet sites via SSL VPN is easy, as HTTP or HTTPS applications do not require Java applets, but are delivered via URLrewriting from the SSL VPN gateway. Security is ensured as all network communication is tunneled through the encrypted and authenticated SSL-tunnel to the SSL VPN gateway on the Barracuda CloudGen Firewall.

Rock-solid authentication

Secure authentication to protect your organization’s information is critical. Barracuda’s integrated SSL VPN supports a wide variety of authentication schemes via Barracuda CloudGen Firewall's tight integration with external authentication services. These include Microsoft® Active Directory, LDAP, Radius, MSNT, RSAACE, SMS Passcode and RSA tokens. These different authentication types can also be combined to implement rocksolid 2-factor authentication. For even tighter security, it is possible to enforce the use of strong or specific ciphers.

Full network access via transparent VPN client

When complete remote network access is required, the Barracuda’s F-Series Firewall has a Transparent VPN Client that provides network access (Layer 3) to internal company network infrastructures, while being transparent for the end-user. The client is fully integrated into the SSL VPN Portal and can be executed by starting the “My Network” JAVA applet.

As a fully integrated Barracuda CloudGen Firewall service, SSL VPN provides tight security, easy scalability and high availability.

    Highlights Include:

  • Single Sign-On for Outlook Web Access
  • Exchange 2010 OWA Support
  • Ability to prevent browser auto-complete for log-in
  • One Time Password (OTP) Support
  • Fully customizable (e.g. corporate logo and welcome message)
  • Remote Firewall Rule activation
  • Force cleanup of browsing history and cookies on logging out
  • Ability to use strong or specific ciphers
  • Optional integration with the Network Access Control (NAC) framework to enforce client health checks.

Technical Features

Architecture
  • Integrated transparent SSL VPN client
  • Optional integrated health agent
  • Optional managed personal firewall
  • Optional full NAC policy support
Display
  • Minimum resolution 1024x768 pixels
Supported Applications (via SSL VPN Portal)
  • Intranet Webservers (HTTP, HTTPS) with support for standard HTML websites
  • Outlook Web Access
  • Remote access via RDP protocol (MSTSC)
  • Remote access via VNC protocol
  • SSH and Telnet access
  • File Access via WebDAV / Sharepoint / CIFS
  • Microsoft CRM via Application Tunnelling / HTTP
  • Generic port forwarding for Citrix XenApp / Citrix Presentation Server, SMTP, POP3, IMAP and other services
Authentication Support
  • Microsoft Active Directory 1
  • LDAP 1
  • Radius 1
  • MSNT 1
  • RSA ACE 1
  • SMS Passcode® 1
  • RSA SecureID Tokens 1
  • Local Scheme
Java & Browser Support
  • Requires Java (JRE 1.6.1 or higher) on client
  • Firefox 2.x and higher
  • Internet Explorer 6.x and higher
  • Other browsers with generic Java Platform compatibility
VPN Properties (Transparent Client)
  • Raw ESP
  • Hybid UDP and TCP encapsulation (TINA protocol)
  • DHCP-based parameter assignment 2
  • Cryptography
  • AES 128/AES256
  • 3DES and DES
  • Authentication only (null encryption)
  • SHA-1 and MD5 hashing

1. Queried by Barracuda CloudGen Firewall VPN server on behalf of client
2. Involves routes, WINS & DNS addresses, IP address and network mask, domain & firewall rule set
* Technical specifications subject to change without notice.