SSL-VPN_Overview

Overview of Dell SonicWALL SRA

The Dell SonicWALL SRA appliance provides organizations with a simple, secure and clientless method of access to applications and network resources specifically for remote and mobile employees. Organizations can use SRA connections without the need to have a pre-configured, large-installation host. Users can easily and securely access email files, intranet sites, applications, and other resources on the corporate Local Area Network (LAN) from any location by accessing a standard Web browser.

This section contains the following subsections:

• SSL for Virtual Private Networking (VPN)

• SRA Virtual Appliance

• SRA Software Components

• SRA Hardware Components

SSL for Virtual Private Networking (VPN)

A Secure Socket Layer-based Virtual Private Network (SSL VPN) allows applications and private network resources to be accessed remotely through a secure connection. Using SSL VPN, mobile workers, business partners, and customers can access files or applications on a company’s intranet or within a private local area network.

Organizations use Virtual Private Networks (VPNs) to establish secure, end-to-end private network connections over a public networking infrastructure, allowing them to reduce their communications expenses and to provide private, secure connections between a user and a site in the organization. By offering Secure Socket Layer (SSL) VPN, without the expense of special feature licensing, the SRA appliance provides customers with cost-effective alternatives to deploying parallel remote-access infrastructures.

SRA Virtual Appliance

The SRA Virtual Appliance is a virtual machine that runs the SRA series software on a VMware platform. All software components, features, and functionality described in this guide are supported by the SRA Virtual Appliance, except High Availability and SSL Offloading.

Deploying the SRA as a virtual appliance allows leveraging of shared computing resources to optimize utilization, easy migration and reduced capital costs. The SRA Virtual Appliance provides the following benefits:

• Cost savings:

– Multiple virtual machines can run on a single server, reducing hardware costs, power consumption, and maintenance costs.

– Microsoft Windows Server is not required, eliminating the cost of the Windows license.

• Operational ease:

– In a virtual environment, it is easy to commission new servers or decommission old ones, or to bring servers up or down.

– Installation is accomplished by importing a file into the virtual environment, with no need to run an installer.

• Security:

– The SRA Virtual Appliance provides the same hardened operating system that comes with the SRA hardware appliances.

The elements of basic VMware structure must be implemented prior to deploying the SRA Virtual Appliance. For detailed information about deploying the SRA Virtual Appliance, see the Dell SonicWALL SRA Virtual Appliance Getting Started Guide, available at:
http://www.sonicwall.com/us/support/3893.html

SRA Software Components

SRA appliances provide clientless identity-based secure remote access to the protected internal network. Using the Virtual Office environment, SRA appliances can provide users with secure remote access to your entire private network, or to individual components such as File Shares, Web servers, FTP servers, remote desktops, or even individual applications hosted on Citrix or Microsoft Terminal Servers.

Although SRA protocols are described as clientless, the typical SRA portal combines Web, Java, and ActiveX components that are downloaded from the SRA portal transparently, allowing users to connect to a remote network without needing to manually install and configure a VPN client application. In addition, SRA enables users to connect from a variety of devices, including Windows, Macintosh, and Linux PCs. ActiveX components are only supported on Windows platforms.

For administrators, the SRA Web-based management interface provides an end-to-end SSL VPN solution. This interface can configure SRA users, access policies, authentication methods, user bookmarks for network resources, and system settings.

For clients, Web-based SRA customizable user portals enable users to access, update, upload, and download files and use remote applications installed on desktop machines or hosted on an application server. The platform also supports secure Web-based FTP access, network neighborhood-like interface for file sharing, Secure Shell versions 1 and 2 (SSHv1) and (SSHv2), Telnet emulation, VNC (Virtual Network Computing) and RDP (Remote Desktop Protocol) support, Citrix Web access, bookmarks for offloaded portals (external Web sites), and Web and HTTPS proxy forwarding.

The SRA network extension client, NetExtender, is available through the SRA Web portal via an ActiveX control on Windows or using Java on MacOS or Linux systems. It is also available through stand-alone applications for Windows, Linux, and MacOS platforms. The NetExtender standalone applications are automatically installed on a client system the first time the user clicks the NetExtender link in the Virtual Office portal. SRA NetExtender enables end users to connect to the remote network without needing to install and configure complex software, providing a secure means to access any type of data on the remote network. NetExtender supports IPv6 client connections from Windows systems running Vista or newer, and from Linux clients.

Note The SSHv2 applet requires SUN JRE 1.6.0_10 or higher and can only connect to a server that supports SSHv2. The RDP Java applet requires SUN JRE 1.6.0_10 or higher. Telnet, SSHv1 and VNC applets support MS JVM in Internet Explorer, and run on other browsers with SUN JRE 1.6.0_10 or higher.

SRA Hardware Components

See the following sections for descriptions of the hardware components on SRA appliances:

• SRA 4600 Front and Back Panels Overview

• SRA 1600 Front and Back Panels Overview

• SRA 4200 Front and Back Panels Overview

• SRA 1200 Front Panel Overview

SRA 4600 Front and Back Panels Overview

Figure 2:1 SRA 4600 Front and Back Panels

Table 1 SRA 4600 Front Panel Features

Front Panel Feature	Description
Console Port	RJ-45 port, provides access to console messages with serial connection (115200 Baud). Provides access to command line interface (for future use).
USB Ports	Provides access to USB interface (for future use).
Reset Button	Provides access to SafeMode.
Power LED	Indicates the SRA 4600 is powered on.
Test LED	Indicates the SRA 4600 is in test mode.
Alarm LED	Indicates a critical error or failure.
X3	Provides access to the X3 interface and to SRA resources.
X2	Provides access to the X2 interface and to SRA resources.
X1	Provides access to the X1 interface and to SRA resources.
X0	Default management port. Provides connectivity between the SRA 4600 and your gateway.

Table 2 SRA 4600 Back Panel Features

Back Panel Feature	Description
Exhaust fan	Provides optimal cooling for the SRA 4600 appliance.
Power plug	Provides power connection using supplied power cord.
Power switch	Powers the SRA 4600 on and off.

SRA 1600 Front and Back Panels Overview

Figure 2:2 SRA 1600 Front and Back Panels

Table 3 SRA 1600 Front Panel Features

Front Panel Feature	Description
Console Port	RJ-45 port, provides access to console messages with serial connection (115200 Baud). Provides access to command line interface (for future use).
USB Ports	Provides access to USB interface (for future use).
Reset Button	Provides access to SafeMode.
Power LED	Indicates the SRA 1600 is powered on.
Test LED	Indicates the SRA 1600 is in test mode.
Alarm LED	Indicates a critical error or failure.
X1	Provides access to the X1 interface and to SRA resources.
X0	Default management port. Provides connectivity between the SRA 1600 and your gateway.

Table 4 SRA 1600 Back Panel Features

Back Panel Feature	Description
Exhaust fan	Provides optimal cooling for the SRA 1600 appliance.
Power plug	Provides power connection using supplied power cord.
Power switch	Powers the SRA 1600 on and off.

SRA 4200 Front and Back Panels Overview

Figure 2:3 SRA 4200 Front and Back Panels

Table 5 SRA 4200 Front Panel Features

Front Panel Feature	Description
Console Port	RJ-45 port, provides access to console messages with serial connection (115200 Baud). Provides access to command line interface (for future use).
USB Ports	Provides access to USB interface (for future use).
Reset Button	Provides access to SafeMode.
Power LED	Indicates the SRA 4200 is powered on.
Test LED	Indicates the SRA 4200 is in test mode.
Alarm LED	Indicates a critical error or failure.
X3	Provides access to the X3 interface and to SRA resources.
X2	Provides access to the X2 interface and to SRA resources.
X1	Provides access to the X1 interface and to SRA resources.
X0	Default management port. Provides connectivity between the SRA 4200 and your gateway.

Table 6 SRA 4200 Back Panel Features

Back Panel Feature	Description
Exhaust fans	Provides optimal cooling for the SRA 4200 appliance.
Power plug	Provides power connection using supplied power cord.
Power switch	Powers the SRA 4200 on and off.

SRA 1200 Front Panel Overview

Figure 2:4 SRA 1200 Front Panel

Table 7 SRA 1200 Front Panel Features

Front Panel Feature	Description
Console Port	RJ-45 port, provides access to console messages with serial connection (115200 Baud). Provides access to command line interface (for future use).
USB Ports	Provides access to USB interface (for future use).
Reset Button	Provides access to SafeMode.
Power LED	Indicates the SRA 1200 is powered on.
Test LED	Indicates the SRA 1200 is in test mode.
Alarm LED	Indicates a critical error or failure.
X1	Provides access to the X1 interface and to SRA resources.
X0	Default management port. Provides connectivity between the SRA 1200 and your gateway.