Castleforce IT Security Team
Stonesoft Securing Internet Flow

Stonegate SSL VPN

StoneGate SSL VPN offers secure remote access. It is a VPN solution that can be used with a standard Web browser. Contrary to the traditional IPSec (Internet Protocol Security) VPN, SSL VPN does not require the installation of specialized client software on the end user device.

SSL VPN is ideally suited for organizations with several mobile users connecting from varied locations, when trust can be an issue but easy access is equally important.

StoneGate SSL VPN provides employees with enormous flexibility to access the network securely from any location and from any Web-enabled devises such as laptop, PDA or mobile phone. The applications can include e-mail, intranet, extranet, client/server applications, VoIP, terminal services, and much more.

Enquire about this product

X Virus X Spyware X Spam X Web/IM 5 IPS/Patch Mgmt 5 Data/System Mgmt

Stonesoft Stonegate SSL VPN enables you to connect to your desktop computer remotely with any mobile device

Variety of Devices

Access with a mobile phone, PDA or laptop - your choice

Remote access with StoneGate SSL VPN is available with any device or handset that has an inbuilt Web browser.

Applications are available to end users through a user-friendly Web portal. Via StoneGate SSL portal users can access not only Web applications but also client-server applications, terminal-server applications and file server applications.

  • Web access: StoneGate SSL VPN provides remote access to web applications through a web proxy. StoneGate SSL proxy mechanism is based on an advanced link translation engine to ensure comprehensive security and effortless support for all applications. 
  • Port Access: provides access to non-web applications that run on specific IP ports. Port based access is handled through an on-demand SSL VPN client based on java or AxtiveX technology. StoneGAte SSL VPN client is transparently installed on the user's device and removed when the session ends.
  • Network access: Provides access to specific IP ports, servers, or networks.

Single Sign-On

During a session, users typically interact with multiple back-end application and data resources.

Technologies like single Sign-On and next generation identity federation simplify the user experience. Disparate application and data resources can appear to the user as one homogenous group.

  • Single Sign-On – Access to resources without the need to re-authenticate improves the user experience. Once you have signed in to the Stonegate SSL VPN Authentication Service, it takes care of the rest.
  • Identity Federation – A single digital identity can now be used to access multiple departments or even businesses without the need for extra and costly user enrollment. This is ideal for sharing identities in business-to-business partnerships, or when companies or departments are merged.

End-Point Integrity

Connect safely with a secured device

The personal firewall functionality, together with device inspection for end point integrity, prevents your device from being used as a stepping-stone to the corporate network.

StoneGate SSL VPN inspects the end user device (e.g., laptop or PDA) before it connects to the corporate network.

The system also performs real-time scans for continuous integrity checking.  This ensures that all mobile devices connecting your networks are compliant with your corporate security policy.

Requirements may include the inspection of:

  • Firewall and anti-virus software
  • Operating systems and patches
  • Spyware checking
  • Device type
  • Network configuration

Only approved applications can connect to the VPN tunnel.

Partial-pass results in forwarding to update site, reduced access (based on policy) or denial of access.  

User Interface

With StoneGate SSL VPN, applications are made available through a user friendly, intuitive web portal interface so that each application is displayed as a graphical icon placed on a portal's front page.

Each user can see only the applications that are available to him.

Stonegate SSL VPN Resources

The outlook of the portal adopts flexibly according to the used device, so the portal is equally easy to use with any device, mobile phone, PDA or laptop. The administrator can also easily adjust the overall look and feel of the portal according to the company brand.

Moreover, the outlook can also vary according to the target group. You can provide different portals to your end customers, partners and employees with a single solution.

Authentication

Authentication according to your needs.  All organisations must have bullet-proof authentication in place to ensure sensitive data is not breached.

With StoneGate SSL VPN you can select your authentication method from 15 different alternatives from Mobile ID to plain password. The most suitable method can be chosen for each resource separately.

StoneGate SSL VPN

  • Provides innovative authentication methods integrated in a product.
  • Integrates easily with external directory services (e.g., Microsoft Active Directory)
  • Offers single sign-on for transparent authentication to multiple systems
  • Provides standard support for identity federation (SAML 2.0, ADFS)


Authentication in practice

Authentication in StoneGate SSL VPN is a seemingly easy process for the user, the single point of contact is a Web browser that then accesses all resources.

The Authentication Service offers five integrated authentication methods relying on the RADIUS protocol:

  • StoneGate Mobile Text
  • StoneGate Web
  • StoneGate Challenge
  • StoneGate Password
  • StoneGate Synchronized

Also support for other RADIUS authentication methods such as SafeWord and SecurID is included.

Proxy Access

With StoneGate SSL VPN applications are made available to end users through a user friendly web portal.

With regard to security, this means nobody has direct network access but all traffic if routed via StoneGate SSL VPN Web Proxy and only web proxy accesses the back end applications and then delivers the information to the end user.

The  proxy mechanism is based on an advanced link translation engine and to ensure comprehensive security and effortless support for all applications.

Via StoneGate SSL proxy, users can access not only web applications but also client-server applications, terminal-server applications and file server applications.

Trace Removal

Connect in safety - all traces are removed
With StoneGate SSL VPN all traces of access will be automatically removed.

Browsers are renowned for creating a snail trail of information during an access session, including:

  • Cookies
  • URL history
  • Cached Pages
  • Registry Entries
  • Downloadable Components
  • Downloadable Files
  • StoneGate SSL VPN removes all these objects.

Integration

With StoneGate SSL VPN solution you can simply add the accessible applications and define how they are presented in the Application Portal.
Then you just need to define who is able to access each application and under which circumstances.


Easy configuration with a wizard

StoneGate SSL VPN  utilizes the Wizard functionality to make application integration extremely easy.

For web applications and other commonly used applications you can use a wizard to create the resources with a minimum of manual configuration. All the different settings can be set easily and taken automatically into use after the wizard is completed.


Easy integration into existing user groups

If you have an Active Directory or LDAP server already set up, you can take advantage of existing records.

Management

The StoneGate SSL VPN Management interface enables you to ensure comprehensive security of your networks, administrate and maintain remote access system and report network incidents - easily. 

Via StoneGate SSL VPN Management interface you can

  • Monitor the system
  • Manage the system
  • Manage the accounts and storages
  • Manage resource access

Comprehensive security

StoneGate SSL VPN guarantees a comprehensive view to the security of your remote access solution by providing integrated access and identity control.

By integrating all aspects of identity and access management into a single, cohesive and  integrated policy, you can be fully aware of the state of your network's remote security and access control. This brings you comprehensive security with easy auditing.

Auditing

In order to meet strict industry, government, and corporate compliance regulations it is imperative that you know who did what, when and where.

StoneGate SSL VPN includes a number of features to help organizations meet compliance regulations, including:

Consolidated audit – StoneGate SSL VPN  collects all information about any identity or access activity (user or system-based) in a central repository for easy access. This results in quick and in-depth insight into the activities across the organization. StoneGate SSL VPN provides compliance with Sarbanes-Oxley, Gramm-Leach-Bliley, HIPAA, Basel II, and 21 CFR Part 11, among others.

  • Comprehensive audit – In-depth audit of device assessments, authentication, and access collected permanently in a secure, central location. Helps the administrator to find out exactly who did what, when, where, and how.
  • Graphical reports – All information in audit logs can be presented in several different graphical formats (pie charts, line charts, 3D charts, bar charts, etc.), in real time as well as over a historical period of time.
  • Exportable Reports – For further data mining and asset management StoneGate SSL VPN  exports audit data to Excel or Crystal Reports.

Stonesoft Evaluation

Your 30-day free trial includes

  • A fully functional StoneGate product (only software)
  • Access to product downloads    
  • Free technical support
  • No financial obligations 

OR we can supply an evaluation SSL-VPN appliance as shown below for 14 days with a qualified engineer to help with the setup for free

Stonegate SSL VPN Demo

Stonegate SSL VPN Range

Stonegate SSL-6000

SSL-6000

  • Up to 5000 concurrent Users
  • 4 x standard interfaces 10/100/1000 copper
  • 2 x Interfaces 1000Base-SX fiber
  • 4 x USB ports, 1 x serial port

Stonegate SSL-2000

SSL-2000

  • Up to 500 concurrent Users
  • 4 x standard interfaces 10/100/1000 copper
  • 2 x Interfaces 1000Base-SX fiber
  • 2 x USB ports, 1 x serial port, 1 x VGA

Stonegate SSL-400

SSL-400

  • Up to 25 concurrent Users
  • 4 x standard interfaces 10/100 copper
  • 2 x USB ports, 1 x serial port

User interface

With StoneGate SSL VPN, applications are made available through a user friendly, intuitive web portal interface so that each application is displayed as a graphical icon placed on a portal's front page.

Each user can see only the applications that are available to him.

Secure ActiveSync

The ActiveSync functionality for Microsoft Office provides an easy, yet secure way to keep e-mails and calendars up-to-date.

With the new device lock mechanism for ActiveSync, StoneGate SSL VPN 1.1 provides increased security also in case the device gets lost or stolen, ensuring that company confidential information cannot be exploited.

Access Control


With StoneGate SSL VPN, you are not limited to application access, file shares and client-server applications can be accessed as well.


StoneGate SSL VPN provides granular and flexible access control. Access to certain applications can be granted or denied according to the following parameters. Parameters can be used in combination.  Access can also be granted for each application separately.

  • Authentication Method
  • User Group Membership
  • IP Address of Incoming Client
  • Client Devices
  • User Storage
  • Assessment
  • Abolishment
  • Access Point
  • Identity Provider

Secure Encryption

StoneGate SSL VPN provides encryption methods up to the latest SSL VPN encryption standards.

  • TLS v 1.0
  • SSL v 2.0
  • SSL v 3.0
  • AES-128
  • AES-256
  • DES
  • 3DES
  • RC2-128  
  • RC4-128

With StoneGate SSL VPN you can be sure you are using the best possible encryption.


Lower total cost of ownership (TCO)

The basic features in StoneGate SSL VPN Management interface include:

  • Web-based administration interface
  • Task-oriented approach
  • Wizards for common tasks
  • Interface adapted to features included in the license
  • Context-sensitive online user assistance

High Availability

With the new StoneGate SSL VPN 1.1, the operation of an access point can be fully secured. StoneGate SSL VPN enables fault-tolerant sessions by allowing two appliances to form a mirrored access-point pair.

By combining StoneGate SSL VPN solution with StoneGate Firewall, including its inbuilt load balancing functionality, you can provide truly available access.

In the unlikely event of access point failure, the end user session can be automatically directed to a functioning access point without any delays or disturbance in end user session.  

Stonegate SSL VPN from anywhere, at any time, on any device

Back-up configuration is implemented in active-active mode, so that under normal conditions, both appliances act as ordinary SSL VPN access points, sharing the access load and providing additional capacity for the SSL portal. This way every appliance investment can be fully utilized even in backed-up networks.

A secondary access point can also be placed in a different geographical location, thus providing an efficient tool to meet disaster recovery requirements.

Trend Micro Websense integrated Web, data and email security Assuria is a UK based IT Security software developer, providing automated compliance and information assurance solutions Stonesoft produce high availability multi link ISP firewalls to help reduce single point of failure Breach Security Celestix produce high performance appliances coupled with hardened Microsoft security products Barracuda Logo Acronis Backup and Recovery Software Tricerion Identity Integrity Check Point firewalls and Pointsec Encryption software Mimecast Partner SkyRecon Intelligent Client Security Integrated Encryption and Device Control eSoft Network + Application layer firewalls with optional Web filtering, Spam Protection and IPS

© Copyright Castleforce 2007-2009. Web design by Theme Group