Presentation Transcript
SSL-VPN 2.1 Firmware Feature Demo: SSL-VPN 2.1 Firmware Feature Demo SSL-VPN Development Team
29 January 2007
SSL-VPN 2.1 Firmware New Features: SSL-VPN 2.1 Firmware New Features NetExtender Enhancements
RDP ActiveX Enhancements
FileShares Java Applet
Active Directory Groups
LDAP Multiple OU Support
RADIUS Enhancements
SSHv2 Applet Enhancements
Variable Bookmark andamp; Policy
ViewPoint andamp; GMS Phase II Support
Reverse Proxy: Windows Sharepoint 2.0
Diagnostics Utilities
NetExtender Enhancements: NetExtender Enhancements 29 January 2007
NetExtender Enhancements: NetExtender Enhancements DTS 42153 - NetExtender Performance improvements
DTS 39985 - NetExtender does not work through a proxy server
DTS 39875 - Wrong subnet masked when using NetExtender (1-141144242)
DTS 41111 - If admin disconnects NetExtender client it still shows as connected in the client
DTS 41789 - NetExtender client IP addresses ranges can be set so ending address is lower than start
DTS 42113 - NetExtender launches after editing bookmark when auto Launch NetExtender after login is enabled
DTS 44596 - Development: NetExtender Windows Vista support
DTS 42702 - Break in network connection can lockout NetExtender user if one IP address range
DTS 41765 - Enhancement: Relation of idle time and timeout between portal, NetExtender, and other services is confusing
DTS 40454 - Enhancement: Popup to inform customer that NetExtender continues to run even if the portal is logged out
DTS 43787 - SSL | NetExtender Stand alone client | Removal of option to save passwords
DTS 44673 - Multiple same Active user sessions, when connect n disconnect NetExtender number of times
DTS 44846 - Enhancement NetExtender: Usernames to not be remembered by default with option to remember them
DTS 43134 - Admin denial of caching of login credentials in NetExtender.
DTS 43204 - Force uninstall of NetExtender after logout
DTS 42136 - Tunnel all feature does not propagate from groups to locally created users
DTS 46596 - Improve wording on disconnect message
DTS 46992 - Start menu items are not removed when server configured for forced uninstall of NetExtender
NetExtender Stand-alone Client Enhancements: NetExtender Stand-alone Client Enhancements
Proxy Support
Support HTTPS proxy
Auto sync with the browser proxy settings when launch from web portal (support IE and Firefox 1.5+)
NT domain logon script
MSI installer (NetExtender.msi)
Vista Support Fixes
Server controls
Remember Username andamp; password
Automatically exit andamp; uninstall after disconnected
Reworded Disconnect Message
Option to enable auto-reconnect feature
NetExtender Stand-alone Client Enhancements: NetExtender Stand-alone Client Enhancements Client Username/Password Caching options
NetExtender Stand-alone Client Enhancements: NetExtender Stand-alone Client Enhancements NT logon script support
NetExtender Stand-alone Client Enhancements: NetExtender Stand-alone Client Enhancements Proxy Settings
NetExtender Stand-alone Client Enhancements: NetExtender Stand-alone Client Enhancements Nx Client Settings
NetExtender Stand-alone Client Enhancements: NetExtender Stand-alone Client Enhancements Reworded Disconnect Message
Auto-reconnect Option
NetExtender Server-side Enhancements: NetExtender Server-side Enhancements
Performance andamp; stability improvements
pppd_small reduces memory overhead
Nx policy fixes and rearchitecture
Global/Group/User Level NetExtender Client Controls
Exit Client After Disconnect
Uninstall Client After Exit
Create Client Connection Profile
User Name andamp; Password Caching
Tunnel-All Mode
NetExtender idle timeout/Portal Session synchronization
NetExtender Server-side Enhancements: NetExtender Server-side Enhancements Global/Group/User Level NetExtender Client Controls
NetExtender Server-side Enhancements: NetExtender Server-side Enhancements Global/Group/User Level NetExtender Client Controls
NetExtender Server-side Enhancements: NetExtender Server-side Enhancements NetExtender idle timeout/Portal Session synchronization
RDP ActiveX Enhancements: RDP ActiveX Enhancements 29 January 2007
RDP ActiveX Enhancements: RDP ActiveX Enhancements RDP6 support
Encrypt sensitive parameters
Proxy support
Support HTTPS proxy
Automatically use IE proxy settings
File Shares Java Applet: File Shares Java Applet 29 January 2007
File Shares Java Applet : File Shares Java Applet Designed to look andamp; feel like MS Windows for maximum usability and an enhanced user experience
Navigate remote networks, workgroups, and machines
Copy or move files and folders securely by dragging and dropping between your computer and the remote network
Delete / rename files and folders and create new folders all with the new ultra-friendly UI
View properties of any accessible file or folder
Launch remote files automatically on your local machine
Bookmark any file or folder for easy access directly from the Virtual Office user portal
Cached history speeds remote browsing and enhances navigation
File Shares Java Applet - Setup and Accessing: File Shares Java Applet - Setup and Accessing Change Portal layout to use applet as default: Create bookmark to use applet: Switch to applet from HTML version: Sets File Shares to launch Java applet instead of HTML Bookmark access to applet Switch from browsing in HTML mode to applet on the fly
Great New Look: Great New Look
Slide21: Type any path into the remote window to access that resource Right clicking will bring up location sensitive menus Actively dimming toolbars help with the most common tasks Easily access file shares via HTML List the contents of any accessible remote share on the network
Active Directory Groups: Active Directory Groups 29 January 2007
Active Directory Groups: Active Directory Groups
Allows granular access control based on pre-existing AD groups
Configuration options:
One or more AD groups, one SSL-VPN group
Useful for restricting which users are able to log in
Multiple AD groups, multiple SSL-VPN groups
Allow access to different resources based on group membership (e.g. engineering has access to different resources than sales)
Active Directory Groups: Active Directory Groups
LDAP - Multiple Organizational Units: LDAP - Multiple Organizational Units 29 January 2007
LDAP - Multiple OUs: LDAP - Multiple OUs
Multiple organizational units can now be assigned to a single SSL-VPN domain/group
Sub-OUs are automatically included as well
LDAP - Multiple OUs - Examples: LDAP - Multiple OUs - Examples
SSL-VPN: RADIUS Enhancements: SSL-VPN: RADIUS Enhancements 29 January 2007
SSL-VPN : RADIUS Group Support via RADIUS Filter-ID attribute: SSL-VPN : RADIUS Group Support via RADIUS Filter-ID attribute
The RADIUS Groups feature works like a filter. If an SSLVPN group has one or more RADIUS groups associated with it, only users from those RADIUS groups will be able to log in as members of that SSL-VPN group. SSL-VPN groups that don’t have any RADIUS groups selected will accept any users from the RADIUS Domain
UI Changes: UI Changes
Slide31: Note: RADIUS groups name under SSL-VPN group should map to the name of the Filter-ID attribute.
Ex: if Filter-ID attribute name is 'RDP5 users', you must create a RADIUS group under SSL-VPN group with the name 'RDP5 Users'
RADIUS - CHAP, MSCHAP, MSCHAPv2 Authentication: RADIUS - CHAP, MSCHAP, MSCHAPv2 Authentication Allows the user to get authenticated with RADIUS server using CHAP, MSCHAP or MSCHAPv2 protocols.
These protocols uses a challenge-response mechanism to authenticate connections without sending any passwords.
SSHv2 Applet Enhancements: SSHv2 Applet Enhancements 29 January 2007
SSHv2 Applet Enhancements: SSHv2 Applet Enhancements The SSHv2 applet was introduced in the 2.0 release.
Since then a number of small ease-of-use features have been added.
A status bar has been added to the bottom of the applet so that it can report whether the connection is dead or alive.
Slide35: There is a checkbox to automatically accept the server host key so that it is less tedious each time you connect to a trusted server.
Lastly, there is a checkbox to bypass the username. This is useful for SSH to devices such as a SonicWALL firewall where username/password is handled in the console after connection.
Variable Bookmark and Policies: Variable Bookmark and Policies 27 January 2007
Variable Bookmark & Policy: Variable Bookmark andamp; Policy Admin users may create one bookmark: //server/%USERNAME%/ and ‘%USERNAME%’ is replaced with the current user’s name. Allows for admin to create one bookmark to apply to all users for the appliance.
Bookmarks valid only in HTTP, HTTPS, CIFS and File Share Java Applet.
Policy created in the same way and only valid for Server Path policies which apply to CIFS and File Share Java Applet.
Bookmark example: Bookmark example Global/Group bookmark created: ‘sslvpnuser’ bookmark:
Policy example: Policy example Policy applies only to File Shares
Example below allows users only access to their home directory
ViewPoint / GMS (Phase II): ViewPoint / GMS (Phase II) 29 January 2007
ViewPoint Licensing: ViewPoint Licensing Accessing the ViewPoint feature requires entry of a manual license key.
The upcoming release of ViewPoint v4.1 will support SSL-VPN appliances. The external beta program for v4.1 is tentatively scheduled to start in the second half of Q1 2007.
Note: ViewPoint is SonicWALL reporting software
ViewPoint Licensing: ViewPoint Licensing
ViewPoint / GMS (Phase II): ViewPoint / GMS (Phase II) Users may add, edit, and delete ViewPoint servers under Log andgt; ViewPoint in the UI
Enabling the ViewPoint checkbox allows for reporting data and statistics to be sent to the configured ViewPoint/GMS servers
ViewPoint servers may be configured as either hostnames or IPs
ViewPoint Configuration UI: ViewPoint Configuration UI Configured ViewPoint Servers Edit Server Delete Server
Reverse Proxy Enhancement: Windows Sharepoint Services 2.0: Reverse Proxy Enhancement: Windows Sharepoint Services 2.0 29 January 2007
Reverse Proxy Improvements: Reverse Proxy Improvements
Windows Sharepoint Services 2.0 (common features)
Announcements, Discussion boards, Libraries, Lists, Survey, Web pages and parts.
Site Administration, Customization.
Outlook utilities – Calendars, Contacts, Events, Notes, Tasks.
Top level Administration
Users and Permissions
Management and Statistics
Site Collection Galleries
Site Collection Administration
Help
Caveat: There is limited support for Sharepoint-compatible application integration. Integrates with Microsoft Outlook, though.
Slide47:
Sharepoint Services 2.0 snapshots
Diagnostic Tools: Diagnostic Tools 29 January 2007
Diagnostic Tools: Diagnostic Tools
Diagnostic tools (System andgt; Diagnostics)
DNS lookup
Traceroute