The Simple, Secure SSL VPN Gateway Appliance
The SGA-T is a compact, pre-configured gateway that provides the
broad “network connect” functionality of IPSec-based VPN
clients, but with the cost, security and simplified management
advantages brought by SSL VPNs.
Designed for ease of use, SGA-T incorporates the additional
benefits of an internal firewall that dynamically monitors
access to requested applications, seamless installation
requiring no end-user configuration, and NAT (network address
translation) compatibility. In addition, AEP Networks offers a
suite of optional Client Integrity features to ensure that
remote PCs comply with network security policies before they are
granted network access.
Secure Network-layer Connectivity:
|
Netilla Security Platform at a Glance: |
|
“Network Extension” connection for ANY TCP or UDP Application |
|
Granular Access Control to user resources |
|
Seamless "On-Demand" browser-based client install - No user or
admin intervention |
|
Secures your network with a virtual Secure Desktop, host
integrity, adaptive policies and cache cleaning tools, as well
as client-side certificate support with revocation |
|
Leverages AEP Networks’ advanced V-Realms™ multi-layered
authentication architecture |
|
Drive Mapping for accessing server-based resources |
|
Built on ICSA Labs-certified security |
SGA Features and Benefits Secure SSL Tunnel
Connectivity
With the AEP Netilla Secure Gateway Appliance Tunnel (SGA-T),
remote access takes a secure step forward with a far simpler,
safer, and less costly access approach than traditional
alternatives. By combining everything you need for secure
application access into a single network appliance, the SGA
dramatically reduces the cost and complexity once required for a
secure remote access implementation, while adding crucial
security elements such as cache cleaning, session timeouts, a
secure desktop environment and digital certificates.
Powered by AEP Networks’ ICSA Labs-certified SSL VPN
technology, the SGA has been expressly designed to provide
clientless, secure remote access to specific application
environments. The SGA combines the assorted software and
hardware elements typically required to secure crucial business
resources into a single, easy to manage and deploy device. In
this way, the SGA dramatically reduces the cost and complexity
once required for a secure remote access implementation.
SGA Features:
- Appliance-based solution installs in minutes
- Browser-based access eliminates client-side
configuration and support
- Integrated firewall and intrusion protection tools
- Investment Protection: Simple migration path to other
AEP Networks’ SSL VPN systems products
SGA Management Features:
- Leverage existing authentication and policies from
external
- Granular access control and policy enforcement
- Powerful virtualization capabilities and user
segmentation with the V-Realm™ authentication framework
- Web-based administration GUI with delegated
administration rights
- Strong authentication for administrator login
- Management reporting via web-based GUI or Syslog tools
- No PC client Admin rights required
SGA Security Features:
- SSL VPN technology secures access at the application layer
- Stateful Packet Inspection Firewall (SPI) protects SGA and
network resources
- Secure Desktop, Host Integrity Verification and Adaptive
Policies (by V-Realm)
- Broad authentication leverages all leading protocols (Windows®
SMB/Active Directory, LDAP, RADIUS®, RSA SecurID®, Kerberos,
VASCO®, Aladdin®, ActivCard®)
- PKI with client-side certificates and revocation lists
- Session Timeout control (by V-Realm)
|
Security |
Application Access |
Hardware |
AEP Netilla V-Realm Architecture:
- Up to 1000 “virtual” realms policy containers
per appliance
- Granular authentication and policy groupings
(e.g., by department)
- Supports up to ten authentication, client
integrity and policy stages per grouping
- Supports Microsoft® Windows Global groups and
Active Directory, LDAP groups, and local groups
Authentication:
- Microsoft Windows® NT/2000/2003, SMB/Active
Directory
- RADIUS®
- LDAP (Open LDAP, Novell eDirectory®, IPlanet)
- Kerberos
- Client-side certifi cates with revocation
- Vasco® Digipass
- ActivCard®
- RSA SecurID®
Encryption:
- 128-bit SSL 3.0 encryption
- Encryption of all authentication and session
data
Integrated Network-Layer Firewall:
- Stateful-inspection technology
- Dynamic TCP port blocking
- Works on both Ethernet interfaces
Additional:
- Integrated Symantec OnDemand™ Agent (SODA) for
Client Integrity
- Configurable session timeout and periodic
re-authentication control
- Session disconnect on demand
- Single login enforcement
|
IPSec Replacement for Secure Remote Access:
- Supports any Windows Client/Server application
using either TCP or UDP connections (e.g., Microsoft
Exchange,
- Microsoft Great Plains, GoldMine, FTP, VoIP
etc.)
- Secures VoIP traffi c while improving
performance over impaired or degraded connections
- Virtual adapter applet auto-install and launch
- Browser Support: Microsoft Internet Explorer 6
or higher
Management and Reporting:
- Web-based Administration GUI
- Connection management and display tool
- SNMP and Syslog
- Minimal Admin rights required
- Firewall event monitoring
- Performance and system assurance monitoring
|
Network Requirements:
- Dedicated Internet access with static IP address
- Available 10/100/1000 BASE-T Ethernet connection
Physical Specifications:
Dimensions:
- 9.5 in x 5.8 in x 1.3 in (242 mm x 148.5 mm x 34
mm)
Power Requirements:
- AC Voltage: 100-240 V, 50-60Hz
- Power Consumption: 27 watts max
Port Specifications:
- Two RJ-45 10/100 Ethernet
- One serial console port
Operating Environment:
Operating Temperature:
Non-Operating Temperature:
- -20 ~ 80°C (-4° ~ 176° F)
Operating Humidity:
|
|
The AEP Netilla Secure Gateway Appliance Tunnel (SGA-T)
