Page is loading ...
Integrated SSL-VPN
Appliance
zywall
ssl 10
Professional Integrated SSL-VPN Appliance
for Small and Medium-sized businesses
ł
Clientless Secure Remote Access
ł
Seamless Integration behind the
Existing Firewall Infrastructure
ł
UTM Security Integration Deployed
Alongside ZyWALL UTM
ł
Supporting AD/LDAP/RADIUS and
Two-factor Authentication
ł
ZyWALL SSL-VPN SecuExtender
Technology
ł
Unified Policy Management with
Object-Based Configuration
ł
Endpoint Security Support
ł
Dual-Mode (NAT-/DMZ-Mode)
Installation with Setup Wizard
Benefits
Clientless Secure Remote Access
The ZyWALL SSL 10 is an integrated SSL-VPN appliance designed for small and medium-sized organizations
with simple, secure and clientless remote access to the resources on corporate networks.
Remote access has never been so easy since no client software is required on users’ laptops. They are
enabled to access corporate applications or shared files with just standard Web browsers, no pre-installed
or pre-configured VPN software is needed. Better yet, administrators can reduce the costly support tasks
involved in deploying, configuring and updating VPN software.
Highly Integrated Capabilities on Existing Network Infrastructure
The ZyWALL SSL 10 fits seamlessly into any network topology and can be easily deployed alongside almost
any third-party firewall as a secure remote access solution. This enables you to leverage the existing
network infrastructure without the need to purchase additional hardware. When deployed alongside a
ZyWALL UTM running Anti-Virus and IDP Service, the ZyWALL SSL 10 utilizes the powerful UTM technology
to scan traffics for malicious threats such as viruses, worms, Trojans and spyware.
Comprehensive End-User Authentication Mechanism
The ZyWALL SSL 10 supports not only the internal database, but also various backend user repositories
such as Microsoft Active Directory, LDAP and RADIUS to seamlessly integrate with the existing user
database. ZyWALL SSL 10 supports the Two-factor Authentication method that requires two independent
pieces of information to recognize identity and grant privileges. Two-factor Authentication is stronger and
more rigorous than the traditional password authentication that requires only one factor (the user
password), and it is especially useful for protecting against threats from keylogger programs.
ZyWALL-SSLVPN SecuExtender Technology
ZyWALL SSL 10 provides powerful capability to seamlessly access any corporate network resource by
transparently pushing a downloadable thin client (ZyWALL-SSLVPN SecuExtender) to users’ desktops or
laptops. Administrators can allow specific user groups (such as employees) to create IPSec-like network
tunnels for accessing any resource, while other user groups (such as customers, vendors or partners) may
access restricted applications and resources listed only on the user portal.
Clientless Secure Remote Access
Highly Integrated Capabilities on Existing Network Infrastructure
Unified Policy Management with Object-Based Configuration
The ZyWALL SSL 10 provides the ability for administrators to define objects such as user groups, network address ranges or applications. When security policies
are changed, administrators can modify the pre-defined objects and propagate the changes instantly without redefining rules, enabling businesses to
implement and manage security policies easily and consistently.
For example, administrators can create one policy for the Sales group to access general applications, and create another for R&D to access confidential design
documents in addition to the general elements.
Endpoint Security Support
Remote access enables more users to take advantage of the network from potentially risky end points and devices, including wireless hotspots and unmanaged
PDAs; however the risk could render access management through user identity simply insufficient. To effectively control network access, ensure secure
communications and reinforce data protection, more attention need to be paid to the security level of user environments.
The ZyWALL SSL 10 provides endpoint security features to enhance protection by detecting the presence of required processes (e.g. virus scan, personal
firewalls, OS patch levels, registry settings, etc.) on the client PC as well as the browser cache cleaner.
Dual-Mode (NAT-/DMZ-Mode) Installation with Setup Wizard
With the ability to shorten the initial setup procedure to less than 10 minutes, the two-scenario Setup Wizard helps administrators to easily configure the device
and reduce the administration cost. The ZyWALL SSL 10 can be easily deployed at the network gateway as a one-box Firewall/SSL-VPN device, or alongside any
third-party firewall as a secure remote access solution.
ł
Using standard browser to access Internal network applications
ł
Using standard browser to access Internal file-sharing folder
ZyWALL UTM or
Third-party firewall
E
mp
l
o
y
ee o
n
H
ome
C
om
p
ute
r
Web-based
Application
Application Server
(Inventory, Store...)
OA, ERP System
CRM System
E
mp
l
o
y
ee Laptop
i
n Airport Kios
k
or
i
n H
ot
e
l
A
utho
rize
d
P
a
r
t
ner
A
utho
rize
d
Custo
mer
Firewall LAN Zone
Network ExtendRemote DesktopFile Share
Email Server BI System
ZyWALL UTM provides
Anti-Virus/IDP inspection
on SSL-VPN traffic
Internet
Encrypted Decrypted
DMZ
LAN
WAN
Comprehensive End-User Authentication Mechanism
ZyWALL-SSLVPN SecuExtender Technology
Unified Policy Management with Object-Based Configuration
ł
Restricted Access: Extranet Application for Partners, customers
ł
Full Access: Intranet Application for Employees
P
ol
i
cy 1 (Sales
)
L
ocal Database
U
ser Group
1
Act
i
ve D
i
rector
y
RADI
US
L
D
A
P
User Group
2
E
x
t
ern
al
D
atabas
e
ZyWALL SSL VPN
Z
yXEL Two-Factor Authentication
S
erver
f
or ZyWALL OT
P
Internet
(1) One-factor (Username/Password)
(2) ZyWALL OTP (One-Time Password)
Object Database
Pol
i
cy 2 (R&D
)
User 3 Application 1 IP Pool 3 Network 1
User 1 Application 1 IP Pool 1 Network 1
User 2 Application 2 IP Pool 2 Network 2
User 3 Application 3 IP Pool 3 Network 3
User 4 Application 4 IP Pool 4 Network 4
User 4 Application 3
User 1 Application 1 IP Pool 1 Network 1
User 2
Network 3
Endpoint Security Support
Dual-Mode (NAT-/DMZ-Mode) Installation with Setup Wizard
Internet
Remote Users
ZyWALL SSL VPN
DMZ Mode:
D
ep
l
oye
d
b
e
h
in
d
Firewa
ll
(
at DMZ
p
ort of Firewall
)
NAT Mode:
D
eplo
y
ed at networ
k
g
atewa
y
as one-
b
ox
s
olution
f
or NAT Router and
SS
L-VPN Gateway
Application Diagram
For more product information, visit us on the web www.ZyXEL.com
65-100-002501G 02/07
Copyright © 2007 ZyXEL Communications Corp. All rights reserved. ZyXEL, ZyXEL logo are registered trademarks of ZyXEL Communications Corp. All other brands,
product names, or trademarks mentioned are the property of their respective owners. All specifications are subject to change without notice.
Main Offic
e
R
emote O
ff
ice
Employee on
Home Computer
Web-based
Application
Application Server
(Inventory, Store...)
OA, ERP System
CRM System
Employee Laptop in
Airport Kiosk or in Hotel
Employee Laptop in
Airport Kiosk or in Hotel
SSL-VPN
Tunnel
SSL-VPN
Tunnel
SSL-VPN
Tunnel
SSL-VPN
Tunnel
Authorized Partner
Authorized Customer
Internet
Main Office LAN Resource
Network ExtendRemote DesktopFile Share
File Share
Email Server BI System
I
P
S
e
c
-
V
P
N
T
u
n
n
e
l
Remote Office
LAN Resource
OA, ERP System
CRM System
Network ExtendRemote Desktop
ZyWALL SSL 10
Employee on
Home Computer
Web-based
Application
Application Server
(Inventory, Store...)
OA, ERP System
CRM System
Employee Laptop in
Airport Kiosk or in Hotel
SSL-VPN
Tunnel
SSL-VPN
Tunnel
SSL-VPN
Tunnel
Authorized Partner
Authorized Customer
LAN Resource
Network ExtendRemote DesktopFile Share
Email Server BI System
Deployed behind Firewall
DMZ Mode:
Deployed at Network Gateway
NAT Mode:
ZyWALL UTM provides
Anti-Virus/IDP inspection
on SSL-VPN traffic
One-box solution
for NAT Router and
SSL-VPN Gateway
Internet
Specifications
System Specifications
Mode of Deployment
• NAT Mode
• DMZ Mode
Networking
• WAN: PPPoE, Static, DHCP
• LAN: DHCP Server
• NAT
SSL VPN
• SSL VPN Tunnel: 10, 25 (Optional Upgrade)
• SSL Protocol: SSL v2, SSL v3, TLS 1.0
• Encryption: DES, 3DES, RC4 (128), AES (128,
256), IDEA, ADH, DH, DHE, RSA, DSS, CBC, 3CBC,
MD5, SHA-1
SSL-VPN Access Mode
• Reverse Proxy Mode
• Port Forwarding Mode
• Full Tunnel Mode
Authentication
• Internal user database
• RADIUS
• LDAP
• Microsoft Active Directory
• Two-factor Authentication
Certification
• Self-signed
• External CA
Application Support
• Web Application: Web Server, Internet Email,
OWA
• Non Web-based Application: HTTP, HTTPS, FTP,
Telnet, TFTP, SMTP, SMTPS, IMAP, IMAPS, VNC,
RDP, NTP, SSH, SQUID, CIFS, POP3, POP3S
• File-Sharing: Web-based CIFS
• Full Network Access via ZyWALL-SSLVPN
SecuExtender: Any TCP/IP based application
(ICMP, VoIP, IMAP, POP, SMTP, etc.)
Browser Support
• Internet Explorer version 5.5 with MSXML,
version 6 and above.
• Netscape version 7.2 and above
• Mozilla 1.7.3 and above
• Firefox 1.0 and above
Security
• User-/Group-based Policy Control
• User-/Group-based Access Control
• User-/Group-based IP Pools
• User-/Group-based
Routing
• User-/Group-based Application List
• User-/Group-based Endpoint Integrity Check
• Cache Cleaning
System Management
• Web GUI
• Dual-mode Setup Wizard
• Dashboard
• Email Notification
• Real-time Monitoring
• Logs
• Report
• NTP Support
Hardware Specifications
• Processor: 266 MHz with cryptographic
accelerator
• Memory (Flash/DRAM): 128 MB/128 MB
• Status LED Indicator: PWR, SYS
• Reset Button: Yes
• WAN: 10/100 Auto MDI/MDIX
• LAN: 4-Port Switch, 10/100 Auto MDI/MDIX
• Console: RS 232 DB9 Connector
• Power: 12 VDC
• Max Power Assumption: 7.5 W
• Warranty: Two years
Physical Specifications
• Dimensions: 242.0 (W) x 75.0 (D) x 35.5 (H) mm
• Weight: 1,200 g
Environmental Specifications
• Operation Environment:
- Temperature: 0°C ~ 50°C
- Humidity: 20% ~ 95%
• Storage Environment:
- Temperature: -30°C ~ 60°C
- Humidity: 20% ~ 95%
/
