FirePass VPN Controller Taps SSL

F5's new FirePass Controller delivers SSL as the alternative to IP Sec for client-side VPN access.

F5 Networks Inc. on Monday will try to put a stake in the heart of IP Sec as a client-side VPN technology with a new alternative that delivers greater flexibility and control.

The new FirePass Controller delivers SSL (Secure Socket Layer) as the alternative to IP Sec for client-side VPN access. It allows secure access from kiosks and PDAs, as well as PCs and laptops, and it can control access to specific applications.

IP Sec point-to-point VPNs dont allow a more direct interface between enterprises and their partners, asserted Eric Giesa, senior director of product management at F5 Networks. The ability to more directly interface with partners "has been a big driver (for SSL VPNs), along with the growth of mobile devices. PDAs and cell phones need secure remote access to services at corporate headquarters," he said.

As the Seattle-based load balancing vendor continues its drive into remote security and builds on its success with SSL acceleration, it is expanding its offerings with new technology acquired last summer with uRoam Inc.

F5 enhanced the uRoam FirePass Controller with the ability to secure kiosk access to corporate networks by wiping out and deleting temp files to remove possibly sensitive data from the kiosk. That action can block any potential security breaches.

The controller determines that the access attempt is coming from a kiosk by the lack of a digital certificate, and enforces policies established for that type of access. Although policies are determined in the controller, access rights and groups are captured from a variety of sources, such as Microsofts Active Directory, a RADIUS server or a Lightweight Directory Access Protocol server.

At the application level, F5 added protection against cross-site scripting, preventing malicious application layer attacks on users coming into a customer site.

The new version of the controller also scans continuously for active firewall, virus scan and other client-side security programs to validate client integrity. F5 also extended access to Linux or Unix systems running X-Windows applications.

The Firepass Controller competes with similar offerings from Aventail Corp. and Neoteris Inc., although those offerings lack remote control capability and Unix access and are more costly, Giesa said.

"They are trying to target themselves as comparable to the market leaders," reacted Mark Fabbi, vice president of enterprise communications at Gartner Inc., in Toronto. "In terms of functionality, it looks like a full-featured product that theyre combining with other F5 functions such as reliability. Others will continue to add functionality on to the SSL VPN side and for delivery of specific application types," he added.

The new version is due on October 16, and prices start at $10,000.