F5 Networks Secures Vista Access with SSL VPN

F5 says its FirePass Controller is the first to support Vista in an SSL VPN.

F5 Networks will release at the end of February an enhanced version of its FirePass Controller SSL VPN software—the first Secure Sockets Layer VPN to support Microsofts Windows Vista operating system, the company said.

Given that business users are already using Vista on home machines regardless of whether they have their IT departments go-ahead, VPN support is necessary even for enterprises that havent yet decided to migrate to Vista, said Hari Krishnan, a product manager for F5, based in Seattle.

"[Some F5 customers] have users who have Vista already and they have to support it in the VPN," he said in an interview with eWEEK. "If [companies] dont allow users [to use a Vista system to log into the VPN], they wont be able to work remotely. Its [those companies] main driver to look at Vista."

Another big change coming in the update is integration with F5s Big-IP Global Traffic Management product. The combination of FirePass and Big-IP will allow large enterprises with multiple sites to share unused capacity among their sites. For example, if a North American company finds many workers working remotely during a flu season, Big-IP will grab capacity off of underused sites, perhaps in Europe or Asia, after dynamic querying of FirePass devices. Big-IP will then redirect users to another FirePass device, without those users needing to type in a new URL or to reconnect.

/zimages/1/28571.gifClick here to read more about F5 Networks Big-IP software.

Big-IP issues the IP address based on policy, which could be based on latency, application health, FirePass CPU load or available number of concurrent sessions.

Krishnan said such a setup is going to be attractive to businesses that are worrying about business continuity.

On the hardware front, F5 is also coming out with the FirePass 4300, a high-performance platform that supports up to 2,000 concurrent users on one device. The FirePass 4300 ships with built-in, redundant power supplies for high availability. It can also be bought in multiples and hooked up into clusters and can be load-balanced with Big-IP, enabling scaling to tens of thousands of concurrent users.

/zimages/1/28571.gifFor advice on how to secure your network and applications, as well as the latest security news, visit Ziff Davis Internets Security IT Hub.

The 4300 is designed for customers who want to roll out a VPN with all the bells and whistles, Krishnan said. For example, FirePass can check for the status of an endpoint to find out whether its running the most current version of anti-virus software, has the latest signatures, is running the right operating system and has up-to-date patches.

"That stuff requires a lot of processing power," he said. "Thats a lot of things being checked. Its really enforcing very granular access policies. With the 4300 we have introduced a quad-core to handle 2,000 concurrent users, to turn on all the bells and whistles, and that has endpoint security checks, and has a wide range of feature sets for users coming in—it can make access policies [based] not only on the user, but also on the type of device theyre using."

The FirePass upgrade will be available at the end of February. FirePass 4300 hardware will come out in March with built-in support for all access modes: network access, application access and portal access, as well as endpoint security.

Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEKs Security Watch blog.