SONICWALL MOBILE CONNECT - cloudfront.net

Page created by Edgar Townsend
 
CONTINUE READING
SONICWALL MOBILE CONNECT - cloudfront.net
SONICWALL MOBILE CONNECT
               Simple, identity-based and policy-enforced secure access to company resources, applications
                  and data for iOS, MacOS, Android, Chrome OS, Kindle Fire and Windows 10 devices.

Give your employees safe, easy access to      Features and benefits                         Benefits:
the data and resources they need to be        Ease of use                                     • Ease of use
productive from any device, running iOS,
                                              iOS, OS X, Windows 10, Android, Chrome          • Centralized policy management
OS X, Android™, Chrome OS, Kindle Fire
and Windows. At the same time, ensure         OS and Kindle users can easily download         • Verification of both user and device
that the corporate network is protected       and install the Mobile Connect app via
                                              the App Store™, Google Play, Chrome             • Easy access to appropriate resources
from mobile security threats.
                                              Web Store, Amazon App Store, or                 • Malware protection
The SonicWall Mobile Connect™                 Windows Store.
                                                                                              • Mobile device registration and
application works in combination with
                                              Centralized policy management                     authorization management
SonicWall Secure Mobile Access (SMA)
or next-generation firewall appliances.       IT can provision and manage user and            • Per-application VPN
Mobile workers simply install and launch      device accessing via SonicWall appliances       • One-click secure intranet
the Mobile Connect application on             — including control of data, resources and        file browsing and on-device
their mobile device to establish a secure     applications hosted on-prem or in the             data protection
connection to an SMA or next-generation       cloud — through a single management
                                                                                              • Auto-launch VPN
firewall appliance. The encrypted SSL VPN     interface. Unlike other VPN solutions, the
connection will protect traffic from being    SonicWall solution allows you to quickly        • Easy integration
intercepted and keep in-flight data secure.   set role-based policy for mobile and laptop     • Application intelligence and control
Context-aware authentication ensures          devices and users with a single rule across
only authorized trusted users and devices     all objects; as a result, policy management
are granted access.                           can take only minutes instead of hours.

Behind the scenes, IT can easily provision    Verification of both user and device
and manage access policies via SonicWall      A Mobile Connect user is granted access
appliances through a single management        to the corporate network only after
interface, including restricting VPN          establishing user and device identity,
access to a set of trusted mobile apps        location and trust. End Point Control can
allowed by the administrator. Plus, the       determine whether an iOS device has been
SonicWall solution integrates easily with     jailbroken or an Android device has been
most back-end authentication systems,         rooted, as well as whether a certificate is
including most popular identity providers     present or the OS version is current, and
and multi-factor services authentication,     then reject or quarantine the connection
so you can efficiently extend your            as appropriate.
preferred authentication practices to
your mobile remote and work-from-home         Easy access to appropriate resources
(WFH) workers.                                Mobile devices can connect to all allowed
                                              network resources, including web-based,
                                              client/server, server-based, host-based
SONICWALL MOBILE CONNECT - cloudfront.net
and back-connect applications. Once           shares and files from within the Mobile
                                         a user and device are verified, Mobile        Connect app. Administrators can
     Provide fast, secure                Connect offers pre-configured bookmarks       establish and enforce mobile application
     mobile access through               for one-click access to corporate             management policy for the Mobile
                                         applications and resources for which the      Connect app to control whether files
     an intuitive, easy-to-              user and device has privileges.               viewed can be opened in other apps,
     use app that is simple                                                            copied to the clipboard, printed or cached
                                         Malware protection                            securely within the Mobile Connect app.
     to install and launch               When deployed with a SonicWall next-          For iOS devices, this allows administrators
     on both smartphones                 generation firewall, Mobile Connect           to isolate business data from personal
                                                                                       data stored on the device and reduces the
     and tablets.                        establishes a Clean VPN™, an extra
                                         layer of protection that decrypts and         risk of data loss. In addition, if the user’s
                                         scans all SSL VPN traffic for malware         credentials are revoked, content stored in
                                         before it enters the network. All files       the Mobile Connect app is locked and can
                                         uploaded by trusted user to corporate         no longer be accessed or viewed.
    Specifications compatibility         networks are inspected by our cloud
                                                                                       Auto-launch VPN
                                         based multi-engine Capture ATP service
     SonicWall SMA and Next-
                                         to protect from advanced threats such as      URL control allows apps that require a
     Generation Firewall
                                         ransomware and zero-day threats.              VPN connection for business (including
     TZ, NSA, E-Class NSA or Super                                                     Safari) to create a VPN profile and
     Massive 9000 Series appliances      Mobile device registration and                automatically initiate or disconnect Mobile
     running Sonic OS 5.9 or higher      authorization policy management
                                                                                       Connect on launch (requires compatible
     SMA 100 Series/SRA appliances       With Mobile Connect and seamless              server firmware). In addition, for iOS or OS
     running 8.5 or higher               integration with SMA solutions, if a mobile   X devices, to simplify use when a secure
                                         device has not previously registered with     connection is required, VPN on Demand
     SMA 1000 Series/E-Class SRA         the SMA appliance, the user is presented      automatically initiates a secure SSL VPN
     appliances running 11.4 or higher
                                         with a device authorization policy for        session when a user requests internal data,
                                         acceptance. The user must accept the          applications, websites or hosts.
     SonicWall Mobile Connect
                                         terms of the policy to register the device
     Devices running iOS version 7.0     and passed all device trust and integrity     Integration with existing authentication
     or higher                                                                         solutions
                                         checks before given permissible access
                                         to allowed corporate resources and data.      The SonicWall solution supports
     Devices running OS X 10.9
     or higher                           The terms of the policy are customizable      easy integration with most back-end
                                         by the administrator.                         authentication systems, such as LDAP,
     Devices running Android 4.1                                                       Active Directory and Radius, so you
     or higher                           Per-application VPN                           can efficiently extend your preferred
     Kindle Fire devices based on        Mobile Connect in combination with SMA,       authentication practices to your mobile
     Android 4.1 or higher               enables administrators to establish and       workers. For optimal security, you can
                                         enforce policies to designate which apps      apply your choice of identity-based
     Devices running ChromeOS 45         on a mobile device can be granted VPN         authentication using Ping Identity, okta or
     or higher
                                         access to the network. This ensures that      onelogin in conjunction with SAML single
     Devices running Windows 10          only authorized mobile business apps          sign-on (SSO) service with enforced two-
                                         utilize VPN access. Mobile Connect is the     factor authentication (2FA) technologies.
                                         only solution that requires no modification
                                                                                       Application intelligence and control
                                         of mobile apps for per app VPN access.
     Partner Enabled Services            Any mobile app or secure container can        When deployed with a next-generation
                                         be supported with no modifications, app       firewall, IT can easily define and
     Need help to plan, deploy
                                         wrapping or SDK development.                  enforce how application and bandwidth
     or optimize your SonicWall
                                                                                       assets are used.
     solution? SonicWall Advanced        One-click Secure Intranet File Browse
     Services Partners are               and On-Device Data Protection
     trained to provide you with         Protect company data at rest on mobile
     world class professional            devices. Authenticated users can securely
     services. Learn more at             browse and view allowed intranet file
     www.sonicwall.com/PES.

2
Software Access

                                                    5G / 4G / 3G / WiFi                         5G / 4G / 3G / WiFi

                      Mobile
                     Connect
                                             1                                         2

                                                               Internet

     CORPORATE NETWORK

                    3A                                        3B                                        3C

                                             OR                                            OR

                Next-generation firewall
                 with SSL VPN client
                        license

                                                         Secure Mobile Access 100                  Secure Mobile Access 1000
                                                           Series via a SonicWall                     Series via a SonicWall
                                                          next-generation firewall                   next-generation firewall

         1   Download and install SonicWall Mobile Connect onto mobile device.
         2   Create a connection profile to connect to your corporate network.
        3A   Connect to a SonicWall next-generation firewall.
               Benefits: Provides DPI scanning for malware as well as application intelligence and control.
        3B   Connect to a SonicWall Secure Mobile Access 100 Series appliance via a SonicWall next-generation firewall.
               Benefits: Provides zero-trust, least privilege access policies, DPI scanning for malware plus end point control to
               quarantine or reject connections from unregistered, vulnerable, unprotected, and jailbroken or rooted
               mobile devices.
        3C
             Connect to a SonicWall Secure Mobile Access 1000 Series appliance via a SonicWall next-generation firewall.
               Benefits: Provides zero-trust, least privilege access policies, DPI scanning for malware, end point control to
               quarantine or reject connections from unregistered, vulnerable, unprotected, jailbroken or rooted mobile
               devices. Also, enables administrators to restrict VPN access to an allowed set of trusted mobile apps, and
               manage enforced BYOD security policy terms.

3
Features                                                    iOS                    OS X/ Mac                     Android                   Kindle Fire          Windows 10              Chrome OS
Layer-3 VPN connectivity (SSL VPN)                          Yes                          Yes                         Yes                         Yes                  Yes                    Yes

App distribution                                        App Store                 Mac App Store                 Google Play            Amazon App Store        Windows Store         Chrome Web Store

Connect on demand                                           Yes   3
                                                                                         Yes   3
                                                                                                                      —                           —           MDM/ PowerShell                Yes

Configurable trusted networks                               Yes   1
                                                                                         Yes   1
                                                                                                                      —                           —                   Yes                     —
Network awareness                                           Yes   1
                                                                                         Yes   1
                                                                                                                     Yes   1
                                                                                                                                                 Yes  1
                                                                                                                                                                       —                      —
Credential caching                                          Yes                          Yes                         Yes                         Yes                  Yes                    Yes
Touch ID/Fingerprint support                                Yes   2
                                                                                          —                          Yes   2
                                                                                                                                                  —                    —                      —
Face ID support                                             Yes                           —                           —                           —                    —                      —
URL control                                                 Yes                          Yes                         Yes                         Yes                   —                      —
Basic authentication
                                                            Yes                          Yes                         Yes                         Yes                  Yes                    Yes
(Username\Password)
Two-Factor Authentication
                                                            Yes                          Yes                         Yes                         Yes                  Yes                    Yes
(Dell Defender\TOTP\RADIUS)
Client certificate authentication                           Yes   3
                                                                                         Yes   3
                                                                                                                     Yes   3
                                                                                                                                                Yes   3
                                                                                                                                                                      Yes                     —
Password change                                             Yes                          Yes                         Yes                         Yes                  Yes                    Yes
Always On VPN                                              Yes                         Yes                         Yes                         Yes                    Yes                    Yes
SAML 2.0 SSO Support                                       Yes                         Yes                         Yes                         Yes                    Yes                    Yes
                                                   Ping Identity, okta,        Ping Identity, okta,        Ping Identity, okta,        Ping Identity, okta,   Ping Identity, okta,   Ping Identity, okta,
IdP integration
                                                        onelogin                    onelogin                    onelogin                    onelogin               onelogin               onelogin
TLS 1.3 connection                                         Yes                         Yes                         Yes                         Yes                    Yes                    Yes
Time-based OTP                                             Yes                         Yes                         Yes                         Yes                    Yes                    Yes
SMS Gateway                                                Yes                         Yes                         Yes                         Yes                    Yes                    Yes
Windows domain SSO for VPN                                  —                             —                           —                           —                   Yes                     —
Split-tunnel\Tunnel-all routing                             Yes                          Yes                         Yes                        Yes                  Yes                    Yes
IPv6 support                                                Yes   4
                                                                                         Yes   4
                                                                                                                     Yes   4
                                                                                                                                                Yes   4
                                                                                                                                                                     Yes   4
                                                                                                                                                                                             —
Compression of data over VPN                                Yes   3
                                                                                         Yes   3
                                                                                                                     Yes   3
                                                                                                                                                Yes   3
                                                                                                                                                                     Yes   1
                                                                                                                                                                                            Yes   3

ESP Mode (UDP transport)                                    Yes   1
                                                                                         Yes   1
                                                                                                                     Yes   1
                                                                                                                                                Yes   1
                                                                                                                                                                      —                      —
Network conflict resolution                                 Yes   1
                                                                                         Yes   1
                                                                                                                     Yes   1
                                                                                                                                                Yes   1
                                                                                                                                                                     Yes   1
                                                                                                                                                                                            Yes   1

                                                                                     DeviceID,
                                                       Jailbreak,                        OS               Root, Certificate, OS Root, Certificate, OS
                                                                                                                                                                DeviceID, OS         DeviceID, Chrome
End Point Control                                   Certificate, OS               version, Client          version, DeviceID,    version, DeviceID,
                                                                                                                                                                  version      1
                                                                                                                                                                                        OS version    1

                                                   version, DeviceID       3
                                                                                 certificate, Anti-       Anti-Virus software Anti-Virus software
                                                                                                                                   3

                                                                                  Virus software    1

File Reader/ Bookmarks                                      Yes   2
                                                                                          —                        Yes     2
                                                                                                                                                Yes   2
                                                                                                                                                                       —                      —
                                                                                                            2X RDP, Remote
                                                   2X RDP, Microsoft                                           RDP Lite/               2X RDP, Microsoft
RDP bookmarks                                       Remote Desktop                        —                    Enterprise,              Remote Desktop                 —                      —
                                                       for RDP                                             Microsoft Remote                for RDP
                                                                                                            Desktop for RDP
Citrix receiver bookmarks                                Yes      2
                                                                                          —                        Yes     2
                                                                                                                                                Yes   2
                                                                                                                                                                       —                      —
VNC bookmarks                                         Remoter VNC                         —                android-vnc-viewer                    —                     —                      —
                                                                                                             Any browser—
                                                                                                             configured in
Web bookmarks                                        Safari, Chrome                       —                                                Silk Browser                —                      —
                                                                                                            Android system
                                                                                                                 settings
                                                  iSSH, Server Auditor                                        ConnectBot,
Terminal bookmarks                                                                        —                                                  JuideSSH                  —                      —
                                                        for SSH                                                 JuideSSH
                                                    RDP, VNC, SSH,                                          RDP, VNC, SSH,
Native HTML5 Bookmarks                                                                    —                                                       —                    —                      —
                                                         Telnet       2
                                                                                                                 Telnet        2

MDM management of VPN connection                                                                                                                                                       Google Mgmt
                                                            Yes                           —                           —                           —                   Yes
profiles                                                                                                                                                                                 Console
1
    This feature is supported on the E-Class SRA/SMA 1000 series appliances only. Please refer to the product release notes for the specific software version required to support this feature.
2
    This feature is supported on the SRA/SMA 100 series appliances only.
3
    This feature is supported on the SRA/SMA 100 series and E-Class SRA/SMA 1000 series appliances only. Please refer to the product release notes for the specific software version
    required to support this feature.
4
    This feature is supported on the SRA/SMA 100 series, E-Class SRA/SMA 1000 series and Next-Generation Firewall appliances. Please refer to the product release notes for the
    software specific version required to support this feature.

About SonicWall
SonicWall has been fighting the cybercriminal industry for over 27 years defending small and medium businesses, enterprises and
government agencies worldwide. Backed by research from SonicWall Capture Labs, our award- winning, real-time breach detection
and prevention solutions secure more than a million networks, and their emails, applications and data, in over 215 countries and
territories. These organizations run more effectively and fear less about security. For more information, visit www.sonicwall.com or
follow us on Twitter, LinkedIn, Facebook and Instagram.

                                                                          © 2020 SonicWall Inc. ALL RIGHTS RESERVED. SonicWall is a trademark
4        SonicWall, Inc.                                                  or registered trademark of SonicWall Inc. and/or its affiliates in the U.S.A.
         1033 McCarthy Boulevard | Milpitas, CA 95035                     and/or other countries. All other trademarks and registered trademarks
         Refer to our website for additional information.                 are property of their respective owners.
         www.sonicwall.com                                                Datasheet-SonicWallMobileConnect-VG-US-1811
You can also read