F5 Networks' FirePass Controller: Clientless SSL for Remote Access

Unlike an IPsec (IP security) VPN, the FirePass does not require client software to be pre-installed and configured on the remote PC. Instead, it works directly through a Web browser using a virtual desktop Web page or by dynamically installing client software that establishes an SSL tunnel via a virtual network adapter.

Back to School

We took the FirePass 1000 for a test run in the California Polytechnic Network Performance Research Lab (NetPRL). To get to the virtual desktop interface, we pointed our browser at the external FirePass URL. We established an SSL connection that would work well from a public terminal or any Web kiosk where the user cannot install software and has only Web browser access.

The FirePass virtual desktop interface provides access to a number of services, including an e-mail client to access the corporate e-mail server; secure host connections--including telnet and SSH (Secure Shell)--using Java terminal emulators; and shared directories using file-system access, such as NSF and Windows Workgroups.

Basic Firepass Configuration click to enlarge

We also used the FirePass by means of a virtual network adapter. This method lets you set up an SSL tunnel between the workstation and the FirePass. To go this route, you must download client software (ActiveX for Internet Explorer or a Java plug-in for Netscape/Mozilla) directly from the FirePass device into your browser. The client software creates a new virtual network adapter and modifies your routing table using split tunnel or all traffic to route your network traffic through the SSL tunnel to the FirePass. After this tunnel is established, all IP applications can use this tunnel to provide secure access to the corporate intranet.