What’s Inside:

DATASHEET

DeliverSecureandAcceleratedRemoteAccesstoApplicationsAsmoremobileandremoteworkersaccessapplicationsanddatafrommanydifferentdevicesandlocations,ensuringfastapplicationperformanceforremoteusersisagrowingconcernforITorganizations.

F5BIG-IP®EdgeGateway™isanaccesssolutionthatbringstogetherSSLVPNremoteaccess,security,applicationacceleration,andavailabilityservicesforremoteusers.BIG-IPEdgeGatewaydrivesidentityintothenetworktoprovidepolicy-controlled,context-aware,secureremoteaccesstoapplicationsatLANspeed.Astheindustry’smostsecureandacceleratedaccesssolution,BIG-IPEdgeGatewaycanhelpyourorganizationdeliverpeakperformancelevelstousersaccessingtheapplicationsandnetworksthatarecriticaltoyourbusiness.

BIG-IPEdgeGateway

What’s Inside:

2 ScalabilitytoMeetFutureITDemands

2 StreamlinedAccessManagement

5 ImprovedUserExperienceandProductivity

6 SuperiorSecurity

6 AcceleratedApplicationPerformance

8 VirtualArchitecture

9 BIG-IPEdgeGatewayArchitecture

10 BIG-IPEdgeGatewayPlatforms

10 ProfessionalServicesandSupport

10 MoreInformation

Key benefits

Scale for the growing mobile workforce Supportaccessformoreremoteuserswithanadvancedgatewayattheedgeofthenetwork.

Streamline access management Getauthenticationandauthorizationservicesonasingle,easy-to-managenetworkdevice.

Provide automatic access anywhere Giveusersaseamlessconnectionwhentransitioningbetweenlocations.

Ensure strong endpoint security Protectyourorganizationandvalidateuserdeviceswithanoptionalendpointsecurityinspectionservice.

Accelerate application performance AcceleratetraffictoimprovetheremoteuserexperienceandprovideaccessatLANspeeds.

2

DATASHEET BIG-IP Edge Gateway

BIG-IP Edge Gateway unifies access services on a single, easy-to-manage, and optimized network device.

Scalability to Meet Future IT Demands

BIG-IPEdgeGatewayisanadvancedaccessgatewayattheedgeofthenetworkthatprovidessecureremoteaccessfortherapidlygrowingnumberofremoteandmobileusers.Withupto8GbpsofSSLVPNthroughput,BIG-IPEdgeGatewaydeliversunprecedentedperformance,supportingupto600loginspersecondandupto40,000concurrentSSL-encryptedusersessionsonasingleappliance.Itsuniqueaccessandaccelerationservices,alongwithcaching,compression,andoptimization,providesuperiorscalabilitytomeetcurrentandfutureITdemands.

LAN Users

BIG-IP Edge Client

Data Center Resources

Utilize existing user directories

BIG-IP Edge Gateway (web access, acceleration,

and optimization)Internal LAN

VLAN1

Internal LANVLAN2

DMZ

Branch Office Users

BIG-IP Edge Client

Wireless Users

BIG-IP Edge Client

Mobile Users

BIG-IP Edge Client

Internet

Streamlined Access Management

BIG-IPEdgeGatewayunifiesaccessservicesonasingle,easy-to-manage,andoptimizednetworkdevicetohelpyouachievefastimplementationandreducethecostofmanagementacrossservices.

Unified access services

Equippedwithnetworkandapplicationaccessaswellascontentrewriteforaccessinginternalapplications,BIG-IPEdgeGatewayprovidessecureconnectivitytocorporateapplicationsfromallnetworks,includingremoteLAN,internalLAN,andbothpublicandinternalwireless.Thisflexible,high-performancedeviceusesSSLtunnelingandoptionalclienttechnologytoprovidesecureaccesstoanyuserfromanylocationandanyclientdevice.

Access policies

WithBIG-IPEdgeGateway,youcandesignaccesspoliciesforendpointsecuritychecking,authentication,andauthorizationtoenforceusercompliancewithcompanypolicies.Youcandefineoneaccessprofileforallconnectionscomingfromanydevice,oryoucancreatemultipleprofilesfordifferentaccessmethods,eachwiththeirownaccesspolicy.

DATASHEET BIG-IP Edge Gateway

3

The advanced Visual Policy Editor makes it easy to create access policies.

Forexample,youcancreateapolicyforcorporateLAN,VPN,orwirelessconnections.Withpoliciesinplace,yournetworkbecomescontext-aware:understandingwhotheuseris,wheretheuserisaccessingtheapplication,andwhatthecurrentnetworkconditionsareatthetimeofaccess.

Advanced Visual Policy Editor

Theadvanced,GUI-basedVisualPolicyEditor(VPE)makesiteasytodesignandmanagegranularaccesscontrolpoliciesonanindividualorgroupbasis.WiththeVPE,youcanquicklyandefficientlycreateoreditentiredynamicaccesspolicieswithafewsimpleclicks.Forexample,youcan:designendpointsecuritypolicycheckstobringdevicesintocompliancewithantivirus,firewall,andOSupdates;designanauthenticationserverpolicyintegratedwithRADIUS;assignresourcesforaccessonceauthorizationiscomplete;ordenyaccessforfailuretocomplywithpolicy.Ageolocationagentprovidesautomaticlookupandlogging.Thissimplifiestheconfigurationprocessandenablesyoutocustomizeuseraccessrulesaccordingtoyourorganization’sgeolocationpolicy.TheVPEsimplifiesandcentralizespolicycontroltohelpyoumanageaccessmorecost-effectively.

Broad authentication support and AAA server integration

BIG-IPEdgeGatewayintegrateswithauthenticationserversusingaccesspoliciesandsupportsauthenticationrequirementsononeeasy-to-managedevice.Onceauthenticationintegrationsarecompleted,BIG-IPEdgeGatewayinteractswithauthentication,authorization,andaccounting(AAA)serverscontaininguserinformation.Abroadsetofauthenticationservices—includingActiveDirectory,LDAP,RADIUS,andnativeRSASecurID—ensuresstrongenforcementofaccesspolicies.Forexample,ActiveDirectorysupportgivesyouaccessenforcementforlookupandnesteddirectories.

DATASHEET BIG-IP Edge Gateway

4

You can manage all access, acceleration, and optimization services from one centralized GUI.

Machine certificate support

Duringauserlogon,BIG-IPEdgeGatewaycancheckforaWindowsmachinecertificateandalloworprohibitaccessbasedonwhetherornotthereisavalidcertificatepresent.BIG-IPEdgeGatewaycanusemachinecertificatesasaformoftwo-factorauthentication.

Out-of-the-box configuration wizards

BIG-IPEdgeGatewayhelpsreduceadministrativecostsbymakingiteasytoquicklyconfigureanddeployAAAserverintegrationandauthentication.Theconfigurationwizardincludesasetofpre-builtwebapplicationaccess,networkaccess,andlocaltrafficvirtualdevicewizards.Itcreatesabasesetofobjectsaswellasaccesspolicyforcommondeploymentswhileautomaticallybranchingtonecessaryconfigurations,suchasDNS.Withstep-by-stepconfiguration,context-sensitivehelp,review,andsummary,settingupauthenticationwithAAAserversonBIG-IPEdgeGatewayissimpleandfast.

Consolidated access for Oracle

BIG-IPEdgeGatewayintegrateswithOracleAccessManager,soyoucandesignaccesspoliciesandmanagepolicy-basedaccessservicesforOracleapplicationsfromonelocation.Byconsolidatingplug-insandwebauthenticationproxies,thisintegrationcanhelpyoureduceCapExandOpEx.

DATASHEET BIG-IP Edge Gateway

5

BIG-IP Edge Client uses cutting edge roaming, domain detection, and automatic connection to deliver a seamless transition between locations.

Improved User Experience and Productivity

BIG-IPEdgeGatewaydrivesauser’sidentityintothenetworktoprovidecontext-awarenetworkingthatminimizesthetimeandeffortrequiredtogainaccesstoauthorizedfilesandapplications.

“Always connected” remote access

Someaccessclientsneedconstantreconnectionthroughoutthedayasusersmovelocationsorrestartapplications.TheBIG-IP®EdgeClient™solutionisastate-of-the-art,integratedclientthatprovideslocationawarenessandzonedeterminationtodeliveraremoteaccesssolutionunlikeanyother.Cutting-edgeroaming,domaindetection,andautomaticconnectioncreateaseamlesstransitionasusersmovebetweenlocations.BIG-IPEdgeClienthelpsensurecontinueduserproductivitywhethertheuserisathomeonawirelessnetwork,usinganaircardintransit,givingapresentationfromcorporatewireless,inacaféonguestwireless,ordockedonaLANconnection.BIG-IPEdgeClientcanautomaticallydetectdomainsandconnect,evenafterlosingaVPNconnection,ordisconnectwhenaLANconnectionisdetected.

BIG-IP Edge Client

BIG-IP Edge Client

At home (wireless)

Always connected application access

In the office (docked LAN connection)

In the café(wireless)

Presenting (corporate wireless)

Commuting(air card)

BIG-IP Edge Client

BIG-IP Edge Client

BIG-IP Edge Client BIG-IP

Edge Client

Status and reporting

BIG-IPEdgeClientprovidesserverandtrafficstatus,andyoucanselectthedesiredaccessservertogainoptimalperformance.Graphreportingshowsconnectionstatus,routingtables,IPconfigurations,andmore.WithBIG-IPEdgeClient,theadministratorcantracktheincreaseinthenumberofconnectedusersinallroamingenvironments.

Windows logon credential reuse

WhentheuserfirstenterscredentialsaspartoftheWindowslogonprocess,BIG-IPEdgeClientcachesthemandthenautomaticallytriestheminthefirstattempttologontotheVPN.Thisstreamlinestheuserexperiencetohelpimproveproductivity.

DATASHEET BIG-IP Edge Gateway

6

Credential caching

BIG-IPEdgeGatewayprovidescredentialcachingandproxyservicesforsinglesign-on(SSO),sousersonlyneedtosigninoncetoaccessapprovedsitesandapplications.Asusersnavigate,sign-oncredentialsaredeliveredtowebapplications,savingvaluabletimeandincreasingproductivity.

Automatically synchronized Exchange services

BIG-IPEdgeGatewaysupportsthesynchronizationofemail,calendar,andcontactswithMicrosoftExchangeonmobiledevicesthatusetheMicrosoftActiveSyncprotocol,suchastheApple®iPhone®.ByeliminatingtheneedforanextratierofauthenticationgatewaystoacceptOutlookWebAccess,ActiveSync,andOutlookAnywhereconnections,BIG-IPEdgeGatewayhelpsyouconsolidateinfrastructureandkeepusersproductive.

Superior Security

BIG-IPEdgeGatewaymakespolicy-based,context-awareaccessdecisionstoensurethatuserseverywhere—usinganydevice—gainsecureaccesstoonlytheresourcestheyneedtostayproductive.

Strong endpoint security

BIG-IPEdgeGatewayprovidesabroadlayerofendpointinspectiontovalidateclientsecurityposturesagainstcorporatepolicy.Endpointinspectionprotectsagainstworms,viruses,andaccidentaldataloss.Morethanadozenintegratedendpointinspectionchecksarepreconfigured,includingWindows,Macintosh,Linux,antivirus,andfirewallchecks.Othercheckingfeaturesinclude:file,process,OS,andregistrychecks;assignmentofdynamicaccesscontrollists(ACLs)basedonendpointposturetodelivercontext-basedsecurity;andbrowsercachecleaningtoremoveanysensitivedataattheendofauser’ssession.

Customizable logon pages

Youcanfullycustomizeanentirelogonpagetobestsuityourexistingcorporatewebsiteportalsandprovidethebestuserexperience.CustomizableoptionsrangefromsimplenamingoffieldsfromCSSstylesheetstoHTMLcoding.Youcancustomizealogonpageusingtheconfigurationutilityorthecommandlineinterfacetouploadcustompages.

Encrypted environment with protected workspace

Usingtightencryption,BIG-IPEdgeGatewayprovidesaprotectedworkspaceforuserswhoneedtoswitchtoasecureenvironment.Inthismode,userscannotwritefilestolocationsoutsidetheprotectedworkspace.Temporaryfoldersandalloftheircontentsaredeletedattheendofthesessiontoensuremaximumprotectionofdata.YoucanconfigureBIG-IPEdgeGatewaytoautomaticallyswitchusersofWindows7(32-bit),WindowsXP,andWindowsVistatoaprotectedworkspace.

Dynamic access control

BIG-IPEdgeGatewayprovidesaccessauthenticationusingACLsandauthorizesuserswithdynamicallyappliedlayer4andlayer7ACLsonasession.BothL4andL7ACLsaresupportedbasedonendpointpostureasapolicyenforcementpoint.BIG-IPEdgeGatewayallowsindividualandgroupaccesstoapprovedapplicationsandnetworksusingdynamic,per-sessionL7(HTTP)ACLs.YoucanusetheVisualPolicyEditortoquicklyandeasilycreateACLs.

DATASHEET BIG-IP Edge Gateway

7

BIG-IP Edge Gateway combines asymmetric, symmetric, and client-based acceleration to deliver fast and secure access to applications and networks.

Accelerated Application Performance

WithBIG-IPEdgeGatewayaccelerationandoptimizationtechnologies,usersexperienceauthorizedremoteaccesstoapplicationsatLANspeeds.

Optimized downloads

BIG-IPEdgeGatewayoptimizesperformancefordownloadsandapplicationsbysecuringagainstpacketlossandusingclient-sidetrafficshapingtoreducecongestion.Caching,compression,andaccelerationenableuserstodownloaddocumentsfromfamiliarbusinessapplications—suchasMicrosoftOfficeSharePoint—atdoublethespeedoftraditionalVPN solutions.

Asymmetric and symmetric acceleration

BIG-IPEdgeGatewayaccelerationservicescacheahighpercentageofrepetitiveandduplicatewebapplicationdata,reducingbandwidthusageandoverallcosts.Asymmetricaccelerationcanimproveperformance2xto5x.Withsymmetricaccelerationdeployedatthedatacenterandataremotelocation,userscanaccessapplicationsupto10xfaster.

ApplicationsData Center

Microsoft

SAP

Oracle

Clients

BIG-IP Edge Gateway

BIG-IP Edge Client

BIG-IP Edge Gateway

Remote Office

asymmetric acceleration

symmetric acceleration

client acceleration

Client-based acceleration

UsingBIG-IPEdgeClientforclient-basedacceleration,youcangaingreatercontroloftraffictoimproveapplicationperformanceandenablefastercommunications.Dynamicdatacompressionandclient-sidecachereducetrafficvolumestominimizetheeffectsofInternetlatencyandclientconnectionbottlenecksonapplicationperformance.Client-sidequalityofservice(QoS)andapplicationtrafficshapingforWindowsdevicesreducelatencyanddroppedpacketsforremoteapplications.Youcanprioritizeapplicationtrafficsospecificapplications,suchasVoIP,aresentbeforeothers.

Faster global access

YoucanimplementglobalVPNaccessbyintegratingBIG-IP®GlobalTrafficManager™withBIG-IPEdgeGateway.Combinedaccessredirection,IPgeolocation,acceleration,andoptimizationservicesprovideusersaccessingapplicationsgloballywithupto8xfasterdocumentdownloads.ThiscreatesaseamlessglobalVPNarchitecturethatdeliverssecureaccesstoremoteusersatLANspeed.

DATASHEET BIG-IP Edge Gateway

8

WAN optimization

BIG-IPEdgeGatewayovercomesnetworkandapplicationissuesontheWANtoensurethatuserseverywheregettheapplicationavailabilityandperformancetheyneedtostayproductive.CommonInternetFileSystem(CIFS)andMessagingApplicationProgrammingInterface(MAPI)acceleration,datade-duplication,andsuperiorcompressionandaccelerationcapabilitiesareintegrateddirectlyonyourBIG-IPEdgeGatewaydevice.Theresultisdocumentdownloadsthatareupto8xfaster,moreeffectivebandwidthutilization,andmitigatedeffectsoflatencyforthecriticalapplicationsyourremoteusersaccess.

Virtual Architecture

BIG-IPEdgeGatewayvirtualizationcapabilitieshelpyoureducetheamountofhardwareyourequire,improveoperationalefficiency,anddecreasecosts.Youcancreatemultipleaccessvirtualserversandsupportmulti-tenancybydefiningandmanagingaccesspolicygroupsaccordingtoyourbusinessororganizationalneeds.BycreatingmultiplevirtualserversofBIG-IPEdgeGatewayononedevice,youcaneasilyscaleandcustomizeeachremoteaccessserviceseparately.BIG-IPEdgeGatewayisideallysuitedforenterprisesorserviceprovidersthatrequireconsolidationofmultiplecustomers’accessgroupsontoonedevice.

DATASHEET BIG-IP Edge Gateway

9

TMOS delivers:

· SSL offload

· Advanced rate shaping and quality of service

· IP/port filtering

· iRules® scripting language

· iSessions

· Fast cache

· Symmetric adaptive compression

· Resource provisioning

· Route domains (virtualization)

· Geolocation agent in Visual Policy Editor

· Report scheduling

· TCP/IP optimization

· Full proxy

· Key management and failover handling

· VLAN segmentation

· DoS protection

· System-level security protections

BIG-IP Edge Gateway features include:

· Secure accelerated remote access

· Acceleration and optimization services

· Network access management

· Rewrite engine – internal application access

· Granular access policy enforcement

· Advanced Visual Policy Editor

· L4/L7 dynamic access control list (ACL)

· BIG-IP Edge Client: web-based and standalone

· Auto-connect and reconnect

· Windows logon credential reuse

· Location awareness

· Dynamic profiling

· Dynamic data compression

· Client logging for events

· SDK

· Client-side traffic shaping for Windows (QoS)

· Optimized and secure connections with Datagram-TLS

· Protected workspace support and encryption

· Style sheets for customized logon page

· Credential caching and proxying for SSO

· Integration with Oracle Access Manager

· Endpoint security

· Endpoint inspection: Windows, Mac, Linux, antivirus, and firewall checks

· More than a dozen endpoint checks

· Virtual keyboard support

· AAA server authentication

· RADIUS

· LDAP

· Active Directory

· Native RSA SecurID

· Microsoft ActiveSync support

· Health check monitor for RADIUS accounting

· Windows machine certificate support

· External logon page support

· Out-of-the-box configuration wizards

· Application access management for BIG-IP virtual servers

· Network access

· Web application setup

· Scale up to 40,000 concurrent users

· Asymmetric and symmetric network and application acceleration

· Dynamic caching and compression

· Data de-duplication

· CIFS and MAPI acceleration

· Hardware acceleration (SSL and compression)

· Virtual architecture

· Centralized advanced reporting

· Access policy dashboard

· Session logging and reporting summaries

· Splunk integration reporting

· Policy routing

· Export and import of access policies

· Clustered multi-processing

· DNS cache/proxy support

· BIG-IP Edge Gateway and BIG-IP Global Traffic Manager layering

· F5 Enterprise Manager layering

· Group policy support and integration

· Windows Mobile package customization

BIG-IP Edge Gateway Architecture

BIG-IP Edge Gateway runs on F5’s unique, purpose-built TMOS® architecture. TMOS is an

intelligent, modular, and high-performing platform that delivers insight, flexibility, and

control to help you intelligently deliver your web applications.

DATASHEET BIG-IP Edge Gateway

F5 Networks, Inc.Corporate Headquartersinfo@f5.com

F5 Networks, Inc. 401 Elliott Avenue West, Seattle, WA 98119 888-882-4447 www.f5.com

F5 NetworksAsia-Pacificapacinfo@f5.com

F5 Networks Ltd.Europe/Middle-East/Africaemeainfo@f5.com

F5 NetworksJapan K.K.f5j-info@f5.com

10

DATASHEET BIG-IP Edge Gateway

BIG-IP Edge Gateway Platforms

BIG-IPEdgeGatewayisavailableasastandalonesolutiononthe8900,6900,3900,3600,and1600platforms.Fordetailedphysicalspecifications,pleaserefertotheBIG-IPSystemHardwareDatasheet.

Platform 8900 6900 3900 3600 1600

Base Concurrent Users: 5,000 2,500 1,000 500 300

Maximum Concurrent Users:

40,000 25,000 10,000 5,000 1,000

Professional Services and Support

F5isdedicatedtohelpingyougetthemostfromyourF5products.TofindouthowF5supportservicescanhelpyouimproveyourROI,reduceadministrativetimeandexpense,andoptimizetheperformanceandreliabilityofyourIT

infrastructure,contactconsulting@f5.com.

More Information

BrowsefortheseandotherresourcesonF5.comtolearnmoreaboutBIG-IPEdgeGateway.

Product overview

BIG-IP Edge Gateway

White paper

Unified Access and Optimization with F5 BIG-IP Edge Gateway

Video

BIG-IP Edge Gateway Demo

Consolidate Access with BIG-IP Edge Gateway

Podcast

F5 Customer Interview: CSC and Remote Access

8900 Series 6900 Series

3900 Series

1600 Series

3600 Series

Windows, Windows XP, Windows Vista, and Active Directory are registered trademarks or trademarks of Microsoft Corporation in the United States and other countries.

© 2010 F5 Networks, Inc. All rights reserved. F5, F5 Networks, the F5 logo, BIG-IP, FirePass, iControl, TMOS, and VIPRION are trademarks or registered trademarks of F5 Networks, Inc. in the U.S. and in certain other countries. CS03-00004 0710