Celestix WSA 3400 Unified Access Gateway
Comprehensive secure remote access to network resources for any user and from any location
Celestix is committed to continue servicing the market for Microsoft UAG 2010 until 2023, allowing existing customers to continue depending on the product with peace of mind. It also enables new customers to depend on UAG without any concern about the lifecycle of the product.Organizations of all sizes rely on UAG 2010 to deliver comprehensive, secure remote access to corporate resources for employees, partners and vendors on managed and unmanaged PCs and mobile devices. UAG strength lies in its reverse proxy and application based SSL VPN comprehensive functionality combined with its relative simplicity of utilizing a combination connectivity options ranging from SSL VPN to DirectAccess. The technology is widely deployed in the market and is a trusted component of many thousands of networks worldwide.
Celestix WSA delivers secure, anywhere access to corporate resources with Microsoft Forefront Unified Access Gateway (UAG) 2010. Through a centralized management portal, organizations can securely publish applications to any users from a range of endpoints and locations, including managed and unmanaged PCs and mobile devices.
Celestix WSA supports a combination of connectivity options such as SSL VPN, Windows DirectAccess and SSTP as well as built-in configurations and policies. WSA integrates a deep understanding of the applications published, the health of the device being used to gain access, and the user’s identity to enforce granular access controls and policies.
- Secure publishing of on premise applications regardless of type
- Seamless integration with Microsoft applications such as SharePoint, Exchange and OCS/Lync
- Control access to cloud based applications such as Salesforce, Google Apps, and Office 365
- Enables a variety of access methods including SSL VPN, SSTP, and DirectAccess
- Endpoint device health control and manage out capability
- Control access based on endpoint compliance against policy
- Multiple server array deployment
- Integrated single sign on and authentication options
- Granular access policies
- Supports Windows Server 2008 (x64)
- Built-in firewall
- SQL logging
- Reduces total cost of ownership by consolidating infrastructure
- Reduces support costs by simplifying connectivity for users
Seamless and Secure Remote Connectivity with DirectAccess
With WSA and Windows 7/8/8.1, mobile workers can seamlessly and securely access the corporate network using DirectAccess. WSA appliances can be configured as DirectAccess servers enabling domain computers to transparently connect to the network regardless of that user’s location, without requiring any additional user input.
WSA limits risk through a combination of access policies, endpoint health inspection, and user authorization information. Administrators can set up policies that specify prerequisites that endpoints must meet for each transaction. Endpoint health can be inspected using built-in UAG policies or through integration with Network Access Protection (NAP).
Simplified Remote Access
WSA consolidates and standardizes access to corporate resources through a single platform. The result is a simplified ongoing management and user experience security and corporate compliance.
Celestix provides numerous additional features that complement and enhance the use of UAG. Automated update services provide prescreened alerts and patches through the COMET web UI, and multiple backup and restore options provide solutions for disaster recovery. Celestix appliances are the de facto platform for the secure and risk-free deployment of UAG 2010, just ask the readers of Computing Security who voted WSA the Network Security Product of the Year 2011.
Secure, anywhere access
Secure, web-based access to business critical applications and data.
- Differentiated and policy-driven access to network, server, and data resources.
- Flexible application-intelligent SSL VPN from any device or location.
- Highly granular access and security policy enforced at the session, application, and function levels.
- Comprehensive basic and form-based authentication through Active Directory®, RADIUS, LDAP and HOTPin
- Customizable, identity-based web portal with single sign-on (SSO).
- Handles embedded browser applications.
- Connectivity and control for client/server and legacy applications.
- Management features for DirectAccess VPN.
Protect IT assets
Integrated application protection helps ensure the integrity and safety of network application infrastructure by blocking malicious attacks.
- Application-layer firewall blocks non-conformant requests, such as buffer overflow or SQL injection, on application protocols.
- Comprehensive protocol validation and deep content inspection with both positive and negative logic rule sets.
- URL cloaking and full functionality for remote users through dynamic URL rewrite and HTTP parameter filtering.
- Application optimizers provide out-of-the-box protection for high value applications such as SharePoint® Server, Microsoft® Outlook® Web Access
- Comprehensive monitoring and reporting; integrates with third-party risk and policy management platforms.
- Extensible infrastructure and tools for custom application publishing and scripting.
Simplified provisioning and management
Celestix WSA appliances provide a single platform through which to deliver and manage remote access. With built-in policies and configurations for common applications and devices, you can gain more control, more efficient management, greater visibility, and lower total cost of ownership.
- Multiple server array deployment provides high availability and failover capabilities.
- Supports Windows Server 2008 R2 (64-bit) operating system.
- Simple application publishing tools for core applications such as SharePoint.
Built for purpose appliance platform
Celestix WSA appliances provide an award winning, hardened turnkey platform for the deployment of UAG 2010. Celestix optimizes both the hardware and software on the WSA appliance to ensure a risk-free “right first time” deployment. Celestix helps to lower the cost of ownership through reduced deployment timescales and increased hardware reliability.
- Rapid deployment with jog dial, LED display and intuitive interface.
- Simplified administration with COMET user interface.
- Automated patching and updates for application, OS and firmware.
- Out of band management.
- A range of appliance form factors for enterprises of all sizes.
Secure Connectivity for Microsoft BPOS:
Many enterprises are turning to cloud-based business applications to trim the high cost of hosting applications in house. Business Productivity Online Suite (BPOS) is Microsoft’s hosted (cloud) solution for communication and collaboration. BPOS includes Exchange Online, SharePoint Online, Office, Live Meeting, and Microsoft Office Communications Online. Protecting access to BPOS hosted applications and data presents some new challenges to network security professionals.
Celestix WSA appliances with Microsoft UAG SSL VPN software and Celestix software customizations are the new, powerful solution for protecting access to BPOS. WSA appliances are the first and only solutions that deliver BPOS to users through Microsoft’s UAG SSL VPN. WSA appliances also offer a suite of unique features engineered by Celestix that enhance the security and performance of BPOS deployments as well as enable the integration of BPOS/UAG with existing network infrastructure.
Microsoft UAG Secure Access
UAG’s browser-based SSL VPN provides users with secure access to applications regardless of their location. UAG controls access from any endpoint at any location such as kiosks, PCs, and mobile devices. UAG is more than a simple SSL VPN. UAG delivers:
- Policy-Based Access
- Application Intelligence
- High Flexibility for Configuration
- Network Separation
- Endpoint Security and Health Compliance
- Application control that BPOS lacks
Proprietary Celestix Software Integration for BPOS
The Only UAG and BPOS Integration
Celestix’ WSA appliances are the first and only working integration of BPOS with Microsoft Unified Access Gateway (UAG).
Extend Active Directory Policies to BPOS
WSA appliances can extend Active Directory group policies to BPOS applications. BPOS by itself has no direct connection to corporate Active Directory or corporate authentication standards. WSA lets enterprises leverage the authentication scheme they normally use with BPOS. For example, if an enterprise uses LDAP (OpenLDAP) authentication, the WSA appliance software will provide the translation and mapping to BPOS.
Custom Deployment Modes
WSA appliances let you deploy secure access to BPOS three ways:
- Securely connect users to BPOS via the corporate LAN.
- Use the WSA appliance to authenticate remote users who connect directly to Microsoft’s BPOS server via the Internet. This mode saves network bandwidth.
- Use your WSA appliance to restrict user access to BPOS only through the corporate LAN for added security.
Protection Against Data Loggers
Celestix’ Virtual Keyboard feature on WSA protects BPOS users from keyboard loggers and other data loggers. Users click the on-screen keyboard to enter their passwords.
Single Sign On (SSO) and Authentication
BPOS does not natively share SSO capability with enterprise-hosted applications. WSA appliance software lets BPOS share SSO functionality with enterprise applications.
BPOS uses a client SSO application to provide SSO among BPOS applications. BPOS’ client app has two problems:
- The SSO client only runs on Windows XP and Windows 7 devices
- Because the BPOS SSO runs on the client, you should not install the client on non-enterprise devices due to security concerns with certificates and SSO data. In contrast, WSA’s SSO feature runs in the appliance. This raises no certificate and SSO data issues on a client computer.
WSA appliances extend UAG’s single and multi-factor authentication methods. WSA appliances also deploy Kerberos Delegation support for authentication and application single sign on.
Celestix’ Adds Two-Factor Authentication
BPOS does not support 2FA. WSA appliances support Celestix’ HOTPin tokenless 2FA system as well as RSA, Vasco, Smartcards, and other 2FA systems.
WSA’s CAPTCHA authentication feature protects against automated bot attacks. If authentication attempts fail in succession, new CAPTCHA challenges appear before continuing. This insures users are people, not scripts or “hack machines.”
Celestix Appliance Advantages
WSA appliances are purpose-built security appliance solutions. Celestix builds appliance hardware with high-speed components and architecture throughout to maximize the performance of UAG. Celestix forgoes the use of unnecessary components to harden the solution and keep costs low.
Celestix Comet appliance engine provides network administrators with ease-of-use features that save labor and costs at every phase of the deployment.
The Jog dial and front panel display permit headless communication with the network. For installation, you rack the unit, connect it to the network, power it up, and adjust network settings with the Jog Dial to have your security solution for BPOS live in fifteen minutes.
The WSA’s Web UI lets you remotely configure and manage the appliance and software through a single interface.
WSA appliances have on-box backup of configurations that let you return to the Last Good Version for easy recovery. Or, use the feature for one-button reset to factory presets if desired.
Celestix’ software update system delivers prescreened software updates, patches and alerts for all of your appliance’s software through a single convenient UI.
The Right Security for BPOS
WSA appliances are the only solutions now available for secure access to BPOS through UAG. With Celestix added security and appliance features, you can be sure that WSA will be the leading solutions for BPOS protection far into the future.
Celestix Salesforce SSO module for WSA
With the Celestix Salesforce SSO for WSA solution, Salesforce access is treated like any internal application accessed via the SSL VPN. In this manner, Celestix is able to enforce endpoint security compliance, leverage corporate access policies and manage permissions. WSA can be connected to local authentication repositories such as Active Directory without having to expose usernames/passwords to the cloud. This eliminates redundancy of user/policy information within Salesforce and thereby minimizes maintenance complexity. Click here for more information.
Celestix WSA appliances deliver Microsoft’s Forefront Unified Access Gateway 2010 (UAG) to provide policy based, granular and secure anywhere access to corporate resources. WSA supports multiple connectivity options including SSL VPN, DirectAccess, SSTP and RDP, allowing organizations to publish a broad range of applications and resources and providing users with granular levels of access in line with their level of trust.
UAG’s ability to interrogate the endpoint and determine levels of health and trust prevents endpoints that don’t comply with corporate health and security standards from connecting to the network. Further, UAG lets administrators expose only the applications, or parts of applications, to only the users or user classes they wish to authorize. For instance a trusted user logging in from an endpoint that does not fully comply with corporate policy may just be allowed read-only access to email or limited access to sites or zones within a SharePoint site.
Sessions through the WSA are encrypted, preventing unauthorized access to any sensitive information left on intermediate servers, while session wipers remove data from endpoints when a sessions ends.
The WSA appliance range is the award winning, market-leading deployment platform for Microsoft UAG 2010. WSA appliances are built for rapid deployment, simplified management and high performance. The COMET software engine provides an intuitive and feature rich web UI that allows for advanced configuration for both UAG and the appliance.
WSA powered by Microsoft UAG, secure remote access from Celestix business anywhere solutions.
- Celestix COMET management console
- Web UI and wizards
- Integrates with Active Directory
- Front panel display and jog dial
- Includes standard configurations for enterprise applications and extensive customization capabilities
- Units are shipped pre-hardened with comprehensive policy configurations
Logging and Reporting
- Supports monitoring, logging, and reporting for management and accounting
- Event monitoring of users, applications, and time periods
- Event logger records system usage and user activities and send alerts to the administration console
- Event query tool with pre-configured templates for full reporting capabilities
- SQL logging
- One-button system recovery
- Remote drive service
- Load balances traffic to array members, using integrated Network Load Balancing (NLB) or a hardware load balancer
Endpoint Access Controls
- Endpoint policy allows administrators to define compliance checks and verify endpoint settings such as active security software
- Delivers a standard SSL VPN portal and login pages for easy setup, customization, and administration
- Built-in certificate authority that grants a trusted endpoint certificate for a specific machine on request
- Integrates Windows Server 2008 NAP technology to verify client endpoint compliance against NAP policies
- Remote port and socket forwarding over an SSL tunnel
- Remote Desktop Gateway (RDG)
- Network-level SSL VPN, with support for both the SSTP and Network Connector protocols
UAG 2010 Licensing
- Includes OS license
- Requires a Client Access License (CAL) for each named or authenticated device or user
|MSA Series Model||WSA 3400||WSA 6400||WSA 8400|
|Type of Business||Designed for small to mid-sized enterprises||Designed for large and multinational enterprises||Designed for large and multinational enterprises|
|Recommended Users||Up to 500||500 - 5,000||5,000 - 15,000|
|CPU||Intel i5||Intel E3||2 x Intel E5|
|Number of Processors||4 Cores||4 Cores||12 Cores (hyperthreading)|
|Memory||8 GB||16 GB||16 GB|
|Cache||6 MB||6 MB||15 MB|
|Hard drive||SATA-II 120 GB available storage||SATA-II 120 GB available storage
2 x 160 GB hot-swappable hard drive
|SATA-II 300 GB available storage
4 x 160 GB hot-swappable hard drive
|Power Supply||220W auto-switching universal 110/220V AC power supply||Redundant hot-swappable power supply 2 x 250W||Redundant hot-swappable power supply 2 x 500W|
|Disk Mirror RAID||-||RAID 1||RAID 6|
|Gigabit Ethernet Ports||6||6||8|
|Dimensions (H x W x L)||1.75” x 17.3” x 13.0” inches||1.75” x 17.3” x 21.5” inches||3.5” x 17.4” x 23.25” inches|
Options & Upgrades:
Celestix WSA Upgrade Program
Introduction - By participating in the Celestix Upgrade Program, you ensure your network is protected by the very latest in security, reliability, and performance available without hurting your bottom line. The Celestix Upgrade program is available to current Celestix customers with earlier generation products wishing to upgrade to our latest line of unified access solutions.
Details - Celestix customer is able to upgrade an earlier generation Celestix appliance, to eligible new Celestix solutions at 25% off the standard purchase price. To activate Upgrade products one must simply retire the eligible earlier generation Celestix appliance already on their account with 8x5 or 24x7 support contract. Not all devices are eligible for all Upgrade appliances. Specific eligibility details are outlined in the “Eligibility Chart”.
How to Purchase Celestix Upgrade Products - If you have an eligible product you would like to upgrade, simply purchase the Upgrade part number that corresponds to the desired available Upgrade product. Celestix products with unique Trade Up part numbers are available through this website. The discount is built into the price so you see the savings instantly.
Activating Upgrade Products - During activation of the Upgrade product you will be required to identify an eligible product on your account to be replaced. The specific device must be active in order to complete the activation of the Upgrade product. (To verify that the device you wish to replace is active please contact us) Once the eligible device has been identified, it will be retired and the new box will become active.
- Retired product will be removed from the customer’s Support contract account
- Retired product will not be eligible for upgrades, support, or software updates
Further Action Required - To complete the process, a certificate of retirement (CORE) must be completed and returned to Celestix within sixty (60) days of activation. The CORE can be returned via an email to firstname.lastname@example.org. The CORE will certify that the retired device used in the upgrade has been destroyed and properly disposed of in accordance with local environmental standards. Celestix reserves the right to deactivate the new Upgrade product if at any time if the Upgrade product is determined to have been activated in violation of any of the Upgrade Program’s Terms and Conditions.
Terms and Conditions:
- Celestix Networks reserves the right to deactivate an Upgrade product at any time if found to be in violation of program guidelines.
- Distributors or resellers found to be abusing the Celestix Upgrade Program may face penalties from Celestix, which may include but are not limited to: termination of partnership status, loss of specific partnership benefits as deemed appropriate by Celestix, and/or exemption from participating in any or all Celestix promotions and/or programs that benefit partners and/or end users.
- Celestix reserves the right to change or cancel any aspect of this program at any time.
- Upgrade offer valid for Celestix WSA Series products only.
- For certain products Upgrade is restricted, review “Eligibility Chart” for qualifications.
- In order to be eligible for the Upgrade Program, the device being upgraded must be activated in the same Support contract account that the new Upgrade product will be activated in.
- Device being upgraded must not have been previously retired or otherwise deactivated prior to activation of new Upgrade product.
Client Access Licenses (CAL) - WSA customers must have UAG Client access licenses for each user using the gateway. IAG CAL’s cannot be applied to UAG systems therefore new CAL’s must be purchased. Please contact us to purchase licenses.
Download the Celestix WSA Series Datasheet (.PDF)
Including CAT6 Ethernet Cable, Power Cable, RJ45 Connector Cable, and Mounting Brackets