DualShield unified authentication platform provides 3 ways for the protection of SSL VPNs logon with multi-factor authentication, depending on the type of the SSL VPN appliance and the types of authentication methods you wish to deploy to your users.

For SSL VPN appliances that support SAML authentication protocol, DualShield can be used to secure SSL VPN logon with two-factor authentication and with all types of authentication methods provided by the DualShield Platform.

For SSL VPN appliances that support RADIUS or LDAP authentication protocol, DualShield can be used to secure SSL VPN logon with two-factor authentication and with one-demand password, one-time password as well as out-of-band push.

Almost all types of SSL VPN appliances support RADIUS and/or LDAP authentication protocol. If you are planning to deploy one-time passwords and/or on-demand passwords only in your user base, then RADIUS or LDAP authentication is the simplest solution. The DualShield platform provides a built-in, RFC 2865 compliant RADIUS server and LDAP authentication broker that work with any VPN appliances or applications that support RADIUS or LDAP protocol. Using RADIUS or LDAP authentication means that you do not need to install authentication agent software in the SSL VPN appliance or application, which makes the solution simple to set up, configure and maintain.

Multiple Authentication Choices
DualShield provides a wide selection of portable OTP tokens in a variety of form factors, ranging from hardware tokens, software tokens, mobile tokens to USB tokens. These include:

  • Deepnet SafeID
  • Deepnet MobileID
  • Deepnet GridID
  • RSA SecurID
  • VASCO DigiPass Go
  • OATH-compliant OTP tokens

In addition to the support of one-time password, DualShield also supports on-demand password for IPSec VPN authentication. The product that provides on-demand password in the DualShield platform is Deepnet T-Pass. Deepnet T-Pass is an on-demand, token-less strong authentication that delivers logon passwords via SMS texts, phone calls, twitter direct messages or email messages.

Supported VPN Devices

  • Cisco ASA
  • Citrix CAG/Netscaler
  • Microsoft UAG & TMG
  • Juniper SA
  • Sonicwall
  • Watchguard
  • Barracuda
  • Astaro
  • Checkpoint
  • NetMotion Mobility XE
  • F5 FirePass
  • Fortinet
  • Aruba
  • AEP
  • Array Networks

DualShield supports any VPN devices or applications that employ RADIUS or SAML authentication protocol, including:

Increasingly, more SSL VPN appliances support SAML 2.0 authentication protocol. If your VPN appliance supports SAML 2.0 and you are planning to offer authentication methods beyond one-time password, such as keystroke/voice/face recognition, device digital fingerprint and/or virtual grid cards, then SAML authentication will offer you this level of sophistication and flexibility. The DualShield platform provides a built-in Web SSO (Single Sign-On) server that is fully compliant to SAML 2.0. To enable multi-factor authentication on your SSL VPN logon with the full range of authentication methods that DualShield offers is as simple as by connecting your SAML-enabled SSL VPN appliance to the DualShield Web SSO server.

Versatile Authentication Choices
By using SAML authentication, you can use all authentication methods that are supported by DualShield. These include:

  • On-Demand Password
  • One-Time Password
  • Out-of-Band Push
  • Computer Finerprint
  • USB Flash Drive
  • Smartcard Certificate
  • Keystroke Dynamics
  • Voice Recognition
  • Face Recognition

Supported VPN Devices
DualShield supports any SSL VPN devices that employ SAML authentication protocol, including:

  • Citrix Netscaler
  • F5 BigIP
  • F5 FirePass
  • Juniper SA