The document outlines the features and capabilities of the Sangfor SSL VPN solution, emphasizing secure remote access with various authentication methods including AD, LDAP, and certificates. It supports application virtualization, bandwidth optimization, and user management while providing strong security measures against attacks like man-in-the-middle. Additionally, it offers customization options for user experience and integrates with business applications to enhance security and usability.

1.
Support authentication with combination of AD, Local
password, LDAP/RADIUS, Certificate/USB key, dynamic
token, hardware ID, SMS.
Support importing user accounts via CSV file.
Allow import of local/external CA-authenticated certificate.
- Private account for single user.
- Public account that allow access for multiple users.
On-screen keyboard; CAPTCHA, password security
options, etc.
Endpoint detection and scanning of operating system,
registry file, personal firewall, anti-virus files,
user-customized security rules and other security policies
prior to user login, and during the SSLVPN session.
Detects if the endpoint is suffering Man-in-the-middle
attack before it is connected to the internal network and
send out alert if any attack is detected.
Options to disconnect other Internet connections when the
SSLVPN tunnel created.
Provides secure virtual desktop workspace where all data
and I/O traffics are encrypted, monitored and controlled.
Under secure desktop environment, applications, data and
external devices are restricted according to security
policies. Activities like USB key using, printing, file saving,
file copying, file sharing ... etc can also be controlled.
Support for creating up to 253 independent secure portals,
by which different user groups are able to enjoy different
SSL VPN access addresses, authentication methods,
application resource, administrators, etc.
Support for hiding, masquerading of SSL VPN resource
path to protect resource security.
Secure safety and deletion of sensitive data after session
termination.
Bind user’s application account and his/her SSL VPN
account together for unified authorization and simplified
account administration.
Cache data at byte level to ensure the SSLVPN data traffic
is de-duplicated,greatly reduces the demanded bandwidth
of remote access.
Conduct LZO, GZIP/ZLIB compression to TCP and Web
applications to decrease the data transmission volume.
Specifically optimizing accesses to web resource by
adopting web cache.
Streamline data packets under high packet loss and
network latency network environment such as such as
wireless, cross-border.
Dynamic reduction of web pages and images sizes
displayed on mobile devices resulting in faster
performance and better user experience.
Automatically choose the healthy and quickest link for
remote access when a network has multiple operators’
lines.
If resource is available in multiple servers, SSL VPN
appearance will delivers reliable access and performance
through intelligent balancing of computing resources for
user.
Delivers the virtual graphical interfaces of applications to
remote users so that users can operate on the applications
simply via a browser, while all the calculations/operations
take place in server-end.
- Enable BYOD: Smart phone and tablet users can access
all kinds of applications freely; PC users do not need to
pre-installapplicationclientsbeforeaccessingC/Sbased
applications.
- Options to enable/disable network drives, clipboard,
printers of endpoints
Authentication
SSL Account
importing
CA authentication
Account attribution
options
Account security
enhancement policies
User Authentication
Host Checker
Man-in-the-middle
Attack Detection
Dedicated SSL VPN
Tunnel
Virtual Secure Portal
Secure desktop
(local virtualization)
Resource path hiding
Cache Cleanup
Account Binding
Byte Cache
Streaming
Compression
Web cache
High-speed Transfer
Protocol (HTP)
Webpage Access
Optimization
Intelligent Link
Selection
Resource Load
Balancer
Security Protection
Rapidity and Access Performance
Remote application
(application
virtualization）
Remote application
features
Remote application
features
Application Virtualization
- Support virtual printer mapping
- Support local resource invocation
- Various operation optimization policies to mobile devices
including local input methods mapping, virtual mouse,
magnifier, scrolling tool, tab card, etc.
- Support access private resources and public resource on
storage servers
- Built-in load balancer for remote application servers on
basis of number of sessions , CPU, memory , I / O,
integrated performance, etc. Provides secure virtual
desktop workspace where all data and I/O traffic are
encrypted, monitored and controlled. Under secure
desktop environment, applications, data and peripherals
activities are restricted according to security policies.
Controlled activites include USB key, printer, file save, file
copy, file share ... etc.
Integrate with your business Apps to enhance security,
manageability and usability by providing SDK package.
- Redirect traffics of business Apps to SSL VPN tunnel for
authentication, transmission, resource authorization and
logging security.
- Support Apps data storage encryption to avoid data
losses in case of mobile device dropping.
- Provide flexible integration mode of APP Direct, APP
Proxy, EC Proxy to meet application deployment needs.
Allow personal SSLVPN setups and activities history check
through the system tray.
Allow user to access the SSL VPN resource without
entering in the usernames/passwords when the user get
authenticated by SSLVPN.
- Windows, Linux, Mac OS iOS, and Android OS.
- IE, Opera, Firefox, Safari, Google Chrome and other
browsers that support https.
Web app, TCP app, L3VPN; Full support to all kinds of B/S,
C/S applications.
Fully customizable sign-in page.
Capable to broadcast corporate notifications to all
connected SSLVPN users.
- Support for setting TCP session limitation based on user.
- Support for setting inbound and outbound bandwidth
limitation based on user.
- Display real-time status including CPU, link traffic,
network throughput, concurrent sessions, byte cache
status, etc.
- Online user information: access time, authentication
methods,concurrent sessions,traffic flow,IP address,etc.
- Alarm, error, debugging, system management logs; back
up logs can dump and save externally;
- Syslog support.
Enable tunnel auto switch when used with multiple Internet
link deployments.
Supports robust clustering of different hardware models
with the capability of up to 20 nodes.
Enabling of multiple Sangfor SSL VPN devices clustered in
cloud or multi-datacenter environment.
Support HA and the session synchronization.
Hardware bypass.
Built-in IPsec VPN.
Support PPTP connection from iPhone, iPad, Android
devices, etc.
Built-in Firewall.
Gateway, Bridge.
SSL VPN System Tray
EasyApp
EasyApp features
Single-Sign-On
Endpoint usability
EasyAPP
Cross Platform
Support
Resource
Compatibility
Sign-in Page
Customization
Message broadcasting
Logging & Reporting
Bandwidth control
Link Stability
Asymmetrical Cluster
Cluster Cloud
HA Deployment
Bypass
IPsec VPN
PPTP VPN
Firewall
Deployment
Appliance management
Stability
Network and Deployment
SANGFOR® SSL VPN Product Features
SANGFOR TECHNOLOGIES INC. info@sangfor.net www.sangfor.net Tel: +1-408-520-7898

2. www.sangfor.net
Rapidity, Security, Virtualization, EasyApp
SANGFOR SSL VPN solution can be a convenient and effective way of landing a large number of
security mechanisms and end-user groups in achieving safe and efficient remote access to
enterprise applications, ensuring application system availability for remote workforce while
preventing business data exposed to risks of Internet attacks directly.
Rapidity: One of the fastest SSL VPN solutions by virtue of acceleration technologies.
Security: Identity, endpoint, transmission and resource authorization provides security protection
for secure business connectivity.
Virtualization: Do more with less by SANGFOR SSL VPN’s remote application module for applica-
tion virtualization solution.
EasyAPP: Integrate with your business Apps to enhance security, manageability and usability.
SANGFOR®
SSL VPN
Product Family
M5000-S-I M5400-S-I M5500-S-I M5600-S-I M5800-S-I M5900-S-I
Profile 1U 1U 2U 2U 2U 2U
RAM 1G 2G 2G 4G 4G 8G
HD Capacity N/A 500G 500G 500G 500G 500G
Concurrent Users 100 1200 2600 3800 5000 16000
Power and Physical Specifications
Dual Power Supplies N/A N/A N/A √ √ √
Power [Watt] (Typical) 60W 250W 250W 300W 300W 300W
Temperature －10~ 50℃－10~ 50℃－10~ 50℃－10~ 50℃－10~ 50℃－10~ 50℃
Relative Humidity 5%~95%
non-condensing
5%~95%
non-condensing
5%~95%
non-condensing
5%~95%
non-condensing
5%~95%
non-condensing
5%~95%
non-condensing
System Dimensions
(W×L×H mm3
)
430x300x44.5 430x430x44.5 440x500x89 440x500x89 440x500x89 440x600x89
System Weight 4.25 Kg 7.0 Kg 10.9 Kg 18.0Kg 19.0Kg 20.0 Kg
Network Interfaces
Compliance and certificate
10/100/1000
Base -T(WAN)
2 4 4 4 4 2
10/100/1000
Base -T(LAN)
1 1 1 1 1 1
10/100/1000
Base -T(DMZ)
1 1 1 1 1 1
SFP N/A N/A 2 4 4 4
Serial Port RJ45×1 RJ45×2 RJ45×2 RJ45×1 RJ45×1 RJ45×1
Compliance CE, FCC
M5100-S-I
1U
1G
500G
300
N/A
60W
－10~ 50℃
5%~95%
non-condensing
430x300x44.5
4.25 Kg
2
1
1
N/A
RJ45×1
CE, FCC CE, FCC CE, FCC CE, FCC CE, FCC CE, FCC
Model
VPN
SSL