AG v5 SeriesSecureAccessGatewaysD A T A S H E E T

AG v5 Series secure access gatewaysprovide scalable and controlled remote andmobile access to corporate networks,enterprise applications and cloud services forany user, anywhere on any device.Powered by Array’s 64-bit SpeedCore architecture, AG v5 Seriessecure access gateways are the ideal choice for enterprises and serviceproviders seeking scalable and flexible secure access engineered tosupport next-generation mobile and cloud computing environments.Available as high-performance appliances that feature the latest inacceleration technologies and energy-efficient components or as virtualappliances that enable flexible pay-as-you-go business models, AG v5Series appliances are unmatched in their ability to provide remote andmobile access to large and diverse communities of interest withoutcompromising security or the end-user experience.

Highlights And BenefitsAnytime, anywhere browser-based secureremote access, enables increased productivityfor employees, partners,tenants, customers,contractors and guestsSimple, scalable and secure remote desktop thatenables use of PCs and virtual desktops from anydevice in any locationSecure mobile access for individual native and Webapplications for supporting Bring Your Own Device(BYOD) or secure access frommanaged smartphones and tabletsHardware appliances supporting up to 7 Gbpsthroughput, 130,000 concurrent users and 500,000user profiles formaintaining security and drivingproductivity at scaleVirtual appliances running on Array’s AVX SeriesNetwork Functions Platform support up to 10,000concurrent users and up to3,200 Mbps throughputVirtual appliances running on general-purposeservers support from 300 to 10,000 concurrent usersand from 100 to500 Mbps throughputUp to 256 cross-platform HTML5 secure accessportals, customizable to the security and usabilitypreferences of multipletenants and communities ofinterestSSL encryption for data in transitRange of access methods including Web, Layer-3,thin client, HTML5 and client-server connectivitySupports a range of OAuth, SAML, AAA, one-timepassword and multi-factor authentication schemesCan serve as a SAML IdP for other security andnetworking devicesEndpoint security including device-based identification, host-checking and adaptive policiesPer-user policy engine for identity-based access toURLs, files, networks and applicationsCross-platform support for a range of operatingsystems and browsersArray Business Continuity (ABC) contingencylicenses for affordably supporting surge remote accessN 1 clustering and redundant power for business-critical application environments requiring 24/7uptimeCompact 1RU and 2RU form factors forenvironments where space is at a premiumFamiliar CLI, intuitive WebUI and centralizedmanagement for ease of use and configuration

FeaturesIntegrated Secure AccessArray AG v5 Series secure access gateways integrate SSL VPN, remote desktop access and secure mobileaccess to deliver scalable and flexible secure access for both remote and mobile users.From a single platform, secure access can be enabled for multiple communities of interest includingemployees, partners, guests and customers.In addition, AG v5 Series dedicated appliances support next-generation “any-to-any” secure access via robustfeature sets for bring-your-own-device (BYOD) and controlled access to cloud services.SSL VPN Remote AccessSSL VPN secure remote access enables anytime, anywhere access to business applications – increasingproductivity while maintaining security and compliance. Users need only a common Web browser to quicklyand securely access resources and applications for which they are authorized.Using SSL, the security protocol present in all Web browsers, AG Series appliances can enable a range ofremote access methods across a broad spectrum of managed and unmanaged devices.Web applications can be made available within a secure Web portal, while network-level connectivity andconnectivity for specific client-server applications over SSL can be enabled via a universally-compatible client.Per-User Policy EngineAG v5 Series appliances enable access policies on a per user basis. In addition to validating hardware IDs, AG v5appliances check remote devices for required OS version, service packs and anti-virus/anti-spam/anti-spyware/firewall software before granting access to protected networks and resources.Roles may be assigned based on username, group name, source IP, login time and authentication method and canspecify which resources are available to which access methods. Each role may be assigned different resources andQoS policies.With capacity for 500,000 users in its local database, access policies can be stored on the Array appliance or can beprovided via integration with external OAuth or AAA servers. In addition, Single Sign-On (SSO) settings can becustomized to store multiple usernames and passwords for different backend application servers.Moreover, authentication may be set such that users must authenticate to multiple AAA servers for added security,in a manner similar to multi-factor authentication.The AG v5 Series also supports single sign-on (SSO). Working as a Security Assertion Markup Language (SAML)service provider (SP), the AG v5 Series confirms users’ identities and authorizations with an identity provider (IdP)to allow seamless access to multiple resources with a single login. SAML SSO streamlines the user experience whilemaintaining strong security. In addition, the AG v5 Series can serve as a SAML identity provider (IdP) for othersecurity and networking devices

Secure Mobile AccessIn addition to supporting remote desktop for iPhone, iPad and Android devices, AG v5 Series appliances alsosupport secure access for native business apps and HTML5 apps developed for mobile environments.After installing Array’s mobile client on tablets and smart phones, native business apps can be authorized forspecific users. HTML5 apps can be provisioned on a per-user basis and are accessible from a secure browser withinthe mobile client.Mobile VPN connections may be enabled per application, and applications may be authorized per user at theadministrator’s discretion; moreover, all data associated with enterprise apps are stored in a secure container toprevent data leakage.In the event that devices become lost or stolen, contents of the secure container may be remotely wiped; inaddition, device-based identification may be used to prevent future connectivity to the Array appliance from lost orstolen devices.Virtual PortalsBuilt on Array virtualization technology, AG v5 Series appliances can support up to 256 secure access virtualHTML5 portals to meet the unique needs of multiple user groups and tenants. Each virtual HTML5 portal is fullyindependent, with separate management, access policies, access methods and resources.HTML5 portals do not depend on ActiveX or Java applets, and are compatible with all platforms, thus providing aunified experience for end users regardless of the platforms or browsers.Built-in templates make creating virtual portals easy, and provide a starting point for further customization. Inaddition, features and functions can be seamlessly integrated into existing Web pages and custom layouts withminimal effort using Array portal theme technology.Remote Desktop AccessRemote desktop access allows employees to access their work PCs and laptops from any location as if theywere in the office. Using remote desktop, workers can control their physical and virtual office desktops fromany remote location – whether they are at their home office, a customer or partner site or on a tablet or smartphone.Remote desktop access is different from traditional VPN access. Because sensitive files and data never leavethe corporate network and never reside on remote and mobile devices, security is assured.Leveraging existing office PCs and unique Array remote desktop technologies such as user self-registrationand wake-on-LAN, remote access and BYOD can be extended enterprise-wide in a manner that is both secureand cost-effective.

End-to-End SecurityA dissolvable client-side security agent mitigates network or resource exposure by enforcing pre- andpost-admission policies and adapting access rights to suit changes in the client environment. Host-checkingverifies device and user identity, and ensures clients meet pre-defined security parameters (anti-virus,anti-spyware, personal firewalls, patches, service packs) and determines adaptive policies. For additional control,cache cleaning can be enabled to wipe cached information from devices when sessions end.The AG v5 Series supports multiple authentication methods to provide an additional layer of defense againstunauthorized access and misuse of data and applications. The built-in one-time password (OTP) capability usesSMS to verify identities via users’ mobile phones. Multiple 3rd party two-factor and multi-factor authenticationproducts are also supported.All traffic between clients and the Array appliance is secured via SSL encryption, and a security-hardened OSensures that Array appliances are as secure as the networks and resources they protect. Layer 2-7 authorizationprovides granular access control based on user identity and role within the organization and auditing tracks allactivity on a per-user, per-event and per-resource level. URL blacklisting is also available to restrict access toundesirable Web sites.For organizations with remote offices, branches or other operations, the AG v5 Series supports Site2Site, ahub-and-spoke SSL VPN tunneling solutionAcceleration & AvailabilitySecurity often comes at the expense of performance and ease-of-use; in other words, secure access won’t enhanceproductivity unless users find it fast and friendly. To ensure both performance and security, AG v5 Series appliancessupport integrated application acceleration features including connection multiplexing, SSL acceleration andcompression.In the event of a failure, Array N 1 clustering technology ensures a transparent and unaffected end-userexperience.Management & ReportingAG v5 Series appliances offer both a familiar CLI and an intuitive Web user interface that can easily becustomized to create streamlined, integrated management systems. Monitoring is made simple withSNMP-based monitoring tools, and with support for XML-RPC, a range of third-party applications can be usedto automate management tasks.

Integration & ExtensibilityTaking advantage of extensible APIs, IT can marry secure access intelligence with threat and risk managementplatforms, virtual management platforms, and custom solutions for reporting, billing, SLAs and vertical-specificrequirements. Developers can also create custom native apps with built-in security for mobile environments. Fromproviding real-time usage intelligence to seamlessly interacting with 3rd party secure access and applicationdelivery technologies to integrating with cloud management systems, the power of AG v5 Series APIs isunprecedented.Array Business Continuity (ABC)Secure access is a compelling technology for business continuity planning; however, many vendors requirebusinesses to buy contingency licenses outright and most competing products are designed with only enoughcapacity to support the limited needs of day-to-day remote access.Only Array has the scalability to support an entire workforce on a single system while maintaining a premiumexperience for each user. And because helpdesk calls are the last thing you need in an emergency, Array offersthe unique ability for first time users to log into a company URL and immediately see their familiar work desktop.Ten-day contingency licenses are available in increments from 25 to 12,000 concurrent users and are activatedby exceeding a base concurrent user license.Product EditionsAG v5 Series physical appliances and vxAG virtual appliances support multiple options: AccessDirect enables SSLVPN remote access, and the DesktopDirect add-on enables remote desktop access. In addition, all productoptions support ABC business continuity contingency licensesPhysical & Virtual AppliancesAG v5 Series physical appliances leverage a multi-core architecture, SSL acceleration and compression,energy-efficient components and 10 GigE connectivity to create solutions purpose-built for scalable secure access.The AG1500FIPS model offers FIPS 140-2 Level 2 compliance for organizations that require a higher level ofsecurity.Whether running on Array’s AVX Series Network Functions Platform, on common hypervisors, or in popular publiccloud platforms, vxAG virtual appliances are ideal for organizations seeking to benefit from the flexibility of virtualenvironments, offer infrastructure services and new elastic business models or evaluate Array secure access withminimal risk and up-front cost.

AG v5 SeriesSpecificationsAccess MethodsClientless:Web Access100% clientless – Supports HTML, JavaScript and plug-in parameters – Ensures proper function ofapplications beyond the corporate network – Masks internal DNS and IP addressing – Supportsbrowser-based access from any device – Supports URL filtering – Web file sharingOn-Demand Client:Network & Application AccessPre-installed or Web-delivered client – L3, L4 or auto-select tunneling – Auto-launch upon login,transparent to users – L3 & L4 for Windows 8 ( 64 bit), windows 10 (32/64 bit), Windows 11 ( 64 bit),Linux, MacOS – Split tunneling and full tunneling control, create tunnel through HTTP forward proxy– Supports any IP application including TCP, UDP, NetBIOS, Outlook, Terminal Devices, FTP, CRMand all CS and BS applications – Internal static and dynamic IP address assignment and externalDHCP server IP address assignment – Network drive mapping – Auto-launch of network scripts andcommands – Differentiated configurations per user or group roles – Stand-alone, command line andSDK for Array VPN client – MotionPro Windows/MacOS Client –Multi-language support – Detailedtraffic logsThin Client:Remote Desktop AccessUtilizes local RDP client (RDP 5.0 or higher) – RDP auto-update/deployment – User parametersincluding screen size, color depth, sound and redirection (if permitted) – Multiple monitors –Performance tuning – Redirection control for drives, printers,ports, smart cards and clipboards –Supports VMView 6.x – manual registration oremail-based Hardware ID self-registrationMobile Client:Secure Mobile AccessMotionPro native app for secure mobile access for iPad, iPhone and Android devices – Downloadablefrom Apple AppStore and Google Play marketplace – Automatedapp installation – SSL mobile VPN –SDK for native 3rd party apps with integratedapplication level VPN – Secure browser for Web &HTML5 applications – Allowsenabling/disabling access by device type (smartphone, tablet, etcRemote Office Support:SSL VPN TunnelingSite2Site secure SSL VPN tunneling for remote offices, branches or other operations

Client-Side SecurityHost CheckingVerifies device state prior to granting access – Scans for personal firewalls, anti-virus, anti-spam,anti-spyware, software version and service packs – Custom rules for a range of apps, registry checksand patches – MAC address or hardware ID validationAdaptive PoliciesCache CleaningAccess level conditional on end-point status – Integrated policy managementWipes all stored browser information upon session termination – Per-session with idle timeout andbrowser closureEnd-Point SecurityDevice-based identification, remote wipe for mobile devices through MDM Integration.Server-Side SecurityGatewaySecurity-hardened OS – Passive and active Layer-7 content filtering – Permit or deny policies – DDoSprevention – Reverse-proxy network separationEncryptionTLS 1.0/SSL 3.0, TLS 1.2 – RC4-MD5, RC4-SHA, EXP-RC4-MD5, DES-CBC3-SHA, AES128-SHA,AES256-SHA, AES128-SHA256, AES256-SHA256, ECDHE-RSA-AES128-SHA,ECDHE-RSA-AES256-SHA, ECDHE-RSA-AES128-SHA256, 6, , ECDHE-ECDSA-AES256-SHA, 4, CM-SHA384, ECC-SM4-SM3 and ECDHE-SM4-SM3– 1024 – 1024, 2048 and4096-bit keys – SSL session reuse – Certificate field passing tobackend – Online/offline CRL – OCSPAuthentication, Authorization & Auditing (AAA)AuthenticationLDAP, RADIUS, AD, LocalDB, RSA SecurID, Swivel, Vasco, SMX, custom, multi-step HTTP – 500,000users in LocalDB – Enable/disable LocalDB user – LocalDB password policy control – Backup/restoreLocalDB – Export LocalDB in CSV format (Excel) – Up to 1500 logins per second – Certificate-basedauthentication – Authentication server ranking (search user credential in multiple servers) – RADIUSchallenge response mode – Restrict login based on date and time – Single sign-on, NTLM, HTTP basicauthentication and HTTP POST – User lock-up by login failure, inactivity or manually by administrator– Automatic login failure lockout for AAA accounts – SAML single sign-on (SSO) SP or IdP – OAuth viaGoogle or WeChat

AuthorizationGranular access control – Role-based access control – Roles defined by username, group name, logintime, source IP and login method – Permit and deny policies – Authorize user based on MAC addressor hardware ID – Provides high flexibility in configuration and detailed logging – Available desktopsand redirection conditional upon end-pointsAuditingFull audit trail in WebTrends WELF format – Logs all user activity (success, failure, attack) – Syslog –Alarm/trap – Stats/counters – SNMP MIBMulti-FactorBuilt-in one-time password, SSL client certificates, RSA SecurID, Entrust, other RADIUS-basedauthentication systems – Multiple AAA server authenticationPerformance & ScalabilitySystem64-bit Array SpeedCore multi-core platform – Optimized packet flow with single-digitmillisecondlatency – Up to 130,000 concurrent users on a single appliance – Up to 7 Gbps SSL throughput on asingle appliance – SSL key exchange and bulk encryptionperformed in kernel – Connectionmultiplexing for optimizing server efficiency andreducing back-end connections – High-availabilityand scale out (active/active,active/standby clustering)VirtualizationUp to 256 virtual secure access portals – Single page virtual site creation – Concurrent user sessioncontrol per virtual portal – Delegated management – Portal theme technology for custom virtualportals or integrating with pre-existing Web pages – Pure Java script-based customization on pervirtual portal basis – No external server requirements – Localized end-user GUI support for English,Japanese, simplified and traditional ChineseManagementSystem AdministrationIntuitive WebUI – Quick-start wizard – Role-based administration – Strong administratorauthentication – RADIUS accounting – No client installation or management – Configurationsynchronization – Full device backup and restore including client security, portal theme, SSLcertificates, keys, CRL, LocalDB – User/feature license control – Exporting of system statistics – NTP,NAT, RTS, logging – Customizable DNS resolutionArray RegistrationTechnology (ART) forRemote DesktopManual/static registration – User self-registration/automatic registration – Bulk registration(import/export from external database) – Scalable to 150K users and 300K desktops – Registrationportal wizard – Remote power management via wake-on-LAN (WoL) technology

Warranty & SupportSystemSupport1-year hardware, 90-day softwareGold, silver and bronze-level support planArray Secure AccessArchitectureAG SeriesMobile andRemote AccessSecured AppsOffice workersEmployee andGuest AccessBYODNetwork PerimeterPublic andPrivate Cloud

Product Specifications Standard o OptionalAccessDirectDesktopDirectSSL VPN Remote AccessRemote Desktop Access5 included5 included2048/4096-bit SSL EncryptionLayer-3 VPN ClientWeb ApplicationsHTML5Host Checking & Cache CleaningSAML Single Sign-On (SSO)Client, App & Device SecuritySecure BrowserSite2Site SSL VPN TunnelingArray Registration TechnologyWake-on-LANClusteringWebUIVirtual Portals*Additional Virtual PortalsArray Business Continuity

Product Specifications Standard o OptionalMax. Concurrent UsersMax. Virtual PortalsAG1000 v5AG1100 v5AG1200 v5AG1500 v51,0006,00025,00072,0001050AG1500FIPS70,000AG1600 v5130,0002562048-bit SSL ProcessingYesCompressionYesInterfaces1GigE Copper41GigE Fiber10GigE FiberActive/ActiveActive/StandbyClusteringForm FactorTypical Power ConsumptionInput VoltageDimensionsWeightEnvironmentalRegulatory ComplianceSafetySupportWarranty1USingle Power: 134W; Dual Power 153W153W2U1U166.6W153WAG1000 v5,1100 v5, 1200 v5Single Power: 100-240VAC, 8-4A, 50-60HzAG1100 v5, 1200 v5,AG1500 v5, 1600 v5Dual Power: 100-240VAC, 8-4A, 50-60Hz, Auto-Ranging, Hot SwappableAG1500FiPSDual Power: 100-240VAC, 10-5A, 50-60Hz, Auto-Ranging, Hot SwappableAG1000 v5,1100 v5, 1200 v5Single Power: 17” W x 15” D x 1.75” HAG1100 v5, 1200 v5,AG1500 v5, 1600 v5Dual Power: 17” W x 19.875” D x 1.75HAG1500FiPSDual Power: 17” W x 21.5” D x 3.5HAG1000 v5,1100 v5, 1200 v5Single Power: 13.6lbsAG1100 v5, 1200 v5,AG1500 v5, 1600 v5Dual Power: 17.2lbsAG1500FiPSDual Power: 28lbsOperating Temperature: 0 to 45 C, Humidity: 0% to 90%, Non condensingCIES-003, EN 55024, CISPR 22, AS/NZS 3548, FCC, 47FR part 15 Class A, VCCI-A.AG1500FIPS only: FIPS140-2 Level 2CSA, C/US, CE, IEC 60950-1, UL/CSA 60950-1, EN 60950-1Gold, Silver and Bronze Level Support Plans1 Year Hardware, 90 Days Software*Power consumption and BTU values vary dependent on product configuration.

Supported HypervisorsvxAGVMware ESXi 4.1 or LaterXenServer 5.6 or LaterOpenXen 4.0 or LaterKVM 1.1.1-1.8.1 or laterArray AVX SeriesVirtual Machine RequirementsRequires Minimum:2 vCPUs4GB RAM40GB Disk4 Virtual Network Adapters

VERSION: JUL-2019-REV-A1371 McCarthy Blvd.Milpitas, CA 1-866-MY-ARRAY 1 408-240-8700 2021 Array Networks, Inc. All rights reserved. Array Networks, the Array Networks logo, AppVelocity, eCloud, ePolicy, eRoute, SpeedCore andWebWall are all trademarks of Array Networks, Inc. in the United States and other countries. All other trademarks, service marks, registered marks, orregistered service marks are the property of their respective owners. Array Networks assumes no responsibility for any inaccuracies in this document.Array Networks reserves the right to change, modify, transfer, or otherwise revise this publication without notice.

SSL VPN secure remote access enables anytime, anywhere access to business applications - increasing productivity while maintaining security and compliance. Users need only a common Web browser to quickly . In addition to supporting remote desktop for iPhone, iPad and Android devices, AG v5 Series appliances also