Secure Access Gateway Product Selection Guide
> Page 1 - AEP Networks, Array Networks
> Page 2 - Aventail, Caymas Systems, Check Point
> Page 3 - Cisco Systems, Citrix, F5 Networks
> Page 4 - Juniper Networks, Nortel Networks, Permeo
Page 5 - Portwise, SonicWall, Symantec, Whale Communications
> Page 6 - NeoAccel, Stonesoft
 |
| Vendor | Portwise | SonicWall | Symantec | Whale | |
|---|---|---|---|---|---|
|
|
|||||
| Product Name |
Portwise mVPN
|
SSL VPN 2000
|
Symantec
Gateway Security 5600 Series |
Intelligent Application |
|
|
|
|||||
| Appliance Type |
Secure Access Gateway (SSL)
|
Secure Access Gateway (SSL)
|
Multi-Function
Secure Access Gateway (Hybrid) |
Multi-Function
Secure Access Gateway (SSL with Hybrid option) |
|
|
|
|||||
| Vendor Positioning |
Enterprise Application Access Platform
|
SSL VPN Appliance
|
Multi-Function
Security Appliance |
Intelligent Application
Gateway |
|
| Competitive Differentiation (Select to View) |
Active Directory |
||||
| Gateway Scalability | |||||
| VPN Coverage | |||||
| SSL Remote/Local Access3,4 |
Yes
|
Yes
|
Yes
|
Yes
|
|
| IPSec Remote/Local Access3,4 |
Yes
|
Yes (Option)
|
|||
| IPSec Site-to-Site Protection |
Yes
|
||||
| Resource Access Methods (SSL-based unless noted) | |||||
| Web Applications |
HTTP Proxy/URL Rewriter
|
HTTP Proxy/URL Rewriter
|
HTTP Proxy/URL Rewriter
|
HTTP Proxy/URL Rewriter
|
|
| Client-Server |
Port Forwarder
|
Layer 3 Net Connector
|
Port Forwarder
|
Socket Forwarder
|
|
| Terminal-Server |
Port Forwarder
|
Layer 3 Net Connector
|
Port Forwarder
|
Socket Forwarder
|
|
| Full Net Access |
Layer 3 Net Connector
|
Layer 3 Net Connector
|
Layer 3 Net Connector
|
Socket Forwarder
|
|
| Net Connect is a thin client | |||||
| Note: A user may need admin-level privileges on (a) browser (b) operating system (c) personal firewall in order to to load/operate an access agent on the user device. | |||||
| End Device Support for SSL Access Methods (Web/Client-Server/Terminal Server/Full Net Access) | |||||
| Windows XP |
Yes/Yes/Yes/Yes
|
Yes/Yes/Yes/Yes
|
Yes/Yes/Yes/Yes
|
Yes/Yes/Yes/Yes
|
|
| Linux |
Yes/Yes/Yes/Yes
|
Yes/No/No/No
|
Yes/No/No/No
|
Yes/No/No/No
|
|
| Macintosh |
Yes/Yes/Yes/Yes
|
Yes/No/No/No
|
Yes/No/No/No
|
Yes/No/No/No
|
|
| Unix |
Yes/Yes/Yes/Yes
|
Yes/No/No/No
|
Yes/No/No/No
|
Yes/No/No/No
|
|
| Other |
Pocket PC, Smartphones: Yes/Yes/Yes/No
|
Pocket PC: Yes/No/No/No
|
Pocket PC, Smartphones: Yes/No/No/No
|
||
| Client-Side Gateway Software | |||||
| Browser |
IE, FireFox, Navigator, Safari
|
IE, FireFox
|
IE, FireFox, Navigator, Safari
|
IE, FireFox, Navigator, Safari
|
|
| ActiveX or Java Agent1 |
Java
|
ActiveX (IE Only).
|
ActiveX (IE Only).
|
ActiveX and Java
|
|
| Proprietary Security Client2 |
Level 3 Net Connector
|
Level 3 Net Connector
|
Level 3 Net Connector
|
||
|
|
|||||
| User Gateway Interface | |||||
| Web Portal13 |
Yes
|
Yes
|
Yes
|
Yes
|
|
| Native Application Clients14 |
Network Connector
|
||||
|
|
|||||
| Authorization Policy Granularity | |||||
| Applications & File Servers |
Yes
|
Web or Full Net Access
|
Yes
|
Yes
|
|
| Subnetworks |
Yes
|
Web or Full Net Access
|
Yes
|
Yes
|
|
| Web Pages (URLs) |
Yes
|
Yes
|
Yes
|
Yes
|
|
| Identity-based Granulular Access Control 17 |
Yes
|
No
|
Yes
|
Yes
|
|
|
|
|||||
| Pre-Packaged Endpoint Security5 | |||||
| Session-level Security8 |
Yes
|
?
|
TBD
|
Yes
|
|
| Compliance Enforcement9 |
Yes
|
?
|
Symantec Anti-Virus Only
|
Yes
|
|
| Personal Security Software10 |
?
|
Personal FW, Anti-Virus, Spyware Protection
|
|||
| Integrated Perimeter Security | |||||
| Network Firewall |
No
|
No
|
Yes
|
Yes
|
|
| IDS/IPS |
No
|
No
|
Yes
|
Yes
|
|
| Web (HTTP) Firewall |
No
|
No
|
?
|
Yes
|
|
| Denial-of-Service Defense15 |
?
|
?
|
Yes
|
Yes
|
|
| Other |
Anti-Virus, Anti-Spam
|
||||
|
|
|||||
| Other Key Features
|
|||||
| Service Provider Feature Set11 | |||||
| NIST Certified FIPS-14016 |
|
Yes
|
|||
| High Performance Platform12 | |||||
| Pre-Packaged Strong Authentication5 |
One-time Password
(One & Two-Factor) |
||||
| QoS Controls | |||||
| Other |
|
||||
Notes:
- Required for some application access methods; uses browser SSL services
- Downloaded client is required either for some application access or for security functions like strong user authentication
- VPN between remote device and access gateway
- VPN between local device and access gateway
- Pre-packaged means the vendor delivers and supports the feature
- Gateway policy manager can control usage of actual application commands so users have access to limited application functionality; this goes beyond URL-level filtering of Web applications
- Not Used
- Includes such features as protected workspaces, session clean-up, and session time-outs
- Checks device security; enforces and adjusts user privileges, and assists in problem remediation consistent with pre-defined endpoint security policies
- Vendor provides personal security software like anti-virus, firewall, and spyware protection
- Includes secure gateway partitioning, VLAN support for SP data centers, customer usage and billing data/reports, secure remote policy administration, and remote service-level monitoring and reporting
- Rich set of performance enhancements - e.g., bulk crypto, web caching, SSL acceleration, hi-speed bus and interfaces
- Users access internal network resources through a gateway portal interface
- Users access internal resources via standard application clients
- Protects internal network from DOS attacks
- Encryption for communications and key storage
- Sophisticated user privilege management capabilities and policy admin tools
Gateway Product Lines & Models
Most vendors offer multiple models of gateways. You can view the platform-specific characteristics of the products displayed on this page now.