Secure Access Gateway Product Selection Guide
> Page 1 - AEP Networks, Array Networks
> Page 2 - Aventail, Caymas Systems, Check Point
> Page 3 - Cisco Systems, Citrix, F5 Networks
> Page 4 - Juniper Networks, Nortel Networks, Permeo
> Page 5 - Portwise, SonicWall, Symantec, Whale Communications
> Page 6 - NeoAccel, Stonesoft
 |
| Vendor | NeoAccel | Stonesoft | ||
|---|---|---|---|---|
|
|
||||
| Product Name |
SSL VPN Plus™
|
StoneGate SSL VPN
|
||
|
|
||||
| Appliance Type |
Secure Access Gateway
(SSL) |
Secure Access Gateway |
||
|
|
||||
| Vendor Positioning |
Hi-performance SSL VPN Gateway
|
Secure Mobile Connectivity Appliance
|
||
| Competitive Differentiation |
Superior Performance especially, Real-time Applications
|
|||
| Gateway Scalability | ||||
| VPN Coverage | ||||
| SSL Remote/Local Access3,4 |
Yes
|
Yes
|
||
| IPSec Remote/Local Access3,4 |
No
|
No
|
||
| IPSec Site-to-Site Protection |
No
|
No
|
||
| Resource Access Methods (SSL-based unless noted) | ||||
| Web Applications |
HTTP Proxy/URL Rewriter
|
HTTP Proxy/URL Rewriter
|
||
| Client-Server |
Port Forwarder
|
Port Forwarder
|
||
| Terminal-Server |
Port Forwarder
|
Port Forwarder
|
||
| Full Net Access |
Proprietary client
|
Proprietary client
|
||
| Note: A user may need admin-level privileges on (a) browser (b) operating system (c) personal firewall in order to to load/operate an access agent on the user device. | ||||
| End Device Support for SSL Access Methods (Web/Client-Server/Terminal Server/Full Net Access) | ||||
| Windows XP* |
Yes/Yes/Yes/Yes
|
Yes/Yes/Yes/Yes
|
||
| Linux |
Yes/Yes/Yes/Yes
|
Yes/Yes/Yes/No
|
||
| Macintosh |
Yes/Yes/Yes/Yes (beta)
|
Yes/Yes/Yes/No
|
||
| Unix |
No/No/No/No
|
Yes/Yes/Yes/No
|
||
| Other |
No/No/No/No
|
Pocket PC, Smartphones; Yes/No/No/No
|
||
| * Full Net Access either works with IE or requires a downloadable VPN client (FireFox and Safari) | ||||
| Client-Side Gateway Software | ||||
| Browser |
IE, FireFox, Safari
|
IE, FireFox, Navigator, Safari
|
||
| ActiveX or Java Agent1 |
ActiveX & Java
|
ActiveX & Java
|
||
| Proprietary Security Client2 |
Level 3 Net Connector
|
Level 3 Net Connector
|
||
| User Gateway Interface | ||||
| Web Portal13 |
Yes
|
Yes
|
||
| Native Application Clients14 |
Yes
|
Yes
|
||
|
|
||||
| Authorization Policy Granularity | ||||
| Identity-based Granulular Access Control 17 |
Yes
|
Yes
|
||
|
Individual Applications & File Servers |
Yes
|
Yes
|
||
| Individual Web Applications on A Single Server |
Yes
|
Yes
|
||
| Individual Web Pages |
Yes
|
Yes
|
||
| Individual Application Functions |
No
|
No
|
||
| Subnetworks |
Yes
|
Yes
|
||
|
|
||||
| Pre-Packaged Endpoint Security5 | ||||
| Session-level Security8 |
Yes
|
Yes
|
||
| Posture Checking (NAC)9 |
No
|
Yes
|
||
| Personal Security Software10 |
No
|
Personal FW, App White Lists
|
||
| Integrated Perimeter Security | ||||
| Network Firewall |
Yes
|
Separate Products
|
||
| IDS/IPS |
No
|
Separate Products
|
||
| Web (HTTP) Firewall |
No
|
Separate Products
|
||
| Denial-of-Service Defense15 |
Yes
|
Separate Products
|
||
| Other | ||||
|
|
||||
| Other Key Features
|
||||
| Service Provider Feature Set11 |
Yes (except billing reports)
|
Yes
|
||
| NIST Certified FIPS-14016 |
No
|
No
|
|
|
| High Performance Platform12 |
Yes
|
No
|
||
| Pre-Packaged Strong Authentication5 |
|
One-time Password (One & Two-Factor)
|
||
| QoS Controls |
No
|
No
|
||
| Other |
|
|
||
Notes:
- Required for some application access methods; uses browser SSL services
- Downloaded client is required either for some application access or for security functions like strong user authentication
- VPN between remote device and access gateway
- VPN between local device and access gateway
- Pre-packaged means the vendor delivers and supports the feature
- Gateway policy manager can control usage of actual application commands so users have access to limited application functionality; this goes beyond URL-level filtering of Web applications
- NAC (network admission control) = pre- and post-admission device posture assessment and quarantine
- Includes such features as protected workspaces, session clean-up, and session time-outs
- Checks device security; enforces and adjusts user privileges, and assists in problem remediation consistent with pre-defined endpoint security policies
- Vendor provides personal security software like anti-virus, firewall, and spyware protection
- Includes secure gateway partitioning, VLAN support for SP data centers, customer usage and billing data/reports, secure remote policy administration, and remote service-level monitoring and reporting
- Rich set of performance enhancements - e.g., bulk crypto, web caching, SSL acceleration, hi-speed bus and interfaces
- Users access internal network resources through a gateway portal interface
- Users access internal resources via standard application clients
- Protects internal network from DOS attacks
- Encryption for communications and key storage
- Sophisticated user privilege management capabilities and policy admin tools
Gateway Product Lines & Models
Most vendors offer multiple models of gateways. You can view the platform-specific characteristics of the products displayed on this page now.