SSL VPN Gateway Product Selection Guide
> Page 1 - AEP Networks, Array Networks
> Page 2 - Aventail, Caymas Systems, Check Point
> Page 3 - Cisco Systems, Citrix, F5 Networks
> Page 4 - Juniper Networks, Nortel Networks, Permeo
> Page 5 - Portwise, Symantec, Whale Communications
> Page 6 - NeoAccel, Stonesoft
AEP Networks offers two disticnt VPN Gateway product lines. The first, the Neilla Security Platform (NSP) was developed by Netilla which merged with AEP in 2004. The second, a hybrid gateway was developed by V-ONE Corporation which was acquired by AEP Networks in 2005.
| Vendor | AEP Networks |
AEP Networks |
Array Networks |
|---|---|---|---|
| Product Name | AEP Netilla Security Platform |
AEP SmartGate |
SPX-Series |
| Product Type | SSL VPN Gateway Appliance |
Hybrid VPN Gateway Software Appliance |
Multi-Function SSL VPN Gateway Appliance |
| Vendor Positioning | Secure Application Access Gateway |
Identity-Based Security Gateway |
Enterprise SSL VPN Appliance |
| Gateway Scalability |
|
||
| VPN Coverage | |||
| SSL Remote/Local Access3,4 |
Yes |
Yes |
Yes |
| IPSec Remote/Local Access3,4 | Yes |
||
| IPSec Site-to-Site Protection |
Yes |
||
| Resource Access Methods (SSL-based unless noted) | |||
| Web Applications | HTTP Proxy/URL Rewriter |
HTTP Proxy |
HTTP Proxy/URL Rewriter |
| Client-Server | Level 3 Net Connector |
Port Forwarder |
Level 3 Net Connector |
| Terminal-Server | Terminal Emulation |
Port Forwarder |
Level 3 Net Connector |
| Full Net Access | Level 3 Net Connector |
Level 3 Net Connector (IPSec) |
Level 3 Net Connector |
Note: A user may need admin-level privileges
on (a) browser (b) operating system (c) personal firewall in order to
to load/operate an access agent on the user device |
|||
| End Device Support for SSL Access Methods (Web/Client-Server/Terminal Server/Full Net Access) | |||
| Windows XP | Yes/Yes/Yes/Yes |
Yes/Yes/Yes/IPSec |
Yes/Yes/Yes/Yes |
| Linux | Yes/Yes/Yes/Yes |
Yes/Yes/Yes/IPSec |
Yes/Yes/Yes/Yes |
| Macintosh | Yes/Yes/Yes/Yes |
Yes/Yes/Yes/IPSec |
Yes/No/No/No |
| Unix | Yes/Yes/Yes/Yes |
Yes/Yes/Yes/No |
Yes/Yes/Yes/Yes |
| Other | Windows CE |
Palm, WinCE - X/-/-/- |
|
| Client-Side Gateway Software | |||
| Browser | IE, FireFox, Navigator |
IE, FireFox, Navigator |
IE, FireFox, Navigator, Safari |
| ActiveX or Java Agent1 | Java |
Java |
Both |
| Proprietary Security Client2 | Level 3 Net Connector |
Level 3 Net Connector (IPSec Only) |
|
| User Gateway Interface | |||
| Web Portal13 | Yes |
Yes |
Yes |
| Native Application Clients14 | Level 3 Net Connector |
Level 3 Net Connector |
|
| Authorization Policy Granularity
|
|||
| Applications & File Servers | Yes |
Yes |
Yes |
| Subnetworks | Yes |
Yes |
Yes |
| Web Pages (URLs) | Yes |
Yes |
Yes |
| Identity-based Granular Access Control 18 |
Yes |
SSL -Yes |
Yes |
| |
|||
| Pre-Packaged Endpoint Security5 |
|||
| Session-level Security8 | Yes |
Yes |
|
| Compliance Enforcement9 | Yes |
Yes |
|
| Personal Security Software10 | Yes |
||
| Integrated Perimeter Security | |||
| Network Firewall | Yes |
Yes |
|
| IDS/IPS | |||
| Web (HTTP) Firewal | Basic |
Advanced |
|
| Denial-of-Service Defense15 | Yes |
Yes |
|
| Other | L7 Content Filtering? |
||
| Other Key Features | |||
| Service Provider Feature Set11 | Yes |
||
| NIST-Certified FIPS-14017 | Yes |
Yes |
Yes |
| High Performance Platform12 | Yes |
||
| Pre-Packaged Strong Authentication5 | 2-factor token; Online registration for Tokens
& PKI |
||
Notes:
- Required for some application access methods; uses browser SSL services
- Downloaded client is required either for some applications or for security functions like strong user authentication
- VPN between remote device and access gateway
- VPN between local device and access gateway
- Pre-packaged means the vendor delivers and supports the feature
- Gateway policy manager can control usage of actual application commands so users have access to limited application functionality; this goes beyond URL-level filtering of Web applications
- TBD
- Includes such features as protected workspaces, session clean-up, and session time-outs
- Checks device security; enforces and adjusts user privileges, and assists in problem remediation consistent with pre-defined endpoint security policies
- Vendor includes personal security software like anti-virus, firewall, and spyware protection
- Includes secure gateway partitioning, VLAN support for SP data centers, customer usage and billing data/reports, secure remote policy administration, and remote service-level monitoring and reporting
- Rich set of performance enhancements - e.g., bulk crypto, web caching, SSL acceleration
- Users access internal network resources through a gateway portal interface
- Users access internal resources via standard application clients
- Protects internal network from DOS attacks
- These systems are pre-configured for environments ( e.g., Citrix MetaFrame® Presentation Server, Microsoft OWA and Windows Terninal Server) that do not need all the access methods available on the Netilla Service Platform
- Encryption for communications and key storage
- Sophisticated user privilege management capabilities and policy admin tools
Gateway Product Lines & Models
Most vendors offer multiple models of gateways. You can view the platform-specific characteristics of the products displayed on this page now.