Advertisement

Secure Access Gateway Product Selection Guide

Introduction

Page 1 - AEP Networks, Array Networks

Page 2 - Aventail, Caymas Systems, Check Point

Page 3 - Cisco Systems, Citrix, F5 Networks

Page 4 - Juniper Networks, Nortel Networks, Permeo

Page 5 - Portwise, Symantec, Whale Communications

Page 6 - NeoAccel, Stonesoft

Vendor
Aventail
Caymas
 Check Point
Check Point
 
Product Name
EX-Series
Caymas Series
VPN-1
w/SSL Net Extender
Connectra
 
Appliance Type
Secure Access Gateway (SSL)
Multi-Function
Secure Access Gateway (Hybrid)
Multi-Function VPN Concentrator
Secure Access Gateway (SSL) Appliance & Software
 
Vendor Positioning
SSL VPN Appliance

Identity-Driven Access Gateways
Integrated Firewall and VPN Gateway
Web Security Gateway
 
Competitive Differentiation
    (Select to View)		    

Integrated Endpoint Security

Integrated Application Security

Unified Management Architecture

  
 
Gateway Scalability
 
VPN Coverage 
SSL Remote/Local Access3,4
Yes
Yes
Yes
Yes
IPSec Remote/Local Access3,4  
Yes
Yes
  
IPSec Site-to-Site Protection
  
Yes
Yes
  
 
Resource Access Methods (SSL-based unless noted)  
Web Applications
HTTP Proxy/URL Rewriter
HTTP Proxy/URL Rewriter
Level 3 Net Connector (SSL)
HTTP Proxy/URL Rewriter
Client-Server
Port Forwarding
Port Forwarding
Level 3 Net Connector (SSL)
Application & Level 3 Net Connector
Terminal-Server
Port Forwarding
Port Forwarding
Level 3 Net Connector (SSL)
Application & Level 3 Net Connector
Full Net Access
Level 3 Net Connector
Level 3 Net Connector
Level 3 Net Connector (SSL)
Level 3 Net Connector
   
(SSL & IPSec)
    
 Note: A user may need admin-level privileges on (a) browser (b) operating system (c) personal firewall in order to to load/operate an access agent on the user device 
End Device Support for SSL Access Methods (Web/Client-Server/Terminal Server/Full Net Access)
Windows XP
Yes/Yes/Yes/Yes
Yes/Yes/Yes/Yes
Yes/Yes/Yes/Yes
Yes/Yes/Yes/Yes
Linux
Yes/Yes/Yes/Yes
Yes/Yes/Yes/Yes
Yes/No/No/No
Yes/Yes/Yes/Yes
Macintosh
Yes/Yes/Yes/Yes
Yes/Yes/Yes/Yes
Yes/No/No/No
Yes/No/No/No 
Unix
Yes/Yes/Yes/Yes
Yes/Yes/Yes/Yes
Yes/No/No/No
Yes/Yes/Yes/Yes 
Other        
         
Client-Side Gateway Software
Browser
IE, FireFox, Navigator, Safari
IE, FireFox, Navigator, Safari
IE, FireFox, Navigator, Safari
IE, FireFox, Navigator, Safari
SSL VPN Agent1
ActiveX & Java
ActiveX & Java (P.F.)
ActiveX - Net Conn.
ActiveX - App Conn.
Java - App & Net Conn.
Proprietary Security Client2
Windows SOCKs Client
Level 3 Net Connector
Level 3 Net Connector (SSL)
Level 3 Net Connector (SSL)
 
User Gateway Interface 
Web Portal13
Yes
Yes
No
Yes
Native Application Clients14
Level 3 Net Connector (Windows SOCKS Client)
Level 3 Net Connector
Net Connector
Application & Level 3 Net Connector
 
Authorization Policy Granularity 
Applications & File Servers
Yes
Yes
Yes
Yes
Subnetworks
Yes
Yes
Yes
Yes
Web Pages (URLs)
Yes
Yes
  
Yes
Identity-based Granular
Access Control 20
Yes
Yes
No
Yes
 
Pre-Packaged Endpoint Security5 
Session-level Security8
Yes
Yes
Yes
Yes
Compliance Enforcement9
Yes
Yes
Yes
Yes
Personal Security Software10    
Spyware/malicious code protection (IE only)19
Spyware/malicious code protection (IE only)19
 
Integrated Perimeter Security 
Network Firewall  
Yes
Yes
Yes
IDS/IPS  
Yes
Yes
Yes
Web (HTTP) Firewal  
Advanced
Advanced
Advanced
Denial-of-Service Defense15  
Yes
Yes
Yes
Other  

L7 Content Filtering;
SNORT-based Anti-Virus

    
 
Other Key Features 
Service Provider Feature Set11  
Some16
    
NIST-Certified FIPS-14017  
Yes
    
High Performance Platform12  
Yes
    
Pre-Packaged Strong Authentication5        
Other      
Real-time Upates for Endpoint & Perimeter Security18

Notes:

  1. Required for some application access methods; uses browser SSL services
  2. Downloaded client is required either for some access methods or for security functions like strong user authentication
  3. VPN between remote device and access gateway
  4. VPN between local device and access gateway
  5. Pre-packaged means the vendor delivers and supports the feature
  6. Gateway policy manager can control usage of actual application commands so users have access to limited application functionality; this goes beyond URL-level filtering of Web applications
  7. TBD
  8. Includes such features as protected workspaces, session clean-up, and session time-outs
  9. Checks device security; enforces and adjusts user privileges, and assists in problem remediation consistent with pre-defined endpoint security policies
  10. Vendor provides personal security software like anti-virus, firewall, and spyware protection
  11. Includes secure gateway partitioning, VLAN support for SP data centers, customer usage and billing data/reports, secure remote policy administration, and remote service-level monitoring and reporting
  12. Rich set of performance enhancements - e.g., bulk crypto, web caching, SSL acceleration,
  13. Users access internal network resources through a gateway portal interface
  14. Users access internal resources via standard application clients
  15. Protects internal network from DOS attacks
  16. All features in note 11 except secure gatway partitioning
  17. Encryption for communications and key storage
  18. Requires a separate Check Point SmartDefense Server
  19. Requires separate Check Point desktop security software
  20. Sophisticated user privilege management capabilities and policy admin tools

Gateway Product Lines & Models

Most vendors offer multiple models of gateways. You can view the platform-specific characteristics of the products displayed on this page now.

Advertisement