SSL VPN Gateway Product Selection Guide
> Page 1 - AEP Networks, Array Networks
> Page 2 - Aventail, Caymas Systems, Check Point
> Page 3 - Cisco Systems, Citrix, F5 Networks
Page 4 - Juniper Networks, Nortel Networks, Permeo
> Page 5 - Portwise, Symantec, Whale Communications
> Page 6 - NeoAccel, Stonesoft
 |
| Vendor | Juniper Networks |
Juniper Networks |
Nortel |
Permeo
|
|---|---|---|---|---|
| Product Name | Netscreen Secure Access Series 500 |
Netscreen Secure Access Series |
VPN Gateway 30x0 |
Base5 |
| Product Type | SSL VPN Gateway Appliance |
Hybrid VPN Gateway Appliance |
Multi-Function Hybrid VPN Gateway Appliance |
SSL VPN Gateway Software Appliance |
| Vendor Positioning | SSL VPN Appliance |
SSL VPN Appliance |
SSL VPN Appliance |
Zero Touch VPN Software Appliance |
| Gateway Scalability | ||||
| VPN Coverage | ||||
| SSL Remote/Local Access3,4 |
Yes |
Yes |
Yes |
Yes |
| IPSec Remote/Local Access3,4 | Yes |
Yes |
||
| IPSec Site-to-Site Protection |
Yes |
|||
| Resource Access Methods (SSL-based unless noted) | ||||
| Web Applications | HTTP Proxy/URL Rewriter |
HTTP Proxy/URL Rewriter |
HTTP Proxy/URL Rewriter |
HTTP Proxy or Layer 5 Connector |
| Client-Server | Port Forwarder |
Port Forwarder |
Layer 5 Connector |
|
| Terminal-Server | Port Forwarder |
Port Forwarder |
Layer 5 Connector |
|
| Full Net Access | Level 3 Net Connector |
Level 3 Net Connector |
Layer 5 Connector |
|
(SSL & IPSec) |
||||
| Note: A user may need admin-level privileges on (a) browser (b) operating system (c) personal firewall in order to to load/operate an access agent on the user device. | ||||
| End Device Support for SSL Access Methods (Web/Client-Server/Terminal Server/Full Net Access) | ||||
| Windows XP | Yes/No/No/No |
Yes/Yes/Yes/Yes |
Yes/Yes/Yes/Yes |
Yes/Yes/Yes/Yes |
| Linux | Yes/No/No/No |
Yes/Yes/Yes/Yes |
Yes/No/No/No |
Yes/No/No/No |
| Macintosh | Yes/No/No/No |
Yes/Yes/Yes/Yes |
Yes/No/No/No |
Yes/No/No/No |
| Unix | Yes/No/No/No |
Yes/Yes/Yes/Yes |
Yes/No/No/No |
Yes/No/No/No |
| Other | Pocket PC: Yes/No/No/No |
Pocket PC: Yes/Yes/Yes/Yes |
Pocket PC: Yes/Yes/Yes/Yes |
Pocket PC: Yes/No/No/No |
| Client-Side Gateway Software | ||||
| Browser | IE, FireFox, Navigator, Safari |
IE, FireFox, Navigator, Safari |
IE, FireFox, Navigator, Safari |
IE, FireFox, Navigator, Safari |
| ActiveX or Java Agent1 | ActiveX (IE Only). |
ActiveX & Java. |
ActiveX (IE Only). |
Both; Delivers SOCKs-based Security Client |
| Proprietary Security Client2 | Level 3 Net Connector |
Level 3 Net Connector |
Level 3 Net Connector & Security Services; |
|
Access Methods Never Require Admin Privileges |
||||
| User Gateway Interface | ||||
| Web Portal13 | Yes |
Yes |
Yes |
Yes |
| Native Application Clients14 | Yes |
Yes |
Yes |
|
| Authorization Policy Granularity | ||||
| Applications & File Servers | Yes |
Yes |
Yes |
Yes |
| Subnetworks | Yes |
Yes |
Yes |
Yes |
| Web Pages (URLs) | Yes |
Yes |
Yes |
Yes |
| Identity-based Granular Access Control17 |
Yes |
Yes |
Yes |
Yes |
| Pre-Packaged Endpoint Security5 | ||||
| Session-level Security8 | Yes |
Yes |
Yes |
Yes |
| Compliance Enforcement9 | Yes |
Yes |
Yes |
|
| Personal Security Software10 | ||||
| Device OS Controls7 | Yes |
|||
| Integrated Perimeter Security | ||||
| Network Firewall | Yes |
|||
| IDS/IPS | ||||
| Web (HTTP) Firewall | Yes |
|||
| Denial-of-Service Defense15 | Yes |
Yes |
Yes |
|
| Other Key Features |
||||
| Service Provider Feature Set11 | Yes |
Yes |
||
| NIST Certified FIPS-14016 | Yes |
|||
| High Performance Platform12 | Yes |
Yes |
||
| Pre-Packaged Strong Authentication5 | ||||
| QoS Controls | ||||
| Other | Access Methods Never Require Admin Privileges |
|||
Notes:
- Required for some application access methods; uses browser SSL services
- Downloaded client is required either for some application access or for security functions like strong user authentication
- VPN between remote device and access gateway
- VPN between local device and access gateway
- Pre-packaged means the vendor delivers and supports the feature
- Gateway policy manager can control usage of actual application commands so users have access to limited application functionality; this goes beyond URL-level filtering of Web applications
- Controls a users ability to access device operating system services like printing and saving when accessing network application and file servers
- Includes such features as protected workspaces, session clean-up, and session time-outs
- Checks device security; enforces and adjusts user privileges, and assists in problem remediation consistent with pre-defined endpoint security policies
- Vendor provides personal security software like anti-virus, firewall, and spyware protection
- Includes secure gateway partitioning, VLAN support for SP data centers, customer usage and billing data/reports, secure remote policy administration, and remote service-level monitoring and reporting
- Rich set of performance enhancements - e.g., bulk crypto, web caching, SSL acceleration, hi-speed bus and interfaces
- Users access internal network resources through a gateway portal interface
- Users access internal resources via standard application clients
- Protects internal network from DOS attacks
- Encryption for communications and key storage
- Sophisticated user privilege management capabilities and policy admin tools
Gateway Product Lines & Models
Most vendors offer multiple models of gateways. You can view the platform-specific characteristics of the products displayed on this page now.