SSL VPN Gateway Product Selection Guide
Gateway Platforms
In our new Product Selector, we provide a way to easily view how leading products map to small, medium, large and service provider environments. Most vendors offer multiple models of their products which vary in terms of the maximun number of concurrrent SSL users that each can support with an appropriate software license. The following table shows how each vendors product lines map to different environments.
Note: The concurrent user (CU) rating is for a single appliance. Active/standby configurations and multi-unit clusters are also generally available.
|
Department & Small Company
|
Medium Company
|
Large Company
|
Very Large Company & Service Provider
|
|
|
Gateway Unit
Max Capacity: (Concurrent Users) |
50 CUs
|
500 CUs
|
1000-1200 CUs
|
1200++CUs
|
|
AEP Networks NSP
|
A-Class
(25 CU) |
B-Class
(150 CU) |
E-Class
(1000 CU) |
G-Class
(2000 CU) |
|
AEP SmartGate
|
TBD
|
TBD
|
||
|
Array Networks
|
SPX-2000
(500 CU) |
SPX-3000 SPX-5000
(2500 CU) (64000 CU) |
||
|
Aventail
|
EX-750
(50 CU) |
EX-1600
(1000 CU) |
EX-2500
(2000 CU) |
|
|
Caymas Systems
|
|
Caymas 318 (100 CU)
Caymas 220 (500 CU) |
Caymas 525
(2500 CU) |
|
|
Check Point
|
Connectra 1000 & 2000
(250 CU & 500 CU) |
Connectra 6000
(2000 CU) |
||
|
Cisco Systems
|
ASA-5510
(50 CU) |
ASA-5510(150 CU) |
ASA-5540
(1250 CU) |
ASA-5540
(2500 CU) |
|
|
VPN 3005
(50 CU) |
VPN 30XX
(500 CU) |
-
|
-
|
|
Citrix
|
|
|
-
|
(2000 CU)
|
|
F5 Networks
|
FirePass 1020 |
FirePass 4130
(500 CU) |
FirePass 4140
(1000 CU) |
FirePass 4150
(2000 CU) |
|
Juniper
Networks |
SA-700
(50 CUs) |
SA-2000, 4000
(250, 500 CU) |
SA-6000
(1000 user) |
-
|
|
NeoAccel
|
SME
(10-100 CU) |
SSL VPN Plus Enterprise (Software Appliance)
(100-20000 CU) |
||
|
Nortel Networks
|
VPN 3050 (2000 CU) |
|||
|
Portwise
|
-
|
-
|
||
|
SonicWALL
|
SSL VPN 200
(10 CU) |
SSL VPN 2000
(100 CU) |
||
|
Stonesoft
|
StoneGate SSL400 (up to 25 CUs)
|
StoneGate SSL2000 (up 500 CUs)
|
StoneGate SSL6000 (up to 5000 CUs)
|
StoneGate SSL6000 (up to 5000 CUs)
|
Whale
Communications |
Intelligent Access Gateway
Express Edition (250 CU) |
Intelligent Access Gateway
Enterprise Edition (1200 CU) |
-
|
Product Platform Categories
While product categorization is an imperfect and arbitrary activity the grouping of SSL VPN gateways into distinct classes is still a practical affair. Breakaway has elected to divide the population of vendor products into four categories we feel are most useful for organizations beginning their search for the "best fit" system for their particular ennvironments. As buyer requirements and vendor products evolve so will our product categories.Department & Small Company
- Up to 50 concurrent users per system, or approximately 250 actual users assuming a 5:1 ratio
- Active/stand-by configuration but lacks sophisticated "mission-critical" features
- Single security administrator - no need for hierarchical admin
- Policy management tools suitable for administering non-complex security policies
- Sophisticated endpoint security features
- Basic gateway and webtop user interface
- Active Directory support; generally uses password authentication
Medium Company
- Up to 500 concurrent users per system, or approximately 2500 actual users assuming a 5:1 ratio
- Multi-unit, high availability clusters with sophisticated service level management features
- Multiple security administrators for intranets/extranets - hierarchical & distributed
- Policy management tools suitable for administering complex security policies
- Sophisticated endpoint security features
- Fully customizable gateway and webtop user interface
- Integration with existing portals, diverse directories and authentication services
Large Company
- Up to 1000 concurrent users per system, or approximately 10,000 actual users assuming a 5:1 ratio
- Multi-unit, high availability clusters with sophisticated service level management features
- Rich set of performance enhancements - e.g., bulk crypto, web caching, SSL set-up
- Multiple security administrators for intranets/extranets - hierarchical & distributed
- Policy management tools suitable for administering complex security policies
- Sophisticated endpoint security features
- Fully customizable gateway and webtop user interface
- Integration with existing portals, diverse directories and authentication services
Service Provider & Very Large Company
- 1000++ concurrent users per system, or 10,000++actual users assuming a 5:1 ratio
- Multi-unit, high availability clusters with sophisticated service level management features
- Rich set of performance enhancements - e.g., bulk crypto, web caching, SSL set-up
- Multiple security administrators for intranets/extranets - hierarchical & distributed
- Policy management tools suitable for administering complex security policies
- Sophisticated endpoint security features
- Fully customizable gateway and webtop user interface
- Integration with existing portals, diverse directories and authentication services
- Support for gateway sharing by multiple internal or SP customers" (Note 1)
Note 1: key "service provider" features include secure gateway partitioning, VLAN support for SP data centers, customer usage and billing data/reports, secure remote policy administration, and remote service-level monitoring and reporting.