FW/IPSec VPN Buyer’s Guide

5. Simple Deployment and Installation

Delivered as an appliance for

 

 

 

simple deployment

Yes

 

 

Delivered as software that has to

 

 

Can introduce interoperability

be loaded onto hardware

No

 

issues

Multiple deployment options:

 

 

 

o

Transparent mode

Yes

 

 

o

Route mode

Yes

 

 

 

o BGP

Yes

 

 

 

o OSPF

Yes

 

 

 

o NAT

Yes, can be done on

 

 

 

 

per policy basis

 

 

Offers multiple ways to interact

 

 

 

with the system:

 

 

 

o

Command Line Interface

Yes

 

 

o

(CLI)

 

 

 

Web interface

Yes

 

 

o

Graphical User Interface

Yes, Juniper

 

 

 

(GUI)/central

Networks NetScreen-

 

 

 

management platform

Security Manager

 

 

Wizards to guide an administrator

 

 

 

through tasks, such as initial

 

 

 

configuration, policy install, VPN

Yes

 

 

set up

 

 

 

 

Templates available for consistent

 

 

 

configuration of multiple devices

Yes

 

 

Integrated key networking

 

 

o Support of DIPs allows

functionality for easy integration

 

 

into a network environment, such

 

 

policy-based address

as:

 

 

 

translations using pools of

o

Dynamic routing protocols

Yes

 

IP addresses to handle

o

Virtual Routers

Yes

 

overlapping IP addresses.

 

o Support multiple

Yes

 

o MIPs provide one-to-one

o

routing domains

 

 

IP mapping for internal

Multiple methods of

Yes

 

servers

 

address translation

 

 

o VIPs provides mapping of

o

o Dynamic IPs (DIPs)

Yes

 

protocols from one public

Support Mapped

Yes

 

external IP to multiple

 

IPsVLANs (MIPs)

 

 

internal private IPs based

o Support Virtual IPs (VIPs)

Yes

 

on the port. Allows one IP

o

Supports NAT

 

 

address to support Web,

 

o Policy-based

Yes

 

FTP, e-mail and other

 

o PAT/NAT capabilities

Yes

 

servers.

Single patches that apply to the

 

 

Not possible if applications,

platform, OS and applications

Yes

 

OS and hardware are not fully

 

 

 

 

integrated or from the same

 

 

 

 

vendor

Ability to maintain the VPN

 

 

If the firewall policy requires

abstraction and continue to

Yes, through Security

 

the use of IP addresses then

leverage dynamic routing when

Zones

 

the management advantages

applying the firewall policy

 

 

of dynamic routing are lost.

Tools and services to facilitate

 

 

 

migration from other Firewall/VPN

 

 

 

products

Yes

 

 

Copyright © 2004, Juniper Networks, Inc.

17

Page 17
Image 17
Juniper Networks 710008-001 manual Simple Deployment and Installation