FW/IPSec VPN Buyer’s Guide
5. Simple Deployment and Installation
Delivered as an appliance for |
|
|
| |
simple deployment | Yes |
|
| |
Delivered as software that has to |
|
| Can introduce interoperability | |
be loaded onto hardware | No |
| issues | |
Multiple deployment options: |
|
|
| |
o | Transparent mode | Yes |
|
|
o | Route mode | Yes |
|
|
| o BGP | Yes |
|
|
| o OSPF | Yes |
|
|
| o NAT | Yes, can be done on |
|
|
|
| per policy basis |
|
|
Offers multiple ways to interact |
|
|
| |
with the system: |
|
|
| |
o | Command Line Interface | Yes |
|
|
o | (CLI) |
|
|
|
Web interface | Yes |
|
| |
o | Graphical User Interface | Yes, Juniper |
|
|
| (GUI)/central | Networks NetScreen- |
|
|
| management platform | Security Manager |
|
|
Wizards to guide an administrator |
|
|
| |
through tasks, such as initial |
|
|
| |
configuration, policy install, VPN | Yes |
|
| |
set up |
|
|
|
|
Templates available for consistent |
|
|
| |
configuration of multiple devices | Yes |
|
| |
Integrated key networking |
|
| o Support of DIPs allows | |
functionality for easy integration |
|
| ||
into a network environment, such |
|
| ||
as: |
|
|
| translations using pools of |
o | Dynamic routing protocols | Yes |
| IP addresses to handle |
o | Virtual Routers | Yes |
| overlapping IP addresses. |
| o Support multiple | Yes |
| o MIPs provide |
o | routing domains |
|
| IP mapping for internal |
Multiple methods of | Yes |
| servers | |
| address translation |
|
| o VIPs provides mapping of |
o | o Dynamic IPs (DIPs) | Yes |
| protocols from one public |
Support Mapped | Yes |
| external IP to multiple | |
| IPsVLANs (MIPs) |
|
| internal private IPs based |
o Support Virtual IPs (VIPs) | Yes |
| on the port. Allows one IP | |
o | Supports NAT |
|
| address to support Web, |
| o | Yes |
| FTP, |
| o PAT/NAT capabilities | Yes |
| servers. |
Single patches that apply to the |
|
| Not possible if applications, | |
platform, OS and applications | Yes |
| OS and hardware are not fully | |
|
|
|
| integrated or from the same |
|
|
|
| vendor |
Ability to maintain the VPN |
|
| If the firewall policy requires | |
abstraction and continue to | Yes, through Security |
| the use of IP addresses then | |
leverage dynamic routing when | Zones |
| the management advantages | |
applying the firewall policy |
|
| of dynamic routing are lost. | |
Tools and services to facilitate |
|
|
| |
migration from other Firewall/VPN |
|
|
| |
products | Yes |
|
| |
Copyright © 2004, Juniper Networks, Inc. | 17 |
