BUILDING AND MANAGING VIRTUAL
PRIVATE NETWORKS
VPN-CAPABLE
FIREWALLS:
Product
(Company) |
AIX Firewall
(IBM) |
BorderGuard
(StorageTek) |
BorderWare
Firewall Server (Secure Computing) |
Eagle (Raptor) |
Firebox
II (Watchguard Technologies) |
Firewall-1
(Check Point Software) |
Gauntlet
(Network Associates) |
Mobile VPN
(Aventail) |
PERMIT 2505,
4504 (TimeStep) |
PIX Firewall
(Cisco) |
Proxy Server
(Microsoft) |
SecurIT
FIREWALL (Milkyway) |
SmartWall
(V-One Corp.) |
Sunscreen
EFS (Sun Microsystems) |
Price |
$4,495-$16,495 |
$3,000 + |
$4,000-$13,000 |
$6,500+ |
$4,995 |
$18,990
|
$11,500
(50-250 users) |
$4,995 -$11,995 |
$4,995-$10,995 |
$9,000 (64
connections) $15,000 (256 connections) |
$995 |
$1,900 -
$14,500 |
$20,000
+ |
$4,995 |
Platforms
- server |
AIX, OS/2,
Windows NT |
N/A |
Unix |
Windows
NT 4.0, Solaris, Unix |
Windows
95, NT, Linux |
AIX, DEC
Unix, HP-UX, Solaris, Windows 95, NT |
BSDI, Solaris,
HP-UX, Windows NT |
Windows
NT, Solaris, AIX, IRIX, BSD/OS, Linux, ScO OpenServer |
N/A |
N/A |
Windows
NT |
Suns/OS |
HP-UX, Solaris,
Windows NT, BSDI |
Solaris,
Windows 95 |
Platforms
- remote access |
Windows
95, NT, OS/2 Warp |
Windows
95, NT |
Windows
NT, DOS, Unix |
Windows
3.11, Windows 95, NT |
Windows
95, NT |
Windows
95 |
Windows
95, NT |
Windows
3.x, Windows 95, NT, Solaris, Linux, BSD/OS, IRIX, SCO OpenServer |
Windows
95 |
- |
Windows
95, NT |
Solaris,
SUn/OS, Windows 95, NT |
Windows
3.x, 95, NT, Mac |
Solaris,
Windows 95, NT |
Tunneling
protocol |
IPSec, L2TP |
proprietary |
IPSec |
IPSec, swIPe |
IPSec, PPTP |
PPTP, L2TP,
L2F |
swIPe, IPSec |
SOCKS 5.0,
PPTP, IPSec |
PPTP, L2TP,
L2F |
IPSec (ESP) |
PPTP |
IPSec |
PPTP |
SKIP |
Protocols
supported |
IP, IPX |
IP |
IP |
TCP, UDP,
ICMP |
TCP, UDP |
IP |
TCP, UDP,
ICMP |
TCP, UDP |
TCP, UDP |
TCP, UDP |
TCP, UDP |
TCP, UDP |
TCP, UDP |
TCP, UDP |
Encryption
type |
IPSec, DES,
CDMF |
IDEA, NSC1,
DES, Triple Des |
DES, Triple
DES, RC4 |
DES, Triple
DES, RC2, IPSec AH |
RC4 (40-bit
or 128-bit) |
DES, Triple
DES, IPSec, FWZ-1 |
56-bit DES |
DES, Triple
DES, MD4, MD5, SHA-1, RC4 |
DES, Triple
DES, IPSec, FWZ-1 |
DES |
MPPE, PPP |
CAST, MD2,
MD5, DES |
DES, Triple
DES, RSA |
RC2, RC4,
DES, Triple DES, 128-bit SAFER CBC |
User authentication |
- |
software
or hardware tokens |
CryptoCard,
SecurID, S/Key |
S/Key, NT
Domain, RADIUS, TACACS+, Cryptocard, SecurID, Assurenet |
CHAP |
S/Key, SecurID,
Axent |
- |
Username
& password, CHAP, RADIUS, SecurID, SSL |
S/Key, SecurID,
Axent |
RADIUS,
TACACS+ |
RADIUS |
Username
& password, group ID |
Smart cards,
Fortezza |
SKIP, Password,
SecurID |
Access controls |
Source,
destination, protocol, IP address, port, user, time |
Source,
destination, IP address, service, user, time |
Source,
destination, protocol, user, port, time |
Source,
destination, IP address, service |
LAN segment |
Source,
destination, service, user, time |
User group,
service group, IP address, host name |
Source,
destination, IP address, application or service, user identity |
Source,
destination, service, user, time |
RADIUS,
TACACS+ |
IP address,
source, destination |
Source,
destination, IP address, user identity, application type, time of
access |
Destination
host name, port, URL, IP address |
Source,
destination, IP address, application |
User management
integration |
- |
- |
- |
Firewall
users, NT user domains |
NT User
domains |
RADIUS |
NT Domains |
NT User
domains, Unix password files, SecurID, RADIUS, NDS |
RADIUS |
NT user
domain, LDAP, RADIUS |
NT User
domains |
LDAP, X.500 |
- |
Unix password,
SecurID |
Key management |
Manual,
proprietary |
Proprietary |
Manual |
Proprietary |
Manual |
IKE, SKIP,
FWZ, Manual IPSec |
IKE |
RSA B-Safe |
IKE, SKIP,
FWZ, Manual IPSec |
Manual |
N/A |
Entrust |
Manual |
SKIP |
# tunnels
supported |
- |
- |
- |
Unlimited |
64 |
- |
99 trusted
links |
Unlimited |
- |
256 |
- |
not given |
- |
- |
# nodes
supported |
- |
- |
- |
Unlimited |
Unlimited |
- |
Unlimited |
Unlimited |
- |
- |
- |
not given |
- |
- |
Remote management |
Yes |
Yes |
Yes |
- |
Yes |
Yes |
Yes |
No |
Yes |
Yes |
Yes |
Yes |
- |
Yes |
Certificates |
- |
- |
- |
- |
- |
Yes |
Yes |
No |
- |
- |
No |
X.509 |
X.509 |
No |
Remote access
client |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
No |
Yes |
Yes |
Yes |
Yes |
NAT |
Yes |
- |
Yes |
- |
- |
Yes |
Yes |
- |
- |
Yes |
- |
- |
Yes |
Yes |
Product
type |
software |
software |
software |
software |
firewall
applicance |
software |
software |
software |
firewall
appliance |
hardware |
software |
software |
software |
software |
|
|
ISBN 0-471-16519-0
383pages
November, 1996
Wiley
Computer Publishing
Timely. Practical. Reliable.
|