Juniper Networks 710008-001 User Manual
FW/IPSec VPN Buyer’s Guide
Copyright © 2004, Juniper Networks, Inc. 17
5. Simple Deployment and Installation
Delivered as an appliance for
simple deployment
simple deployment
Yes
Delivered as software that has to
be loaded onto hardware
be loaded onto hardware
No
Can introduce interoperability
issues
issues
Multiple deployment options:
o Transparent mode
o Route mode
o Route mode
o BGP
o OSPF
o NAT
o OSPF
o NAT
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes, can be done on
per policy basis
Offers multiple ways to interact
with the system:
with the system:
o Command Line Interface
(CLI)
o Web interface
o Graphical User Interface
o Graphical User Interface
(GUI)/central
management platform
management platform
Yes
Yes
Yes, Juniper
Networks NetScreen-
Security Manager
Wizards to guide an administrator
through tasks, such as initial
configuration, policy install, VPN
set up
through tasks, such as initial
configuration, policy install, VPN
set up
Yes
Templates available for consistent
configuration of multiple devices
configuration of multiple devices
Yes
Integrated key networking
functionality for easy integration
into a network environment, such
as:
functionality for easy integration
into a network environment, such
as:
o Dynamic routing protocols
o Virtual Routers
o Virtual Routers
o Support multiple
routing domains
o Multiple methods of
address translation
o Dynamic IPs (DIPs)
o Support Mapped
IPsVLANs (MIPs)
o Support Virtual IPs (VIPs)
o Supports NAT
o Supports NAT
o Policy-based
o PAT/NAT capabilities
o PAT/NAT capabilities
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
o Support of DIPs allows
policy-based address
translations using pools of
IP addresses to handle
overlapping IP addresses.
translations using pools of
IP addresses to handle
overlapping IP addresses.
o MIPs provide one-to-one
IP mapping for internal
servers
servers
o VIPs provides mapping of
protocols from one public
external IP to multiple
internal private IPs based
on the port. Allows one IP
address to support Web,
FTP, e-mail and other
servers.
external IP to multiple
internal private IPs based
on the port. Allows one IP
address to support Web,
FTP, e-mail and other
servers.
Single patches that apply to the
platform, OS and applications
platform, OS and applications
Yes
Not possible if applications,
OS and hardware are not fully
integrated or from the same
vendor
OS and hardware are not fully
integrated or from the same
vendor
Ability to maintain the VPN
abstraction and continue to
leverage dynamic routing when
applying the firewall policy
abstraction and continue to
leverage dynamic routing when
applying the firewall policy
Yes, through Security
Zones
If the firewall policy requires
the use of IP addresses then
the management advantages
of dynamic routing are lost.
the use of IP addresses then
the management advantages
of dynamic routing are lost.
Tools and services to facilitate
migration from other Firewall/VPN
products
migration from other Firewall/VPN
products
Yes