Juniper Networks 710008-001 User Manual
FW/IPSec VPN Buyer’s Guide
Copyright © 2004, Juniper Networks, Inc. 6
Quick Checklist
This section builds upon the framework for evaluating firewall and VPN products that was described in the previous
section, providing a quick checklist of some of the top questions to pose in each criteria category. For more in-
depth questions that enable a side-by-side comparison of different solutions, go to the Detailed Buyer’s Checklist
that follows this section.
1.
section, providing a quick checklist of some of the top questions to pose in each criteria category. For more in-
depth questions that enable a side-by-side comparison of different solutions, go to the Detailed Buyer’s Checklist
that follows this section.
1.
Provide Strong Security
• Does the solution integrate best-of-breed technologies?
o How long have the technologies been in the market?
o Are there any third party verifications of viability available?
o Are the technologies based on open source solutions?
o Are there any third party verifications of viability available?
o Are the technologies based on open source solutions?
• Does the solution provide strong access control – stateful inspection?
• What kind of user authentication does the solution support?
• What network-level attacks does the solution protect against?
o DoS attacks
o DDoS attacks
o DDoS attacks
• Does it have the ability to make determinations on whether to allow or deny traffic based on application-
layer information?
o What kind of application-level attacks can it detect?
o What kind of application-level attacks can it prevent?
o What kind of application-level attacks can it prevent?
• What kind of encryption does the VPN support?
• Can the solution apply policies to internal traffic to establish additional layers of trust and contain
attacks?
• What type of security certifications does the product have?
• What kind of platform is the solution built on?
o Is it a general-purpose platform that could introduce security risks?
• Can the solution scale to meet the different security needs of small to large sites?
2.
Offer Predictable Performance
• What are the performance (large and small packet size) capabilities of the solution to ensure that
performance remains predictable?
• What has the solution done to optimize its traffic processing?
• How does the solution minimize latency to ensure real-time applications are not degraded (e.g. VoIP)?
• How does the solution handle very fast session ramp rates to protect against DoS attacks?
• How does the architecture of the solution enable performance under load?
• How does the solution handle multiple concurrent sessions to ensure user connectivity is not lost or
slowed?
• How does the solution accommodate additional functionality, without degrading performance?
• How does the solution accelerate the VPN negotiation to set up the VPN tunnels to make the time
imperceptible to the user?
• How can the solution quickly create and then maintain VPN tunnels to ensure they are always available
for the user?