![](http://pdfasset.owneriq.net/0/a2/0a264a8b-4171-49af-a66a-44da31b0ece9/0a264a8b-4171-49af-a66a-44da31b0ece9-bga.png)
FW/IPSec VPN Buyer’s Guide
Copyright © 2004, Juniper Networks, Inc. 10
Open source code
Safenet
No
The number of years the
solutions have been
available on the market
FW/VPN – June 1998
Deep Inspection/Intrusion
Prevention – Feb 2002
The applications that have
been recognized as best-of-
breed
FW/VPN/Deep Inspection
(Gartner Magic Quadrant)
All functionality managed
with the same console
FW/VPN/Deep Inspection
managed with same
interface/console
Simplifies deployment,
reduces chance for human
error that could result in
vulnerabilities
Built in features that protect
against tampering:
• Packaging sealed
with custom tape
• Uses tamper seals
to indicate
authenticity
• Hardware can
restrict remote
access via access
lists
• Access list creation
based on IP and
MAC addresses
• Hardware protects
against password
overrides
• Hardware uses
secure connections
for remote access
• Custom OS built for
security
• OS is hardened
• FIPs certified for
physical protection
of keys and
configuration, as
well as software
protection
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
• A custom OS is less
prone to known attacks
than a general purpose
OS
Guards against
vulnerabilities within the
system itself:
• The number of
different patches that
need to potentially
be applied
• The general purpose
systems or platforms
that are used
One, Juniper Networks
uses a single OS
None, purpose-built
appliance with custom OS
• Juniper Networks
NetScreen-Remote or
Juniper Networks
NetScreen-Secure
Access (SSL) for
remote/mobile users