![](http://pdfasset.owneriq.net/0/a2/0a264a8b-4171-49af-a66a-44da31b0ece9/0a264a8b-4171-49af-a66a-44da31b0ece9-bg7.png)
FW/IPSec VPN Buyer’s Guide
Copyright © 2004, Juniper Networks, Inc. 7
3. Deliver a high level of fault tolerance to ensure the solution is always available
• Does the solution support high availability (HA) configurations, including active/active, full mesh, to
reduce the chance of a single point of failure?
• Does the HA solution maintain both session and VPN state information to ensure that both the
connection and VPN security association are maintained in the event of a failure?
• Can the solution take advantage of dynamic routing as part of VPN resiliency?
• Can the solution support redundant paths? If so, what kind – multiple ISPs, dial back-up?
• What redundancy features have been built into the VPN configuration?
• What are the mechanisms used to minimize fail-over latency and ensure maximum uptime?
4. Offer ease of use and management.
• Are there multiple ways to interact and manage the system?
• How easy is it to perform management tasks?
o Can device, network and security configurations be managed using the same interface?
• Does the system grant different people in the organization different access privileges?
o How does the system ensure that people are only accessing what they need to access?
o How easy is it to set up or change a role to ensure access privileges map to current
employee activity?
• How quickly can changes be made in a large distributed network?
• Are there configuration templates to simplify deployments?
o How easy is it to customize the template information for specific site deployments?
• How easy is it to troubleshoot problems?
o Is there a way to roll back to a previous configuration if changes affect the connectivity of
the solution?
• How much manual intervention is needed when a VPN connection goes down?
• Can firewall policies be easily applied to VPN traffic, without a lot of additional configuration?
• How easy is it to add a network to the VPN?
• How easy is it to configure complex VPN configurations, such as a hybrid full-mesh and hub and
spoke?
5. Enable quick and simple deployment and installation
• Are there different options that accommodate administrator preferences for installing and configuring
the system?
• What kind of platform is the solution running on?
o Is the solution based on a general-purpose platform?
o Is the solution delivered as an appliance for easy deployment?
• How easy is it to deploy a device in the field?
o What level of technical expertise is required?
o Can it be managed centrally?
• Does the solution have a transparent deployment mode that does not require routing changes to the
network?
• What routing protocols does the solution support?
• What networking features does the solution support to facilitate a timely deployment?
• How are patches applied?