| When is
SSL VPN a better choice than IPSec
VPN? |
Strengths
and weaknesses of IPSec
If you require
standard site-to-site VPNs, such as
between central and branch offices,
IPSec is an excellent choice. It's
a proven technology with powerful
security capabilities. IPSec, however,
is not optimized for mobile usage.
Firewall traversal is unreliable and
the user is tied to a specific machine.
In addition, an IT administrator has
to deploy and maintain the IPSec client
software on the users' devices.
Who
should use SSL VPN?
SSL VPN is
ideally suited for organizations with
many mobile users connecting from
varied locations. It provides employees
with enormous flexibility to access
the network from any location and
from Web-enabled devices such as laptops,
PDAs, and smart phones. For the IT
administrator, there's no client software
to maintain on the users' devices.
The
smart choice: Firebox SSL Core VPN
Gateway
With many
SSL VPN implementations, access is
limited to a small number of applications.
Firebox SSL Core VPN Gateway overcomes
this limitation and offers an in-office
user experience from any location.
Users can access any network resource
just as they would when connected
to a LAN. This, combined with its
robust security features, strong administrative
control, and unmatched ease of use
for both the IT administrator and
the user, makes it the smart choice
over other SSL VPN products.
Technology
Comparison
| Features |
IPSec VPN |
Other SSL VPNs |
Firebox SSL Core VPN Gateway |
| Complete network
access |
 |
limited and costly |
|
| All protocols supported |
|
|
|
| All applications
supported |
|
|
|
| In-office user
experience |
|
|
|
| Traverses any firewall |
|
|
|
| Clientless access
from anywhere* |
|
|
|
| Prevents worm traversal |
|
|
|
| Application-level
access control |
|
|
|
| Auto-updated, Web-deployed
client** |
|
|
|
| Always-on capability/persistent
connection |
|
|
|
| Leaves no information
behind on public kiosks |
|
optional purchase |
|
| Built-in desktop
sharing |
|
|
|
| Built-in endpoint
security out of the box |
|
|
|
| Supports &
optimizes UDP traffic, including
VoIP |
|
|
|
*In Kiosk
mode, authorized users have access
to Web-based and supported applications
from Web-enabled devices running JVM
v 1.2.4 or higher, whose browsers
support SSL in Java™ or Microsoft®
Windows® environments, such as
PDAs and smart phones. Such applications
include Citrix® ICA, Remote Desktop,
SSH, Telnet 3270 emulator, and VNC
clients. Web applications must support
Mozilla.
**In
Secure Access client mode, authorized
users connect using an auto-updating,
Web-deployed client to access any
application or network resource.
|
