Full Text

While security vendors will sell you wares for any logical layer and all possible locations on your corporate network, IP Security-- based VPN gateways have emerged as the most popular class of product for setting up secure, site-to-site connections.

In our evaluation of 13 products in this market, we looked at the standard manageability, performance and enterprise-focused feature criteria, but we also added a new series of interoperability tests to the mix.

In all, it was an astonishingly close race. No one product stood out as the winner across all categories. This give-and-take is reflected in our scorecard, where more than half the products are within a point of each other in the final tally Due to the extremely close scoring, we will not be awarding a Blue Ribbon Award for this test. Because of ambiguities in the IPSec standard specification, not every vendor's product will work with every other vendor's gear - even though each might have a 11 correct" protocol implementation. That makes interoperability one of the greatest challenges for VPN vendors.

We set up a hypothetical security policy for a large, multisite network and evaluated how well each VPN product could fit into that network. With multiple data centers and branch offices with switches, routers and firewalls, our test bed was designed to resemble a standard enterprise data services network.We tested interoperability of each product against every other VPN product, both in setting up initial secure connections and in maintaining long-term operation over a matter of days. Specifically, we rated how each product worked with the others, worked with our certificate authority and with popular VPN client software, and how well each handled different VPN authentication methods.

An important part of our evaluation was making products work in a full mesh.While almost every VPN vendor can do bake-off style interoperability (where they successfully negotiate a security association with one other vendor), we wanted to see what network professionals would be faced with trying to pin together a true multivendor network securely.

Our top interoperability category rating went to Secure Computing's Sidewinder. Right behind Sidewinder were products from Avaya, Check...