Product was formerly called Eagle Raptor. It was initially
developed on UNIX platform. It was later ported to the NT
environment in early 1996.
| Description |
Raptor Firewall |
NetScreen-10 |
NetScreen-100 |
| Dimension |
Not Applicable |
17.5"W x 2.06"H x
10.8"D |
17.5"W x 2.06"H x
10.8"D |
| Weight |
Not Applicable |
8 pounds |
8 pounds |
| Hardware |
Not Applicable |
Integrated circuit board with
PowerPC processor |
Integrated circuit board with
Motorola RISC processor |
| Memory |
Not Applicable |
16 MB |
32 MB |
| serial port |
Not Applicable |
DB-15 console port |
DB-15 console port |
| PCMCIA card slot |
Not Applicable |
1 Type II PCMCIA |
1 Type II PCMCIA |
| Network Interface |
Minimum 2; supports Ethernet, FDDI, Token Ring and
Frame Relay |
Three 10BaseT ports |
Three autosensing 10/100BaseT ports
|
| Price |
Sold by number of users:
- 50: $?
- 100: NT $4018.89
- 200: $?
- Unlimited: $?
|
$11,000 to 12,000 (1 year HW
warranty included), Unlimited user licenses |
$23,600 to 25,600 (1 year HW
warranty included), Unlimited user licenses |
| Support Service |
Pricing
- FAQ,
documentation
and patches available for the public
- ROCS - Raptor Online Customer Support
- 8-8 Eastern Phone support
|
- FAQ, software update and patches available to
registered end users
- Email
- 8-6 PST phone support
|
Same as NetScreen-10 |
| Feature |
Axent Raptor |
NetScreen |
| Firewall Technology |
- Application Proxies for SMTP, DNS, SMB/CIFS,
NNTP, SQL*NET, HTTP, Gopher+ and Java filtering
|
- Dynamic Stateful Packet Filtering
- Circuit-Level Proxies
|
| Installation Procedure |
Prepared a system with Operating System (NT or
Solaris) installed and Network interface configured
first. Then, install the management software and
procedure is done thru the program interface only. |
- Command line interface thru serial console
- Web interface thru HTTP
|
| Operation mode |
- Network Address Translation with selective
transparent ability
|
- Transparent
- Network Address translation for Trusted network
only
- Network Address translation for Trusted network
and DMZ networks
|
| Optional third interface |
Yes (just another internal network) |
Yes (called DMZ) |
| Administration Interface |
network connection thru windows NT or Solaris program
|
- Command line interface thru serial console
- Network connection with TELNET
- Network connection with Web Interface to built-in
Web Server
- Secured network connection through IPSec VPN
tunnel
- Central Management System software
|
| Administrator Account |
password wiht Read Write privilege |
username and password with Read
Write privilege |
| Authentication |
- Built-in gateway password (NT or Solaris)
- Bellcore S/Key
- Security Dynamic SecurID
- Defender Hard and Soft Tokens
- CryptoCard
- RADIUS
- TACACS+
|
- Built-in authentication server supports up to
1600 users
- RADIUS-compliant authentication servers
- NT Domain User database support thru RADIUS
- SecureID (1.6)
|
| Outgoing Addressing Scheme |
- Virtual Client
- Server Transparency
|
- IP Mapping
- Network Addressing Translation
|
| Incoming Addressing Scheme |
|
Two methods:
- IP Mapping (one-to-one mapping) for all services
- Virtual IP (one-to-many mapping) for HTTP, HTTPS,
TELNET, FTP, SMTP and POP3
|
| Logging |
- Built-in log file
- RemoteLog program available in NT and Solaris for
secure remote log retrieval
|
- Built-in log file
- Syslog
- WebTrends syslog support (1.6)
- NS-Global Management System (1.6)
|
| Notification/Alert |
- email
- pager
- play audio recordings
- execute client program
- issue SNMP traps
|
- Email to 2 specific email addresses
|
| Firewall Attack |
- SYN flood
- Port scanning
- Automatic Port Blocking
- Automatic suspicious activity monitoring
- Spoof-checking for specified subnets
- Email content, virus, Java applets, ActiveX
screening
|
- Detect SYN Attack
- Detect Tear Drop Attack
- Detect Ping of Death Attack
- Detect IP Spoofing Attack
- Default Packet Deny
- Filter IP Source Route Option
- Java/Active X Blocking
|
| URL Blocking |
Additional cost - WebNOT |
Additional cost - WebSense by
NetPartners |
| SNMP Support |
Yes |
MIB-II Support |
| Traffic Shaping |
for RealAudio traffic only |
Included |
| Load Balancing |
None |
Included with 100 |
| Redundancy |
Yes with NT version only |
Yes with 100 |
| VPN |
- support SWIPE with
- RC2
- DES (not in French version)
- support IETF IPSec with
- DES and Triple-DES
- static key
- IKE dynamic key
|
Support IETF IPSec with
- Key Management
- IKE with preshared keys
- manual key management
- ESP Encryption Algorithm
- 40-bit DES
- 56-bit DES
- Triple DES (US version only)
- ESP Authentication Algorithm
- HMAC MD5
- HMAC SHA-1 (1.6)
|
| VPN Remote Client |
called RaptorMobile
- available in 95/98/NT
- supports IETF IPSec
|
called NetScreen Remote
- Available in 95/98/NT
- Supports IETF IPSec
- Supports 56-bit DES
|
| Central Management |
RMC - Raptor Management Console |
NetScreen Global |
| Performance |
Unknown |
Network InterOp KeyLabs Firewall
Test:
- Best performance number at 64 clients
- 4123.3 connections/sec
- Best price/performance ratio
- Low latency
|
| ICSA Certified |
Yes |
Yes |
| Year 2000 Compliance |
Yes |
Yes |
| Award |
|
- KeyLabs'
Top Honors for ease of configuration and
price/performance ratio.
- Tester's Choice Award from Data Communication for
traffic management feature on 11/98
- Tester's Choice Award from Data Communication for
Firewall on 5/99
|
| |
Axent Raptor Weakness |
NetScreen Strength |
| Operating System Vulnerability |
NT and Solaris have known network related
vnlerability that required constant patching.
Vulnerability Example: NT / Solaris |
Proprietary Operating System with
very minimal networ k stack and application level support
|
| Supported Hardware Problem |
Very complicated. Axent has to post a list of supported
hardware to help the end useres out. |
It is a turn-key solution; no
hardware compatibility and preparation problem. |
| Transparent mode |
Awkward way to support transparent mode by defining
Server and Client Transparency Entities |
Simply defined the IP address for
administration |
| Installation preparation |
Takes a long time. End user has to make sure the
Operating System is configuration correctly with network
support and necessary patches are installed. |
Such preparation work is
unnecessary |
| Firewall Policy Matching Performance |
Implemented in software. The speed is totally
depended on the CPU speed. 15 policies cut the
performance more than 50%. |
Implemented on a custom-designed
chipset. Supports up to 4000 policies with wirespeed
performance. |
| VPN performance |
Implemented by software in network driver level. The
speed is depended on the CPU speed and traffic load |
Encryption function is implemented
on a custom-designed chipset |