Competitive Analysis

Document Sample
Competitive Analysis Powered By Docstoc
					                                        Computer Associates Competitive Brief
Publicly traded Computer Associates is a $3 billion provider of system management software with over 1,000 products. Ab
it's revenue comes from the mainframe market. CA markets the eTrust line of security products which generate roughly $2
million, or less than 8% of revenue. eTrust branded products supply a wide range of different functionality including identity
management, virus protection, intrusion detection and firewalling. CA's strategy has been to leverage it's strength in system
management to increase penetration in other market segments like security. This has focused it on the high-end of the ma
The management-centric approach to increasing penetration appears to be having limited success in the security market,
has sold only 30 of it's eTrust Security Command centers. Although CA has a large installed customer base and substanti
resources, security revenues are modest, and are spread across many products, resulting in an offering that is not conside
market-leading.

               CA Weakness                                      Astaro Approach




No integrated anti-virus solution. Only host- ASL includes an integrated network anti-virus
based AV solution offered as part of the      solution with automatic networked updates
Secure Content Manager product.               which catches viruses on the firewall itself.


No integrated URL filtering. URL filtering        Integrated content filtering with extensive
offered as part of a separe Secure Content        automatic URL category updates is built into
Manager product.                                  ASL.

                                                  Both proxy servers and stateful packet
No application level/proxy security.              inspection are integrated in a single product.


Very complex cumbersome architecture with         All functionality is built into a single system,
separate applications for the administrative      installs on a single firewall, managed by a
interface, policy server application, firewall.   single interface and explained in a single easily
Requires JRE and Unicenter frameworks.            readable manual.

Unlike every other vendor no integrated VPN
gateway. Separate product which CA
recomends putting on a different server for
performance reasons.                        Astaro includes an integrated VPN gateway.
                                            Astaro provides a single simple administrative
Complex management structure: Firewall      interface for all functions (WebAdmin), and
admin application, Secure Content Manager, allows users to utilize a single centralized
eTrust Security Command Center and          management system as the number of devices
Unicenter.                                  grows (ACM).
                                            Astaro includes web caching, QoS, load
                                            balancing, high availability and numerous other
                                            features designed to maximize performance
No performance management features.         and availability.
      Claimed Astaro Weaknesses                                   CA Approach
                                           Use Unicenter as overall management
No overall management framework and        framework, which also integrates CA's security
integration                                products.




                                           CA has separate policy management and
Not a distributed architecture, which is   administrative applications that can support
needed by large customers.                 multiple firewalls.



Confidential: not for external distribution
We welcome any comments or corrections with respect to this material.
Please include specific pointers to literature or websites when providing feedback to info@astaro.com.
Last update: 01.12.03
mpetitive Brief
 agement software with over 1,000 products. About half
e of security products which generate roughly $240
e range of different functionality including identity
ategy has been to leverage it's strength in system
y. This has focused it on the high-end of the market.
e having limited success in the security market, where it
 s a large installed customer base and substantial
 ducts, resulting in an offering that is not considered


                          Customer Implication


              A host-only approach is expensive and insecure
              because it lets viruses get to the desktop
              causing numerous service calls. If the desktop
              has had AV turned off to speed up response
              time, has been misconfigured or is not updated
              viruses will get through. Customer should have
              desktop AV behind network AV, with network
              AV being the primary line of defense.

              Having separate products is expensive from a
              software and hardware purchase perspective,
              as well as from a training, management,
              integration and maintenance perspective.
              With ASL contents of packets are inspected for
              viruses and malicious code vastly enhancing
              security.


              Separate installations, integrations, licenses
              and management to worry about. Increases
              up front and operating cost. Increases chance
              of security vulnerability.

              Customer must buy another software product
              and server, train their staff, update and
              adminster another product, resulting in higher
              up-front and operating costs.


              Astaro focuses on ease of use and security
              specific functionality, lowering operating costs
              and increasing security.
              Customer must buy additional products, train
              their staff, update and adminster through
              different interfaces, resulting in higher up-front
              and operating costs.
                             Astaro Rebuttal
            Astaro preintegrates the key security software
            required by customers, unlike CA's offering
            which does not include all the basic security
            functions. As such customers will have to buy
            and separately mange those functions. Astaro
            also provides ACM for centralized management
            of multiple security devices. This product is
            simplier to use and more powerful than CA's,
            while supporting third party security devices
            unlike the CA offering. CA's management
            framework is focused on non-security functions
            often managed by different individuals.

            Astaro has an excellent solution for large
            customers: ACM. This solution allows
            centralized management of multiple devices
            without the complexity of the CA architecture.
            Single integrated firewall application. Single
            integrated ACM application. More powerful
            features, easier to manage.




edback to info@astaro.com.
                                           Secure Computing Competitive Brief
Founded in 1989, Secure Computing is an $80 million publicly traded company offering firewall/VPN, authentication and co
filtering products. In recent years they have lost share, suffering from poor usability, poor marketing, poor channels relatio
confusing product lineup. The company has been in a turnaround situation for the last 3 years. Over 50% of sales come f
firewalls, with their biggest strength being sales to the federal government, which makes up 25% of total sales. SCUR is b
to migrate customers of the Gauntlet firewall which it acquired from NA in 2002 to the Sidewinder product, providing an opp
for Astaro to demonstrate a superior alternative. They recently acquired N2H2, which was focused on providing content filt
the education/government markets. This will add to their product positioning issues and provide another product migration
opportunity for Astaro. Content filtering and 3A products are each about 25% of sales. SCUR's 3A products are not marke
leading, and do not appear to be an area of investment for the company. Approximately 40% of SCUR's sales come from
sales force.

      Secure Computing Weakness                                 Astaro Approach
Cumbersone configuration; Windows-based
configuration application, with configuration
transferred by diskette to firewall. Separate
Windows application required to manage
firewall(s) on on-going basis.                    Firewall directly configured via any browser.




                                                  ASL includes integrated anti-virus solution with
                                                  automatic networked updates which catches
No anti-virus solution.                           viruses at the perimeter for all systems.

                                                  Integrated spam filtering built into ASL. No
                                                  separate server, software update service,
No spam filtering.                                installation or administration required.
                                                  Astaro includes QoS management and load
                                                  balancing in the product, allowing performance
No performance management - QoS, load             to be optimized without the cost of additional
balancing (third party solutions only)            products.

Locked into inferior URL blocking technology Has selected best of breed URL blocking from
from sister division. Manually compiled URL  Cobion. 1,000 servers constantly classify
                                             URL's, resulting in a 300%+ large
block lists; small database listing; can't keep
up with changes in URL's.                    classification, with support in 11 languages.
                                             Provides a much more affordable price, even
                                             selecting hardware which has better
Expensive, particularly at low and mid-range performance than Sidewinder.
       Claimed Astaro Weaknesses                                SCUR Approach
                                                  Utilize a hardened Unix operating systems,
                                                  application proxies and securing middleware
Astaro firewall not as secure.                    layer to provide superior security.



Confidential: not for external distribution
We welcome any comments or corrections with respect to this material.
Please include specific pointers to literature or websites when providing feedback to info@aglais.com.
Last update: 03/10/03 -
 etitive Brief
pany offering firewall/VPN, authentication and content
  usability, poor marketing, poor channels relations and a
  for the last 3 years. Over 50% of sales come from
 which makes up 25% of total sales. SCUR is busy trying
 002 to the Sidewinder product, providing an opportunity
2H2, which was focused on providing content filtering to
 g issues and provide another product migration
5% of sales. SCUR's 3A products are not market
Approximately 40% of SCUR's sales come from a direct


                         Customer Implication



               Astaro's approach requires less labor, is less
              cumbersome, and allows personnel to respond
                     to incidents much more quickly.

              With NetScreen customer must select, deploy
              and separately manage anti-virus solutions on
              desktops/servers, increasing support costs and
              greatly increasing the probability of business
              damage from viruses.

              With ASL customer saves cost of additional
              server, installation, maintenance, separate
              administration and debugging.




              Better performance, lower cost.




              Effective enforcement of acceptible Internet
              Usage policy.


              Significant cost savings.
                             Astaro Rebuttal
              Astaro utilizes a similar approach; with a
              hardened version of Linux, middleware and
              application proxies to deliver best-of-breed
              security performance.




edback to info@aglais.com.
                                                 Microsoft Competitive Brief
Microsoft is of course the dominant player in the software industry. With their focus on ensuring the company successfully
the transition to an Internet-based computing model, the company recognized the need to concern themselves with Interne
security. In 2001 they entered the software firewall market with their Internet and Security Acceeration (ISA) server produc
got off to a slow start, but appears to have gained traction in applications related to protecting the large base of installed m
web servers. This is the main marketing focus of their ISA efforts now. They will try to sell the product as a corporate firew
solution, or failing that, as a complementary application level firewall for MS applications, or alternately as a separate soluti
DMZ servers. As you might expect, ISA is extremely tightly integrated with other Windows products; which can be an adva
all-Windows shops, and is a knock-out in mixed shops. Althought the product continues to make progress, the distractions
by a need to focus resources on fixing security issues in core product lines, combined with the subservience of this produc
larger revenue generators has hampered Microsoft's competitiveness as a standalone product. The recently announced "S
The Perimiter" initiative places a focus on perimiter defense which was previously lacking, and may result in greater focus

           Microsoft Weakness                                 Astaro Approach


No anti-virus solution. Sample proxy code       ASL includes an integrated, fully supported anti-
used to vector to custom developed or third     virus solution with automatic networked
party solution.                                 updates.

No integrated URL filtering; only sample        Integrated content filtering built into ASL. No
proxy code used to vector to third party        separate software update service, installation
filter.                                         or maintenance interface required.
Doesn't include hardened OS; install on
standard OS and use wizards and manual
labor to harden. ("Harden your servers by
using information from white papers,            Pre-hardened version of Linux included with
checklists, and tools, such as IISLockdown      ASL. No hardening required; no separate
and URLScan.")                                  installation.

                                             All functionality, including management is built
Complex to install and manage: client        into a single system, managed by a single
software on PC's, Active Directory, MMC with interface and explained in a single easily
snap-in, 3rd party snap-ins.                 readable manual. No client software.
                                             Astaro has published performance benchmarks
                                             that align with other leading vendors, and show
Questionable performance. No alignment       an ability to deliver excellent software
with standard firewall measurements.         performance.
                                             Astaro includes the functionality of ISA, plus
                                             much more, leveraging the open source
Expensive when you consider the need to      community to deliver lower cost, higher
buy Windows server.                          security and broader functionality.
      Claimed Astaro Weaknesses                             Microsoft Approach
Firewall products focus on SPI and packet
filtering, allowing today's application layer   Microsoft includes application level scanning for
attacks through.                                SMTP, HTTP, RPC and XML attacks.




                                                Microsoft fully integrates ISA with Active
Lack of integration with Microsoft products.    Directory, MMC, client software, etc.



Confidential: not for external distribution
We welcome any comments or corrections with respect to this material.
Please include specific pointers to literature or websites when providing feedback to info@astaro.com.
Last update: 03.12.03
 eir focus on ensuring the company successfully made
zed the need to concern themselves with Internet
 et and Security Acceeration (ISA) server product, which
elated to protecting the large base of installed mail and
 ey will try to sell the product as a corporate firewall
S applications, or alternately as a separate solution for the
  other Windows products; which can be an advantage in
uct continues to make progress, the distractions caused
  combined with the subservience of this product line to
 standalone product. The recently announced "Securing
 viously lacking, and may result in greater focus on ISA.

                         Customer Implication

              Customer must select, deploy, debug and
              separately manage anti-virus solution.
              Increases up-front and support costs, as well
              as increasing the probability of security lapses.

              Customer saves cost of additional software
              application, installation, debugging and
              maintenance.




              Much higher security. Lower installation and
              maintenance costs.


              Lower cost: Less labor to maintain; fewer
              problems/user downtime, less training, lower
              skill level required for administrators.


              Customers can understand the type of
              throughput/performance they can expect.


              Lower purchase and annual operating costs,
              with higher functionality.
                             Astaro Rebuttal
              Unlike other firewalls Astaro includes
              application proxies and services. Proxies also
              include POP.


              Astaro's approach is to make security simple to
              implement and manage. As a result we
              integrate to key portions of Microsoft
              infrastructure required to achieve this, such as
              MS Active Directory, but avoid integration
              which is unnecessarily complex.
edback to info@astaro.com.
                                                                NexServer Competitive Brief
NexServer is a small privately held US organization of unknown heritage. Their web site lists no founding dates, history, cu
installed base or other track record. According to the Reference USA corporate profile, they are under $1 million in sales,
credit rating. They have embarked upon a highly unusual product strategy of attempting to combine firewall, mail server an
functionality into one box! As such, they are focusing on offices with 5 to 15 people. They are using Red Hat Linux and F4
functionality; the heritage of the significant amount of other software being delivered is not revealed.

               NexServer Weakness                                            Astaro Approach

Lack of a dedicated firewall system or appliance          Astaro installs it's software on a dedicated hardware
means that numerous services, ports and doors must        platform. This enables the platform to be secured with a
be running and open to provide functionality required     hardened operating system. All non-essential services
for the many applications NexServer provides (email,      and ports are locked down, ensuring no backdoors can be
calendaring, printing, etc.)                              exploited to bypass security.

No performance data published. Single platform
shared for firewall, email services, pile and print       Astaro publishes performance data so users can
sharing, making performance problematic for all but       determine the throughput and number of connections that
the very smallest enterprises (they target offices of 5   can be supported. Use of a dedicated platform ensures
to 15). Predicability is problematic because of           that that throughput will not suddenly be diminshed by
unknown loading for each of these diverse                 another application, and provides a practical means of
applications.                                             measuring performance.

                                                        Astaro includes basic protection against attacks such as
                                                        portscans, masquerading and anti-spoofing, as well as
                                                        basic functions such as PAT, logging and reporting. In
                                                        addition a rich set of features including: 1) autobackup
                                                        and restore 2) QoS 3) load balancing 4) authentication
Very limited security feature set, including very basic 5) real-time monitoring and 6) cookie/java/activeX
security functionality.                                 filtering are provided.




                                                        Astaro focuses exclusively on security, delivering a
                                                        platform the integrates best-of-breed security
                                                        applications. Customers can pick their hardware platform,
NexServer is proprietary software environment           and updgrade without throwing out the software. Astaro
encompassing mail, file and print services, in addition places no restriction on the applications that run in
to security functionality.                              conjunction with it.
                                                        Astaro provides true URL filtering, classifying millions of
Very limited URL filtering; only manually entered       web pages into categories, updating them regularly and
white and black lists supported.                        allowing blocking by category.


                                                          Integrated spam protection utilizing 3 different techniques
Limited spam protection using RBL only.                   to block unsolicited email.

                                                          Updates can be scheduled automatically ensuring software
No automatic software update service.                     is kept up to date.


          Claimed Astaro Weaknesses                                        NexServer Approach
Seperate box to administer                        One server for office applications and security



Confidential: not for external distribution
We welcome any comments or corrections with respect to this material.
Please include specific pointers to literature or websites when providing feedback to info@aglais.com.
Last update: 20/08/03 -
 no founding dates, history, customer references,
are under $1 million in sales, and have an unknown
ombine firewall, mail server and file and print server
e using Red Hat Linux and F4 software for some of their
vealed.

                         Customer Implication

             The Astaro platform provides the high security
             required for a firewall application. The
             NexServer platform is vulnerable, exposing
             corporate assests and employee productivity to
             attacks.


             No way to predict whether NexServer will
             provide adequate performance, or how that
             performance will change with the changing
             application loads. User productivity is risked
             for minimal to no savings on a standard PC
             hardware platform.




             Customers get all the security features they
             need, plus features that will reduce operational
             costs and increase performance.

             Most customer want freedom to choose their
             office infrastructure applications seperately
             from their security applications. Each of these
             are very different domains, served by
             companies with large skilled staffs. It is
             doubtful one small company can deliver
             competitive functionality in all these domains.
             The NexServer approach does not allow
             customers to pick best-of-breed applications, or
             use popular application like Outlook. When the
             customer grows, they need to repurchase all
             the hardware and software again.
             Productivity can be enhanced and legal
             liabilities limited by providing an effective tool
             for enforcing Internet policies.
             No single technique is effective in blocking
             spam. Multiple techniques will yield the lowest
             amount of spam, increasing employee
             productivity.


             Better security, and lower operations cost.


                            Astaro Rebuttal
NexGen has separate menu's for security
functions, which are not fully integrated with
other components, so this is not true in
practice, although they may reside on the same
GUI.
                                                    Cisco Competitive Brief

Publicly traded Cisco Systems is a $19 billion provider of networking equipment. It markets the PIX line of integrated firew
appliances, along with VPN, intrusion detection and management systems. Cisco's strength lies in the fact that it is able to
firewalls along with routers and other networking devices, a market in which it is dominant, to customers seeking a single
solution. This market reach has enabled it to become the number two supplier of firewalls, although it's products are not p
to be market leading. However security remains inconsequential in Cisco's overall financial picture. The company's broad
growing product line makes an integrated security offering and acceptable customer service increasingly challenging to de

             Cisco Weakness                                  Astaro Approach


                                               ASL includes an integrated anti-virus solution
No anti-virus solution. Vector to separate     with automatic networked updates which
3rd party box.                                 catches viruses on the firewall itself.

                                               Integrated content filtering built into ASL. No
No integrated URL filtering; only vectoring to separate server, software update service,
third party filter on separate server.         installation or maintenance interface required.

                                               Both proxy servers and stateful packet
No application level/proxy security.           inspection are integrated in a single product.


                                              All functionality is built into a single system,
                                              installs on a single firewall, managed by a
Complex; 6 manuals plus numerous third        single interface and explained in a single easily
party product required for complete solution. readable manual.




Management offerings do not support all        Management products support all functionality
devices and functions.                         and devices.
                                               Astaro leverages the development skills of the
                                               vast open source market to bring customers
                                               world-class security software more rapidly and
Expensive!                                     at lower prices.
      Claimed Astaro Weaknesses                               Cisco Approach




                                               SAFE security blueprint for all network devices
No overall security framework and              plus AVVID security partners to fill in needed
integration                                    3rd party functionality




Software solutions require complex error
prone installation and configuration.          Integrated hardware and software product.
Confidential: not for external distribution
We welcome any comments or corrections with respect to this material.
Please include specific pointers to literature or websites when providing feedback to info@aglais.com.
Last update: 03/03/17
ment. It markets the PIX line of integrated firewall
  Cisco's strength lies in the fact that it is able to market
h it is dominant, to customers seeking a single vendor
plier of firewalls, although it's products are not perceived
 overall financial picture. The company's broad and
customer service increasingly challenging to deliver.

                          Customer Implication
              Customer must select, deploy, debug and
              separately manage anti-virus solution on a
              separate system. Increases platform costs,
              support costs and increases the probability of
              security lapses.

              Customer saves cost of additional server,
              installation, debugging and maintenance.
              Significant!
              With ASL contents of packets are inspected for
              viruses and malicious code vastly enhancing
              security.

              Many part numbers to order from Cisco and
              partners. Separate installations, integrations,
              licenses and management to worry about.
              Increases up front and operating cost.
              Increases chance of security vulnerability.

              With Cisco, management is more cumberson
              and error prone, since CSPM does not support
              all the PIX commands, and users (VPN clients
              need to be separately managed via CLI)


              Significantly lower purchase and annual
              operating costs, with higher functionality.
                             Astaro Rebuttal
              Astaro preintegrates the key security software
              required by customers. They do not have to
              spend the time and money to do that
              themselves. AVVID is a clumsy way of
              patching in missing PIX functionality. SAFE blue
              print is so vast that it always lags the reality of
              today's threats and is extremely complex.
              Integration achieved is not sufficient for daily
              needs.

              Simple CD based installation requires customer
              to only configure security parameters, no
              operating system or hardware configuration
              required. Integrated configuration approach to
              security services is much quicker and easier
              than Cisco's approach of configuring each
              service separately, normally thru a command
              line interface.
edback to info@aglais.com.
                                   Check Point Technologies Competitive Brief
Check Point is the largest security vendor with a revenue run rate of roughly $450M. It's strength has traditionally been larg
enterprises; although it participates in all segment to varying degrees by virtue of the fact that it was an early player in the m
Check Point is experiencing pressure at both the high and low end of the market by more specialized suppliers. It's busin
model is to supply software only, partnering with appliance vendors who bundle the Checkpoint software with their hardwar
(although this is changing as Check Point has moved into hardware targeted at the low end of the market through a wholly
subsidiary). Checkpoint has relied extensively on a pool of loosely coupled partners for functionality beyond basic stateful
inspection; a strategy which is becoming a weakness as security issues become more complex.

         Check Point Weakness                                Astaro Approach




                                               ASL includes an integrated anti-virus solution
No anti-virus solution. Vector to separate     with automatic networked updates which
3rd party box.                                 catches viruses on the firewall itself.

                                               Integrated content filtering built into ASL. No
No integrated URL filtering; only vectoring to separate server, software update service,
third party filter on separate server.         installation or maintenance interface required.

                                               Both proxy servers and stateful packet
No application level/proxy security.           inspection are integrated in a single product.
                                               All functionality is built into a single system
                                               (including the operating system), installs on a
                                               single firewall, managed by a single interface
                                               and explained in a single easily readable
                                               manual. 2 days training, or 3 days 3h
Old, complicated architecture.                 webbased training.
                                               Astaro leverages the development skills of the
                                               vast open source market to bring customers
                                               world-class security software more rapidly and
Expensive!                                     at lower prices.
      Claimed Astaro Weaknesses                           Check Point Approach




Not as many predefined applications and
services.                                      Over 300 predefined applications and services.




                                               OPSEC framework to integrate 3rd party
No OPSEC framework and partners.               applications.
Confidential: not for external distribution
We welcome any comments or corrections with respect to this material.
Please include specific pointers to literature or websites when providing feedback to info@aglais.com.
Last update: 12/4/02 -
ompetitive Brief
 y $450M. It's strength has traditionally been large
 tue of the fact that it was an early player in the market.
market by more specialized suppliers. It's business
 ndle the Checkpoint software with their hardware
ed at the low end of the market through a wholly owned
  partners for functionality beyond basic stateful packet
 come more complex.

                          Customer Implication
              Customer must for Checkpoint select, deploy,
              debug and separately manage anti-virus
              solution on a separate system. Increases
              platform costs, support costs and increases
              the probability of security lapses. With ASL,
              customer saves cost of additional server,
              installation, debugging and maintenance.
              Significant!

              Customer saves cost of additional server,
              installation, debugging and maintenance.
              Significant!
              With ASL contents of packets are inspected for
              viruses and malicious code vastly enhancing
              security.
              Many part numbers to order from Check Point
              and partners. Separate installations,
              integrations, licenses and management to
              worry about. 5 to 12 days training
              recommended. 14 manuals, 20 configuration
              guides.

              ASL provides significantly lower purchase and
              annual operating costs, with higher
              functionality.
                             Astaro Rebuttal
              Checkpoint lacks the basic services necessary
              for security today, including application level
              proxies, integrated anti-virus, URL filtering,
              etc. Any pre-defined applications Astaro does
              not support out of the box can be defined by
              the user without significant effort. There are
              only a small number of dedicated security
              applications, where the additional Checkpoint
              functions are needed.

              Astaro preintegrates the key security software
              required by customers. Customers do not
              have to spend the time and money to do that
              themselves, plus avoiding the overhead of
              additional hardware and Operating System
              maintenance. OPSEC is a clumsy way of
              patching in missing functionality.
edback to info@aglais.com.
                                       NetScreen Technologies Competitive Brief

NetScreen Technologies is an unprofitable publicly traded company with 330 employees and a revenue run-rate of roughly
It's focus is selling firewall appliances to the very high end of the market (F1000 data centers and carriers) based upon the
performance characteristics of it's GigaScreen custom ASIC chips. It is attempting to move downward into the SME marke
expanding it's share in the high-end. NetScreen markets appliances based upon it's own proprietary hardware, OS and so

           NetScreen Weakness                                 Astaro Approach



                                                ASL includes integrated anti-virus solution with
                                                automatic networked updates which catches
No anti-virus solution.                         viruses at the perimeter for all systems.

                                                Integrated content filtering built into ASL. No
No integrated content filtering; only vectoring separate server, software update service,
to third party filter on separate server.       installation or administration required.

                                                Both proxy servers and stateful packet
No application level/proxy security.            inspection are integrated in a single product.

No automatic software update and                On-line updates to firewall software, virus
notification service.                           patterns, URL lists.


No spam protection.                             Integrated spam protection.
No internal digital certificate service. Must
purchase and configure third party solutions    ASL includes an integrated certificate authority
for PKI.                                        as well as support for 3rd parties.

                                                Customer can use existing hardware platform.
                                                Much more functionality included. Even with
                                                purchase of a new platform Astaro solution
More expensive.                                 yields significant savings.
                                                Although Astaro does not compete against
                                                NetScreen's Top model, ASL provides higher
                                                performance in the price bands in which it
Performance.                                    competes.




Proprietary Hardware Platform.                  Customer selects appropriate platform.
      Claimed Astaro Weaknesses                             NetScreen Approach




Software solutions not as fast.                 Utilize proprietary ASIC in appliance.




Software solutions require complex error
prone installation and configuration.           Integrated hardware and software product.
Confidential: not for external distribution
We welcome any comments or corrections with respect to this material.
Please include specific pointers to literature or websites when providing feedback to info@aglais.com.
Last update: 12/4/02 -
mpetitive Brief

 30 employees and a revenue run-rate of roughly $150M.
1000 data centers and carriers) based upon the
 empting to move downward into the SME market while
d upon it's own proprietary hardware, OS and software.

                        Customer Implication
             With NetScreen customer must select, deploy
             and separately manage anti-virus solutions on
             desktops/servers, increasing support costs and
             greatly increasing the probability of business
             damage from viruses.

             With ASL customer saves cost of additional
             server, installation, maintenance, separate
             administration and debugging. Significant!
             With ASL contents of packets are inspected for
             viruses and malicious code vastly enhancing
             security.

             Astaro reduces administrative burden and risk
             of security breach due to old software.
             Eliminate one of the largest productity wasters
             without incurring incremental hardware and
             software costs.


             Less cost, administration and faster start-up.

             Savings on initial purchase become even
             greater over the life time when upgrades and
             recurring annual fees and administrative costs
             are considered.


             Less need to upgrade hardware as traffic
             increases, better performance.
             No need to throw away software when
             upgrading platform, improved platform choice,
             lower hardware costs, existing platforms can
             be upgraded.
                            Astaro Rebuttal
             Software approach allows choice between
             numerous platforms that are increasing in
             performance and decreasing in price rapidly
             due to volume.

             Simple CD based installation requires customer
             to only configure security parameters, no
             operating system or hardware configuration
             required. Integrated configuration approach to
             security services is much quicker and easier
             than NetScreen's approach of configuring each
             service separately.
edback to info@aglais.com.
                                             SonicWALL Competitive Brief
SonicWALL is a publicly traded company with annual revenues in the low $100M range and roughly 450 employees. It
been the market leader in the SOHO firewall segment, with recent attempts to broaden it's product offerings (SSL, VPN
consulting) and market presence (large enterprises) yielding less than satisfactory results. Although SonicWALL has b
attempting to increase it's international sales, it's share outside the U.S. remains noticeably lower than it's U.S. share.
SonicWALL markets integrated software/hardware appliances based upon proprietary ASIC-based hardware design an
It's low-end hardware and software heritage severely restricts functionality, and has lead to a packaging strategy of
aggressively unbundling and separately pricing functionality, though market pressures are changing this.

           SonicWALL Weakness                              Astaro Approach
                                             Virus scanning carried out on firewall ensuring
                                             virus do not penetrate perimeter and avoiding
No integrated virus protection. 3rd party    separate installation and maintenance on all
Windows-only service utilized.               clients.

                                             Both proxy servers and stateful packet
No application level/proxy security.         inspection are integrated in a single product.
                                             Included numerous easy to use features such
                                             as spam filtering, web caching, automatic
Limited feature set.                         backup, load balancing, etc.

                                             Customer can use existing hardware platform.
                                             More functionality bundled; fewer extra
                                             charges. Even with purchase of a new platform
                                             Astaro solution will typically yield significant
                                             savings when all options and superior
More costly.                                 performance are considered.

                                             Customer selects appropriate off-the-shelf
Proprietary bundled hardware platform with   platform and reinstalls on faster platform when
limited performance.                         more performance is necessary.
       Claimed Astaro Weaknesses                        SonicWALL Approach




Software solutions not as fast.              Utilize proprietary ASIC in appliance.




Software solutions require complex error
prone installation and configuration.        Integrated hardware and software product.



Confidential: not for external distribution
We welcome any comments or corrections with respect to this material.
Please include specific pointers to literature or websites when providing feedback to info@aglais.com.
Last update: 12/4/02 -
   $100M range and roughly 450 employees. It has
mpts to broaden it's product offerings (SSL, VPN,
 atisfactory results. Although SonicWALL has been
   remains noticeably lower than it's U.S. share.
 n proprietary ASIC-based hardware design and OS.
  ity, and has lead to a packaging strategy of
 rket pressures are changing this.

                        Customer Implication



             Security significantly enhanced and operational
             costs/complexity significantly reduced.

             Contents of packets are inspected for viruses
             and malicious code vastly enhancing security.
             No need to buy (or develop) and administer
             separate solutions, yielding significant cost
             savings.



             Savings on initial purchase become even
             greater over the life time when upgrades and
             recurring annual fees and administrative costs
             are considered.
             No need to throw away software when
             upgrading platform, improved platform choice,
             lower hardware costs, existing platforms can
             be upgraded.
                           Astaro Rebuttal
             Software approach allows choice between
             numerous platforms that are increasing in
             performance and decreasing in price rapidly
             due to volume. SonicWALL appliances generally
             have significantly worse throughput and
             functionality for comparable prices and can not
             be upgraded as traffic grows.

             Simple CD based installation including the OS
             requires customer to only configure security
             parameters, no operating system or hardware
             configuration required. Unlike SonicWALL
             separate installation and maintenance not
             required for virus protection (on every PC),
             URL filtering, authentications, etc.




edback to info@aglais.com.
                                                   Fortinet Competitive Brief
Established in 2000 by the former CEO of Netscreen, Fortinet is an unprofitable venture-backed organization which began
products at the end of 2001. Their key offering is the FortiGate line of ASIC based firewalls, along with the FortiManager
management station and the Fortinet Remote VPN client. With 100 employees, and a product offering which is quite broad
organization has a very significant cash burn rate along with a very significant work load.

             Fortinet Weakness                                Astaro Approach
Unproven proprietary anti-virus solution        Astaro fully integrates and supports the market-
delivered by a team of 100 people also          leading anti-virus software of Kaspersky Lab, a
attempting to develop custom ASIC's, firewall   250 person firm focused entirely on virus
appliances, an operating system and other       detection and prevention, with 16 years of
solutions.                                      experience.

Limited feature set. No caching, no wireless
support, no AES support, etc.                   Mature product with a full suite of features.




Proprietary hardware platform.                  Customer selects appropriate platform.

                                                Astaro has had years to fully integrate,
                                                distribute and support content filtering
Content filtering database is reportedly not    software from Cobion, which has the largest
yet available                                   content analysis operation in the world.

Company is high risk. High burn rate,           Astaro has 10,000+ installations. Company
unproven ability to penetrate market and        has been self-funding for years. Proven
support very broad technology offering.         technology, proven business model.
                                                Astaro leverages the development skills of the
                                                vast open source market to bring customers
                                                world-class security software more rapidly and
Expensive!                                      at lower prices.
      Claimed Astaro Weaknesses                              Fortinet Approach

                                                Fortinet is attempting to ignore Astaro by
                                                claiming there is no other competition with
Non-existence.                                  their functionality.




Software solutions not capable of carrying
out content-level processing.                   Utilize proprietary ASIC in appliance.
Astaro does not own and control all the             Tries to internally develop proprietary software
software in their product.                          for all security threats.


Confidential: not for external distribution
We welcome any comments or corrections with respect to this material.
Please include specific pointers to literature or websites when providing feedback to info@astaro.com.
Updated: 03.09.26 - Respond to competitive issues being raised by Fortinet
table venture-backed organization which began shipping
C based firewalls, along with the FortiManager
yees, and a product offering which is quite broad, the
ant work load.

                        Customer Implication
             Customer will get much more comprehensive
             virus detection/prevention software and much
             more timely updates from a larger more
             focused organization, improving overall
             security.
             No need to add additional products to fill in
             missing functionality. All-in-one solution from
             Astaro.
             No need to throw away software when
             upgrading platform, improved platform choice,
             lower hardware costs, existing platforms can
             be upgraded.



             Immediate proven up-to-date access to the
             most comprehensive content filtering software
             and database in the market.

             An investment in Astaro products is secure
             because the company and technology are
             proven.



             Significantly lower purchase and annual
             operating costs, with higher functionality.
                            Astaro Rebuttal
             Astaro has a richer feature set, 10,000+ and
             rapidly growing customer base, as well as
             proven functionality. Attempts to ignore Astaro
             undermine their credibility.


             Off-the-shelf platforms are being successfully
             deployed in 10,000+ sites. Appliances from
             our partners are available for high-performance
             applications. Astaro's open systems approach
             allows choice between numerous platforms that
             are increasing in performance and decreasing
             in price rapidly due to volume. Customers are
             not locked into a platform that will be
             uncompetitive in the future.
            Astaro has an architecture that enables it to
            select and integrate the best security
            applications in the world. This allows world-
            class functionality to be delivered rapidly as
            security needs evolve. No one vendor has the
            resources and specialized skills to develop a
            full range of high quality security applications.
            ASL is mostly based on open source
            applications, which Astaro has full access to,
            and thus full control over. As a result it also
            delivers solutions more economically.




edback to info@astaro.com.
                                   WatchGuard Technologies Competitive Brief
WatchGuard Technologies is an unprofitable publicly traded company with roughly 320 employees and a revenue run rate
$70M. It's traditional strength has been the high-end of the SME market, where it markets an integrated appliance solution
WatchGuard is in the process of rolling out the new ASIC based hardware platform acquired through Rapidstream, which i
marketed as it's "Firebox V" product line, and hopes to position it for remote F1000 offices. It also markets this platform wi
Point software under the RapidStream brand, targeted at core F1000 sites. The company's success in managing this dive
product lines and target markets is being watch closely.

         WatchGuard Weakness                              Astaro Approach
                                            Virus scanning carried out on firewall ensuring
No integrated virus protection. 3rd party   virus do not penetrate perimeter and avoiding
Windows-only service utilized.              separate installation and maintenance.

                                            Although Astaro Professional Edition does not
                                            compete against WatchGuard's high-end
                                            models, ASL provides higher performance in
Performance.                                the price bands in which it competes.
                                            Astaro includes a rich, complete rapidly
                                            growing feature set leveraging the vast
                                            resources of the open source community,
                                            including: 1) web caching 3) QoS 3) load
                                            balancing 4) POP3 virus protection 5)
Limited feature set.                        predefined live reporting.




                                            Astaro can keep normally a month and more
No HDD, limited logging capabilities        logging information on the HDD




Proprietary Hardware Platform.              Customer selects appropriate platform.

                                            Customer can use existing hardware platform.
                                            More functionality bundled; fewer extra
                                            charges. Even with purchase of a new platform
                                            Astaro solution will typically yield significant
More costly.                                savings when all options are considered.

                                            A standard Web-Browser is used for
Extra Hardware/Software needed for          administration purposes, no extra client
administration.                             software required.




                                            Astaro has one product, which can be used
                                            from small office requirements upto enterprise
                                            level perfomance, based on the underlying
Not focused on a specific product line      hardware.
      Claimed Astaro Weaknesses                       WatchGuard Approach
Software solutions require complex error
prone installation and configuration.      Integrated hardware and software product.




Astaro is a small company.                 Larger, publicly traded company.




Confidential: not for external distribution
We welcome any comments or corrections with respect to this material.
Please include specific pointers to literature or websites when providing feedback to info@aglais.com.
Last update: 12/4/02 -
ompetitive Brief
roughly 320 employees and a revenue run rate of about
 here it markets an integrated appliance solution.
platform acquired through Rapidstream, which is
e F1000 offices. It also markets this platform with Check
  The company's success in managing this divergence in


                        Customer Implication


             Security significantly enhanced and operational
             costs/complexity significantly reduced.




             Less need to upgrade hardware as traffic
             increases, better performance.



             No need to purchase, install and maintain
             separate software and servers for these
             functions. Operate more securely and cost
             effectively with Astaro.

             No need to download the logfiles dayly, or use
             expensive SYSLOG logging to an external site,
             generating massive amounts of data which has
             to share the Internet Connection
             No need to throw away software when
             upgrading platform, improved platform choice,
             lower hardware costs, existing platforms can
             be upgraded.


             Savings on initial purchase become even
             greater over the life time when upgrades and
             recurring annual fees and administrative costs
             are considered.
             No need to install extra administration software
             on a Windows 98/2000/NT PC client PC, which
             is then dedicated for management of the
             WatchGuard firewall.


             WatchGuard customers/resellers dont
             understand, which product line to choose. After
             aquiring Rapidstraem, WatchGuard markets the
             old Firebox line (just added the 500 model),
             the new Vclass products (based on the new
             Rapidstream technology, but still the old
             product), and the Rapidstream CheckPoint line.
             Will WatchGuard maintain there od firewall
             software, or will they switch to CheckPoint as a
             supplier?
                           Astaro Rebuttal
             Simple CD based installation including the OS
             requires customer to only configure security
             parameters, no operating system or hardware
             configuration required. Unlike WatchGuard, no
             separate installation and maintenance required
             firewall management, virus protection, URL
             filtering, authentications, etc.

             Astaro leverages the vast resources of the
             open source community, combined with it's
             own value added software, QA and services to
             deliver functionality which is richer and more
             timely than companies like WatchGuard.
             WatchGuard despite it's size has not been
             profitable, while Astaro has been self funding.




edback to info@aglais.com.
                                             SmoothWall Competitive Brief
SmoothWall Ltd. is a privately held UK organization formed in 2001. Of all Astaro's competitors, their product developmen
business model is most similar. They have used Linux and open source software as the base for their product. They sell t
resellers and an on-line store. Traditionally they have lagged behind Astaro in product, channel and corporate developmen
packaging is highly unbundled, creating a perception of lower pricing, which can be counteracted by adding up the sum of
parts on the detailed competitive chart.

          SmoothWall Weakness                              Astaro Approach
                                             Virus scanning carried out on firewall ensuring
                                             viruses do not penetrate perimeter, and
                                             avoiding installation and maintenance of
No virus protection.                         separate product.

                                             SmoothWall does not publish any performance
Performance.                                 characterization or throughput data.
                                             Astaro includes a rich, complete rapidly
                                             growing feature set including: 1) autobackup
                                             and restore 2) QoS 3) load balancing 4)
                                             integration with 3rd party authentication
Limited feature set.                         databases.

                                             Farm of 1,000 servers constantly analyzes web
                                             pages in 11 languages utilizing 4 different
Slow, inaccurate URL filtering approach      analysis techniques, then places them in 58
utilizing local keyword scanning of pages.   customizable categories.




                                             Integrated spam protection utilizing 3 different
No spam protection.                          techniques to block unsolicited email.
                                             Updates can be scheduled automatically
No automatic software update service.        ensuring software is kept up to date.


       Claimed Astaro Weaknesses                        SmoothWall Approach

                                             Features that are bundled into the Astaro
                                             product are unbundled in SmoothWall to make
Astaro is expensive.                         the list price appear low.




Usage restriction by number of devices       No restrictions on number of devices/IP's
supported                                    supported



Confidential: not for external distribution
We welcome any comments or corrections with respect to this material.
Please include specific pointers to literature or websites when providing feedback to info@aglais.com.
Last update: 01/07/03 -
tive Brief
 Astaro's competitors, their product development and
oftware as the base for their product. They sell through
o in product, channel and corporate development. Their
h can be counteracted by adding up the sum of the many


                        Customer Implication


             Security significantly enhanced and operational
             costs/complexity significantly reduced.

             Difficult to determine whether product will fit
             any but the simplest application needs.
             Astaro can help the customer optimize
             performance, guarantee quick recovery, and
             avoid duplication of user databases. This
             enhances employee productivity and reduces
             costs.

             Web response time not slowed down by local
             attempts to scan content. Much greater
             accuracy in blocking. Both have direct and
             measurable impact on user productivity.

             30% to 50% of email is currently spam,
             requiring extensive employee labor to filter it
             out. Astaro automates such filtering,
             improving employee productivity.

             Better security, and lower operations cost.


                            Astaro Rebuttal
             Add up the option cost listed on the
             competitive matrix, then point out the
             incremental features and functions Astaro
             provides which SmoothWall does not.

             SmoothWall accompishes tiering of prices
             based upon the number of VPN connections.
             The VPN option only supports 5 connections.
             Additional connections must be licensed in
             increments of 5 or more.




edback to info@aglais.com.
                                                Symantec Competitive Brief
Publicly held Symantec Corporations generates over $1.4 billion in sales annually. It is the market leader in anti-virus softw
focusing on the consumer desktop segment, with 32% share. In the past, the company has grown by taking share from sm
companies. However with it's current share, this is becoming much more difficult, so the company is attempting become a
source supplier of security solutions, requiring it to market security appliances. It has been executing this strategy through
acquisition of 6 companies, including a gateway appliance manufacturer. The strategy of becoming a one-stop security sh
through acquisitions has failed for both CA and NA. As Southwest Securities notes, "To date, Symantec’s growth strategy
unproven. By expanding beyond antivirus, the company faces intense competition from a more diverse group of competito
Furthermore, we have yet to uncover any meaningful deployments of the Symantec’s integrated appliances." Symantec's
success may be attributable to the fact that 1) it is a software company trying to market hardware appliances, 2) it is relying
channels set up for software to market hardware, 3) there is growing internal competition for resources from very diverse p
lines and 4) it is very hard to be good at everything a dynamic market like security.

             Symantec Weakness                               Astaro Approach

                                               Astaro can be deployed on any standard PC
                                               hardware platform, allowing users to select the
                                               performance appropriate for their application,
                                               and ride the rapid increases in performance
Gateway appliances have extremely poor         occuring in the PC market, while protecting
throughput/performance                         their software investment.

                                               Astaro uses software from the open source
                                               community to deliver highly affordable, best-of-
                                               breed solutions. Astaro allows customers to
                                               utilize hardware from the extremely
                                               competitive PC market to further improve
Gateway appliances are very expensive          affordability.


Proprietary hardware platform, delivered by    Customer selects appropriate platform from
a company that has always been a software      highly competitive hardware specialists. Astaro
company                                        focuses its resources solely on software.



Lack of features including web caching, QoS, Astaro provides an complete integrated
POP3 virus scanning, etc.                    solution, including these features.

                                               Astaro has had years to fully integrate,
                                               distribute and support content filtering
Content filtering database is reportedly not   software from Cobion, which has the largest
yet available                                  content analysis operation in the world.
Gateway security products are high risk.
Symantec has minimal installations of the
5200/5300, and has not shown that it can       Astaro has 10,000+ installations. Company
run a competitive gateway appliance            has been self-funding for years. Proven
business.                                      technology, proven business model.
                                               Astaro leverages the development skills of the
                                               vast open source market to bring customers
                                               world-class security software more rapidly and
Expensive!                                     at lower prices.
      Claimed Astaro Weaknesses                            Symantec Approach
Small company, could disappear                       $1.4 billion, profitable company




Not enough resources to compete with                 Huge company with 4,000 employees focused
Symantec in the long term.                           on security products.



Confidential: not for external distribution
We welcome any comments or corrections with respect to this material.
Please include specific pointers to literature or websites when providing feedback to info@astaro.com.
Created: 25/0703 - New product, limited data available, additional inputs welcome.
nnually. It is the market leader in anti-virus software,
 he company has grown by taking share from smaller AV
difficult, so the company is attempting become a single
ces. It has been executing this strategy through the
The strategy of becoming a one-stop security shop
es notes, "To date, Symantec’s growth strategy is
petition from a more diverse group of competitors.
 ymantec’s integrated appliances." Symantec's lack of
ng to market hardware appliances, 2) it is relying on
 al competition for resources from very diverse product
 ecurity.

                        Customer Implication
             Symantec products will not meet the
             throughput requirement of many customers,
             which would of course greatly impact
             productivity across the enterprise. With Astaro
             the customer selects the appropriate platform,
             and can change the platform as the application
             environment changes.




             Customers can significantly reduce operating
             expenses while delivering better performance
             with Astaro.
             No need to throw away software when
             upgrading platform, improved platform choice,
             lower hardware costs, existing platforms can
             be upgraded.


             Customer avoids the cost of purchasing,
             integrating and managing separate appliances
             for these functions.



             Immediate proven up-to-date access to the
             most comprehensive content filtering software
             and database in the market.


             An investment in Astaro products is secure
             because the company and technology are
             proven.



             Significantly lower purchase and annual
             operating costs, with higher functionality.
                            Astaro Rebuttal
            Astaro has been self funded since 2001, and
            has shown traction in the market with over
            10,000 installations. On the other hand
            Symantec has been unable to sell any
            significant volume of gateway products, and
            could determine at some time that it should not
            be in the hardware business.


            Astaro leverages the vast resources of the
            open source community so it does not have to
            spend internal engineering resource recreating
            proven available security functions, and as
            such can deliver better functionality than
            companies delivering proprietary software.
            Additionally, Astaro is completely focused on
            gateway security, while the vast majority of
            Symantec resources are focused on areas
            other than gateway security




edback to info@astaro.com.
     Confidential: not for external distribution
     Initial version created: 22/05/03


                                                         Astaro                 Astaro               Check Point             Check Point
                                                       ASL- Office            ASL- Office          Safe@Office 110         Safe@Office 225
     Firewall Pricing                                    10 IPs                 25 IPs
       S/W price                                          $390                   $750
       S/W + appliance                                                                                   $599                    $1,099
       Annual subscription included?                     included               included           no - 90 days only        no - 90 days only
       Annual s/w subscriptions                            $95                   $195                  see below                see below
       Additional support minimum/premium               $295/$495              $295/$495                  $96                     $180
       Annual virus protection updates (users)          $295 (10)              $495 (25)                 $516                    $1,236

       Annual URL filter updates (# devices)            $275 (10)              $550 (25)            included in $516        included in $516
     Performance & Throughput
       Max # users                                        10 IP's                25 IP's                10 user                25 users
       Max # VPN tunnels                                     10                     10                     5                      10
       Max # conc. connections                             5,000                  5,000                  2,000                  8,000
       Filter throughput (Mbps)                             730                    730                     22                     80
       VPN IPSec Mbps throughput (technique)       115 (AES), 65 (3DES)    116 (AES), 65 3DES          3M (3DES)              20M (3DES)
       HTTP proxy throughput (Mbps)                  not yet published      not yet published            none
     Security Features
       Stateful packet inspection filter                   yes                     yes                    yes                      yes
       Application level security                          yes                     yes                    no                       no

                                                                                                  no - either buy SMS     no - either buy SMS
                                                                                                  server and 3rd party    server and 3rd party
                                                                                                 AV product, or get as a AV product, or get as a
       SMTP virus protection                               yes                     yes              service from CP         service from CP

                                                                                                  no - either buy SMS     no - either buy SMS
                                                                                                  server and 3rd party    server and 3rd party
                                                                                                 AV product, or get as a AV product, or get as a
       POP3 virus protection                               yes                     yes              service from CP         service from CP
       HTTP virus protection                               no                      no                      no                      no
       ActiveX, Java, flash, cookies filtering       yes/yes/yes/yes         yes/yes/yes/yes               no                      no




Al Cooley 1/14/03                                   Confidential Not For External Distribution                                                     43
                                                                                                               Either buy SMS server     Either buy SMS server
                                                                                                                  and 3rd party AV          and 3rd party AV
                                                                                                                 product, or get as a      product, or get as a
                                                                                                               service from CP. Very     service from CP. Very
                                                                                                                limited capability - 6    limited capability - 6
                                                        full list of 2.1 billion    full list of 2.1 billion   categories, no info on    categories, no info on
       URL filtering                                   pages, 58 categories        pages, 58 categories             categorization            categorization


       Spam filtering                                          yes                         yes                          no                        no
       File-type blocking (email; downloads)                   yes                         yes                          no                        no
       Portscan detection                                      yes                         yes                          yes                       yes
       Intrusion detection                                      no                          no                          no                        no
                                                       planned product, 3rd        planned product, 3rd
       Intrusion prevention                                   party                       party                         no                        no
       NAT, PAT & masquerading                             yes/yes/yes                 yes/yes/yes                  yes/yes/no                yes/yes/no
       Anti-spoofing                                           yes                         yes                         yes                       yes
     Popular Pre-defined Services
       SMTP-proxy                                                yes                         yes                        yes                       yes
         Support TLS                                             yes                         yes                        no                        no
       HTTP-proxy                                                yes                         yes                        no                        no
       DNS-proxy                                                 yes                         yes                        no                        no
       FTP-proxy                                                 no                          no                         no                        no
       SOCKS-proxy                                               yes                         yes                        no                        no
       DHCP server                                               yes                         yes                        yes                       yes
       DHCP client                                               yes                         yes                        yes                       yes
     Security Updates
       On-line automatic secure updates                         yes                       yes                yes                     yes
        Automatic categorization of unindexed URL's    24 hrs/day - included 24 hrs/day - included technique not published technique not published
                                                      selectable:hourly, daily, selectable:hourly, daily,
         System updates                                        weekly                    weekly              yes                     yes

                                                      selectable:hourly, daily, selectable:hourly, daily,
         Virus pattern updates                                 weekly                    weekly                                yes -
                                                                                                      yes - but quality not publishedbut quality not published
         Surf protection updates                                daily                     daily                                yes -
                                                                                                      yes - but quality not publishedbut quality not published
     Firewall Features
       Integrated web caching                                    yes                         yes                         no                        no
       Load balancing                                            yes                         yes                         no                        no

       Quality of Service                                        yes                         yes                         no                        no

       High availability                                         yes                         yes                       yes                       yes
       Automatic backup & restore                                yes                         yes                      manual                    manual




Al Cooley 1/14/03                                       Confidential Not For External Distribution                                                                 44
       PPPoE & PPPoA                                           yes/yes                 yes/yes               yes/no             yes/no
       ICSA certification                                     underway                underway                 no                 no
     Management

       Installation & setup                               single CD & manual     single CD & manual       Pre-installed      Pre-installed




       Unified management interface                               yes                     yes                   yes              yes
       Local management method                                   https                   https               https, CLI       https, CLI
       Remote management method                                  https                   https                 https            https
                                                                                                        SmartCenter & SC
                                                                                                         Pro, Provider-1,
       Global configuration management                     in development          in development         SiteManager-1
                        management
       Cost for central mgmt. (#devices)                $2995 (10), $7995 (35)            -              $20,000 (unlim)
       Local logging/remote logging (syslog)                   yes/yes                   yes                  no/yes            no/yes
       Alerts supported                                         email                   email                    no               no
       SNMP support                                              yes                     yes                     no               no

       Out-of-band management                              yes - serial port       yes - serial port

                                                           Included or use         Included or use
       Reporting                                             Webtrends               Webtrends                none              none
     VPN Features
                                                                                                        SecuRemote free,
                                                                                                          $7,000 (100)
       VPN client price (users)                             $ 80 @ qty 10           $ 80 @ qty 10         SecureClient
       IPSec/PPTP                                              yes/yes                 yes/yes               yes/yes           yes/yes

                                                        3DES, AES, Blowfish,     3DES, AES, Blowfish,
       Encryption methods                               Twofish, Serpent, Null      Twofish, Null       DES, 3DES, AES      DES, 3DES, AES
       IPSEC authentication                              SHA1, SHA2, MD-5,          MD-5, SHA1            MD-5, SHA2         MD-5, SHA3

       Key management                                     PSK, X.509v3, RSA       PSK, X.509v3, RSA          X.509              X.509




       PKI/ digital certificate authorities supported       internal, public        internal, public         public             public
     Authentication
       Local user authentication                                  yes                     yes                  yes               yes
       Win NT/2000 user authentication                            yes                     yes                  no                no
       Radius user authentication                                 yes                     yes                  yes               yes
       LDAP                                                       yes                     yes                  no                no




Al Cooley 1/14/03                                         Confidential Not For External Distribution                                         45
       PKI card support                                yes                     yes                        no                       no
     Appliance platform
       Upgrade options                            swap hardware           swap hardware             swap hardware            swap hardware

       CPU                                     733MHz (recomded)       733MHz (recomded)             not publicized           not publicized
       RAM                                      256M (recomded)         256M (recomded)              not publicized           not publicized
       HDD GB                                    20 (recomded)           20 (recomded)               not publicized           not publicized
       HDD IDE/SCSI                                   either                  either                 not publicized           not publicized
                                                                                                 1 4 port switch and 1    1 4 port switch and 2
       # 10/100 interfaces included (#NICs)   user selectable up to 3 user selectable up to 3          WAN port                WAN ports
                                              user selectable upgrade user selectable upgrade
       Max # NICs                                       to 3                    to 3               not expandable            not expandable

       Hardened operating system                Hardened Linux 2.4     Hardened Linux 2.4               Linux                     Linux
     Other features and comments
                                                                                                 Includes free license
                                                                                                   for single device
                                                                                                     Smart Center
                                                                                                 Management Console
                                                                                                  needed to manage
                                                                                                VPN, granular policies,
                                                                                                    updates and ID.
                                                                                                Requires management
                                                                                                VPN-1 Accelerator Card
                                                                                                  option available to
                                                                                                       offload IKE
                                                                                                     cryptographic
                                                                                                       operations



                                                                                                 Includes 5 client VPN    Includes 10 client VPN
                                                                                                       licenses                  licenses


                                              We welcome any comments or corrections with respect to this material. Please include specific pointers to literat
                                              Note: All prices are U.S. list prices unless otherwise noted.




Al Cooley 1/14/03                               Confidential Not For External Distribution                                                         46
 Competitive Comparison Low End Products

   SonicWALL              SonicWALL              SonicWALL                   NetScreen                   NetScreen                   NetScreen
    SOHO3 10               SOHO3 25               SOHO3 50                      5XP                         5XT                      5GT Plus


        $495                  $695                   $895                     $495/$995                 $695/$1,195                    $1,095
  no - 90 days only     no - 90 days only      no - 90 days only          no - 90 days only           no - 90 days only       new GT Plus purchases only
                                                     $266                        $150                        $150                       $330
     $115/$135              $115/$135             $155/$205                   $170/$450                   $240/$540                     $495
     $325 (10)              $813 (25)            $1,625 (50)                 not available               not available           In support contract
                                                                      $1,495 to $1,995 + $1,000   $1,495 to $1,995 + $1,000
     $175 (10)              $345 (25)             $495 (unlim)               support (50)                support (50)


         10                     25                     50                   10/unlimited                10/unlimited             unlimited (10 for GT)
         10                     10                     10                        10                          10                            10
       6,000                  6,000                  6,000                     2,000                       2,000                         2,000
         75                     75                     75                        20                          70                            75
     20 (3DES)              20 (3DES)              20 (3DES)                 13 (3DES)                   20 (3DES)                    20 (3DES)
       none                   none                   none                                                                            not published


         yes                    yes                    yes                       yes                         yes                         yes
         no                     no                     no                        no                          no                          yes

 not on firewall; 3rd   not on firewall; 3rd   not on firewall; 3rd
   party managed          party managed          party managed
  desktop service        desktop service        desktop service
  (Windows only!)        (Windows only!)        (Windows only!)                  No                          No                          yes




         no                     no                     no                        No                          No                         yes
         no                     no                     no                        No                          No                          No
   yes/yes/no/yes         yes/yes/no/yes         yes/yes/no/yes            yes/yes/no/yes              yes/yes/no/yes              yes/yes/no/yes




Al Cooley 1/14/03                                              Confidential Not For External Distribution                                                  47
option - very limited   option - limited list   option - limited list
     list of 200K            of 200K                 of 200K              separate 3rd party box      separate 3rd party box     separate Websense box


           no                   no                      no                           No                          No                          No
  limited - exe., vbs   limited - exe., vbs     limited - exe., vbs                  No                          No                          No
           no                   no                      no                           yes                         yes                         yes
           no                   no                      no                  separate product/box        separate product/box        separate product/box

         no                     no                      no                          no                            no                        no
     yes/yes/no             yes/yes/no              yes/yes/no                  yes/yes/no                    yes/yes/no                yes/yes/no
        yes                    yes                     yes                         yes                           yes                       yes


         no                     no                      no                          yes                          yes                        yes
         no                     no                      no                          no                           no                         no
         no                     no                      no                          yes                          yes                        yes
         no                     no                      no                          yes                          yes                        yes
         no                     no                      no                          yes                          yes                        yes
         no                     no                      no                          no                           no                         no
         yes                    yes                     yes                         yes                          yes                        yes
         yes                    yes                     yes                         yes                          yes                        yes


         yes                    yes                     yes                         no                          no                          no
         no                     no                      no              depends upon vendor selecteddepends upon vendor selecteddepends upon vendor selected

   via web browser        via web browser     via web browser          bulletin board              bulletin board              bulletin board
 3rd party managed      4th party managed 5th party managed
 service for Windows    service for Windows service for Windows
         only                   only                only                not available               not available               not available
        weekly                 weekly              weekly       depends upon vendor selecteddepends upon vendor selecteddepends upon vendor selected


          no                     no                      no                separate 3rd party box      separate 3rd party box      separate 3rd party box
          no                     no                      no                          no                          no                          no
 limited - outbound     limited - outbound      limited - outbound
         only                   only                    only                 DS, Priority Mgmt.          DS, Priority Mgmt.          DS, Priority Mgmt.
                           yes - doesn't           yes - doesn't
        no                 maintain state          maintain state                  no                          no                          no
       manual                 manual                  manual                    manual only                 manual only                 manual only




Al Cooley 1/14/03                                                Confidential Not For External Distribution                                                    48
       yes/no                yes/no               yes/no                    yes/?                          yes/?                        yes/?
        yes                   yes                  yes                       yes                            yes                          yes

    appliance & 8         appliance & 8        appliance & 8
       manuals               manuals              manuals            complex; 6 manuals            complex; 6 manuals            complex; 6 manuals
    separate virus        separate virus       separate virus
     management            management           management
  interface with 3rd    interface with 3rd   interface with 3rd   No. Also separate 3rd party   No. Also separate 3rd party   No. Also separate 3rd party
         party                 party                party          interface to URL blocking     interface to URL blocking     interface to URL blocking
       http, CLI             http, CLI            http, CLI                 CLI, http                     CLI, http                     CLI, http
         https                 https                https              https, Telnet, SSH            https, Telnet, SSH            https, Telnet, SSH


   Global Mgt. Sys       Global Mgt. Sys      Global Mgt. Sys        Global Pro & Express          Global Pro & Express          Global Pro & Express
     $9,995 (25)           $9,995 (25)          $9,995 (25)       $27,190 (100), $5,995 (25)            $330/$289                     $330/$289
     limited/yes           limited/yes          limited/yes           no logging support            no logging support            no logging support
     single email          single email         single email           no event support              no event support              no event support
          yes                   yes                  yes                      yes                           yes                           yes
   limited CLI via       limited CLI via      limited CLI via
     serial/v.92            serial/v.93          serial/v.94       VPN tunnel uses 1 inter.      VPN tunnel uses 1 inter.      VPN tunnel uses 1 inter.

                       Viewpoint $595 or     Viewpoint included
      3rd party            3rd party            or 3rd party            via Webtrends                 via Webtrends                 via Webtrends




     $545 (10)             $545 (10)           $3,995 (100)               $485 (10)                      $485 (10)                    $485 (10)
      yes/no                yes/yes               yes/yes                  yes/no                         yes/no                       yes/no

                        AES, DES, 3DES,       AES, DES, 3DES,
DES, 3DES, ARCFour          ARCFour               ARCFour             DES, 3DES, AES                DES, 3DES, AES                DES, 3DES, AES
 SHA-1, MD5, X.509     SHA-1, MD5, X.510     SHA-1, MD5, X.511     SHA-1, MD5, PKCS, SCEP        SHA-1, MD5, PKCS, SCEP        SHA-1, MD5, PKCS, SCEP
                        $995 option, IKE,     $995 option, IKE,
  IKE, PKI, Manual        PKI, manual           PKI, manual           Manual, IKE, X.509            Manual, IKE, X.509            Manual, IKE, X.509


 VeriSign only ($585   VeriSign only ($585 VeriSign only ($585
 gateway/yr. $1195     gateway/yr. $1195 gateway/yr. $1195
   for 50 clients)       for 50 clients)     for 50 clients)      Veri, Entrust, CA, RSA, +3    Veri, Entrust, CA, RSA, +4    Veri, Entrust, CA, RSA, +4


                                                                          100 users                      100 users                    100 users

         yes                   yes                  yes                      yes                            yes                          yes
                                                                             yes                            yes                          yes




Al Cooley 1/14/03                                           Confidential Not For External Distribution                                                      49
                                                                                         no                            no                            no


                 none: replace       none: replace        none: replace            none: replace                 none: replace                 none: replace
               Toshiba 133MHz &    Toshiba 133MHz &     Toshiba 133MHz &
                     ASIC                ASIC                 ASIC
                      16M                 16M                  16M             no flash on this model        no flash on this model        no flash on this model
                   4M (Flash)         4M (Flash)           4M (Flash)                  no disk                       no disk                       no disk
                     none                none                 none                  not available                 not available                 not available

                       2                   2                    2                        2                             5                              5

                not expandable       not expandable      not expandable            not expandable                not expandable                not expandable

              proprietary "RTOS"   proprietary "RTOS"   proprietary "RTOS"     Does not use ScreenOS         Does not use ScreenOS         Does not use ScreenOS

                                                                             Due to hardware limitations   Due to hardware limitations   Due to hardware limitations
                                                                              Netscreen devices have a      Netscreen devices have a      Netscreen devices have a
                                                                             maximum number of rules       maximum number of rules       maximum number of rules
                                                                               that can be supported.        that can be supported.        that can be supported.
                                                                              When this limit is reached    When this limit is reached    When this limit is reached
                                                                              customers are advised to      customers are advised to      customers are advised to
                                                                             upgrade to move to a new      upgrade to move to a new      upgrade to move to a new
                                                                                      appliance.                    appliance.                    appliance.


                                                                                                                                          This is a new model with
                                                                                                                                         limited info available right
                                                                                                                                                     now.

                                                                                                                                         The plus (more explensive)
                                                                                                                                         version has dial backup and
                                                                                                                                             redundant Internet
                                                                                                                                                 connections.


se include specific pointers to literature or websites when providing feedback to info@astaro.com.




             Al Cooley 1/14/03                                         Confidential Not For External Distribution                                                       50
         Fortinet                    Fortinet                   NexServer                     Fortinet
           50                          60                          Pro                          100


            $695                    $995/$1495                     $2,999                      $1,995
              no                          no                         no                           no
  in support, requires mgr.   in support, requires mgr.             $499              in support, requires mgr.
         $104/$243                                                  $999                     $300/$700
             $70                                             included in support                $200

  Announced not available     Announced not available           not available         Announced not available


            10                     10, unlimited                not   published            10, unlimited
            20                          40                      not   published                 80
       3000 sessions              50000 sessions                not   published           200000 sessions
            30                          70                      not   published                 95
         7 (DES)                     20 (DES)                   not   published              25 (DES)
                                                                not   published


            yes                         yes                            yes                      yes
            yes                         yes                            no                       yes




            yes                         yes                           yes                       yes




           yes                         yes                             no                       yes
           yes                         yes                             no                       yes
      yes/yes/no/yes              yes/yes/no/yes                       no                  yes/yes/no/yes




Al Cooley 1/14/03                                         Confidential Not For External Distribution              51
                                                       no - only support manual
  Announced not available   Announced not available        white or blacklist         Announced not available
                                                           optional - limited
                                                      functionality, blackhole list
            no                        no                          only                          no
                                                                optional
                                                                   no
            yes                       yes                          no                           yes

            no                        no                          no                            no
        yes/yes/no                yes/yes/no                   yes/no/no                    yes/yes/no
                                                                  no


            yes                       yes                         no                            yes
                                                                  no
                                                                  no
                                                                  no
                                                                  no
                                                                  no
            yes                       yes                         yes                           yes
            yes                       yes                         yes                           yes


     Virus and ID only         Virus and ID only                   no                    Virus and ID only
        not available             not available                    no                       not available

      TFTP or web UI            TFTP or web UI                     no                     TFTP or web UI


     via FortiManager          via FortiManager                    no                    via FortiManager
       not available             not available                     no                      not available


             no                        no                         yes                            no
             yes                       yes                        no                             yes
  Priority Mgmt, Guar/Max   Priority Mgmt, Guar/Max                                   Priority Mgmt, Guar/Max
           Bdwdth.                   Bdwdth.                       no                          Bdwdth.

            no                        no                           no                           no
                                                                   no




Al Cooley 1/14/03                                     Confidential Not For External Distribution                52
          yes/no                yes/no                    yes/no                      yes/no
           yes                   yes                        no                         yes



                                                       not specified




            yes                    yes                 not specified                    yes
            CLI                    CLI                     http                         CLI
        https, SSH             https, SSH                  http                     https, SSH


   FortiManager planned   FortiManager planned             no                  FortiManager planned
                                                           N/A
          no/yes                no/yes                     no                         no/yes
           email                 email                     no                          email
            yes                   yes                      no                           yes

                                                            no


      via Webtrends          via Webtrends                 none                   via Webtrends




         $56 (1)                $56 (1)                not available                 $56 (1)
           yes                    yes                    yes/yes                       yes


       DES, 3DES              DES, 3DES                   3DES                     DES, 3DES
       SHA-1, MD5             SHA-1, MD5               not specified               SHA-1, MD5

    Manual, IKE, X.509     Manual, IKE, X.509               no                  Manual, IKE, X.509




            CA                    CA                       none                         CA


           yes                    yes                       no                         yes
           no                     no                        no                         no
           no                     yes                       no                         yes
           no                     no                        no                         no




Al Cooley 1/14/03                                Confidential Not For External Distribution           53
                                                                         no


       none: replace                  none: replace                 none: replace                 none: replace

                                                                   1.8G Pentium 4
                                                                       512M
           20G                            20G                          120G                           20G
       not available                  not available                                               not available

             3                              3                             1                             3

      not expandable                 not expandable                       1                      not expandable

    proprietary FortiOS            proprietary FortiOS      no - standard Red Hat Linux        proprietary FortiOS



Several announced features     Several announced features                                  Several announced features
 have been found to be not      have been found to be not                                   have been found to be not
  yet available. If you find     yet available. If you find                                  yet available. If you find
others please email us. Also   others please email us. Also Targeted at offices with 5 to others please email us. Also
   seeking more detailed          seeking more detailed      15 people. Firewall server       seeking more detailed
 product information since      product information since    shared for email, file, print  product information since
       product is new.                product is new.               sharing, etc.                 product is new.




Al Cooley 1/14/03                                            Confidential Not For External Distribution                   54
                                                                                                   Competitive Comparison Mid-Market Products

                                                 Astaro                      Astaro                   SonicWALL              SonicWALL
                                            ASL- Professional           ASL- Professional              PRO 100                PRO 230
Firewall Pricing                                 50 IPs                      100 IPs
  S/W price                                         $995                       $1,495
  S/W + appliance
  Annual subscription included?                   included                    included              no - 90 days only      no - 90 days only
  Annual s/w subscriptions                         $275                        $395                       $158                   $176
  Additional support minimum/premium             $495/$795                   $495/$796                 $175/$205              $195/$295
  Annual virus protection updates (users)        $695 (50)                   $895 (100)                $1625 (50)            $2,995 (100)

  Annual URL filter updates (# devices)           $950 (50)                $1,650 (100)                $695 (unlim)           $695 (unlim)
Performance & Throughput
  Max # users                                       50 IP's                    100 IP's                  unlimited              unlimited

  Max # VPN tunnels                                  200                        200                          50                   500
  Max # conc. connections                           32,000                     32,000                      6,000                 30,000
  Filter throughput (Mbps)                           730                        730                          75                   190

  VPN IPSec Mbps throughput (technique)     115 (AES), 65 (3DES)        116 (AES), 65 3DES              20 (3DES)              25 (3DES)
  HTTP proxy throughput (Mbps)                not yet published          not yet published                none                   none
Security Features
  Stateful packet inspection filter                   yes                        yes                        yes                    yes
  Application level security                          yes                        yes                        no                     no

                                                                                                    not on firewall; 3rd   not on firewall; 3rd
                                                                                                      party managed          party managed
                                                                                                     desktop service        desktop service
  SMTP virus protection                               yes                         yes                (Windows only!)        (Windows only!)
  POP3 virus protection                               yes                         yes                        no                     no
  HTTP virus protection                               no                          no                         no                     no
  ActiveX, Java, flash, cookies filtering     yes/yes/yes/yes             yes/yes/yes/yes             yes/yes/no/yes         yes/yes/no/yes
                                            option - full list of 2.1   option - full list of2.1
                                              billion pages, 58           billion pages, 58        option - very limited   option - limited list
  URL filtering                                   categories                  categories                list of 200K             of 200K
  Spam filtering                                      yes                         yes                         no                    no
  File-type blocking (email; downloads)               yes                         yes               limited - exe., vbs    limited - exe., vbs
  Portscan detection                                  yes                         yes                         no                    no
  Intrusion detection                                 no                          no                          no                    no




Al Cooley 1/14/03                                  Confidential Not For External Distribution                                                      55
                                                  planned product, 3rd      planned product, 3rd
  Intrusion prevention                                   party                     party                      no                    no
  NAT, PAT & masquerading                             yes/yes/yes               yes/yes/yes               yes/yes/no            yes/yes/no
  Anti-spoofing                                           yes                       yes                      yes                   yes
Popular Pre-defined Services
  SMTP-proxy                                               yes                       yes                      no                   no
    Support TLS                                            yes                       yes                      no                   no
  HTTP-proxy                                               yes                       yes                      no                   no
  DNS-proxy                                                yes                       yes                      no                   no
  FTP-proxy                                                no                        no                       no                   no
  SOCKS-proxy                                              yes                       yes                      no                   no
  DHCP server                                              yes                       yes                      yes                  yes
  DHCP client                                              yes                       yes                      yes                  yes
Security Updates

  On-line automatic secure updates                        yes                       yes                       yes                  yes
   Automatic categorization of unindexed URL's   24 hrs/day - included     24 hrs/day - included              no                   no

                                                 selectable:hourly, daily, selectable:hourly, daily,
    System updates                                        weekly                    weekly             via web browser        via web browser
                                                                                                     3rd party managed      4th party managed
                                                 selectable:hourly, daily, selectable:hourly, daily, service for Windows    service for Windows
    Virus pattern updates                                 weekly                    weekly                   only                   only
    Surf protection updates                                daily                     daily                  weekly                 weekly
Firewall Features
  Integrated web caching                                   yes                       yes                        no                   no
  Load balancing                                           yes                       yes                        no                   no
                                                                                                       limited - outbound   limited - outbound
  Quality of Service                                       yes                       yes                       only                 only

                                                                                                                              yes - doesn't
  High availability                                        yes                       yes                      no              maintain state
  Automatic backup & restore                               yes                       yes                    manual               manual
  PPPoE & PPPoA                                          yes/yes                   yes/yes                  yes/no               yes/no
  ICSA certification                                    underway                  underway                   yes                   yes
Management




                                                                                                         appliance & 8         appliance & 8
  Installation & setup                             single CD & manual        single CD & manual            manuals               manuals



Al Cooley 1/14/03                                        Confidential Not For External Distribution                                               56
                                                                                             separate virus       separate virus
                                                                                              management           management
                                                                                           interface with 3rd   interface with 3rd
  Unified management interface                     yes                     yes                    party                party


  Local management method                         https                   https                    https              https




  Remote management method                        https                   https                    https              https




  Global configuration management                  yes                     yes                Global Mgt. Sys    Global Mgt. Sys


  Cost for central mgmt. (#devices)       $2995 (10), $7995 (35)             -                 $9,995 (25)         $9,995 (25)




  Local logging/remote logging (syslog)          yes/yes                   yes                  limited/yes        limited/yes

  Alerts supported                                email                   email                 single email        single email
  SNMP support                                     yes                     yes                      yes                 yes
                                                                                              limited CLI via     limited CLI via
  Out-of-band management                     yes - serial port       yes - serial port          serial/v.92         serial/v.93




                                             Included or use         Included or use                            Viewpoint $595 or
  Reporting                                    Webtrends               Webtrends                 3rd party          3rd party
VPN Features

  VPN client price (users)                    $ 80 @ qty 10           $ 80 @ qty 10             $545 (10)           $545 (10)
  IPSec/PPTP                                     yes/yes                 yes/yes                 yes/no              yes/yes

                                          3DES, AES, Blowfish,     3DES, AES, Blowfish,                          AES, DES, 3DES,
  Encryption methods                      Twofish, Serpent, Null      Twofish, Null       DES, 3DES, ARCFour        ARCFour
  IPSEC authentication                     SHA1, SHA2, MD-5,          MD-5, SHA1           SHA-1, MD5, X.509    SHA-1, MD5, X.510




Al Cooley 1/14/03                                Confidential Not For External Distribution                                          57
                                                                                                                              $995 option, IKE,
  Key management                                    PSK, X.509v3, RSA         PSK, X.509v3, RSA         IKE, PKI, Manual        PKI, manual


                                                                                                       VeriSign only ($585   VeriSign only ($585
                                                                                                       gateway/yr. $1195     gateway/yr. $1195
  PKI/ digital certificate authorities supported       internal, public          internal, public        for 50 clients)       for 50 clients)
Authentication
  Local user authentication                                  yes                       yes                 100 users             100 users
  Win NT/2000 user authentication                            yes                       yes
  Radius user authentication                                 yes                       yes                    yes                   yes
  LDAP                                                       yes                       yes
  PKI card support                                           yes                       yes
Appliance platform

  Upgrade options                                     swap hardware             swap hardware            none: replace          none: replace
                                                                                                                             StrongARM 233MHz
  CPU                                                733MHz (recomd)           733MHz (recomd)          Toshiba 133MHz             & ASIC


  RAM                                                 256M (recomd)             256M (recomd)                16M                   64M
  HDD GB                                               20 (recomd)               20 (recomd)               4M (Flash)            4M (Flash)

  HDD IDE/SCSI                                              either                    either                  none                  none
                                                   user selectable up to 7   user selectable up to 7
  # 10/100 interfaces included (#NICs)                 (10/100/1000)             (10/100/1000)                 3                     3
                                                   user selectable up to 7   user selectable up to 7
  Max # NICs                                           (10/100/1000)             (10/100/1000)                 3                     3


  Hardened operating system                         Hardened Linux 2.4        Hardened Linux 2.4       proprietary "RTOS"    proprietary "RTOS"
Other features and comments




Al Cooley 1/14/03                                         Confidential Not For External Distribution                                               58
                                                                        Aggressive    Includes 10 VPN
                                                                        unbundling:   clients (rmt mgmt)




                                                                    Authentication:   Aggressive
                                                                        $585          unbundling




                    We welcome any comments or corrections with respect to this material. Please include specific pointers to literature o
                    Note: All prices are U.S. list prices unless otherwise noted.




Al Cooley 1/14/03          Confidential Not For External Distribution                                                      59
son Mid-Market Products

           SonicWALL                 Mandrake             SonicWALL                WatchGuard               WatchGuard                 Check Point
              3060                     MNF                   4060                  Firebox 500              Firebox 700              VPN-1 SmallOffice

                                       $1,995                                                                                     $2,000 (50) to $3,750 (100)

         no - 90 days only               no             no - 90 days only                yes                      yes                         no
               $266                     $120                  $266                    $???/???               $495/$1,490            $45 (5) to $450 (100)
            $505/$685                                     $845/$1145                     ???                     $379              $570 (100)/$1350/$1880
           $3,699 (100)             not available         $2,995 (100)              $2,995 (100)             $2,995 (100)          $2,976 (100) + platform
                                                                                included with annual     included with annual     $2,495 to $3,995 + $1,000
            $995 (unlim)                                   $995 (unlim)           support contract         support contract             support (100)


              unlimited               unlimited              unlimited            unlimited (250)          unlimited (250)               100 IP Addr.

               1,000                     100                  3,000                      50                       150                   # IP Addr. + 5
              128,000               not published            500,000                                                                    3000 from user
                300                 not published              300                       75                       150                        102M

             75 (3DES)              not published           190 (3DES)               5 (3DES)                 5 (3DES)                 2M (SHA-1, 3DES)
               none                                            none                     15                       43                          none


                 yes                     yes                    yes                      yes                      yes                         yes
                 no                      no                     no                       yes                      yes                         no

         not on firewall; 3rd                           not on firewall; 3rd
           party managed                                  party managed
          desktop service                                desktop service
          (Windows only!)                no              (Windows only!)                 yes                      yes              Separate 3rd party box
                  no                      no                     no                       no                       no              Separate 3rd party box
                  no                      no                     no                      yes                      yes                        no
           yes/yes/no/yes          yes/yes/no/yes         yes/yes/no/yes           yes/yes/no/yes           yes/yes/no/yes             yes/yes/no/no
                                 no just manual URL                             yes - limited list and   yes - limited list and
         option - limited list   blocking of specific   option - limited list     updates, only 14         updates, only 14
               of 200K                  pages                 of 200K                categories               categories           Separate 3rd party box
                  no                      no                     no                 $995 option              $995 option           Separate 3rd party box
         limited - exe., vbs              no            limited - exe., vbs      using MIME types         using MIME types        In separate 3rd party boxes
                  no                      no                     no                      yes                      yes                         yes
                  no                     yes                     no                   3rd party                3rd party                   3rd party




        Al Cooley 1/14/03                                                 Confidential Not For External Distribution                                            60
        no                                     no                      no                    no                            no
    yes/yes/no         yes/yes/no          yes/yes/no                  yes                   yes                       yes/yes/yes
       yes                 no                 yes                      yes                   yes                           yes

        no                                    no                       yes                   yes             no - security server not a proxy
        no                                    no                       no                    no
        no                 yes                no                       yes                   yes             no - security server not a proxy
        no                                    no                       yes                   yes                            no
        no                                    no                       yes                   yes             no - security server not a proxy
        no                                    no                       no                    no                             no
        yes                yes                yes                      yes                   yes                            yes
        yes                no                 yes                      yes                   yes                            yes



        yes                no                 yes              no - bulletin board    no - bulletin board   yes - when using Mgmt. Console
        no            not applicable          no                        no                     no            depends upon vendor selected


  via web browser          no            via web browser        not specified           not specified      through management server only
5th party managed                      5th party managed
service for Windows                    service for Windows not specified - McAffee not specified - McAffee
        only          not applicable           only               service                 service            depends upon vendor selected
       weekly         not applicable          weekly               weekly                  weekly            depends upon vendor selected


          no               no                   no                     no                     no                Separate 3rd party box
         yes               no                  yes                     no                     no              $8,000 ConnectControl option
 limited - outbound                    limited - outbound                                                      no (FloodGate-1 option not
         only              no                  only                    no                     no               supported in Small Office)


 $625 v2e upgrade          no          $625 v2e upgrade          $1,995 option          $1,995 option            no (not in SmallOffice)
      manual               no               manual                manual only            manual only
      yes/no             yes/no             yes/no                   yes/?                  yes/?                        yes/yes
       yes                 no                yes                      yes                    yes                           yes




                                                              requires a dedicated   requires a dedicated
   appliance & 8                          appliance & 8         hardwired PC for       hardwired PC for     complex; firewall, security server,
     manuals                                manuals              management             management           third party servers & integration



Al Cooley 1/14/03                                         Confidential Not For External Distribution                                              61
   separate virus                    separate virus           Separate on-line       Separate on-line            Web interface limited
    management                        management             interface to virus     interface to virus     functionality. Separate interface
 interface with 3rd                interface with 3rd      protection supplied by protection supplied by    for management console, virus
        party                             party                  3rd party.             3rd party.           scanner(s), URL filtering, etc.


       https            https          http, CLI                    CLI,                   CLI,               https (limited functionality)




       https            https            https                  Telnet, SSH            Telnet, SSH               https or Smart-Center




                                                                                                           SmartCenter & SC Pro, Provider-
  Global Mgt. Sys        no         Global Mgt. Sys          Centr. Policy Mgr.     Centr. Policy Mgr.            1, SiteManager-1


    $9,995 (25)                       $9,995 (25)               $3550 (10)             $3550 (10)                    $20,000 (unlim)
                                                                                                           limited to initial connection data in
                                                                                                             binary format - large files cause
                                                                                                                crashes/limited - exporting
                                                                                                            process causing inconsistencies in
    limited/yes         yes/no        limited/yes                   yes                    yes                            formats

     single email       email          single email          email, pager, API      email, pager, API                     email
         yes             yes               yes                       no                     no                             yes
   limited CLI via                   limited CLI via
     serial/v.94         no            serial/v.94            yes - serial port      yes - serial port



                                                           Crude internal - static Crude internal - static
 Viewpoint $295 or                 Viewpoint $295 or       historical data, mostly historical data, mostly Optional $2,000 Reporting Module
     3rd party                         3rd party               via Webtrends           via Webtrends                  or 3rd party


                                                                                                            SecuRemote free, $7,000 (100)
    $795 (100)                        $795 (100)                $975 (100)             $975 (100)                  SecureClient
      yes/yes                           yes/yes                   yes/yes                yes/yes                      yes/yes

 AES, DES, 3DES,      DES, 3DES,    AES, DES, 3DES,
    ARCFour            ARCFour         ARCFour                 DES, 3DES              DES, 3DES                     DES, 3DES, AES
SHA-1, MD5, X.511     SHA1, MD-5   SHA-1, MD5, X.511        SHA-1, MD5, X.509      SHA-1, MD5, X.509




Al Cooley 1/14/03                                      Confidential Not For External Distribution                                                  62
 $995 option, IKE,                   $995 option, IKE,
   PKI, manual        IKE, manual      PKI, manual              IKE, PKI               IKE, PKI                manual, IKE, X.509


VeriSign only ($585                 VeriSign only ($585
gateway/yr. $1195                   gateway/yr. $1195
  for 50 clients)       yes/no        for 50 clients)        Veri, MS Auth,         Veri, MS Auth,


     100 users            no            100 users                  yes                   yes
                          no                                       yes                   yes
        yes               no               yes                     yes                   yes                         yes
                          no                                       no                    no              $2,000 Account Mgmt. Module
                          no                                       yes                   yes                         yes

                                                                                                         swap hardware, 80% credit on
   none: replace                      none: replace           none: replace         none: replace              software upgrade

 2GHz Intel & ASIC                  2GHz Intel & ASIC         AMD 233 MHz           AMD 233 MHz                  user selectable


      256M                               256M                     64M                    64M                    256M (recomd)
    64M (Flash)                        64M (Flash)              8 (Flash)              8 (Flash)                 30G (recomd)

       none                                none                   none                  none            depends upon appliance selected

        6                                   6                      3                      3             depends upon appliance selected

        6                                   6                      3                      3             depends upon appliance selected
                                                                                                          RedHat Linux, Windows (no),
    proprietary                         proprietary       yes - hardened Linux   yes - hardened Linux   Solaris (no) or Nokia proprietary
   ScreenOS v2         Linux 2.4       ScreenOS v2                 2.0                    2.0                         (yes).




Al Cooley 1/14/03                                     Confidential Not For External Distribution                                            63
                                                                                                                            Includes free license for single
                   Includes 25                           Includes 1,000                                                    device Smart Center Management
                proprietary VPN                         proprietary VPN                                                     Console needed to manage VPN,
                clients. Includes                       clients. Includes                                                  granular policies, updates and ID.
                WAN redundancy                          WAN redundancy                                                           Requires management
               and load balancing                      and load balancing    Includes 5 VPN clients Includes 5 VPN clients          server/console.

                    Customer                                Customer
                   consistently                            consistently                                                      VPN-1 Accelerator Card option
              complain hard to set                    complain hard to set                                                      available to offload IKE
               up and make work.                       up and make work.                                                       cryptographic operations

              Note HA and other                       Note HA and other
               features require                        features require
              purchase of v2e OS                      purchase of v2e OS


Please include specific pointers to literature or websites when providing feedback to info@astaro.com.




             Al Cooley 1/14/03                                         Confidential Not For External Distribution                                               64
        NetScreen                   NetScreen                    Fortinet                     CA                   Cisco
           25                          50                          300                eTrust Firewall 3.1         515E-R
                                                                                      Workgroup Edition
                                                                                           $2,407
                                                                                                                   $4,695
     no - 90 days only           no - 90 days only                    no                      no             no - 90 days only
            $525                        $900              in support, requires mgr.          $474                in support
       $775/$1,000                $1,300/$1,750                $1,055/$$1,631                $256                   $600
        not available               not available         in support, requires mgr.           N/A              not available
 $2,495 to $3,995 + $1,000   $2,495 to $3,995 + $1,000
       support (100)               support (100)          Announced not available             N/A               not available


                                                                 unlimited
                                                                                        no VPN support -
            25                         100                         1,500                separate product           2,000
          4,000                       8,000                       400,000                 no published
           100                         170                          200                   not published             188
                                                                                        no VPN support -
        20 (3DES)                   50 (3DES)                    65 (DES)               separate product         63(3DES)
                                                                                          not published


            yes                         yes                         yes                       yes                   yes
            no                          no                          yes                       no                    no




            No                          No                         yes                        no                     no
            No                          No                         yes                        no                     no
            No                          No                         yes                        np                     no
      yes/yes/no/yes              yes/yes/no/yes              yes/yes/no/yes                  no                     no

                                                                                                            separate 3rd party
  separate 3rd party box     separate 3rd party box       Announced not available             no                    box
             No                         No                         no                         no                     no
             No                         No                                                    no                java applets
             yes                        yes                                                   yes                    no
    separate product/box       separate product/box                 yes                       no            separate product/box




Al Cooley 1/14/03                                        Confidential Not For External Distribution                                65
            no                           no                           no               limited - 5 attack types            no
        yes/yes/no                   yes/yes/no                   yes/yes/no                     yes/                  yes/yes/no
           yes                          yes                                                       yes                      no

            yes                          yes                          yes                        no                        yes
            no                           no                                                      no
            yes                          yes                                                     no                        yes
            yes                          yes                                                     no
            yes                          yes                                                     no                        yes
            no                           no                                                      no
            yes                          yes                          yes                        no                        yes
            yes                          yes                          yes                        no                        yes



            no                          no                     Virus and ID only                  ?                        no
depends upon vendor selecteddepends upon vendor selected          not available                  N/A                  not available

                                                                                                                  through management
       bulletin board              bulletin board               TFTP or web UI                    ?                    center only


        not available               not available               via FortiManager                N/A                   not available
depends upon vendor selecteddepends upon vendor selected          not available                 N/A                   not available


   separate 3rd party box      separate 3rd party box                  no                        no                        no
             no                          no                            yes                       no                        no
                                                            Priority Mgmt, Guar/Max
     DS, Priority Mgmt.          DS, Priority Mgmt.                  Bdwdth.                     no                        no

                                                                                       No - talk up using 3rd     no, need next model,
           no                   Inactive failover req.                yes               party HA products              not stateful
        manual only                 manual only                                             Not possible
          yes/?                         yes/?                       yes/no                       no                      yes/no
           yes                           yes                         yes                                                   no


                                                                                        complex; different for
                                                                                      each platform; different
                                                                                            rules db types
                                                                                      supported, five different
                                                                                          components to be
                                                                                       installed/maintained, 2     complex; 6 manuals
    complex; 6 manuals          complex; 6 manuals                                             manuals.           plus 3rd party devices



Al Cooley 1/14/03                                          Confidential Not For External Distribution                                      66
                                                                                                                    No. Combination of CLI
                                                                                                                    and graphical interface
 No. Also separate 3rd party   No. Also separate 3rd party                                                              plus 3rd party
  interface to URL blocking     interface to URL blocking               yes                       N/A                     interfaces.

                                                                                          Client requires JRE +
          CLI, http                     CLI, http                       CLI              client app be installed.          CLI, http
                                                                                        Client app can be put on
                                                                                          separate machine to
                                                                                             manage multiple
     https, Telnet, SSH            https, Telnet, SSH               https, SSH                   firewalls                   SSH

                                                                                        Client app can be put on
                                                                                          separate machine, or
                                                                                           use Unicenter TNG
    Global Pro & Express          Global Pro & Express         FortiManager planned             framework            CSPM (part of VMS)
                                                                                           Client app included,
                                                                                        Unicenter dependent on
$27,190 (100), $5,995 (25)             $330/$289                                               configuration         $7,995(10), $19,995




         limited/yes                   limited/yes                    yes/yes                                                /yes
                                                                                          yes - but need Alert
            yes                           yes                          email                     Module
            yes                           yes                           yes                       yes                        yes

  VPN tunnel uses 1 inter.      VPN tunnel uses 1 inter.

                                                                                        8 standard reports, plus
                                                                                        real-time monitoring of
                                                                                         key system resources,
                                                                                           plus limited format
       via Webtrends                 via Webtrends                 via Webtrends            report generator


                                                                                            no VPN support -
         $485 (10)                     $485 (10)                      $56 (1)               separate product               $50 (1)
          yes/no                        yes/no                          yes                       N/A                        yes


     DES, 3DES, AES                DES, 3DES, AES                   DES, 3DES                     N/A                    DES, 3DES
  SHA-1, MD5, PKCS, SCEP        SHA-1, MD5, PKCS, SCEP              SHA-1, MD5                    N/A                  SHA-1, AH, MD5




Al Cooley 1/14/03                                            Confidential Not For External Distribution                                       67
    Manual, IKE, X.509           Manual, IKE, X.509           Manual, IKE, X.509                 N/A                  IKE, Manual




 Veri, Entrust, CA, RSA, +3   Veri, Entrust, CA, RSA, +4              CA                         N/A                   3rd party


         250 users                    500 users                       yes                                                 yes
                                                                      no              yes w user client or login
            yes                          yes                          yes             yes w user client or login          yes
            yes                          yes                          no                         no
            no                           no                                                      no



       none: replace                none: replace                none: replace             swap hardware             none: replace

                                                                                                                     433M Celeron
                                                                                         32M (recommended
                                                                                       firewall), 128M (admin
     option: 512M flash          option: 512M flash                                             client)                  32M
           no disk                     no disk                        20G                   20M (firewall)             16M flash

       not available                not available                not available                  either

             4                            5                            3                   user selectable                 3

      not expandable               not expandable               not expandable            user selectable                  3
                                                                                      no - standard Windows
                                                                                      NT 4.0+ ,HP-UX, Solaris
   proprietary ScreenOS         proprietary ScreenOS          proprietary FortiOS             , AIX OS             proprietary PIX OS




Al Cooley 1/14/03                                          Confidential Not For External Distribution                                   68
                                                                                          Requires 5 components
                                                                                              to be installed and
                                                                                          managed: Admin server,
                                                                                           firewall engine, admin
                                                                                            client, Unicenter TNG
                                                                                            framework and user
                                                                                           client or NT PDC/BDC
                                                                                                login agent (for
                                                                                                authentication).
                                                                                          Communication between
                                                                                                 components is
 Due to hardware limitations   Due to hardware limitations                                   encrypted, causing
  Netscreen devices have a      Netscreen devices have a     Several announced features       overhead. Policies
 maximum number of rules       maximum number of rules        have been found to be not established in server are
   that can be supported.        that can be supported.        yet available. If you find         compiled and          Note NIC and
  When this limit is reached    When this limit is reached   others please email us. Also downloaded to engine. functionality restrictions
  customers are advised to      customers are advised to        seeking more detailed      Client application also  on this model. Prices
 upgrade to move to a new      upgrade to move to a new       product information since         requires JRE be    double for elimination of
          appliance.                    appliance.                  product is new.                 installed.        those restrictions


                                                                                          Admin server can use a
                                                                                            file repository, MS
                                                                                          Access or SQL Server.




Al Cooley 1/14/03                                            Confidential Not For External Distribution                                        69
Confidential: not for external distribution
Initial version created: 22/05/03                                                                                                Competitive Comparison High-En

                                                   Astaro                      Astaro                     Astaro                      Neturity
                                               ASL- Enterprise             ASL- Enterprise            ASL- Enterprise                  9255
Firewall Pricing                                  250 IPs                     500 IPs                  Unlimited IPs                  250 IPs
  S/W price                                           $2,745                     $4,395                     $5,495                    $2,495
  S/W + appliance                                                                                                                     $10,495
  Annual subscription included?                     included                    included                  included                    included
  Annual s/w subscriptions                           $765                       $1,095                    $1,535                       $695
  Additional support minimum/premium              $995/$1,595                 $995/$1,595              $995/$1,595                   $495/$796
  Annual virus protection updates (users)         $1,535 (250)                $1,865 (500)           $2,195 (unlimited)             $1,395 (250)


  Annual URL filter updates (# devices)           $3,935 (250)               $6,595 (500)               $7,695 (750)               $3,575 (250)
Performance & Throughput

  Max # users                                        250 IP's                    500 IP's               unlimited IP's                 250 IP's


  Max # VPN tunnels                                   1,000                      1,000                      1,000                       200
  Max # conc. connections                            64,000                     64,000                  > 1,000,000                  128,000
  Filter throughput (Mbps)                             730                        730                        730                       1,600
  VPN IPSec Mbps throughput (technique)        300 AES, 140 3DES          300 AES, 140 3DES          300 AES, 140 3DES          240 (AES), 90 3DES
  HTTP proxy throughput (Mbps)                  not yet published          not yet published          not yet published          not yet published
Security Features
  Stateful packet inspection filter                     yes                        yes                        yes                        yes
  Application level security                            yes                        yes                        yes                        yes




  SMTP virus protection                                 yes                        yes                        yes                        yes
  POP3 virus protection                                 yes                        yes                        yes                        yes

  HTTP virus protection                                  no                         no                         no                         no


  ActiveX, Java, flash, cookies filtering        yes/yes/yes/yes            yes/yes/yes/yes            yes/yes/yes/yes            yes/yes/yes/yes

                                              option - full list of 2.1   option - full list of2.1   option - full list of2.1   option - full list of2.1
                                                billion pages, 58           billion pages, 58          billion pages, 58          billion pages, 58
  URL filtering                                     categories                  categories                 categories                 categories



Al Cooley 1/14/03                                  Confidential Not For External Distribution                                                              70
  Spam filtering                                            yes                       yes                       yes                      yes
  File-type blocking (email; downloads)                     yes                       yes                       yes                      yes
  Portscan detection                                        yes                       yes                       yes                      yes
  Intrusion detection                                       no                        no                        no                        no
                                                                                                                                 planned product, 3rd
  Intrusion prevention                               planned product            planned product          planned product                party
  NAT, PAT & masquerading                              yes/yes/yes                yes/yes/yes              yes/yes/yes               yes/yes/yes
  Anti-spoofing                                            yes                        yes                      yes                       yes
Popular Pre-defined Services
  SMTP-proxy                                                yes                       yes                       yes                       yes
    Support TLS                                             yes                       yes                       yes                       yes
  HTTP-proxy                                                yes                       yes                       yes                       yes
  DNS-proxy                                                 yes                       yes                       yes                       yes
  FTP-proxy                                                 no                        no                        no                        no
  SOCKS-proxy                                               yes                       yes                       yes                       yes
  DHCP server                                               yes                       yes                       yes                       yes
  DHCP client                                               yes                       yes                       yes                       yes
Security Updates

  On-line automatic secure updates                          yes                       yes                       yes                       yes




    Automatic categorization of unindexed URL's    24 hrs/day - included     24 hrs/day - included 24 hrs/day - included         24 hrs/day - included
                                                  selectable:hourly, daily, selectable:hourly, daily, selectable:hourly, daily, selectable:hourly, daily,
    System updates                                         weekly                    weekly                    weekly                    weekly

                                                  selectable:hourly, daily, selectable:hourly, daily, selectable:hourly, daily, selectable:hourly, daily,
    Virus pattern updates                                  weekly                    weekly                    weekly                    weekly
    Surf protection updates                                 daily                     daily                     daily                     daily
Firewall Features
  Integrated web caching                                    yes                       yes                       yes                       yes
  Load balancing                                            yes                       yes                       yes                       yes

  Quality of Service                                        yes                       yes                       yes                       yes

  High availability                                         yes                       yes                       yes                       yes
  Automatic backup & restore                                yes                       yes                       yes                       yes
  PPPoE & PPPoA                                           yes/yes                   yes/yes                   yes/yes                   yes/yes
  ICSA certification                                     underway                  underway                  underway                  underway
Management




Al Cooley 1/14/03                                       Confidential Not For External Distribution                                                          71
  Installation & setup                      single CD & manual     single CD & manual       single CD & manual   single CD & manual




  Unified management interface                     yes                    yes                      yes                  yes




  Local management method                         https                  https                    https                https




  Remote management method                        https                  https                    https                https


  Global configuration management            in development         in development           in development       in development
  Cost for central mgmt. (#devices)       $2995 (10), $7995 (35)           -                        -                    -




  Local logging/remote logging (syslog)          yes/yes                  yes                      yes                  yes
  Alerts supported                                email                  email                    email                email
  SNMP support                                     yes                    yes                      yes                  yes

  Out-of-band management                     yes - serial port      yes - serial port        yes - serial port    yes - serial port


                                             Included or use        Included or use          Included or use      Included or use
  Reporting                                    Webtrends              Webtrends                Webtrends            Webtrends
VPN Features


  VPN client price (users)                    $ 80 @ qty 10          $ 80 @ qty 10            $ 80 @ qty 10        $ 80 @ qty 10
  IPSec/PPTP                                     yes/yes                yes/yes                  yes/yes              yes/yes




Al Cooley 1/14/03                              Confidential Not For External Distribution                                             72
                                                    3DES, AES, Blowfish,      3DES, AES, Blowfish,       3DES, AES, Blowfish,     3DES, AES, Blowfish,
  Encryption methods                                Twofish, Serpent, Null       Twofish, Null              Twofish, Null            Twofish, Null
  IPSEC authentication                               SHA1, SHA2, MD-5,           MD-5, SHA1                 MD-5, SHA1               MD-5, SHA1

  Key management                                     PSK, X.509v3, RSA         PSK, X.509v3, RSA          PSK, X.509v3, RSA        PSK, X.509v3, RSA




  PKI/ digital certificate authorities supported       internal, public           internal, public          internal, public          internal, public
Authentication
  Local user authentication                                  yes                        yes                       yes                       yes
  Win NT/2000 user authentication                            yes                        yes                       yes                       yes
  Radius user authentication                                 yes                        yes                       yes                       yes
  LDAP                                                       yes                        yes                       yes                       yes
  PKI card support                                           yes                        yes                       yes                       yes
Appliance platform

  Upgrade options                                      swap hardware             swap hardware              swap hardware            swap hardware

  CPU                                                    2,800 MHz                  2,800 MHz                 2,800 MHz                 2,400 MHz
  RAM                                                      256M                       256M                      256M                      256M
  HDD GB                                                     20                         20                        20                        40

  HDD IDE/SCSI                                              either                     either                    either                   either
                                                   user selectable up to 4    user selectable up to 4   user selectable up to 4
  # 10/100 interfaces included (#NICs)                 (10/100/1000)              (10/100/1000)             (10/100/1000)         user selectable up to 4

                                                   user selectable up to 20    user selectable up to    user selectable up to 20 user selectable upgrade
  Max # NICs                                           (10/100/1000)            20 (10/100/1000)            (10/100/1000)              to 4FE+4GE


  Hardened operating system                          Hardened Linux 2.4        Hardened Linux 2.4         Hardened Linux 2.4       Hardened Linux 2.4
Other features and comments




Al Cooley 1/14/03                                        Confidential Not For External Distribution                                                         73
                                                                                         Upgrade with additional
                                                                                          4 NIC ports is $1,000




                    We welcome any comments or corrections with respect to this material. Please include specific pointers to literature
                    Note: All prices are U.S. list prices unless otherwise noted.




Al Cooley 1/14/03         Confidential Not For External Distribution                                                     74
petitive Comparison High-End Products

            SonicWALL               SonicWALL                WatchGuard               WatchGuard                      Check Point                      NetScreen
              GX250                   GX650                  Firebox 2500             Firebox 4500                     VPN-1 NG                           204

                                                                                                                     $12,000 (250)
               $5,995                  $9,995                   $7,490                    $9,990                     $16,000 (250)                       $9,995
          no - 90 days only       no - 90 days only               yes                       yes                            no                       no - 90 days only
                                                            $1,495/$4,490             $1,995/$6,990                      $1650                           $1,500
             $895/$1,395               $1,695/$                  $600                      $800                       $645/$2650                     $1,750/$2,700
             $1,799 (100)            $1,799 (100)            $2,995 (100)              $2,995 (100)              $2,976 (100) + platform              not available

                                                          included with annual     included with annual     $2,495 to $3,995 + $1,000 support   $2,495 to $3,995 + $1,000
             $695 (unlim)            $695 (unlim)           support contract         support contract                     (100)                       support (100)



               unlimited               unlimited           unlimited (5,000)        unlimited (5,000)                 250 IP Addr.


                5,000                   10,000                   2,000                   3,000                        # IP Addr. + 5                     1,000
               250,000                 500,000                  96,000                  128,000                    1,500,000 from user                  128,000
                 200                     1,600                    200                     200                              102M                           400
              192 (3DES)              285 (3DES)               70 (3DES)               100 (3DES)                   2M (SHA-1, 3DES)                   200 (3DES)
                 none                    none                      52                      60                              none

                  yes                     yes                      yes                      yes                            yes                             yes
                  no                      no                       yes                      yes                            no                              no

          not on firewall; 3rd    not on firewall; 3rd
            party managed           party managed
           desktop service         desktop service
           (Windows only!)         (Windows only!)                 yes                      yes                 Separate 3rd party box                     No
                   no                      no                      no                       no                  Separate 3rd party box                     No

                  no                      no                       yes                      yes                            no                              No


            yes/yes/no/yes          yes/yes/no/yes          yes/yes/no/yes           yes/yes/no/yes                  yes/yes/no/no                   yes/yes/no/yes

                                                          yes - limited list and   yes - limited list and
          option - limited list   option - limited list     updates, only 14         updates, only 14
               of 200K                 of 200K                 categories               categories              Separate 3rd party box          separate 3rd party box



         Al Cooley 1/14/03                                                 Confidential Not For External Distribution                                                       75
         no                    no               $995 option             $995 option           Separate 3rd party box                       No
 limited - exe., vbs   limited - exe., vbs   using MIME types        using MIME types        In separate 3rd party boxes                   No
         no                    no                   yes                     yes                          yes                               yes
         no                    no                3rd party               3rd party                    3rd party                   separate product/box

        no                    no                    no                     no                            no                                no
    yes/yes/no            yes/yes/no                yes                    yes                       yes/yes/yes                       yes/yes/no
       yes                   yes                    yes                    yes                           yes                              yes


        no                    no                    yes                    yes             no - security server not a proxy                yes
        no                    no                    no                     no                                                              no
        no                    no                    yes                    yes             no - security server not a proxy                yes
        no                    no                    yes                    yes                            no                               yes
        no                    no                    yes                    yes             no - security server not a proxy                yes
        no                    no                    no                     no                             no                               no
        yes                   yes                   yes                    yes                            yes                              yes
        yes                   yes                   yes                    yes                            yes                              yes



        yes                   yes            no - bulletin board    no - bulletin board    yes - when using Mgmt. Console                  no




         no                    no                    no                     no              depends upon vendor selected      depends upon vendor selected

  via web browser     via web browser        not specified           not specified        through management server only             bulletin board
4th party managed 5th party managed
service for Windows service for Windows not specified - McAffee not specified - McAffee
        only                only                service                service              depends upon vendor selected              not available
       weekly              weekly               weekly                  weekly              depends upon vendor selected      depends upon vendor selected


          no                    no                   no                     no                Separate 3rd party box             separate 3rd party box
          no                    no                   no                     no              $8,000 ConnectControl option                   no
 limited - outbound    limited - outbound                                                    no (FloodGate-1 option not
         only                  only                  no                     no               supported in Small Office)            DS, Priority Mgmt.
    yes - doesn't         yes - doesn't
    maintain state        maintain state       $1,995 option          $1,995 option            no (not in SmallOffice)            Inactive failover req.
       manual                manual             manual only            manual only                                                    manual only
       yes/no                yes/no                yes/?                  yes/?                          yes/yes                          yes/?
         yes                   yes                  yes                    yes                             yes                             yes




Al Cooley 1/14/03                                           Confidential Not For External Distribution                                                       76
                                           requires a dedicated      requires a dedicated
   appliance & 8        appliance & 8        hardwired PC for          hardwired PC for        complex; firewall, security server,
     manuals              manuals              management               management              third party servers & integration         complex; 6 manuals

   separate virus       separate virus        Separate on-line          Separate on-line    Web interface limited functionality.
    management           management          interface to virus        interface to virus   Separate interface for management
 interface with 3rd   interface with 3rd   protection supplied by    protection supplied by   console, virus scanner(s), URL           No. Also separate 3rd party
        party                party               3rd party.                3rd party.                  filtering, etc.                  interface to URL blocking




     http, CLI            http, CLI                 CLI,                      CLI,                 https (limited functionality)                CLI, http




       https                https               Telnet, SSH               Telnet, SSH                https or Smart-Center                 https, Telnet, SSH

                                                                                               SmartCenter & SC Pro, Provider-1,
  Global Mgt. Sys      Global Mgt. Sys       Centr. Policy Mgr.        Centr. Policy Mgr.               SiteManager-1                     Global Pro & Express
    $9,995 (25)          $9,995 (25)            $3550 (10)                $3550 (10)                   $20,000 (unlim)                        $330/$289

                                                                                               limited to initial connection data in
                                                                                                 binary format - large files cause
                                                                                               crashes/limited - exporting process
     limited/yes         limited/yes                yes                       yes               causing inconsistencies in formats             limited/yes
     single email        single email        email, pager, API         email, pager, API                        email                              yes
         yes                 yes                     no                        no                                yes                               yes
   limited CLI via     limited CLI via
     serial/v.93         serial/v.94          yes - serial port         yes - serial port                                               VPN tunnel uses 1 inter.

 Viewpoint license    Viewpoint license    Crude internal - static   Crude internal - static
  included or 3rd      included or 3rd     historical data, mostly   historical data, mostly   Optional $2,000 Reporting Module
       party                party              via Webtrends             via Webtrends                    or 3rd party                       via Webtrends



                                                                                                SecuRemote free, $7,000 (100)
     $545 (10)          $3,995 (100)            $975 (100)                $975 (100)                   SecureClient                            $485 (10)
      yes/yes              yes/yes                yes/yes                   yes/yes                       yes/yes                               yes/no




Al Cooley 1/14/03                                             Confidential Not For External Distribution                                                             77
 AES, DES, 3DES,       AES, DES, 3DES,
     ARCFour               ARCFour             DES, 3DES               DES, 3DES                   DES, 3DES, AES                  DES, 3DES, AES
SHA-1, MD5, X.510     SHA-1, MD5, X.511     SHA-1, MD5, X.509       SHA-1, MD5, X.509                                           SHA-1, MD5, PKCS, SCEP
 $995 option, IKE,     $995 option, IKE,
   PKI, manual           PKI, manual             IKE, PKI                IKE, PKI                 manual, IKE, X.509               Manual, IKE, X.509


VeriSign only ($585 VeriSign only ($585
gateway/yr. $1195 gateway/yr. $1195
  for 50 clients)     for 50 clients)         Veri, MS Auth,          Veri, MS Auth,                                            Veri, Entrust, CA, RSA, +4


     100 users            100 users                yes                     yes                                                         1,500 users
                                                   yes                     yes
        yes                  yes                   yes                     yes                           yes                               yes
                                                   no                      no                $2,000 Account Mgmt. Module                   yes
                                                   yes                     yes                           yes                               no

                                                                                            swap hardware, 80% credit on
    none: replace        none: replace        none: replace           none: replace               software upgrade                    none: replace
  Intel Pentium III    Intel Pentium III
  866MHz & ASIC        866MHz & ASIC       AMD K6-3E+ 500 MHz AMD K6-3E+ 500 MHz                    user selectable
        256M                 256M                256M               256M                                256M                             256M
     16M (Flash)          16M (Flash)          8M (Flash)          8 (Flash)                        30G (recomd)                         no disk

        none                 none                 none                    none             depends upon appliance selected            not available

         3                    3                     3                       3              depends upon appliance selected                  5


         3                    3                     3                       3              depends upon appliance selected           not expandable

                                           yes - hardened Linux    yes - hardened Linux   RedHat Linux, Windows (no), Solaris
 proprietary "RTOS"   proprietary "RTOS"            2.0                     2.0             (no) or Nokia proprietary (yes).      proprietary ScreenOS




Al Cooley 1/14/03                                           Confidential Not For External Distribution                                                       78
                                                                                                                                             Due to hardware limitations
                                                                                                       Includes free license for single       Netscreen devices have a
                                                       Includes 5 desktop     Includes 5 desktop      device Smart Center Management          maximum number of rules
                                                       McAfee licenses, 50    McAfee licenses, 50      Console needed to manage VPN,        that can be supported. When
                                                      Mobile VPN clients and Mobile VPN clients and   granular policies, updates and ID.   this limit is reached customers
             Includes 10,000 VPN Includes 5,000 VPN      4 VPN manager          4 VPN manager               Requires management               are advised to upgrade to
             clients (rmt mgmt) clients (rmt mgmt)           licenses               licenses                   server/console.                move to a new appliance.
                                                      Spam screening $995 Spam screening $995
                                                              option                 option


                                                                                                       VPN-1 Accelerator Card option
             Aggressive          Aggressive                                                               available to offload IKE
             unbundling          unbundling                                                              cryptographic operations




include specific pointers to literature or websites when providing feedback to info@astaro.com.




            Al Cooley 1/14/03                                         Confidential Not For External Distribution                                                             79
          NetScreen                   NetScreen                     NetScreen                        Fortinet                Fortinet
             208                         500                          5200                             400                     500


            $14,995                      $24,995                      $99,000                      $7,995                      $9,995
       no - 90 days only            no - 90 days only            no - 90 days only            no - 90 days only           no - 90 days only
            $2,250                        $4,250                      $14,900             in support, requires mgr.   in support, requires mgr.
        $2,550/$4,050                $4,250/$6,750               $16,800/$56,400               $1,199/$2,798               $1,499/$3,499
         not available                not available                not available                    $800                       $1,000

  $6,995 to $11,995 + $1,400   $6,995 to $11,995 + $1,400 $6,995 to $11,995 + $1,400
         support (500)                support (500)              support (500)             Announced not available    Announced not available



                                                                                                     unlimited               unlimited


            1,000                       10,000                        25,000                      2,000                       2,000
           128,000                     250,000                      1,000,000                 400000 sessions             400000 sessions
             550                         700                      "Up to" 4,000                    280                         280
          200 (3DES)                  250 (3DES)               "Up to" 2,000 (3DES)              80 (DES)                    90 (DES)



              yes                         yes                           yes                            yes                      yes
              no                          no                            no                             yes                      yes




              No                          No                            No                             yes                      yes
              No                          No                            No                             yes                      yes

              No                           No                           No                             yes                      yes


        yes/yes/no/yes               yes/yes/no/yes               yes/yes/no/yes               yes/yes/no/yes             yes/yes/no/yes




    separate 3rd party box      separate 3rd party box       separate 3rd party box        Announced not available    Announced not available



Al Cooley 1/14/03                                       Confidential Not For External Distribution                                                80
               No                             No                              No                            no                       no
               No                             No                              No
               yes                            yes                             yes
      separate product/box           separate product/box            separate product/box                   yes                      yes

               no                             no                               no                          no                        no
           yes/yes/no                     yes/yes/no                       yes/yes/no                  yes/yes/no                yes/yes/no
              yes                            yes                              yes


               yes                            yes                              yes                          yes                      yes
               no                             no                               no
               yes                            yes                              yes
               yes                            yes                              yes
               yes                            yes                              yes
               no                             no                               no
               yes                            yes                              yes                          yes                      yes
               yes                            yes                              yes                          yes                      yes



               no                             no                               no                   Virus and ID only         Virus and ID only




  depends upon vendor selected   depends upon vendor selecteddepends upon vendor selected             not available             not available

         bulletin board                 bulletin board                   bulletin board              TFTP or web UI            TFTP or web UI


          not available                  not available               not available                  via FortiManager          via FortiManager
  depends upon vendor selected   depends upon vendor selecteddepends upon vendor selected             not available             not available


     separate 3rd party box         separate 3rd party box           separate 3rd party box                 no                        no
               no                             no                               no                           yes                       yes
                                                                                                 Priority Mgmt, Guar/Max   Priority Mgmt, Guar/Max
       DS, Priority Mgmt.             DS, Priority Mgmt.               DS, Priority Mgmt.                 Bdwdth.                   Bdwdth.

      Inactive failover req.         Inactive failover req.           Inactive failover req.                yes                     yes
          manual only                    manual only                      manual only
              yes/?                          yes/?                            yes/?                        yes/no                  yes/no
               yes                            yes                              yes                          yes                     yes




Al Cooley 1/14/03                                             Confidential Not For External Distribution                                             81
      complex; 6 manuals            complex; 6 manuals            complex; 6 manuals




   No. Also separate 3rd party   No. Also separate 3rd party   No. Also separate 3rd party
    interface to URL blocking     interface to URL blocking     interface to URL blocking               yes                  yes




            CLI, http                     CLI, http                     CLI, http                       CLI                  CLI




       https, Telnet, SSH            https, Telnet, SSH            https, Telnet, SSH              https, SSH             https, SSH


      Global Pro & Express          Global Pro & Express          Global Pro & Express        FortiManager planned   FortiManager planned
   $27,190 (100), $5,995 (25)    $27,190 (100), $5,995 (25)           $330/$289




           limited/yes                   limited/yes                   limited/yes                     yes/yes             yes/yes
               yes                            yes                          yes                          email               email
               yes                            yes                          yes                           yes                 yes

    VPN tunnel uses 1 inter.      VPN tunnel uses 1 inter.      VPN tunnel uses 1 inter.



         via Webtrends                 via Webtrends                 via Webtrends               via Webtrends          via Webtrends




           $485 (10)                     $485 (10)                     $485 (10)                       $56 (1)             $56 (1)
            yes/no                        yes/no                        yes/no                           yes                 yes




Al Cooley 1/14/03                                         Confidential Not For External Distribution                                        82
       DES, 3DES, AES              DES, 3DES, AES                DES, 3DES, AES                   DES, 3DES            DES, 3DES
    SHA-1, MD5, PKCS, SCEP      SHA-1, MD5, PKCS, SCEP        SHA-1, MD5, PKCS, SCEP              SHA-1, MD5           SHA-1, MD5

       Manual, IKE, X.509          Manual, IKE, X.509            Manual, IKE, X.509           Manual, IKE, X.509    Manual, IKE, X.509




   Veri, Entrust, CA, RSA, +3   Veri, Entrust, CA, RSA, +3    Veri, Entrust, CA, RSA, +4               CA                   CA


          1,500 users                 25,000 users                  25,000 users                       yes                 yes
                                                                                                       no                  no
              yes                          yes                           yes                           yes                 yes
              yes                          yes                           yes                           no                  no
              no                           no                            no



         none: replace                none: replace                 none: replace                none: replace        none: replace


            256M                         256M                          256M                           256M                256M
            no disk                      no disk                       no disk                         20G                 20G

          not available               not available                  not available               not available         not available

               9                        4 or 2 GE                    2 GE and 24                       3                    11
                                                               not expandable - 5400
                                                             model allows up to 72 (or 24
        not expandable                  8 or 4 GE               x GE) interface card            not expandable       not expandable


     proprietary ScreenOS         proprietary ScreenOS          proprietary ScreenOS          proprietary FortiOS   proprietary FortiOS




Al Cooley 1/14/03                                        Confidential Not For External Distribution                                       83
                                    Due to hardware limitations     Due to hardware limitations
    Due to hardware limitations      Netscreen devices have a        Netscreen devices have a         Several announced features     Several announced features
     Netscreen devices have a       maximum number of rules         maximum number of rules            have been found to be not      have been found to be not
  maximum number of rules that        that can be supported.          that can be supported.            yet available. If you find     yet available. If you find
can be supported. When this limit    When this limit is reached      When this limit is reached       others please email us. Also   others please email us. Also
is reached customers are advised     customers are advised to        customers are advised to            seeking more detailed          seeking more detailed
   to upgrade to move to a new      upgrade to move to a new        upgrade to move to a new           product information since      product information since
            appliance.                       appliance.                      appliance.                      product is new.                product is new.


                                        Implements a "virtual           Implements a "virtual
                                        firewall" capability for        firewall" capability for
                                    carriers; partition single unit carriers; partition single unit
                                     into multiple "virtual" units   into multiple "virtual" units
                                        for security purposes.          for security purposes.




Al Cooley 1/14/03                                              Confidential Not For External Distribution                                                           84
         Fortinet                   Cisco                  Symantec                      Microsoft                  SmoothWall
          1000                      525-R                    5310                           ISA                   Corporate Server
                                                           250 Users                                              v3 shipping Q303
                                                                                  $7,198 (1CPU)+$43/client              $3,418
           $12,995                  $17,445                  $22,885
      no - 90 days only        no - 90 days only          for first year                     no                            no
  in support, requires mgr.        in support               in support               $3,209 + $14/client                 $494
                                      $600          $4,310 including virus/url                                        Via reseller
  in support, requires mgr.      not available          in support (250)                    N/A                      not available
                                                                                                              $607.50 (250) for software
                                                                                                               upgrades & keywords, no
  Announced not available        not available          in support (250)                    N/A                         URL list


                                                                                                               Licensing based on #VPN
         unlimited                                         1000 nodes                     unlimited                   connections

                                                   Not published, licensed by #                               5 included in SmoothTunnel
          3,000                     2,000                     tunnels                   not published         plus $1,215 per 50 tunnels
      600000 sessions              280,000                not published           48,758 / 4 CPU's = 12,200           not published
          1,000                      330                        40                      not published                 not published
        250 (DES)                 72(3DES)                not published                 not published                 not published
                                                          not published             283M / 4 CPU's = 71M              not published

            yes                      yes                       yes                         yes                          yes (v3)
            yes                      no                        yes                     DNS and POP3




                                                                                   no - separate 3rd party
            yes                       no                       yes                         product                        no
            yes                       no                       no                        not available                    no
                                                                                   no - separate 3rd party
            yes                       no                       yes                         product                        no

                                                                                   no - separate 3rd party    Requires SmoothGuardian,
      yes/yes/no/yes                  no                       no                          product               licensed per device

                                                     limited number of web                                      $1,250 (250 users), local
                              separate 3rd party     pages catagorized into        no - separate 3rd party    site blocking or performance
  Announced not available            box                only13 categories                  product            impacting keyword scanning



Al Cooley 1/14/03                                       Confidential Not For External Distribution                                           85
            no                       no            domain and RBL checks only             no                     no
                                java applets                  yes                         no                     yes
                                     no                       yes                         yes                    yes
            yes             separate product/box              yes                         no                     yes

            no                      no                        no                        limited                  no
        yes/yes/no              yes/yes/no                 yes/no/no                      yes/               yes/no/yes
                                    no                        no                           no                 yes (v3)


            yes                     yes                        yes                        yes                    no
                                                               no                         no                     yes
                                    yes                        yes                        yes                    yes
                                                               yes                        no                     yes
                                    yes                        yes                 no - sample code              no
                                                               no                         yes                    no
            yes                     yes                        no                                                yes
            yes                     yes                        no                                                yes



     Virus and ID only               no                        yes                        no                       no
                                                                                                      URL's not indexed, must be
                                                                                                          scanned locally for
                                                                                                        keywords, introducing
       not available            not available                  no                         N/A              significant delay
                            through management
      TFTP or web UI             center only                                              yes                  manual

                                                    selectable: daily, weekly,
     via FortiManager           not available                monthly                      N/A              not applicable
       not available            not available                                             N/A           weekly; keywords only


             no                      no                        no                         yes                    yes
             yes                     no                        yes                        yes                    no
  Priority Mgmt, Guar/Max
           Bdwdth.                   no                        no                         yes                    no
                            no, need next model,
           yes                   not stateful                 yes                         yes         Enterprise Server option?
                                                         no manual only                   no                      no
          yes/no                   yes/no                     no                         no/no                 yes/yes
           yes                       no                       yes                         yes                     no




Al Cooley 1/14/03                                       Confidential Not For External Distribution                                 86
                                                   Need to install Raptor Mgmt
                                                    Console and in some cases     Complex: 17 documents in
                                                   also Microsoft Mgmt Console      doc set, snap-ins to be
                           complex; 6 manuals          separately. 3 major          installed, MMC, Active
                          plus 3rd party devices             manuals.                 Directory, clients.            single CD & manual

                          No. Combination of CLI
                          and graphical interface
                              plus 3rd party      yes, but requires PC running
           yes                  interfaces.          management consoles                      yes                             yes

                                                      Raptor Management           User needs to integrate ISA
                                                   Console. Runs on/requires         snap-in to Microsoft
                                                   the Microsoft Management          Management Console
           CLI                   CLI, http            Console, NT or 2000.                framework                          https

                                                      Raptor Management           User needs to integrate ISA
                                                   Console. Runs on/requires         snap-in to Microsoft
                                                   the Microsoft Management          Management Console
        https, SSH                 SSH                Console, NT or 2000.                framework                          https

                                                   Raptor Management Console
   FortiManager planned     CSPM (part of VMS)        used for this purpose                   no                             no
                           $7,995(10), $19,995       included with appliance                  N/A                       none available




         yes/yes                   /yes                      yes/no                         yes/no                         yes (v3)
          email                                        audio, email, pager                    yes                             no
           yes                     yes                         yes                            no                              no

                                                               no                             no                     yes - serial port (v3)

                                                                                  Included or use third party,
                                                       External reports only            but logging very         Included or use an external
      via Webtrends                                   (Webtrends or equiv.)               rudimentary                      product



                                                   , also requires separate VPN                                  $100 list for SmoothNode or
         $56 (1)                 $50 (1)                 option on gateway                   N/A                  $162 list for SafeNet client
           yes                     yes                         yes/no                       no/yes                          yes / no




Al Cooley 1/14/03                                       Confidential Not For External Distribution                                               87
                                                                                                  DES, 3DES, AES, Blowfish,
       DES, 3DES             DES, 3DES         DES, 3DES, AES                                           Twofish (v3)
       SHA-1, MD5          SHA-1, AH, MD5       MD-5, SHA1                                              MD-5, SHA1

    Manual, IKE, X.509       IKE, Manual             PSK                         RSA                      PSK, x.509




            CA                3rd party            Entrust                      public                  internal, public


           yes                   yes                  yes                         no                          yes
           no                                  not in appliance                   yes                         no
           yes                   yes                  yes                         no                          no
           no                                         yes                         no                          no
                                                      yes              no - third party product               no



       none: replace        none: replace       none: replace              swap hardware                swap hardware
                                                                                                  Pentium (P500 upwards for
                          600 MHz Intel PIII      1GHz PIII              300MHz (minimum)                 large VPN)
          256M                 256M                256M                   256M (minimum)                 64M minimum
           20G                16M flash                                    20 (minimum)                1 Gbyte minimum

       not available                                                            either                      either

        3 plus 2 GE               3                   4                     user selectable                    3


      not expandable              3                   4                     user selectable                    3
                                                                                                      Linux 2.4 with only
                                                                       No - You need to harden    minimum set of components
    proprietary FortiOS   proprietary PIX OS      Linux 2.2             W2000 or 2003 server              necessary




Al Cooley 1/14/03                              Confidential Not For External Distribution                                     88
                                                                                                                         Note everything is
                                                                                                                    unbundled; VPN gateway
                                                                                     Firewall clients must be      (SmoothTunnel), additionl
                                                                                     installed on machines in               VPN tunnels
                                                                                   trusted zone to utilize user        (SmoothConnection),
Several announced features                                                          and group access/logging        multiple WAN interfaces
 have been found to be not                                                         features, support protocols        (SmoothHost), rules to
  yet available. If you find       Note NIC and         Raptor Management Console not on the definition list; but       block ports/services
others please email us. Also functionality restrictions    runs on/requires the       firewall client does not    (SmoothRule), URL filtering
   seeking more detailed      on this model. Prices       Microsoft Management    support PPTP. No client for (SmoothGuardian), as well
 product information since double for elimination of Console. Runs on NT and         non-windows machines,        as the annual maintenance
       product is new.          those restrictions                2000.            they need SOCKS support.          for each of these items.

                                                                                                               Note that URL filtering and
                                                                                                              blocking must be purchased
                                                                                                              as a product option and also
                                                                                                                 has a annual software
                                                        HA option does not work     Need to use Window Active maintenance and keyword
                                                               with DHCP                    Directory                 update fees
                                                      Symantec currently has one
                                                       model to cover the whole
                                                          market (5200/5300
                                                       discontinued), using user
                                                          licensing to achieve      Heavy focus on marketing to
                                                       scalablility. In the fall of   protect Exchange servers
                                                            2003 they will be          and Outlook web clients      SmoothGuardian URL
                                                        introducing 2 lower end      because of support for RPC  filtering also available for
                                                                 models.                  proxies and SSL.      use with 3rd party firewalls.




Al Cooley 1/14/03                                           Confidential Not For External Distribution                                          89

				
DOCUMENT INFO
Shared By:
Categories:
Tags:
Stats:
views:37
posted:8/1/2011
language:English
pages:89