Техническая Спецификация для Juniper NetScreen-Security Manager, 200 devices NS-SM-200
Модели
NS-SM-200
Page 2
Copyright 2005, Juniper Networks, Inc. All rights reserved. Juniper Networks and the Juniper Networks logo are registered trademarks of Juniper
Networks, Inc. in the United States and other countries. All other trademarks, service marks, registered trademarks, or registered service marks in
this document are the property of Juniper Networks or their respective owners. All specifications are subject to change without notice. Juniper
Networks assumes no responsibility for any inaccuracies in this document or for any obligation to update information in this document. Juniper
Networks reserves the right to change, modify, transfer, or otherwise revise this publication without notice.
Networks, Inc. in the United States and other countries. All other trademarks, service marks, registered trademarks, or registered service marks in
this document are the property of Juniper Networks or their respective owners. All specifications are subject to change without notice. Juniper
Networks assumes no responsibility for any inaccuracies in this document or for any obligation to update information in this document. Juniper
Networks reserves the right to change, modify, transfer, or otherwise revise this publication without notice.
110018-007 Dec 2005
C
CO
OR
RP
PO
OR
RA
AT
TE
E H
HE
EA
AD
DQ
QU
UA
AR
RT
TE
ER
RS
S
A
AN
ND
D S
SA
AL
LE
ES
S H
HE
EA
AD
DQ
QU
UA
AR
RT
TE
ER
RS
S
F
FO
OR
R N
NO
OR
RT
TH
H A
AN
ND
D S
SO
OU
UT
TH
H A
AM
ME
ER
RIIC
CA
A
Juniper Networks, Inc.
1194 North Mathilda Avenue
Sunnyvale, CA 94089 USA
Phone: 888-JUNIPER (888-586-4737)
or 408-745-2000
Fax: 408-745-2100
w
1194 North Mathilda Avenue
Sunnyvale, CA 94089 USA
Phone: 888-JUNIPER (888-586-4737)
or 408-745-2000
Fax: 408-745-2100
w
ww
ww
w..jju
un
niip
pe
err..n
ne
ett
E
EA
AS
ST
T C
CO
OA
AS
ST
T O
OF
FF
FIIC
CE
E
Juniper Networks, Inc.
10 Technology Park Drive
Westford, MA 01886-3146 USA
Phone: 978-589-5800
Fax: 978-589-0800
10 Technology Park Drive
Westford, MA 01886-3146 USA
Phone: 978-589-5800
Fax: 978-589-0800
A
AS
SIIA
A P
PA
AC
CIIF
FIIC
C R
RE
EG
GIIO
ON
NA
AL
L
S
SA
AL
LE
ES
S H
HE
EA
AD
DQ
QU
UA
AR
RT
TE
ER
RS
S
Juniper Networks (Hong Kong) Ltd.
Suite 2507-11, Asia Pacific Finance Tower
Citibank Plaza, 3 Garden Road
Central, Hong Kong
Phone: 852-2332-3636
Fax: 852-2574-7803
Suite 2507-11, Asia Pacific Finance Tower
Citibank Plaza, 3 Garden Road
Central, Hong Kong
Phone: 852-2332-3636
Fax: 852-2574-7803
E
EU
UR
RO
OP
PE
E,, M
MIID
DD
DL
LE
E E
EA
AS
ST
T,, A
AF
FR
RIIC
CA
A
R
RE
EG
GIIO
ON
NA
AL
L S
SA
AL
LE
ES
S H
HE
EA
AD
DQ
QU
UA
AR
RT
TE
ER
RS
S
Juniper Networks (UK) Limited
Juniper House
Guildford Road
Leatherhead
Surrey, KT22 9JH, U. K.
Phone: 44(0)-1372-385500
Fax: 44(0)-1372-385501
Juniper House
Guildford Road
Leatherhead
Surrey, KT22 9JH, U. K.
Phone: 44(0)-1372-385500
Fax: 44(0)-1372-385501
deployment of the Device and GUI Servers, the UI provides the single
point of access for the administrator to all of the information and
capabilities of the system. By utilizing the computational capabilities of
the GUI Server for most of the load, the impact on the end-user’s
system is minimized.
point of access for the administrator to all of the information and
capabilities of the system. By utilizing the computational capabilities of
the GUI Server for most of the load, the impact on the end-user’s
system is minimized.
All tiers within NetScreen-Security Manager are connected via a TCP-
based communication channel, secured through AES encryption and
SHA-1 authentication. By embedding security similar to an IPSec VPN
in the communication channel, secure management can be easily
deployed in most any network environment.
based communication channel, secured through AES encryption and
SHA-1 authentication. By embedding security similar to an IPSec VPN
in the communication channel, secure management can be easily
deployed in most any network environment.
F
Fe
ea
attu
urre
e O
Ov
ve
errv
viie
ew
w
C
Co
on
nffiig
gu
urra
attiio
on
n
– Device templates with overrides
– Configure all aspects of device
– Full device import
– Device configuration & policy validation
– Report on configuration differences
– VPN modeling tool
– Route-based and policy-based VPN management
– Full mesh, hub & spoke, combination VPN
– Configure all aspects of device
– Full device import
– Device configuration & policy validation
– Report on configuration differences
– VPN modeling tool
– Route-based and policy-based VPN management
– Full mesh, hub & spoke, combination VPN
topologies
– Shared policies & objects
– Rule-based management of antivirus & Deep
– Rule-based management of antivirus & Deep
Inspection
– Policy filtering
R
Re
ed
du
un
nd
da
an
nc
cyy
– Full High Availability with automatic
synchronization and failover
L
Lo
og
gg
giin
ng
g
– Integrated real-time and historical logs
– Full filtering capabilities
– Saved views per user
– Log flagging/comments for team coordination
– Export logs: XML, CSV
– Full filtering capabilities
– Saved views per user
– Log flagging/comments for team coordination
– Export logs: XML, CSV
A
Ad
dm
miin
niis
sttrra
attiio
on
n
– Role-based administration
– Object locking
– Audit logging
– Domains
– Automated domain versioning
– Job Manager for tracking update status
– Object locking
– Audit logging
– Domains
– Automated domain versioning
– Job Manager for tracking update status
3
3rrd
d P
Pa
arrttyy IIn
ntte
eg
grra
attiio
on
n
– Per-rule basis via Syslog, SNMP, email, scripts,
XML, CSV
R
Re
ea
all--T
Tiim
me
e M
Mo
on
niitto
orriin
ng
g
– Firewall devices
– VPNs
– NSRP (HA) clusters
– GUI Server CPU usage
– Device Server CPU usage
– VPNs
– NSRP (HA) clusters
– GUI Server CPU usage
– Device Server CPU usage
R
Re
ep
po
orrttiin
ng
g
– Firewall reports
– Deep Inspection reports (attacks)
– Screen reports (attacks)
– Administrative reports
– Deep Inspection reports (attacks)
– Screen reports (attacks)
– Administrative reports
- 32 pre-defined report templates
- User customizable reports
- User customizable reports
– HTML export
– Log Investigator to correlate log information
– Statistical Report Server product available as add-
– Log Investigator to correlate log information
– Statistical Report Server product available as add-
on module for SLA and other statistical reports
– Scheduled reports
– Custom reports: per user and per domain
– Custom reports: per user and per domain
S
Se
ec
cu
urre
e C
Co
om
mm
mu
un
niic
ca
attiio
on
ns
s
– Secure communications at all tiers
– TCP-based communications mechanism
– Encryption: AES, 128 bit
– Authentication: SHA-1
– TCP-based communications mechanism
– Encryption: AES, 128 bit
– Authentication: SHA-1
M
Miin
niim
mu
um
m S
Syys
stte
em
m R
Re
eq
qu
uiirre
em
me
en
ntts
s
U
Us
se
err IIn
ntte
errffa
ac
ce
e
Operating System Support
Microsoft Windows 2000, Windows NT,
Windows XP, Red Hat Enterprise 3.0,
Red Hat Enterprise 4.0
Windows XP, Red Hat Enterprise 3.0,
Red Hat Enterprise 4.0
Minimum CPU
400 mHz Pentium II or equivalent
Minimum RAM
256 MB RAM, 512 MB
recommended
recommended
Minimum Available Disk Space
100 MB
Minimum Connectivity to Server
384kbps (DSL) or LAN
M
Ma
an
na
ag
ge
em
me
en
ntt S
Se
errv
ve
err ((G
GU
UII S
Se
errv
ve
err a
an
nd
d D
De
ev
viic
ce
e S
Se
errv
ve
err c
co
om
mb
biin
ne
ed
d))
Operating System Support
Solaris 8, Solaris 9, Red Hat Enterprise
3.0, Red Hat Enterprise 4.0
3.0, Red Hat Enterprise 4.0
Minimum CPU
1 GHz*
Minimum RAM
1 GB*
Minimum Hard Disk
10K rpm disk with at least 18GB
disk space (logs are estimated to
be an average of 200 bytes each)*
disk space (logs are estimated to
be an average of 200 bytes each)*
Minimum NIC
100 Mbs*
Maximum devices
managed per server
managed per server
6000
*Global Pro or Global Pro Express
appliance also supported
*Global Pro or Global Pro Express
appliance also supported
JJu
un
niip
pe
err N
Ne
ettw
wo
orrk
ks
s F
Fiirre
ew
wa
allll/
/V
VP
PN
N D
De
ev
viic
ce
e S
Su
up
pp
po
orrtt
NetScreen-Hardware Security Client (HSC)
NetScreen-500
NetScreen-5XP NetScreen-500
GPRS
NetScreen-5XT
ISG 2000
NetScreen-5GT
ISG 2000 w/IDP
NetScreen-5GT ADSL
ISG 1000
NetScreen-25
ISG 1000 W/IDP
NetScreen-50
NetScreen-5200
NetScreen-204
NetScreen-5400
NetScreen-208
N
Ne
ettS
Sc
crre
ee
en
n S
Sc
crre
ee
en
nO
OS
S S
Su
up
pp
po
orrtt
ScreenOS 5.3.0
ScreenOS 4.0.1-MCAST
ScreenOS 5.2.0
ScreenOS 4.0.0-DIAL2
ScreenOS 5.1.0
ScreenOS 4.0.3
ScreenOS 5.0.0
ScreenOS 4.0.1-SBR
ScreenOS 4.0.1
ScreenOS 4.0.0
O
Orrd
de
erriin
ng
g IIn
nffo
orrm
ma
attiio
on
n
P
Prro
od
du
uc
ctt
P
Pa
arrtt N
Nu
um
mb
be
err
NetScreen-Security Manager, 10 devices
NS-SM-10
NetScreen-Security Manager, 25 devices
NS-SM-25
NetScreen-Security Manager, 50 devices
NS-SM-50
NetScreen-Security Manager, 100 devices
NS-SM-100
NetScreen-Security Manager, 200 devices
NS-SM-200
NetScreen-Security Manager, 500 devices
NS-SM-500
NetScreen-Security Manager, 1000 devices
NS-SM-1000
NetScreen-Security Manager, ADD 1000 devices
NS-SM-ADD-1000