Juniper Networks NetScreen-50 w/ AC power supply NS-050-003 Fiche De Données
Codes de produits
NS-050-003
Datasheet
Page
Juniper Networks NetScreen-25/50
The Juniper Networks NetScreen-25 and NetScreen-50 offer a complete security solution for
enterprise branch and remote offices as well as small and medium size companies. Featuring
four auto-sensing 10/100 Ethernet ports, the NetScreen-25 and NetScreen-50 provide solutions
for perimeter security with multiple DMZs, VPNs for wireless LAN security, or protection of internal
networks. The NetScreen-25 has the same number of Ethernet interfaces and offers 100 Mbps
of firewall and 20 Mbps of 3DES or AES VPN performance, with support for 32,000 concurrent
sessions and 125 VPN tunnels. The NetScreen-50 is a high performance security appliance, offering
170 Mbps of firewall and 45 Mbps of 3DES or AES VPN performance, with support for 64,000
concurrent sessions and 500 VPN tunnels.
Juniper Networks
Juniper Networks
NetScreen-25
1)
NetScreen-50
1)
Maximum Performance and Capacity
(1)
ScreenOS version support
ScreenOS 5.4
ScreenOS 5.4
Firewall performance
100 Mbps
170 Mbps
3DES+SHA-1 performance
20 Mbps
45 Mbps
Concurrent sessions
32,000
64,000
New sessions/second
4,000
5,000
Policies
500
1,000
Interfaces
4 10/100 Base-T
4 10/100 Base-T
Mode of Operation
Layer 2 mode (transparent mode
)(2)
Yes
Yes
Layer 3 mode (route and/or NAT mode)
Yes
Yes
NAT (Network Address Translation)
Yes
Yes
PAT (Port Address Translation)
Yes
Yes
Policy-based NAT
Yes
Yes
Virtual IP
2
2
Mapped IP
500
500
MIP/VIP Grouping
Yes
Yes
Users supported
Unrestricted
Unrestricted
Firewall
Number of network attacks detected
31
31
Network attack detection
Yes
Yes
DoS and DDoS protections
Yes
Yes
TCP reassembly for fragmented packet protection Yes
Yes
Malformed packet protections
Yes
Yes
IPS (Deep Inspection FW)
Yes
Yes
Protocol anomaly
Yes
Yes
Stateful protocol signatures
Yes
Yes
Content Inspection
Yes
Yes
Embedded antivirus
No
No
Embedded Anti-Spam
Yes
Yes
Malicious Web filtering
up to 48 URLs
up to 48 URLs
External Web filtering (Websense or SurfControl) Yes
Yes
Integrated Web filtering
Yes
Yes
Brute force attack mitigation
Yes
Yes
Deep Inspection (DI) attack pattern obfuscation
Yes
Yes
Zone-based IP spoofing
Yes
Yes
VPN
Concurrent VPN tunnels
125
500
Tunnel interfaces
25
50
DES (56-bit), 3DES (168-bit) and AES encryption
Yes
Yes
Manual Key, IKE, PKI (X.509)
Yes
Yes
Perfect forward secrecy (DH Groups)
1,2,5
1,2,5
Prevent replay attack
Yes
Yes
Remote access VPN
Yes
Yes
L2TP within IPSec
Yes
Yes
Dead Peer Detection
Yes
Yes
IPSec NAT Traversal
Yes
Yes
Redundant VPN gateways
Yes
Yes
VPN tunnel monitor
Yes
Yes
Juniper Networks
Juniper Networks
NetScreen-25
1)
NetScreen-50
1)
Firewall and VPN User Authentication
Built-in (internal) database - user limit
up to 250
Up to 250
3rd Party user authentication
RADIUS, RSA
RADIUS, RSA
SecurID, and LDAP SecurID, and LDAP
XAUTH VPN authentication
Yes
Yes
Web-based authentication
Yes
Yes
PKI Support
PKI Certificate requests (PKCS 7 and PKCS 10)
Yes
Yes
Automated certificate enrollment (SCEP)
Yes
Yes
Online Certificate Status Protocol (OCSP)
Yes
Yes
Self Signed Certificates
Yes
Yes
Certificate Authorities Supported
Verisign
Verisign
Yes
Yes
Entrust
Yes
Yes
Microsoft
Yes
Yes
RSA Keon
Yes
Yes
iPlanet (Netscape)
Yes
Yes
Baltimore
Yes
Yes
DOD PKI
Yes
Yes
Logging/Monitoring
Syslog (multiple servers)
External, up to
External, up to
4 servers
4 servers
E-mail (2 addresses)
Yes
Yes
NetIQ WebTrends
External
External
SNMP (v1, v2)
Yes
Yes
Standard and custom MIB
Yes
Yes
Traceroute
Yes
Yes
At session start and end
Yes
Yes
Virtualization
Custom security zones
4
4
Virtual routers (VRs)
3
3
VLANs supported
16
16
Routing
OSPF/BGP Dynamic routing
3 instances each
3 instances each
RIPv1/v2 Dynamic routing
3 instances
3 instances
Static routes
2.048
2,048
Source Based Routing, Source Interface Based Routing Yes
Yes
Equal cost multi-path routing
Yes
Yes
High Availability (HA)
HA mode
HA Lite
Active/Passive
Firewall/VPN session synchronization
No
Yes
Redundant Interfaces
Yes
Yes
Configuration synchronization
Yes
Yes
Device failure detection
Yes
Yes
Link failure detection
Yes
Yes
Authentication for new HA members
Yes
Yes
Encryption of HA traffic
Yes
Yes
VoIP
H.323 ALG
Yes
Yes
SCCP ALG
Yes
Yes
SIP ALG
Yes
Yes
MGCP ALG
Yes
Yes
NAT for H.323/SIP/SCCP/MGCP
Yes
Yes