Juniper SSG 140 SSG-140-SB 데이터 시트

3

Maximum Performance and Capacity

(1)

 

ScreenOS version tested  

ScreenOS 6.1

Firewall throughput (large packets) 

350+ Mbps

Firewall throughput (IMIX)

(2)

 

300 Mbps

Firewall packets per second (64 byte)  

100,000 PPS

Advanced Encryption Standard (AES) 256+SHA-1 VPN throughput  100 Mbps
3DES encryption +SHA-1 VPN throughput 

100 Mbps

Maximum concurrent sessions 

48,000

New sessions/second 

8,000

Maximum security policies 

1,000

Maximum users supported  

Unrestricted

Network Connectivity 

Fixed I/O  

8x10/100, 2x10/100/1000

Physical Interface Module (PIM) slots  

4

Modular WAN/LAN interface options (PIMs/uPIMs)  2xT1, 2xE1, 2xSerial, 1xISDN BRI S/T 
 

SFP, 10/100/1000

Firewall 

Network attack detection 

Yes

DoS and DDoS protection 

Yes

TCP reassembly for fragmented packet protection 

Yes

Brute force attack mitigation 

Yes

SYN cookie protection 

Yes

Zone-based IP spoofing 

Yes

Malformed packet protection 

Yes

Unified Threat Management

(3)

 

IPS (Deep Inspection firewall) 

Yes

   Protocol anomaly detection 

Yes

   Stateful protocol signatures 

Yes

   IPS/DI attack pattern obfuscation 

Yes

Antivirus 

Yes

   Signature database 

200,000+

   Protocols scanned 

POP3, HTTP, SMTP, IMAP, FTP, IM

   Anti-spyware 

Yes

   Anti-adware 

Yes

   Anti-keylogger 

Yes

   Instant message AV 

Yes

Anti-spam 

Yes

Integrated URL filtering 

Yes

External URL filtering

(4)

 

Yes

Voice over IP (VoIP) Security  

H.323. Application-level gateway (ALG)  

Yes

SIP ALG  

Yes

MGCP ALG 

Yes

SCCP ALG 

Yes

Network Address Translation (NAT) for VoIP protocols  

Yes

IPSec VPN 

Concurrent VPN tunnels 

150

Tunnel interfaces 

50

DES encryption (56-bit), 3DES encryption (168-bit) and AES (256-bit)  Yes
MD-5 and SHA-1 authentication 

Yes

Manual key, Internet Key Exchange (IKE), IKEv2 with EAP public  
key infrastructure  (PKI) (X.509) 

Yes

Perfect forward secrecy (DH Groups) 

1,2,5

Prevent replay attack 

Yes

IPSec VPN (cont’d)

    Remote access VPN 

        Yes

    Layer 2 Tunneling Protocol (L2TP) within IPSec 

        Yes

    IPSec Network Address Translation (NAT) traversal 

        Yes

    Auto-Connect VPN 

       Yes

    Redundant VPN gateways 

        Yes

User Authentication and Access Control 

Built-in (internal) database user limit 

250

Third-party user authentication 

RADIUS, RSA SecureID, LDAP

RADIUS Accounting 

Yes – start/stop

XAUTH VPN authentication 

Yes

Web-based authentication 

Yes

802.1X authentication 

Yes

Unified Access Control (UAC) enforcement point 

Yes

PKI Support 

PKI certificate requests (PKCS 7 and PKCS 10) 

Yes

Automated certificate enrollment (SCEP) 

Yes

Online Certificate Status Protocol (OCSP) 

Yes

Certificate Authorities supported 

Verisign, Entrust, Microsoft, RSA Keon, 

 

iPlanet (Netscape) Baltimore, DOD PKI

Self signed certificates 

Yes

Virtualization 

Maximum number of security zones 

40

Maximum number of virtual routers 

3

Bridge groups* 

Yes

Maximum number of VLANs  

100

Routing 

BGP instances 

2

BGP peers 

4

BGP routes 

2,048

OSPF instances 

2

OSPF routes 

2,048

RIPv1/v2 instances 

2

RIP v2 routes 

2,048

Static routes 

2,048

Source-based routing 

Yes

Policy-based routing 

Yes

Equal-cost multipath (ECMP) 

Yes

Multicast 

Yes

   Reverse Forwarding Path (RFP) 

Yes

   Internet Group Management Protocol (IGMP) (v1, v2) 

Yes

   IGMP Proxy 

Yes

   Protocol Independent Multicast (PIM) single mode 

Yes

   PIM source-specific multicast 

Yes

   Multicast inside IPSec tunnel 

Yes

Encapsulations 

Point-to-Point Protocol (PPP) 

Yes

Multilink Point-to-Point Protocol (MLPPP) 

Yes

   MLPPP max physical interfaces  

8

Frame relay 

Yes

Multilink Frame Relay (MLFR) (FRF 15, FRF 16)  

Yes

   MLFR max physical interfaces  

8

HDLC 

Yes

*Bridge groups supported only on uPIMs in ScreenOS 6.0 and greater releases

Specifications