Juniper SSG 140 SSG-140-SB 데이터 시트
제품 코드
SSG-140-SB
3
Maximum Performance and Capacity
(1)
ScreenOS version tested
ScreenOS 6.1
Firewall throughput (large packets)
350+ Mbps
Firewall throughput (IMIX)
(2)
300 Mbps
Firewall packets per second (64 byte)
100,000 PPS
Advanced Encryption Standard (AES) 256+SHA-1 VPN throughput 100 Mbps
3DES encryption +SHA-1 VPN throughput
3DES encryption +SHA-1 VPN throughput
100 Mbps
Maximum concurrent sessions
48,000
New sessions/second
8,000
Maximum security policies
1,000
Maximum users supported
Unrestricted
Network Connectivity
Fixed I/O
8x10/100, 2x10/100/1000
Physical Interface Module (PIM) slots
4
Modular WAN/LAN interface options (PIMs/uPIMs) 2xT1, 2xE1, 2xSerial, 1xISDN BRI S/T
SFP, 10/100/1000
Firewall
Network attack detection
Yes
DoS and DDoS protection
Yes
TCP reassembly for fragmented packet protection
Yes
Brute force attack mitigation
Yes
SYN cookie protection
Yes
Zone-based IP spoofing
Yes
Malformed packet protection
Yes
Unified Threat Management
(3)
IPS (Deep Inspection firewall)
Yes
Protocol anomaly detection
Yes
Stateful protocol signatures
Yes
IPS/DI attack pattern obfuscation
Yes
Antivirus
Yes
Signature database
200,000+
Protocols scanned
POP3, HTTP, SMTP, IMAP, FTP, IM
Anti-spyware
Yes
Anti-adware
Yes
Anti-keylogger
Yes
Instant message AV
Yes
Anti-spam
Yes
Integrated URL filtering
Yes
External URL filtering
(4)
Yes
Voice over IP (VoIP) Security
H.323. Application-level gateway (ALG)
Yes
SIP ALG
Yes
MGCP ALG
Yes
SCCP ALG
Yes
Network Address Translation (NAT) for VoIP protocols
Yes
IPSec VPN
Concurrent VPN tunnels
150
Tunnel interfaces
50
DES encryption (56-bit), 3DES encryption (168-bit) and AES (256-bit) Yes
MD-5 and SHA-1 authentication
MD-5 and SHA-1 authentication
Yes
Manual key, Internet Key Exchange (IKE), IKEv2 with EAP public
key infrastructure (PKI) (X.509)
key infrastructure (PKI) (X.509)
Yes
Perfect forward secrecy (DH Groups)
1,2,5
Prevent replay attack
Yes
IPSec VPN (cont’d)
Remote access VPN
Yes
Layer 2 Tunneling Protocol (L2TP) within IPSec
Yes
IPSec Network Address Translation (NAT) traversal
Yes
Auto-Connect VPN
Yes
Redundant VPN gateways
Yes
User Authentication and Access Control
Built-in (internal) database user limit
250
Third-party user authentication
RADIUS, RSA SecureID, LDAP
RADIUS Accounting
Yes – start/stop
XAUTH VPN authentication
Yes
Web-based authentication
Yes
802.1X authentication
Yes
Unified Access Control (UAC) enforcement point
Yes
PKI Support
PKI certificate requests (PKCS 7 and PKCS 10)
Yes
Automated certificate enrollment (SCEP)
Yes
Online Certificate Status Protocol (OCSP)
Yes
Certificate Authorities supported
Verisign, Entrust, Microsoft, RSA Keon,
iPlanet (Netscape) Baltimore, DOD PKI
Self signed certificates
Yes
Virtualization
Maximum number of security zones
40
Maximum number of virtual routers
3
Bridge groups*
Yes
Maximum number of VLANs
100
Routing
BGP instances
2
BGP peers
4
BGP routes
2,048
OSPF instances
2
OSPF routes
2,048
RIPv1/v2 instances
2
RIP v2 routes
2,048
Static routes
2,048
Source-based routing
Yes
Policy-based routing
Yes
Equal-cost multipath (ECMP)
Yes
Multicast
Yes
Reverse Forwarding Path (RFP)
Yes
Internet Group Management Protocol (IGMP) (v1, v2)
Yes
IGMP Proxy
Yes
Protocol Independent Multicast (PIM) single mode
Yes
PIM source-specific multicast
Yes
Multicast inside IPSec tunnel
Yes
Encapsulations
Point-to-Point Protocol (PPP)
Yes
Multilink Point-to-Point Protocol (MLPPP)
Yes
MLPPP max physical interfaces
8
Frame relay
Yes
Multilink Frame Relay (MLFR) (FRF 15, FRF 16)
Yes
MLFR max physical interfaces
8
HDLC
Yes
*Bridge groups supported only on uPIMs in ScreenOS 6.0 and greater releases
Specifications