Juniper Networks NetScreen-50f w/ AC power supply NS-050-103 Ficha De Dados

Códigos do produto

NS-050-103

Datasheet

Page

Juniper Networks NetScreen-25/50

The Juniper Networks NetScreen-25 and NetScreen-50 offer a complete security solution for

enterprise branch and remote offices as well as small and medium size companies. Featuring

four auto-sensing 10/100 Ethernet ports, the NetScreen-25 and NetScreen-50 provide solutions

for perimeter security with multiple DMZs, VPNs for wireless LAN security, or protection of internal

networks. The NetScreen-25 has the same number of Ethernet interfaces and offers 100 Mbps

of firewall and 20 Mbps of 3DES or AES VPN performance, with support for 32,000 concurrent

sessions and 125 VPN tunnels. The NetScreen-50 is a high performance security appliance, offering

170 Mbps of firewall and 45 Mbps of 3DES or AES VPN performance, with support for 64,000

concurrent sessions and 500 VPN tunnels.

Juniper Networks

NetScreen-25

NetScreen-50

Maximum Performance and Capacity

(1)

ScreenOS version support

ScreenOS 5.4

Firewall performance

100 Mbps

170 Mbps

3DES+SHA-1 performance

20 Mbps

45 Mbps

Concurrent sessions

32,000

64,000

New sessions/second

4,000

5,000

Policies

500

1,000

Interfaces

4 10/100 Base-T

Mode of Operation

Layer 2 mode (transparent mode

)(2)

Yes

Layer 3 mode (route and/or NAT mode)

Yes

NAT (Network Address Translation)

Yes

PAT (Port Address Translation)

Yes

Policy-based NAT

Yes

Virtual IP

Mapped IP

500

MIP/VIP Grouping

Yes

Users supported

Unrestricted

Firewall

Number of network attacks detected

Network attack detection

Yes

DoS and DDoS protections

Yes

TCP reassembly for fragmented packet protection Yes

Yes

Malformed packet protections

Yes

IPS (Deep Inspection FW)

Yes

Protocol anomaly

Yes

Stateful protocol signatures

Yes

Content Inspection

Yes

Embedded antivirus

Embedded Anti-Spam

Yes

Malicious Web filtering

up to 48 URLs

External Web filtering (Websense or SurfControl) Yes

Yes

Integrated Web filtering

Yes

Brute force attack mitigation

Yes

Deep Inspection (DI) attack pattern obfuscation

Yes

Zone-based IP spoofing

Yes

VPN

Concurrent VPN tunnels

125

500

Tunnel interfaces

DES (56-bit), 3DES (168-bit) and AES encryption

Yes

Manual Key, IKE, PKI (X.509)

Yes

Perfect forward secrecy (DH Groups)

1,2,5

Prevent replay attack

Yes

Remote access VPN

Yes

L2TP within IPSec

Yes

Dead Peer Detection

Yes

IPSec NAT Traversal

Yes

Redundant VPN gateways

Yes

VPN tunnel monitor

Yes

Juniper Networks

NetScreen-25

NetScreen-50

Firewall and VPN User Authentication

Built-in (internal) database - user limit

up to 250

Up to 250

3rd Party user authentication

RADIUS, RSA

SecurID, and LDAP SecurID, and LDAP

XAUTH VPN authentication

Yes

Web-based authentication

Yes

PKI Support

PKI Certificate requests (PKCS 7 and PKCS 10)

Yes

Automated certificate enrollment (SCEP)

Yes

Online Certificate Status Protocol (OCSP)

Yes

Self Signed Certificates

Yes

Certificate Authorities Supported
Verisign

Yes

Entrust

Yes

Microsoft

Yes

RSA Keon

Yes

iPlanet (Netscape)

Yes

Baltimore

Yes

DOD PKI

Yes

Logging/Monitoring

Syslog (multiple servers)

External, up to

4 servers

E-mail (2 addresses)

Yes

NetIQ WebTrends

External

SNMP (v1, v2)

Yes

Standard and custom MIB

Yes

Traceroute

Yes

At session start and end

Yes

Virtualization

Custom security zones

Virtual routers (VRs)

VLANs supported

Routing

OSPF/BGP Dynamic routing

3 instances each

RIPv1/v2 Dynamic routing

3 instances

Static routes

2.048

2,048

Source Based Routing, Source Interface Based Routing Yes

Yes

Equal cost multi-path routing

Yes

High Availability (HA)

HA mode

HA Lite

Active/Passive

Firewall/VPN session synchronization

Yes

Redundant Interfaces

Yes

Configuration synchronization

Yes

Device failure detection

Yes

Link failure detection

Yes

Authentication for new HA members

Yes

Encryption of HA traffic

Yes

VoIP

H.323 ALG

Yes

SCCP ALG

Yes

SIP ALG

Yes

MGCP ALG

Yes

NAT for H.323/SIP/SCCP/MGCP

Yes