Juniper NetScreen-204 NS-204-001-DC Ficha De Dados

Datasheet

Page 

Juniper Networks NetScreen-204/208

The Juniper Networks NetScreen-200 Series is one of the most versatile pair of security appliances 

available today. They easily integrate and secure many different network environments, including 

medium and large enterprise offices, e-business sites, data centers, and carrier infrastructure. 

Complete with either four or eight auto-sensing 10/100 Base-T Ethernet ports, the NetScreen-200 

Series performs firewall functions at wire speed (375 Mbps on the NetScreen-204 and NetScreen-

208). Even the most computationally intense applications, such as 3DES and AES encryption, are 

performed at speeds greater than 175 Mbps.

 ScreenOS version support

ScreenOS 5.4

ScreenOS 5.4

   Firewall performance

375 Mbps

375 Mbps

   3DES+SHA-1 performance

175 Mbps

175 Mbps

   Concurrent sessions

128,000

(5)

128,000

(5)

   New sessions/second

11,500

11,500

   Policies

4,000

4,000

   Interfaces

4 10/100 Base-T

8 10/100 Base-T

 Layer 2 mode (transparent mode)(2)

Yes

 Layer 3 mode (route and/or NAT mode)

Yes

 NAT (Network Address Translation)

Yes

 PAT (Port Address Translation)

Yes

 Policy-based NAT

Yes

 Virtual IP

4

 Mapped IP

4,000

 MIP/VIP Grouping

Yes

 Users supported

Unrestricted

 Number of network attacks detected

31

 Network attack detection

Yes

 DoS and DDoS protections

Yes

 TCP reassembly for fragmented packet protection

Yes

 Malformed packet protections

Yes

 IPS (Deep Inspection FW)

Yes

   Protocol anomaly

Yes

   Stateful protocol signatures

Yes

 Content Inspection

Yes

   Embedded antivirus

No

   Embedded Anti-spam

Yes

   Malicious Web filtering

up to 48 URLs

   External Web filtering (Websense or SurfControl)

Yes

   Integrated Web filtering

No

   Brute force attack mitigation

Yes

   Deep Inspection (DI) attack pattern obfuscation

Yes

   SYN cookie

Yes

   Zone-based IP spoofing

Yes

 Concurrent VPN tunnels

Up to 1,000

 Tunnel interfaces

Up to 256

 DES (56-bit), 3DES (168-bit) and AES encryption

Yes

 MD-5 and SHA-1 authentication

Yes

 Manual Key, IKE, PKI (X.509)

Yes

 Perfect forward secrecy (DH Groups)

1,2,5

 Prevent replay attack

Yes

 Remote access VPN

Yes

 L2TP within IPSec

Yes

 Dead Peer Detection

Yes

 IPSec NAT Traversal

Yes

 Redundant VPN gateways

Yes

 VPN tunnel monitor

Yes

 Built-in (internal) database - user limit

up to 1,500

 3rd Party user authentication

RADIUS, RSA SecurID, 802.1x and LDAP

 XAUTH VPN authentication

Yes

 Web-based authentication

Yes

 PKI Certificate requests (PKCS 7 and PKCS 10)

Yes

 Automated certificate enrollment (SCEP)

Yes

 Online Certificate Status Protocol (OCSP)

Yes

 Self Signed Certificates

Yes

 Certificate Authorities Supported
  Verisign

Yes

  Entrust

Yes

  Microsoft

Yes

  RSA Keon

Yes

  iPlanet (Netscape)

Yes

  Baltimore

Yes

  DOD PKI

Yes

 Syslog (multiple servers)

External, up to 4 servers

 E-mail (2 addresses)

Yes

 NetIQ WebTrends

External

 SNMP (v1, v2)

Yes

 Standard and custom MIB

Yes

 Traceroute

Yes

 At session start and end

Yes

 Custom security zones

8, 4 on NetScreen-204

 Virtual routers (VRs)

3

 VLANs supported

32

 Virtualization key

Optional upgrade: adds 10 security

   

zones, 5 VRs, and 96 VLANs

 OSPF/BGP Dynamic routing

3 instances each

 RIPv1/v2 Dynamic routing

Up to 8 instances

 Static routes

4096

 Source Based Routing, Source Interface Based Routing

Yes

 Equal cost multi-path routing

Yes

 Active/Active

Yes

 Active/Passive

Yes

 Redundant Interfaces

Yes

 Configuration synchronization

Yes

 Session synchronization for firewall and VPN

Yes

 Session failover for routing change

Yes

 Device failure detection

Yes

 Link failure detection

Yes

 Authentication for new HA members

Yes

 Encryption of HA traffic

Yes

 LDAP and RADIUS server failover

Yes

 H.323 ALG

Yes

 SCCP ALG

Yes

 SIP ALG

Yes

 MGCP ALG

Yes

 NAT for H.323/SIP/SCCP/MGCP

Yes

 Static

Yes

 DHCP, PPPoE client

Yes

 Internal DHCP server

Yes

 DHCP Relay

Yes