Juniper NetScreen-500ES System 3 dual-port 10/100 I/O modules, 2 AC power supplies NS-500ES-FE1-AC Ficha De Dados
Códigos do produto
NS-500ES-FE1-AC
JJu
un
niip
pe
err N
Ne
ettw
wo
orrk
ks
s
N
Ne
ettS
Sc
crre
ee
en
n--5
50
00
0
((1
1))
M
Ma
ax
xiim
mu
um
m P
Pe
errffo
orrm
ma
an
nc
ce
e a
an
nd
d C
Ca
ap
pa
ac
ciittyy
((1
1))
ScreenOS version support
ScreenOS 5.4
Firewall performance
700 Mbps
3DES+SHA-1 performance
250 Mbps
Concurrent sessions
(2)
250,000
New Sessions/Second
7,000
Policies
(2)
20,000
Interfaces
8 10/100 or mini-GBIC
(SX or LX), 4 GBIC (SX or LX)
M
Mo
od
de
e o
off O
Op
pe
erra
attiio
on
n
Layer 2 mode (transparent mode)
(4)
Yes
Layer 3 mode (route and/or NAT mode)
Yes
NAT (Network Address Translation)
Yes
PAT (Port Address Translation)
Yes
Policy-based NAT
Yes
Virtual IP
4
Mapped IP
(3)
4,096
MIP/VIP Grouping
Yes
Users supported
Unrestricted
F
Fiirre
ew
wa
allll
Number of network attacks detected
31
Network attack detection
Yes
DoS and DDoS protections
Yes
TCP reassembly for fragmented packet protection
Yes
Malformed packet protections
Yes
Deep Inspection (DI) firewall
Yes
Protocol anomaly
Yes
IPS (Deep Inspection) firewall
Yes
Stateful protocol signatures
Yes
Content Inspection
Yes
Embedded antivirus
No
Malicious Web filtering
up to 48 URLs
External Web filtering (Websense or SurfControl)
Yes
Integrated Web filtering
No
Brute force attack mitigation
Yes
Deep Inspection (DI) attack pattern obfuscation
Yes
SYN cookie
Yes
Zone-based IP spoofing
Yes
V
VP
PN
N
Site-to-site VPN tunnels
(2)
up to 5,000
Remote access VPN tunnels
10,000
(3)
Tunnel interfaces
up to 1,024
DES (56-bit), 3DES (168-bit) and AES encryption
Yes
MD-5 and SHA-1 authentication
Yes
Manual Key, IKE, PKI (X.509)
Yes
Perfect forward secrecy (DH Groups)
1,2,5
Prevent replay attack
Yes
Remote access VPN
Yes
L2TP within IPSec
Yes
Dead Peer Detection
Yes
IPSec NAT Traversal
Yes
Redundant VPN gateways
Yes
VPN tunnel monitor
Yes
F
Fiirre
ew
wa
allll a
an
nd
d V
VP
PN
N U
Us
se
err A
Au
utth
he
en
nttiic
ca
attiio
on
n
Built-in (internal) database – user limit
(2)
up to 1,500
3rd Party user authentication
RADIUS, RSA SecurID, 802.1X and LDAP
XAUTH VPN authentication
Yes
Web-based authentication
Yes
JJu
un
niip
pe
err N
Ne
ettw
wo
orrk
ks
s
N
Ne
ettS
Sc
crre
ee
en
n--5
50
00
0
((1
1))
P
PK
KII S
Su
up
pp
po
orrtt
PKI Certificate requests (PKCS 7 and PKCS 10)
Yes
Automated certificate enrollment (SCEP)
Yes
Online Certificate Status Protocol (OCSP)
Yes
Self Signed Certificates
Yes
Certificate Authorities Supported
Verisign
Yes
Entrust
Yes
Microsoft
Yes
RSA Keon
Yes
iPlanet (Netscape)
Yes
Baltimore
Yes
DOD PKI
Yes
L
Lo
og
gg
giin
ng
g/
/M
Mo
on
niitto
orriin
ng
g
Syslog (multiple servers)
External, up to 4 servers
E-mail (2 addresses)
Yes
NetIQ WebTrends
External
SNMP (v1, v2)
Yes
Standard and custom MIB
Yes
Traceroute
Yes
V
Viirrttu
ua
alliizza
attiio
on
n
Maximum number of Virtual Systems
(5)
0 Default, upgradeable to 25
Maximum number of security zones
(5)
8 default, upgradeable to 58
Maximum number of virtual routers
(5)
3 default, upgradeable to 28
Number of VLANs supported
100 per port
R
Ro
ou
uttiin
ng
g
OSPF/BGP dynamic routing
(2)
up to 8 instances each
RIPv1/v2 dynamic routing
(2)
Up to 256 instances
Static routes
8,192
Source Based Routing, Source Interface Based Routing
Yes
Equal cost multi-path routing
Yes
H
Hiig
gh
h A
Av
va
aiilla
ab
biilliittyy ((H
HA
A))
Active/Active
Yes
Active/Passive
Yes
Redundant Interfaces
Yes
Configuration synchronization
Yes
Session synchronization for firewall and VPN
Yes
Device failure detection
Yes
Link failure detection
Yes
Authentication for new HA members
Yes
Encryption of HA traffic
Yes
LDAP and RADIUS server failover
Yes
V
Vo
oIIP
P
H.323 ALG
Yes
SIP ALG
Yes
SCCP ALG
Yes
MGCP ALG
Yes
NAT for H.323/SIP/MGCP/SCCP
Yes
IIP
P A
Ad
dd
drre
es
ss
s A
As
ss
siig
gn
nm
me
en
ntt
Static
Yes
DHCP, PPPoE client
No
Internal DHCP server
No
DHCP Relay
Yes
The NetScreen-500 is a purpose-built, security system designed to provide a flexible, high performance
solution for medium and large enterprise central sites and service providers. The NetScreen-500
security system integrates firewall, DoS, VPN and traffic management functionality in a low-profile,
modular chassis. It provides high levels of total throughput for firewall and VPN plus support for virtual
systems and security zones. Combined with a flexible and resilient hardware architecture incorporating
modular physical interfaces, redundant power supplies, fans and high availability interfaces, the
NetScreen-500 exceeds most enterprises’ typical traffic conditions. It is well suited to match the peak
load and strong deterrence requirements of the most demanding environments.
solution for medium and large enterprise central sites and service providers. The NetScreen-500
security system integrates firewall, DoS, VPN and traffic management functionality in a low-profile,
modular chassis. It provides high levels of total throughput for firewall and VPN plus support for virtual
systems and security zones. Combined with a flexible and resilient hardware architecture incorporating
modular physical interfaces, redundant power supplies, fans and high availability interfaces, the
NetScreen-500 exceeds most enterprises’ typical traffic conditions. It is well suited to match the peak
load and strong deterrence requirements of the most demanding environments.
Page 1
Datasheet
Juniper Networks
NetScreen-500