Juniper SSG-5-SH-MW-KR 数据表
Page
SSG 20
SSG 5
Maximum Performance and Capacity
(1)
ScreenOS version support
ScreenOS 5.4
ScreenOS 5.4
Firewall performance (Large packets)
160 Mbps
160 Mbps
Firewall performance
(2)
(IMIX)
90 Mbps
90 Mbps
Firewall Packets per second (64 byte)
30,000
30,000
VPN performance (3DES+SHA-1)
40 Mbps
40 Mbps
Concurrent sessions
4,000
4,000
New sessions/second
2,800
2,800
Policies
200
200
Users supported
Unrestricted
Unrestricted
Network Connectivity
Fixed I/O
5x 10/100
7x 10/100
Physical Interface Module (Mini-PIM) Slots
2
0
WAN interface options
ADSL2+, T1, E1,
ISDN BRI S/T or
ISDN BRI S/T, V.92
RS-232 Serial/Aux or
(See Mini-PIM datasheets)
V.92
(factory configured)
LAN interface options
None
None
Wireless networking
Dual Radio 802.11a + 802.11b/g (factory configured)
Firewall
Network attack detection
Yes
Yes
DoS and DDoS protection
Yes
Yes
TCP reassembly for fragmented
packet protection
packet protection
Yes
Yes
Malformed packet protection
Yes
Yes
Unified Threat Management/Content Security
(3)
IPS (Deep Inspection FW)
Yes
Yes
Protocol anomaly detection
Yes
Yes
Stateful protocol signatures
Yes
Yes
Antivirus
Yes
Yes
Signature database
100,000+
Protocols scanned
POP3, SMTP, HTTP, IMAP, FTP
Anti-Phishing
Yes
Yes
Anti-Spyware
Yes
Yes
Anti-Adware
Yes
Yes
Anti-Keylogger
Yes
Yes
Anti-Spam
Yes
Yes
Integrated URL filtering
Yes
Yes
External URL filtering
(4)
Yes
Yes
VoIP Security
H.323. ALG
Yes
Yes
SIP ALG
Yes
Yes
SCCP ALG
Yes
Yes
MGCP ALG
Yes
Yes
NAT for SIP, H.323, MGCP, SCCP
Yes
Yes
VPN
Concurrent VPN tunnels
25
25
Tunnel interfaces
10
10
DES (56-bit), 3DES (168-bit)
and AES encryptions
and AES encryptions
Yes
Yes
MD-5 and SHA-1 authentication
Yes
Yes
Manual key, IKE, PKI (X.509)
Yes
Yes
Perfect forward secrecy (DH Groups)
1,2,5
1,2,5
Prevent replay attack
Yes
Yes
Remote access VPN
Yes
Yes
L2TP within IPSec
Yes
Yes
IPSec NAT traversal
Yes
Yes
Redundant VPN gateways
Yes
Yes
SSG 20
SSG 5
Firewall and VPN User Authentication
Built-in (internal) database - user limit
Up to 100
Up to 100
3rd Party user authentication
RADIUS, RSA SecurID, and LDAP
XAUTH VPN authentication
Yes
Yes
Web-based authentication
Yes
Yes
802.1X authentication
Yes
Yes
Mode of Operation
Layer 2 (transparent) mode
(5)
Yes
Yes
Layer 3 (route and/or NAT) mode
Yes
Yes
Address Translation
Network Address Translation (NAT)
Yes
Yes
Port Address Translation (PAT)
Yes
Yes
Policy-based NAT/PAT
Yes
Yes
Mapped IP
Yes
Yes
Virtual IP
Yes
Yes
Routing
BGP
Yes
Yes
OSPF
Yes
Yes
RIPv1/v2
Yes
Yes
Static routes
Yes
Yes
Source-based routing
Yes
Yes
Policy-based routing
Yes
Yes
ECMP
Yes
Yes
Routes
1,024
1,024
Multicast
Yes
Yes
Reverse Forwarding Path (RFP)
Yes
Yes
IGMP (v1, v2)
Yes
Yes
IGMP Proxy
Yes
Yes
PIM SM
Yes
Yes
PIM SSM
Yes
Yes
Mcast inside IPSec Tunnel
Yes
Yes
Encapsulations
PPP
Yes
Yes
MLPPP
Yes
N/A
Frame Relay
Yes
N/A
MLFR (FRF 15, FRF 16)
Yes
N/A
HDLC
Yes
N/A
Traffic Management (QoS)
Guaranteed bandwidth
Yes
Yes
Maximum bandwidth
Yes
Yes
Ingress Traffic Policing
Yes
Yes
Priority-bandwidth utilization
Yes
Yes
DiffServ stamp
Yes, per policy
Yes, per policy
Wi-Fi Multi-Media (WMM)
Yes (with WLAN)
Yes (with WLAN)
System Management
WebUI (HTTP and HTTPS)
Yes
Yes
Command Line Interface (console)
Yes
Yes
Command Line Interface (telnet)
Yes
Yes
Command Line Interface (SSH)
Yes, v1.5 and v2.0 compatible
NetScreen-Security Manager
Yes
Yes
All management via VPN tunnel
on any interface
on any interface
Yes
Yes
SNMP full custom MIB
Yes
Yes
Rapid deployment
Yes
Yes
Logging and Monitoring
Syslog (multiple servers)
External, up to 4 servers
E-mail (2 addresses)
Yes
Yes
NetIQ WebTrends
External
External
SNMP (v2)
Yes
Yes
Traceroute
Yes
Yes
VPN tunnel monitor
Yes
Yes
Juniper Networks Secure Services Gateway 5 and 20