Juniper NetScreen-208 NS-208-003 数据表
产品代码
NS-208-003
Datasheet
Page
Juniper Networks NetScreen-204/208
The Juniper Networks NetScreen-200 Series is one of the most versatile pair of security appliances
available today. They easily integrate and secure many different network environments, including
medium and large enterprise offices, e-business sites, data centers, and carrier infrastructure.
Complete with either four or eight auto-sensing 10/100 Base-T Ethernet ports, the NetScreen-200
Series performs firewall functions at wire speed (375 Mbps on the NetScreen-204 and NetScreen-
208). Even the most computationally intense applications, such as 3DES and AES encryption, are
performed at speeds greater than 175 Mbps.
Juniper Networks
Juniper Networks
NetScreen-204
(1)
NetScreen-208
(1)
Maximum Performance and Capacity
(1)
ScreenOS version support
ScreenOS 5.4
ScreenOS 5.4
Firewall performance
375 Mbps
375 Mbps
3DES+SHA-1 performance
175 Mbps
175 Mbps
Concurrent sessions
128,000
(5)
128,000
(5)
New sessions/second
11,500
11,500
Policies
4,000
4,000
Interfaces
4 10/100 Base-T
8 10/100 Base-T
Juniper Networks
NetScreen-200 Series
(1)
Mode of Operation
Layer 2 mode (transparent mode)(2)
Yes
Layer 3 mode (route and/or NAT mode)
Yes
NAT (Network Address Translation)
Yes
PAT (Port Address Translation)
Yes
Policy-based NAT
Yes
Virtual IP
4
Mapped IP
4,000
MIP/VIP Grouping
Yes
Users supported
Unrestricted
Firewall
Number of network attacks detected
31
Network attack detection
Yes
DoS and DDoS protections
Yes
TCP reassembly for fragmented packet protection
Yes
Malformed packet protections
Yes
IPS (Deep Inspection FW)
Yes
Protocol anomaly
Yes
Stateful protocol signatures
Yes
Content Inspection
Yes
Embedded antivirus
No
Embedded Anti-spam
Yes
Malicious Web filtering
up to 48 URLs
External Web filtering (Websense or SurfControl)
Yes
Integrated Web filtering
No
Brute force attack mitigation
Yes
Deep Inspection (DI) attack pattern obfuscation
Yes
SYN cookie
Yes
Zone-based IP spoofing
Yes
VPN
Concurrent VPN tunnels
Up to 1,000
Tunnel interfaces
Up to 256
DES (56-bit), 3DES (168-bit) and AES encryption
Yes
MD-5 and SHA-1 authentication
Yes
Manual Key, IKE, PKI (X.509)
Yes
Perfect forward secrecy (DH Groups)
1,2,5
Prevent replay attack
Yes
Remote access VPN
Yes
L2TP within IPSec
Yes
Dead Peer Detection
Yes
IPSec NAT Traversal
Yes
Redundant VPN gateways
Yes
VPN tunnel monitor
Yes
Firewall and VPN User Authentication
Built-in (internal) database - user limit
up to 1,500
3rd Party user authentication
RADIUS, RSA SecurID, 802.1x and LDAP
XAUTH VPN authentication
Yes
Web-based authentication
Yes
Juniper Networks
NetScreen-200 Series
(1)
PKI Support
PKI Certificate requests (PKCS 7 and PKCS 10)
Yes
Automated certificate enrollment (SCEP)
Yes
Online Certificate Status Protocol (OCSP)
Yes
Self Signed Certificates
Yes
Certificate Authorities Supported
Verisign
Verisign
Yes
Entrust
Yes
Microsoft
Yes
RSA Keon
Yes
iPlanet (Netscape)
Yes
Baltimore
Yes
DOD PKI
Yes
Logging/Monitoring
Syslog (multiple servers)
External, up to 4 servers
E-mail (2 addresses)
Yes
NetIQ WebTrends
External
SNMP (v1, v2)
Yes
Standard and custom MIB
Yes
Traceroute
Yes
At session start and end
Yes
Virtualization
Custom security zones
8, 4 on NetScreen-204
Virtual routers (VRs)
3
VLANs supported
32
Virtualization key
Optional upgrade: adds 10 security
zones, 5 VRs, and 96 VLANs
Routing
OSPF/BGP Dynamic routing
3 instances each
RIPv1/v2 Dynamic routing
Up to 8 instances
Static routes
4096
Source Based Routing, Source Interface Based Routing
Yes
Equal cost multi-path routing
Yes
High Availability (HA)
Active/Active
Yes
Active/Passive
Yes
Redundant Interfaces
Yes
Configuration synchronization
Yes
Session synchronization for firewall and VPN
Yes
Session failover for routing change
Yes
Device failure detection
Yes
Link failure detection
Yes
Authentication for new HA members
Yes
Encryption of HA traffic
Yes
LDAP and RADIUS server failover
Yes
VoIP
H.323 ALG
Yes
SCCP ALG
Yes
SIP ALG
Yes
MGCP ALG
Yes
NAT for H.323/SIP/SCCP/MGCP
Yes
IP Address Assignment
Static
Yes
DHCP, PPPoE client
Yes
Internal DHCP server
Yes
DHCP Relay
Yes