DatasheetPage
Juniper Networks NetScreen-25/50The Juniper Networks
NetScreen-25 and NetScreen-50 offer a complete security solution
for enterprise branch and remote offices as well as small and
medium size companies. Featuring four auto-sensing 10/100 Ethernet
ports, the NetScreen-25 and NetScreen-50 provide solutions for
perimeter security with multiple DMZs, VPNs for wireless LAN
security, or protection of internal networks. The NetScreen-25 has
the same number of Ethernet interfaces and offers 100 Mbps of
firewall and 20 Mbps of 3DES or AES VPN performance, with support
for 32,000 concurrent sessions and 125 VPN tunnels. The
NetScreen-50 is a high performance security appliance, offering 170
Mbps of firewall and 45 Mbps of 3DES or AES VPN performance, with
support for 64,000 concurrent sessions and 500 VPN tunnels.
JuniperNetworks JuniperNetworks NetScreen-251)
NetScreen-501)
MaximumPerformanceandCapacity(1)
ScreenOSversionsupport ScreenOS5.4 ScreenOS5.4
Firewallperformance 100Mbps 170Mbps 3DES+SHA-1performance 20Mbps
45Mbps Concurrentsessions 32,000 64,000 Newsessions/second 4,000
5,000 Policies 500 1,000 Interfaces 410/100Base-T 410/100Base-T
ModeofOperation Layer2mode(transparentmode)(2) Yes Yes
Layer3mode(routeand/orNATmode) Yes Yes
NAT(NetworkAddressTranslation) Yes Yes PAT(PortAddressTranslation)
Yes Yes Policy-basedNAT Yes Yes VirtualIP 2 2 MappedIP 500 500
MIP/VIPGrouping Yes Yes Userssupported Unrestricted
Unrestricted
Firewall Numberofnetworkattacksdetected 31 31
Networkattackdetection Yes Yes DoSandDDoSprotections Yes Yes
TCPreassemblyforfragmentedpacketprotection Yes Yes
Malformedpacketprotections Yes Yes IPS(DeepInspectionFW) Yes Yes
Protocolanomaly Yes Yes Statefulprotocolsignatures Yes Yes
ContentInspection Yes Yes Embeddedantivirus No No EmbeddedAnti-Spam
Yes Yes MaliciousWebfiltering upto48URLs upto48URLs
ExternalWebfiltering(WebsenseorSurfControl) Yes Yes
IntegratedWebfiltering Yes Yes Bruteforceattackmitigation Yes Yes
DeepInspection(DI)attackpatternobfuscation Yes Yes
Zone-basedIPspoofing Yes Yes
VPN ConcurrentVPNtunnels 125 500 Tunnelinterfaces 25 50
DES(56-bit),3DES(168-bit)andAESencryption Yes Yes
ManualKey,IKE,PKI(X.509) Yes Yes Perfectforwardsecrecy(DHGroups)
1,2,5 1,2,5 Preventreplayattack Yes Yes RemoteaccessVPN Yes Yes
L2TPwithinIPSec Yes Yes DeadPeerDetection Yes Yes IPSecNATTraversal
Yes Yes RedundantVPNgateways Yes Yes VPNtunnelmonitor Yes Yes
JuniperNetworks JuniperNetworks NetScreen-251)
NetScreen-501)
FirewallandVPNUserAuthentication
Built-in(internal)database-userlimit upto250 Upto250
3rdPartyuserauthentication RADIUS,RSA RADIUS,RSA SecurID,andLDAP
SecurID,andLDAP XAUTHVPNauthentication Yes Yes
Web-basedauthentication Yes Yes
PKISupport PKICertificaterequests(PKCS7andPKCS10) Yes Yes
Automatedcertificateenrollment(SCEP) Yes Yes
OnlineCertificateStatusProtocol(OCSP) Yes Yes
SelfSignedCertificates Yes Yes CertificateAuthoritiesSupported
Verisign Yes Yes Entrust Yes Yes Microsoft Yes Yes RSAKeon Yes Yes
iPlanet(Netscape) Yes Yes Baltimore Yes Yes DODPKI Yes Yes
Logging/Monitoring Syslog(multipleservers) External,upto
External,upto 4servers 4servers E-mail(2addresses) Yes Yes
NetIQWebTrends External External SNMP(v1,v2) Yes Yes
StandardandcustomMIB Yes Yes Traceroute Yes Yes
Atsessionstartandend Yes Yes
Virtualization Customsecurityzones 4 4 Virtualrouters(VRs) 3 3
VLANssupported 16 16
Routing OSPF/BGPDynamicrouting 3instanceseach 3instanceseach
RIPv1/v2Dynamicrouting 3instances 3instances Staticroutes 2.048
2,048 SourceBasedRouting,SourceInterfaceBasedRouting Yes Yes
Equalcostmulti-pathrouting Yes Yes
HighAvailability(HA) HAmode HALite Active/Passive
Firewall/VPNsessionsynchronization No Yes RedundantInterfaces Yes
Yes Configurationsynchronization Yes Yes Devicefailuredetection Yes
Yes Linkfailuredetection Yes Yes AuthenticationfornewHAmembers Yes
Yes EncryptionofHAtraffic Yes Yes
VoIP H.323ALG Yes Yes SCCPALG Yes Yes SIPALG Yes Yes MGCPALG Yes
Yes NATforH.323/SIP/SCCP/MGCP Yes Yes
Copyright 2006, Juniper Networks, Inc. All rights reserved.
Juniper Networks and the Juniper Networks logo are registered
trademarks of Juniper Networks, Inc. in the United States and other
countries. All other trademarks, service marks, registered
trademarks, or registered service marks in this document are the
property of Juniper Networks or their respective owners. All
specifications are subject to change without notice. Juniper
Networks assumes no responsibility for any inaccuracies in this
document or for any obligation to update information in this
document. Juniper Networks reserves the right to change, modify,
transfer, or otherwise revise this publication without notice.
CORPORATE HEADQUARTERS
AND SALES HEADQUARTERS
FOR NORTH AND SOUTH AMERICA
Juniper Networks, Inc.
94 North Mathilda Avenue
Sunnyvale, CA 94089 USA
Phone: 888-JUNIPER (888-586-4737)
or 408-745-2000
Fax: 408-745-200
www.juniper.net
EAST COAST OFFICE
Juniper Networks, Inc.
0 Technology Park Drive
Westford, MA 0886-346 USA
Phone: 978-589-5800
Fax: 978-589-0800
ASIA PACIFIC REGIONAL
SALES HEADQUARTERS
Juniper Networks (Hong Kong) Ltd.
Suite 2507-, Asia Pacific Finance Tower
Citibank Plaza, 3 Garden Road
Central, Hong Kong
Phone: 852-2332-3636
Fax: 852-2574-7803
EUROPE, MIDDLE EAST, AFRICA
REGIONAL SALES HEADQUARTERS
Juniper Networks (UK) Limited
Juniper House
Guildford Road
Leatherhead
Surrey, KT22 9JH, U. K.
Phone: 44(0)-372-385500
Fax: 44(0)-372-38550
Page 2
0003-00 Sept 2006
JuniperNetworks JuniperNetworks NetScreen-251)
NetScreen-501)
IPAddressAssignment Static Yes Yes DHCP,PPPoEclient Yes Yes
InternalDHCPserver Yes Yes DHCPRelay Yes Yes
SystemManagement WebUI(HTTPandHTTPS) Yes Yes
CommandLineInterface(console) Yes Yes CommandLineInterface(telnet)
Yes Yes CommandLineInterface(SSH) Yes,v1.5and Yes,v1.5and
v2.0compatible v2.0compatible NetScreen-SecurityManager Yes Yes
AllmanagementviaVPNtunnelonanyinterface Yes Yes SNMPFullCustomMIB
Yes Yes Rapiddeployment Yes Yes
Administration Localadministratorsdatabase 20 20
Externaladministratordatabase RADIUS/LDAP/ RADIUS/LDAP/ SecurID
SecurID Restrictedadministrativenetworks 6 6
RootAdmin,Admin,andReadOnlyuserlevels Yes Yes Softwareupgrades
TFTP/ TFTP/ WebUI/SCP/NSM WebUI/SCP/NSM ConfigurationRoll-back Yes
Yes
TrafficManagement Guaranteedbandwidth Yes Yes Maximumbandwidth
Yes Yes IngressTrafficPolicing Yes Yes
Priority-bandwidthutilization Yes Yes DiffServstamp Yes Yes
ExternalFlash CompactFlash Supports96,128or Supports96,128or
512MBIndustrial 512MBIndustrial GradeSanDisk GradeSanDisk
Eventlogsandalarms Yes Yes Systemconfigscript Yes Yes
ScreenOSsoftware Yes Yes
DimensionsandPower Dimensions(H/W/L) 1.73/17.5/10.8inches
1.73/17.5/10.8inches Weight 8lbs. 8lbs. Rackmountable 19standard,23
19standard,23 optional optional PowerSupply(AC) 90to264VAC,45watts
90to264VAC,45watts PowerSupply(DC) -36to-72VDC,50watts
-36to-72VDC,50watts
CertificationsSafetyCertifications
UL,CUL,CSA,CBEMCCertifications
FCCclassA,BSMIClassA,CEclassA,C-Tick,VCCIclassA
Environment Operationaltemperature:23to122F,-5to50C
Non-operationaltemperature:-4to158F,-20to70C
Humidity:10to90%non-condensing
MTBF(Bellcoremodel)
NetScreen-25:8.1years,NetScreen-50:8.1years
SecurityCertifications(Advancedmodelsonly)
CommonCriteria:EAL4andEAL4+
Licensing
Options:TheNetScreen-25andNetScreen-50arebothavailablewithtwolicens-ingoptionstoprovidetwodifferentlevelsoffunctionalityandcapacity.Advanced
Models:TheAdvancedsoftwarelicenseprovidesallofthefeaturesandcapaci-tieslistedwithinthisspecsheet.Baseline
Models:
TheBaselinesoftwarelicenseprovidesanentry-levelsolutionforcus-tomerenvironmentswherefeaturessuchasDeepInspection,OSPFandBGPdynamicrouting,advancedHighAvailabilty,andfullcapacityarenotcriticalrequirements.Thefol-lowingtableshowsthefeaturesandcapacitiesthataredifferentthantheAdvancedmodels:
NetScreen-25 Baseline NetScreen-50 Baseline
Sessions 24,000 48,000Site-to-sitetunnels 50
150RemoteAccessTunnels Sharedw/site-to-site
Sharedw/site-to-siteDeepInspectionFirewall N/A N/AVLANs 0 0OSPF/BGP
N/A N/AHighAvailability(HA) HALite* HALite*
NetScreenSecurityManager Supported Supported
*HALiteprovidesconfigurationsynchronizationonly(doesnotprovidesessionortunnelsynchronization)
Ordering Information Product Part Number
JuniperNetworksNetScreen-50w/ACpowersupplyNetScreen-50
USpowercord NS-050-001NetScreen-50f* USpowercord
NS-050-101NetScreen-50 UKpowercord NS-050-003NetScreen-50f*
UKpowercord NS-050-103NetScreen-50 Europeanpowercord
NS-050-005NetScreen-50f* Europeanpowercord NS-050-105NetScreen-50
Japanesepowercord NS-050-007NetScreen-50f* Japanesepowercord
NS-050-107*fproductsdonotincludeVPNfunctionality(internationalonly)
JuniperNetworksNetScreen-50w/DCpowersupplyNetScreen-50
w/DCpowersupplyDCpower NS-050-001-DC
JuniperNetworksNetScreen-25w/ACpowersupplyNetScreen-25
USpowercord NS-025-001NetScreen-25 UKpowercord
NS-025-003NetScreen-25 Europeanpowercord NS-025-005NetScreen-25
Japanesepowercord NS-025-007
BaselineProductsNetScreen-50Baseline USpowercord
NS-050B-001NetScreen-50Baseline UKpowercord
NS-050B-003NetScreen-50Baseline Europeanpowercord
NS-050B-005NetScreen-50Baseline Japanesepowercord
NS-050B-007NetScreen-50BaselinetoAdvancedUpgrade
NS-050-UPG-ANetScreen-25Baseline USpowercord
NS-025B-001NetScreen-25Baseline UKpowercord
NS-025B-003NetScreen-25Baseline Europeanpowercord
NS-025B-005NetScreen-25Baseline Japanesepowercord
NS-025B-007NetScreen-25BaselinetoAdvancedUpgrade NS-025-UPG-A
(1)Performance,capacityandfeatureslistedarebaseduponsystemsrunningScreenOS5.4andarethemeasuredmaximumsunderidealtestingconditionsunlessotherwisenoted.ActualresultsmayvarybasedonScreenOSreleaseandbydeployment.
(2)ThefollowingfeaturesarenotsupportedinLayer2(transparentmode):NAT,PAT,policybasedNAT,virtualIP,mappedIP,VLANs,OSPF,BGP,RIPv2,Active/ActiveHA,andIPaddressassignment.
