Download pdf - Juniper Netscreen 25 50

DatasheetPage

Juniper Networks NetScreen-25/50The Juniper Networks NetScreen-25 and NetScreen-50 offer a complete security solution for enterprise branch and remote offices as well as small and medium size companies. Featuring four auto-sensing 10/100 Ethernet ports, the NetScreen-25 and NetScreen-50 provide solutions for perimeter security with multiple DMZs, VPNs for wireless LAN security, or protection of internal networks. The NetScreen-25 has the same number of Ethernet interfaces and offers 100 Mbps of firewall and 20 Mbps of 3DES or AES VPN performance, with support for 32,000 concurrent sessions and 125 VPN tunnels. The NetScreen-50 is a high performance security appliance, offering 170 Mbps of firewall and 45 Mbps of 3DES or AES VPN performance, with support for 64,000 concurrent sessions and 500 VPN tunnels.

JuniperNetworks JuniperNetworks NetScreen-251) NetScreen-501)

MaximumPerformanceandCapacity(1)

ScreenOSversionsupport ScreenOS5.4 ScreenOS5.4 Firewallperformance 100Mbps 170Mbps 3DES+SHA-1performance 20Mbps 45Mbps Concurrentsessions 32,000 64,000 Newsessions/second 4,000 5,000 Policies 500 1,000 Interfaces 410/100Base-T 410/100Base-T

ModeofOperation Layer2mode(transparentmode)(2) Yes Yes Layer3mode(routeand/orNATmode) Yes Yes NAT(NetworkAddressTranslation) Yes Yes PAT(PortAddressTranslation) Yes Yes Policy-basedNAT Yes Yes VirtualIP 2 2 MappedIP 500 500 MIP/VIPGrouping Yes Yes Userssupported Unrestricted Unrestricted

Firewall Numberofnetworkattacksdetected 31 31 Networkattackdetection Yes Yes DoSandDDoSprotections Yes Yes TCPreassemblyforfragmentedpacketprotection Yes Yes Malformedpacketprotections Yes Yes IPS(DeepInspectionFW) Yes Yes Protocolanomaly Yes Yes Statefulprotocolsignatures Yes Yes ContentInspection Yes Yes Embeddedantivirus No No EmbeddedAnti-Spam Yes Yes MaliciousWebfiltering upto48URLs upto48URLs ExternalWebfiltering(WebsenseorSurfControl) Yes Yes IntegratedWebfiltering Yes Yes Bruteforceattackmitigation Yes Yes DeepInspection(DI)attackpatternobfuscation Yes Yes Zone-basedIPspoofing Yes Yes

VPN ConcurrentVPNtunnels 125 500 Tunnelinterfaces 25 50 DES(56-bit),3DES(168-bit)andAESencryption Yes Yes ManualKey,IKE,PKI(X.509) Yes Yes Perfectforwardsecrecy(DHGroups) 1,2,5 1,2,5 Preventreplayattack Yes Yes RemoteaccessVPN Yes Yes L2TPwithinIPSec Yes Yes DeadPeerDetection Yes Yes IPSecNATTraversal Yes Yes RedundantVPNgateways Yes Yes VPNtunnelmonitor Yes Yes


FirewallandVPNUserAuthentication Built-in(internal)database-userlimit upto250 Upto250 3rdPartyuserauthentication RADIUS,RSA RADIUS,RSA SecurID,andLDAP SecurID,andLDAP XAUTHVPNauthentication Yes Yes Web-basedauthentication Yes Yes

PKISupport PKICertificaterequests(PKCS7andPKCS10) Yes Yes Automatedcertificateenrollment(SCEP) Yes Yes OnlineCertificateStatusProtocol(OCSP) Yes Yes SelfSignedCertificates Yes Yes CertificateAuthoritiesSupported Verisign Yes Yes Entrust Yes Yes Microsoft Yes Yes RSAKeon Yes Yes iPlanet(Netscape) Yes Yes Baltimore Yes Yes DODPKI Yes Yes

Logging/Monitoring Syslog(multipleservers) External,upto External,upto 4servers 4servers E-mail(2addresses) Yes Yes NetIQWebTrends External External SNMP(v1,v2) Yes Yes StandardandcustomMIB Yes Yes Traceroute Yes Yes Atsessionstartandend Yes Yes

Virtualization Customsecurityzones 4 4 Virtualrouters(VRs) 3 3 VLANssupported 16 16

Routing OSPF/BGPDynamicrouting 3instanceseach 3instanceseach RIPv1/v2Dynamicrouting 3instances 3instances Staticroutes 2.048 2,048 SourceBasedRouting,SourceInterfaceBasedRouting Yes Yes Equalcostmulti-pathrouting Yes Yes

HighAvailability(HA) HAmode HALite Active/Passive Firewall/VPNsessionsynchronization No Yes RedundantInterfaces Yes Yes Configurationsynchronization Yes Yes Devicefailuredetection Yes Yes Linkfailuredetection Yes Yes AuthenticationfornewHAmembers Yes Yes EncryptionofHAtraffic Yes Yes

VoIP H.323ALG Yes Yes SCCPALG Yes Yes SIPALG Yes Yes MGCPALG Yes Yes NATforH.323/SIP/SCCP/MGCP Yes Yes

Copyright 2006, Juniper Networks, Inc. All rights reserved. Juniper Networks and the Juniper Networks logo are registered trademarks of Juniper Networks, Inc. in the United States and other countries. All other trademarks, service marks, registered trademarks, or registered service marks in this document are the property of Juniper Networks or their respective owners. All specifications are subject to change without notice. Juniper Networks assumes no responsibility for any inaccuracies in this document or for any obligation to update information in this document. Juniper Networks reserves the right to change, modify, transfer, or otherwise revise this publication without notice.

CORPORATE HEADQUARTERS

AND SALES HEADQUARTERS

FOR NORTH AND SOUTH AMERICA

Juniper Networks, Inc.

94 North Mathilda Avenue

Sunnyvale, CA 94089 USA

Phone: 888-JUNIPER (888-586-4737)

or 408-745-2000

Fax: 408-745-200

www.juniper.net

EAST COAST OFFICE

Juniper Networks, Inc.

0 Technology Park Drive

Westford, MA 0886-346 USA

Phone: 978-589-5800

Fax: 978-589-0800

ASIA PACIFIC REGIONAL

SALES HEADQUARTERS

Juniper Networks (Hong Kong) Ltd.

Suite 2507-, Asia Pacific Finance Tower

Citibank Plaza, 3 Garden Road

Central, Hong Kong

Phone: 852-2332-3636

Fax: 852-2574-7803

EUROPE, MIDDLE EAST, AFRICA

REGIONAL SALES HEADQUARTERS

Juniper Networks (UK) Limited

Juniper House

Guildford Road

Leatherhead

Surrey, KT22 9JH, U. K.

Phone: 44(0)-372-385500

Fax: 44(0)-372-38550

Page 2

0003-00 Sept 2006


IPAddressAssignment Static Yes Yes DHCP,PPPoEclient Yes Yes InternalDHCPserver Yes Yes DHCPRelay Yes Yes

SystemManagement WebUI(HTTPandHTTPS) Yes Yes CommandLineInterface(console) Yes Yes CommandLineInterface(telnet) Yes Yes CommandLineInterface(SSH) Yes,v1.5and Yes,v1.5and v2.0compatible v2.0compatible NetScreen-SecurityManager Yes Yes AllmanagementviaVPNtunnelonanyinterface Yes Yes SNMPFullCustomMIB Yes Yes Rapiddeployment Yes Yes

Administration Localadministratorsdatabase 20 20 Externaladministratordatabase RADIUS/LDAP/ RADIUS/LDAP/ SecurID SecurID Restrictedadministrativenetworks 6 6 RootAdmin,Admin,andReadOnlyuserlevels Yes Yes Softwareupgrades TFTP/ TFTP/ WebUI/SCP/NSM WebUI/SCP/NSM ConfigurationRoll-back Yes Yes

TrafficManagement Guaranteedbandwidth Yes Yes Maximumbandwidth Yes Yes IngressTrafficPolicing Yes Yes Priority-bandwidthutilization Yes Yes DiffServstamp Yes Yes

ExternalFlash CompactFlash Supports96,128or Supports96,128or 512MBIndustrial 512MBIndustrial GradeSanDisk GradeSanDisk Eventlogsandalarms Yes Yes Systemconfigscript Yes Yes ScreenOSsoftware Yes Yes

DimensionsandPower Dimensions(H/W/L) 1.73/17.5/10.8inches 1.73/17.5/10.8inches Weight 8lbs. 8lbs. Rackmountable 19standard,23 19standard,23 optional optional PowerSupply(AC) 90to264VAC,45watts 90to264VAC,45watts PowerSupply(DC) -36to-72VDC,50watts -36to-72VDC,50watts

CertificationsSafetyCertifications UL,CUL,CSA,CBEMCCertifications FCCclassA,BSMIClassA,CEclassA,C-Tick,VCCIclassA

Environment Operationaltemperature:23to122F,-5to50C Non-operationaltemperature:-4to158F,-20to70C Humidity:10to90%non-condensing

MTBF(Bellcoremodel) NetScreen-25:8.1years,NetScreen-50:8.1years

SecurityCertifications(Advancedmodelsonly) CommonCriteria:EAL4andEAL4+

Licensing Options:TheNetScreen-25andNetScreen-50arebothavailablewithtwolicens-ingoptionstoprovidetwodifferentlevelsoffunctionalityandcapacity.Advanced Models:TheAdvancedsoftwarelicenseprovidesallofthefeaturesandcapaci-tieslistedwithinthisspecsheet.Baseline Models: TheBaselinesoftwarelicenseprovidesanentry-levelsolutionforcus-tomerenvironmentswherefeaturessuchasDeepInspection,OSPFandBGPdynamicrouting,advancedHighAvailabilty,andfullcapacityarenotcriticalrequirements.Thefol-lowingtableshowsthefeaturesandcapacitiesthataredifferentthantheAdvancedmodels:

NetScreen-25 Baseline NetScreen-50 Baseline

Sessions 24,000 48,000Site-to-sitetunnels 50 150RemoteAccessTunnels Sharedw/site-to-site Sharedw/site-to-siteDeepInspectionFirewall N/A N/AVLANs 0 0OSPF/BGP N/A N/AHighAvailability(HA) HALite* HALite* NetScreenSecurityManager Supported Supported

*HALiteprovidesconfigurationsynchronizationonly(doesnotprovidesessionortunnelsynchronization)

Ordering Information Product Part Number

JuniperNetworksNetScreen-50w/ACpowersupplyNetScreen-50 USpowercord NS-050-001NetScreen-50f* USpowercord NS-050-101NetScreen-50 UKpowercord NS-050-003NetScreen-50f* UKpowercord NS-050-103NetScreen-50 Europeanpowercord NS-050-005NetScreen-50f* Europeanpowercord NS-050-105NetScreen-50 Japanesepowercord NS-050-007NetScreen-50f* Japanesepowercord NS-050-107*fproductsdonotincludeVPNfunctionality(internationalonly)

JuniperNetworksNetScreen-50w/DCpowersupplyNetScreen-50 w/DCpowersupplyDCpower NS-050-001-DC

JuniperNetworksNetScreen-25w/ACpowersupplyNetScreen-25 USpowercord NS-025-001NetScreen-25 UKpowercord NS-025-003NetScreen-25 Europeanpowercord NS-025-005NetScreen-25 Japanesepowercord NS-025-007

BaselineProductsNetScreen-50Baseline USpowercord NS-050B-001NetScreen-50Baseline UKpowercord NS-050B-003NetScreen-50Baseline Europeanpowercord NS-050B-005NetScreen-50Baseline Japanesepowercord NS-050B-007NetScreen-50BaselinetoAdvancedUpgrade NS-050-UPG-ANetScreen-25Baseline USpowercord NS-025B-001NetScreen-25Baseline UKpowercord NS-025B-003NetScreen-25Baseline Europeanpowercord NS-025B-005NetScreen-25Baseline Japanesepowercord NS-025B-007NetScreen-25BaselinetoAdvancedUpgrade NS-025-UPG-A

(1)Performance,capacityandfeatureslistedarebaseduponsystemsrunningScreenOS5.4andarethemeasuredmaximumsunderidealtestingconditionsunlessotherwisenoted.ActualresultsmayvarybasedonScreenOSreleaseandbydeployment.

(2)ThefollowingfeaturesarenotsupportedinLayer2(transparentmode):NAT,PAT,policybasedNAT,virtualIP,mappedIP,VLANs,OSPF,BGP,RIPv2,Active/ActiveHA,andIPaddressassignment.