|
JUNIPER NETWORKS CORPORATE SECURE SERVICES GATEWAY OVERVIEW
The Juniper Networks Secure Services Gateway appliances are built on the success of the NetScreen FIrewall/IPSec VPN appliances, offering a purpose built security appliance that delivers a perfect blend of security and LAN/WAN connectivity for regional and branch office deployments. Traffic flowing in and out of an organization is protected from worms, Spyware, Trojans, and malware by a complete set of Unified Threat Management (UTM) subscription services. Network segmentation, dynamic routing and multiple deployment modes simplifies network integration and internal security implementation offering a consolidated firewall and LAN/WAN routing device reducing both capital and operating expendure.
The ease of installation and robust manageability of Juniper's all-in-one security appliances is complimented by its superior reliability and security capability. Without the inherent reliability issues associated with hard disk drives, appliances have proven to be the best long-term solutions when uptime is important. Juniper offers customizable security zones to increase interface density without additional hardware expenditures, lower policy creation costs, contain unauthorized users and attacks and simplify management of firewall/VPNs. This limits the time required to install and maintain the security device and reduces the number of setup steps where security holes are often created. Policy based management allows end-to-end life-cycle managment.
| FEATURE/CAPACITY |
SSG 140 |
SSG 520/SSG 520M |
SSG 550/SSG 550M |
| |
|
 |
 |
| Number of Interfaces |
8x10/100 +
2x10/100/1000 |
4x10/100/1000 |
4x10/100/1000 |
Number Of Physcial Interface
Module Slots (PIMs) |
4 |
6 |
6 |
| WAN Interface Options |
2 x E1, 1 x ISDN BRI S/T, 2 x Serial |
Serial, E1, DS3 |
Serial E1, DS3 |
| Maximum Number of Sessions |
32,000 |
64,000 |
128,000 |
| Maximum number of VPN Tunnels |
125 |
500 |
1000 |
| Maximum Number of Policies |
500 |
1000 |
4000 |
| Maximum number of Virtual Routers |
3 |
5 |
8 |
| High Availability Modes Supported |
Active/Passive or HA Lite |
Active/Passive |
Active/Passive, Active/Active |
| Default Memory/ Max Memory |
256 MB/512 MB
|
256 MB / 1GB
|
256 MB / 1GB |
Unified Threat Management Security Features
A comprehensive set of Unified Threat Management (UTM) security features to protect against network and application level attacks while simultaneously stopping content-based attacks is available by subscription on all the Secure Services Gateway appliances. UTM features include
- Stateful inspection firewall to perform access control and stop network level attacks
- IPS (Deep Inspection Firewall) to stop application level attacks
- Best-in-class antivirus based on Kapersky Lab scanning engine that includes Anti-Phishing, Anti-Spyware, Anti-Adware protection to stop viruses, Trojans and other malware before they damage the network
- Anti-Spam via a partnership with Symantec to block known spammers and phishers
- Web filtering using SurfControl to block access to known malicious download sites or other inappropriate web content
- Site-to-Site IPSec VPN to establish secure communications between offices
- Denial of service (DoS) mitigation capabilities
- Application Layer Gateways for H.323, SIP, SCCP and MGCP to inspect and protect VoIP traffic
JUNIPER NETWORKS NETSCREEN CORPORATE SECURITY APPLIANCE PRODUCT LINE OVERVIEW
First introduced in 2001, the NetScreen integrated security appliances are purpose-built network security appliances that combine firewall, Virtual Private Networking (VPN), and traffic management functions. Utilizing integrated security ASIC technology, all NetScreen security appliances feature very low latency, high throughput IPSec encryption and firewall functions, allowing them to seamlessly integrate into any network. Installation and management of the appliances is easily accomplished via a number of management interfaces including a built-in WebUI, command line interface, or NetScreen's central management solutions.
NetScreen's GigaScreen security ASIC accelerates the firewall policy lookups and encryption and authentication algorithms in hardware. This is a significantly faster approach than a software only approach that relies solely on the CPU. This security-accelerating ASIC is tightly integrated with NetScreen's ScreenOS operating system to eliminate unnecessary software layers and security holes found in other security products built on general-purpose commercial operating systems.
| JUNIPER NETWORKS NETSCREEN-204 / NETSCREEN-208 |
 |
The Juniper Networks NetScreen-200 series includes two corporate network products:-
the NetScreen-204 appliance with four 10/100 interfaces, and
the NetScreen-208 appliance with eight 10/100 interfaces.
Complete with either four or eight auto-sensing 10/100 Base-T Ethernet ports, the NetScreen-200 series performs firewall functions at wire speed (400 Mbps on the NetScreen-204 appliance and 550 Mbps on the NetScreen-208 appliance). Even the most computationally intense applications, such as 3DES and AES encryption, are performed at speeds greater than 200 Mbps. In addition to physical interface density, the NetScreen-200 series optionally supports virtualization, including VLAN support and additional custom security zones and virtual routers. |
| JUNIPER NETWORKS NETSCREEN-25 / NETSCREEN-50 |
 |
The Juniper Networks NetScreen-25 and NetScreen-50 appliances are integrated security devices for coporate branch and remote offices, as well as small to medium-sized companies. They provide solutions for perimeter security with multiple DMZs, VPNs for wireless LAN security, or protection of internal networks. The NetScreen-25 appliance offers 100 Mbps of firewall and 20 Mbps of 3DES or AES VPN performance, with support for 32,000 concurrent sessions, and 125 VPN tunnels. The NetScreen-50 appliance is a high-performance integrated security appliance, offering 170 Mbps of firewall and 45 Mbps of 3DES or AES VPN performance, with support for 64,000 concurrent sessions, and 500 VPN tunnels. |
| Advance Feature/Capacity |
Netscreen-25 |
Netscreen-50 |
Netscreen-204 |
Netscreen-208 |
| Number Of interfaces |
4 10/100 |
4 10/100 |
4 10/100 |
8 10/100 |
Maximum Throughput
|
100M FW
20M 3DES VPN |
170M FW
45M 3DES VPN |
400M FW
200M 3DES VPN |
550M FW
200M 3DES VPN |
| Maximum Number of sessions |
32,000 |
64,000 |
128,000 |
128,000 |
| Maximum number of VPN Tunnels |
125 |
500 |
1000 |
1000 |
| Maximum Number of policies |
500 |
1000 |
4000 |
4000 |
| Maximum number of Virtual Systems |
NA |
NA |
NA |
NA |
| Maximum number of Virtual LANs |
8 |
8 |
32 default, up to 32 additional |
32 default, up to 32 additional |
| Maximum number of Security Zones |
4 |
4 |
4 default, up to 10 additional |
8 default, up to 10 additional |
| Maximum number of Virtual Routers |
3 |
3 |
3 default, up to 5 additional |
3 default, up to 5 additional |
High-Availability Modes Supported
|
HA Lite
|
Active/Passive
|
Active/Passive | Active/Active
|
Active/Passive | Active/Active
Active/Active Full Mesh |
| Routing Protocols Supported |
OSPF, BGP, RIP v1/v2 |
OSPF, BGP, RIP v1/v2 |
OSPF, BGP, RIP v1/v2
|
OSPF, BGP, RIP v1/v2
|
| Deep Inspection |
Yes |
Yes |
Yes |
Yes |
| Integrated / Redirect Web Filtering |
No/Yes |
No/Yes |
No/Yes |
No/Yes |
| |
|
|
|
|
| A Baseline software license is also available as an entry-level solution for customer environments where features such as Deep Inspection, OSPF and BGP dynamic routing, advanced High Availability, and full capacity are not critical requirements. The following table shows the Baseline features and capacities that are different than the Advanced models |
| Baseline Feature/Capacity |
Netscreen-25 |
Netscreen-50 |
Netscreen-204 |
Netscreen-208 |
| Sessions |
24000 |
48000 |
64000 |
64000 |
| Concurrent VPN Tunnels |
50 |
150 |
500 |
500 |
| VLAN'S |
0 |
0 |
0 |
0 |
| Routing Protocols Supported |
RIP v1/v2 |
RIP v1/v2 |
RIP v1/v2 |
RIP v1/v2 |
| High Availability (HA) |
HA Lite* |
HA Lite* |
HA Lite* |
HA Lite* |
| Deep Inspection |
No |
No |
No |
No |
| Integrated /Redirect Web Filtering |
No/Yes |
No/Yes |
No/Yes |
No/Yes |
| Netscreen Security Manager |
Supported |
Supported |
Supported |
Supported |
| |
|
|
|
|
HA Lite provides configuration synchronization only (does not provide session or tunnel synchronization).
NetScreen-204/208 Baseline can be upgraded to support 32 VLANs, 5 additional virtual routers, and 10 additional security zones with purchase of a Virtualization Key. |
XCOMM offers you a complete wrap-around service from design to implementation. Whatever the remote access challenges presented by your
environment, we will find the optimum solution.
To request information on these Juniper products or any other product please click the Information Request menu item.
|
