DatasheetPage
Juniper Networks NetScreen-25/50The Juniper Networks NetScreen-25 and NetScreen-50 offer a complete security solution for enterprise branch and remote offices as well as small and medium size companies. Featuring four auto-sensing 10/100 Ethernet ports, the NetScreen-25 and NetScreen-50 provide solutions for perimeter security with multiple DMZs, VPNs for wireless LAN security, or protection of internal networks. The NetScreen-25 has the same number of Ethernet interfaces and offers 100 Mbps of firewall and 20 Mbps of 3DES or AES VPN performance, with support for 32,000 concurrent sessions and 125 VPN tunnels. The NetScreen-50 is a high performance security appliance, offering 170 Mbps of firewall and 45 Mbps of 3DES or AES VPN performance, with support for 64,000 concurrent sessions and 500 VPN tunnels.
JuniperNetworks JuniperNetworks NetScreen-251) NetScreen-501)
MaximumPerformanceandCapacity(1)
ScreenOSversionsupport ScreenOS5.4 ScreenOS5.4 Firewallperformance 100Mbps 170Mbps 3DES+SHA-1performance 20Mbps 45Mbps Concurrentsessions 32,000 64,000 Newsessions/second 4,000 5,000 Policies 500 1,000 Interfaces 410/100Base-T 410/100Base-T
ModeofOperation Layer2mode(transparentmode)(2) Yes Yes Layer3mode(routeand/orNATmode) Yes Yes NAT(NetworkAddressTranslation) Yes Yes PAT(PortAddressTranslation) Yes Yes Policy-basedNAT Yes Yes VirtualIP 2 2 MappedIP 500 500 MIP/VIPGrouping Yes Yes Userssupported Unrestricted Unrestricted
Firewall Numberofnetworkattacksdetected 31 31 Networkattackdetection Yes Yes DoSandDDoSprotections Yes Yes TCPreassemblyforfragmentedpacketprotection Yes Yes Malformedpacketprotections Yes Yes IPS(DeepInspectionFW) Yes Yes Protocolanomaly Yes Yes Statefulprotocolsignatures Yes Yes ContentInspection Yes Yes Embeddedantivirus No No EmbeddedAnti-Spam Yes Yes MaliciousWebfiltering upto48URLs upto48URLs ExternalWebfiltering(WebsenseorSurfControl) Yes Yes IntegratedWebfiltering Yes Yes Bruteforceattackmitigation Yes Yes DeepInspection(DI)attackpatternobfuscation Yes Yes Zone-basedIPspoofing Yes Yes
VPN ConcurrentVPNtunnels 125 500 Tunnelinterfaces 25 50 DES(56-bit),3DES(168-bit)andAESencryption Yes Yes ManualKey,IKE,PKI(X.509) Yes Yes Perfectforwardsecrecy(DHGroups) 1,2,5 1,2,5 Preventreplayattack Yes Yes RemoteaccessVPN Yes Yes L2TPwithinIPSec Yes Yes DeadPeerDetection Yes Yes IPSecNATTraversal Yes Yes RedundantVPNgateways Yes Yes VPNtunnelmonitor Yes Yes
JuniperNetworks JuniperNetworks NetScreen-251) NetScreen-501)
FirewallandVPNUserAuthentication Built-in(internal)database-userlimit upto250 Upto250 3rdPartyuserauthentication RADIUS,RSA RADIUS,RSA SecurID,andLDAP SecurID,andLDAP XAUTHVPNauthentication Yes Yes Web-basedauthentication Yes Yes
PKISupport PKICertificaterequests(PKCS7andPKCS10) Yes Yes Automatedcertificateenrollment(SCEP) Yes Yes OnlineCertificateStatusProtocol(OCSP) Yes Yes SelfSignedCertificates Yes Yes CertificateAuthoritiesSupported Verisign Yes Yes Entrust Yes Yes Microsoft Yes Yes RSAKeon Yes Yes iPlanet(Netscape) Yes Yes Baltimore Yes Yes DODPKI Yes Yes
Logging/Monitoring Syslog(multipleservers) External,upto External,upto 4servers 4servers E-mail(2addresses) Yes Yes NetIQWebTrends External External SNMP(v1,v2) Yes Yes StandardandcustomMIB Yes Yes Traceroute Yes Yes Atsessionstartandend Yes Yes
Virtualization Customsecurityzones 4 4 Virtualrouters(VRs) 3 3 VLANssupported 16 16
Routing OSPF/BGPDynamicrouting 3instanceseach 3instanceseach RIPv1/v2Dynamicrouting 3instances 3instances Staticroutes 2.048 2,048 SourceBasedRouting,SourceInterfaceBasedRouting Yes Yes Equalcostmulti-pathrouting Yes Yes
HighAvailability(HA) HAmode HALite Active/Passive Firewall/VPNsessionsynchronization No Yes RedundantInterfaces Yes Yes Configurationsynchronization Yes Yes Devicefailuredetection Yes Yes Linkfailuredetection Yes Yes AuthenticationfornewHAmembers Yes Yes EncryptionofHAtraffic Yes Yes
VoIP H.323ALG Yes Yes SCCPALG Yes Yes SIPALG Yes Yes MGCPALG Yes Yes NATforH.323/SIP/SCCP/MGCP Yes Yes
Copyright 2006, Juniper Networks, Inc. All rights reserved. Juniper Networks and the Juniper Networks logo are registered trademarks of Juniper Networks, Inc. in the United States and other countries. All other trademarks, service marks, registered trademarks, or registered service marks in this document are the property of Juniper Networks or their respective owners. All specifications are subject to change without notice. Juniper Networks assumes no responsibility for any inaccuracies in this document or for any obligation to update information in this document. Juniper Networks reserves the right to change, modify, transfer, or otherwise revise this publication without notice.
CORPORATE HEADQUARTERS
AND SALES HEADQUARTERS
FOR NORTH AND SOUTH AMERICA
Juniper Networks, Inc.
94 North Mathilda Avenue
Sunnyvale, CA 94089 USA
Phone: 888-JUNIPER (888-586-4737)
or 408-745-2000
Fax: 408-745-200
www.juniper.net
EAST COAST OFFICE
Juniper Networks, Inc.
0 Technology Park Drive
Westford, MA 0886-346 USA
Phone: 978-589-5800
Fax: 978-589-0800
ASIA PACIFIC REGIONAL
SALES HEADQUARTERS
Juniper Networks (Hong Kong) Ltd.
Suite 2507-, Asia Pacific Finance Tower
Citibank Plaza, 3 Garden Road
Central, Hong Kong
Phone: 852-2332-3636
Fax: 852-2574-7803
EUROPE, MIDDLE EAST, AFRICA
REGIONAL SALES HEADQUARTERS
Juniper Networks (UK) Limited
Juniper House
Guildford Road
Leatherhead
Surrey, KT22 9JH, U. K.
Phone: 44(0)-372-385500
Fax: 44(0)-372-38550
Page 2
0003-00 Sept 2006
JuniperNetworks JuniperNetworks NetScreen-251) NetScreen-501)
IPAddressAssignment Static Yes Yes DHCP,PPPoEclient Yes Yes InternalDHCPserver Yes Yes DHCPRelay Yes Yes
SystemManagement WebUI(HTTPandHTTPS) Yes Yes CommandLineInterface(console) Yes Yes CommandLineInterface(telnet) Yes Yes CommandLineInterface(SSH) Yes,v1.5and Yes,v1.5and v2.0compatible v2.0compatible NetScreen-SecurityManager Yes Yes AllmanagementviaVPNtunnelonanyinterface Yes Yes SNMPFullCustomMIB Yes Yes Rapiddeployment Yes Yes
Administration Localadministratorsdatabase 20 20 Externaladministratordatabase RADIUS/LDAP/ RADIUS/LDAP/ SecurID SecurID Restrictedadministrativenetworks 6 6 RootAdmin,Admin,andReadOnlyuserlevels Yes Yes Softwareupgrades TFTP/ TFTP/ WebUI/SCP/NSM WebUI/SCP/NSM ConfigurationRoll-back Yes Yes
TrafficManagement Guaranteedbandwidth Yes Yes Maximumbandwidth Yes Yes IngressTrafficPolicing Yes Yes Priority-bandwidthutilization Yes Yes DiffServstamp Yes Yes
ExternalFlash CompactFlash Supports96,128or Supports96,128or 512MBIndustrial 512MBIndustrial GradeSanDisk GradeSanDisk Eventlogsandalarms Yes Yes Systemconfigscript Yes Yes ScreenOSsoftware Yes Yes
DimensionsandPower Dimensions(H/W/L) 1.73/17.5/10.8inches 1.73/17.5/10.8inches Weight 8lbs. 8lbs. Rackmountable 19standard,23 19standard,23 optional optional PowerSupply(AC) 90to264VAC,45watts 90to264VAC,45watts PowerSupply(DC) -36to-72VDC,50watts -36to-72VDC,50watts
CertificationsSafetyCertifications UL,CUL,CSA,CBEMCCertifications FCCclassA,BSMIClassA,CEclassA,C-Tick,VCCIclassA
Environment Operationaltemperature:23to122F,-5to50C Non-operationaltemperature:-4to158F,-20to70C Humidity:10to90%non-condensing
MTBF(Bellcoremodel) NetScreen-25:8.1years,NetScreen-50:8.1years
SecurityCertifications(Advancedmodelsonly) CommonCriteria:EAL4andEAL4+
Licensing Options:TheNetScreen-25andNetScreen-50arebothavailablewithtwolicens-ingoptionstoprovidetwodifferentlevelsoffunctionalityandcapacity.Advanced Models:TheAdvancedsoftwarelicenseprovidesallofthefeaturesandcapaci-tieslistedwithinthisspecsheet.Baseline Models: TheBaselinesoftwarelicenseprovidesanentry-levelsolutionforcus-tomerenvironmentswherefeaturessuchasDeepInspection,OSPFandBGPdynamicrouting,advancedHighAvailabilty,andfullcapacityarenotcriticalrequirements.Thefol-lowingtableshowsthefeaturesandcapacitiesthataredifferentthantheAdvancedmodels:
NetScreen-25 Baseline NetScreen-50 Baseline
Sessions 24,000 48,000Site-to-sitetunnels 50 150RemoteAccessTunnels Sharedw/site-to-site Sharedw/site-to-siteDeepInspectionFirewall N/A N/AVLANs 0 0OSPF/BGP N/A N/AHighAvailability(HA) HALite* HALite* NetScreenSecurityManager Supported Supported
*HALiteprovidesconfigurationsynchronizationonly(doesnotprovidesessionortunnelsynchronization)
Ordering Information Product Part Number
JuniperNetworksNetScreen-50w/ACpowersupplyNetScreen-50 USpowercord NS-050-001NetScreen-50f* USpowercord NS-050-101NetScreen-50 UKpowercord NS-050-003NetScreen-50f* UKpowercord NS-050-103NetScreen-50 Europeanpowercord NS-050-005NetScreen-50f* Europeanpowercord NS-050-105NetScreen-50 Japanesepowercord NS-050-007NetScreen-50f* Japanesepowercord NS-050-107*fproductsdonotincludeVPNfunctionality(internationalonly)
JuniperNetworksNetScreen-50w/DCpowersupplyNetScreen-50 w/DCpowersupplyDCpower NS-050-001-DC
JuniperNetworksNetScreen-25w/ACpowersupplyNetScreen-25 USpowercord NS-025-001NetScreen-25 UKpowercord NS-025-003NetScreen-25 Europeanpowercord NS-025-005NetScreen-25 Japanesepowercord NS-025-007
BaselineProductsNetScreen-50Baseline USpowercord NS-050B-001NetScreen-50Baseline UKpowercord NS-050B-003NetScreen-50Baseline Europeanpowercord NS-050B-005NetScreen-50Baseline Japanesepowercord NS-050B-007NetScreen-50BaselinetoAdvancedUpgrade NS-050-UPG-ANetScreen-25Baseline USpowercord NS-025B-001NetScreen-25Baseline UKpowercord NS-025B-003NetScreen-25Baseline Europeanpowercord NS-025B-005NetScreen-25Baseline Japanesepowercord NS-025B-007NetScreen-25BaselinetoAdvancedUpgrade NS-025-UPG-A
(1)Performance,capacityandfeatureslistedarebaseduponsystemsrunningScreenOS5.4andarethemeasuredmaximumsunderidealtestingconditionsunlessotherwisenoted.ActualresultsmayvarybasedonScreenOSreleaseandbydeployment.
(2)ThefollowingfeaturesarenotsupportedinLayer2(transparentmode):NAT,PAT,policybasedNAT,virtualIP,mappedIP,VLANs,OSPF,BGP,RIPv2,Active/ActiveHA,andIPaddressassignment.
Top Related