Catalogs >
Juniper Networks >
NetScreen Series Security Systems

NetScreen Series Security Systems
8Pages

Catalog excerpts

DATASHEET NetScreen Series Security Systems Product Overview The NetScreen Series is a line of purpose-built, high-performance security systems designed for large enterprise, carrier, and data center networks. Architected with both existing and future network design in mind, the NetScreen Series consists of two platforms: the 2-slot NetScreen-5200 and the 4-slot NetScreen-5400. Integrating firewall, VPN, traffic management functionality, Denial of Service (DoS) and Distributed Denial of Service (DDoS) protection in a low profile modular chassis, the NetScreen Series delivers scalable performance for the most demanding network environments. Product Description The Juniper Networks® NetScreen Series Security Systems are ideally suited for large enterprise network backbones, including: • Departmental or campus segmentation • Enterprise data centers for securing high-density server environments • Carrier-based managed services or core infrastructure Offering excellent scalability and flexibility while providing high levels of security, the NetScreen Series is differentiated by its chassis configuration for fans, power supplies, and number of slots for modules. Both the Juniper Networks NetScreen-5200 and Juniper Networks NetScreen-5400 support secure port modules that offer different throughput and interface options for deployment flexibility. All chassis are designed with hotswappable, redundant fans and power supplies. This enables businesses to maximize device uptime and meet stringent government and industry certifications, such as the rigorous Network Equipment Building System criteria, the requirement for equipment used in the central office in the North American Public Switched Network. Employing a switch fabric for data exchange and separate multi-bus channel for control information, the NetScreen Series can scale up to 30 Gbps firewall and 15 Gbps 3DES/AES VPN. It provides low-latency performance for all packet sizes and is ideal for multimedia, VoIP, and other streaming media applications. Juniper Networks delivers all the components necessary to build and secure a highly available infrastructure. Redundant links for full-mesh topologies, sub-second stateful fail-over, path monitoring, and a secured control protocol all join to provide complete resilience for the security layer. The NetScreen Series also supports Juniper Networks virtual systems capability, with capacity up to 500 virtual systems. Virtual systems allow a single security device to be partitioned logically into multiple security domains, each with a unique virtual router, policy set, address book, and administrative login. Virtual systems can be used with physical interfaces, as well as VLAN tagged interfaces bound to any interface, with multiple security zones supported within each virtual system. 1

Open the catalog to page 1

Whether the requirement is high-capacity session/tunnel aggregation, high-performance small-packet throughput, a high degree of system virtualization or a high degree of physical segmentation, the NetScreen Series is the ideal platform for large enterprise and carrier grade networks. The additional benefits associated with lower total cost of ownership and the ability to meet future service or application requirements make the NetScreen Series firewall/VPN the clear choice for network security operations. Juniper Networks further expands overall system functionality and performance by...

Open the catalog to page 2

ScreenOS8 Software version tested Firewall performance (large packets)2 Firewall performance (small packets) Firewall Packets Per Second (64 byte) Maximum security policies Maximum users supported Network Connectivity Interface expansion slots Network attack detection Yes Denial of Service (DoS) and Distributed Denial of Yes Service (DDoS) protection TCP reassembly for fragmented packet protection Yes Brute force attack mitigation Yes Malformed packet protection Yes Unified Threat Management / Content Security4 PS (Deep Inspection firewall) Yes Protocol anomaly detection Yes Stateful...

Open the catalog to page 3

Specifications (continued) NetScreen-5200 NetScreen-5400 VoIP Security H.323 ALG Yes Yes SIP ALG Yes Yes MGCP ALG Yes Yes SCCP ALG Yes Yes NAT for VoIP protocols Yes Yes Concurrent VPN tunnels3 Up to 25,000 Up to 25,000 Tunnel interfaces IPsec VPN Up to 8,191 Up to 8,191 DES (56-bit), 3DES (168-bit) and AES encryption Yes Yes MD-5 and SHA-1 authentication Yes Yes 3 Manual key, IKE, PKI (X.509), IKEv2 with EAP Yes Yes Perfect forward secrecy (DH Groups) 1,2,5 1,2,5 Prevent replay attack Yes Yes Remote access VPN Yes Yes L2TP within IPsec Yes Yes IPsec NAT traversal Yes Yes Redundant VPN...

Open the catalog to page 4

Specifications (continued) NetScreen-5200 NetScreen-5400 Routing (continued) RIP v1/v2 instances Up to 512 Up to 512 RIP v2 routes 30,000 30,000 Dynamic routing Yes Yes Static routes 30,000 30,000 Source-based routing Yes Yes Policy-based routing Yes Yes ECMP Yes Yes Multicast Yes Yes Reverse Path Forwarding (RPF) Yes Yes IGMP (v1, v2) Yes Yes IGMP Proxy Yes Yes PIM SM Yes Yes PIM SSM Yes Yes Multicast inside IPsec tunnel Yes Yes Syn-Cookie and Syn-Proxy DoS Attack Detection Yes Yes SIP, RTSP, Sun-RPC, and MS-RPC ALG’s Yes Yes Dual stack IPv4/IPv6 firewall and VPN Yes Yes IPv4 to/from IPv6...

Open the catalog to page 5

Specifications (continued) Traffic Management Quality of Service (QoS) Maximum bandwidth Yes - per physical interface only ngress traffic policing No DiffServ marking Yes - per policy Link aggregation up to 4 ports 8G2 SPM only Yes - per physical interface only Redundant interfaces Configuration synchronization Session synchronization for firewall and VPN Session failover for routing change Device failure detection Link failure detection LDAP and RADIUS server failover System Management WebUI (HTTP and HTTPS) Yes Command line interface (console) Yes Command line interface (telnet) Yes...

Open the catalog to page 6

Specifications (continued) NetScreen-5200 NetScreen-5400 External Flash Additional log storage Supports 1 GB or 2 GB industrial-grade SanDisk Supports 1 GB or 2 GB industrial-grade SanDisk Event logs and alarms Yes Yes System configuration script Yes Yes ScreenOS Software Yes Yes Dimensions (W x H x D) 17.5 X 3.4 X 20 in (44.5 X 8.6 X 50.8 cm) 17.5 X 8.6 X 14 in (44.5 X 21.8 X 35.6 cm) Weight 37 lb / 17 kg 45 lb / 20 kg Rack mountable Yes, 2U Yes, 5U Power supply (AC) Yes, redundant, 100-240 VAC Yes, redundant, 100-240 VAC Dimensions and Power Power supply (DC) Yes, redundant, -36 to -60...

Open the catalog to page 7

NetScreen Series Security Systems 8Pages

Catalog excerpts

All Juniper Networks catalogs and technical brochures

NetScreen Series Security Systems
8Pages