Catalog excerpts
DATASHEET SSG5 AND SSG20 SECURE SERVICES GATEWAYS Product Overview The Juniper Networks SSG5 and SSG20 Secure Services Gateways are purpose-built security appliances that deliver a perfect blend of performance, security, routing and LAN/WAN connectivity for small branch offices, fixed telecommuters and small standalone business deployments. Traffic flowing in and out of the branch office or business is protected from worms, spyware, trojans, and malware by a complete set of Unified Threat Management security features that include stateful firewall, IPsec VPN, intrusion prevention system (IPS), antivirus (includes antispyware, anti-adware, antiphishing), antispam and Web filtering. Product Description The Juniper Networks® SSG5 and SSG20 Secure Services Gateways are high-performance security platforms for small branch office and standalone businesses that want to stop internal and external attacks, prevent unauthorized access and achieve regulatory compliance. Both the SSG5 and SSG20 deliver 160 Mbps of stateful firewall traffic and 40 Mbps of IPsec VPN traffic. Security: Protection against worms, viruses, trojans, spam, and emerging malware is delivered by proven unified threat management (UTM) security features that are backed by best-in-class partners. To address internal security requirements and facilitate regulatory compliance, the SSG5 and SSG20 both support an advanced set of network protection features such as security zones, virtual routers and VLANs that allow administrators to divide the network into distinct secure domains, each with its own unique security policy. Policies protecting each security zone can include access control rules and inspection by any of the supported UTM security features. Regional Office Headquarters Zone A M7i Internet SSG20 Zone C NetScreen-5400 Zone B The SSG20 deployed at a branch office for secure Internet connectivity and site-to-site VPN to corporate headquarters. Internal wired and wireless resources are protected with unique security policies applied to each security zone. 1
Open the catalog to page 1
Connectivity and Routing: The SSG5 has seven on-board 10/100 interfaces with optional fixed WAN ports. The SSG20 has five 10/100 interfaces with two I/O expansion slots for additional WAN connectivity. The broad array of I/O options coupled with WAN protocol and encapsulation support in the routing engine make both the SSG5 and the SSG20 a solution that can easily be deployed as a traditional branch office router or as a consolidated security and routing device to reduce CapEx and OpEx. Both the SSG5 and SSG20 support 802.11 a/b/g as a factory configured option supported by a wide array of...
Open the catalog to page 2
Features and Benefits (continued) Feature Feature Description Benefit Juniper Networks Unified Access Control enforcement point Interacts with the centralized policy management engine (IC Series) to enforce session-specific access control policies using criteria such as user identity, device security state and network location. Improves security posture in a cost-effective manner by leveraging existing customer network infrastructure components and best-in-class technology. Management flexibility Use any one of three mechanisms, command line interface (CLI), WebUI or Juniper Networks...
Open the catalog to page 3
ScreenOS version tested ScreenOS 6.3 Firewall performance (Large packets) 160 Mbps Firewall performance (IMIX)(3) 90 Mbps Firewall packets per second (64 byte) 30,000 PPS Advanced Encryption Standard (AES) 256+SHA-l VPN 40 Mbps 3DES encryption +SHA-1 VPN performance 40 Mbps Maximum concurrent sessions 8,000/16,000 Maximum security policies 200 Maximum users supported Unrestricted Network Connectivity Mini-Physical Interface Module (Mini-PIM) slots Factory configured: RS232 Serial AUX or ISDN Mini-PIMs: lxADSL 2+, lxTl, lxEl, V.92, ISDN Network attack detection TCP reassembly for fragmented...
Open the catalog to page 4
Specifications (continued) SSG5 Base/Extended SSG20 Base/Extended Auto-Connect VPN Yes Yes Concurrent VPN tunnels 25/40 25/40 Tunnel interfaces 10 10 DES encryption (56-bit), 3DES encryption (168-bit) and Advanced Encryption Standard (AES) (256-bit) Yes Yes MD-5 and SHA-1 authentication Yes Yes Manual key, Internet Key Exchange (IKE), IKEv2 with EAP public key infrastructure (PKI) (X.509) Yes Yes Perfect forward secrecy (DH Groups) 1,2,5 1,2,5 Prevent replay attack Yes Yes Remote access VPN Yes Yes Layer2 Tunneling Protocol (L2TP) within IPsec Yes Yes IPsec Network Address Translation (NAT)...
Open the catalog to page 5
Specifications (continued) Routing (continued) Reverse Path Forwarding (RPF) Yes Yes Internet Group Management Protocol (IGMP) (vl,v2) Yes Yes Multicast inside IPsec tunnel Yes Yes ICMP Router Discovery Protocol (IRDP) Yes Yes Multilink Point-to-Point Protocol (MLPPP) N/A Yes Multilink Frame Relay (MLFR) (FRF 15, FRF 16) Yes Yes Dual stack IPv4/IPv6 firewall and VPN Yes Yes IPv4 to/from IPv6 translations and encapsulations Yes Yes Syn-Cookie and Syn-Proxy DoS Attack Detection Yes Yes SIP, RTSP, Sun-RPC, and MS-RPC ALG's Yes Yes Layer 3 (route and/or NAT) mode Yes Yes Address Translation...
Open the catalog to page 6
Specifications (continued) SSG5 Base/Extended SSG20 Base/Extended Active/Active - L3 mode Yes Yes Active/Passive -Transparent & L3 mode Yes Yes Configuration synchronization Yes Yes Session synchronization for firewall and VPN Yes Yes Session failover for routing change Yes Yes VRRP Yes Yes Device failure detection Yes Yes Link failure detection Yes Yes Authentication for new HA members Yes Yes Encryption of HA traffic Yes Yes WebUI (HTTP and HTTPS) Yes Yes Command line interface (console) Yes Yes Command line interface (telnet) Yes Yes Command line interface (SSH) Yes v1.5 and v2.0...
Open the catalog to page 7
Specifications (continued) SSG5 Base/Extended SSG20 Base/Extended Dimensions and Power Dimensions (W x H x D) 8.8 x 1.6 x 5.6 in (22.2 x 4.1 x 14.3 cm) 11.6 x 1.8 x 7.4 in (29.5 x 4.5 x 18.7 cm) Weight 2.1 lb (0.95 kg) 3.3 lb (1.5 kg) Rack mountable Yes Yes Power supply (AC) 100-240 VAC 100-240 VAC Maximum thermal output 122.8 BTU/Hour 122.8 BTU/Hour Safety certifications CSA, CB CSA, CB EMC certifications FCC class B, CE class B, A-Tick, VCCI class B FCC class B, CE class B, A-Tick, VCCI class B Non-wireless 40.5 years 35.8 years Wireless 22.8 years 28.9 years Common Criteria: EAL4 Yes Yes...
Open the catalog to page 8All Juniper Networks catalogs and technical brochures
-
EX2300 ETHERNET SWITCH12 Pages
-
QFX5200 SWITCH13 Pages
-
QFX5210 SWITCH9 Pages
-
EX9250 Ethernet Switch12 Pages
-
EX9200 Ethernet Switch15 Pages
-
EX4650 Ethernet Switch11 Pages
-
EX4600 ETHERNET SWITCH14 Pages
-
EX4300 LINE OF ETHERNET SWITCHES15 Pages
-
EX3400 ETHERNET SWITCH11 Pages
-
AP5502 Pages
-
AP2502 Pages
-
AP150W2 Pages
-
AP245X2 Pages
-
PTX10004 Pages
-
SRX3006 Pages
-
SRX15004 Pages
-
SRX40005 Pages
-
JSA75008 Pages
-
ISG Series11 Pages
-
vSRX6 Pages
-
ACX5007 Pages
-
LN1000 Mobile Secure Router6 Pages
-
JSA Series Secure Analytics12 Pages
-
EX4550 Ethernet Switch12 Pages
-
EX4300 Ethernet Switch12 Pages
-
WLA Series Antenna Matrix2 Pages
-
QFX3100 QFabric Director4 Pages
-
EX Series Ethernet Switches20 Pages
-
QFX3500 Switch12 Pages
-
QFX3600 Switch12 Pages
-
QFabric System12 Pages
-
QFX5100 Ethernet Switch12 Pages
-
Unified Access Control12 Pages
-
DDoS Secure4 Pages
-
LN2600 Rugged Secure Router6 Pages
-
11000186 Pages
-
10001956 Pages
-
10003004 Pages
-
backgrounder4 Pages
-
VXA Series4 Pages
-
SRX1400 Services Gateway8 Pages
-
Security Services Gateways8 Pages
-
T Series Core Routers8 Pages
-
JCS1200 Control System6 Pages
-
J Series Services Routers16 Pages
-
BX7000 Multi-Access Gateway4 Pages
