Datasheet

ManualsBrandsJuniper ManualsNetworkingNS-025-001

Datasheet

Page 1

Juniper Networks NetScreen-25/50

The Juniper Networks NetScreen-25 and NetScreen-50 offer a complete security solution for

enterprise branch and remote ofces as well as small and medium size companies. Featuring

four auto-sensing 10/100 Ethernet ports, the NetScreen-25 and NetScreen-50 provide solutions

for perimeter security with multiple DMZs, VPNs for wireless LAN security, or protection of internal

networks. The NetScreen-25 has the same number of Ethernet interfaces and offers 100 Mbps

of rewall and 20 Mbps of 3DES or AES VPN performance, with support for 32,000 concurrent

sessions and 125 VPN tunnels. The NetScreen-50 is a high performance security appliance, offering

170 Mbps of rewall and 45 Mbps of 3DES or AES VPN performance, with support for 64,000

concurrent sessions and 500 VPN tunnels.

Juniper Networks Juniper Networks

NetScreen-25

NetScreen-50

Maximum Performance and Capacity

(1)

ScreenOS version support ScreenOS 5.4 ScreenOS 5.4

Firewall performance 100 Mbps 170 Mbps

3DES+SHA-1 performance 20 Mbps 45 Mbps

Concurrent sessions 32,000 64,000

New sessions/second 4,000 5,000

Policies 500 1,000

Interfaces 4 10/100 Base-T 4 10/100 Base-T

Mode of Operation

Layer 2 mode (transparent mode

)(2)

Yes Yes

Layer 3 mode (route and/or NAT mode) Yes Yes

NAT (Network Address Translation) Yes Yes

PAT (Port Address Translation) Yes Yes

Policy-based NAT Yes Yes

Virtual IP 2 2

Mapped IP 500 500

MIP/VIP Grouping Yes Yes

Users supported Unrestricted Unrestricted

Firewall

Number of network attacks detected 31 31

Network attack detection Yes Yes

DoS and DDoS protections Yes Yes

TCP reassembly for fragmented packet protection Yes Yes

Malformed packet protections Yes Yes

IPS (Deep Inspection FW) Yes Yes

Protocol anomaly Yes Yes

Stateful protocol signatures Yes Yes

Content Inspection Yes Yes

Embedded antivirus No No

Embedded Anti-Spam Yes Yes

Malicious Web ﬁltering up to 48 URLs up to 48 URLs

External Web ﬁltering (Websense or SurfControl) Yes Yes

Integrated Web ﬁltering Yes Yes

Brute force attack mitigation Yes Yes

Deep Inspection (DI) attack pattern obfuscation Yes Yes

Zone-based IP spooﬁng Yes Yes

VPN

Concurrent VPN tunnels 125 500

Tunnel interfaces 25 50

DES (56-bit), 3DES (168-bit) and AES encryption Yes Yes

Manual Key, IKE, PKI (X.509) Yes Yes

Perfect forward secrecy (DH Groups) 1,2,5 1,2,5

Prevent replay attack Yes Yes

Remote access VPN Yes Yes

L2TP within IPSec Yes Yes

Dead Peer Detection Yes Yes

IPSec NAT Traversal Yes Yes

Redundant VPN gateways Yes Yes

VPN tunnel monitor Yes Yes

Juniper Networks Juniper Networks

NetScreen-25

NetScreen-50

Firewall and VPN User Authentication

Built-in (internal) database - user limit up to 250 Up to 250

3rd Party user authentication RADIUS, RSA RADIUS, RSA

SecurID, and LDAP SecurID, and LDAP

XAUTH VPN authentication Yes Yes

Web-based authentication Yes Yes

PKI Support

PKI Certiﬁcate requests (PKCS 7 and PKCS 10) Yes Yes

Automated certiﬁcate enrollment (SCEP) Yes Yes

Online Certiﬁcate Status Protocol (OCSP) Yes Yes

Self Signed Certiﬁcates Yes Yes

Certiﬁcate Authorities Supported

Verisign Yes Yes

Entrust Yes Yes

Microsoft Yes Yes

RSA Keon Yes Yes

iPlanet (Netscape) Yes Yes

Baltimore Yes Yes

DOD PKI Yes Yes

Logging/Monitoring

Syslog (multiple servers) External, up to External, up to

4 servers 4 servers

E-mail (2 addresses) Yes Yes

NetIQ WebTrends External External

SNMP (v1, v2) Yes Yes

Standard and custom MIB Yes Yes

Traceroute Yes Yes

At session start and end Yes Yes

Virtualization

Custom security zones 4 4

Virtual routers (VRs) 3 3

VLANs supported 16 16

Routing

OSPF/BGP Dynamic routing 3 instances each 3 instances each

RIPv1/v2 Dynamic routing 3 instances 3 instances

Static routes 2.048 2,048

Source Based Routing, Source Interface Based Routing Yes Yes

Equal cost multi-path routing Yes Yes

High Availability (HA)

HA mode HA Lite Active/Passive

Firewall/VPN session synchronization No Yes

Redundant Interfaces Yes Yes

Conﬁguration synchronization Yes Yes

Device failure detection Yes Yes

Link failure detection Yes Yes

Authentication for new HA members Yes Yes

Encryption of HA trafﬁc Yes Yes

VoIP

H.323 ALG Yes Yes

SCCP ALG Yes Yes

SIP ALG Yes Yes

MGCP ALG Yes Yes

NAT for H.323/SIP/SCCP/MGCP Yes Yes

Summary of content (2 pages)

PAGE 1
Page Datasheet Juniper Networks NetScreen-25/50 The Juniper Networks NetScreen-25 and NetScreen-50 offer a complete security solution for enterprise branch and remote offices as well as small and medium size companies. Featuring four auto-sensing 10/100 Ethernet ports, the NetScreen-25 and NetScreen-50 provide solutions for perimeter security with multiple DMZs, VPNs for wireless LAN security, or protection of internal networks.
PAGE 2
Page IP Address Assignment Static DHCP, PPPoE client Internal DHCP server DHCP Relay Juniper Networks NetScreen-251) Juniper Networks NetScreen-501) Yes Yes Yes Yes Yes Yes Yes Yes System Management WebUI (HTTP and HTTPS) Command Line Interface (console) Command Line Interface (telnet) Command Line Interface (SSH) Yes Yes Yes Yes, v1.5 and v2.