Datasheet
Datasheet
Page 1
Juniper Networks NetScreen-204/208
The Juniper Networks NetScreen-200 Series is one of the most versatile pair of security appliances
available today. They easily integrate and secure many different network environments, including
medium and large enterprise ofces, e-business sites, data centers, and carrier infrastructure.
Complete with either four or eight auto-sensing 10/100 Base-T Ethernet ports, the NetScreen-200
Series performs rewall functions at wire speed (375 Mbps on the NetScreen-204 and NetScreen-
208). Even the most computationally intense applications, such as 3DES and AES encryption, are
performed at speeds greater than 175 Mbps.
Juniper Networks Juniper Networks
NetScreen-204
(1)
NetScreen-208
(1)
Maximum Performance and Capacity
(1)
ScreenOS version support ScreenOS 5.4 ScreenOS 5.4
Firewall performance 375 Mbps 375 Mbps
3DES+SHA-1 performance 175 Mbps 175 Mbps
Concurrent sessions 128,000
(5)
128,000
(5)
New sessions/second 11,500 11,500
Policies 4,000 4,000
Interfaces 4 10/100 Base-T 8 10/100 Base-T
Juniper Networks
NetScreen-200 Series
(1)
Mode of Operation
Layer 2 mode (transparent mode)(2) Yes
Layer 3 mode (route and/or NAT mode) Yes
NAT (Network Address Translation) Yes
PAT (Port Address Translation) Yes
Policy-based NAT Yes
Virtual IP 4
Mapped IP 4,000
MIP/VIP Grouping Yes
Users supported Unrestricted
Firewall
Number of network attacks detected 31
Network attack detection Yes
DoS and DDoS protections Yes
TCP reassembly for fragmented packet protection Yes
Malformed packet protections Yes
IPS (Deep Inspection FW) Yes
Protocol anomaly Yes
Stateful protocol signatures Yes
Content Inspection Yes
Embedded antivirus No
Embedded Anti-spam Yes
Malicious Web filtering up to 48 URLs
External Web filtering (Websense or SurfControl) Yes
Integrated Web filtering No
Brute force attack mitigation Yes
Deep Inspection (DI) attack pattern obfuscation Yes
SYN cookie Yes
Zone-based IP spoofing Yes
VPN
Concurrent VPN tunnels Up to 1,000
Tunnel interfaces Up to 256
DES (56-bit), 3DES (168-bit) and AES encryption Yes
MD-5 and SHA-1 authentication Yes
Manual Key, IKE, PKI (X.509) Yes
Perfect forward secrecy (DH Groups) 1,2,5
Prevent replay attack Yes
Remote access VPN Yes
L2TP within IPSec Yes
Dead Peer Detection Yes
IPSec NAT Traversal Yes
Redundant VPN gateways Yes
VPN tunnel monitor Y
es
Firewall and VPN User Authentication
Built-in (internal) database - user limit up to 1,500
3rd Party user authentication RADIUS, RSA SecurID, 802.1x and LDAP
XAUTH VPN authentication Yes
Web-based authentication Yes
Juniper Networks
NetScreen-200 Series
(1)
PKI Support
PKI Certificate requests (PKCS 7 and PKCS 10) Yes
Automated certificate enrollment (SCEP) Yes
Online Certificate Status Protocol (OCSP) Yes
Self Signed Certificates Yes
Certificate Authorities Supported
Verisign Yes
Entrust Yes
Microsoft Yes
RSA Keon Yes
iPlanet (Netscape) Yes
Baltimore Yes
DOD PKI Yes
Logging/Monitoring
Syslog (multiple servers) External, up to 4 servers
E-mail (2 addresses) Yes
NetIQ WebTrends External
SNMP (v1, v2) Yes
Standard and custom MIB Yes
Traceroute Yes
At session start and end Yes
Virtualization
Custom security zones 8, 4 on NetScreen-204
Virtual routers (VRs) 3
VLANs supported 32
Virtualization key Optional upgrade: adds 10 security
zones, 5 VRs, and 96 VLANs
Routing
OSPF/BGP Dynamic routing 3 instances each
RIPv1/v2 Dynamic routing Up to 8 instances
Static routes 4096
Source Based Routing, Source Interface Based Routing Yes
Equal cost multi-path routing Yes
High Availability (HA)
Active/Active Yes
Active/Passive Yes
Redundant Interfaces Yes
Configuration synchronization Yes
Session synchronization for firewall and VPN Yes
Session failover for routing change Yes
Device failure detection Yes
Link failure detection Yes
Authentication for new HA members Yes
Encryption of HA traffic Yes
LDAP and RADIUS server failover Yes
VoIP
H.323 ALG Yes
SCCP ALG Yes
SIP ALG Yes
MGCP ALG Yes
NAT for H.323/SIP/SCCP/MGCP Yes
IP Address Assignment
Static Yes
DHCP, PPPoE client Yes
Internal DHCP server Yes
DHCP Relay Yes