Datasheet
Page 2
SSG 20 SSG 5
Maximum Performance and Capacity
(1)
ScreenOS version support ScreenOS 5.4 ScreenOS 5.4
Firewall performance (Large packets) 160 Mbps 160 Mbps
Firewall performance
(2)
(IMIX) 90 Mbps 90 Mbps
Firewall Packets per second (64 byte) 30,000 30,000
VPN performance (3DES+SHA-1) 40 Mbps 40 Mbps
Concurrent sessions 4,000 4,000
New sessions/second 2,800 2,800
Policies 200 200
Users supported Unrestricted Unrestricted
Network Connectivity
Fixed I/O 5x 10/100 7x 10/100
Physical Interface Module (Mini-PIM) Slots 2 0
WAN interface options ADSL2+, T1, E1, ISDN BRI S/T or
ISDN BRI S/T, V.92 RS-232 Serial/Aux or
(See Mini-PIM datasheets) V.92
(factory configured)
LAN interface options None None
Wireless networking Dual Radio 802.11a + 802.11b/g (factory configured)
Firewall
Network attack detection Yes Yes
DoS and DDoS protection Yes Yes
TCP reassembly for fragmented
packet protection Yes Yes
Malformed packet protection Yes Yes
Unified Threat Management/Content Security
(3)
IPS (Deep Inspection FW) Yes Yes
Protocol anomaly detection Yes Yes
Stateful protocol signatures Yes Yes
Antivirus Yes Yes
Signature database 100,000+
Protocols scanned POP3, SMTP, HTTP, IMAP, FTP
Anti-Phishing Yes Yes
Anti-Spyware Yes Yes
Anti-Adware Yes Yes
Anti-Keylogger Yes Yes
Anti-Spam Yes Yes
Integrated URL filtering Yes Yes
External URL filtering
(4)
Yes Yes
VoIP Security
H.323. ALG Yes Yes
SIP ALG Yes Yes
SCCP ALG Yes Yes
MGCP ALG Yes Yes
NAT for SIP, H.323, MGCP, SCCP Yes Yes
VPN
Concurrent VPN tunnels 25 25
Tunnel interfaces 10 10
DES (56-bit), 3DES (168-bit)
and AES encryptions Yes Yes
MD-5 and SHA-1 authentication Yes Yes
Manual key, IKE, PKI (X.509) Yes Yes
Perfect forward secrecy (DH Groups) 1,2,5 1,2,5
Prevent replay attack Yes Yes
Remote access VPN Yes Yes
L2TP within IPSec Yes Yes
IPSec NAT traversal Yes Yes
Redundant VPN gateways Yes Yes
SSG 20 SSG 5
Firewall and VPN User Authentication
Built-in (internal) database - user limit Up to 100 Up to 100
3rd Party user authentication RADIUS, RSA SecurID, and LDAP
XAUTH VPN authentication Yes Yes
Web-based authentication Yes Yes
802.1X authentication Yes Yes
Mode of Operation
Layer 2 (transparent) mode
(5)
Yes Yes
Layer 3 (route and/or NAT) mode Yes Yes
Address Translation
Network Address Translation (NAT) Yes Yes
Port Address Translation (PAT) Yes Yes
Policy-based NAT/PAT Yes Yes
Mapped IP Yes Yes
Virtual IP Yes Yes
Routing
BGP Yes Yes
OSPF Yes Yes
RIPv1/v2 Yes Yes
Static routes Yes Yes
Source-based routing Yes Yes
Policy-based routing Yes Yes
ECMP Yes Yes
Routes 1,024 1,024
Multicast Yes Yes
Reverse Forwarding Path (RFP) Yes Yes
IGMP (v1, v2) Yes Yes
IGMP Proxy Yes Yes
PIM SM Yes Yes
PIM SSM Yes Yes
Mcast inside IPSec Tunnel Yes Yes
Encapsulations
PPP Yes Yes
MLPPP Yes N/A
Frame Relay Yes N/A
MLFR (FRF 15, FRF 16) Yes N/A
HDLC Yes N/A
Traffic Management (QoS)
Guaranteed bandwidth Yes Yes
Maximum bandwidth Yes Yes
Ingress Traffic Policing Yes Yes
Priority-bandwidth utilization Yes Yes
DiffServ stamp Yes, per policy Yes, per policy
Wi-Fi Multi-Media (WMM) Yes (with WLAN) Yes (with WLAN)
System Management
WebUI (HTTP and HTTPS) Yes Yes
Command Line Interface (console) Yes Yes
Command Line Interface (telnet) Yes Yes
Command Line Interface (SSH) Yes, v1.5 and v2.0 compatible
NetScreen-Security Manager Yes Yes
All management via VPN tunnel
on any interface Yes Yes
SNMP full custom MIB Yes Yes
Rapid deployment Yes Yes
Logging and Monitoring
Syslog (multiple servers) External, up to 4 servers
E-mail (2 addresses) Yes Yes
NetIQ WebTrends External External
SNMP (v2) Yes Yes
Traceroute Yes Yes
VPN tunnel monitor Yes Yes
Juniper Networks Secure Services Gateway 5 and 20