Juniper NS-K-AVS-SSG140-R
Contents
1. PIM JXU 1ISFP S port SFP 100 Mbps or Gigabit Ethernet Universal PIM SFP sold separately JXU 8GE TX S 8 port Gigabit Ethernet 10 100 1000 Copper Universal PIM 16 port Gigabit Ethernet 10 100 1000 Copper Universal PIM JXU 16GE TX S UPIMs are only supported in ScreenOS 6 0 or greater releases MODEL NUMBER DESCRIPTION Unified Threat Management Content Security High Memory Option Required NS K AVS SSGI40 Antivirus antispyware antiphishing NS DI SSG140 NS SPAM2 SSG140 NS WF SSG140 NS RBO CS SSG140 Remote Office Bundle AV IPS WF NS SMB2 CS SSG140 Main Office Bundle AV IPS WF AS UPIMs are only supported in ScreenOS 6 0 or greater releases IPS Deep Inspection Antispam Web filtering SSG140 Memory Upgrades Spares and Communications Cables o a a a N N sen mee CBL JX PWR AU CBL JX PWR CH CBL JX PWR EU CBL JX PWR IT CBL JX PWR JP CBL JX PWR UK CBL JX PWR US JX Blank FP S Power Cable Australia Power Cable China Power Cable Europe Power Cable Italy Power Cable Japan Power Cable UK Power Cable US Blank I O plate JX CBL EIA530 DTE EIA530 cable DTE JX CBL RS232 DTE RS232 cable DTE JX CBL RS449 DTE RS449 cable DTE JX CBL V35 DTE JX CBL X21 DTE 35 cable DTE X 21 cable DTE Note The appropriate power cord is included based upon the sales order Ship To destination About Juniper Networks Juniper Networks Inc is the leader in high performance ne2. example desktops Perimeter defense compliance for server infrastructure Most comprehensive defense against worm attacks Range of signatures and protocol anomalies Attacks in the server to client direction Attacks in the client to server direction Worms trojans backdoor attacks Juniper Networks Services and Support Juniper Networks is the leader in performance enabling services and support which are designed to accelerate extend and optimize your high performance network Our services allow you to bring revenue generating capabilities online faster so you can realize bigger productivity gains and faster rollouts of new business models and ventures At the same time Juniper Networks ensures operational excellence by optimizing your network to maintain required levels of performance reliability and availability For more details please visit www juniper net us en products services Ordering Information MODEL NUMBER DESCRIPTION SSG140 SSG 140 SB SSG140 with 256 MB memory O PIM cards AC power SSG 140 SH SSG140 with 512 MB memory O PIM cards AC power SSG140 I O Options a Ca sae TRA F a a E RE ENE E ERSA JX 2E1 RJ48 S 2 port El PIM with integrated CSU DSU JX 2T1 RJ48 S 2 port T1 PIM with integrated CSU DSU JX 2Serial S 2 port Serial PIM JX 1IADSL A S l port ADSL 2 2 Annex A PIM JX IADSL B S l port ADSL 2 2 Annex B PIM JX 2SHDSL S l port G SHDSL PIM JXU 6GE SFP S 6 port SFP Gigabit Ethernet Universal
3. Firewall Network attack detection DoS and DDoS protection TCP reassembly for fragmented packet protection Brute force attack mitigation SYN cookie protection Zone based IP spoofing Malformed packet protection Unified Threat Management IPS Deep Inspection firewall Protocol anomaly detection Stateful protocol signatures IPS DI attack pattern obfuscation Antivirus ScreenOS 6 2 350 Mbps 300 Mbps 90 000 PPS 100 Mbps 100 Mbps 48 000 8 000 1 000 Unrestricted 8x10 100 2x10 100 1000 4 2xTI 2xE1 2xSerial 1xISDN BRI S T SFP 10 100 1000 SSG140 high memory model only Unified Threat Management continued Signature database Protocols scanned Antispyware Antiadware Anti keylogger Instant message AV Antispam Integrated URL filtering External URL filtering VoIP Security H 323 Application level gateway ALG SIP ALG MGCP ALG SCCP ALG Network Address Translation NAT for VoIP protocols IPsec VPN Concurrent VPN tunnels Tunnel interfaces DES encryption 56 bit 3DES encryption 168 bit and AES 256 bit MD 5 and SHA 1 authentication Manual key Internet Key Exchange IKE IKEv2 with EAP public key infrastructure PKI X 509 Perfect forward secrecy DH Groups Prevent replay attack Remote access VPN Layer 2 Tunneling Protocol L2TP within IPsec IPsec Network Address Translation NAT traversal Auto Connect VPN Redundant VPN gateways 200 000 POP3 HTTP SMT
4. JUNIP EL NETWORKS Product Overview The SSG140 Secure Services Gateway is a purpose built security appliance that delivers a perfect blend of performance security routing and LAN WAN connectivity for medium sized branch offices and business deployments Traffic flowing in and out of the branch office or business is protected from worms spyware trojans and malware by a complete set of Unified Threat Management security features that include stateful firewall IPsec VPN intrusion prevention system IPS antivirus includes antispyware antiadware antiphishing antispam and Web filtering DATASHEET SSG140 SECURE SERVICES GATEWA Product Description The Juniper Networks SSG140 Secure Services Gateway is a high performance security platform for branch offices and small medium sized standalone businesses that want to stop internal and external attacks prevent Unauthorized access and achieve regulatory compliance The SSG140 is a modular platform that delivers more than 350 Mbps of stateful firewall traffic and 100 Mbps of IPsec VPN traffic Security Protection against worms viruses trojans spam and emerging malware is delivered by proven unified threat management UTM security features that are backed by best in class partners To address internal security requirements and facilitate regulatory compliance the SSG140 supports an advanced set of network protection features such as security zones virtual route
5. P IMAP FTP IM Yes Yes Yes Yes Yes Yes Yes Yes Yes 125 Yes Yes Yes Yes Yes Yes User Authentication and Access Control Built in internal database user limit Third party user authentication RADIUS Accounting XAUTH VPN authentication Web based authentication 802 1X authentication RADIUS RSA SecurelD LDAP Yes start stop Yes Yes Yes Unified Access Control UAC enforcement point Yes Specifications continued PKI Support eases ached E S A E e PKI certificate requests PKCS 7and PKCS10 Yes Dual stack IPv4 IPv6 firewall and VPN Yes Automated certificate enrollment SCEP Yes IPv4 to from IPv6 translations and Yes encapsulations Online Certificate Status Protocol OCSP Yes Syn Cookie and Syn Proxy DoS Attack Yes Certificate Authorities supported Verisign Entrust Microsoft Detection Boe KEON SIP RTSP Sun RPC and MS RPC ALG s Yes iPlanet Netscape Baltimore DOD PKI RIPng Yes Self signed certificates Yes BGP Wes Virtualization Transparent mode Yes Maximum number of security zones 40 NSE Ves Maximum number of virtual routers 6 ey Yes Bridge groups Yes Mode of Operation EAEE ANAN ER desea te Sse taceneanesemsaetes 3 Layer 2 transparent mode Yes Maximum number of VLANs 100 i Layer 3 route and or NAT mode Yes Routing Jisaa tenon si ly Sheena fas a a ae ee aaah alia salpaae epee tees eas Address Translation BGP instances 6 gecersteedsegrenetenasaransmaren
6. ease contact your Juniper Networks representative at 1 866 298 6428 or authorized reseller Printed on recycled paper
7. it the Juniper Customer Support Center www juniper net customers support and click on ScreenOS Software Downloads 2 IMIX stands for Internet mix and is more demanding than a single packet size as it represents a traffic mix that is more typical of a customer s network The IMIX traffic used is made up of 58 33 64 byte packets 33 33 570 byte packets 8 33 1518 byte packets of UDP traffic 3 UTM Security features IPS Deep Inspection antivirus antispam and Web filtering are delivered by annual subscriptions purchased separately from Juniper Networks Annual subscriptions provide signature updates and associated support The high memory option is required for UTM Security features 4 Redirect Web filtering sends traffic from the firewall to a secondary server The redirect feature is free however it does require the purchase of a separate Web filtering license from either Websense or SurfControl 5 NAT PAT policy based NAT virtual IP mapped IP virtual systems virtual routers VLANs OSPF BGP RIPv2 active active HA and IP address assignment are not available in layer 2 transparent mode SIGNATURE PACK TARGET DEPLOYMENT DEFENSE TYPE TYPE OF ATTACK OBJECT Base Branch offices small medium businesses Client Remote branch offices Server Small medium businesses Worm mitigation enterprises Remote branch offices of large Client server and worm protection Perimeter defense compliance for hosts for
8. kes down VPN tunnels between spoke sites in a hub and spoke topology Bridge groups supported only on uPIMs in ScreenOS 6 0 and greater releases UPIMs are only supported in ScreenOS 6 0 or greater releases Delivers performance headroom required to protect against internal and external attacks now and into the future Ensures that the network is protected against all manner of attacks Stops viruses spyware adware and other malware Blocks unwanted email from known spammers and phishers Controls blocks access to malicious Web sites Prevents application level attacks from flooding the network Provides high speed LAN connectivity future connectivity and flexible management Powerful capabilities facilitate deploying security for various internal external and DMZ sub groups on the network to prevent unauthorized access Enables the deployment of consolidated security and routing device thereby lowering operational and capital expenditures Provides unmatched interface density when compared to competitive offerings Delivers LAN and WAN connectivity options on top of unmatched security to reduce costs and extend investment protection Enables management access from any location eliminating on site visits thereby improving response time and reducing operational costs Improves security posture in a cost effective manner by leveraging existing customer network infrastructure components and best in class techn
9. me between failures MTBF Bellcore model Security Certifications Common Criteria EAL4 System log multiple servers Email 2 addresses NetIQ WebTrends SNMP v2 SNMP full custom MIB Traceroute VPN tunnel monitor External Flash Additional log storage Event logs and alarms System configuration script ScreenOS Software Yes up to 4 servers Yes Yes Yes Yes Yes Yes IPS Deep Inspection firewall Signature Packs Signature packs provide the ability to tailor the attack protection to the specific deployment and or attack type The following signature packs are available for the SSG140 FIPS 140 2 Level 2 ICSA Firewall and VPN Operating Environment Operating temperature Non operating temperature Humidity 17 5 x 1 8 x15in 44 5 x 4 5 x 38 1cm 10 2 lb 4 63 kg Yes IRU 100 240 VAC AC Input line frequency 50 Hz or 60 Hz AC system current rating 2A 580 BTU hour 170 W 48 8 dB UL CUL CSA CB FCC class B CE class B No 16 years Future Future Yes 32 to 104 F 0 to 40 C 40 to 158 F 20 to 70 C 10 to 90 noncondensing 1 Performance capacity and features listed are based upon systems running ScreenOS 6 2 and are the measured maximums under ideal testing conditions unless otherwise noted Actual results may vary based on ScreenOS release and deployment For a complete list of supported ScreenOS versions for SSG Series gateways please vis
10. ology Transforms the network infrastructure to ensure that it is secure flexible scalable and reliable Provides a scalable VPN solution for mesh architectures with support for latency sensitive applications such as VoIP and video conferencing Product Options OPTION OPTION DESCRIPTION APPLICABLE PRODUCTS DRAM The SSG140 is available with either 256 MB or 512 MB of DRAM Unified Threat Management Content Security high memory option required The SSG140 can be configured with any combination of the following best in class UTM and content security functionality antivirus includes antispyware SSG140 antiphishing IPS Deep Inspection Web filtering and or antispam I O options Four SSG140 interface expansion slots support SSG140 optional T1 El ISDN BRI S T ADSL2 G SHDSL and serial physical interface modules PIMs and 10 100 1000 and SFP universal PIMs uPIMs SG140 SSG140 Specifications Maximum Performance and Capacity ScreenOS version tested Firewall throughput large packets Firewall throughput IMIX Firewall packets per second 64 byte Advanced Encryption Standard AES 256 SHA 1 VPN throughput 3DES encryption SHA 1 VPN throughput Maximum concurrent sessions New sessions second Maximum security policies Maximum users supported Network Connectivity Fixed I O Physical Interface Module PIM slots Modular WAN LAN interface options PIMs UPIMs
11. pia nse Hees nese cam Ade heccaanes E EEEE EERE E ET Network Address Translation NAT Yes BGP peers 24 Port Address Translation PAT Yes BGP routes 2 048 r Policy based NAT PAT L2 and L3 mode Yes CEFF MEETS Mapped IP MIP L3 mode 1 500 OSPF routes 2 048 Virtual IP VIP L3 mode 16 RIPvI v2 instances 64 MIP VIP Grouping L3 mode Yes RIP v2 routes 2 048 IP Address Assignment Sema IE es Sate ee RCIA S SCCM Ie em NR ae ee PE TEE mere ene Source based routing Yes Dynamic Host Configuration Protocol Yes Policy based routing Yes DHCP Point to Point Protocol over Ethernet PPPoE client Equal cost multipath ECMP Yes internal DHE Sener Yes Multicast Yes DHCP relay Wes Reverse Forwarding Pati RFP yes Traffic Management Quality of Service QoS hemet eou PREF OnE ESAN SEE ck eaten pater E A akon mares A EATERY vl v2 Maximum bandwidth Yes per policy IGMP Proxy Yes Ingress traffic policing Yes Protocol Independent Multicast PIM single Yes z pee masts Priority bandwidth utilization Yes PIM source specific multicast Yes Differentiated Services marking Yes per policy Multicast inside IPsec tunnel Yes High Availability HA EEE TATE E A E eect E EEA Active active L3 mode Yes Encapsulations FRO O ERO eae eee ETHER DEE OEE OES E OH EES FOO ESE OSEEHEEDEESEEESESOEREEOEESEESOESOUEOHE SHO S FEES SESS HEE OOO EE SEES Active passive es Transparent amp L3 mode Yes Point to Point Protocol PPP Yes Configuration synchronization Yes M
12. provided by Juniper is based on Websense SurfControl technology Annually licensed IPS engine Eight fixed 10 100 interfaces and two 10 100 1000 interfaces one USB port one console port and one auxiliary port Bridge groups security zones virtual LANs and virtual routers allow administrators to deploy security policies to isolate guests wireless networks and regional servers or databases Proven routing engine supports OSPF BGP and RIP v1 2 along with Frame Relay Multilink Frame Relay PPP Multilink PPP and HDLC Eight 10 100 plus two 10 100 1000 interfaces plus a console and an Aux interface for management Four SSG140 interface expansion slots support optional T1 El ISDN BRI S T ADSL2 G SHDSL and serial physical interface modules PIMs and 10 100 1000 and SFP universal PIMs uPIMs Use any one of three mechanisms CLI WebUI or Juniper Networks Network and Security Manager NSM to securely deploy monitor and manage security policies Interacts with the centralized policy management engine IC Series to enforce session specific access control policies using criteria such as user identity device security state and network location From simple lab testing to major network implementations Juniper Networks Professional Services will collaborate with your team to identify goals define the deployment process create or validate the network design and manage the deployment Automatically sets up and ta
13. rs and VLANs that allow administrators to divide the network into distinct secure domains each with its own unique security policy Policies protecting each security zone can include access control rules and inspection by any of the supported UTM security features Connectivity and Routing The SSG140 supports ten on board interfaces eight 10 100 plus two 10 100 1000 complemented by four I O expansion slots that can house additional WAN interfaces T1 El ISDN BRI S T and Serial making the SSG140 the most extensible security platform in its class This broad array of I O options coupled with WAN protocol and encapsulation support in its routing engine make the SSG140 a platform that can easily be deployed as a traditional branch office router or as a consolidated security and routing device to reduce CapEx and OpEx Access Control Enforcement The SSG140 can act as an enforcement point in a Juniper Networks Unified Access Control UAC deployment with the simple addition of the IC Series UAC appliance The IC Series functions as a central policy management engine interacting with the SSG140 to augment or replace the firewall based access control with a solution that grants denies access based on more granular criteria that include endpoint state and user identity in order to accommodate the dramatic shifts in attack landscape and user characteristics World Class Support From simple lab testing to major network implementations Juniper Net
14. tworking Juniper offers a high performance network infrastructure that creates a responsive and trusted environment for accelerating the deployment of services and applications over a single network This fuels high performance businesses Additional information can be found at www juniper net Corporate and Sales Headquarters APAC Headquarters Juniper Networks Hong Kong 26 F Cityplaza One T11 King s Road Taikoo Shing Hong Kong Phone 852 2332 3636 Fax 852 2574 7803 Juniper Networks Inc 1194 North Mathilda Avenue Sunnyvale CA 94089 USA Phone 888 JUNIPER 888 586 4737 or 408 745 2000 Fax 408 745 2100 www juniper net EMEA Headquarters Juniper Networks Ireland Airside Business Park Swords County Dublin Ireland Phone 35 31 8903 600 EMEA Sales 00800 4586 4737 Fax 35 31 8903 601 Copyright 2010 Juniper Networks Inc All rights reserved Juniper Networks the Juniper Networks logo Junos NetScreen and ScreenOS are registered trademarks of Juniper Networks Inc in the United States and other countries All other trademarks service marks registered marks or registered service marks are the property of their respective owners Juniper Networks assumes no responsibility for any inaccuracies in this document Juniper Networks reserves the right to change modify transfer or otherwise revise this publication without notice 1000181 O06 EN April 2010 To purchase Juniper Networks solutions pl
15. ultilink Point to Point Protocol MLPPP Yes y sare y Session synchronization for firewall and VPN Yes MLPRE Max physicatimenaces si Session failover for routing change Yes Frame relay Yes VRRP Yes See eee eee continued gaminime memas Device failure detection Yes Multilink Frame Relay MLFR FRF 15 FRF 16 Yes Link failure detection Yes MLFR max physical interfaces a Authentication for new HA members Yes HDLC Yes Encryption of HA traffic Yes Bridge groups supported only on uPIMs in ScreenOS 6 0 and greater releases Specifications continued System Management WebUI HTTP and HTTPS Command line interface console Command line interface telnet Command line interface SSH Network and Security Manager NSM All management via VPN tunnel on any interface Rapid deployment Administration Yes Yes v1 5 and v2 0 compatible Yes Yes Dimensions and Power Dimensions W x H x D Weight Rack mountable Power supply AC Maximum thermal output Noise Level Local administrator database size External administrator database support Restricted administrative networks Root Admin Admin and Read Only user levels Software upgrades Configuration roll back Logging Monitoring RADIUS RSA SecurelD LDAP 6 Yes TFTP WebUI NSM SCP USB Yes Certifications Safety certifications Electromagnetic compatibility EMC certifications Network Equipment Building System NEBS Mean ti
16. works Professional Services will collaborate with your team to identify goals define the deployment process create or validate the network design and manage the deployment to its successful conclusion Branch Office Headquarters lal 5 ooo ISG2000 The SSG140 deployed at a branch offi ce for secure Internet connectivity and site to site VPN to corporate headquarters Internal branch offi ce resources are protected with unique security policies for each security zone Features and Benefits FEATURE FEATURE DESCRIPTION BENEFIT High performance Best in class UTM security features Integrated antivirus Integrated antispam Integrated Web filtering Integrated IPS Deep Inspection Fixed Interfaces Network segmentation Robust routing engine High interface density Interface modularity Management flexibility Juniper Networks Unified Access Control enforcement point World class professional services Auto Connect VPN Purpose built platform is assembled from custom built hardware powerful processing and a security specific operating system UTM security features antivirus antispam Web filtering IPS stop all manner of viruses and malware before they damage the network Annually licensed antivirus engine provided by Juniper is based on Kaspersky Lab engine Annually licensed antispam offering provided by Juniper is based on Sophos technology Annually licensed Web filtering solution
Download Pdf Manuals
Related Search