Juniper NetScreen-500 System 3 dual-10/100 modules, 2 DC power supplies
Contents
1. Juniper Networks NetScreen500 The NetScreen 500 is a purpose built security system designed to provide a flexible high performance solution for medium and large enterprise central sites and service providers The NetScreen 500 security system integrates firewall DoS VPN and traffic management functionality in a low profile modular chassis It provides high levels of total throughput for firewall and VPN plus support for virtual systems and security zones Combined with a flexible and resilient hardware architecture incorporating modular physical interfaces redundant power supplies fans and high availability interfaces the NetScreen 500 exceeds most enterprises typical traffic conditions It is well suited to match the peak load and strong deterrence requirements of the most demanding environments Juniper Networks Juniper Networks NetScreen 500 NetScreen500 Maximum Performance and Capacity PKI Support ScreenOS version support ScreenOS 5 4 PKI Certificate requests PKCS 7 and PKCS 10 Yes Firewall performance 700 Mbps Automated certificate enrollment SCEP Yes 3DES SHA 1 performance 250 Mbps Online Certificate Status Protocol OCSP Yes Concurrent sessions 250 000 Self Signed Certificates Yes New Sessions Second 7 000 Certificate Authorities Supported Policies 20 000 Verisign Yes Interfaces 8 10 100 or mini GBIC Entrust Yes SX or LX 4 GBIC SX or LX Microsoft Yes Mode of Opera2. Yes SNMP Full Custom MIB Yes Rapid deployment No Administration Local administrators database 20 External administrator database RADIUS LDAP SecurlD Restricted administrative networks 6 Root Admin Admin and Read Only user levels Yes Software upgrades TFTP WebUI SCP NSM Configuration Roll back Yes Traffic Management Guaranteed bandwidth Yes Maximum bandwidth Yes Ingress Traffic Policing Yes Priority bandwidth utilization Yes DiffServ stamp Yes Extemal Flash PCMCIA PC Card Supports 96 128 440 and 512 MB Event logs and alarms Yes System config script Yes NetScreen ScreenOS software Yes Certifications Safety Certifications UL CUL CSA CB EMC Certifications FCC class A BSMI Class A CE class A C Tick VCCI class A Environment Operational temperature 32 to 122 F 0 to 50 C Non operational temperature 4 to 158 F 20 to 70 C Humidity 10 to 90 non condensing MTBF Bellcore model 6 5 years Security Certifications Advanced models only Common Criteria EAL4 FIPS 140 2 Level 2 ICSA Firewall and VPN Ordering Information Product Part Number Juniper Networks NetScreen 500SP Bundles Dimensions and Power Dimensions H W L Weight Rack mountable Power Supply AC Power Supply DC 3 5 17 5 17 inches 27 lbs 19 standard 23 optional 90 to 264 VAC 100 watts 36 to 72 VDC 100 watts Licensing Options The NetScreen 500 is available with two licensing options to pr
3. and two security zones usable in the virtual or root system CORPORATE HEADQUARTERS AND SALES HEADQUARTERS FOR NORTH AND SOUTH AMERICA Juniper Networks Inc 1194 North Mathilda Avenue Sunnyvale CA 94089 USA Phone 8884UNIPER 888 586 4737 or 408 745 2000 Fax 408 745 2100 www juniper net EAST COAST OFFICE Juniper Networks Inc 10 Technology Park Drive Westford MA 01886 3146 USA Phone 978 589 5800 Fax 978 589 0800 110005 007 July 2006 ASIA PACIFIC REGIONAL SALES HEADQUARTERS Juniper Networks Hong Kong Ltd Suite 2507 11 Asia Pacific Finance Tower Juniper House Citibank Plaza 3 Garden Road Central Hong Kong Phone 852 2332 3636 Fax 852 2574 7803 EUROPE MIDDLE EAST AFRICA REGIONAL SALES HEADQUARTERS Juniper Networks UK Limited Guildford Road Leatherhead Surrey KT22 9JH U K Phone 44 0 1372 385500 Fax 44 0 1372 385501 Copyright 2006 J uniper Networks Inc All rights reserved Juniper Networks and the Juniper Networks logo are registered trademarks of Juniper Networks Inc in the United States and other countries All other trademarks service marks registered trademarks or registered service marks in this document are the property of Juniper Networks or their respective owners All specifications are subject to change without notice Juniper Networks assumes no responsibility for any inaccuracies in this document or for any obligation to update information in this document Junipe
4. ction DI attack pattern obfuscation Yes Redundant Interfaces Yes SYN cookie Yes Configuration synchronization Yes Zonebased IP spoofing Yes Session synchronization for firewall and VPN Yes vm Te a Site to site VPN tunnels up to 5 000 Pak a Remote access VPN tunnels 10 000 BUR EnL Conon TOF EMP members ie Tunnel interfaces up to 1 024 ea cakes affic ey is DES 56 bit 3DES 168 bit and AES encryption Yes eee S MD 5 and SHA 1 authentication Yes VolP Manual Key IKE PKI X 509 Yes H 323 ALG Yes Perfect forward secrecy DH Groups 1 25 SIP ALG Yes Prevent replay attack Yes SCCP ALG Yes Remote access VPN Yes MGCP ALG Yes L2TP within IPSec Yes NAT for H 323 SIP MGCP SCCP Yes Dead Peer Detection Yes F IPSec NAT Traversal Yes IP Address Assignment Redundant VPN gateways Yes atic i 16 VPN tunnel monitor Yes DHE PEPSE client No Internal DHCP server No Firewall and VPN User Authentication DHCP Relay Yes Built in internal database user limit up to 1 500 3rd Party user authentication RADIUS RSA SecurlD 802 1X and LDAP XAUTH VPN authentication Yes Web based authentication Yes es Ade Page 2 Juniper Networks NetScreen 500 RADIUS Accounting RADIUS Start Stop Yes System Management WebUI HTTP and HTTPS Yes Command Line Interface console Yes Command Line Interface telnet Yes Command Line Interface SSH Yes v1 5 and v2 0 compatible NetScreen Security Manager Yes All management via VPN tunnel on any interface
5. es 2 AC power supplies NS 500ES FE1 AC NetScreen 500 System 3 dual 10 100 modules 2 DC power supplies NS 500ES FE1 DC NetScreen 500 System 2 dual 10 100 modules 1 AC power supply NS 500ES FE2 AC NetScreen 500 System 2 dual 10 100 modules 1 DC power supply NS 500ES FE2 DC ES Systems include 0 Virtual Systems Juniper Networks NetScreen 500 Baseline Systems NetScreen 500 System 2 dual 10 100 modules 1 AC power supply NS 500B FE2 NetScreen 500 System 2 SX GBIC modules 1 AC power supply NS 500B GB1 Juniper Networks NetScreen 500 Virtual System Upgrades Upgrade to 5 Virtual Systems NS 500 VSYS 5 Upgrade from 5 to 10 Virtual Systems NS 500 VSYS 10 Upgrade from 10 to 25 Virtual Systems NS 500 VSYS 25 Every Virtual System includes one virtual router and 2 security zones usable in the virtual or root system 1 Performance capacity and features listed are based upon systems running ScreenOS 5 4 and are the measured maximums under ideal testing conditions unless otherwise noted Actual results may vary based on ScreenOS release and by deployment 2 Shared among all Virtual Systems 3 Not available with Virtual Systems 4 The following features are not supported in Layer 2 transparent mode NAT PAT policy based NAT virtual IP mapped IP virtual systems virtual routers VLANs OSPF BGP RIPv2 Active Active HA and IP address assignment 5 Requires purchase of virtual system key Every virtual system includes one virtual router
6. ovide two different levels of functionality and capacity Advanced Models The Advanced software license provides all of the features and capacities listed within this specsheet Baseline Models The Baseline software license provides an entry level solution for customer environments where features such as Deep Inspection OSPF and BGP dynamic routing advanced High Availabilty and full capacity are not critical requirements The following table shows the features and capacities that are different than the Advanced models Sessions Concurrent VPN tunnels Deep Inspection Firewall OSPF BGP High Availability HA NetScreen Security Manager jJuniper TWORKS NetScreen 500 Baseline 128 000 1 000 N A N A Active Passive only Supported NetScreen 500 System SX GBIC AC power NS 500SP GB1 AC NetScreen 500 System SX GBIC DC power NS 500SP GB1 DC NetScreen 500 System SX dual GBIC AC power NS 500SP GB2 AC NetScreen 500 System SX dual GBIC DC power NS 500SP GB2 DC SP Systems include 25 Virtual Systems and 2 power supplies Juniper Networks NetScreen 500ES Bundles NetScreen 500 System 2 SX GBIC modules 2 AC power supplies NS 500ES GB1 AC NetScreen 500 System 2 SX GBIC modules 2 DC power supplies NS 500ES GB1 DC NetScreen 500 System 2 SX dual GBIC modules 2 AC power supplies NS 500ES GB2 AC NetScreen 500 System 2 SX dual GBIC modules 2 DC power supplies NS 500ES GB2 DC NetScreen 500 System 3 dual 10 100 modul
7. r Networks reserves the right to change modify transfer or otherwise revise this publication without notice
8. tion reaa ve Layer 2 mode transparent mode Yes Ba ape A Layer 3 mode route and or NAT mode Yes Bop PKI a NAT Network Address Translation Yes PAT Port Address Translation Yes Logging Monitoring Policy based NAT Yes Syslog multiple servers External up to 4 servers Virtual IP 4 E mail 2 addresses Yes Mapped IP 4 096 NetIQ WebTrends External MIP VIP Grouping Yes SNMP v1 v2 Yes Users supported Unrestricted Standard and custom MIB Yes Firewall Traceroute Yes Number of network attacks detected 31 Virtualization Network attack detection Yes Maximum number of Virtual Systems O Default upgradeable to 25 DoS and DDoS protections Yes Maximum number of security zones 8 default upgradeable to 58 TCP reassembly for fragmented packet protection Yes Maximum number of virtual routers 3 default upgradeable to 28 Malformed packet protections Yes Number of VLANs supported 100 per port Deep Inspection DI firewall Yes Routing fee anomaly Us OSPF BGP dynamic routing up to 8 instances each ep Inspection firewall ye RIPv1 v2 dynamic routing Up to 256 instan Stateful protocol signatures Yes yn p f i Static routes 8 192 ee Pa Source Based Routing Source Interface Based Routing Yes Malicious Web filtering up to 48 URLs Edua cost mut pan routing 1S External Web filtering Websense or SurfControl Yes High Availability HA Integrated Web filtering No Active Active Yes Brute force attack mitigation Yes Active Passive Yes Deep Inspe
Download Pdf Manuals
Related Search