Juniper Networks SSG 520
Contents
1. Page 1 Sheri Juniper Networks Secure Services Gateway 500 Series The Juniper Networks Secure Services Gateway 500 Series SSG represents a new class of purpose built security appliance that delivers a perfect mix of performance security and LAN WAN connectivity for regional and branch office deployments A complete set of Unified Threat Management UTM security features including Stateful firewall IPS Antivirus includes Anti Spyware Anti Adware Anti Phishing Anti Spam and Web Filtering allow the SSG 500 Series to be implemented as standalone security devices to stop worms Spyware Trojans malware and other emerging attacks Complementing the powerful UTM security features is a robust routing engine that allows the SSG 500 Series to be deployed as a traditional branch office router or as a combination firewall and routing device to reduce capital and operational expenses The Secure Services Gateway 500 Series provides customers with the following features and benefits Dedicated security specific processing hardware and software platform delivers performance required to protect high speed LAN as well as lower speed WAN connections UTM security features backed by best in class security partners to ensure that the network is protected against worms Spyware Trojans malware and other emerging attacks Advanced security features such as network segmentation allows administrators to deploy security policies to isolate guests2. to 122 E DHCP relay Yes Yes e Orto 5ghe Non operational temperature 4 to 158 F 4 to 158 F PKI Support 20 to 70 C 20 to 70 C PKI Certificate requests PKCS 7 and PKCS 10 Yes Yes Humidity 10 to 90 10 to 90 Automated certificate enrollment SCEP Yes Yes non condensing non condensing Online Certificate Status Protocol OCSP Yes Yes MTBF Bellcore model 12 years 12 years Certificate Authorities Supported Verisign Entrust Microsoft RSA Keon iPlanet Netscape Baltimore DOD PKI 1 Performance capacity and features listed are based upon systems running ScreenOS 5 4 and are the measured maximums under ideal testing conditions unless otherwise noted Actual results may vary based on ScreenOS release and by deployment Administration 2 IMIX stands for Internet mix and is more demanding than a single packet size as it represents a traffic mix that is typical of a customer s network The IMIX Local administrators database 20 20 traffic used is made up of 58 33 64 byte packets 33 33 570 byte packets 8 33 1518 byte packets of UDP traffic 3 NAT PAT policy based NAT virtual IP mapped IP virtual systems virtual routers VLANs OSPF BGP RIPv2 Active Active HA and IP address assignment are External administrator database RADIUS LDAP SecurID not available in layer 2 transparent mode gt Pa A 4 UTM Security features IPS Deep Inspection Antivirus Anti Spam and Web filtering are delivered by annual sub
3. wireless networks and regional servers or databases to prevent unauthorized access and contain any attacks that may occur e Extensible I O architecture delivers LAN and WAN connectivity options on top of unmatched security to reduce costs and extend investment protection The SSG 500 Series are ideally suited for regional branch offices medium businesses and service providers that want a security platform to protect their WAN and high speed internal networks while extending the platform return on investment through high levels of system and interface modularity SSG 550 SSG 550M The SSG 550 and SSG 550M deliver 1 Gbps of IMIX Stateful firewall traffic and 500 Mbps of IPSec VPN Connectivity options include four on board 10 100 1000 interfaces and six I O expansion slots for LAN and WAN flexibility SSG 520 SSG520M The SSG 520 and SSG 520M deliver 600 Mbps of IMIX firewall traffic and 300 Mbps of IPSec VPN Connectivity options include four on board 10 100 1000 interfaces and six I O expansion slots for LAN and WAN flexibility Security Proven firewall and IPSec VPN combined with best in class UTM security features including IPS Antivirus includes Anti Spyware Anti Adware Anti Phishing Anti Spam and Web Filtering protects both LAN and WAN traffic from worms Spyware Trojans malware and other emerging attacks Modular LAN WAN connectivity The SSG 500 Series supports four on board 10 100 1000 interfaces plus six in
4. worm attacks Worms Trojans backdoor attacks AUR che Slade Ordering Information SSG 550 SSG 550 512 MB Memory System 0 PIM Cards 1 AC Power supply SSG 550 1GB Memory 0 PIM Cards 1 AC Power Supply SSG 550 System 1GB Memory 0 PIM Cards 1 AC Power Supply NEBS Compliant SSG 550 System 1GB Memory 0 PIM Cards 1 DC Power Supply SSG 550B 001 SSG 550 001 SSG 550 001 NEBS SSG 550 001 DC Product Part Number SSG 520 SSG 520 512 MB Memory System 0 PIM Cards AC Power SSG 520 System 1GB Memory 0 PIM Cards AC Power SSG 520 System 1GB Memory 0 PIM Cards DC Power SSG 520B 001 SSG 520 001 SSG 520 001 DC SSG 550M SSG 550M System 1GB Memory 0 PIM Cards 1 AC Power Supply SSG 550M System 1GB Memory 0 PIM Cards 1 AC Power Supply NEBS Compliant SSG 550M System 1GB Memory 0 PIM Cards 1 DC Power Supply NEBS Compliant SSG 550M SH SSG 550M SH N SSG 550M SH DC N Product Part Number Unified Threat Management Content Security High Memory Option Required SSG 520 SSG 520M Anti Virus includes Anti Spyware Anti Phishing NS K AVS SSG550 SSG 550 SSG 550M Anti Virus includes Anti Spyware Anti Phishing NS K AVS SSG520 SSG 550 SSG 550M IPS Deep Inspection NS DI SSG550 SSG 520 SSG 520M IPS Deep Inspection NS DI SSG520 SSG 550 SSG 550M Web Filtering NS WF SSG550 SSG 520 SSG 520M Web Filtering NS WF SSG520 SSG 550 SSG 550M Anti Spam NS SPAM SSG550 SSG 520 SSG 520M Anti Sp
5. 74 7803 EUROPE MIDDLE EAST AFRICA REGIONAL SALES HEADQUARTERS Juniper Networks UK Limited Building 1 Aviator Park Station Road Addlestone Surrey KT15 2PG U K Phone 44 0 1372 385500 Fax 44 0 1372 385501 Copyright 2006 Juniper Networks Inc All rights reserved Juniper Networks and the Juniper Networks logo are registered trademarks of Juniper Networks Inc in the United States and other countries All other trademarks service marks registered trademarks or registered service marks in this document are the property of Juniper Networks or their respective owners Alll specifications are subject to change without notice Juniper Networks assumes no responsibility for any inaccuracies in this document or for any obligation to update information in this document Juniper Networks reserves the right to change modify transfer or otherwise revise this publication without notice
6. am NS SPAM SSG520 SSG 550 SSG 550M Remote Office Bundle Includes AV DI WF NS RBO CS SSG550 SSG 520 SSG 520M Remote Office Bundle Includes AV DI WF NS RBO CS SSG520 SSG 550 SSG 550M Main Office Bundle Includes AV DI WF AS NS SMB CS SSG550 SSG 520 SSG 520M Main Office Bundle Includes AV DI WF AS NS SMB CS SSG520 SSG 520M SSG 520M System 1GB Memory 0 PIM Cards 1 AC Power Supply SSG 520M System 1GB Memory 0 PIM Cards 1 AC Power Supply NEBS Compliant SSG 520M System 1GB Memory 0 PIM Cards 1 DC Power Supply NEBS Compliant SSG 520M SH SSG 520M SH N SSG 520M SH DC N SSG 500 Series I O Options 1 Port Gigabit Ethernet 10 100 1000 Copper Enhanced PIM JXE 1GE TX S 1 Port Fiber Gigabit Ethernet Enhanced PIM SFP sold separately JXE 1GE SFP S Small Form Factor Pluggable 1000Base LX Gigabit Ethernet Optic Module JX SFP 1GE LX Small Form Factor Pluggable 1000Base SX Gigabit Ethernet Optic Module JX SFP 1GE SX 4 Port Fast Ethernet Enhanced PIM JXE 4FE TX S 2 Port T1 PIM with integrated CSU DSU JX 2T1 RJ48 S 2 Port E1 PIM with integrated CSU DSU JX 2E1 RJ48 S 2 Port Serial PIM JX 2Serial S 1 Port DS3 PIM JX 1DS3 S SSG 500 Series Memory Upgrades Spares and Communications Cables Spare Power Supply for SSG 550 AC Power Spare Power Supply for SSG 550 DC Power Power cable Australia Power cable China Power cable Europe Power cable Italy Power cable Japan Power cable UK Power cable US 1 G
7. eways Yes Yes Page 3 BDRER Ac SSG 550 SSG 550M SSG 520 SSG520M SSG 550 SSG 550M SSG 520 SSG520M Virtualization Dimensions and Power Maximum number of security zones 60 60 Dimensions H W L 3 5H 17 5W 21 5L 3 5H 17 5W 21 5L Maximum number of virtual routers 8 5 Weight 25 0 Ibs 23 0 Ibs Number of VLANs supported 150 125 no interface modules no interface modules one power supply 25 3 Ibs High Availability HA 30 7 Ibs six interface six interface modules Active Active Yes No two power supplies Active Passive Yes Yes Redundant interfaces E Yes Yes Rack mountable Yes 2RU Yes 2RU Configuration synchtontzatian yes Yes Power Supply AC 100 240 VAC 420 watts 100 240 VAC 350 watts Session synchronization or Arewall anc VEN Yes Yes Power Supply DC 48 to 60 VDC 420 watts 48 to 60 VDC 420 watts Session failover for routing change Yes Yes Redundant Power Supply Hot Swappable Yes No Device failure detection Yes Yes Link failure detection Yes Yes Certifications Authentication for new HA members Yes Yes Safety Certifications UL CUL CSA CB UL CUL CSA CB Encryption of HA traffic Yes Yes EMC Certifications FCC class A CE class A FCC class A CE class A C Tick VCCI class A C Tick VCCI class A IP Address Assignment NEBS Level 3 SSG 550 SSG 550M SSG 520M only Static Yes Yes DHCP PPPoE client Yes Yes Pe nual Internal DHCP server Yes Yes Operational temperature 32 to 122 F 32
8. igabyte Memory Upgrade for the SSG 500 series Replacement air filter for SSG 550 Series EIA530 cable DCE EIA530 cable DTE RS232 cable DCE RS232 cable DTE RS449 cable DCE RS449 cable DTE v 35 cable DCE V 35 cable DTE X 21 cable DCE X 21 cable DTE Blank I O plate SSG PS AC SSG PS DC CBL JX PWR AU CBL JX PWR CH CBL JX PWR EU CBL JX PWR IT CBL JX PWR JP CBL JX PWR UK CBL JX PWR US SSG 500 MEM 1GB SSG 500 FLTR JX CBL EIA530 DCE JX CBL EIA530 DTE JX CBL RS232 DCE JX CBL RS232 DTE JX CBL RS449 DCE JX CBL RS449 DTE JX CBL V35 DCE JX CBL V35 DTE JX CBL X21 DCE JX CBL X21 DT JX Blank FP S Note The appropriate power cord is included based upon the sales order Ship To destination Firewall Anti Spam Anti Virus Levell PREMIUM Level 1 GATEWAY Anti Spyware Web Filtering CORPORATE HEADQUARTERS AND SALES HEADQUARTERS FOR NORTH AND SOUTH AMERICA Juniper Networks Inc 1194 North Mathilda Avenue Sunnyvale CA 94089 USA Phone 888 JUNIPER 888 586 4737 or 408 745 2000 Fax 408 745 2100 wwwjuniper net 100143 004 Oct 2006 EAST COAST OFFICE Juniper Networks Inc 10 Technology Park Drive Westford MA 01886 3146 USA Phone 978 589 5800 Fax 978 589 0800 ASIA PACIFIC REGIONAL SALES HEADQUARTERS Juniper Networks Hong Kong Ltd Suite 2507 11 25 F ICBC Tower Citibank Plaza 3 Garden Road Central Hong Kong Phone 852 2332 3636 Fax 852 25
9. on FW Yes Yes Priority bandwidth utilization Yes Yes Protocol anomaly detection Yes Yes DiffServ stamp Yes per policy Yes per policy Stateful protocol signatures Yes Yes System Management Antivirus Yes WebUI HTTP and HTTPS Yes Yes SENATE database 1000094 Command Line Interface console Yes Yes Protocols scanned POP3 SMTP HTTP IMAP FTP rien Command Line Interface telnet Yes Yes Anti Phishing Yes Yes 4 f Command Line Interface SSH Yes v1 5 and v2 0 compatible past ig sii Aa NetScreen Security Manager Yes Yes Anti Adware Yes Yes f gt All management via VPN tunnel Anti Keylogger Yes Yes Anti Spam Yes Yes on any interface Yes Yes SNMP full custom MIB Yes Yes Integrated URL filtering Yes Yes Rapid deployment No No External URL filtering Yes Yes VoIP Security Logging and Monitoring 1 323 ALG Yes Yes Syslog multiple servers External up to 4 servers E mail 2 addresses Yes Yes SIP ALG Yes Yes SCCP ALG Yes Yes NetIQ WebTrends External External MGCP ALG Yes Yes SAMEVA Ts Ie NAT for SIP H 323 MGCP SCCP Yes Yes Traceroute ag Ies VPN tunnel monitor Yes Yes VPN Concurrent VPN tunnels 1 000 500 Tunnel interfaces 300 100 DES 56 bit 3DES 1 68 bit and AES encryption Yes Yes MD 5 and SHA 1 authentication Yes Yes Manual key IKE PKI X 509 Yes Yes Perfect forward secrecy DH Groups Yes Yes Prevent replay attack Yes Yes Remote access VPN Yes Yes L2TP within IPSec Yes Yes IPSec NAT traversal Yes Yes Redundant VPN gat
10. ported 3 instances supported Users supported Unrestricted Unrestricted RIPv1 v2 256 instances supported 128 instances supported Upgradeable to JUNOS 8 0 SSG 550M Only SSG 520M Only Dynamic routing Yes Yes Network Connectivity PANE TOMIS Wa hiss Fixed 1 0 4x 10 100 1000 4x 10 100 1000 ce rouig ae be Physical Interface Module PIM Slots 6 6 Enhanced PIM Slots 4 2 acne 20 000 10 000 WAN interface options Serial T1 E1 DS3 Multicast Yes Yes LAN interface options SFP FE 10 100 1000 Reverse Forwa ding Pati REP Yes Yes TRHA RAA a SA IGMP v1 v2 Yes Yes Mode of Operation IGMP Proxy Yes Yes Layer 2 transparent mode Yes Yes PIM SM Yes Yes Layer 3 route and or NAT mode Yes Yes PIM SSM Yes Yes Address Translation Mcast inside IPSec Tunnel Yes Yes Network Address Translation NAT Yes Yes Encapsulations Port Address Translation PAT Yes Yes PPP Yes Yes Policy based NAT PAT Yes Yes MLPPP Yes Yes Mapped IP 6 000 1 500 MLPPP max physical interfaces 12 12 Virtual IP 64 32 Frame Relay Yes Yes Firewall MLFR FRF 15 FRF 16 Yes Yes Network attack detection Yes Yes MLFR max physical interfaces 12 12 DoS and DDoS protection Yes Yes HDLC Yes Yes TCP reassembly for fragmented Traffic Management QoS packet protection Yes Yes Guaranteed bandwidth Yes Yes Malformed packet protection 1s Maximum bandwidth Yes per physical interface Yes per physical interface Unified Threat Management Content Security Ingress Traffic Policing Yes Yes IPS Deep Inspecti
11. scriptions purchased separately from Restricted administrative networks 6 6 Juniper Networks Annual subscriptions provide signature updates and associated support The high memory option is required for UTM Security features Root Admin Admin and 5 Redirect Web filtering sends traffic to a secondary server and therefore entails purchasing a separate Web filtering license from either Websense or gt J SurfControl Read Only user levels Yes Yes Software upgrades TETP WebUI NSM IPS Deep Inspection FW Signature Packs Configuration Roll back Yes Yes S i a R s Signature Packs provide the ability to tailor the attack protection to the a specific deployment and or attack type The following Signature packs Additional log storage USB 1 1 USB 1 1 p z s 8 are available for the SSG 500 Series Event logs and alarms Yes Yes System config script Yes Yes Signature Pack Target Deployment Defense Type Type of Attack ScreenOS Software Yes Yes Object nesses Base Branch Offices small Client Server and Range of signa medium businesses worm protection tures and protocol anomalies Client Remote Branch Perimeter defense Attacks in the server Offices compliance for hosts to client direction desktops etc Server Small Medium Busi Perimeter defense Attacks in the client compliance for server infrastructure to server direction Worm Mitigation Remote Branch Offices of Large enterprises Most comprehensive defense against
12. terface slots that accept a wide range of LAN and WAN I O cards including T1 E1 DS3 E3 Serial 10 100 1000 SFP and FE The combination of supported LAN and WAN hardware and supporting protocols extends the return on investment by providing customers with interface and routing flexibility to match their current and future connectivity requirements Network segmentation The SSG 500 Series delivers an advanced set of network segmentation features such as Security Zones Virtual Routers and VLANs that allow administrators to deploy different levels of security to different user groups by dividing the network into distinct secure domains each with their own security policy Page 2 SSG 550 SSG 550M SSG 520 SSG520M SSG 550 SSG 550M SSG 520 SSG520M Maximum Performance and Capacity Firewall and VPN User Authentication ScreenOS version support ScreenOS 5 4 ScreenOS 5 4 Built in internal database user limit 1 500 1 500 Firewall performance Large packets 1 Gbps 650 Mbps 3rd Party user authentication RADIUS RSA SecurID 802 1X and LDAP Firewall performance IMIX 1 Gbps 600 Mbps XAUTH VPN authentication Yes Yes 3DES SHA 1 performance 500 Mbps 300 Mbps Web based authentication Yes Yes FW packets per second 64 byte 600 000 300 000 Concurrent sessions 128 000 64 000 Routing New sessions second 15 000 10 000 BGP 15 instances supported 9 instances supported Policies 4 000 1 000 OSPF 8 instances sup
Download Pdf Manuals
Related Search