Juniper SSG-5-SB-BTW-E firewall (hardware)
Contents
1. 32 to 104 Deg F 20 to 65 Deg C 4 to 149 Deg F 10 to 90 non condensing 40 5 Yrs 22 8 Yrs desktops etc Attacks in the client to server direction Server Small Medium Businesses Perimeter defense compliance for server infrastructure Worm Mitigation Remote Branch Offices of Large enterprises Most comprehensive Worms Trojans defense against backdoor attacks worm attacks Juniper Wout Net Page 4 Ordering Information Product Part Number Product Part Number SSG 5 SSG 5 SSG 20 Accessories amp Upgrades SSG 5 with Serial backup 128 MB Memory SSG 5 SB Extended License Upgrade Key for SSG 5 SSG 5 ELU SSG 5 with ISDN BRI S T backup Interface 128 MB Memory SSG 5 SB BT Extended License Upgrade Key for SSG 20 SSG 20 ELU SSG 5 with v 92 backup 128 MB Memory SSG 5 SB M SSG 5 and SSG 20 256MB Memory Upgrade Module SSG 5 20 MEM 256 SSG 5 with Serial backup Wireless 802 11 a b g 128 MB Memory 99G 5 SB W Xx SSG 5 Rack Mount Kit holds 2 units SSG 5 RMK SSG 5 with ISDN BRI S T backup Wireless 802 11a b g 128 MB memory SSG 5 SB BTW xx SSG 20 Rack Mount Kit SSG 20 RMK SSG 5 with v 92 backup Wireless 802 11a b g 128 MB Memory SSG 5 SB MW xx SSG Wireless Replacement Antenna SSG ANT SSG 5 with Serial backup 256 MB memory SSG 5 SH SSG 5 with ISDN BRI S T backup 256 MB memory SSG 5 SH BT Unified Threat Management Content Security High Memory Option Required SSG 5 with v 92 backup 256 MB memory SSG 52. Page 1 EENIA Juniper Networks SSG 5 and SSG 20 The Juniper Networks Secure Services Gateway 5 SSG 5 and Secure Services Gateway 20 SSG 20 are purpose built security appliances that deliver a perfect blend of performance security routing and LAN WAN connectivity for small branch office and small business deployments Traffic flowing in and out of the branch office can be protected from worms Spyware Trojans and malware by a complete set of Unified Threat Management UTM security features including Stateful firewall IPSec VPN IPS Antivirus includes Anti Spyware Anti Adware Anti Phishing Anti Spam and Web Filtering The rich set of UTM security features allows the SSG 5 and SSG 20 to be deployed as a stand alone network protection device With its robust routing engine the SSG 5 and SSG 20 can also be deployed as a traditional branch office router or as a combination security and routing device to help reduce IT capital and operational expenditures The SSG 5 and SSG 20 provide customers with the following features and benefits e Extensible O architecture that delivers fixed LAN connectivity plus WAN I O options on top of unmatched security to reduce costs and extend investment protection e UTM security features backed by best in class security partners to ensure that the network is protected against all manner of attacks e Advanced security features such as network segmentation allows administrators to deploy security p
3. Yes Encryption of HA traffic Yes Yes IP Address Assignment Static Yes Yes DHCP PPPoE client Yes Yes Internal DHCP server Yes Yes DHCP relay Yes Yes PKI Support PKI Certificate requests PKCS 7 and PKCS 10 Yes Yes Automated certificate enrollment SCEP Yes Yes Online Certificate Status Protocol OCSP Yes Yes Certificate Authorities Supported Verisign Entrust Microsoft RSA Keon iPlanet Netscape Baltimore DOD PKI Administration Local administrators database size 20 20 External administrator database RADIUS LDAP SecurID Root Admin Admin and Yes Yes Read Only user levels Software upgrades TFTP WebUI NSM SCP USB Configuration Roll back Yes Yes External Flash Additional log storage via USB Event logs and alarms Yes Yes System config script Yes Yes ScreenOS Software Yes Yes Page 3 REICH Wireless Radio Specifications Wireless Models Only Transmit Power Wireless Standards supported Up to 200mW Dual Radio 802 11 a 802 11b g Site Survey Yes Maximum Configured SSIDs 16 Maximum Active SSIDs 4 Atheros SuperG Yes Atheros eXtended Range XR Yes Wi Fi CERTIFIED Yes Wireless Security Wireless Models Only Wireless Privacy WPA WPA2 AES or TKIP IPSEC VPN WEP Wireless Authentication PSK EAP PEAP EAP TLS EAP TTLS over 802 1x MAC Access Controls Permit or Deny Client Isolation Yes Antenna Option Wireless Models Only Diversity Antenna Included Directional Antenna Future Omni dir
4. marks in this document are the property of Juniper Networks or their respective owners All specifications are subject to change without notice Juniper Networks assumes no responsibility for any inaccuracies in this document or for any obligation to update information in this document Juniper Networks reserves the right to change modify transfer or otherwise revise this publication without notice
5. SH M Anti Virus Anti Spyware Anti Phishing NS K AVS SSG5 NS K AVS SSG20 NS DI ISG SSG5 NS DI ISG SSG20 NS WF SSG5 NS WF SSG20 NS SPAM SSG5 NS SPAM SSG20 NS RBO CS SSG5 SSG 5 with Serial backup Wireless 802 11a b g 256 MB memory SSG 5 SH W xx SSG 5 with ISDN BRI S T backup Wireless 802 11a b g 256 MB memory SSG 5 SH BTW xx SSG 5 with v 92 backup Wireless 802 11a b g 256 MB memory IPS Deep Inspection SSG 5 SH MW xx Web Filtering SSG 20 SSG 20 with 2 port Mini PIM slots 128 MB Memory SSG 20 with 2 port Mini PIM slots Wireless 802 11a b g 128 MB Memory SSG 20 SB Anti Spam SSG 20 SB W xx Remote Office Bundle Includes AV DI WF SSG 20 with 2 port Mini PIM slots 256 MB memory SSG 20 SH NS RBO CS SSG20 SSG 20 with 2 port Mini PIM slots Main Office Bundle Includes AV DI WE AS NS SMB CS SSG5 Wireless 802 11a b g 256 MB memory SSG 20 SH W xx NS SMB CS SSG20 SSG 20 I O Options 1 ort Ti Mini Ph sical Interface Module JXM 1 T 1 S Note The appropriate power cord is included based upon the sales order Ship To destination P nee u Note XX denotes Region Code for Wireless devices Not all countries are supported Please see Wireless Country Compliance Matrix for certified countries 1 port E1 Mini Physical Interface Module JXM 1E1 S www jnpr net products integrated ssg_5_20 html Note For 2nd year renewal of Content Security Subscriptions add R to above SKUs 1 port ADSL2 Annex A Mini Physical Inter
6. ectional Antenna Future 1 Performance capacity and features listed are based upon systems running ScreenOS 5 4 and are the measured maximums under ideal testing conditions unless otherwise noted Actual results may vary based on ScreenOS release and by deployment 2 IMIX stands for Internet mix and is more demanding than a single packet size as it represents a traffic mix that is more typical of a customer s network The IMIX traffic used is made up of 58 33 64 byte packets 33 33 570 byte packets 8 33 1518 byte packets of UDP traffic 3 UTM Security features IPS Deep Inspection Antivirus Anti Spam and Web filtering are delivered by annual subscriptions purchased separately from Juniper Networks Annual subscriptions provide signature updates and associated support The high memory option is required for UTM Security features 4 Redirect Web filtering sends traffic to a secondary server and therefore entails purchasing a separate Web filtering license from either Websense or SurfControl 5 NAT PAT policy based NAT virtual IP mapped IP virtual systems virtual routers VLANs OSPF BGP RIPv2 Active Active HA and IP address assignment are not available in layer 2 transparent mode 6 Active Passive and HA Lite require the purchase of an Extended License In addition to the HA features an Extended License key increases a subset of the capacities as outlined below Extended License Feature SSG 20 and SSG 5 Sessions Increases
7. ent process create or validate the network design and manage the deployment We collaborate with your team to transform your network infrastructure to ensure that it is flexible scalable reliable and secure rage Maximum Performance and Capacity ScreenOS version support Firewall performance Large packets Firewall performance IMIX Firewall Packets per second 64 byte VPN performance 3DES SHA 1 Concurrent sessions New sessions second Policies Users supported Network Connectivity Fixed I O Physical Interface Module Mini PIM Slots ADSL2 T1 El ISDN BRI S T V 92 See Mini PIM datasheets WAN interface options ScreenOS 5 4 Unrestricted 5x 10 100 2 ScreenOS 5 4 160 Mbps 160 Mbps 90 Mbps 90 Mbps 30 000 30 000 40 Mbps 40 Mbps 4 000 4 000 2 800 2 800 200 200 Unrestricted 7x 10 100 O ISDN BRI S T or RS 232 Serial Aux or V 92 factory configured LAN interface options None None Wireless networking Dual Radio 802 11a 802 11b g factory configured Firewall Network attack detection Yes Yes DoS and DDoS protection Yes Yes TCP reassembly for fragmented packet protection Yes Yes Malformed packet protection Yes Yes Unified Threat Management Content Security IPS Deep Inspection FW Yes Yes Protocol anomaly detection Yes Yes Stateful protocol signatures Yes Yes Antivirus Yes Yes Signature database 100 000 Protocols scanned POP3 SMTP HTTP IMAP FTP Anti Phishing Y
8. es Yes Anti Spyware Yes Yes Anti Adware Yes Yes Anti Keylogger Yes Yes Anti Spam Yes Yes Integrated URL filtering Yes Yes External URL filtering Yes Yes VoIP Security A325 ALG Yes Yes SIP ALG Yes Yes SCCP ALG Yes Yes MGCP ALG Yes Yes NAT for SIP H 323 MGCP SCCP Yes Yes VPN Concurrent VPN tunnels 25 25 Tunnel interfaces 10 10 DES 56 bit 3DES 168 bit and AES encryptions Yes Yes MD 5 and SHA 1 authentication Yes Yes Manual key IKE PKI X 509 Yes Yes Perfect forward secrecy DH Groups 1 2 5 1 2 5 Prevent replay attack Yes Yes Remote access VPN Yes Yes L2TP within IPSec Yes Yes IPSec NAT traversal Yes Yes Redundant VPN gateways Yes Yes Firewall and VPN User Authentication Built in internal database user limit 3rd Party user authentication XAUTH VPN authentication Web based authentication 802 1X authentication Mode of Operation Layer 2 transparent mode Layer 3 route and or NAT mode Address Translation Network Address Translation NAT Port Address Translation PAT Policy based NAT PAT Mapped IP Virtual IP Routing BGP OSPF RIPv1 v2 Static routes Source based routing Policy based routing ECMP Routes Multicast Reverse Forwarding Path RFP IGMP v1 v2 IGMP Proxy PIM SM PIM SSM Mcast inside IPSec Tunnel Encapsulations PPP MLPPP Frame Relay MLFR FRF 15 FRF 16 HDLC Traffic Management QoS Guaranteed bandwidth Maximum bandwidth Ingress Traffic Policing Priority bandwidth utilizatio
9. face Module 1 port ADSL2 Annex B Mini Physical Interface Module 1 port v 92 Mini Physical Interface Module 1 port ISDN S T BRI Mini Physical Interface Module JXM 1ADSL2 A S JXM 1 ADSL2 B S JXM 1V92 S JXM 1BRL ST S Firewall Anti Spam Anti Virus Anti Spyware Web Filtering Level 1 wi D CERTIFIED PREMIUM Level 1 GATEWAY PREMIUM CORPORATE HEADQUARTERS AND SALES HEADQUARTERS FOR NORTH AND SOUTH AMERICA Juniper Networks Inc 1194 North Mathilda Avenue Sunnyvale CA 94089 USA Phone 888 JUNIPER 888 586 4737 or 408 745 2000 Fax 408 745 2100 www juniper net 100176 002 Oct 2006 EAST COAST OFFICE Juniper Networks Inc 10 Technology Park Drive Westford MA 01886 3146 USA Phone 978 589 5800 Fax 978 589 0800 ASIA PACIFIC REGIONAL SALES HEADQUARTERS Juniper Networks Hong Kong Ltd Suite 2507 11 25 F ICBC Tower Citibank Plaza 3 Garden Road Central Hong Kong Phone 852 2332 3636 Fax 852 2574 7803 EUROPE MIDDLE EAST AFRICA REGIONAL SALES HEADQUARTERS Juniper Networks UK Limited Building 1 Aviator Park Station Road Addlestone Surrey KT15 2PG U K Phone 44 0 1372 385500 Fax 44 0 1372 385501 Copyright 2006 Juniper Networks Inc All rights reserved Juniper Networks and the Juniper Networks logo are registered trademarks of Juniper Networks Inc in the United States and other countries All other trademarks service marks registered trademarks or registered service
10. ffic and 40 Mbps of IPSec VPN throughput The SSG 5 Series is equipped with seven on board 10 100 interfaces with optional fixed WAN ports ISDN BRI S T V 92 or RS 232 Serial Aux Optional support for 802 11 a b g and a broad array of wireless specific security allow the SSG 5 to consolidate security routing and wireless access point into a single device The SSG 20 is a modular platform that delivers 160 Mbps of Stateful firewall traffic and 40 Mbps of IPSec VPN throughput The SSG 20 is equipped with five on board 10 100 interfaces with two I O expansion slots that support I O cards such as ADSL2 T1 E1 ISDN BRI S T V 92 for additional WAN connectivity Optional support for 802 11 a b g and a broad array of wireless specific security allow the SSG 20 to consolidate security routing and wireless access point into a single device Network segmentation The SSG 5 and SSG 20 provide an advanced set of network segmentation features such as Security Zones Virtual Routers and VLANs that allow administrators to deploy different levels of security to different user groups by dividing the network into distinct secure domains each with their own security policy Seamlessly transform your network Whether you are deploying a few SSGs to your local offices or implementing thousands around the world Juniper Networks Professional Services can help From simple lab testing to major network implementations we can identify the goals define the deploym
11. max from 4000 to 8000 VPN Tunnels Increases max from 25 to 40 VLANS Increases max from 10 to 50 VoIP Calls Increases max from 32 to 48 High Availability Adds support for Stateful Active Passive and or HA Lite IPS Deep Inspection FW Signature Packs Signature Packs provide the ability to tailor the attack protection to the specific deployment and or attack type The following Signature packs are available for the SSG 5 and SG 20 Dimensions and Power Dimensions W L H 11 5 8 x 7 3 8 x 1 3 4 8 3 4 x 5 5 8 x 1 5 8 29 5cm x 18 7cm x 4 5cm 22 2cm x 14 3cm x 4 1cm Signature Pack Target Deployment Defense Type Base Client Branch Offices small medium businesses Remote Branch Offices Client Server and worm protection Perimeter defense compliance for hosts Type of Attack Object Range of signa tures and protocol anomalies Attacks in the server to client direction Weight 3 3 lbs 1 5 kg 2 1 lbs 0 95 kg Rack mountable Yes Yes Power Supply AC 100 240 VAC 100 240 VAC Certifications Safety Certifications CSA CB CSA CB EMC Certifications Environment Temp and Humidity Operating Temp O to 40 Deg C 32 to 104 Deg F 20 to 65 Deg C 4 to 149 Deg F 10 to 90 non condensing Non Operating Temp Humidity MTBF Bellcore model Non Wireless 35 8 Yrs Wireless 28 9 Yrs FCC Class B CE Class B A Tick VCCI class B FCC Class B CE Class B A Tick VCCI class B O to 40 Deg C
12. n DiffServ stamp Wi Fi Multi Media WMM System Management WebUI HTTP and HTTPS Command Line Interface console Command Line Interface telnet Command Line Interface SSH NetScreen Security Manager All management via VPN tunnel on any interface SNMP full custom MIB Rapid deployment Logging and Monitoring Syslog multiple servers E mail 2 addresses NetIQ WebTrends SNMP v2 Traceroute VPN tunnel monitor Up to 100 Up to 100 RADIUS RSA SecurID and LDAP Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes 1 024 1 024 Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes N A Yes N A Yes N A Yes N A Yes Yes Yes Yes Yes Yes Yes Yes Yes per policy Yes with WLAN Yes per policy Yes with WLAN Yes Yes Yes Yes Yes Yes Yes v1 5 and v2 0 compatible Yes Yes Yes Yes Yes Yes Yes Yes External up to 4 servers Yes Yes External External Yes Yes Yes Yes Yes Yes Virtualization Maximum number of configurable security zones 8 8 Maximum number of virtual routers 3 5 Maximum number of 802 1q VLANs 10 10 High Availability HA Active Passive Yes Yes Configuration synchronization Yes Yes Session synchronization for firewall and VPN Yes Yes Session failover for routing change Yes Yes Device failure detection Yes Yes Link failure detection Yes Yes Authentication for new HA members Yes
13. olicies to isolate guests wireless networks and regional servers or databases to prevent unauthorized access and contain any attacks that may occur e Dedicated security specific processing hardware and software platform delivers performance required to protect high speed LAN as well as lower speed WAN connections SSG 5 SSG 20 Security Proven Stateful firewall and IPSec VPN combined with best in class UTM security features including IPS Deep Inspection Antivirus includes Anti Spyware Anti Adware Anti Phishing Anti Spam and Web Filtering protects both LAN and WAN traffic from worms Spyware Trojans malware and other emerging attacks LAN WAN connectivity The combination of LAN WAN connectivity options and supporting protocols provides customers with the ability to deploy the SSG 5 or SSG 20 as a traditional LAN based firewall or as a consolidated routing and security device thereby reducing TCO Used by enterprises service providers and stand alone businesses alike the SSG 5 and SSG 20 are ideally suited for locations that are smaller with fewer employees yet still require advanced security and routing features to protect business critical traffic traversing the WAN and high speed internal networks Typical deployments include small businesses distributed branch offices retail outlets and fixed telecommuter environments The SSG 5 is a fixed form factor platform that delivers 160 Mbps of Stateful firewall tra
Download Pdf Manuals
Related Search