Juniper NetScreen-5GT 10 User
Contents
1. 5GT Series TE Pose 2 5GT ADSL 5GT Wireless 5GT ADSL 5GT Wireless S 5GT 10 user l BAI 5GT 10 user Firewall naasa 10 user 10 user Logging Monitoring A 10 user 10 user P or plus or plus P or plus or plus Number of network attacks detected 31 31 31 Syslog multiple servers External up to 4 servers Network attack detection Yes Yes Yes E mail 2 addresses Yes Yes Yes DoS and DDoS protections Yes Yes Yes NetIQ WebTrends External External External TCP reassembly for fragmented Yes Yes Yes i packet protection SNMP v1 v2 Yes Yes Yes z Standard and custom MIB Yes Yes Yes Malformed packet protections Yes Yes Yes 7 Traceroute Yes Yes Yes Malicious Web filtering Up to 48 URLs R At session start and end Yes Yes Yes Brute force attack mitigation Yes Yes Yes 7 A Virtualization Syn cookie protection Yes Yes Yes Virtual routers VRs 3 5 3 Zone based IP spoofing Yes Yes Yes 802 1Q VLan Tagging Yes Yes Yes VPN Concurrent VEN tunnels Up to 10 OSPF BGP RIPv1 v2 dynamic routing 3 instances each Static routes 1024 1024 1024 Tunnel interfaces Up to 10 Source Based Routing Source yes A aA DES 56 bit 3DES 168 bit and AES Interface Based Routing g Yes Yes Yes 5 encryption E2. Home Zone Cannot Access Work Zone in Home Work and Combined Port Modes NetScreen 5GT Upgrade from 10 User to NetScreen 5GT Extended NS 5GT ETU These Port modes are not available in the ADSL version of the NetScreen 5GT ADSL NetScreen 5GT Upgrade from Plus to Extended NS 5GT EPU Product Part Number Accessories Juniper Networks 5GT Ethernet Rack mount kit for 2 NetScreen 5GTs NS 5GT RMK Juniper Networks NetScreen 5GT 10 User NetScreen 5GT US power supply NS 5GT 001 NetScreen 5GT UK power supply NS 5GT 003 NetScreen 5GT Europe power supply NS 5GT 005 NetScreen 5GT Japan power supply NS 5GT 007 nn NetScreen 5GT ADSL Juniper Networks NetScreen 5GT ADSL 10 User NetScreen 5GT ADSL US power supply NS 5GT O11 x NetScreen 5GT ADSL UK power supply NS 5GT 01 3 x NetScreen 5GT ADSL Europe power supply NS 5GT 015 A World units may not be purchased in Japan or the US due to regulatory restrictions To order ADSL Annex A or Annex B units replace the x at the end of the sku with an A or B Please check ISP and DSLAM compatibility for the ADSL connections at www juniper net products integrated 5GT ADSL Deep Inspection DI Signature Packs This feature enhancement allows ScreenOS to support targeted DI signature pack optimized for your specific network deployment You can now select the DI signature pack that improves threat prevention for your network environment to ensure detection accuracy
3. Juniper Networks NetScreen 5GT Series Page 1 PEENI The Juniper Networks NetScreen 5GT Series is a family of three feature rich enterprise class network security solutions They are ideally suited for securing remote offices retail outlets and broadband telecommuter environments where IT staff support is minimal and ease of configuration and management is crucial The NetScreen 5GT Series integrates Unified Threat Management UTM security applications routing protocols and resiliency features to provide IT managers a cost effective appliance that is easy to deploy and manage All NetScreen 5GT Series offerings described below come standard with the following features mer e Security Proven Stateful firewall and IPSec VPN combined with a complete set of best in class UTM security features including IPS Antivirus includes Anti Spyware Anti Adware Anti Phishing Anti Spam and Web Filtering allow the NetScreen 5GT to defend the network against worms Spyware Trojans malware and other emerging attacks e Network integration Support for key routing protocols such as BGP OSPF RIPv1 2 and ECMP along with NAT Route and Transparent Layer 2 operation helps facilitate network integration e Resiliency Dial backup or dual Ethernet ports along with route based VPNs provide redundancy when network connectivity is business critical Dual WAN ports can also be used to share traffic load e Port Flexibility Almost ev
4. No No Weight 1 5 Ibs 2 lbs 2 5 lbs Root Admin Admin and Read Only Yes Yes Yes use Rack mountable Yes w separate kit Software upgrades TFTP WebUI SCP NSM Power Supply AC 9 12VDC 12W 12VDC 18W Traffic Management Operational temperature 32 to 1004 F 0 to 40 C Guaranteed bandwidth Xes X65 es Non operational temperature 4 to 158 F 20 to 70 C Maximum bandwidth Yes Yes Yes Humidity 10 to 90 non condensing Ingress Traffic Policing Yes Yes Yes ae Ges MTBF Telecordia standard 32 2 Years 26 7 Years 23 9 Years Priority bandwidth utilization Yes Yes Yes DiffServ stamp Yes Yes Yes gerncauons ADSL Support Safety Certifications UL CUL CB TUV ADSL over POTS N A Yes Yes optional EMC Certifications FCC class B CE class B C Tick VCCI class B ADSL over ISDN N A Yes Yes optional Common Criteria EAL4 Certification Yes No No ADSL DMT issue 2 N A Yes Yes optional FIPS 140 2 Level 2 Certification Yes No No ADSL G lite Yes No N A Yes Yes optional IOSA Firewall and VPN Yes Yes us Dying Gasp Support N A Yes Yes optional WL Fi Alliance 802 11 Certification No No Yes Deutsche Telecom Support N A Yes Yes optional WL Fi Alliance Enterprise Certification No No Yes ADSL Layer 2 and encapsulations 1 Performance capacity and features listed are based upon 3 Supported via Kaspersky Lab Antivirus engine systems running ScreenOS 5 4 and are the measured 4 Supported via Symantec Brightmail PPPoE PPPoA N A Yes Yes 0 tional max
5. and coverage Protection Type Deployment Type Defense type Attack Type Base Branch Offices Client Server and Selected set of critical Small Medium worm protection signatures Businesses Client Remote Branch Perimeter defense Attacks in the server Offices compliance for to client direction hosts desktops etc Server Small Medium Perimeter defense Attacks in the client to Businesses compliance for server direction server infrastructure Worm Mitigation Remote Branch Most comprehen Worms Trojans back Offices of Large sive defense against door attacks Enterprises worm attacks J e iy Juniper H H a Li NETWORKS CORPORATE HEADQUARTERS EAST COAST OFFICE ASIA PACIFIC REGIONAL EUROPE MIDDLE EAST AFRICA Copyright 2006 Juniper Networks Inc All rights reserved Juniper Networks and the Juniper Networks logo are registered trademarks of AND SALES HEADQUARTERS FOR NORTH AND SOUTH AMERICA SALES HEADQUARTERS Juniper Networks Hong Kong Ltd Suite 2507 11 Asia Pacific Finance Tower Citibank Plaza 3 Garden Road Central Hong Kong Phone 852 2332 3636 Fax 852 25747803 Juniper Networks Inc 10 Technology Park Drive Westford MA 01886 3146 USA Phone 978 589 5800 Fax 978 589 0800 Juniper Networks UK Limited Juniper House Guildford Road Leatherhead Surrey KT22 9JH U K Phone 44 0 1372 385500 Fax 44 0 1372 385501 Juniper Networks Inc 1194 North Mathi
6. on each of the NetScreen Additional Dial up VPN Tunnels N A N A 20 for 10 user 5GT Series platforms The tables below depict the different Port Mode and Tunnel zone op and Plus 40 tions A tunnel zone is an extra zone for terminating tunnel interfaces for Extended NetScreen 5GT Ethernet Port Mode Options MAC Access Controls N A N A Permit or Deny Interfaces 5 10 100 ports 1 Modem and 1 Console Current ScreenOS version 5 1 lient Isolation N A N A Yes sa eee i cient Isola Port Mode Availability UAE Wille Sit Tunnel Zones z rity Zones Antennae options Trust Untrust All Licenses 1 1 Diversity Antenna N A N A Included Dual Untrust All Licenses 1 1 Directional Antenna N A N A Optional Home Work All Licenses 2 1 Omni directional Antenna N A N A Optional P Trust Untrust DMZ Extended Only 2 1 DMZ Dual Untrust Extended Only 2 1 Combined All Licenses 2t 1 Dual Untrust DMZ Extended Only 2 1 Dual DMZ Extended Only 2 1 Home Zone Cannot Access Work Zone in Home Work and Combined Port Modes NetScreen 5GT ADSL and NetScreen 5GT Wireless ADSL Port Mode Options Interfaces 5 10 100 ports 1 ADSL port 1 Modem and 1 Console Current ScreenOS version 5 3 Product Ss NetScreen 5GT Wireless Availability Trusted Wired Tunnel Zones Additional and Wireless Wireless Juniper Networks NetScreen 5GT Wireless 10 User Zones TLES
7. NetScreen 5GT Wireless US Only US power supply NS 5GT 021 Trust Untrust All Licenses 1 1 1 NetScreen 5GT Wireless World UK power supply NS 5GT 023 Home Work All Licenses a 1 1 NetScreen 5GT Wireless World Europe power supply NS 5GT 025 Extended Extended Only 2 1 2 NetScreen 5GT Wireless Japan Only Japan power supply NS 5GT 027 nn Home Zone Cannot Access Work Zone in Home Work and Combined Port Modes NetScreen 5GT Wireless World US power supply NS 5GT 028 Wireless security product only NetScreen 5GT Wireless Port Mode Options NetScreen SGT Wireless ADSL 5 10 100 ports 1 Wireless radio 1 Modem and 1 Console 1 ADSL port optional Current Juniper Networks NetScreen 5GT Wireless ADSL 10 User ScreenOS version 5 3 NetScreen 5GT Wireless ADSL US Only US power supply NS 5GT 031 x Availability Trusted Wired Tunnel Zones Additional NetScreen 5GT Wireless ADSL World UK power supply NS 5GT 033 x and Wireless Wireless i we NetScreen 5GT Wireless ADSL World Europe power supply NS 5GT 035 x Zones Security Zones Trust Untrust All Licenses i 1 1 NetScreen 5GT Wireless ADSL World US power supply NS 5GT 038 x Dual Untrust All Licenses 1 1 1 ee en ieee Anti Virus Deep Inspection Web Filtering and Anti Spam can be Home Work All Licenses 2r 1 1 purchased via subscription licenses Combined All Licenses a 1 1 NetScreen 5GT Upgrade from 10 User to NetScreen 5GT Plus NS 5GT PLU Extended Extended Only 2 1 2 Unrestricted user
8. ed to provision appropriate levels of security for different types of users To help ensure wireless security privacy and interoperability the NetScreen 5GT Wireless supports a broad set of wireless authentication and privacy mechanisms The NetScreen 5GT Wireless includes standard Ethernet connectiv ity with ADSL as a hardware option ScreenOS version support 5GT 10 user or plus 5GT ADSL 10 user or plus ScreenOS 5 4 5GT Wireless 10 user or plus Firewall performance 75 Mbps 3DES SHA 1 VPN performance 20 Mbps Concurrent sessions 2000 New sessions second 2000 Policies 100 Interfaces 5 10 100 Base T 5 10 100 Base T 5 10 100 ports 1 Mode of Operation 1 Modem and 1 Console 5GT 10 user or plus ADSL 1 Modem and 1 Console 5GT ADSL 10 user or plus Wireless port with up to 4 SSIDs 1 Modem and 1 Console 1 ADSL port optional 5GT Wireless 10 user or plus Layer 2 mode transparent mode Yes Yes Yes except with ADSL Layer 3 mode route and or NAT mode Yes Yes Yes NAT Network Address Translation Yes Yes Yes PAT Port Address Translation Yes Yes Yes Configurable port modes Yes Yes Yes Dual Untrust Yes Yes Yes Dial back up Yes Yes Yes Policy based NAT Yes Yes Yes Mapped IP 300 300 300 Virtual IP 1 1 1 MIP VIP Grouping Yes Yes Yes Users supported 10 or Unrestricted IPSec passthru in NAT mode Yes Yes Yes
9. ery network deployment scenario can be accommodated without a hardware upgrade through five configurable Ethernet interfaces Administrators can enable switching dual WAN ports a dedicated DMZ or any combination thereof through a set of six predefined interface layouts called Port Modes Juniper Networks NetScreen 5GT Ethernet Juniper Networks NetScreen 5GT Ethernet solution is ideal for environments that need hardwired connectivity backed by robust network application and payload level security The NetScreen 5GT Ethernet is available with five Ethernet inter faces that can be deployed in a wide variety of configurations Juniper Networks NetScreen 5GT ADSL The Juniper Networks NetScreen 5GT ADSL adds ADSL con nectivity to existing Ethernet connectivity eliminating the need for an external ADSL modem It provides a cost effec tive security and ADSL routing platform with the same key security applications routing protocols and resiliency features found in the Ethernet based platforms to help ensure network resources are not compromised Juniper Networks NetScreen 5GT Wireless The Juniper Networks NetScreen 5GT with Wireless brings enterprise level security applications routing protocols and resiliency features to help organizations deploy 802 11b g networks in a secure manner The NetScreen 5GT Wireless offers administrators up to four configurable Wireless Security Zones patent pending each with a unique SSID that can be us
10. imums under ideal testing conditions unless otherwise 5 Supported via SurfControl p noted Actual results may vary based on ScreenOS release 6 Supported via SurfControl and Websense 2684 1483 Bridge and Routed Mode N A Yes Yes optional and by deployiientt 2 NAT PAT policy based NAT virtual IP mapped IP virtual ATM AAL5 ATM PVCs N A Yes 10 Yes 10 optional systems virtual routers VLANs OSPF BGP RIPv2 Active Active HA and IP address assignment are not available in Wireless Radio layer 2 transparent mode Transmit Power N A N A Up to 200 mW Wireless Standards supported N A N A 802 11b g Access Point Survey N A N A Yes License Options EE EE ee gt fon i A aae i iff Maximum Configured SSIDs N A N A 8 The NetScreen 5GT Series is available in licensing options to support different numbers of users Maximum Active SSIDs N A N A 4 Licensing Options Description Wireless Security 10 user Product license Limits capacity to 10 concurrent users Wireless Privacy N A N A WPA AES or Plus Product license Increases capacity to an unlimited number of TKIP IPSec users VPN WEP 7 A a 2 Extended Product license Increases sessions and VPN tunnel capacities to Wireless Authentication N A N A PSK EAP 4000 and 25 respectively Adds a DMZ zone and PEAP EAP HA lite no session synchronization TLS EAP TTLS over 802 1x Port Modes j Port Modes provide configuration flexibility to the interface options
11. lda Avenue Sunnyvale CA 94089 USA Phone 888 JUNIPER 888 586 4737 or 408 745 2000 Fax 408 745 2100 wwwJuniper net 110034 006 July 2006 REGIONAL SALES HEADQUARTERS Juniper Networks Inc in the United States and other countries All other trademarks service marks registered trademarks or registered service marks in this document are the property of Juniper Networks or their respective owners All specifications are subject to change without notice Juniper Networks assumes no responsibility for any inaccuracies in this document or for any obligation to update information in this document Juniper Networks reserves the right to change modify transfer or otherwise revise this publication without notice
12. otocol Yes Yes Yes OCSP Firewall and VPN User Authentication F Self Signed Certificates Yes Yes Yes Built in internal database user limit up to 100 up to 100 up to 100 i B Verisign Entrust Microsoft RSA Keon iPlanet Certificate Authorities Supported 3rd Party user authentication RADIUS RSA SecurID 802 1x and LDAP Netscape DOD PKI Baltimore XAUTH VPN authentication Yes Yes Yes RADIUS Accounting Web based authentication Yes Yes Yes RADIUS Start Stop Yes Yes Yes Deep Inspection DI firewall Yes Yes Yes WebUI HTTP and HTTPS Yes Yes Yes Protocol anomaly detection Yes Yes Yes Command Line Interface console Yes Yes Yes Stateful protocol signatures Yes Yes Yes Command Line Interface telnet Yes Yes Yes Command Line Interface SSH Yes v1 5 and v2 0 compatible NetScreen Security Manager Yes Yes Yes All ia VPN l management via tunnel on Yes Yes Yes any interface Rapid deployment Yes Yes Yes Page 3 Breit 5GT ADSL 5GT Wireless 5GT ADSL 5GT Wireless Administration SGT 10 user 10 user 10 user Dimensions and Power sorte 10 user 10 user or plus or plus or plus or plus or plus Local administrators database size 20 20 20 Dimensions W L H 8 1 4 x5 x1 pike oe External administrator database RADIUS LDAP SecurID Power Supply DC No
13. qual cost multi path routing Yes Yes Yes MD 5 and SHA 1 authentication Yes Yes Yes IGMP groups 2400 2400 2400 Manual Key IKE PKI X 509 Yes Yes Yes 7 Seren y ei High Availability HA Perfect forward secrecy DH Groups 1 2 5 1 2 5 1 2 5 Prevent replay attack Yes Yes Yes HA Lite Yes with Extended License Key Remote access VPN Yes Yes Yes Dial Backup Yes Yes Yes L2TP within IPSec Yes Yes Yes Dual Untrust Yes Yes Yes IPSec NAT traversal Yes Yes Yes H 323 ALG Yes Yes Yes Redundant VPN gateways Yes Yes Yes VPN tunnel monitor Yes Yes Yes SIF aLG Nes Yes ns Unified Threat Management Content Security SCCP ALG Yes Yes Yes IPS Deep Inspection FW Yes Yes Yes MGCP ALG Yes Yes Yes Protocol anomaly detection Yes Yes Yes NAT for H 323 SIP Yes Yes Yes Yes Yes Yes Stateful protocol signatures Yes Yes Yes IP Address Assignment Antivirus Ye Ye Ye A nays 2 gt Static Yes Yes Yes Signature database 100 000 DHCP PPPOE PPPOA cli Yes Yes N Yes Yes Y Tarve es Maximum AV Users POP3 SMTP HTTP IMAP FTP R cent SSMESINO GS TES TES w ADSL Anti Phishing Yes Yes Yes Internal DHCP server Yes Yes Yes Anti Spyware Yes Yes Yes DHCP relay Yes Yes Yes Anti Adware Yes Yes Yes PKI Support Anti Keylogger Yes Yes Yes PKI certificate requests PKCS 7 and Yes Yes Yes a PKCS 10 Anti Ye Ye Ye oles ls es S S Automated certificate enrollment Yes Yes Yes Integrated URL filtering Yes Yes Yes SCEP External URL filtering Yes Yes Yes Online Certificate Status Pr
Download Pdf Manuals
Related Search