Datasheet
5
SSG520M SSG550M
IPsec VPN
Concurrent VPN tunnels 500 1,000
Tunnel interfaces 100 300
DES (56-bit), 3DES (168-bit) and AES (256-bit) Yes Yes
MD-5 and SHA-1 authentication Yes Yes
Manual key, IKE, IKEv2 with EAP, PKI (X.509) Yes Yes
Perfect forward secrecy (DH Groups) 1,2,5 1,2,5
Prevent replay attack Yes Yes
Remote access VPN Yes Yes
L2TP within IPsec Yes Yes
IPsec NAT traversal Yes Yes
Auto-Connect VPN Yes Yes
Redundant VPN gateways Yes Yes
User Authentication and Access Control
Built-in (internal) database - user limit 500 1,500
Third-party user authentication RADIUS, RSA SecureID, LDAP RADIUS, RSA SecureID, LDAP
RADIUS Accounting Yes – start/stop Yes – start/stop
XAUTH VPN authentication Yes Yes
Web-based authentication Yes Yes
802.1X authentication Yes Yes
Unified access control enforcement point Yes Yes
PKI Support
PKI Certificate requests (PKCS 7 and PKCS 10) Yes Yes
Automated certificate enrollment (SCEP) Yes Yes
Online Certificate Status Protocol (OCSP) Yes Yes
Certificate Authorities supported VeriSign, Entrust, Microsoft, RSA Keon, iPlanet
(Netscape) Baltimore, DoD PKI
VeriSign, Entrust, Microsoft, RSA Keon, iPlanet
(Netscape) Baltimore, DoD PKI
Self-signed certificates Yes Yes
Virtualization
Maximum number of security zones 60 60
Maximum number of virtual routers 11 16
Bridge groups* Yes Yes
Maximum number of VLANs 125 150
Routing
BGP instances 10 15
BGP peers 64 128
BGP routes 250,000 250,000
OSPF instances 3 8
OSPF routes 250,000 250,000
RIP v1/v2 instances 128 256
RIP v2 routes 250,000 250,000
Static routes 250,000 250,000
Source-based routing Yes Yes
Policy-based routing Yes Yes
ECMP Yes Yes
Specifications (continued)
*Bridge groups supported only on uPIMs in ScreenOS 6.0 and higher releases.