Manualshelf

Datasheet

ManualsBrandsJuniper ManualsNetworkingNS-500ES-FE1-AC
12
J
J
u
u
n
n
i
i
p
p
e
e
r
r
N
N
e
e
t
t
w
w
o
o
r
r
k
k
s
s
N
N
e
e
t
t
S
S
c
c
r
r
e
e
e
e
n
n
-
-
5
5
0
0
0
0
((11))
M
M
a
a
x
x
i
i
m
m
u
u
m
m
P
P
e
e
r
r
f
f
o
o
r
r
m
m
a
a
n
n
c
c
e
e
a
a
n
n
d
d
C
C
a
a
p
p
a
a
c
c
i
i
t
t
y
y
((11))
S
creenOS version support ScreenOS 5.4
F
irewall performance 700 Mbps
3DES+SHA-1 performance 250 Mbps
Concurrent sessions
(2)
250,000
New Sessions/Second 7,000
Po
licies
(2)
20,000
I
nterfaces 8
10/10
0 or mini-GBIC
(SX or LX), 4 GBIC (SX or LX)
M
M
o
o
d
d
e
e
o
o
f
f
O
O
p
p
e
e
r
r
a
a
t
t
i
i
o
o
n
n
Layer 2 mode (transparent mode)
(4)
Yes
Layer 3 mode (route and/or NAT mode) Yes
NAT (Network Address Translation) Yes
PAT (Port Address Translation) Yes
Policy-based NAT Yes
Virtual IP 4
Mapped IP
(3)
4,096
MIP/VIP Grouping Yes
Users supported Unrestricted
F
F
i
i
r
r
e
e
w
w
a
a
l
l
l
l
Number of network attacks detected 31
Network attack detection Yes
DoS and DDoS protections Yes
TCP reassembly for fragmented packet protection Yes
Malformed packet protections Yes
Deep Inspection (DI) firewall Yes
Protocol anomaly Yes
IPS (Deep Inspection) firewall Yes
Stateful protocol signatures Yes
Content Inspection Yes
Embedded antivirus
No
Malicious Web filtering up to 48 URLs
External Web filtering (Websense or SurfControl) Yes
Integrated Web filtering No
Brute force attack mitigation Yes
Deep Inspection (DI) att
ack pattern obfuscation Yes
SYN cookie Yes
Z
one-based IP spoofing
Yes
V
V
P
P
N
N
Site-to-site VPN tunnels
(2)
up to 5,000
Remote access VPN tunnels 10,000
(3)
T
unnel interfaces up to 1,024
DES (56-bit), 3DES (168-bit) and AES encryption
Y
es
MD-5 and SHA-1 authentication Yes
Manual K
e
y
, IKE, PKI (X.509)
Y
es
Perfect forward secrecy (DH Groups) 1,2,5
Prevent replay attack Yes
R
emote access VPN
Y
es
L2TP within IPSec Yes
Dead Peer Detection Yes
IPSec NAT Traversal Yes
R
edundant VPN gate
ways Yes
VPN tunnel monitor Yes
F
F
i
i
r
r
e
e
w
w
a
a
l
l
l
l
a
a
n
n
d
d
V
V
P
P
N
N
U
U
s
s
e
e
r
r
A
A
u
u
t
t
h
h
e
e
n
n
t
t
i
i
c
c
a
a
t
t
i
i
o
o
n
n
Built-in (internal) database – user limit
(2)
up to 1,500
3rd Party user authentication RADIUS, RSA SecurID, 802.1X and LDAP
XA
UTH VPN authentication Yes
W
eb-based authentication
Yes
J
J
u
u
n
n
i
i
p
p
e
e
r
r
N
N
e
e
t
t
w
w
o
o
r
r
k
k
s
s
N
N
e
e
t
t
S
S
c
c
r
r
e
e
e
e
n
n
-
-
5
5
0
0
0
0
((11))
P
P
K
K
I
I
S
S
u
u
p
p
p
p
o
o
r
r
t
t
P
KI Certificate requests (PKCS 7 and PKCS 10) Yes
A
utomated certificate enrollment (SCEP) Yes
Online Certificate Status Protocol (OCSP) Yes
Self Signed Certificates Yes
Certificate Authorities Supported
Ve
risign Yes
E
ntrust Ye
s
Microsoft Yes
RSA Keon Yes
iPlanet (Netscape) Yes
Baltimore Yes
DOD PKI Yes
L
L
o
o
g
g
g
g
i
i
n
n
g
g
/
/
M
M
o
o
n
n
i
i
t
t
o
o
r
r
i
i
n
n
g
g
Syslog (multiple servers) External, up to 4 servers
E-mail (2 addresses) Yes
NetIQ WebTrends External
SNMP (v1, v2) Yes
Standard and custom MIB Yes
Traceroute Yes
V
V
i
i
r
r
t
t
u
u
a
a
l
l
i
i
z
z
a
a
t
t
i
i
o
o
n
n
Maximum number of Virtual Systems
(5)
0 Default, upgradeable to 25
Maximum number of security zones
(5)
8 default, upgradeable to 58
Maximum number of virtual routers
(5)
3 default, upgradeable to 28
Number of VLANs supported 100 per port
R
R
o
o
u
u
t
t
i
i
n
n
g
g
OSPF/BGP dynamic routing
(
2)
up to 8 instances each
RIPv1/v2 dynamic routing
(2)
Up to 256 instances
Static routes 8,192
Sour
ce Based R
outing, Source Interface Based Routing Yes
Equal cost multi-path routing Yes
H
H
i
i
g
g
h
h
A
A
v
v
a
a
i
i
l
l
a
a
b
b
i
i
l
l
i
i
t
t
y
y
(
(
H
H
A
A
)
)
A
ctive/A
ctiv
e
Y
es
Active/Passive Yes
Redundant Interfaces Yes
Configuration synchronization Yes
Session synchronization for firewall and VPN Yes
Device failure detection Yes
Link f
ailur
e detection
Yes
A
uthentication f
or ne
w HA member
sYes
Encryption of HA traffic Yes
LD
AP and RADIUS serv
er f
ailo
v
er
Yes
V
V
o
o
I
I
P
P
H.323 ALG Yes
SIP AL
G
Y
es
SCCP ALG Yes
MGCP ALG Yes
NAT for H.323/SIP/MGCP/SCCP Yes
I
I
P
P
A
A
d
d
d
d
r
r
e
e
s
s
s
s
A
A
s
s
s
s
i
i
g
g
n
n
m
m
e
e
n
n
t
t
Static Yes
DHCP
, PPP
oE client
No
Internal DHCP server No
DHCP Relay Yes
The NetScreen-500 is a purpose-built, security system designed to provide a flexible, high performance
solution for medium and large enterprise central sites and service providers. The NetScreen-500
security system integrates firewall, DoS, VPN and traffic management functionality in a low-profile,
modular chassis. It provides high levels of total throughput for firewall and VPN plus support for virtual
systems and security zones. Combined with a flexible and resilient hardware architecture incorporating
modular physical interfaces, redundant power supplies, fans and high availability interfaces, the
NetScreen-500 exceeds most enterprises’ typical traffic conditions. It is well suited to match the peak
load and strong deterrence requirements of the most demanding environments.
P
age 1
Datasheet
Juniper Networks NetScreen-500

Summary of content (2 pages)