Datasheet
5
SSG5 BASE/EXTENDED SSG20 BASE/EXTENDED
IPsec VPN
Auto-Connect VPN Yes Yes
Concurrent VPN tunnels 25/40 25/40
Tunnel interfaces 10 10
DES encryption (56-bit), 3DES encryption (168-bit) and
Advanced Encryption Standard (AES) (256-bit)
Yes Yes
MD-5 and SHA-1 authentication Yes Yes
Manual key, Internet Key Exchange (IKE), IKEv2 with EAP
public key infrastructure (PKI) (X.509)
Yes Yes
Perfect forward secrecy (DH Groups) 1,2,5 1,2,5
Prevent replay attack Yes Yes
Remote access VPN Yes Yes
Layer2 Tunneling Protocol (L2TP) within IPsec Yes Yes
IPsec Network Address Translation (NAT) traversal Yes Yes
Redundant VPN gateways Yes Yes
User Authentication and Access Control
Built-in (internal) database - user limit 100 100
Third-party user authentication RADIUS, RSA SecureID, LDAP RADIUS, RSA SecureID, LDAP
RADIUS Accounting Yes Yes
XAUTH VPN authentication Yes Yes
Web-based authentication Yes Yes
802.1X authentication Yes Yes
Unified Access Control (UAC) enforcement point Yes Yes
PKI Support
PKI Certificate requests (PKCS 7 and PKCS 10) Yes Yes
Automated certificate enrollment (SCEP) Yes Yes
Online Certificate Status Protocol (OCSP) Yes Yes
Certificate Authorities supported VeriSign, Entrust, Microso, RSA Keon, iPlanet
(Netscape) Baltimore, DoD PKI
VeriSign, Entrust, Microso, RSA Keon, iPlanet
(Netscape) Baltimore, DoD PKI
Self-signed certificates Yes Yes
Virtualization
Maximum number of security zones 8 8
Maximum number of virtual routers 3/4 3/4
Maximum number of VLANs 10/50 10/50
Routing
BGP instances 3/4 3/4
BGP peers 10/16 10/16
BGP routes 1,024 1,024
OSPF instances 3 3
OSPF routes 1,024 1,024
RIP v1/v2 instances 16 16
RIP v2 routes 1,024 1,024
Static routes 1,024 1,024
Source-based routing Yes Yes
Policy-based routing Yes Yes
Equal-cost multipath (ECMP) Yes Yes
Specifications (continued)