Datasheet
4
IPv6
Dual stack IPv4/IPv6 rewall and VPN Yes
IPv4 to/from IPv6 translations and encapsulations Yes
Syn-Cookie and Syn-Proxy DoS Attack Detection Yes
SIP, RTSP, Sun-RPC, and MS-RPC ALG’s Yes
RIPng Yes
Mode of Operation
Layer 2 (transparent) mode
(5)
Yes
Layer 3 (route and/or NAT) mode Yes
Address Translation
Network Address Translation (NAT) Yes
Port Address Translation (PAT) Yes
Policy-based NAT/PAT Yes
Mapped IP (MIP) 1,000
Virtual IP (VIP) 16
MIP/VIP Grouping Yes
IP Address Assignment
Static Yes
Dynamic Host Conguration Protocol (DHCP),
Point-to-Point Protocol over Ethernet (PPPoE) client Yes
Internal DHCP server Yes
DHCP relay Yes
Traffic Management Quality of Service (QoS)
Guaranteed bandwidth Yes - per policy
Maximum bandwidth Yes - per policy
Ingress trafc policing Yes
Priority-bandwidth utilization Yes
Differentiated Services marking Yes - per policy
High Availability (HA)
Active/active - L3 mode Yes
Active/passive - Transparent & L3 mode Yes
Conguration synchronization Yes
Session synchronization for rewall and VPN Yes
Session failover for routing change Yes
VRRP Yes
Device failure detection Yes
Link failure detection Yes
Authentication for new HA members Yes
Encryption of HA trafc Yes
System Management
WebUI (HTTP and HTTPS) Yes
Command line interface (console) Yes
Command line interface (telnet) Yes
Command line interface (SSH) Yes – v1.5 and v2.0 compatible
NetScreen-Security Manager Yes
All management via VPN tunnel on any interface Yes
Rapid deployment No
Administration
Local administrator database size 20
External administrator database support RADIUS, RSA SecureID, LDAP
Restricted administrative networks 6
Root Admin, Admin, and Read Only user levels Yes
Software upgrades TFTP, WebUI, NSM, SCP, USB
Conguration roll-back Yes
Logging/Monitoring
System log (multiple servers) Yes – up to 4 servers
Email (2 addresses) Yes
NetIQ WebTrends Yes
SNMP (v2) Yes
SNMP full custom MIB Yes
Traceroute Yes
VPN tunnel monitor Yes
External Flash
Additional log storage USB 1.1
Event logs and alarms Yes
System conguration script Yes
ScreenOS Software Yes
Dimensions and Power
Dimensions (W x H x D) 17.5 x 1.8 x 15 in (44.5 x 4.5 x 38.1 cm)
Weight 10.2 lb (4.63 kg)
Rack mountable Yes, 1RU
Power supply (AC) 100-240 VAC,
AC Input line frequency 50 or 60 Hz
AC system current rating 2 A
Maximum thermal output 580 BTU/hour (170 W)
Certifications
Safety certications UL, CUL, CSA, CB
Electromagnetic compatibility (EMC) certications FCC class B, CE class B
Network Equipment Building System (NEBS) No
Mean time between failures (MTBF) (Bellcore model) 16 years
Security Certifications
Common Criteria: EAL4 Future
FIPS 140-2: Level 2 Future
ICSA Firewall and VPN Yes
Operating Environment
Operating temperature 32° to 122° F (0° to 50° C)
Non-operating temperature -4° to 158° F (-20° to 70° C)
Humidity 10% to 90% noncondensing
(1) Performance, capacity and features listed are based upon systems running ScreenOS 6.1 and are the
measured maximums under ideal testing conditions unless otherwise noted. Actual results may vary
based on ScreenOS release and deployment. For a complete list of supported ScreenOS versions for
SSG platforms, please visit the Juniper Customer Support Center (http://www.juniper.net/customers/
support/) and click on ScreenOS Software Downloads.
(2) IMIX stands for Internet mix and is more demanding than a single packet size as it represents a traf-
fic mix that is more typical of a customer’s network. The IMIX traffic used is made up of 58.33% 64
byte packets + 33.33% 570 byte packets + 8.33% 1518 byte packets of UDP traffic.
(3) UTM Security features (IPS/Deep Inspection, antivirus, anti-spam and Web filtering) are delivered
by annual subscriptions purchased separately from Juniper Networks. Annual subscriptions
provide signature updates and associated support. The high memory option is required for UTM
Security features.
(4) Redirect Web filtering sends traffic from the firewall to a secondary server. The redirect feature is
free, however it does require the purchase of a separate Web filtering license from either
Websense or SurfControl.
(5) NAT, PAT, policy-based NAT, virtual IP, mapped IP, virtual systems, virtual routers, VLANs, OSPF, BGP,
RIPv2, active/active HA and IP address assignment are not available in layer 2 transparent mode.
Specifications