Datasheet
4
Juniper Networks Juniper Networks
SSG 5 Base/Extended SSG 20 Base/Extended
IPSec VPN (cont’d)
MD-5 and SHA-1 authentication Yes Yes
Manual key, Internet Key Exchange (IKE), IKEv2 Yes Yes
with EAP public key infrastructure (PKI) (X.509)
Perfect forward secrecy (DH Groups) 1,2,5 1,2,5
Prevent replay attack Yes Yes
Remote access VPN Yes Yes
Layer2 Tunneling Protocol (L2TP) within IPSec Yes Yes
IPSec Network Address Translation (NAT) traversal Yes Yes
Redundant VPN gateways Yes Yes
User Authentication and Access Control
Built-in (internal) database - user limit 100 100
Third-party user authentication RADIUS, RSA SecureID, LDAP RADIUS, RSA SecureID, LDAP
RADIUS Accounting Yes Yes
XAUTH VPN authentication Yes Yes
Web-based authentication Yes Yes
802.1X authentication Yes Yes
Unied Access Control (UAC) enforcement point Yes Yes
PKI Support
PKI Certicate requests (PKCS 7 and PKCS 10) Yes Yes
Automated certicate enrollment (SCEP) Yes Yes
Online Certicate Status Protocol (OCSP) Yes Yes
Certicate Authorities supported VeriSign, Entrust, Microsoft, RSA Keon, iPlanet (Netscape) VeriSign, Entrust, Microsoft, RSA Keon, iPlanet (Netscape)
Baltimore, DoD PKI Baltimore, DoD PKI
Self-signed certicates Yes Yes
Virtualization
Maximum number of security zones 8 8
Maximum number of virtual routers 3 3
Maximum number of VLANs 10/50 10/50
Routing
BGP instances 2 2
BGP peers 4 16
BGP routes 1,024 1,024
OSPF instances 2 2
OSPF routes 1,024 1,024
RIP v1/v2 instances 2 2
RIP v2 routes 1,024 1,024
Static routes 1,024 1,024
Source-based routing Yes Yes
Policy-based routing Yes Yes
Equal-cost multipath (ECMP) Yes Yes
Multicast Yes Yes
Reverse Path Forwarding (RPF) Yes Yes
Internet Group Management Protocol (IGMP) (v1, v2) Yes Yes
IGMP Proxy Yes Yes
PIM single mode Yes Yes
PIM source-specic multicast Yes Yes
Multicast inside IPSec tunnel Yes Yes
ICMP Router Discovery Protocol (IRDP) Yes Yes