Datasheet

ManualsBrandsJuniper ManualsNetworkingSSG-5-SH

IPS (Deep Inspection ﬁrewall) Signature Packs

Signature Packs provide the ability to tailor the attack protection to the speciﬁc deployment and/or attack type. The following Signature

Packs are available for the SSG 5 and SSG 20.

Signature Pack Target Deployment Defense Type Type of Attack Object

Base Branch ofces, small/medium businesses Client/server and worm protection Range of signatures and protocol

anomalies

Client Remote/branch ofces Perimeter defense, compliance for hosts

(desktops, etc.)

Attacks in the server-to-client direction

Server Small/medium businesses Perimeter defense, compliance for server

infrastructure

Attacks in the client-to-server direction

Worm Mitigation Remote/branch ofces of large enterprises Most comprehensive defense against worm

attacks

Worms, Trojans, backdoor attacks

Firewall Extended Licenses

Extended License Feature SSG 20 and SSG 5

Sessions Increases max from 8,000 to 16,000

VPN Tunnels Increases max from 25 to 40

VLANs Increases max from 10 to 50

VoIP Calls Increases max from 32 to 48

High Availability Adds support for stateful active/active or active/passive with ScreenOS 6.0 and above

Juniper Networks Juniper Networks

SSG 5 Base/Extended SSG 20 Base/Extended

Wireless Radio Speciﬁcations (Wireless Models Only)

Transmit power Up to 200 mW Up to 200 mW

Wireless standards supported Dual Radio 802.11 a + 802.11b/g Dual Radio 802.11 a + 802.11b/g

Site survey Yes Yes

Maximum congured SSIDs 16 16

Maximum active SSIDs 4 4

Atheros SuperG Yes Yes

Atheros eXtended Range (XR) Yes Yes

Wi-Fi CERTIFIED® Yes Yes

Wireless Security (Wireless Models Only)

Wireless privacy WPA, WPA2 (AES or TKIP), IPSEC VPN, WEP WPA, WPA2 (AES or TKIP), IPSEC VPN, WEP

Wireless authentication PSK, EAP-PEAP, EAP-TLS, EAP-TTLS over 802.1x PSK, EAP-PEAP, EAP-TLS, EAP-TTLS over 802.1x

MAC access controls Permit or Deny Permit or Deny

Client isolation Yes Yes

Antenna Option (Wireless Models Only)

Diversity antenna Included Included

Directional antenna Future Future

Omni-directional antenna Future Future

(1) Some features and functionality only supported in releases greater than ScreenOS 5.4.

(2) Performance, capacity and features listed are based upon systems running ScreenOS 6.1 and are the measured maximums under ideal testing conditions unless otherwise noted. Actual results may vary

based on ScreenOS release and deployment. For a complete list of supported ScreenOS versions for SSG platforms, please visit the Juniper Customer Support Center (http://www.juniper.net/customers/sup-

port/) and click on ScreenOS Software Downloads

(3) IMIX stands for Internet mix and is more demanding than a single packet size as it represents a trafﬁc mix that is more typical of a customer’s network. The IMIX trafﬁc used is made up of 58.33% 64 byte

packets + 33.33% 570 byte packets + 8.33% 1518 byte packets of UDP trafﬁc.

(4) UTM Security features (IPS/Deep Inspection, antivirus, anti-spam and Web ﬁltering) are delivered by annual subscriptions purchased separately from Juniper Networks. Annual subscriptions provide

signature updates and associated support. The high memory option is required for UTM Security features.

(5) Redirect Web ﬁltering sends trafﬁc from the ﬁrewall to a secondary server. The redirect feature is free, however it does require the purchase of a separate Web ﬁltering license from either Websense or

SurfControl.

(6) NAT, PAT, policy-based NAT, virtual IP, mapped IP, virtual systems, virtual routers, VLANs, OSPF, BGP, RIPv2, active/active HA and IP address assignment are not available in layer 2 transparent mode.

(7) Active/passive and active/active High Availability requires the purchase of an Extended License. In addition to the HA features, an Extended License key increases a subset of the capacities as outlined

below. Active/active HA is only supported in ScreenOS 6.0 or greater releases.