Datasheet
4
Juniper Networks Juniper Networks
SSG 520/SSG 520M SSG 550/SSG 550M
IPSec VPN
Concurrent VPN tunnels 500 1,000
Tunnel interfaces 100 300
DES (56-bit), 3DES (168-bit) and AES (256-bit) Yes Yes
MD-5 and SHA-1 authentication Yes Yes
Manual key, IKE, IKEv2 with EAP, PKI (X.509) Yes Yes
Perfect forward secrecy (DH Groups) 1,2,5 1,2,5
Prevent replay attack Yes Yes
Remote access VPN Yes Yes
L2TP within IPSec Yes Yes
IPSec NAT traversal Yes Yes
Auto-Connect VPN Yes Yes
Redundant VPN gateways Yes Yes
User Authentication and Access Control
Built-in (internal) database - user limit 500 1,500
Third-party user authentication RADIUS, RSA SecureID, LDAP RADIUS, RSA SecureID, LDAP
RADIUS Accounting Yes – start/stop Yes – start/stop
XAUTH VPN authentication Yes Yes
Web-based authentication Yes Yes
802.1X authentication Yes Yes
Unied access control enforcement point Yes Yes
PKI Support
PKI Certicate requests (PKCS 7 and PKCS 10) Yes Yes
Automated certicate enrollment (SCEP) Yes Yes
Online Certicate Status Protocol (OCSP) Yes Yes
Certicate Authorities supported VeriSign, Entrust, Microsoft, RSA Keon, iPlanet (Netscape) VeriSign, Entrust, Microsoft, RSA Keon, iPlanet (Netscape)
Baltimore, DoD PKI Baltimore, DoD PKI
Self-signed certicates Yes Yes
Virtualization
Maximum number of security zones 60 60
Maximum number of virtual routers 5 8
Bridge groups* Yes Yes
Maximum number of VLANs 125 150
Routing
BGP instances 9 15
BGP peers 16 16
BGP routes 10,000 20,000
OSPF instances 3 8
OSPF routes 10,000 20,000
RIP v1/v2 instances 128 256
RIP v2 routes 10,000 20,000
Static routes 10,000 20,000
Source-based routing Yes Yes
Policy-based routing Yes Yes
ECMP Yes Yes
Multicast Yes Yes
Reverse Path Forwarding (RPF) Yes Yes
IGMP (v1, v2) Yes Yes
IGMP Proxy Yes Yes
PIM SM Yes Yes
PIM SSM Yes Yes
Multicast inside IPSec tunnel Yes Yes
*Bridge groups supported only on uPIMs in ScreenOS 6.0 and greater releases