Juniper SSG Versus Cisco ASA

Competitive Document

SSG Overview SSG 520/550 SSG Insertion Strategy

Cisco Confidential.

• Announced: February 2006 • Customers: Current NetScreen customers,

• Orderable and shipping: January 2006 finance, and government
• Software: Currently ScreenOS 5.1 • Channels: NetScreen resellers and partners.
520 550 • Product positioning: High-performance,
• Architecture: Security appliance with integrated
WAN. Intel Celeron 2.53-GHz (520), P4 3.4-GHz Firewall 600Mbps 1Gbps integrated security with routing, proven and rich
(550). Cavium NtroxLite CN1010 for crypto. Firewall Sessions 64,000 128,000 security features, reliable ScreenOS
• Expandability: 6 PIM slots – 2 for high-speed IPsec 300Mbps 500 Mbps
SSG Weaknesses
LAN (520), 4 for high-speed LAN (550) VPN Tunnels 500 1000
• Limited integration of security features. SSL
• Interface options: T1/E1, Serial, FE, DS3, E3, IPS (DI) 300 Mbps 500 Mbps VPN, full IPS require separate devices
GE-TX, GE-SFP PPS 300,000 600,00 • Integrated “Deep Inspection” provides only a
• Security: Based on ScreenOS small subset of IPS functionality; offers
• Competes with: Cisco ASA 5500 Series SSG Target Applications incomplete protection
Appliances and Cisco 2800 and 3800 Series • Medium-sized enterprise headend • Anti-virus, anti-spam not available until 2H06
Integrated Services Routers security appliance
• No VPN clustering or load balancing
• Security router for remote office, branch office
• Capacity: supports fewer firewall connections,
fewer IPSec tunnels, fewer policies than ASA
Product Comparison (SSG Versus Cisco ASA 5520/5540/5550) • Insufficient WAN port density for intended
Juniper Juniper SSG Cisco ASA 5520 Cisco ASA 5540 Cisco ASA 5550 head-end application
SSG 520 550
• Unproven platform
Firewall 600 Mbps 1 Gbps 450 Mbps 650 Mbps 1.2 Gbps
Performance SSG Pricing
Connections 64,000 128,000 280,000 400,000 650,000
Base Units
Connections Per 10,000 15,000 9000 20,000 28,000 SSG-520B $6,000
SSG-520 1GB DRAM* $6,500
Max Policies 1000 4000 250,000 500,000 1,000,000
SSG-550B $10,000
Max IPS 246 Mbps 411 Mbps 312 Mbps 426 Mbps Not Available SSG-550 1GB DRAM* $10,500
Performance * Required for DI
(with Concurrent)
Content Subscriptions
VPN Performance 300 Mbps 500 Mbps 225 Mbps 325 Mbps 425 Mbps
Deep Inspection SSG-520 $650
IPsec VPN Tunnels 500 1000 750 5000 5000 SSG-550 $1,050
SSL VPN Sessions Not Supported Not Supported 750 2500 5000 Web Filtering SSG-520 $1,400
VLANs 125 200 100 200 200 SSG-550 $2,300

WAN Support Yes Yes No No No Interfaces (PIM)

2 port T1 / E1 $1000
Juniper Issues: No integrated SSL VPN support; supports fewer firewall connections compared to Cisco; 2 port Serial $500
1 port DS3 / E3 $8,500
supports far fewer policies than Cisco; fewer IPsec VPN peers. 4 port FE $1,200
Copyright © 2007 Cisco Systems, Inc. All rights reserved. Cisco, Cisco IOS, Cisco Systems, and the Cisco Systems logo are registered trademarks or trademarks of Cisco Systems, Inc. and/or 1 port GE – TX $1,500
its affiliates in the United States and certain other countries. This document is Cisco Confidential. For Channel Partner use only. Not for distribution. 1 port GE – SFP $1,500
 Juniper SSG Versus Cisco ASA
Competitive Document

Competitive Selling Strategies

Cisco Confidential.

Issue Strategy
Solution Price: Emphasize the broad range of functions that the Cisco ASA 5500 Series offers to customers
Juniper requires multiple devices to match Cisco® ASA 5500 The Cisco ASA 5500 Series provides firewall, IPsec VPN, SSL VPN, full IPS, and anti-X technology in a single, high-performance, easy-to-manage
Series capabilities platform. The SSG is an incomplete solution with no SSL support, a partial IPS implementation, and anti-X as a roadmap item. Matching the level
of protection that Cisco ASA provides will require multiple standalone devices (each with a different operating system, and no common central-
ized tools to manage them). This increases costs and network complexity.

Scalability and Performance: Highlight the Cisco ASA 5500 Series’ scalability and performance with concurrent security services running
SSG has significant box scalability limitations, and perfor- The Cisco ASA 5500 Series supports more connections, more connections per second, more policies, and more VPN users than the SSG.
mance degrades significantly when advanced features are Furthermore, it is designed to scale concurrent security and VPN services, and there is minimal impact on firewall and VPN throughput when IPS
activated is activated. Juniper performance has been shown to degrade significantly when deep inspection is turned on.

Stop More Threats: Use the Cisco ASA 5500 Series’ fully integrated IPS and anti-X capabilities
SSG deep inspection offers limited IPS protection; and no The Cisco ASA 5500 Series offers full integration of Cisco’s premier IPS services, compared to the partial implementation provided by Juniper’s
integrated anti-X today SSG. Cisco ASA protects against more than 70,000 viruses with the CSC SSM using Trend Micro’s InterScan suite.

Investment Protection: Highlight the modular architecture of the Cisco ASA 5500 Series
SSG hardware architecture lacks the modularity needed to The Cisco ASA 5500 Series provides hardware and software extensibility; new security technologies can be easily added. SSG adds features
easily add new security functions as software modules, creating extra subscription costs and performance impact
.
Enterprise Experience: Aggressively use Cisco’s product breadth and business knowledge
Juniper lacks knowledge, experience, and a product portfolio Having served enterprise customers for close to 20 years, Cisco’s enterprise capabilities far exceed Juniper’s. Cisco offers a complete end-to-
to effectively address enterprise customers end portfolio of products, including Cisco Catalyst® switches, security solutions, IP communications, storage networking, content networking, and
extensive systems for deployment and management. Cisco delivers not just access to optimized hardware and software, but support, services,
and expertise in partnering with customers to deliver business solutions.

Copyright © 2007 Cisco Systems, Inc. All rights reserved. Cisco, Cisco IOS, Cisco Systems, and the Cisco Systems logo are registered trademarks or trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries. This document is Cisco Confidential.
For Channel Partner use only. Not for distribution. C92-396612-00 03/07