Page 1

Datasheet

Juniper Networks NetScreen-25/50
The Juniper Networks NetScreen-25 and NetScreen-50 offer a complete security solution for enterprise branch and remote offices as well as small and medium size companies. Featuring four auto-sensing 10/100 Ethernet ports, the NetScreen-25 and NetScreen-50 provide solutions for perimeter security with multiple DMZs, VPNs for wireless LAN security, or protection of internal networks. The NetScreen-25 has the same number of Ethernet interfaces and offers 100 Mbps of firewall and 20 Mbps of 3DES or AES VPN performance, with support for 32,000 concurrent sessions and 125 VPN tunnels. The NetScreen-50 is a high performance security appliance, offering 170 Mbps of firewall and 45 Mbps of 3DES or AES VPN performance, with support for 64,000 concurrent sessions and 500 VPN tunnels.

Juniper Networks NetScreen-25(1) Maximum Performance and Capacity(2) Firewall performance 3DES performance Deep Inspection performance Concurrent sessions New sessions/second Policies Interfaces Mode of Operation Layer 2 mode (transparent mode)(3) Layer 3 mode (route and/or NAT mode) NAT (Network Address Translation) PAT (Port Address Translation) Policy-based NAT Virtual IP Mapped IP Users supported 100 Mbps 20 Mbps 75 Mbps 32,000 4,000 500 4 10/100 Base-T Yes Yes Yes Yes Yes 2 500 Unrestricted

Juniper Networks NetScreen-50(1) 170 Mbps 45 Mbps 75 Mbps 64,000 5,000 1,000 4 10/100 Base-T Yes Yes Yes Yes Yes 2 500 Unrestricted 31 Yes Yes Yes Yes Yes Yes Yes HTTP, FTP, SMTP POP, IMAP, DNS NetBIOS/SMB, MS-RPC, P2P, IM over 600 Yes No up to 48 URLs Yes Yes 500 50 Yes Yes 1,2,5 Yes Yes Yes Yes Yes Yes Firewall and VPN User Authentication Built-in (internal) database - user limit 3rd Party user authentication XAUTH VPN authentication Web-based authentication Logging/Monitoring Syslog (multiple servers) E-mail (2 addresses) NetIQ WebTrends SNMP (v1, v2) Standard and custom MIB Traceroute Virtualization Custom security zones Virtual Routers (VRs) VLANs supported Routing OSPF/BGP dynamic routing RIPv1/v2 dynamic routing Static routes Source-based routing Equal cost multi-path routing High Availability (HA) HA mode Firewall/VPN session synchronization Redundant Interfaces Configuration synchronization Device failure detection Link failure detection Authentication for new HA members Encryption of HA traffic VoIP H.323 ALG SIP ALG NAT for H.323/SIP IP Address Assignment Static DHCP, PPPoE client Internal DHCP server DHCP relay

Juniper Networks NetScreen-25(1) up to 250 RADIUS, RSA SecurID, and LDAP Yes Yes External, up to 4 servers Yes External Yes Yes Yes 4 3 8 3 instances each 3 instances 2,048 Yes Yes HA Lite No Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes

Juniper Networks NetScreen-50(1) up to 250 RADIUS, RSA SecurID, and LDAP Yes Yes External, up to 4 servers Yes External Yes Yes Yes 4 3 8 3 instances each 3 instances 2,048 Yes Yes Active/Passive Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes

Firewall Number of network attacks detected 31 Network attack detection Yes DoS and DDoS protections Yes TCP reassembly for fragmented packet protection Yes Malformed packet protections Yes Deep Inspection firewall Yes Protocol anomaly Yes Stateful protocol signatures Yes DI Protocols supported HTTP, FTP, SMTP, POP, IMAP, DNS, NetBIOS/SMB, MS-RPC, P2P, IM Number of application attacks detected w/DI over 600 Content Inspection Yes Embedded antivirus No Malicious Web filtering up to 48 URLs External Web filtering (Websense or SurfControl) Yes Integrated Web filtering Yes VPN VPN tunnels Tunnel interfaces DES (56-bit), 3DES (168-bit) and AES encryption Manual Key, IKE, PKI (X.509) Perfect forward secrecy (DH Groups) Prevent replay attack Remote access VPN L2TP within IPSec IPSec NAT Traversal Redundant VPN gateways VPN tunnel monitor 125 25 Yes Yes 1,2,5 Yes Yes Yes Yes Yes Yes

1 years Security Certifications (Advanced models only) Common Criteria: EAL4 and EAL4+ ICSA Firewall and VPN Licensing Options:The NetScreen-25 and NetScreen-50 are both available with two licensing options to provide two different levels of functionality and capacity. mapped IP. Inc. NetScreen-Global Pro. OSPF. 10 Technology Park Drive Westford. capacity and features listed are based upon the Advanced feature set running ScreenOS 5. NetScreen-SA 1000 Series. Inc. NetScreen Technologies. NetScreen-5400. The following are trademarks of Juniper Networks. NetScreen-Remote VPN Client.5 and v2. T320. modify. J6300. (3) The following features are not supported in Layer 2 (transparent mode): NAT. E-series. and IP address assignment. U. 3 Garden Road Central.0 compatible Yes Yes Yes Yes 20 RADIUS/LDAP/ SecurID 6 Yes TFTP/ WebUI/SCP/NSM Yes Juniper Networks NetScreen-50(1) Yes Yes Yes Yes Supports 96 or 512MB Industrial Grade SanDisk Yes Yes Yes 1. 50 Watts MTBF (Bellcore model) NetScreen-25: 8. All specifications are subject to change without notice.5/10. NetScreen. CUL. J2300. v1. and Read Only user levels Yes Software upgrades TFTP/ WebUI/SCP/NSM Configuration Roll-back Yes Juniper Networks NetScreen-25(1) Administration Local administrators database External administrator database *HA Lite provides configuration synchronization only (does not provide session or tunnel synchronization) Ordering Information Product Juniper Networks NetScreen-50 w/AC power supply NetScreen-50 US power cord NetScreen-50f* US power cord NetScreen-50 UK power cord NetScreen-50f* UK power cord NetScreen-50 European power cord NetScreen-50f* European power cord NetScreen-50 Japanese power cord NetScreen-50f* Japanese power cord *“f” products do not include VPN functionality (international only) Juniper Networks NetScreen-50 w/DC power supply NetScreen-50 w/DC power supply DC power Juniper Networks NetScreen-25 w/AC power supply NetScreen-25 US power cord NetScreen-25 UK power cord NetScreen-25 European power cord NetScreen-25 Japanese power cord Baseline Products NetScreen-50 Baseline US power cord NetScreen-50 Baseline UK power cord NetScreen-50 Baseline European power cord NetScreen-50 Baseline Japanese power cord NetScreen-50 Baseline to Advanced Upgrade NetScreen-25 Baseline US power cord NetScreen-25 Baseline UK power cord NetScreen-25 Baseline European power cord NetScreen-25 Baseline Japanese power cord NetScreen-25 Baseline to Advanced Upgrade Part Number NS-050-001 NS-050-101 NS-050-003 NS-050-103 NS-050-005 NS-050-105 NS-050-007 NS-050-107 Traffic Management Guaranteed bandwidth Maximum bandwidth Priority-bandwidth utilization DiffServ stamp External Flash CompactFlash™ Yes Yes Yes Yes Supports 96 or 512MB Industrial Grade SanDisk Event logs and alarms Yes System config script Yes NetScreen ScreenOS software Yes 1.: ERX. Juniper Networks. -5° to 50° C Non-operational temperature: -4° to 158° F. 1194 North Mathilda Avenue Sunnyvale.73/17. BSMI Class A. J4300. M40e. CA 94089 USA Phone: 888-JUNIPER (888-586-4737) or 408-745-2000 Fax: 408-745-2100 www. VCCI class A Environment Operational temperature: 23° to 122° F.8 inches 8 lbs. M320. VLANs. 19” standard. M160. NetScreen-25. virtual IP. PAT. M5. K. or registered service marks are the property of their respective owners. and GigaScreen are registered trademarks of Juniper Networks.5 and v2. The Baseline model licensing option provides a subset of features as described in the table below. Juniper Networks reserves the right to change. NetScreen-5GT. NetScreen-50: 8.8 inches 8 lbs. NetScreen-5200. T640. in the United States and other countries. Inc. Stateful Signature. MA 01886-3146 USA Phone: 978-589-5800 Fax: 978-589-0800 ASIA PACIFIC REGIONAL SALES HEADQUARTERS Juniper Networks (Hong Kong) Ltd. Juniper Networks. policy based NAT. NetScreen-208. Hong Kong Phone: 852-2332-3636 Fax: 852-2574-7803 EUROPE.1.0 and may vary with other ScreenOS releases. advanced High Availabilty. JUNOScope. Tseries. M-series. CSA. JUNOS. AFRICA REGIONAL SALES HEADQUARTERS Juniper Networks (UK) Limited Juniper House Guildford Road Leatherhead Surrey. 45 Watts -36 to -72 VDC. ScreenOS.5/10. NMC-RX. . CB EMC Certifications FCC class A.73/17. and full capacity are not critical requirements. 23” optional 90 to 264 VAC. BGP. M7i. The following table shows the features and capacities that are different than the Advanced models: NetScreen-25 Baseline Sessions Site-to-site tunnels Remote Access Tunnels Deep Inspection Firewall VLANs OSPF/BGP High Availability (HA) NetScreen Security Manager 24. CORPORATE HEADQUARTERS AND SALES HEADQUARTERS FOR NORTH AND SOUTH AMERICA Juniper Networks. NetScreen-204.net EAST COAST OFFICE Juniper Networks. NetScreen-SA Central Manager. NetScreen-SM 3000. KT22 9JH. NetScreen. M10. ESP Instant Virtual Extranet.000 50 Shared w/site-to-site N/A 0 N/A HA Lite* Supported NetScreen-50 Baseline 48. 23” optional 90 to 264 VAC. the NetScreen logo. NetScreen-50. Juniper Networks assumes no responsibility for any inaccuracies in this document. NetScreen-SA 5000 Series. CE class A. J-Web. (2) Performance and capacity provided are the measured maximums under ideal testing conditions and may vary by deployment. J-Protect. M20. NetScreen Secure Access. NetScreen-IDP 100. C-Tick. 500.000 150 Shared w/site-to-site N/A 0 N/A HA Lite* Supported Yes Yes Yes Yes. M10i. Inc. service marks. JUNOSe. NetScreen-Remote Security Client. M40. 19” standard. MMD. SDX. RIPv2. Suite 2507-11. NetScreen-5XP NetScreen-5XT. Internet Processor. Inc. or otherwise revise this publication without notice. and TX Matrix. NetScreen-Security Manager. registered trademarks. the Juniper Networks logo. Phone: 44(0)-1372-385500 Fax: 44(0)-1372-385501 Copyright 2004.juniper. -20° to 70° C Humidity: 10 to 90% non-condensing (1) Performance. Asia Pacific Finance Tower Citibank Plaza. JUNOScript. NetScreen-IDP 500. Admin. J-series.1 years. All other trademarks. NetScreen-SA 3000 Series. 50 Watts NS-050-001-DC NS-025-001 NS-025-003 NS-025-005 NS-025-007 NS-050B-001 NS-050B-003 NS-050B-005 NS-050B-007 NS-050-UPG-A NS-025B-001 NS-025B-003 NS-025B-005 NS-025B-007 NS-025-UPG-A Dimensions and Power Dimensions (H/W/L) Weight Rack mountable Power Supply (AC) Power Supply (DC) Certifications Safety Certifications UL. MIDDLE EAST. All rights reserved. OSPF and BGP dynamic routing.Page 2 Juniper Networks NetScreen-25(1) PKI Support PKI Certificate requests (PKCS 7 and PKCS 10) Automated certificate enrollment (SCEP) Online Certificate Status Protocol (OCSP) Self Signed Certificates Certificate Authorities Supported Verisign Entrust Microsoft RSA Keon iPlanet (Netscape) Baltimore DOD PKI System Management WebUI (HTTP and HTTPS) Command Line Interface (console) Command Line Interface (telnet) Command Line Interface (SSH) Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Juniper Networks NetScreen-50(1) Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes.0 compatible NetScreen-Security Manager Yes All management via VPN tunnel on any interface Yes SNMP Full Custom MIB Yes Rapid deployment Yes 20 RADIUS/LDAP/ SecurID Restricted administrative networks 6 Root Admin. Actual throughput for Advanced and Baseline products may vary based upon packet size and enabled features. 45 Watts -36 to -72 VDC. Baseline Models: The Baseline software license provides an entry-level solution for customer environments where features such as Deep Inspection™. Advanced Models: The Advanced software license provides all of the features and capacities listed within this specsheet. transfer. v1. 110003-004 Feb 2005 . NetScreen-IDP 10.

Sign up to vote on this title
UsefulNot useful