Juniper Networks SSG 5 And SSG 20 - Senetic.ro
DatasheetJuniper NetworksSSG 5 and SSG 20Portfolio DescriptionThe SSG 5 and SSG 20 are high-performance security platforms for small branch officeand standalone businesses that want to stop internal and external attacks, preventunauthorized access and achieve regulatory compliance. Both the SSG 5 and SSG 20deliver 160 Mbps of stateful firewall traffic and 40 Mbps of IPSec VPN traffic.Security: Protection against worms, viruses, Trojans, spam, and emerging malwareis delivered by proven Unified Threat Management (UTM) security features thatare backed by best-in-class partners. To address internal security requirements andfacilitate regulatory compliance, the SSG 5 and SSG 20 both support an advanced set ofnetwork protection features such as security zones, virtual routers and VLANs that allowadministrators to divide the network into distinct secure domains, each with its ownunique security policy. Policies protecting each Security Zone can include access controlrules and inspection by any of the supported UTM security features.The Juniper Networks Secure ServicesGateway 5 (SSG 5) and Secure ServicesGateway 20 (SSG 20) are purpose-built securityappliances that deliver a perfect blend ofperformance, security, routing and LAN/WANconnectivity for small branch offices, fixedtelecommuters and small standalone businessdeployments. Traffic flowing in and out of thebranch office or business is protected fromworms, spyware, Trojans, and malware by acomplete set of Unified Threat Management(UTM) security features that include statefulConnectivity and Routing: The SSG 5 has seven on-board 10/100 interfaces withoptional fixed WAN ports. The SSG 20 has five 10/100 interfaces with two I/O expansionslots for additional WAN connectivity. The broad array of I/O options coupled with WANprotocol and encapsulation support in the routing engine make both the SSG 5 and theSSG 20 a solution that can easily be deployed as a traditional branch office router or as aconsolidated security and routing device to reduce CAPEX and OPEX. Both the SSG 5 andSSG 20 support 802.11 a/b/g as a factory configured option supported by a wide array ofwireless specific security features.Access Control Enforcement: The SSG 5 and SSG 20 can act as enforcement points ina Juniper Networks Unified Access Control deployment with the simple addition of theInfranet Controller. The Infranet Controller functions as a central policy managementengine, interacting with the SSG 5 or SSG 20 to augment or replace the firewall-basedaccess control with a solution that grants/denies access based on more granular criteriathat include endpoint state and user identity in order to accommodate the dramaticshifts in attack landscape and user characteristics.World Class Support: From simple lab testing to major network implementations,Juniper Networks Professional Services will collaborate with your team to identify goals,define the deployment process, create or validate the network design, and manage thedeployment to its successful conclusion.firewall, IP Security (IP Sec) virtual privatenetwork (VPN), Intrusion Prevention System (IPS),antivirus (includes anti-spyware, anti-adware,anti-phishing), anti-spam and Web filtering.SmallBranch OfficeZone AThe SSG 20 deployed at a branch office for secureInternet connectivity and site-to-site VPN to corporateheadquarters. Internal wired and wireless resourcesare protected with unique security policies applied toeach security zone.WWWSSGZone BWLANZone C20InternetHQM7iIS200 G0
2Features and BenefitsFeatureFeature DescriptionBenefitHigh performancePurpose-built platform is assembled from custom-builthardware, powerful processing and a security-specificoperating system.Delivers performance headroom required to protect againstinternal and external attacks now and into the future.Best-in-class UTM security featuresUTM security features (antivirus, anti-spam, Webfiltering, IPS) stop all manner of viruses and malwarebefore they damage the network.Ensures that the network is protected against all mannerof attacks.Integrated antivirusAnnually licensed antivirus engine is based onKaspersky Lab engine.Stops viruses, spyware, adware and other malware.Integrated anti-spamAnnually licensed anti-spam offering is based onSymantec technology.Blocks unwanted email from known spammers and phishers.Integrated Web filteringAnnually licensed Web filtering solution is based onSurfControl’s technology.Controls/blocks access to malicious Web sites.Integrated IPS (Deep Inspection)Annually licensed IPS engine.Prevents application-level attacks from flooding the network.Fixed InterfacesSeven fixed 10/100 interfaces on the SSG 5, and fivefixed 10/100 interfaces on the SSG 20. The SSG 5is factory configured with either RS232 Serial/AUX orISDN BRI S/T or V.92 fixed WAN backup. Both modelsinclude one console port and one auxiliary port.Provides high-speed LAN connectivity, redundant WANconnectivity and flexible management.Network segmentationSecurity zones, virtual LANs and virtual routers allowadministrators to deploy security policies to isolateguests, wireless networks and regional servers ordatabases.Facilitates deployment of internal security to preventunauthorized access, contain attacks and assist in achievingregulatory compliance.Interface modularityTwo interface expansion slots (SSG 20 only)supporting optional ADSL 2 , T1, E1, ISDN BRI S/T,Serial, SFP and v.92 Mini physical interface modules(Mini-PIMs).*Delivers combination of LAN and WAN connectivity on top ofunmatched security to reduce costs and extend investmentprotection.Robust routing engineProven routing engine supports OSPF, BGP, andRIP v1/2.Enables the deployment of a consolidated security and routingdevice, thereby lowering operational and capital expenditures802.11 a/b/g wireless-specificsecurity featuresWireless-specific privacy and authentication featuresaugment the UTM security capabilities to protectwireless traffic.Provides additional device consolidation opportunities (WLANaccess point, security, routing) for small office environment.Juniper Networks Unified AccessControl enforcement pointInteracts with the centralized policy managementengine (Infranet Controller) to enforce session-specificaccess control policies using criteria such as useridentity, device security state and network location.Improves security posture in a cost-effective mannerby leveraging existing customer network infrastructurecomponents and best-in-class technology.Management flexibilityUse any one of three mechanisms, command lineinterface (CLI), WebUI or NetScreen-Security Manager tosecurely deploy, monitor and manage security policies.Enables management access from any location, eliminatingonsite visits thereby improving response time and reducingoperational costs.World-class professional servicesFrom simple lab testing to major networkimplementations, Juniper Networks ProfessionalServices will collaborate with your team to identifygoals, define the deployment process, create or validatethe network design and manage the deployment.Transforms the network infrastructure to ensure that it issecure, flexible, scalable and reliable.OptionOption DescriptionApplicable ProductsDRAMThe SSG 5 and SSG 20 are available with either128 MB or 256 MB of DRAM.SSG 5 and SSG 20Unified Threat Management/ContentSecurity (high memory optionrequired)The SSG 5 and SSG 20 can be configured with anycombination of the following best-in-class UTM andcontent security functionality: antivirus (includes antispyware, anti-phishing), IPS (Deep Inspection), Webfiltering and/or anti-spam.High memory SSG 5 or SSG 20 onlyI/O optionsTwo interface expansion slots (SSG 20 only)supporting optional ADSL 2 , T1, E1, ISDN BRI S/T,Serial, SFP and v.92 Mini physical interface modules(Mini-PIMs).SSG 5 and SSG 20802.11 a/b/g connectivityThe SSG 5 and SSG 20 can be factory configured for802.11 a/b/g wireless LAN connectivity.SSG 5 and SSG 20Extended licenseKey capacities can be increased (sessions, VPNtunnels, VLANs) and stateful High Availability (HA)support for firewall and VPN can be added.SSG 5 and SSG 20Product Options*Serial and SFP Mini-PIMs only supported in ScreenOS 6.0 or greater releases
3Specifications(1)Juniper NetworksSSG 5 Base/ExtendedJuniper NetworksSSG 20 Base/ExtendedMaximum Performance and Capacity(2)ScreenOS version testedFirewall performance (Large packets)Firewall performance (IMIX)(3)Firewall Packets Per Second (64 byte)Advanced Encryption Standard (AES) 256 SHA-1 VPN performance3DES encryption SHA-1 VPN performanceMaximum concurrent sessionsNew sessions/secondMaximum security policiesMaximum users supportedScreenOS 6.1160 Mbps90 Mbps30,000 PPS40 Mbps40 Mbps8,000/16,0002,800200UnrestrictedScreenOS 6.1160 Mbps90 Mbps30,000 PPS40 Mbps40 ry configured: RS232 SerialAUX or ISDN BRI S/T or V.925x10/1002Mini-PIMs: 1xADSL 2 , 1xT1,1xE1, V.92, ISDN BRI S/T, 1xSFP, YesYesYesYesYesYes200,000 POP3, HTTP, SMTP, IMAP, FTP, IMYesYesYesYesYesYesYesYesYesYesYesYes200,000 POP3, HTTP, SMTP, IMAP, FTP, Network ConnectivityFixed I/OMini-Physical Interface Module (Mini-PIM) slotsWAN interface optionsFirewallNetwork attack detectionDoS and DDoS protectionTCP reassembly for fragmented packet protectionBrute force attack mitigationSYN cookie protectionZone-based IP spoofingMalformed packet protectionUnified Threat Management (4)IPS (Deep Inspection firewall)Protocol anomaly detectionStateful protocol signaturesIPS/DI attack pattern obfuscationAntivirusInstant message AVSignature databaseProtocols pamIntegrated URL filteringExternal URL filtering(5)Voice over IP (VoIP) SecurityH.323. Application-level gateway (ALG)SIP ALGMGCP ALGSCCP ALGNetwork Address Translation (NAT) for VoIP protocolsIPSec VPNAuto-Connect VPNConcurrent VPN tunnelsTunnel interfacesDES encryption (56-bit), 3DES encryption (168-bit) andAdvanced Encryption Standard (AES) (256-bit)Yes25/4010Yes25/4010YesYes
4Juniper NetworksSSG 5 Base/ExtendedJuniper NetworksSSG 20 Base/ExtendedIPSec VPN (cont’d)MD-5 and SHA-1 authenticationManual key, Internet Key Exchange (IKE), IKEv2with EAP public key infrastructure (PKI) (X.509)Perfect forward secrecy (DH Groups)Prevent replay attackRemote access VPNLayer2 Tunneling Protocol (L2TP) within IPSecIPSec Network Address Translation (NAT) traversalRedundant VPN sYesYesYesUser Authentication and Access ControlBuilt-in (internal) database - user limitThird-party user authenticationRADIUS AccountingXAUTH VPN authenticationWeb-based authentication802.1X authenticationUnified Access Control (UAC) enforcement point100RADIUS, RSA SecureID, LDAPYesYesYesYesYes100RADIUS, RSA SecureID, LDAPYesYesYesYesYesPKI SupportPKI Certificate requests (PKCS 7 and PKCS 10)Automated certificate enrollment (SCEP)Online Certificate Status Protocol (OCSP)Certificate Authorities supportedSelf-signed certificatesYesYesYesVeriSign, Entrust, Microsoft, RSA Keon, iPlanet (Netscape)Baltimore, DoD PKIYesYesYesYesVeriSign, Entrust, Microsoft, RSA Keon, iPlanet (Netscape)Baltimore, DoD PKIYesVirtualizationMaximum number of security zonesMaximum number of virtual routersMaximum number of VLANs8310/508310/50RoutingBGP instancesBGP peersBGP routesOSPF instancesOSPF routesRIP v1/v2 instancesRIP v2 routesStatic routesSource-based routingPolicy-based routingEqual-cost multipath (ECMP)MulticastReverse Path Forwarding (RPF)Internet Group Management Protocol (IGMP) (v1, v2)IGMP ProxyPIM single modePIM source-specific multicastMulticast inside IPSec tunnelICMP Router Discovery Protocol YesYesYesYesYesYesYes
5Juniper NetworksSSG 5 Base/ExtendedJuniper NetworksSSG 20 Base/ExtendedEncapsulationsPoint-to-Point Protocol (PPP)Multilink Point-to-Point Protocol (MLPPP)Frame RelayMultilink Frame Relay (MLFR) (FRF 15, FRF 16)HDLCYesN/AYesYesYesYesYesYesYesYesIPv6Dual stack IPv4/IPv6 firewall and VPNIPv4 to/from IPv6 translations and encapsulationsSyn-Cookie and Syn-Proxy DoS Attack DetectionSIP, RTSP, Sun-RPC, and MS-RPC ALG’sRIPngYesYesYesYesYesYesYesYesYesYesMode of OperationLayer 2 (transparent) mode(6)Layer 3 (route and/or NAT) modeYesYesYesYesAddress TranslationNetwork Address Translation (NAT)Port Address Translation (PAT)Policy-based NAT/PATMapped IP (MIP)Virtual IP (VIP)MIP/VIP GroupingDual untrustBridge IP Address AssignmentStaticDHCP, PPPoE clientInternal DHCP serverDHCP relayYesYesYesYesYesYesYesYesTraffic Management Quality of Service (QoS)Guaranteed bandwidthMaximum bandwidthIngress traffic policingPriority-bandwidth utilizationDifferentiated Services stampingYes - per policyYes - per policyYesYesYes - per policyYes - per policyYes - per policyYesYesYes - per policyHigh Availability (HA)(7)Active/Active - L3 modeActive/Passive - Transparent & L3 modeConfiguration synchronizationSession synchronization for firewall and VPNSession failover for routing changeVRRPDevice failure detectionLink failure detectionAuthentication for new HA membersEncryption of HA esYesYesYesYesYes
6Juniper NetworksSSG 5 Base/ExtendedJuniper NetworksSSG 20 Base/ExtendedSystem ManagementWebUI (HTTP and HTTPS)Command line interface (console)Command line interface (telnet)Command line interface (SSH)NetScreen-Security ManagerAll management via VPN tunnel on any interfaceRapid deploymentYesYesYesYes v1.5 and v2.0 compatibleYesYesYesYesYesYesYes v1.5 and v2.0 compatibleYesYesYesAdministrationLocal administrator database sizeExternal administrator database supportRestricted administrative networksRoot Admin, Admin and Read Only user levelsSoftware upgradesConfiguration rollback20RADIUS, RSA SecurID, LDAP6YesTFTP, WebUI, NSM, SCP, USBYes20RADIUS, RSA SecureID, LDAP6YesTFTP, WebUI, NSM, SCP, USBYesLogging/MonitoringSyslog (multiple servers)Email (two addresses)NetIQ WebTrendsSNMP (v2)SNMP full custom MIBTracerouteVPN tunnel monitorYes - up to 4 serversYesYesYesYesYesYesYes - up to 4 serversYesYesYesYesYesYesExternal FlashAdditional log storageEvent logs and alarmsSystem configuration scriptScreenOS SoftwareUSB 1.1YesYesYesUSB 1.1YesYesYesDimensions and PowerDimensions (W x H x D)WeightRack mountablePower supply (AC)Maximum thermal output8.8 x 1.6 x 5.6 in (22.2 x 4.1 x 14.3 cm)2.1 lb (0.95 kg)Yes100-240 VAC122.8 BTU/Hour11.6 x 1.8 x 7.4 in (29.5 x 4.5 x 18.7 cm)3.3 lb (1.5 kg)Yes100-240 VAC122.8 BTU/HourCertificationsSafety certificationsEMC certificationsCSA, CBFCC class B, CE class B, A-Tick, VCCI class BCSA, CBFCC class B, CE class B, A-Tick, VCCI class B40.5 years22.8 years35.8 years28.9 yearsMean Time Between Failures (MTBF)Non-wirelessWirelessSecurity CertificationsCommon Criteria: EAL4FIPS 140-2: Level 2YesYesYesYesICSA Firewall and VPNYesYes32 to 104 F (0 to 40 C)-4 to 149 F (-20 to 65 C)10% to 90% noncondensing32 to 104 F (0 to 40 C)-4 to 149 F (-20 to 65 C)10% to 90% noncondensingOperating EnvironmentOperating temperatureNon-operating temperatureHumidity
7Juniper NetworksSSG 5 Base/ExtendedJuniper NetworksSSG 20 Base/ExtendedWireless Radio Specifications (Wireless Models Only)Transmit powerWireless standards supportedSite surveyMaximum configured SSIDsMaximum active SSIDsAtheros SuperGAtheros eXtended Range (XR)Wi-Fi CERTIFIED Up to 200 mWDual Radio 802.11 a 802.11b/gYes164YesYesYesUp to 200 mWDual Radio 802.11 a 802.11b/gYes164YesYesYesWireless Security (Wireless Models Only)Wireless privacyWireless authenticationMAC access controlsClient isolationWPA, WPA2 (AES or TKIP), IPSEC VPN, WEPPSK, EAP-PEAP, EAP-TLS, EAP-TTLS over 802.1xPermit or DenyYesWPA, WPA2 (AES or TKIP), IPSEC VPN, WEPPSK, EAP-PEAP, EAP-TLS, EAP-TTLS over 802.1xPermit or DenyYesAntenna Option (Wireless Models Only)Diversity antennaDirectional antennaOmni-directional antennaIncludedFutureFutureIncludedFutureFuture(1) Some features and functionality only supported in releases greater than ScreenOS 5.4.(2) P erformance, capacity and features listed are based upon systems running ScreenOS 6.1 and are the measured maximums under ideal testing conditions unless otherwise noted. Actual results may varybased on ScreenOS release and deployment. For a complete list of supported ScreenOS versions for SSG platforms, please visit the Juniper Customer Support Center (http://www.juniper.net/customers/support/) and click on ScreenOS Software Downloads(3) I MIX stands for Internet mix and is more demanding than a single packet size as it represents a traffic mix that is more typical of a customer’s network. The IMIX traffic used is made up of 58.33% 64 bytepackets 33.33% 570 byte packets 8.33% 1518 byte packets of UDP traffic.(4) U TM Security features (IPS/Deep Inspection, antivirus, anti-spam and Web filtering) are delivered by annual subscriptions purchased separately from Juniper Networks. Annual subscriptions providesignature updates and associated support. The high memory option is required for UTM Security features.(5) R edirect Web filtering sends traffic from the firewall to a secondary server. The redirect feature is free, however it does require the purchase of a separate Web filtering license from either Websense orSurfControl.(6) N AT, PAT, policy-based NAT, virtual IP, mapped IP, virtual systems, virtual routers, VLANs, OSPF, BGP, RIPv2, active/active HA and IP address assignment are not available in layer 2 transparent mode.(7) A ctive/passive and active/active High Availability requires the purchase of an Extended License. In addition to the HA features, an Extended License key increases a subset of the capacities as outlinedbelow. Active/active HA is only supported in ScreenOS 6.0 or greater releases.IPS (Deep Inspection firewall) Signature PacksSignature Packs provide the ability to tailor the attack protection to the specific deployment and/or attack type. The following SignaturePacks are available for the SSG 5 and SSG 20.Signature PackTarget DeploymentDefense TypeType of Attack ObjectBaseBranch offices, small/medium businessesClient/server and worm protectionRange of signatures and protocolanomaliesClientRemote/branch officesPerimeter defense, compliance for hosts(desktops, etc.)Attacks in the server-to-client directionServerSmall/medium businessesPerimeter defense, compliance for serverinfrastructureAttacks in the client-to-server directionWorm MitigationRemote/branch offices of large enterprisesMost comprehensive defense against wormattacksWorms, Trojans, backdoor attacksFirewall Extended LicensesExtended License FeatureSSG 20 and SSG 5SessionsIncreases max from 8,000 to 16,000VPN TunnelsIncreases max from 25 to 40VLANsIncreases max from 10 to 50VoIP CallsIncreases max from 32 to 48High AvailabilityAdds support for stateful active/active or active/passive with ScreenOS 6.0 and above
Ordering InformationSSG 5Part NumberSSG 5 with 128 MB Memory, RS232 Serial backup interfaceSSG 5 with 128 MB Memory, ISDN BRI S/T backup interfaceSSG 5 with 128 MB Memory, v.92 backup interfaceSSG 5 with 128 MB Memory, RS232 Serial backup interface,802.11a/b/g WirelessSSG 5 with 128 MB Memory, ISDN BRI S/T backup interface,802.11a/b/g WirelessSSG 5 with 128 MB Memory, v.92 backup interface,802.11a/b/g WirelessSSG 5 with 256 MB Memory, RS232 Serial backup interfaceSSG 5 with 256 MB Memory, ISDN BRI S/T backup interfaceSSG 5 with 256 MB Memory, v.92 backup interfaceSSG 5 with 256 MB Memory, RS232 Serial backup interface,802.11a/b/g WirelessSSG 5 with 256 MB Memory, ISDN BRI S/T backup interface,802.11a/b/g WirelessSSG 5 with 256 MB Memory, v.92 backup interface,802.11a/b/g WirelessSSG -MSSG-5-SH-W-xxSSG-5-SH-BTW-xxSSG-5-SH-MW-xxPart NumberSSG 20 with 128 MB Memory, 2 port Mini-PIM slotsSSG 20 with 128 MB Memory, 2 port Mini-PIM slots,802.11a/b/g WirelessSSG 20 with 256 MB Memory, 2 port Mini-PIM slotsSSG 20 with 256 MB Memory, 2 port Mini-PIM slots,802.11a/b/g WirelessSSG 20 I/O -xxPart Number1 port Serial Mini Physical Interface Module*1 port SFP Mini Physical Interface Module**1 port T1 Mini Physical Interface Module1 port E1 Mini Physical Interface Module1 port ADSL2 Annex A Mini Physical Interface Module1 port ADSL2 Annex B Mini Physical Interface Module1 port v.92 Mini Physical Interface Module1 port ISDN S/T BRI Mini Physical Interface ModuleSmall Form Factor Pluggable 1000Base-LX Gigabit EthernetOptical Transceiver ModuleSmall Form Factor Pluggable 1000Base-SX Gigabit EthernetOptical Transceiver all Form Factor Pluggable 1000Base-T Gigabit EthernetCopper Transceiver ModuleSmall Form Factor Pluggable 100Base-FX Fast EthernetOptical Transceiver ModuleSSG 5 / SSG 20 Accessories & UpgradesExtended License Upgrade Key for SSG 5Extended License Upgrade Key for SSG 20SSG 5 and SSG 20 256 MB Memory Upgrade ModuleSSG 5 Rack Mount Kit - holds 2 unitsSSG 20 Rack Mount KitSSG Wireless Replacement AntennaSSG 5 and SSG 20 Dual Band Directional AntennaSSG 5 and SSG 20 Dual Band Omni-Directional Antenna10 meters (30 feet) Low Loss Cable for SSG-ANT-XXXUnified Threat Management/Content Security(High Memory Option Required)Antivirus (incl. Anti-spyware, Anti-phishing)IPS (Deep Inspection)Web FilteringAnti-spamRemote Office Bundle (Includes AV, DI, WF)Main Office Bundle (Includes AV, DI, WF, AS)JX-SFP-1GE-TJX-SFP-1FE-FXPart T-10MPart 5NS-SMB-CS-SSG20 Note: The appropriate power cord is included based upon the sales order “Ship To” destination. Note: XX denotes Region Code for Wireless devices. Not all countries are supported. Please seeWireless Country Compliance Matrix for certified countries. 800003.pdf Note: For renewal of Content Security Subscriptions, add “-R” to above SKUs. Note: For 2 year Content Security Subscriptions, add “-2” to above SKUs. Note: For 3 year Content Security Subscriptions, add “-3” to above SKUs.About Juniper NetworksJX-SFP-1GE-SXJuniper Networks, Inc. is the leader in high-performancenetworking. Juniper offers a high-performance networkinfrastructure that creates a responsive and trusted environmentfor accelerating the deployment of services and applications over asingle network. This fuels high-performance businesses. Additionalinformation can be found at www.juniper.net.EUROPE, MIDDLE EAST, AFRICAREGIONAL SALES HEADQUARTERSJuniper Networks (UK) LimitedBuilding 1Aviator ParkStation RoadAddlestoneSurrey, KT15 2PG, U.K.Phone: 44.(0).1372.385500Fax: 44.(0).1372.385501Copyright 2008 Juniper Networks, Inc. All rights reserved. Juniper Networks, the JuniperNetworks logo, NetScreen, and ScreenOS are registered trademarks of Juniper Networks, Inc.in the United States and other countries. JUNOS and JUNOSe are trademarks of JuniperNetworks, Inc. All other trademarks, service marks, registered trademarks, or registered servicemarks are the property of their respective owners. Juniper Networks assumes no responsibilityfor any inaccuracies in this document. Juniper Networks reserves the right to change, modify,transfer, or otherwise revise this publication without notice.100176-006 Feb 2008Part NumberJX-SFP-1GE-LX* The Serial Mini-PIM is only supported in ScreenOS 6.0 or greater releases** The SFP Mini-PIM is only supported in ScreenOS 6.0 or greater releasesCORPORATE HEADQUARTERSAND SALES HEADQUARTERS FORNORTH AND SOUTH AMERICAJuniper Networks, Inc.1194 North Mathilda AvenueSunnyvale, CA 94089 USAPhone: 888.JUNIPER (888.586.4737)or 408.745.2000Fax: 408.745.2100www.juniper.netSSG 20 I/O Options (cont’d)EAST COAST OFFICEJuniper Networks, Inc.10 Technology Park DriveWestford, MA 01886-3146 USAPhone: 978.589.5800Fax: 978.589.0800ASIA PACIFIC REGIONAL SALES HEADQUARTERSJuniper Networks (Hong Kong) Ltd.26/F, Cityplaza One1111 King’s RoadTaikoo Shing, Hong KongPhone: 852.2332.3636Fax: 852.2574.7803To purchase Juniper Networks solutions, pleasecontact your Juniper Networks sales representativeat 1-866-298-6428 or authorized reseller.
anti-phishing), anti-spam and Web filtering. The SSG 20 deployed at a branch office for secure Internet connectivity and site-to-site VPN to corporate headquarters. Internal wired and wireless resources are protected with unique security policies applied to each security zone. Internet Small Branch Office HQ Zone B WLAN Zone C Zone A WWW 0 i G 0
SSG-5-RMK SSG-5 Rack Mount Kit - hold 2 units SSG-5-SB Security Services Gateway 5 with Serial backup, 128 MB Memory SSG-5-SB-10U SSG-5-SB with 10-user License Bundled SSG-5-SB-BT Security Services Gateway 5 with ISDN backup, S/T Interface, 128 M
Juniper Networks Juniper Networks SSG 320M SSG 350M IPSec VPN Concurrent VPN tunnels 250 350 Tunnel interfaces 100 300 DES (56-bit), 3DES (168-bit) and AES (256-bit) Yes Yes MD-5 and SHA-1 authentication Yes Yes Manual key, IKE, IKEv2 with EAP, PKI (X.509) Yes Yes Perfect forward secrecy (DH Groups) 1,2,5 1,2,5 .
Gateway 5 (SSG 5) and Secure Services Gateway 20 (SSG 20) are purpose-built security appliances that deliver a perfect blend of performance, security, routing and LAN/WAN connectivity for small branch offices, fixed telecommuters and small standalone business deployments. Traffic flowing in and out of the branch office or business is protected from
have partnered with Juniper Networks and worked closely with members of the Juniper Net-works Technical Certification Program to develop this Official Study Guide for the Juniper Networks Certified Internet Associate certification. Just as Juniper Networks is comm
Juniper Networks SRX300, SRX340, and SRX345 Services Gateways Non-Proprietary FIPS 140-2 Cryptographic Module Security Policy Version: 2.4 Date: December 22, 2017 Juniper Networks, Inc. 1133 Innovation Way Sunnyvale, California 94089 USA 408.745.2000 1.888 JUNIPER www.juniper.net
Juniper Networks SRX1500, SRX4100 and SRX4200 Services Gateways Non-Proprietary FIPS 140-2 Cryptographic Module Security Policy Version: 1.3 Date: February 21, 2018 Juniper Networks, Inc. 1133 Innovation Way Sunnyvale, California 94089 USA 408.745.2000 1.888 JUNIPER www.juniper.net
Juniper Networks Junos operating system—that power the world’s largest service provider networks. The Juniper Networks EX Series Ethernet Switches are fully compatible with the Juniper Networks Unified Access Control (UAC), delivering an extra layer of
play in the Juniper JN0-210 certification exam. This study guide is an instrument to get you on the same page with Juniper and understand the nature of the Juniper JNCIA-Cloud exam. Our team of experts has composed this Juniper JN0-210 exam preparation guide to provide the overview about Juniper Clou
