Security Product Comparison Chart

DATASHEET
Security Products COMPARISON MATRIX
Firewall/VPN
Products
Interfaces
Max
Throughput
Max
Sessions
Max
Policies
Virtual
Systems
Virtual
LANs
Security
Zones
Virtual
Routers
High
Availability
1
Routing
Deep
Inspection/
IPS
Integrated
Antivirus/
ANTISPAM
Web
Filtering
(Integrated/
External)
5
SRX5800
40 SFP GigE, 4 XFP 10Gig (SR or LR), 16 GigE (TX or
XFP) FlexIOC, or 4 XFP 10Gig (SR or LR) FlexIOC
120 Gbps firewall, 30 Gbps 3DES/AES VPN,
30 Gbps IPS
4,000,000
80,000
Future release
4,096
512
500
A/P, A/A
OSPF, BGP, RIPv1/v2
No / Yes
No
No / No
SRX5600
40 SFP GigE, 4 XFP 10Gig (SR or LR), 16 GigE (TX or
XFP) FlexIOC, or 4 XFP 10Gig (SR or LR) FlexIOC
60 Gbps firewall, 15 Gbps 3DES/AES VPN,
15 Gbps IPS
4,000,000
80,000
Future release
4,096
256
500
A/P, A/A
OSPF, BGP, RIPv1/v2
No / Yes
No
No / No
SRX3600
8 10/100/1000 + 4 SFP (on-board)
16 SFP GigE, 16 10/100/1000, or 2 XFP 10Gig (SR or LR)
30 Gbps firewall, 10 Gbps 3DES/AES VPN,
10 Gbps IPS
2,000,000
40,000
Future release
4,096
256
500
A/P, A/A
OSPF, BGP, RIPv1/v2
No / Yes
No
No / No
SRX3400
8 10/100/1000 + 4 SFP (on-board)
16 SFP GigE, 16 10/100/1000, or 2 XFP 10Gig (SR or LR)
20 Gbps firewall, 6 Gbps 3DES/AES VPN,
6 Gbps IPS
1,000,000
40,000
Future release
4,096
256
500
A/P, A/A
OSPF, BGP, RIPv1/v2
No / Yes
No
No / No
SRX650
4 10/100/1000, 8 I/O slots supporting GE,
PoE, SFP, T1, E1
7 Gbps firewall, 1.5 Gbps 3DES/AES VPN,
900 Mbps IPS
512,000
8,192
N/A
4,096
128
60
A/P, A/A
OSPF, BGP, RIPv1/v2,
MPLS, Multicast
No / Yes
Yes
Yes
SRX240
16 10/100/1000, optional PoE, 4 1/O slots suporting
SFP, ADSL, ADSL2, ADSL2+, Serial, T1, E1
1.5 Gbps firewall, 250 Mbps 3DES/AES
VPN, 250 Mbps IPS
64,000/
128,000
4,096
N/A
512
32
20
A/P, A/A
OSPF, BGP, RIPv1/v2,
MPLS, Multicast
No / Yes
Yes
Yes
SRX210
2 10/100/1000 + 6 10/100, optional PoE, 1 I/O slot
suporting SFP, ADSL, ADSL2, ADSL2+, Serial, T1, E1
750 Mbps firewall, 75 Mbps 3DES/AES
VPN, 80 Mbps IPS
32,000/
64,000
512
N/A
64
12
10
A/P, A/A
OSPF, BGP, RIPv1/v2,
MPLS, Multicast
No / Yes
Yes
Yes
SRX100
8 10/100
650 Mbps firewall, 65 Mbps 3DES/AES
VPN, future IPS
16,000/
32,000
384
N/A
16
10
3
A/P, A/A
OSPF, BGP, RIPv1/v2,
MPLS, Multicast
No / Yes
Yes / Yes
Yes
J6350
4 10/100/1000 and 6 I/O slots, supporting SFP, Serial,
T1, E1, DS3, E3, ADSL, ADSL2, ADSL2+, G.SHDSL,
10/100/1000
2 Gbps firewall,
1 Gbps 3DES/AES VPN
256,000
10,384
N/A
1024
50
30
A/P, A/A
OSPF, BGP, RIPv1/v2
No / Yes
Yes
Yes
J4350
4 10/100/1000 and 6 I/O slots, supporting SFP, Serial,
T1, E1, DS3, E3, ADSL, ADSL2, ADSL2+, G.SHDSL,
10/100/1000
1.6 Gbps firewall,
600 Mbps 3DES/AES VPN
128,000
5,192
N/A
512
50
30
A/P, A/A
OSPF, BGP, RIPv1/v2
No / Yes
Yes
Yes
J2350
4 10/100/1000 and 5 I/O slots supporting Serial, ISDN
BRI S/T, T1, E1, ADSL, ADSL2, ADSL2+, G.SHDSL
750 Mbps firewall,
160 Mbps 3DES/AES VPN
128,000
2,048
N/A
256
50
25
A/P, A/A
OSPF, BGP, RIPv1/v2
No / Yes
Yes
Yes
J2320
4 10/100/1000 and 3 I/O slots supporting Serial, ISDN
BRI S/T, T1, E1, ADSL, ADSL2, ADSL2+, G.SHDSL
600 Mbps firewall,
140 Mbps 3DES/AES VPN
128,000
2,048
N/A
256
50
20
A/P, A/A
OSPF, BGP, RIPv1/v2
No / Yes
Yes
Yes
NetScreen-5400
8 mini-GBIC (SX, LX or TX), or 2 XFP 10Gig (SR or LR)
30 Gbps firewall, 15 Gbps 3DES/AES VPN
2,000,000
40,000
Up to 500
4,094
16 + up to 1,000
additional
3 + up to 500
additional
A/P, A/A, F/M
OSPF, BGP, RIPv1/v2
Yes / No
No
No / Yes
NetScreen-5200
8 mini-GBIC (SX, LX or TX), or 2 XFP 10Gig (SR or LR)
10 Gbps firewall, 5 Gbps 3DES/AES VPN
1,000,000
40,000
Up to 500
4,094
16 + up to 1,000
additional
3 + up to 500
additional
A/P, A/A, F/M
OSPF, BGP, RIPv1/v2
Yes / No
No
No / Yes
ISG2000 w/
optional IPS
Up to 16 mini-GBIC (SX, LX, or TX), up to 8 10/100/1000,
up to 28 10/100, up to 4 XFP 10Gig (SR or LR)
4 Gbps firewall, 2 Gbps 3DES/AES VPN,
2 Gbps IPS
1,000,000
30,000
Up to 250
4,094
26 + up to 500
additional
3 + up to 250
additional
A/P, A/A, F/M
OSPF, BGP, RIPv1/v2
Yes / Yes
No
Yes / Yes
ISG1000 w/
optional IPS
Up to 16 mini-GBIC (SX, LX, or TX), up to 8 10/100/1000,
up to 28 10/100, up to 4 XFP 10Gig (SR or LR)
2 Gbps firewall, 1 Gbps 3DES/AES VPN,
1 Gbps IPS
500,000
10,000
Up to 50
4,094
26 + up to 500
additional
3 + up to 250
additional
A/P, A/A, F/M
OSPF, BGP, RIPv1/v2
Yes / Yes
No
Yes / Yes
SSG550M
4 10/100/1000 and 6 I/O slots supporting SFP, Serial,
T1, E1, DS3, E3, ADSL, ADSL2, ADSL2+, G.SHDSL,
10/100/1000
1+ Gbps firewall,
500 Mbps 3DES/AES VPN
256,000
4,000
N/A
150
60
16
A/P, A/A
OSPF, BGP, RIPv1/v2
Yes / No
Yes
Yes
SSG520M
4 10/100/1000 and 6 I/O slots supporting SFP, Serial,
T1, E1, DS3, E3, ADSL2+, G.SHDSL, 10/100/1000
650+ Mbps firewall,
300 Mbps 3DES/AES VPN
128,000
4,000
N/A
125
60
11
A/P, A/A
OSPF, BGP, RIPv1/v2
Yes / No
Yes
Yes
SSG350M
4 10/100/1000 and 5 I/O slots supporting Serial, ISDN
BRI S/T, T1, E1, ADSL, ADSL2, ADSL2+, G.SHDSL
550+ Mbps firewall,
225 Mbps 3DES/AES VPN
128,000
2,000
N/A
125
40
8
A/P, A/A
OSPF, BGP, RIPv1/v2
Yes / No
Yes
Yes
SSG320M
4 10/100/1000 and 3 I/O slots supporting Serial, T1, E1,
ADSL, ADSL2, ADSL2+, G.SHDSL
450+ Mbps firewall,
175 Mbps 3DES/AES VPN
64,000
2,000
N/A
125
40
5
A/P, A/A
OSPF, BGP, RIPv1/v2
Yes / No
Yes
Yes
8 10/100 + 2 10/100/1000 + 4 I/O slots supporting T1,
E1, ISDN BRI S/T, Serial, ADSL2+, G.SHDSL,
10/100/1000, SFP
350+ Mbps firewall,
100 Mbps 3DES/AES VPN
48,000
1,000
N/A
100
40
6
A/P, A/A
OSPF, BGP, RIPv1/v2
Yes / No
Yes
Yes
SSG20
SSG20 Wireless
5 10/100 + 2 I/O slots supporting T1, E1, V.92,
ISDN BRI S/T, SFP, Serial, or ADSL2+, optional
802.11a/b/g
160 Mbps firewall,
40 Mbps 3DES/AES VPN
8,000/
16,000
200
N/A
10/50
8
3/4
A/P , A/A,
dial backup
OSPF, BGP, RIPv1/v2
Yes / No
Yes
Yes
SSG5
SSG5 Wireless
7 10/100 with factory configured V.92 or ISDN
BRI S/T or RS232 Serial/AUX., optional
802.11a/b/g
160 Mbps firewall,
40 Mbps 3DES/AES VPN
8,000/
16,000
200
N/A
10/50
8
3/4
A/P , A/A,
dial backup
OSPF, BGP, RIPv1/v2
Yes / No
Yes
Yes
3
3
SSG140
4
8
8
8
5
5
6
6
5
2
2
2
5
2
6
6
2
2
2
2
6
6
4
4
Security Products COMPARISON MATRIX
IDP Series Intrusion Detection
and Prevention Appliances
Max Throughput
Max Sessions
IDP8200
10 Gbps
5,000,000
IDP800
1 Gbps
1,000,000
IDP250
300 Mbps
300,000
IDP75
150 Mbps
100,000
SA Series SSL VPN Appliances
Market Segment
Operational Modes
Passive sniffer
Inline bridge
Inline Proxy-ARP
Inline router
Detection Mechanisms
10 including Stateful
Signatures,
Protocol Anomalies and
Backdoor Detection
Concurrent Users
LICENSE OPTIONS
Large enterprises, service providers,
large government agencies
Up to 10,000 on a single unit; up to
30,000 on a 4-unit cluster
SA4500, SA4500 FIPS
Mid-size to large enterprises,
government agencies
Up to 1000
SA2500
Small to mid-size enterprises
Up to 100
User Licenses, Clustering, Secure
Meeting, Enhanced Endpoint Security
SA700
Small to mid-size enterprises <250
total employees
Up to 25
User Licenses, Core Clientless Access
Market Segment
Large to very large enterprises and government
agencies
IC6500 Unified Access Control Appliance
IC6500 FIPS Unified Access Control Appliance
7
IC4500 Unified Access Control Appliance
Interfaces
High Availability
Configurable up to 16 CG or 16 Fiber SX/BYP or 8 10 G
fiber traffic, 1 CG mgmt and 1 CG HA ports
Optional integrated bypass for copper and fiber for
all traffic ports
10 CG traffic, 1 CG mgmt and 1 CG HA ports
Daily and
emergency
8 CG traffic, 1 CG mgmt and 1 CG HA ports
Integrated bypass
2 CG traffic + 1 CG mgmt ports
SA6500, SA6500 FIPS
IC Series Unified Access Control
Appliances (UAC)
Signature Updates
Large to very large enterprises and government
agencies
Medium to large enterprises, or
remote/branch offices
User Licenses, Clustering, Secure
Meeting, ICE, Enhanced Endpoint
Security, IVS
Enforcement Points
• Any Juniper Networks firewall/VPN product,
including SSG Series, ISG Series, and
SRX Series
• EX Series Ethernet switches
• Any vendor’s 802.1X-enabled switch/access point
• Juniper Networks J Series Services Routers, as
Layer 3 Source IP enforcement points
• Standalone IDP Series appliances as role-based
application-level policy enforcement points
Cluster Options
Access Method
Multi-unit cluster (up to 4 units) or
cluster pairs
Interfaces
High Availability
2 RJ-45, 10/100/1000 traffic; 1 RJ-45
10/100/1000 mgmt; 4 SFP GigE ports
Plus redundant power supply, hard
drive w/ real-time data mirroring, and
additional memory
2 RJ-45, 10/100/1000
A/P, A/A, Stateful Peering, Clustering
2 RJ-45, 10/100
N/A
• Clientless Core Web Access
• Secure Application Manager
• Network Connect
Cluster pairs
• Clientless Core Web Access
• Network Connect
N/A
Simultaneous Endpoints
Interfaces
Clustering / High Availability
Up to 20,000 standalone; up to 30,000 in
3-unit cluster
4 RJ-45, full or half-duplex (auto-negotiation);
SFP module optional
Clustering; dual, mirrored hot swappable SATA
hard drives; dual hot swappable fans; dual hot
swappable power supplies (optional)
Up to 20,000 standalone; up to 30,000 in 3-unit
cluster
Four-port 10/100/1000 copper interface card
Clustering; dual, mirrored hot swappable SATA hard
drives; dual hot swappable fans; dual hot swappable
power supplies (optional)
From 25 to 5,000
2 RJ-45, 10/100/1000 full or half duplex
(auto-negotiation)
Clustering
1) High availability definitions: A/P = Active / Passive mode, A/A = Active / Active mode, F/M = Active / Active full mesh mode, H/A Lite = firewall and VPN failover without session synchronization.
2) Requires purchase of virtual system key; Every virtual system includes one virtual router and two security zones, usable in the virtual or root system.
3) Please visit http://csrc.nist.gov/cryptval/140-1/1401vend.htm for FIPS 140-2 certificates for these platforms.
4) IPS and antispam features are supported on SRX100 as of JUNOS 10.0.
5) Concurrent sessions listed are based upon maximums with current shipping ISG Series hardware. Older ISG Series units may need an optional memory upgrade to achieve maximum concurrent session capacity. Firewall/ VPN concurrent sessions maximum for older ISG Series units without the optional memory upgrade are 250,000 for the ISG1000 and 500,000
for the ISG2000. Older ISG Series units with the optional IPS upgrades installed already have the maximum concurrent session capacity and do not require a memory upgrade.
6) Increased Session, VPN tunnel, VLAN capacities and A/P HA and HA Lite require an Extended License key.
7) IC6500 FIPS UAC Appliance adds a dedicated Federal Information Processing Standard (FIPS) 140-2 Level 3 certified Hardware Security Module (HSM) to handle all cryptographic operations.
8) Increased sessions for high memory SRX100, SRX210, and SRX240 models.
About Juniper Networks
Juniper Networks, Inc. is the leader in high-performance networking. Juniper offers a high-performance network infrastructure that creates a responsive and trusted environment for accelerating the deployment of services and applications over
a single network. This fuels high-performance businesses. Additional information can be found at www.juniper.net.
Corporate and Sales Headquarters
APAC Headquarters
EMEA Headquarters
Juniper Networks, Inc.
1194 North Mathilda Avenue
Sunnyvale, CA 94089 USA
Phone: 888.JUNIPER (888.586.4737)
or 408.745.2000
Fax: 408.745.2100
Juniper Networks (Hong Kong)
26/F, Cityplaza One
1111 King’s Road
Taikoo Shing, Hong Kong
Phone: 852.2332.3636
Fax: 852.2574.7803
Juniper Networks Ireland
Airside Business Park
Swords, County Dublin, Ireland
Phone: 35.31.8903.600
Fax: 35.31.8903.601
1000265-003-EN Sept 2009
Printed on recycled paper.
Copyright 2009 Juniper Networks, Inc. All rights reserved. Juniper Networks, the Juniper Networks logo, JUNOS,
NetScreen, and ScreenOS are registered trademarks of Juniper Networks, Inc. in the United States and other
countries. JUNOSe is a trademark of Juniper Networks, Inc. All other trademarks, service marks, registered
marks, or registered service marks are the property of their respective owners. Juniper Networks assumes
no responsibility for any inaccuracies in this document. Juniper Networks reserves the right to change, modify,
transfer, or otherwise revise this publication without notice.
To purchase Juniper Networks solutions, please
contact your Juniper Networks representative
at 1-866-298-6428 or authorized reseller.
Download PDF
Similar pages