Signature | SG140-D | User manual | SSG 140 Datasheet
Add to my manualsSignature SG140-D: A Versatile Networking Solution for Enhanced Security and Connectivity
The Signature SG140-D is a powerful networking device that combines advanced security features with robust connectivity options to safeguard your network and optimize performance. With its comprehensive Unified Threat Management (UTM) capabilities, including firewall, IPSec VPN, intrusion prevention, antivirus, anti-spam, and web filtering, the SG140-D provides comprehensive protection against cyber threats.
The device's network segmentation features, such as security zones and virtual routers, allow for granular control over network access and isolation of critical resources. This helps prevent unauthorized access and contains potential security breaches.
advertisement
Page Datasheet Juniper NetworksSSG 140 The Juniper Networks Secure Services Gateway 140 (SSG 140) is a purpose-built security appliance that delivers a perfect blend of performance, security, routing, and LAN/WAN connectivity for medium sized branch offices and business deployments. Traffic flowing in and out of the branch office is protected from worms, Spyware, Trojans, and malware by a complete set of Unified Threat Management (UTM) security features including Stateful firewall, IPSec VPN, IPS, Antivirus (includes Anti-Spyware, Anti-Adware, Anti-Phishing), Anti-Spam, and Web Filtering. The rich set of UTM security features allows the SSG 140 to be deployed as a stand alone network protection device. With its robust routing engine, the SSG 140 can also be deployed as a traditional branch office router or as a combination security and routing device to help reduce IT capital and operational expenditures. The SSG 140 provides customers with the following features and benefits: • Extensible I/O architecture that delivers LAN and WAN connectivity options on top of unmatched security to reduce costs and extend investment protection. • UTM security features backed by best-in-class security partners to ensure that the network is protected against all manner of attacks. • Advanced security features such as network segmentation allows administrators to deploy security policies to isolate guests, wireless networks and regional servers or databases to prevent unauthorized access and contain any attacks that may occur. • Dedicated, security specific processing hardware and software platform delivers performance required to protect high speed LAN as well as lower speed WAN connections. Used by enterprises, service providers and stand alone businesses alike, the SSG 140 is ideally suited for medium size offices that require advanced security and routing features to protect business critical traffic traversing the WAN and high speed LAN. Deployment examples include small to medium sized stand alone businesses and branch office environments. Front The SSG 140 is a modular platform that delivers over 350 Mbps of Stateful firewall traffic and 100 Mbps of IPSec VPN. The SSG 140 supports 8 on-board 10/100 + 2 10/100/1000 interfaces and four I/O expansion slots that support T1, E1, ISDN BRI S/T, and Serial connectivity. Back Security Proven Stateful firewall and IPSec VPN combined with best-in-class UTM security features including IPS, Antivirus (includes Anti-Spyware, Anti-Adware, Anti-Phishing), Anti-Spam, and Web Filtering protects both LAN and WAN traffic from worms, Spyware, Trojans, malware and other emerging attacks. Network segmentation The SSG 140 provides an advanced set of network segmentation features such as Security Zones, Virtual Routers and VLANs that allow administrators to deploy different levels of security to different user groups by dividing the network into distinct, secure domains, each with their own security policy. LAN/WAN connectivity The combination of LAN/WAN connectivity options and supporting protocols provides customers with the ability to deploy the SSG 140 as a traditional LAN-based firewall or as a consolidated routing and security device, thereby reducing TCO. Seamlessly transform your network Whether you are deploying a few SSGs to your local offices or implementing thousands around the world, Juniper Networks Professional Services can help. From simple lab testing to major network implementations, we can identify the goals, define the deployment process, create or validate the network design, and manage the deployment. We collaborate with your team to transform your network infrastructure to ensure that it is flexible, scalable, reliable, and secure. Juniper Networks Secure Services Gateway 140 Page SSG 140 Maximum Performance and Capacity ScreenOS version support Firewall performance (Large packets) Firewall performance (IMIX)(2) Firewall packets per second (64 byte) 3DES+SHA-1 VPN performance Concurrent sessions New sessions/second Policies Users supported ScreenOS 5.4 350+ Mbps 300 Mbps 100,000 PPS 100 Mbps 32,000 8,000 500 Unrestricted Network Connectivity Fixed I/O Physical Interface Module (PIM) Slots WAN interface options 8 10/100, 2 10/100/1000 4 2xT1, 2xE1, 1xISDN BRI S/T, 2xSerial (1) Mode of Operation Layer 2 (transparent) mode(3) Layer 3 (route and/or NAT) mode Yes Yes Address Translation Network Address Translation (NAT) Port Address Translation (PAT) Policy-based NAT/PAT Mapped IP Virtual IP Yes Yes Yes Yes Yes Firewall Network attack detection Yes DoS and DDoS protection Yes TCP reassembly for fragmented packet protection Yes Brute force attack mitigation) Yes SYN cookie protection Yes Zone-based IP spoofing Yes Malformed packet protection Yes Unified Threat Management/Content Security(4) IPS (Deep Inspection FW) Protocol anomaly detection Stateful protocol signatures IPS/DI attack pattern obfuscation Antivirus Signature database Protocols scanned Anti-Spyware Anti-Adware Anti-Keylogger Anti-Spam Integrated URL filtering External URL filtering(5) VPN Concurrent VPN tunnels Tunnel interfaces DES (56-bit), 3DES (168-bit) and AES encryption MD-5 and SHA-1 authentication Manual key, IKE, PKI (X.509) Perfect forward secrecy (DH Groups) Prevent replay attack Remote access VPN L2TP within IPSec IPSec NAT traversal Redundant VPN gateways Yes Yes Yes Yes Yes 100,000+ POP3, SMTP, HTTP, IMAP, FTP Yes Yes Yes Yes Yes Yes 125 50 Yes Yes Yes 1,2,5 Yes Yes Yes Yes Yes VoIP Security H.323. ALG SIP ALG MGCP SCCP NAT for VoIP protocols Firewall and VPN User Authentication Built-in (internal) database - user limit 3rd Party user authentication XAUTH VPN authentication Web-based authentication 802.1X authentication SSG 140 Yes Yes Yes Yes Yes 250 RADIUS, RSA SecurID, and LDAP Yes Yes Yes Routing BGP OSPF RIPv1/v2 Dynamic routing Static routes Source-based routing Policy-based routing ECMP Routes Multicast Reverse Forwarding Path (RFP) IGMP (v1, v2) IGMP Proxy PIM SM PIM SSM Mcast inside IPSec Tunnel Yes Yes Yes Yes Yes Yes Yes Yes 2048 Yes Yes Yes Yes Yes Yes Yes Encapsulations PPP MLPPP MLPP max physical interfaces Frame Relay MLFR (FRF 15, FRF 16) MLFR max physical interfaces HDLC Yes Yes 8 Yes Yes 8 Yes Traffic Management (QoS) Guaranteed bandwidth Maximum bandwidth Ingress Traffic Policing Priority-bandwidth utilization DiffServ stamp Yes Yes, per physical interface Yes Yes Yes, per policy System Management WebUI (HTTP and HTTPS) Command Line Interface (console) Command Line Interface (telnet) Command Line Interface (SSH) NetScreen-Security Manager All management via VPN tunnel on any interface SNMP full custom MIB Rapid deployment Logging and Monitoring Syslog (multiple servers) E-mail (2 addresses) NetIQ WebTrends SNMP (v2) Traceroute VPN tunnel monitor Yes Yes Yes Yes Yes Yes Yes No Yes Yes External Yes Yes Yes Page Datasheet SSG 140 Virtualization Maximum number of security zones Maximum number of virtual routers Number of VLANs supported 40 3 100 High Availability (HA) Dedicated HA interfaces Active/Passive Configuration synchronization Session synchronization for firewall and VPN Session failover for routing change Device failure detection Link failure detection Authentication for new HA members Encryption of HA traffic No Yes Yes Yes Yes Yes Yes Yes Yes IP Address Assignment Static DHCP, PPPoE client Internal DHCP server DHCP relay Yes Yes Yes Yes PKI Support PKI Certificate requests (PKCS 7 and PKCS 10) Yes Automated certificate enrollment (SCEP) Yes Online Certificate Status Protocol (OCSP) Yes Certificate Authorities supported Verisign, Entrust, Microsoft, RSA Keon, iPlanet (Netscape), Baltimore, DOD PKI Administration Local administrators database External administrators database Restricted administrative networks Root Admin, Admin, and Read Only user levels Software upgrades Configuration roll-back External Flash Additional log storage Event logs and alarms System config script ScreenOS Software 20 RADIUS/LDAP/SecureID 6 Yes Yes Yes USB1.1 Yes Yes Yes SSG 140 Dimensions and Power Dimensions (H/W/L) Weight Rack mountable Power Supply (AC) Maximum thermal output 1.75” x 17.5” x 15” 10.2 Lbs Yes, 1 RU AC input voltage Operating range: 90 to 240 VAC AC input line frequency 50 or 60 Hz AC system current rating 2 A 580 BTU/hour (170 W) Certifications Safety Certifications UL, CUL, CSA, CB EMC Certifications FCC class B, CE class B, C-Tick, VCCI class A Environment Operational temperature: 32° to 122° F, 0° to 50° C Non-operational temperature: -4° to 158° F, -20° to 70° C Humidity: 10 to 90% non-condensing MTBF (Bellcore model) 16 Years (1) Performance, capacity and features listed are based upon systems running ScreenOS 5.4 and are the measured maximums under ideal testing conditions unless otherwise noted. Actual results may vary based on ScreenOS release and by deployment. (2) IMIX stands for Internet mix and is more demanding than a single packet size as it represents a traffic mix that is more typical of a customer’s network. The IMIX traffic used is made up of 58.33% 64 byte packets + 33.33% 570 byte packets + 8.33% 1518 byte packets of UDP traffic. (3) NAT, PAT, policy based NAT, virtual IP, mapped IP, virtual systems, virtual routers, VLANs, OSPF, BGP, RIPv2, Active/Active HA, and IP address assignment are not available in layer 2 transparent mode. (4) UTM Security features (IPS/Deep Inspection, Antivirus, Anti-Spam and Web filtering) are delivered by annual subscriptions purchased separately from Juniper Networks. Annual subscriptions provide signature updates and associated support. The high memory option is required for UTM Security features. (5) Redirect Web filtering sends traffic to a secondary server and therefore entails purchasing a separate Web filtering license from either Websense or SurfControl. IPS (Deep Inspection FW) Signature Packs Signature Packs provide the ability to tailor the attack protection to the specific deployment and/or attack type. The following Signature packs are available for the SSG 140. Signature Pack Target Deployment Defense Type Type of Attack Object Base Branch Offices, small medium businesses Client/Server and worm protection Range of signatures and protocol anomalies Client Remote/Branch Offices Perimeter defense, compliance for hosts (desktops, etc) Attacks in the serverto-client direction Server Small/Medium Businesses Perimeter defense, compliance for server infrastructure Attacks in the clientto-server direction Worm Mitigation Remote/Branch Offices of Large enterprises Most comprehensive defense against worm attacks Worms, Trojans, backdoor attacks Page Ordering Information Product Part Number SSG 140 SSG 140 System, 256 MB memory, 0 PIM cards, AC power SSG 140 System, 512 MB memory, 0 PIM cards, AC power SSG 140 I/O Options 1 Port ISDN BRI S/T Interface 2 Port E1 PIM with integrated CSU/DSU 2 Port T1 PIM with integrated CSU/DSU 2 Port Serial PIM SSG-140-SB SSG-140-SH JX-1BRI-ST-S JX-2E1-RJ48-S JX-2T1-RJ48-S JX-2Serial-S Unified Threat Management/Content Security (High Memory Option Required) Antivirus (Anti-Spyware, Anti-Phishing) NS-K-AVS-SSG140 IPS (Deep Inspection) NS-DI-SSG140 Anti-Spam NS-SPAM-SSG140 Web Filtering NS-WF-SSG140 Remote Office Bundle (AV, IPS, WF) NS-RBO-CS-SSG140 Main Office Bundle (AV, IPS, WF, AS) NS-SMB-CS-SSG140 SSG 140 Memory Upgrades, Spares and Communications Cables 512 MB memory upgrade for the SSG 140 Power Cable, Australia Power Cable, China Power Cable, Europe Power Cable, Italy Power Cable, Japan Power Cable, UK Power Cable, US Blank I/O plate EIA530 cable (DCE) EIA530 cable (DTE) RS232 cable (DCE) RS232 cable (DTE) RS449 cable (DCE) RS449 cable (DTE) V.35 cable (DCE) V.35 cable (DTE) X.21 cable (DCE) X.21 cable (DTE) SSG-100-MEM-512 CBL-JX-PWR-AU CBL-JX-PWR-CH CBL-JX-PWR-EU CBL-JX-PWR-IT CBL-JX-PWR-JP CBL-JX-PWR-UK CBL-JX-PWR-US JX-Blank-FP-S JX-CBL-EIA530-DCE JX-CBL-EIA530-DTE JX-CBL-RS232-DCE JX-CBL-RS232-DTE JX-CBL-RS449-DCE JX-CBL-RS449-DTE JX-CBL-V35-DCE JX-CBL-V35-DTE JX-CBL-X21-DCE JX-CBL-X21-DTE Note: The appropriate power cord is included based upon the sales order “Ship To” destination. CORPORATE HEADQUARTERS AND SALES HEADQUARTERS FOR NORTH AND SOUTH AMERICA Juniper Networks, Inc. 1194 North Mathilda Avenue Sunnyvale, CA 94089 USA Phone: 888-JUNIPER (888-586-4737) or 408-745-2000 Fax: 408-745-2100 www.juniper.net 100181-003 Nov 2006 EAST COAST OFFICE Juniper Networks, Inc. 10 Technology Park Drive Westford, MA 01886-3146 USA Phone: 978-589-5800 Fax: 978-589-0800 ASIA PACIFIC REGIONAL SALES HEADQUARTERS EUROPE, MIDDLE EAST, AFRICA REGIONAL SALES HEADQUARTERS Juniper Networks (Hong Kong) Ltd. Suite 2507-11, 25/F ICBC Tower, Citibank Plaza, 3 Garden Road, Central, Hong Kong Phone: 852-2332-3636 Fax: 852-2574-7803 Juniper Networks (UK) Limited Building 1 Aviator Park, Station Road Addlestone Surrey, KT15 2PG, U. K. Phone: 44(0)-1372-385500 Fax: 44(0)-1372-385501 Copyright 2006, Juniper Networks, Inc. All rights reserved. Juniper Networks and the Juniper Networks logo are registered trademarks of Juniper Networks, Inc. in the United States and other countries. All other trademarks, service marks, registered trademarks, or registered service marks in this document are the property of Juniper Networks or their respective owners. All specifications are subject to change without notice. Juniper Networks assumes no responsibility for any inaccuracies in this document or for any obligation to update information in this document. Juniper Networks reserves the right to change, modify, transfer, or otherwise revise this publication without notice.
advertisement
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project