Page 1
Datasheet
Juniper Networks NetScreen-5200/5400
The Juniper Networks NetScreen-5000 Series is a line of purpose built, high-performance security systems designed to
deliver a new level of high-performance capabilities for large enterprise, carrier, and data center networks. The NetScreen5000 Series consists of two products, the 2-slot NetScreen-5200 and the 4-slot NetScreen-5400. The NetScreen-5000
Series security systems integrate firewall, DoS and DDoS protection, VPN, and traffic management functionality in lowprofile modular chassis. Built around NetScreen’s third generation security ASIC and distributed system architecture, the
NetScreen-5000 Series offers excellent scalability and flexibility while providing high levels of security through NetScreen’s
custom operating system, NetScreen ScreenOS. The NetScreen-5000 Series employs a switch fabric for data exchange and
separate multi-bus channel for control information, delivering scalable performance for the most demanding environments.
Juniper Networks
NetScreen-5200(1)
Maximum Performance and Capacity(2), (8)
Firewall performance
4 Gbps
3DES performance
2 Gbps
Deep Inspection performance
500/375 Mbps(7)
Concurrent sessions
1,000,000(3)
New sessions/second
31,000/26,000(7)
Policies
40,000(3)
Interfaces
8 mini GBIC (SX or LX)
or 2 mini GBIC + 24
10/100 Base-T
12 Gbps
6 Gbps
500/375 Mbps(7)
1,000,000(3)
31,000/24,000(7)
40,000(3)
24 mini GBIC (SX or LX)
or 6 mini GBIC + 72
10/100 Base-T
Juniper Networks
NetScreen-5000 Series(1)
Mode of Operation
Layer 2 mode (transparent mode)(5)
Layer 3 mode (route and/or NAT mode)
NAT (Network Address Translation)
PAT (Port Address Translation)
Policy-based NAT
Virtual IP
Mapped IP
Users supported
Yes
Yes
Yes
Yes
Yes
8/32 per VSYS
10,000(4)
Unrestricted
Firewall
Number of network attacks detected
31
Network attack detection
Yes
DoS and DDoS protections
Yes
TCP reassembly for fragmented packet protection
Yes
Malformed packet protections
Yes
Deep Inspection firewall
Yes
Protocol anomaly
Yes
Stateful protocol signatures
Yes
DI Protocols supported
HTTP, FTP, SMTP, POP, IMAP, DNS,
NetBIOS/SMB, MS-RPC, P2P, IM
Number of application attacks detected w/DI
over 600
Content Inspection
Yes
Embedded antivirus
No
Malicious Web filtering
up to 48 URLs
External Web filtering (Websense or SurfControl)
Yes
Integrated Web Filtering
No
VPN
VPN tunnels (site-to-site or manual)
Concurrent VPN tunnels (dynamic dialup)
Tunnel interfaces
DES (56-bit), 3DES (168-bit) and AES encryption
MD-5 and SHA-1 authentication
Manual Key, IKE, PKI (X.509)
Perfect forward secrecy (DH Groups)
Prevent replay attack
Remote access VPN
L2TP within IPSec
IPSec NAT Traversal
Redundant VPN gateways
VPN tunnel monitor
Firewall and VPN User Authentication
Built-in (internal) database - user limit
3rd Party user authentication
XAUTH VPN authentication
Web-based authentication
Juniper Networks
NetScreen-5000 Series(1)
Juniper Networks
NetScreen-5400(1)
up to 16,000(3)
up to 25,000(3)
up to 4,095
Yes
Yes
Yes
1,2,5
Yes
Yes
Yes
Yes
Yes
Yes
up to 25,000(3)
RADIUS, RSA SecurID, and LDAP
Yes
Yes
Logging/Monitoring
Syslog (multiple servers)
E-mail (2 addresses)
NetIQ WebTrends
SNMP (v1, v2)
Standard and custom MIB
Traceroute
Virtualization
Maximum number of Virtual Systems
Maximum number of security zones
Maximum number of virtual routers
Number of VLANs supported (8G SPM)
Number of VLANs supported (2G24FE SPM)
Routing
OSPF/BGP dynamic routing
RIPv1/v2 dynamic routing
Static routes
Source-based routing
Equal cost multi-path routing
External, up to 4 servers
Yes
External
Yes
Yes
Yes
0 default, upgradeable to 500(6)
16 default, upgradeable to 1,016(6)
3 default, upgradeable to 503(6)
4,000 max; 500 per port
1,254 max; 500 per GigE port/
254 shared among 24 10/100 ports
up to 8 instances each(3), (8)
up to 512 instances(3)
30,000(3)
Yes
Yes
High Availability (HA)
Active/Active
Active/Passive
Redundant Interfaces
Configuration synchronization
Session synchronization for firewall and VPN
Session failover for routing change
Device failure detection
Link failure detection
Authentication for new HA members
Encryption of HA traffic
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
VoIP
H.323 ALG
SIP ALG
NAT for H.323/SIP
Yes
Yes
Yes
IP Address Assignment
Static
DHCP, PPPoE client
Internal DHCP server
DHCP relay
Yes
No
No
Yes
PKI Support
PKI Certificate requests (PKCS 7 and PKCS 10)
Automated certificate enrollment (SCEP)
Online Certificate Status Protocol (OCSP)
Self Signed Certificates
Certificate Authorities Supported
Verisign
Entrust
Microsoft
RSA Keon
iPlanet (Netscape)
Baltimore
DOD PKI
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Page 2
Juniper Networks
NetScreen-5000 Series
System Management
WebUI (HTTP and HTTPS)
Command Line Interface (console)
Command Line Interface (telnet)
Command Line Interface (SSH)
NetScreen-Security Manager
All management via VPN tunnel on any interface
SNMP Full Custom MIB
Rapid deployment
Yes
Yes
Yes
Yes, v1.5 and v2.0 compatible
Yes
Yes
Yes
No
Administration
Local administrators database
External administrator database
Restricted administrative networks
Root Admin, Admin, and Read Only user levels
Software upgrades
Configuration Roll-back
Traffic Management
Guaranteed bandwidth
Maximum bandwidth
Priority-bandwidth utilization
DiffServ stamp
20
RADIUS/LDAP/SecurID
6
Yes
TFTP/WebUI/SCP/NSM
Yes
No
Yes, per physical interface
No
Yes, per policy
External Flash
CompactFlash™
Industrial Grade SanDisk
Event logs and alarms
System config script
NetScreen ScreenOS software
Supports 128 or 512 MB
Yes
Yes
Yes
Dimensions and Power
Dimensions (H/W/L)
Weight
Rack mountable
Power Supply (AC)
Power Supply (DC)
Juniper Networks
NetScreen-5200
Juniper Networks
NetScreen-540
3.4/17.5/20 in.
37 lbs.
19” standard, 23” optional
90 to 264 VAC, 150 watts
-36 to -72 VDC, 150 watts
8.6/17.5/14 in.
45 lbs.
19” standard, 23” optional
90 to 264 VAC, 300 watts
-36 to -72 VDC, 300 watts
Certifications
Safety Certifications
UL, CUL, CSA, CB, Austel, NEBS Level 3
NEBS Level 3 NS-5000-MGT Management Module
EMC Certifications
FCC class A, BSMI, CE class A, C-Tick, VCCI class A
Security
Common Criteria EAL4 plus (with NS-5200/8G and NS-5000-MGT
Management Module)
FIPS 140 Level 2 (with NS-5200/8G and NS-5000-MGT Management Module)
Environment
Operational temperature: 32 to 105° F, 0 to 45° C
Non-operational temperature: -4 to 158° F, -20 to 70° C
Humidity: 10 to 90% non-condensing
MTBF (Bellcore model)
NetScreen-5200: 7.9 years, NetScreen-5400: 7.0 years
(1) Performance, capacity and features listed are based upon systems ScreenOS 5.1.0 and may vary with other ScreenOS
releases. Actual throughput may vary based upon packet size and enabled features.
(2) Performance and capacity provided are the measured maximums under ideal testing conditions. May vary by
deployment.
(3) Shared among all Virtual Systems
(4) Not available with Virtual Systems
CORPORATE HEADQUARTERS
AND SALES HEADQUARTERS
FOR NORTH AND SOUTH AMERICA
Juniper Networks, Inc.
1194 North Mathilda Avenue
Sunnyvale, CA 94089 USA
Phone: 888-JUNIPER (888-586-4737)
or 408-745-2000
Fax: 408-745-2100
www.juniper.net
EAST COAST OFFICE
Juniper Networks, Inc.
10 Technology Park Drive
Westford, MA 01886-3146 USA
Phone: 978-589-5800
Fax: 978-589-0800
ASIA PACIFIC REGIONAL
SALES HEADQUARTERS
Juniper Networks (Hong Kong) Ltd.
Suite 2507-11, Asia Pacific Finance Tower
Citibank Plaza, 3 Garden Road
Central, Hong Kong
Phone: 852-2332-3636
Fax: 852-2574-7803
EUROPE, MIDDLE EAST, AFRICA
REGIONAL SALES HEADQUARTERS
Juniper Networks (UK) Limited
Juniper House
Guildford Road
Leatherhead
Surrey, KT22 9JH, U. K.
Phone: 44(0)-1372-385500
Fax: 44(0)-1372-385501
Ordering Information
Product
Part Number
Juniper Networks NetScreen-5200 bundles
NetScreen-5200
1 2G24FE SPM, 0 VSYS, AC
NetScreen-5200
1 2G24FE SPM, 0 VSYS, DC
NetScreen-5200
1 8G SPM, 0 VSYS, AC
NetScreen-5200
1 8G SPM, 0 VSYS, DC
NetScreen-5200
1 8G SPM, 100 VSYS, AC
NetScreen-5200
1 8G SPM, 100 VSYS, DC
NetScreen-5200
1 8G SPM, 500 VSYS, AC
NetScreen-5200
1 8G SPM, 500 VSYS, DC
NS-5200-P00A-S00
NS-5200-P00D-S00
NS-5200-P01A-S00
NS-5200-P01D-S00
NS-5200-P01A-S01
NS-5200-P01D-S01
NS-5200-P01A-S02
NS-5200-P01D-S02
Juniper Networks NetScreen 5200 bundles with Management 2
NetScreen-5200
5200, 2G24FE, AC, no VSYS, MGT2
NetScreen-5200
5200, 2G24FE, DC, no VSYS, MGT2
NetScreen-5200
5200, 8G, AC, no VSYS, MGT2
NetScreen-5200
5200, 8G, DC, no VSYS, MGT2
NS-5200-P10A-S00
NS-5200-P10D-S00
NS-5200-P11A-S00
NS-5200-P11A-S00
Juniper Networks NetScreen-5400 bundles
NetScreen-5400
1 2G24FE SPM, 0 VSYS, AC
NetScreen-5400
1 2G24FE SPM, 0 VSYS, DC
NetScreen-5400
1 8G SPM, 0 VSYS, AC
NetScreen-5400
1 8G SPM, 0 VSYS, DC
NetScreen-5400
1 8G SPM, 100 VSYS, AC
NetScreen-5400
1 8G SPM, 100 VSYS, DC
NetScreen-5400
1 8G SPM, 500 VSYS, AC
NetScreen-5400
1 8G SPM, 500 VSYS, DC
NS-5400-P00A-S00
NS-5400-P00D-S00
NS-5400-P01A-S00
NS-5400-P01D-S00
NS-5400-P01A-S01
NS-5400-P01D-S01
NS-5400-P01A-S02
NS-5400-P01D-S02
Juniper Networks NetScreen-5400 bundles with Management 2
NetScreen-5400
5400, 2G24FE, AC, no VSYS, MGT2
NetScreen-5400
5400, 2G24FE, DC, no VSYS, MGT2
NetScreen-5400
5400, 8G, AC, no VSYS, MGT
NetScreen-5400
5400, 8G, DC, no VSYS, MGT2
NS-5400-P10A-S00
NS-5400-P10D-S00
NS-5400-P11A-S00
NS-5400-P11D-S00
Juniper Networks NetScreen-5000 Virtual System Upgrades
NetScreen-5000
VSYS Upgrade 0 to 5
NetScreen-5000
VSYS Upgrade 5 to 25
NetScreen-5000
VSYS Upgrade 25 to 50
NetScreen-5000
VSYS Upgrade 50 to 100
NetScreen-5000
VSYS Upgrade 100 to 250
NetScreen-5000
VSYS Upgrade 250 to 500
NetScreen-5000
VSYS Upgrade 0 to 500
NS-5000-VSYS-5
NS-5000-VSYS-25
NS-5000-VSYS-50
NS-5000-VSYS-100
NS-5000-VSYS-250
NS-5000-VSYS-500
NS-5000-VSYS
Every Virtual System includes one virtual router and two security zones, usable in the virtual or root system
Juniper Networks NetScreen-5000 Components
Management Module
Management Module 2
8G (8 mini-GBIC) Secure Port Module
2G24FE (2 mini-GBIC24 10/100) Secure Port Module
mini-GBIC transceiver - SX
mini-GBIC transceiver - LX
NS-5000-MGT
NS-5000-MGT2
NS-5000-8G
NS-5000-2G24FE
NS-SYS-GBIC-MSX
NS-SYS-GBIC-MLX
Juniper Networks NetScreen-5200 Components
NetScreen-5200
Chassis
NetScreen-5200
AC Power Supply
NetScreen-5200
DC Power Supply
NetScreen-5200
Fan Assembly
NS-5200-CHA
NS-5200-PWR-AC
NS-5200-PWR-DC
NS-5200-FAN
Juniper Networks NetScreen-5400 Components
NetScreen-5400
Chassis
NetScreen-5400
AC Power Supply
NetScreen-5400
DC Power Supply
NetScreen-5400
Fan Assembly
NS-5400-CHA
NS-5400-PWR-AC
NS-5400-PWR-DC
NS-5400-FAN
(5) NAT, PAT, policy based NAT, virtual IP, mapped IP, virtual systems, virtual routers, VLANs, OSPF, BGP, RIPv2, Active/Active
HA, and IP address assignment are not available in layer 2 transparent mode. The SPM 8G allows VLAN tags to pass
through the firewall, but the SPM 2G24FE does not allow VLAN tags to pass through the firewall.
(6) Requires purchase of virtual system key. Every virtual system includes one virtual router and two security zones, usable
in the virtual or root system.
(7) Listed first higher performance numbers achieved by systems equipped with Management Module 2
(8) These capacities apply to ScreenOS 5.1 which will be available on Management Module 2 in 2005
Copyright 2004, Juniper Networks, Inc. All rights reserved. Juniper Networks, the Juniper Networks logo, NetScreen, NetScreen Technologies, the
NetScreen logo, NetScreen-Global Pro, ScreenOS, and GigaScreen are registered trademarks of Juniper Networks, Inc. in the United States and other
countries. The following are trademarks of Juniper Networks, Inc.: ERX, ESP, E-series, Instant Virtual Extranet, Internet Processor, J2300,
J4300, J6300, J-Protect, J-series, J-Web, JUNOS, JUNOScope, JUNOScript, JUNOSe, M5, M7i, M10, M10i, M20, M40, M40e, M160, M320,
M-series, MMD, NetScreen-5GT, NetScreen-5XP, NetScreen-5XT, NetScreen-25, NetScreen-50, NetScreen-204, NetScreen-208, NetScreen500, NetScreen-5200, NetScreen-5400, NetScreen-IDP 10, NetScreen-IDP 100, NetScreen-IDP 500, NetScreen-Remote Security Client,
NetScreen-Remote VPN Client, NetScreen-SA 1000 Series, NetScreen-SA 3000 Series, NetScreen-SA 5000 Series, NetScreen-SA Central
Manager, NetScreen Secure Access, NetScreen-SM 3000, NetScreen-Security Manager, NMC-RX, SDX, Stateful Signature, T320, T640, and
T-series. All other trademarks, service marks, registered trademarks, or registered service marks are the property of their respective
owners. All specifications are subject to change without notice. Juniper Networks assumes no responsibility for any inaccuracies in this
document. Juniper Networks reserves the right to change, modify, transfer, or otherwise revise this publication without notice.
110007-003 Nov 2004