Transcription
DATASHEETSSG5 AND SSG20SECURE SERVICESGATEWAYSProduct OverviewThe Juniper Networks SSG5 andSSG20 Secure Services Gateways arepurpose-built security appliancesthat deliver a perfect blend ofperformance, security, routing andLAN/WAN connectivity for smallbranch offices, fixed telecommutersand small standalone businessdeployments. Traffic flowing inand out of the branch office orbusiness is protected from worms,Product DescriptionThe Juniper Networks SSG5 and SSG20 Secure Services Gateways are highperformance security platforms for small branch office and standalone businesses thatwant to stop internal and external attacks, prevent unauthorized access and achieveregulatory compliance. Both the SSG5 and SSG20 deliver 160 Mbps of stateful firewalltraffic and 40 Mbps of IPsec VPN traffic.Security: Protection against worms, viruses, trojans, spam, and emerging malware isdelivered by proven unified threat management (UTM) security features that are backedby best-in-class partners. To address internal security requirements and facilitateregulatory compliance, the SSG5 and SSG20 both support an advanced set of networkprotection features such as security zones, virtual routers and VLANs that allowadministrators to divide the network into distinct secure domains, each with its ownunique security policy. Policies protecting each security zone can include access controlrules and inspection by any of the supported UTM security features.spyware, trojans, and malware bya complete set of Unified ThreatREGIONAL OFFICEHEADQUARTERSManagement security features thatinclude stateful firewall, IPsec VPN,intrusion prevention system (IPS),Zone AM7iantivirus (includes anti-spyware,INTERNETanti-adware, anti-phishing), anti-SSG20spam and Web filtering.Zone CNetScreen-5400Zone BThe SSG20 deployed at a branch office for secure Internet connectivity and site-to-site VPN tocorporate headquarters. Internal wired and wireless resources are protected with unique securitypolicies applied to each security zone.1
Connectivity and Routing: The SSG5 has seven on-board 10/100interfaces with optional fixed WAN ports. The SSG20 has five10/100 interfaces with two I/O expansion slots for additionalWAN connectivity. The broad array of I/O options coupledwith WAN protocol and encapsulation support in the routingengine make both the SSG5 and the SSG20 a solution that caneasily be deployed as a traditional branch office router or as aconsolidated security and routing device to reduce CapEx andOpEx. Both the SSG5 and SSG20 support 802.11 a/b/g as a factoryconfigured option supported by a wide array of wireless specificsecurity features.Access Control Enforcement: The SSG5 and SSG20 can actas enforcement points in a Juniper Networks Unified AccessControl deployment with the simple addition of the IC SeriesUAC appliance. The IC Series functions as a central policymanagement engine, interacting with the SSG5 or SSG20 toaugment or replace the firewall-based access control with asolution that grants/denies access based on more granularcriteria that include endpoint state and user identity in order toaccommodate the dramatic shifts in attack landscape and usercharacteristics.World Class Support: From simple lab testing to major networkimplementations, Juniper Networks Professional Services willcollaborate with your team to identify goals.Features and BenefitsFEATUREFEATURE DESCRIPTIONBENEFITHigh performancePurpose-built platform is assembled fromcustom-built hardware, powerful processing and asecurity-specific operating system.Delivers performance headroom required toprotect against internal and external attacks nowand into the future.Best-in-class UTM securityfeaturesUTM security features (antivirus, anti-spam, Webfiltering, IPS) stop all manner of viruses andmalware before they damage the network.Ensures that the network is protected against allmanner of attacks.Integrated antivirusAnnually licensed antivirus engine is based onKaspersky Lab engine.Stops viruses, spyware, adware and othermalware.Integrated anti-spamAnnually licensed anti-spam offering is based onSophos technology.Blocks unwanted email from known spammersand phishers.Integrated Web filteringAnnually licensed Web filtering solution is basedon Websense SurfControl technology.Controls/blocks access to malicious Web sites.Integrated IPS (Deep Inspection)Annually licensed IPS engine.Prevents application-level attacks from floodingthe network.Fixed InterfacesSeven fixed 10/100 interfaces on the SSG5, and five Provides high-speed LAN connectivity, redundantfixed 10/100 interfaces on the SSG20. The SSG5 is WAN connectivity and flexible management.factory configured with either RS232 Serial/AUXor ISDN BRI S/T or V.92 fixed WAN backup. Bothmodels include one console port and one auxiliaryport.Network segmentationSecurity zones, virtual LANs and virtual routersallow administrators to deploy security policiesto isolate guests, wireless networks and regionalservers or databases.Facilitates deployment of internal security toprevent unauthorized access, contain attacks andassist in achieving regulatory compliance.Interface modularityTwo interface expansion slots (SSG20 only)supporting optional ADSL 2 , T1, E1, ISDN BRIS/T, Serial, SFP and v.92 Mini physical interfacemodules (Mini-PIMs).*Delivers combination of LAN and WAN connectivityon top of unmatched security to reduce costs andextend investment protection.Robust routing engineProven routing engine supports OSPF, BGP, andRIP v1/2.Enables the deployment of a consolidated securityand routing device, thereby lowering operationaland capital expenditures.802.11 a/b/g wireless-specificsecurity featuresWireless-specific privacy and authenticationfeatures augment the UTM security capabilities toprotect wireless traffic.Provides additional device consolidationopportunities (WLAN access point, security,routing) for small office environment.*Serial and SFP Mini-PIMs only supported in ScreenOS 6.0 or greater releases2
Features and Benefits (continued)FEATUREFEATURE DESCRIPTIONBENEFITJuniper Networks Unified Access Interacts with the centralized policy managementControl enforcement pointengine (IC Series) to enforce session-specificaccess control policies using criteria such asuser identity, device security state and networklocation.Improves security posture in a cost-effectivemanner by leveraging existing customer networkinfrastructure components and best-in-classtechnology.Management flexibilityUse any one of three mechanisms, commandline interface (CLI), WebUI or Juniper NetworksNetwork and Security Manager (NSM) to securelydeploy, monitor and manage security policies.Enables management access from any location,eliminating onsite visits thereby improvingresponse time and reducing operational costs.World-class professionalservicesFrom simple lab testing to major networkimplementations, Juniper Networks ProfessionalServices will collaborate with your team to identifygoals, define the deployment process, createor validate the network design and manage thedeployment.Transforms the network infrastructure to ensurethat it is secure, flexible, scalable and reliable.Product OptionsOPTIONOPTION DESCRIPTIONAPPLICABLE PRODUCTSDRAMThe SSG5 and SSG20 are available with either128 MB or 256 MB of DRAM.SSG5 and SSG20Unified Threat Management/ContentSecurity (high memory optionrequired)The SSG5 and SSG20 can be configured withany combination of the following best-in-classUTM and content security functionality: antivirus(includes anti-spyware, anti-phishing), IPS (DeepInspection), Web filtering and/or anti-spam.High memory SSG5 or SSG20 onlyI/O optionsTwo interface expansion slots supporting optionalADSL 2 , T1, E1, ISDN BRI S/T, Serial, SFP andv.92 Mini physical interface modules (Mini-PIMs).SSG20 only802.11 a/b/g connectivityThe SSG5 and SSG20 can be factory configured for802.11 a/b/g wireless LAN connectivity.SSG5 and SSG20Extended licenseKey capacities can be increased (sessions, VPNtunnels, VLANs) and stateful high availability (HA)support for firewall and VPN can be added.SSG5 and SSG20SSG5SSG5 WirelessSSG20SSG20 Wireless3
Specifications(1)SSG5 BASE/EXTENDEDSSG20 BASE/EXTENDEDScreenOS 6.2ScreenOS 6.2160 Mbps160 MbpsMaximum Performance and Capacity(2)ScreenOS version testedFirewall performance (Large packets)Firewall performance (IMIX)90 Mbps90 Mbps30,000 PPS30,000 PPSAdvanced Encryption Standard (AES) 256 SHA-1 VPNperformance40 Mbps40 Mbps3DES encryption SHA-1 VPN performance40 Mbps40 Mbps8,000/16,0008,000/16,0002,8002,800Maximum security policies200200Maximum users 2Factory configured: RS232 Serial AUX or ISDNBRI S/T or V.92Mini-PIMs: 1xADSL 2 , 1xT1, 1xE1, V.92, ISDNBRI S/T, 1xSFP, 1xSerialNetwork attack detectionYesYesDoS and DDoS protectionYesYesTCP reassembly for fragmented packet protectionYesYesBrute force attack mitigationYesYesSYN cookie protectionYesYesZone-based IP spoofingYesYesMalformed packet protectionYesYesIPS (Deep Inspection firewall)YesYesProtocol anomaly detectionYesYesStateful protocol signaturesYesYesIPS/DI attack pattern obfuscationYesYesYesYes(3)Firewall packets per second (64 byte)Maximum concurrent sessionsNew sessions/secondNetwork ConnectivityFixed I/OMini-Physical Interface Module (Mini-PIM) slotsWAN interface optionsFirewallUnified Threat Management(4)AntivirusInstant message AVYesYesSignature database200,000 200,000 Protocols scannedPOP3, HTTP, SMTP, IMAP, FTP, IMPOP3, HTTP, SMTP, IMAP, FTP, rYesYesAnti-spamYesYesIntegrated URL filteringYesYesExternal URL filtering(5)YesYesH.323. Application-level gateway (ALG)YesYesSIP ALGYesYesMGCP ALGYesYesSCCP ALGYesYesNetwork Address Translation (NAT) for VoIP protocolsYesYesVoIP Security4
Specifications (continued)SSG5 BASE/EXTENDEDSSG20 BASE/EXTENDEDIPsec VPNAuto-Connect VPNConcurrent VPN tunnelsYesYes25/4025/40Tunnel interfaces1010DES encryption (56-bit), 3DES encryption (168-bit) andAdvanced Encryption Standard (AES) (256-bit)YesYesMD-5 and SHA-1 authenticationYesYesManual key, Internet Key Exchange (IKE), IKEv2 with EAPpublic key infrastructure (PKI) (X.509)YesYesPerfect forward secrecy (DH Groups)1,2,51,2,5Prevent replay attackYesYesRemote access VPNYesYesLayer2 Tunneling Protocol (L2TP) within IPsecYesYesIPsec Network Address Translation (NAT) traversalYesYesRedundant VPN gatewaysYesYesUser Authentication and Access ControlBuilt-in (internal) database - user limit100100RADIUS, RSA SecureID, LDAPRADIUS, RSA SecureID, LDAPRADIUS AccountingYesYesXAUTH VPN authenticationYesYesWeb-based authenticationYesYes802.1X authenticationYesYesUnified Access Control (UAC) enforcement pointYesYesPKI Certificate requests (PKCS 7 and PKCS 10)YesYesAutomated certificate enrollment (SCEP)YesYesOnline Certificate Status Protocol (OCSP)YesYesVeriSign, Entrust, Microsoft, RSA Keon, iPlanet(Netscape) Baltimore, DoD PKIVeriSign, Entrust, Microsoft, RSA Keon, iPlanet(Netscape) Baltimore, DoD PKIYesYesThird-party user authenticationPKI SupportCertificate Authorities supportedSelf-signed certificatesVirtualizationMaximum number of security zones88Maximum number of virtual routers3/43/410/5010/50Maximum number of VLANsRoutingBGP instances3/43/4BGP peers10/1610/16BGP routes1,0241,024331,0241,024OSPF instancesOSPF routesRIP v1/v2 instances1616RIP v2 routes1,0241,024Static routes1,0241,024Source-based routingYesYesPolicy-based routingYesYesEqual-cost multipath (ECMP)YesYes5
Specifications (continued)SSG5 BASE/EXTENDEDSSG20 BASE/EXTENDEDRouting (continued)MulticastYesYesReverse Path Forwarding (RPF)YesYesInternet Group Management Protocol (IGMP) (v1, v2)YesYesIGMP ProxyYesYesPIM single modeYesYesPIM source-specific multicastYesYesMulticast inside IPsec tunnelYesYesICMP Router Discovery Protocol (IRDP)YesYesPoint-to-Point Protocol (PPP)YesYesMultilink Point-to-Point Protocol (MLPPP)N/AYesFrame RelayYesYesMultilink Frame Relay (MLFR) (FRF 15, FRF 16)YesYesHDLCYesYesDual stack IPv4/IPv6 firewall and VPNYesYesIPv4 to/from IPv6 translations and encapsulationsYesYesSyn-Cookie and Syn-Proxy DoS Attack DetectionYesYesSIP, RTSP, Sun-RPC, and MS-RPC ALG’sYesYesRIPngYesYesBGPYesYesTransparent modeYesYesNSRPYesYesDHCPv6 RelayYesYesLayer 2 (transparent) mode(6)YesYesLayer 3 (route and/or NAT) modeYesYesNetwork Address Translation (NAT)YesYesPort Address Translation (PAT)YesYesPolicy-based NAT/PAT (L2 and L3 mode)YesYesMapped IP (MIP) (L3 mode)300300EncapsulationsIPv6Mode of OperationAddress TranslationVirtual IP (VIP) (L3 mode)4/54/5MIP/VIP Grouping (L3 mode)YesYesDual untrustYesYesBridge groupsYesYesStaticYesYesDHCP, PPPoE clientYesYesInternal DHCP serverYesYesDHCP relayYesYesGuaranteed bandwidthYes - per policyYes - per policyMaximum bandwidthYes - per policyYes - per policyIngress traffic policingYesYesPriority-bandwidth utilizationYesYesYes - per policyYes - per policyIP Address AssignmentTraffic Management Quality of Service (QoS)Differentiated Services stamping*Bridge groups supported only on uPIMs in ScreenOS 6.0 and greater releases6
Specifications (continued)SSG5 BASE/EXTENDEDSSG20 BASE/EXTENDEDActive/Active - L3 modeYesYesActive/Passive -Transparent & L3 modeYesYesConfiguration synchronizationYesYesSession synchronization for firewall and VPNYesYesSession failover for routing changeYesYesVRRPYesYesDevice failure detectionYesYesLink failure detectionYesYesAuthentication for new HA membersYesYesEncryption of HA trafficYesYesWebUI (HTTP and HTTPS)YesYesCommand line interface (console)YesYesCommand line interface (telnet)YesYesYes v1.5 and v2.0 compatibleYes v1.5 and v2.0 compatibleNetwork and Security Manager (NSM)YesYesAll management via VPN tunnel on any interfaceYesYesRapid deploymentYesYes2020RADIUS, RSA SecurID, LDAPRADIUS, RSA SecureID, LDAP66YesYesTFTP, WebUI, NSM, SCP, USBTFTP, WebUI, NSM, SCP, USBYesYesYes - up to 4 serversYes - up to 4 serversEmail (two addresses)YesYesNetIQ WebTrendsYesYesSNMP (v2)YesYesSNMP full custom MIBYesYesTracerouteYesYesVPN tunnel monitorYesYesAdditional log storageUSB 1.1USB 1.1Event logs and alarmsYesYesSystem configuration scriptYesYesScreenOS SoftwareYesYesHigh Availability (HA)(7)System ManagementCommand line interface (SSH)AdministrationLocal administrator database sizeExternal administrator database supportRestricted administrative networksRoot Admin, Admin and Read Only user levelsSoftware upgradesConfiguration rollbackLogging/MonitoringSyslog (multiple servers)External Flash7
Specifications (continued)SSG5 BASE/EXTENDEDSSG20 BASE/EXTENDED8.8 x 1.6 x 5.6 in (22.2 x 4.1 x 14.3 cm)11.6 x 1.8 x 7.4 in (29.5 x 4.5 x 18.7 cm)2.1 lb (0.95 kg)3.3 lb (1.5 kg)YesYesDimensions and PowerDimensions (W x H x D)WeightRack mountablePower supply (AC)Maximum thermal output100-240 VAC100-240 VAC122.8 BTU/Hour122.8 BTU/HourCertificationsSafety certificationsCSA, CBCSA, CBFCC class B, CE class B, A-Tick, VCCI class BFCC class B, CE class B, A-Tick, VCCI class BNon-wireless40.5 years35.8 yearsWireless22.8 years28.9 yearsCommon Criteria: EAL4YesYesFIPS 140-2: Level 2YesYesICSA Firewall and VPNYesYes32 to 104 F (0 to 40 C)32 to 104 F (0 to 40 C)Non-operating temperature-4 to 149 F (-20 to 65 C)-4 to 149 F (-20 to 65 C)Humidity10% to 90% noncondensing10% to 90% noncondensingUp to 200 mWUp to 200 mWEMC certificationsMean Time Between Failures (MTBF)Security CertificationsOperating EnvironmentOperating temperatureWireless Radio Specifications (Wireless Models Only)Transmit powerWireless standards supportedDual Radio 802.11 a 802.11b/gDual Radio 802.11 a 802.11b/gSite surveyYesYesMaximum configured SSIDs1616Maximum active SSIDs44Atheros SuperGYesYesAtheros eXtended Range (XR)YesYesWi-Fi CERTIFIEDYesYesWireless privacyWPA, WPA2 (AES or TKIP), IPsec VPN, WEPWPA, WPA2 (AES or TKIP), IPsec VPN, WEPWireless authenticationPSK, EAP-PEAP, EAP-TLS, EAP-TTLS over802.1xPSK, EAP-PEAP, EAP-TLS, EAP-TTLS over802.1xPermit or DenyPermit or DenyYesYesDiversity antennaIncludedIncludedDirectional antennaOptionalOptionalOmni-directional antennaOptionalOptional Wireless Security (Wireless Models Only)MAC access controlsClient isolationAntenna Option (Wireless Models Only)(1) Some features and functionality only supported in releases greater than ScreenOS 5.4.(2) P erformance, capacity and features listed are based upon systems running ScreenOS 6.2 and are the measured maximums under ideal testing conditions unless otherwise noted. Actual results mayvary based on ScreenOS release and deployment. For a complete list of supported ScreenOS versions for SSG Series gateways, please visit the Juniper Customer Support Center (www.juniper.net/customers/support/) and click on ScreenOS Software Downloads(3) I MIX stands for Internet mix and is more demanding than a single packet size as it represents a traffic mix that is more typical of a customer’s network. The IMIX traffic used is made up of 58.33% 64byte packets 33.33% 570 byte packets 8.33% 1518 byte packets of UDP traffic.(4) UTM Security features (IPS/Deep Inspection, antivirus, anti-spam and Web filtering) are delivered by annual subscriptions purchased separately from Juniper Networks. Annual subscriptions providesignature updates and associated support. The high memory option is required for UTM Security features.(5) R edirect Web filtering sends traffic from the firewall to a secondary server. The redirect feature is free, however it does require the purchase of a separate Web filtering license from either Websenseor SurfControl.(6) NAT, PAT, policy-based NAT, virtual IP, mapped IP, virtual systems, virtual routers, VLANs, OSPF, BGP, RIPv2, active/active HA and IP address assignment are not available in layer 2 transparent mode.(7) A ctive/passive and active/active HA requires the purchase of an Extended License. In addition to the HA features, an Extended License key increases a subset of the capacities as outlined below.Active/active HA is only supported in ScreenOS 6.0 or greater releases.8
IPS (Deep Inspection firewall) Signature PacksSignature packs provide the ability to tailor the attack protection to the specific deployment and/or attack type. The following signaturepacks are available for the SSG5 and SSG20:SIGNATURE PACKTARGET DEPLOYMENTDEFENSE TYPETYPE OF ATTACK OBJECTBaseBranch offices, small/mediumbusinessesClient/server and worm protectionRange of signatures and protocolanomaliesClientRemote/branch officesPerimeter defense, compliance forhosts (desktops, etc.)Attacks in the server-to-client directionServerSmall/medium businessesPerimeter defense, compliance forserver infrastructureAttacks in the client-to-server directionWorm mitigationRemote/branch offices of largeenterprisesMost comprehensive defense againstworm attacksWorms, trojans, backdoor attacksFirewall Extended LicensesEXTENDED LICENSE FEATURESSG20 AND SSG5SessionsIncreases max from 8,000 to 16,000VPN tunnelsIncreases max from 25 to 40VLANsIncreases max from 10 to 50VoIP callsIncreases max from 64 to 96High availabilityAdds support for stateful active/active or active/passive with ScreenOS 6.0 and abovePerformance-Enabling Services and SupportJuniper Networks is the leader in performance-enabling services and support, which are designed to accelerate, extend, and optimizeyour high-performance network. Our services allow you to bring revenue-generating capabilities online faster so you can realize biggerproductivity gains, faster rollouts of new business models and ventures, and greater market reach, while generating higher levels ofcustomer satisfaction. At the same time, Juniper Networks ensures operational excellence by optimizing your network to maintainrequired levels of performance, reliability, and availability. For more details, please visit www.juniper.net/products-services.9
Ordering InformationMODEL NUMBERDESCRIPTIONSSG-5-SBMODEL NUMBERDESCRIPTIONSSG5 / SSG20 Accessories & UpgradesSSG5SSG5 with 128 MB Memory, RS232 Serial backupinterfaceSSG-5-ELUExtended License Upgrade Key for SSG5SSG-20-ELUExtended License Upgrade Key for SSG20SSG-5-SB-BTSSG5 with 128 MB Memory, ISDN BRI S/T backupinterfaceSSG-5-20-MEM-256SSG5 and SSG20 256 MB Memory Upgrade ModuleSSG-5-SB-MSSG5 with 128 MB Memory, v.92 backup interfaceSSG-5-RMKSSG5 Rack Mount Kit - holds 2 unitsSSG-5-SB-W-xxSSG5 with 128 MB Memory, RS232 Serial backupinterface, 802.11a/b/g WirelessSSG-20-RMKSSG20 Rack Mount KitSSG-5-SB-BTW-xxSSG5 with 128 MB Memory, ISDN BRI S/T backupinterface, 802.11a/b/g WirelessSSG-ANTSSG Series Wireless Replacement AntennaSSG-ANT-DIRSSG5 and SSG20 Dual Band Directional AntennaSSG-5-SB-MW-xxSSG5 with 128 MB Memory, v.92 backup interface,802.11a/b/g WirelessSSG-ANT-OMNISSG5 and SSG20 Dual Band Omni-DirectionalAntennaSSG-5-SHSSG5 with 256 MB Memory, RS232 Serial backupinterfaceSSG-CBL-ANT-10M10 meters (30 feet) Low Loss Cable for SSG-ANTXXXSSG-5-SH-BTSSG5 with 256 MB Memory, ISDN BRI S/T backupinterfaceSSG-5-SH-MSSG5 with 256 MB Memory, v.92 backup interfaceSSG-5-SH-W-xxSSG5 with 256 MB Memory, RS232 Serial backupinterface, 802.11a/b/g WirelessSSG-5-SH-BTW-xxSSG5 with 256 MB Memory, ISDN BRI S/T backupinterface, 802.11a/b/g WirelessSSG-5-SH-MW-xxSSG5 with 256 MB Memory, v.92 backup interface,802.11a/b/g WirelessSSG20SSG-20-SBSSG20 with 128 MB Memory, 2-port Mini-PIM slotsSSG-20-SB-W-xxSSG20 with 128 MB Memory, 2-port Mini-PIM slots,802.11a/b/g WirelessSSG-20-SHSSG20 with 256 MB Memory, 2-port Mini-PIM slotsSSG-20-SH-W-xxSSG20 with 256 MB Memory, 2-port Mini-PIM slots,802.11a/b/g WirelessSSG20 I/O OptionsJXM-1SERIAL-S1-port Serial Mini Physical Interface Module*JXM-1SFP-S1-port SFP Mini Physical Interface Module**JXM-1T1-S1-port T1 Mini Physical Interface ModuleJXM-1E1-S1-port E1 Mini Physical Interface ModuleJXM-1ADSL2-A-S1-port ADSL2 Annex A Mini Physical InterfaceModuleJXM-1ADSL2-B-S1-port ADSL2 Annex B Mini Physical InterfaceModuleJXM-1V92-S1-port v.92 Mini Physical Interface ModuleJXM-1BRI-ST-S1-port ISDN S/T BRI Mini Physical InterfaceModuleJX-SFP-1GE-LXSmall Form Factor Pluggable 1000BASE-LXGigabit Ethernet Optical Transceiver ModuleJX-SFP-1GE-SXSmall Form Factor Pluggable 1000BASE-SXGigabit Ethernet Optical Transceiver ModuleJX-SFP-1GE-TSmall Form Factor Pluggable 1000BASE-T GigabitEthernet Copper Transceiver ModuleJX-SFP-1FE-FXSmall Form Factor Pluggable 100BASE-FX FastEthernet Optical Transceiver Module* The Serial Mini-PIM is only supported in ScreenOS 6.0 or greater releases** The SFP Mini-PIM is only supported in ScreenOS 6.0 or greater releases10Unified Threat Management/ContentSecurity (High Memory Option Required)NS-K-AVS-SSG5NS-K-AVS-SSG20Antivirus (incl. anti-spyware, anti-phishing)NS-DI-SSG5NS-DI-SSG20IPS (Deep Inspection)NS-WF-SSG5NS-WF-SSG20Web O-CS-SSG5NS-RBO-CS-SSG20Remote Office Bundle (Includes AV, DI, WF)NS-SMB2-CS-SSG5NS-SMB2-CS-SSG20Main Office Bundle (Includes AV, DI, WF, AS) Note: The appropriate power cord is included based upon the sales order “Ship To” destination. Note: XX denotes region code for wireless devices. Not all countries are supported. Please seeWireless Country Compliance Matrix for certified countries. Note: For renewal of Content Security Subscriptions, add “-R” to above SKUs. Note: For 2 year Content Security Subscriptions, add “-2” to above SKUs. Note: For 3 year Content Security Subscriptions, add “-3” to above SKUs.About Juniper NetworksJuniper Networks, Inc. is the leader in high-performancenetworking. Juniper offers a high-performance networkinfrastructure that creates a responsive and trusted environmentfor accelerating the deployment of services and applicationsover a single network. This fuels high-performance businesses.Additional information can be found at www.juniper.net.
This page left intentionally blank11
Corporate and Sales HeadquartersAPAC HeadquartersEMEA HeadquartersJuniper Networks, Inc.1194 North Mathilda AvenueSunnyvale, CA 94089 USAPhone: 888.JUNIPER (888.586.4737)or 408.745.2000Fax: 408.745.2100Juniper Networks (Hong Kong)26/F, Cityplaza One1111 King’s RoadTaikoo Shing, Hong KongPhone: 852.2332.3636Fax: 852.2574.7803Juniper Networks IrelandAirside Business ParkSwords, County Dublin, IrelandPhone: 35.31.8903.600Fax: 35.31.8903.601To purchase Juniper Networks solutions, pleasecontact your Juniper Networks representativeat 1-866-298-6428 or authorized reseller.1000176-004-EN Sept 200912Copyright 2009 Juniper Networks, Inc. All rightsreserved. Juniper Networks, the Juniper Networkslogo, JUNOS, NetScreen, and ScreenOS areregistered trademarks of Juniper Networks, Inc.in the United States and other countries. JUNOSeis a trademark of Juniper Networks, Inc. All othertrademarks, service marks, registered marks, orregistered service marks are the property of theirrespective owners. Juniper Networks assumesno responsibility for any inaccuracies in thisdocument. Juniper Networks reserves the right tochange, modify, transfer, or otherwise revise thispublication without notice.Printed on recycled paper.
Blocks unwanted email from known spammers and phishers. Integrated Web filtering Annually licensed Web filtering solution is based on Websense SurfControl technology. Controls/blocks access to malicious Web sites. Integrated IPS (Deep Inspection) Annually licensed IPS engine. Prevents application-level attacks from flooding the network.
