Transcription
DATASHEETSSG5 AND SSG20SECURE SERVICESGATEWAYSProduct OverviewThe Juniper Networks SSG5 andSSG20 Secure Services Gatewaysare purpose-built security appliancesthat deliver a perfect blend ofperformance, security, routing andLAN/WAN connectivity for smallbranch offices, fixed telecommutersand small standalone businessdeployments. Traffic flowing in andout of the branch office or businessis protected from worms, spyware,trojans, and malware by a completeset of Unified Threat Managementsecurity features that includestateful firewall, IPsec VPN, intrusionprevention system (IPS), antivirus(includes antispyware, anti-adware,antiphishing), antispam and Webfiltering.Product DescriptionThe Juniper Networks SSG5 and SSG20 Secure Services Gateways are high-performancesecurity platforms for small branch office and standalone businesses that want tostop internal and external attacks, prevent unauthorized access and achieve regulatorycompliance. Both the SSG5 and SSG20 deliver 160 Mbps of stateful firewall traffic and40 Mbps of IPsec VPN traffic.Security: Protection against worms, viruses, trojans, spam, and emerging malwareis delivered by proven unified threat management (UTM) security features that arebacked by best-in-class partners. To address internal security requirements andfacilitate regulatory compliance, the SSG5 and SSG20 both support an advanced set ofnetwork protection features such as security zones, virtual routers and VLANs that allowadministrators to divide the network into distinct secure domains, each with its ownunique security policy. Policies protecting each security zone can include access controlrules and inspection by any of the supported UTM security features.Regional OfficeHeadquartersZone AM7iInternetSSG20Zone CNetScreen-5400Zone BThe SSG20 deployed at a branch office for secure Internet connectivity and site-to-site VPNto corporate headquarters. Internal wired and wireless resources are protected with uniquesecurity policies applied to each security zone.1
Connectivity and Routing: The SSG5 has seven on-board 10/100interfaces with optional fixed WAN ports. The SSG20 has five10/100 interfaces with two I/O expansion slots for additional WANconnectivity. The broad array of I/O options coupled with WANprotocol and encapsulation support in the routing engine make boththe SSG5 and the SSG20 a solution that can easily be deployed asa traditional branch office router or as a consolidated security androuting device to reduce CapEx and OpEx. Both the SSG5 and SSG20support 802.11 a/b/g as a factory configured option supported by awide array of wireless specific security features.Access Control Enforcement: The SSG5 and SSG20 can actas enforcement points in a Juniper Networks Unified AccessControl deployment with the simple addition of the IC SeriesAccess Control Appliance. The IC Series functions as a centralpolicy management engine, interacting with the SSG5 or SSG20to augment or replace the firewall-based access control witha solution that grants/denies access based on more granularcriteria that include endpoint state and user identity in order toaccommodate the dramatic shifts in attack landscape and usercharacteristics.World Class Support: From simple lab testing to major networkimplementations, Juniper Networks Professional Services willcollaborate with your team to identify goals.Features and BenefitsFeatureFeature DescriptionBenefitHigh performancePurpose-built platform is assembled from custombuilt hardware, powerful processing and a securityspecific operating system.Delivers performance headroom required to protectagainst internal and external attacks now and into thefuture.Best-in-class UTM security featuresUTM security features (antivirus, antispam, Webfiltering, IPS) stop all manner of viruses and malwarebefore they damage the network.Ensures that the network is protected against allmanner of attacks.Integrated antivirusAnnually licensed antivirus engine is based onKaspersky Lab engine.Stops viruses, spyware, adware and other malware.Integrated antispamAnnually licensed anti-spam offering is based onSophos technology.Blocks unwanted email from known spammers andphishers.Integrated Web filteringAnnually licensed Web filtering solution is based onWebsense SurfControl technology.Controls/blocks access to malicious websites.Integrated IPS (Deep Inspection)Annually licensed IPS engine.Prevents application-level attacks from flooding thenetwork.Fixed InterfacesSeven fixed 10/100 interfaces on the SSG5, and fivefixed 10/100 interfaces on the SSG20. The SSG5 isfactory configured with either RS232 Serial/AUX orISDN BRI S/T or V.92 fixed WAN backup. Both modelsinclude one console port and one auxiliary port.Provides high-speed LAN connectivity, redundant WANconnectivity and flexible management.Network segmentationSecurity zones, virtual LANs and virtual routers allowadministrators to deploy security policies to isolateguests, wireless networks and regional servers ordatabases.Facilitates deployment of internal security to preventunauthorized access, contain attacks and assist inachieving regulatory compliance.Interface modularityTwo interface expansion slots (SSG20 only)supporting optional ADSL 2 , T1, E1, ISDN BRI S/T,Serial, SFP and v.92 Mini physical interface modules(Mini-PIMs).*Delivers combination of LAN and WAN connectivity ontop of unmatched security to reduce costs and extendinvestment protection.Robust routing engineProven routing engine supports OSPF, BGP, andRIP v1/2.Enables the deployment of a consolidated securityand routing device, thereby lowering operational andcapital expenditures.802.11 a/b/g wireless-specificsecurity featuresWireless-specific privacy and authentication featuresaugment the UTM security capabilities to protectwireless traffic.Provides additional device consolidation opportunities(WLAN access point, security, routing) for small officeenvironment.*Serial and SFP Mini-PIMs only supported in Juniper Networks ScreenOS Software 6.0 or higher releases.2
Features and Benefits (continued)FeatureFeature DescriptionBenefitJuniper Networks Unified AccessControl enforcement pointInteracts with the centralized policy managementengine (IC Series) to enforce session-specific accesscontrol policies using criteria such as user identity,device security state and network location.Improves security posture in a cost-effective mannerby leveraging existing customer network infrastructurecomponents and best-in-class technology.Management flexibilityUse any one of three mechanisms, command lineinterface (CLI), WebUI or Juniper Networks Networkand Security Manager (NSM) to securely deploy,monitor and manage security policies.Enables management access from any location,eliminating onsite visits thereby improving responsetime and reducing operational costs.World-class professional servicesFrom simple lab testing to major networkimplementations, Juniper Networks ProfessionalServices will collaborate with your team to identify goals,define the deployment process, create or validate thenetwork design and manage the deployment.Transforms the network infrastructure to ensure that itis secure, flexible, scalable and reliable.OptionOption DescriptionApplicable ProductsDRAMThe SSG5 and SSG20 are available with either128 MB or 256 MB of DRAM.SSG5 and SSG20Unified Threat Management/Content Security (high memoryoption required)The SSG5 and SSG20 can be configured with anycombination of the following best-in-class UTM andcontent security functionality: antivirus (includes antispyware, antiphishing), IPS (Deep Inspection), Webfiltering and/or antispam.High memory SSG5 or SSG20 onlyI/O optionsTwo interface expansion slots supporting optionalADSL 2 , T1, E1, ISDN BRI S/T, Serial, SFP and v.92 Miniphysical interface modules (Mini-PIMs).SSG20 only802.11 a/b/g connectivityThe SSG5 and SSG20 can be factory configured for802.11 a/b/g wireless LAN connectivity.SSG5 and SSG20Extended licenseKey capacities can be increased (sessions, VPNtunnels, VLANs) and stateful high availability (HA)support for firewall and VPN can be added.SSG5 and SSG20Product OptionsSSG5SSG20SSG5 WirelessSSG20 Wireless3
Specifications(1)SSG5 Base/ExtendedMaximum Performance and CapacityScreenOS version testedSSG20 Base/Extended(2)ScreenOS 6.3ScreenOS 6.3Firewall performance (Large packets)160 Mbps160 MbpsFirewall performance (IMIX)(3)90 Mbps90 MbpsFirewall packets per second (64 byte)30,000 PPS30,000 PPSAdvanced Encryption Standard (AES) 256 SHA-1 VPNperformance40 Mbps40 Mbps3DES encryption SHA-1 VPN performance40 Mbps40 MbpsMaximum concurrent sessions8,000/16,0008,000/16,000New sessions/second2,8002,800Maximum security policies200200Maximum users supportedUnrestrictedUnrestrictedFixed I/O7x10/1005x10/100Mini-Physical Interface Module (Mini-PIM) slots02WAN interface optionsFactory configured: RS232 Serial AUX or ISDNBRI S/T or V.92Mini-PIMs: 1xADSL 2 , 1xT1, 1xE1, V.92, ISDNBRI S/T, 1xSFP, 1xSerialNetwork attack detectionYesYesDoS and DDoS protectionYesYesTCP reassembly for fragmented packet protectionYesYesBrute force attack mitigationYesYesSYN cookie protectionYesYesZone-based IP spoofingYesYesMalformed packet protectionYesYesIPS (Deep Inspection firewall)YesYesProtocol anomaly detectionYesYesStateful protocol signaturesYesYesIPS/DI attack pattern obfuscationYesYesNetwork ConnectivityFirewallUnified Threat Management(4)AntivirusYesYesInstant message AVYesYesSignature database200,000 200,000 Protocols scannedPOP3, HTTP, SMTP, IMAP, FTP, IMPOP3, HTTP, SMTP, IMAP, FTP, YesYesAnti-spamYesYesIntegrated URL filteringYesYesExternal URL filteringYesYesH.323. Application-level gateway (ALG)YesYesSIP ALGYesYesMGCP ALGYesYesSCCP ALGYesYesNetwork Address Translation (NAT) for VoIP protocolsYesYes(5)VoIP Security4
Specifications (continued)SSG5 Base/ExtendedSSG20 Base/ExtendedAuto-Connect VPNYesYesConcurrent VPN tunnels25/4025/40Tunnel interfaces1010DES encryption (56-bit), 3DES encryption (168-bit) andAdvanced Encryption Standard (AES) (256-bit)YesYesMD-5 and SHA-1 authenticationYesYesManual key, Internet Key Exchange (IKE), IKEv2 withEAP public key infrastructure (PKI) (X.509)YesYesPerfect forward secrecy (DH Groups)1,2,51,2,5Prevent replay attackYesYesRemote access VPNYesYesLayer2 Tunneling Protocol (L2TP) within IPsecYesYesIPsec Network Address Translation (NAT) traversalYesYesRedundant VPN gatewaysYesYesIPsec VPNUser Authentication and Access ControlBuilt-in (internal) database - user limit100100Third-party user authenticationRADIUS, RSA SecureID, LDAPRADIUS, RSA SecureID, LDAPRADIUS AccountingYesYesXAUTH VPN authenticationYesYesWeb-based authenticationYesYes802.1X authenticationYesYesUnified Access Control (UAC) enforcement pointYesYesPKI Certificate requests (PKCS 7 and PKCS 10)YesYesAutomated certificate enrollment (SCEP)YesYesOnline Certificate Status Protocol (OCSP)YesYesCertificate Authorities supportedVeriSign, Entrust, Microsoft, RSA Keon, iPlanet(Netscape) Baltimore, DoD PKIVeriSign, Entrust, Microsoft, RSA Keon, iPlanet(Netscape) Baltimore, DoD PKISelf-signed certificatesYesYesMaximum number of security zones88Maximum number of virtual routers3/43/4Maximum number of VLANs10/5010/50BGP instances3/43/4BGP peers10/1610/16BGP routes1,0241,024OSPF instances33OSPF routes1,0241,024RIP v1/v2 instances1616RIP v2 routes1,0241,024Static routes1,0241,024Source-based routingYesYesPolicy-based routingYesYesEqual-cost multipath (ECMP)YesYesPKI SupportVirtualizationRouting5
Specifications (continued)SSG5 Base/ExtendedSSG20 Base/ExtendedRouting (continued)MulticastYesYesReverse Path Forwarding (RPF)YesYesInternet Group Management Protocol (IGMP) (v1, v2)YesYesIGMP ProxyYesYesPIM single modeYesYesPIM source-specific multicastYesYesMulticast inside IPsec tunnelYesYesICMP Router Discovery Protocol (IRDP)YesYesPoint-to-Point Protocol (PPP)YesYesMultilink Point-to-Point Protocol (MLPPP)N/AYesFrame RelayYesYesMultilink Frame Relay (MLFR) (FRF 15, FRF 16)YesYesHDLCYesYesDual stack IPv4/IPv6 firewall and VPNYesYesIPv4 to/from IPv6 translations and encapsulationsYesYesSyn-Cookie and Syn-Proxy DoS Attack DetectionYesYesSIP, RTSP, Sun-RPC, and MS-RPC ALG’sYesYesRIPngYesYesBGPYesYesTransparent modeYesYesNSRPYesYesDHCPv6 RelayYesYesLayer 2 (transparent) mode(6)YesYesLayer 3 (route and/or NAT) modeYesYesNetwork Address Translation (NAT)YesYesPort Address Translation (PAT)YesYesPolicy-based NAT/PAT (L2 and L3 mode)YesYesMapped IP (MIP) (L3 mode)300300Virtual IP (VIP) (L3 mode)4/54/5MIP/VIP Grouping (L3 mode)YesYesDual untrustYesYesBridge groups*YesYesStaticYesYesDHCP, PPPoE clientYesYesInternal DHCP serverYesYesDHCP relayYesYesEncapsulationsIPv6Mode of OperationAddress TranslationIP Address AssignmentTraffic Management Quality of Service (QoS)Guaranteed bandwidthYes - per policyYes - per policyMaximum bandwidthYes - per policyYes - per policyIngress traffic policingYesYesPriority-bandwidth utilizationYesYesDifferentiated Services stampingYes - per policyYes - per policy*Bridge groups supported only on uPIMs in ScreenOS 6.0 and higher releases.6
Specifications (continued)SSG5 Base/ExtendedSSG20 Base/ExtendedActive/Active - L3 modeYesYesActive/Passive -Transparent & L3 modeYesYesConfiguration synchronizationYesYesSession synchronization for firewall and VPNYesYesSession failover for routing changeYesYesVRRPYesYesDevice failure detectionYesYesLink failure detectionYesYesAuthentication for new HA membersYesYesEncryption of HA trafficYesYesWebUI (HTTP and HTTPS)YesYesCommand line interface (console)YesYesCommand line interface (telnet)YesYesCommand line interface (SSH)Yes v1.5 and v2.0 compatibleYes v1.5 and v2.0 compatibleNetwork and Security Manager (NSM)YesYesAll management via VPN tunnel on any interfaceYesYesRapid deploymentYesYesLocal administrator database size2020External administrator database supportRADIUS, RSA SecurID, LDAPRADIUS, RSA SecureID, LDAPRestricted administrative networks66Root Admin, Admin and Read Only user levelsYesYesSoftware upgradesTFTP, WebUI, NSM, SCP, USBTFTP, WebUI, NSM, SCP, USBConfiguration rollbackYesYesSyslog (multiple servers)Yes - up to 4 serversYes - up to 4 serversEmail (two addresses)YesYesNetIQ WebTrendsYesYesSNMP (v3)YesYesSNMP full custom MIBYesYesTracerouteYesYesVPN tunnel monitorYesYesAdditional log storageUSB 1.1USB 1.1Event logs and alarmsYesYesSystem configuration scriptYesYesScreenOS SoftwareYesYesHigh Availability (HA)(7)System ManagementAdministrationLogging/MonitoringExternal Flash7
Specifications (continued)SSG5 Base/ExtendedSSG20 Base/ExtendedDimensions and PowerDimensions (W x H x D)8.8 x 1.6 x 5.6 in (22.2 x 4.1 x 14.3 cm)11.6 x 1.8 x 7.4 in (29.5 x 4.5 x 18.7 cm)Weight2.1 lb (0.95 kg)3.3 lb (1.5 kg)Rack mountableYesYesPower supply (AC)100-240 VAC100-240 VACMaximum thermal output122.8 BTU/Hour122.8 BTU/HourSafety certificationsCSA, CBCSA, CBEMC certificationsFCC class B, CE class B, A-Tick, VCCI class BFCC class B, CE class B, A-Tick, VCCI class BNon-wireless40.5 years35.8 yearsWireless22.8 years28.9 yearsCommon Criteria: EAL4YesYesFIPS 140-2: Level 2YesYesICSA Firewall and VPNYesYesOperating temperature32 to 104 F (0 to 40 C)32 to 104 F (0 to 40 C)Non-operating temperature-4 to 149 F (-20 to 65 C)-4 to 149 F (-20 to 65 C)Humidity10% to 90% noncondensing10% to 90% noncondensingCertificationsMean Time Between Failures (MTBF)Security CertificationsOperating EnvironmentWireless Radio Specifications (Wireless Models Only)Transmit powerUp to 200 mWUp to 200 mWWireless standards supportedDual Radio 802.11a 802.11b/gDual Radio 802.11a 802.11b/gSite surveyYesYesMaximum configured SSIDs1616Maximum active SSIDs44Atheros SuperGYesYesAtheros eXtended Range (XR)YesYesWi-Fi Certified YesYesWireless Security (Wireless Models Only)Wireless privacyWPA, WPA2 (AES or TKIP), IPsec VPN, WEPWPA, WPA2 (AES or TKIP), IPsec VPN, WEPWireless authenticationPSK, EAP-PEAP, EAP-TLS, EAP-TTLS over802.1xPSK, EAP-PEAP, EAP-TLS, EAP-TTLS over802.1xMAC access controlsPermit or DenyPermit or DenyClient isolationYesYesAntenna Option (Wireless Models Only)Diversity antennaIncludedIncludedDirectional antennaOptionalOptionalOmni-directional antennaOptionalOptional(1) Some features and functionality only supported in releases higher than ScreenOS 5.4.(2) Performance, capacity and features listed are based upon systems running ScreenOS 6.3 and are the measured maximums under ideal testing conditions unless otherwise noted. Actual resultsmay vary based on ScreenOS release and deployment. For a complete list of supported ScreenOS versions for SSG Series gateways, please visit the Juniper Customer Support Center(www.juniper.net/customers/support/) and click on ScreenOS Software Downloads.(3) IMIX stands for Internet mix and is more demanding than a single packet size as it represents a traffic mix that is more typical of a customer’s network. The IMIX traffic used is made up of 58.33%64 byte packets 33.33% 570 byte packets 8.33% 1518 byte packets of UDP traffic.(4) UTM Security features (IPS/Deep Inspection, antivirus, antispam and Web filtering) are delivered by annual subscriptions purchased separately from Juniper Networks. Annual subscriptionsprovide signature updates and associated support. The high memory option is required for UTM Security features.(5) Redirect Web filtering sends traffic from the firewall to a secondary server. The redirect feature is free, however it does require the purchase of a separate Web filtering license from either Websenseor SurfControl.(6) NAT, PAT, policy-based NAT, virtual IP, mapped IP, virtual systems, virtual routers, VLANs, OSPF, BGP, RIPv2, active/active HA and IP address assignment are not available in layer 2 transparent mode.(7) Active/passive and active/active HA requires the purchase of an Extended License. In addition to the HA features, an Extended License key increases a subset of the capacities as outlined below.Active/active HA is only supported in ScreenOS 6.0 or higher releases.8
IPS (Deep Inspection firewall) Signature PacksSignature packs provide the ability to tailor the attack protection to the specific deployment and/or attack type. The following signaturepacks are available for the SSG5 and SSG20:Signature PackTarget DeploymentDefense TypeType of Attack ObjectBaseBranch offices, small/mediumbusinessesClient/server and worm protectionRange of signatures and protocolanomaliesClientRemote/branch officesPerimeter defense, compliance forhosts (desktops, etc.)Attacks in the server-to-client directionServerSmall/medium businessesPerimeter defense, compliance forserver infrastructureAttacks in the client-to-server directionWorm mitigationRemote/branch offices of largeenterprisesMost comprehensive defense againstworm attacksWorms, trojans, backdoor attacksFirewall Extended LicensesExtended License FeatureSSG20 and SSG5SessionsIncreases max from 8,000 to 16,000VPN tunnelsIncreases max from 25 to 40VLANsIncreases max from 10 to 50VoIP callsIncreases max from 64 to 96High availabilityAdds support for stateful active/active or active/passive with ScreenOS 6.0 and higherJuniper Networks Services and SupportJuniper Networks is the leader in performance-enabling services that are designed to accelerate, extend, and optimize your highperformance network. Our services allow you to maximize operational efficiency while reducing costs and minimizing risk, achieving afaster time to value for your network. Juniper Networks ensures operational excellence by optimizing the network to maintain requiredlevels of performance, reliability, and availability. For more details, please visit www.juniper.net/us/en/products-services.9
Ordering InformationModel NumberDescriptionDescriptionSSG5 / SSG20 Accessories and UpgradesSSG5SSG-5-SBModel NumberSSG5 with 128 MB memory, RS232 Serial backupinterfaceSSG-5-SB-BTSSG5 with 128 MB memory, ISDN BRI S/Tbackup interfaceSSG-5-SB-MSSG5 with 128 MB memory, v.92 backup interfaceSSG-5-SB-W-xxSSG5 with 128 MB memory, RS232 Serial backupinterface, 802.11a/b/g wirelessSSG-5-SB-BTW-xxSSG5 with 128 MB memory, ISDN BRI S/Tbackup interface, 802.11a/b/g wirelessSSG-5-SB-MW-xxSSG5 with 128 MB memory, v.92 backupinterface, 802.11a/b/g wirelessSSG-5-SHSSG5 with 256 MB memory, RS232 Serial backupinterfaceSSG-5-SH-BTSSG5 with 256 MB memory, ISDN BRI S/Tbackup interfaceSSG-5-SH-MSSG5 with 256 MB memory, v.92 backupinterfaceSSG-5-SH-W-xxSSG5 with 256 MB memory, RS232 Serial backupinterface, 802.11a/b/g wirelessSSG-5-SH-BTW-xxSSG5 with 256 MB memory, ISDN BRI S/Tbackup interface, 802.11a/b/g wirelessSSG-5-SH-MW-xxSSG5 with 256 MB memory, v.92 backupinterface, 802.11a/b/g wirelessSSG20SSG-5-ELUExtended license upgrade key for SSG5SSG-20-ELUExtended license upgrade key for SSG20SSG-5-20-MEM-256SSG5 and SSG20 256 MB memory upgrademoduleSSG-5-RMKSSG5 rack mount kit - holds 2 unitsSSG-20-RMKSSG20 rack mount kitSSG-ANTSSG Series wireless replacement antennaSSG-ANT-DIRSSG5 and SSG20 dual band directional antennaSSG-ANT-OMNISSG5 and SSG20 dual band omni-directionalantennaSSG-CBL-ANT-10M10 meters (30 feet) low loss cable for SSG-ANTXXXUnified Threat Management/ContentSecurity (High Memory Option Required)NS-K-AVS-SSG5NS-K-AVS-SSG20Antivirus (incl. antispyware, antiphishing)NS-DI-SSG5NS-DI-SSG20IPS (Deep Inspection)NS-WF-SSG5NS-WF-SSG20Web 0-SBSSG20 with 128 MB memory, 2-port Mini-PIMslotsNS-RBO-CS-SSG5NS-RBO-CS-SSG20Remote Office Bundle (Includes AV, DI, WF)SSG-20-SB-W-xxSSG20 with 128 MB memory, 2-port Mini-PIMslots, 802.11a/b/g wirelessMain Office Bundle (Includes AV, DI, WF, AS)SSG-20-SHSSG20 with 256 MB memory, 2-port SH-W-xxSSG20 with 256 MB memory, 2-port Mini-PIMslots, 802.11a/b/g wirelessSSG20 I/O OptionsJXM-1SERIAL-S1-port Serial Mini Physical Interface Module*JXM-1SFP-S1-port SFP Mini Physical Interface Module**JXM-1T1-S1-port T1 Mini Physical Interface ModuleJXM-1E1-S1-port E1 Mini Physical Interface ModuleJXM-1ADSL2-A-S1-port ADSL2 Annex A Mini Physical InterfaceModuleJXM-1ADSL2-B-S1-port ADSL2 Annex B Mini Physical InterfaceModuleJXM-1V92-S1-port v.92 Mini Physical Interface ModuleJXM-1BRI-ST-S1-port ISDN S/T BRI Mini Physical InterfaceModuleJX-SFP-1GE-LXSmall Form Factor Pluggable 1000BASE-LXGigabit Ethernet Optical Transceiver ModuleJX-SFP-1GE-SXSmall Form Factor Pluggable 1000BASE-SXGigabit Ethernet Optical Transceiver ModuleJX-SFP-1GE-TSmall Form Factor Pluggable 1000BASE-TGigabit Ethernet Copper Transceiver ModuleJX-SFP-1FE-FXSmall Form Factor Pluggable 100BASE-FX FastEthernet Optical Transceiver Module* The Serial Mini-PIM is only supported in ScreenOS 6.0 or higher releases.** The SFP Mini-PIM is only supported in ScreenOS 6.0 or higher releases.10About Juniper NetworksJuniper Networks is in the business of network innovation. Fromdevices to data centers, from consumers to cloud providers,Juniper Networks delivers the software, silicon and systems thattransform the experience and economics of networking. Thecompany serves customers and partners worldwide. Additionalinformation can be found at www.juniper.net.
Notes11
Corporate and Sales HeadquartersAPAC HeadquartersEMEA HeadquartersJuniper Networks, Inc.Juniper Networks (Hong Kong)Juniper Networks Ireland1194 North Mathilda Avenue26/F, Cityplaza OneAirside Business ParkSunnyvale, CA 94089 USA1111 King’s RoadSwords, County Dublin, IrelandPhone: 888.JUNIPER (888.586.4737)Taikoo Shing, Hong KongPhone: 35.31.8903.600or 408.745.2000Phone: 852.2332.3636EMEA Sales: 00800.4586.4737Fax: 408.745.2100Fax: 852.2574.7803Fax: 35.31.8903.601www.juniper.netCopyright 2011 Juniper Networks, Inc. All rights reserved. Juniper Networks, the Juniper Networks logo, Junos,NetScreen, and ScreenOS are registered trademarks of Juniper Networks, Inc. in the United States and othercountries. All other trademarks, service marks, registered marks, or registered service marks are the property oftheir respective owners. Juniper Networks assumes no responsibility for any inaccuracies in this document. JuniperNetworks reserves the right to change, modify, transfer, or otherwise revise this publication without notice.1000176-006-EN Nov 201112Printed on recycled paperTo purchase Juniper Networks solutions,please contact your Juniper Networksrepresentative at 1-866-298-6428 orauthorized reseller.
SSG5 and SSG20 Unified Threat Management/ Content Security (high memory option required) The SSG5 and SSG20 can be configured with any combination of the following best-in-class UTM and content security functionality: antivirus (includes anti- spyware, antiphishing), IPS (Deep Inspection), Web filtering and/or antispam.
