Transcription
DATASHEETSSG5 AND SSG20SECURE SERVICESGATEWAYSProduct OverviewThe Juniper Networks SSG5 and SSG20Secure Services Gateways are purposebuilt security appliances that deliver aperfect blend of performance, security,Product DescriptionThe Juniper Networks SSG5 and SSG20 Secure Services Gateways are high-performancesecurity platforms for small branch office and standalone businesses that want tostop internal and external attacks, prevent unauthorized access and achieve regulatorycompliance. Both the SSG5 and SSG20 deliver 160 Mbps of stateful firewall traffic and40 Mbps of IPsec VPN traffic.routing and LAN/WAN connectivitySecurity: Protection against worms, viruses, trojans, spam, and emerging malwarefor small branch offices, fixedis delivered by proven unified threat management (UTM) security features that aretelecommuters and small standalonebacked by best-in-class partners. To address internal security requirements andbusiness deployments. Traffic flowing infacilitate regulatory compliance, the SSG5 and SSG20 both support an advanced set ofand out of the branch office or businessnetwork protection features such as security zones, virtual routers and VLANs that allowis protected from worms, spyware,administrators to divide the network into distinct secure domains, each with its owntrojans, and malware by a complete setunique security policy. Policies protecting each security zone can include access controlof Unified Threat Management securityrules and inspection by any of the supported UTM security features.features that include stateful firewall,IPsec VPN, intrusion prevention systemRegional OfficeHeadquarters(IPS), antivirus (includes antispyware,anti-adware, antiphishing), antispamand Web filtering.Zone AM7iInternetSSG20Zone CNetScreen-5400Zone BThe SSG20 deployed at a branch office for secure Internet connectivity and site-to-site VPNto corporate headquarters. Internal wired and wireless resources are protected with uniquesecurity policies applied to each security zone.1
Connectivity and Routing: The SSG5 has seven on-board 10/100Access Control Enforcement: The SSG5 and SSG20 can actinterfaces with optional fixed WAN ports. The SSG20 has fiveas enforcement points in a Juniper Networks Unified Access10/100 interfaces with two I/O expansion slots for additional WANControl deployment with the simple addition of the IC Series UACconnectivity. The broad array of I/O options coupled with WANappliance. The IC Series functions as a central policy managementprotocol and encapsulation support in the routing engine make bothengine, interacting with the SSG5 or SSG20 to augment orthe SSG5 and the SSG20 a solution that can easily be deployed asreplace the firewall-based access control with a solution thata traditional branch office router or as a consolidated security andgrants/denies access based on more granular criteria that includerouting device to reduce CapEx and OpEx. Both the SSG5 and SSG20endpoint state and user identity in order to accommodate thesupport 802.11 a/b/g as a factory configured option supported by adramatic shifts in attack landscape and user characteristics.wide array of wireless specific security features.World Class Support: From simple lab testing to major networkimplementations, Juniper Networks Professional Services willcollaborate with your team to identify goals.Features and BenefitsFEATUREFEATURE DESCRIPTIONBENEFITHigh performancePurpose-built platform is assembled from custombuilt hardware, powerful processing and a securityspecific operating system.Delivers performance headroom required to protectagainst internal and external attacks now and into thefuture.Best-in-class UTM security featuresUTM security features (antivirus, antispam, Webfiltering, IPS) stop all manner of viruses and malwarebefore they damage the network.Ensures that the network is protected against allmanner of attacks.Integrated antivirusAnnually licensed antivirus engine is based onKaspersky Lab engine.Stops viruses, spyware, adware and other malware.Integrated antispamAnnually licensed anti-spam offering is based onSophos technology.Blocks unwanted email from known spammers andphishers.Integrated Web filteringAnnually licensed Web filtering solution is based onWebsense SurfControl technology.Controls/blocks access to malicious Web sites.Integrated IPS (Deep Inspection)Annually licensed IPS engine.Prevents application-level attacks from flooding thenetwork.Fixed InterfacesSeven fixed 10/100 interfaces on the SSG5, and fivefixed 10/100 interfaces on the SSG20. The SSG5 isfactory configured with either RS232 Serial/AUX orISDN BRI S/T or V.92 fixed WAN backup. Both modelsinclude one console port and one auxiliary port.Provides high-speed LAN connectivity, redundant WANconnectivity and flexible management.Network segmentationSecurity zones, virtual LANs and virtual routers allowadministrators to deploy security policies to isolateguests, wireless networks and regional servers ordatabases.Facilitates deployment of internal security to preventunauthorized access, contain attacks and assist inachieving regulatory compliance.Interface modularityTwo interface expansion slots (SSG20 only)supporting optional ADSL 2 , T1, E1, ISDN BRI S/T,Serial, SFP and v.92 Mini physical interface modules(Mini-PIMs).*Delivers combination of LAN and WAN connectivity ontop of unmatched security to reduce costs and extendinvestment protection.Robust routing engineProven routing engine supports OSPF, BGP, andRIP v1/2.Enables the deployment of a consolidated securityand routing device, thereby lowering operational andcapital expenditures.802.11 a/b/g wireless-specificsecurity featuresWireless-specific privacy and authentication featuresaugment the UTM security capabilities to protectwireless traffic.Provides additional device consolidation opportunities(WLAN access point, security, routing) for small officeenvironment.*Serial and SFP Mini-PIMs only supported in ScreenOS 6.0 or greater releases2
Features and Benefits (continued)FEATUREFEATURE DESCRIPTIONBENEFITJuniper Networks Unified AccessControl enforcement pointInteracts with the centralized policy managementengine (IC Series) to enforce session-specific accesscontrol policies using criteria such as user identity,device security state and network location.Improves security posture in a cost-effective mannerby leveraging existing customer network infrastructurecomponents and best-in-class technology.Management flexibilityUse any one of three mechanisms, command lineinterface (CLI), WebUI or Juniper Networks Networkand Security Manager (NSM) to securely deploy,monitor and manage security policies.Enables management access from any location,eliminating onsite visits thereby improving responsetime and reducing operational costs.World-class professional servicesFrom simple lab testing to major networkimplementations, Juniper Networks ProfessionalServices will collaborate with your team to identify goals,define the deployment process, create or validate thenetwork design and manage the deployment.Transforms the network infrastructure to ensure that itis secure, flexible, scalable and reliable.OPTIONOPTION DESCRIPTIONAPPLICABLE PRODUCTSDRAMThe SSG5 and SSG20 are available with either128 MB or 256 MB of DRAM.SSG5 and SSG20Unified Threat Management/ContentSecurity (high memory option required)The SSG5 and SSG20 can be configured with anycombination of the following best-in-class UTM andcontent security functionality: antivirus (includes antispyware, antiphishing), IPS (Deep Inspection), Webfiltering and/or antispam.High memory SSG5 or SSG20 onlyI/O optionsTwo interface expansion slots supporting optionalADSL 2 , T1, E1, ISDN BRI S/T, Serial, SFP and v.92 Miniphysical interface modules (Mini-PIMs).SSG20 only802.11 a/b/g connectivityThe SSG5 and SSG20 can be factory configured for802.11 a/b/g wireless LAN connectivity.SSG5 and SSG20Extended licenseKey capacities can be increased (sessions, VPNtunnels, VLANs) and stateful high availability (HA)support for firewall and VPN can be added.SSG5 and SSG20Product OptionsSSG5SSG20SSG5 WIRELESSSSG20 WIRELESS3
Specifications(1)SSG5 BASE/EXTENDEDSSG20 BASE/EXTENDEDScreenOS version testedScreenOS 6.2ScreenOS 6.2Firewall performance (Large packets)160 Mbps160 MbpsFirewall performance (IMIX)(3)90 Mbps90 MbpsFirewall packets per second (64 byte)30,000 PPS30,000 PPSAdvanced Encryption Standard (AES) 256 SHA-1 VPNperformance40 Mbps40 Mbps3DES encryption SHA-1 VPN performance40 Mbps40 MbpsMaximum concurrent sessions8,000/16,0008,000/16,000New sessions/second2,8002,800Maximum security policies200200Maximum users supportedUnrestrictedUnrestrictedFixed I/O7x10/1005x10/100Mini-Physical Interface Module (Mini-PIM) slots02WAN interface optionsFactory configured: RS232 Serial AUX or ISDN BRIS/T or V.92Mini-PIMs: 1xADSL 2 , 1xT1, 1xE1, V.92, ISDN BRIS/T, 1xSFP, 1xSerialNetwork attack detectionYesYesDoS and DDoS protectionYesYesTCP reassembly for fragmented packet protectionYesYesBrute force attack mitigationYesYesSYN cookie protectionYesYesZone-based IP spoofingYesYesMalformed packet protectionYesYesIPS (Deep Inspection firewall)YesYesProtocol anomaly detectionYesYesStateful protocol signaturesYesYesIPS/DI attack pattern obfuscationYesYesYesYesInstant message AVYesYesSignature database200,000 200,000 Protocols scannedPOP3, HTTP, SMTP, IMAP, FTP, IMPOP3, HTTP, SMTP, IMAP, FTP, YesYesAnti-spamYesYesIntegrated URL filteringYesYesExternal URL filtering(5)YesYesH.323. Application-level gateway (ALG)YesYesSIP ALGYesYesMGCP ALGYesYesSCCP ALGYesYesNetwork Address Translation (NAT) for VoIP protocolsYesYesMaximum Performance and Capacity(2)Network ConnectivityFirewallUnified Threat Management(4)AntivirusVoIP Security4
Specifications (continued)SSG5 BASE/EXTENDEDSSG20 BASE/EXTENDEDAuto-Connect VPNYesYesConcurrent VPN tunnels25/4025/40Tunnel interfaces1010DES encryption (56-bit), 3DES encryption (168-bit) andAdvanced Encryption Standard (AES) (256-bit)YesYesMD-5 and SHA-1 authenticationYesYesManual key, Internet Key Exchange (IKE), IKEv2 with EAPpublic key infrastructure (PKI) (X.509)YesYesPerfect forward secrecy (DH Groups)1,2,51,2,5Prevent replay attackYesYesRemote access VPNYesYesLayer2 Tunneling Protocol (L2TP) within IPsecYesYesIPsec Network Address Translation (NAT) traversalYesYesRedundant VPN gatewaysYesYesBuilt-in (internal) database - user limit100100Third-party user authenticationRADIUS, RSA SecureID, LDAPRADIUS, RSA SecureID, LDAPRADIUS AccountingYesYesXAUTH VPN authenticationYesYesWeb-based authenticationYesYes802.1X authenticationYesYesUnified Access Control (UAC) enforcement pointYesYesPKI Certificate requests (PKCS 7 and PKCS 10)YesYesAutomated certificate enrollment (SCEP)YesYesOnline Certificate Status Protocol (OCSP)YesYesCertificate Authorities supportedVeriSign, Entrust, Microsoft, RSA Keon, iPlanet(Netscape) Baltimore, DoD PKIVeriSign, Entrust, Microsoft, RSA Keon, iPlanet(Netscape) Baltimore, DoD PKISelf-signed certificatesYesYesMaximum number of security zones88Maximum number of virtual routers3/43/4Maximum number of VLANs10/5010/50BGP instances3/43/4BGP peers10/1610/16BGP routes1,0241,024OSPF instances33OSPF routes1,0241,024RIP v1/v2 instances1616RIP v2 routes1,0241,024Static routes1,0241,024Source-based routingYesYesPolicy-based routingYesYesEqual-cost multipath (ECMP)YesYesIPsec VPNUser Authentication and Access ControlPKI SupportVirtualizationRouting5
Specifications (continued)SSG5 BASE/EXTENDEDSSG20 BASE/EXTENDEDRouting (continued)MulticastYesYesReverse Path Forwarding (RPF)YesYesInternet Group Management Protocol (IGMP) (v1, v2)YesYesIGMP ProxyYesYesPIM single modeYesYesPIM source-specific multicastYesYesMulticast inside IPsec tunnelYesYesICMP Router Discovery Protocol (IRDP)YesYesPoint-to-Point Protocol (PPP)YesYesMultilink Point-to-Point Protocol (MLPPP)N/AYesFrame RelayYesYesMultilink Frame Relay (MLFR) (FRF 15, FRF 16)YesYesHDLCYesYesDual stack IPv4/IPv6 firewall and VPNYesYesIPv4 to/from IPv6 translations and encapsulationsYesYesSyn-Cookie and Syn-Proxy DoS Attack DetectionYesYesSIP, RTSP, Sun-RPC, and MS-RPC ALG’sYesYesRIPngYesYesBGPYesYesTransparent modeYesYesNSRPYesYesDHCPv6 RelayYesYesLayer 2 (transparent) mode(6)YesYesLayer 3 (route and/or NAT) modeYesYesNetwork Address Translation (NAT)YesYesPort Address Translation (PAT)YesYesPolicy-based NAT/PAT (L2 and L3 mode)YesYesMapped IP (MIP) (L3 mode)300300Virtual IP (VIP) (L3 mode)4/54/5MIP/VIP Grouping (L3 mode)YesYesDual untrustYesYesBridge groups*YesYesStaticYesYesDHCP, PPPoE clientYesYesInternal DHCP serverYesYesDHCP relayYesYesGuaranteed bandwidthYes - per policyYes - per policyMaximum bandwidthYes - per policyYes - per policyIngress traffic policingYesYesPriority-bandwidth utilizationYesYesDifferentiated Services stampingYes - per policyYes - per policyEncapsulationsIPv6Mode of OperationAddress TranslationIP Address AssignmentTraffic Management Quality of Service (QoS)*Bridge groups supported only on uPIMs in ScreenOS 6.0 and greater releases6
Specifications (continued)SSG5 BASE/EXTENDEDHigh Availability (HA)SSG20 BASE/EXTENDED(7)Active/Active - L3 modeYesYesActive/Passive -Transparent & L3 modeYesYesConfiguration synchronizationYesYesSession synchronization for firewall and VPNYesYesSession failover for routing changeYesYesVRRPYesYesDevice failure detectionYesYesLink failure detectionYesYesAuthentication for new HA membersYesYesEncryption of HA trafficYesYesWebUI (HTTP and HTTPS)YesYesCommand line interface (console)YesYesCommand line interface (telnet)YesYesCommand line interface (SSH)Yes v1.5 and v2.0 compatibleYes v1.5 and v2.0 compatibleNetwork and Security Manager (NSM)YesYesAll management via VPN tunnel on any interfaceYesYesRapid deploymentYesYesLocal administrator database size2020External administrator database supportRADIUS, RSA SecurID, LDAPRADIUS, RSA SecureID, LDAPRestricted administrative networks66Root Admin, Admin and Read Only user levelsYesYesSoftware upgradesTFTP, WebUI, NSM, SCP, USBTFTP, WebUI, NSM, SCP, USBConfiguration rollbackYesYesSyslog (multiple servers)Yes - up to 4 serversYes - up to 4 serversEmail (two addresses)YesYesNetIQ WebTrendsYesYesSNMP (v2)YesYesSNMP full custom MIBYesYesTracerouteYesYesVPN tunnel monitorYesYesAdditional log storageUSB 1.1USB 1.1Event logs and alarmsYesYesSystem configuration scriptYesYesScreenOS SoftwareYesYesSystem ManagementAdministrationLogging/MonitoringExternal Flash7
SSG5 BASE/EXTENDEDSSG20 BASE/EXTENDEDDimensions (W x H x D)8.8 x 1.6 x 5.6 in (22.2 x 4.1 x 14.3 cm)11.6 x 1.8 x 7.4 in (29.5 x 4.5 x 18.7 cm)Weight2.1 lb (0.95 kg)Rack mountableYesPower supply (AC)100-240 VAC100-240 VACMaximum thermal output122.8 BTU/Hour122.8 BTU/HourSafety certificationsCSA, CBCSA, CBEMC certificationsFCC class B, CE class B, A-Tick, VCCI class BFCC class B, CE class B, A-Tick, VCCI class BNon-wireless40.5 years35.8 yearsWireless22.8 years28.9 yearsCommon Criteria: EAL4YesYesFIPS 140-2: Level 2YesYesICSA Firewall and VPNYesYesOperating temperature32 to 104 F (0 to 40 C)32 to 104 F (0 to 40 C)Non-operating temperature-4 to 149 F (-20 to 65 C)-4 to 149 F (-20 to 65 C)Humidity10% to 90% noncondensing10% to 90% noncondensingDimensions and Power3.3 lb (1.5 kg)YesCertificationsMean Time Between Failures (MTBF)Security CertificationsOperating EnvironmentWireless Radio Specifications (Wireless Models Only)Transmit powerUp to 200 mWUp to 200 mWWireless standards supportedDual Radio 802.11 a 802.11b/gDual Radio 802.11 a 802.11b/gSite surveyYesYesMaximum configured SSIDs1616Maximum active SSIDs44Atheros SuperGYesYesAtheros eXtended Range (XR)YesYesWi-Fi Certified YesYesWireless privacyWPA, WPA2 (AES or TKIP), IPsec VPN, WEPWPA, WPA2 (AES or TKIP), IPsec VPN, WEPWireless authenticationPSK, EAP-PEAP, EAP-TLS, EAP-TTLS over 802.1xPSK, EAP-PEAP, EAP-TLS, EAP-TTLS over 802.1xMAC access controlsPermit or DenyPermit or DenyClient isolationYesYesDiversity antennaIncludedIncludedDirectional antennaOptionalOptionalOmni-directional antennaOptionalOptionalWireless Security (Wireless Models Only)Antenna Option (Wireless Models Only)(1) Some features and functionality only supported in releases greater than ScreenOS 5.4.(2) Performance, capacity and features listed are based upon systems running ScreenOS 6.2 and are the measured maximums under ideal testing conditions unless otherwise noted. Actual resultsmay vary based on ScreenOS release and deployment. For a complete list of supported ScreenOS versions for SSG Series gateways, please visit the Juniper Customer Support Center(www.juniper.net/customers/support/) and click on ScreenOS Software Downloads(3) IMIX stands for Internet mix and is more demanding than a single packet size as it represents a traffic mix that is more typical of a customer’s network. The IMIX traffic used is made up of 58.33%64 byte packets 33.33% 570 byte packets 8.33% 1518 byte packets of UDP traffic.(4) UTM Security features (IPS/Deep Inspection, antivirus, antispam and Web filtering) are delivered by annual subscriptions purchased separately from Juniper Networks. Annual subscriptionsprovide signature updates and associated support. The high memory option is required for UTM Security features.(5) Redirect Web filtering sends traffic from the firewall to a secondary server. The redirect feature is free, however it does require the purchase of a separate Web filtering license from either Websenseor SurfControl.(6) NAT, PAT, policy-based NAT, virtual IP, mapped IP, virtual systems, virtual routers, VLANs, OSPF, BGP, RIPv2, active/active HA and IP address assignment are not available in layer 2 transparent mode.(7) Active/passive and active/active HA requires the purchase of an Extended License. In addition to the HA features, an Extended License key increases a subset of the capacities as outlined below.Active/active HA is only supported in ScreenOS 6.0 or greater releases.8
IPS (Deep Inspection firewall) Signature PacksSignature packs provide the ability to tailor the attack protection to the specific deployment and/or attack type. The following signaturepacks are available for the SSG5 and SSG20:SIGNATURE PACKTARGET DEPLOYMENTDEFENSE TYPETYPE OF ATTACK OBJECTBaseBranch offices, small/mediumbusinessesClient/server and worm protectionRange of signatures and protocolClientRemote/branch officesPerimeter defense, compliance forhosts (desktops, etc.)Attacks in the server-to-client directionServerSmall/medium businessesPerimeter defense, compliance forserver infrastructureAttacks in the client-to-server directionWorm mitigationRemote/branch offices of largeenterprisesMost comprehensive defense againstworm attacksWorms, trojans, backdoor attacksanomaliesFirewall Extended LicensesEXTENDED LICENSE FEATURESSG20 AND SSG5SessionsIncreases max from 8,000 to 16,000VPN tunnelsIncreases max from 25 to 40VLANsIncreases max from 10 to 50VoIP callsIncreases max from 64 to 96High availabilityAdds support for stateful active/active or active/passive with ScreenOS 6.0 and aboveJuniper Networks Services and SupportJuniper Networks is the leader in performance-enabling services and support, which are designed to accelerate, extend, and optimizeyour high-performance network. Our services allow you to bring revenue-generating capabilities online faster so you can realize biggerproductivity gains and faster rollouts of new business models and ventures. At the same time, Juniper Networks ensures operationalexcellence by optimizing your network to maintain required levels of performance, reliability, and availability. For more details, please visitwww.juniper.net/us/en/products-services/.9
Ordering InformationMODEL NUMBERDESCRIPTIONMODEL NUMBERDESCRIPTIONSSG5 / SSG20 Accessories and UpgradesSSG5SSG-5-ELUExtended license upgrade key for SSG5SSG-20-ELUExtended license upgrade key for SSG20SSG5 with 128 MB Memory, ISDN BRI S/T backupinterfaceSSG-5-20-MEM-256SSG5 and SSG20 256 MB memory upgrade moduleSSG-5-SB-MSSG5 with 128 MB Memory, v.92 backup interfaceSSG-5-RMKSSG5 rack mount kit - holds 2 unitsSSG-5-SB-W-xxSSG5 with 128 MB Memory, RS232 Serial backupinterface, 802.11a/b/g WirelessSSG-20-RMKSSG20 rack mount kitSSG-ANTSSG Series wireless replacement antennaSSG-ANT-DIRSSG5 and SSG20 dual band directional antennaSSG-ANT-OMNISSG5 and SSG20 dual band omni-directionalantennaSSG-CBL-ANT-10M10 meters (30 feet) low loss cable for SSG-ANT-XXXSSG-5-SBSSG-5-SB-BTSSG-5-SB-BTW-xxSSG5 with 128 MB Memory, RS232 Serial backupinterfaceSSG5 with 128 MB Memory, ISDN BRI S/T backupinterface, 802.11a/b/g WirelessSSG-5-SB-MW-xxSSG5 with 128 MB Memory, v.92 backup interface,802.11a/b/g WirelessSSG-5-SHSSG5 with 256 MB Memory, RS232 Serial backupinterfaceUnified Threat Management/ContentSecurity (High Memory Option Required)SSG-5-SH-BTSSG5 with 256 MB Memory, ISDN BRI S/T backupinterfaceSSG5 with 256 MB Memory, v.92 backup interfaceNS-K-AVS-SSG5NS-K-AVS-SSG20Antivirus (incl. antispyware, antiphishing)SSG-5-SH-MSSG-5-SH-W-xxSSG5 with 256 MB Memory, RS232 Serial backupinterface, 802.11a/b/g WirelessNS-DI-SSG5NS-DI-SSG20IPS (Deep Inspection)SSG-5-SH-BTW-xxSSG5 with 256 MB Memory, ISDN BRI S/T backupinterface, 802.11a/b/g WirelessNS-WF-SSG5NS-WF-SSG20Web FilteringSSG-5-SH-MW-xxSSG5 with 256 MB Memory, v.92 backup interface,802.11a/b/g WirelessNS-SPAM2-SSG5NS-SPAM2-SSG20Anti-spamSSG20 with 128 MB Memory, 2-port Mini-PIM slotsNS-RBO-CS-SSG5NS-RBO-CS-SSG20Remote Office Bundle (Includes AV, DI, WF)SSG-20-SBSSG-20-SB-W-xxSSG20 with 128 MB Memory, 2-port Mini-PIM slots,802.11a/b/g WirelessNS-SMB2-CS-SSG5NS-SMB2-CS-SSG20Main Office Bundle (Includes AV, DI, WF, AS)SSG-20-SHSSG20 with 256 MB Memory, 2-port Mini-PIM slotsSSG-20-SH-W-xxSSG20 with 256 MB Memory, 2-port Mini-PIM slots,802.11a/b/g WirelessSSG20SSG20 I/O Options Note: The appropriate power cord is included based upon the sales order “Ship To” destination. Note: XX denotes region code for wireless devices. Not all countries are supported. Please seeWireless Country Compliance Matrix for certified countries. Note: For renewal of Content Security Subscriptions, add “-R” to above SKUs. Note: For 2 year Content Security Subscriptions, add “-2” to above SKUs. Note: For 3 year Content Security Subscriptions, add “-3” to above SKUs.JXM-1SERIAL-S1-port Serial Mini Physical Interface Module*JXM-1SFP-S1-port SFP Mini Physical Interface Module**JXM-1T1-S1-port T1 Mini Physical Interface ModuleAbout Juniper NetworksJXM-1E1-S1-port E1 Mini Physical Interface ModuleJuniper Networks, Inc. is the leader in high-performanceJXM-1ADSL2-A-S1-port ADSL2 Annex A Mini Physical InterfaceModulenetworking. Juniper offers a high-performance networkJXM-1ADSL2-B-S1-port ADSL2 Annex B Mini Physical InterfaceModulefor accelerating the deployment of services and applicationsJXM-1V92-S1-port v.92 Mini Physical Interface ModuleJXM-1BRI-ST-S1-port ISDN S/T BRI Mini Physical Interface ModuleJX-SFP-1GE-LXSmall Form Factor Pluggable 1000BASE-LX GigabitEthernet Optical Transceiver ModuleJX-SFP-1GE-SXSmall Form Factor Pluggable 1000BASE-SX GigabitEthernet Optical Transceiver ModuleJX-SFP-1GE-TSmall Form Factor Pluggable 1000BASE-T GigabitEthernet Copper Transceiver ModuleJX-SFP-1FE-FXSmall Form Factor Pluggable 100BASE-FX FastEthernet Optical Transceiver Module* The Serial Mini-PIM is only supported in ScreenOS 6.0 or greater releases** The SFP Mini-PIM is only supported in ScreenOS 6.0 or greater releases10infrastructure that creates a responsive and trusted environmentover a single network. This fuels high-performance businesses.Additional information can be found at www.juniper.net.
Notes11
Corporate and Sales HeadquartersAPAC HeadquartersEMEA HeadquartersTo purchase Juniper Networks solutions,Juniper Networks, Inc.Juniper Networks (Hong Kong)Juniper Networks Irelandplease contact your Juniper Networks1194 North Mathilda Avenue26/F, Cityplaza OneAirside Business ParkSunnyvale, CA 94089 USA1111 King’s RoadSwords, County Dublin, Irelandrepresentative at 1-866-298-6428 orPhone: 888.JUNIPER (888.586.4737)Taikoo Shing, Hong KongPhone: 35.31.8903.600or 408.745.2000Phone: 852.2332.3636EMEA Sales: 00800.4586.4737Fax: 408.745.2100Fax: 852.2574.7803Fax: 35.31.8903.601authorized reseller.www.juniper.netCopyright 2009 Juniper Networks, Inc. All rights reserved. Juniper Networks, the Juniper Networks logo, Junos,NetScreen, and ScreenOS are registered trademarks of Juniper Networks, Inc. in the United States and othercountries. All other trademarks, service marks, registered marks, or registered service marks are the property oftheir respective owners. Juniper Networks assumes no responsibility for any inaccuracies in this document. JuniperNetworks reserves the right to change, modify, transfer, or otherwise revise this publication without notice.1000176-005-EN12Dec 2009Printed on recycled paper
Websense SurfControl technology. Controls/blocks access to malicious Web sites. Integrated IPS (Deep Inspection) Annually licensed IPS engine. Prevents application-level attacks from flooding the network. Fixed Interfaces Seven fixed 10/100 interfaces on the SSG5, and five fixed 10/100 interfaces on the SSG20. The SSG5 is
