NetScreen Appliance Features
|
Feature
|
NetScreen-200
Series (1)
|
|
NetScreen-100
(2)
|
NetScreen-50
(2)
|
NetScreen-25
(2)
|
|
NetScreen-5XT
(2)
NetScreen-5XP (2) |
|||||||
| Performance |
Concurrent
sessions
|
128,000
|
128,000
|
8,000
|
4,000
|
2,000
|
||||||||
|
New
sessions/second
|
13,000
|
17,000
|
8,000
|
4,000
|
2,000
|
|||||||||
|
Firewall
performance
|
400
or 550 Mbps
|
200
Mbps
|
170
Mbps
|
100
Mbps
|
5XT:
70 Mbps
5XP: 10 Mbps |
|||||||||
|
Triple-DES
(168 bit)
|
200
Mbps
|
195
Mbps
|
50
Mbps
|
20
Mbps
|
5XT:
20 Mbps
5XP: 10 Mbps |
|||||||||
|
Policies
|
4,000
|
4,000
|
1,000
|
500
|
100
|
|||||||||
|
Schedules
|
256
|
256
|
256
|
256
|
256
|
|||||||||
|
Interfaces
|
4
or 8 10/100 Base-T
|
3
10/100 Base-T
|
10/100
Base-T (3)
|
4
10/100 Base-T (3)
|
5XT:
1 10/100 Base-T Untrust
4 10/100 Base-T Trust 5XP: 1 10 Base-T Untrust 1 10 Base-T Trust |
|||||||||
|
|
||||||||||||||
| Mode of Operation |
Transparent
mode (all interfaces)
|
Yes
|
Yes
|
Yes
|
Yes
|
Yes
|
||||||||
|
Route
mode (all interfaces)
|
Yes
|
Yes
|
Yes
|
Yes
|
Yes
|
|||||||||
|
NAT
(Network Address Translation)
|
Yes
(per interface)
|
Yes
|
Yes
|
Yes
|
Yes
|
|||||||||
|
Policy-based
NAT
|
Yes
|
Yes
|
Yes
|
Yes
|
Yes
|
|||||||||
|
PAT
(Port Address Translation)
|
Yes
|
Yes
|
Yes
|
Yes
|
Yes
|
|||||||||
|
Virtual
IP
|
4
|
4
|
2
|
2
|
1
|
|||||||||
|
Mapped
IP
|
4,000
|
4,000
|
1,000
|
500
|
32
|
|||||||||
|
IP
routing—static routes
|
256
|
256
|
60
|
60
|
16
|
|||||||||
|
Users
per port, Trusted
|
Unrestricted
|
Unrestricted
|
Unrestricted
|
Unrestricted
|
10
or Unrestricted
|
|||||||||
|
|
||||||||||||||
| IP Address Assignment |
Static
|
All
|
All
|
All
|
All
|
All
|
||||||||
|
DHCP
client
|
N/A
|
N/A
|
Untrusted
interface
|
Untrusted
interface
|
Untrusted
interface
|
|||||||||
|
PPPoE
client
|
Untrusted
interface
|
Untrusted
interface
|
Untrusted
interface
|
Untrusted
interface
|
Untrusted
interface
|
|||||||||
|
Internal
DHCP server
|
Trusted
interface
|
Trusted
interface
|
Trusted
interface
|
Trusted
interface
|
Trusted
interface
|
|||||||||
|
DHCP
Relay
|
Yes
|
Yes
|
Yes
|
Yes
|
Yes
|
|||||||||
|
|
||||||||||||||
| Firewall Attacks Detected |
SYN
attack
|
Yes
|
Yes
|
Yes
|
Yes
|
Yes
|
||||||||
|
ICMP
flood
|
Yes
|
Yes
|
Yes
|
Yes
|
Yes
|
|||||||||
|
UDP
flood
|
Yes
|
Yes
|
Yes
|
Yes
|
Yes
|
|||||||||
|
Ping
of death
|
Yes
|
Yes
|
Yes
|
Yes
|
Yes
|
|||||||||
|
IP
spoofing
|
Yes
|
Yes
|
Yes
|
Yes
|
Yes
|
|||||||||
|
Port
scan
|
Yes
|
Yes
|
Yes
|
Yes
|
Yes
|
|||||||||
|
Land
attack
|
Yes
|
Yes
|
Yes
|
Yes
|
Yes
|
|||||||||
|
Tear
drop attack
|
Yes
|
Yes
|
Yes
|
Yes
|
Yes
|
|||||||||
|
Filter
IP source route option
|
Yes
|
Yes
|
Yes
|
Yes
|
Yes
|
|||||||||
|
IP
address sweep attack
|
Yes
|
Yes
|
Yes
|
Yes
|
Yes
|
|||||||||
|
WinNuke
attack
|
Yes
|
Yes
|
Yes
|
Yes
|
Yes
|
|||||||||
|
Java/ActiveX/Zip/EXE
|
Yes
|
Yes
|
Yes
|
Yes
|
Yes
|
|||||||||
|
Default
packet deny
|
Yes
|
Yes
|
Yes
|
Yes
|
Yes
|
|||||||||
|
User-defined
malicious URL
|
48
|
48
|
48
|
48
|
48
|
|||||||||
|
Per-source
session limiting
|
Yes
|
Yes
|
Yes
|
Yes
|
Yes
|
|||||||||
|
SYN
fragments
|
Yes
|
Q3
2002
|
Q3
2002
|
Q3
2002
|
Q3
2002
|
|||||||||
|
SYN
and FIN bit set
|
Yes
|
Q3
2002
|
Q3
2002
|
Q3
2002
|
Q3
2002
|
|||||||||
|
No
flags in TCP
|
Yes
|
Q3
2002
|
Q3
2002
|
Q3
2002
|
Q3
2002
|
|||||||||
|
FIN
with no ACK
|
Yes
|
Q3
2002
|
Q3
2002
|
Q3
2002
|
Q3
2002
|
|||||||||
|
ICMP
fragment
|
Yes
|
Q3
2002
|
Q3
2002
|
Q3
2002
|
Q3
2002
|
|||||||||
|
Large
ICMP
|
Yes
|
Q3
2002
|
Q3
2002
|
Q3
2002
|
Q3
2002
|
|||||||||
|
IP
source route
|
Yes
|
Q3
2002
|
Q3
2002
|
Q3
2002
|
Q3
2002
|
|||||||||
|
IP
record route
|
Yes
|
Q3
2002
|
Q3
2002
|
Q3
2002
|
Q3
2002
|
|||||||||
|
IP
security options
|
Yes
|
Q3
2002
|
Q3
2002
|
Q3
2002
|
Q3
2002
|
|||||||||
|
IP
timestamp
|
Yes
|
Q3
2002
|
Q3
2002
|
Q3
2002
|
Q3
2002
|
|||||||||
|
IP
stream
|
Yes
|
Q3
2002
|
Q3
2002
|
Q3
2002
|
Q3
2002
|
|||||||||
|
IP
bad options
|
Yes
|
Q3
2002
|
Q3
2002
|
Q3
2002
|
Q3
2002
|
|||||||||
|
Unknown
protocols
|
Yes
|
Q3
2002
|
Q3
2002
|
Q3
2002
|
Q3
2002
|
|||||||||
|
|
||||||||||||||
| VPN |
Dedicated
VPN tunnels
|
1,000
|
1,000
|
100
|
25
|
10
|
||||||||
|
Manual
Key, IKE, PKI (X.509)
|
Yes
|
Yes
|
Yes
|
Yes
|
Yes
|
|||||||||
|
DES
(56-bit), 3DES (168-bit) and AES encryption
|
Yes
|
Yes
|
Yes
|
Yes
|
Yes
|
|||||||||
|
Perfect
forward secrecy (DH Groups)
|
1,2,5
|
1,2,5
|
1,2,5
|
1,2,5
|
1,2,5
|
|||||||||
|
Prevent
replay attack
|
Yes
|
Yes
|
Yes
|
Yes
|
Yes
|
|||||||||
|
Remote
access VPN
|
Yes
|
Yes
|
Yes
|
Yes
|
Yes
|
|||||||||
|
L2TP
within IPSec
|
Yes
|
Yes
|
Yes
|
Yes
|
Yes
|
|||||||||
|
Site-to-site
VPN
|
Yes
|
Yes
|
Yes
|
Yes
|
Yes
|
|||||||||
|
Star
(hub and spoke) VPN network topology
|
Yes
|
Yes
|
Yes
|
Yes
|
Yes
|
|||||||||
|
IPSec
NAT traversal
|
Yes
|
Yes
|
Yes
|
Yes
|
Yes
|
|||||||||
|
Redundant
VPN gateway
|
Yes
|
Yes
|
Yes
|
Yes
|
Yes
|
|||||||||
|
|
||||||||||||||
| IPSec Authentication |
SHA-1
|
Yes
|
Yes
|
Yes
|
Yes
|
Yes
|
||||||||
|
MD5
|
Yes
|
Yes
|
Yes
|
Yes
|
Yes
|
|||||||||
|
PKI
certificate requests (PKCS 7 and PKCS 10)
|
Yes
|
Yes
|
Yes
|
Yes
|
Yes
|
|||||||||
|
Automated
certificate enrollment (SCEP)
|
Yes
|
Yes
|
Yes
|
Yes
|
Yes
|
|||||||||
|
Online
Certificate Status Protocol (OCSP)
|
Yes
|
Yes
|
Yes
|
Yes
|
Yes
|
|||||||||
|
|
||||||||||||||
| Certificate Authorities supported |
VeriSign
CA
|
Yes
|
Yes
|
Yes
|
Yes
|
Yes
|
||||||||
|
Entrust
CA
|
Yes
|
Yes
|
Yes
|
Yes
|
Yes
|
|||||||||
|
Microsoft
CA
|
Yes
|
Yes
|
Yes
|
Yes
|
Yes
|
|||||||||
|
RSA
Keon CA
|
Yes
|
Yes
|
Yes
|
Yes
|
Yes
|
|||||||||
|
iPlanet
(Netscape) CA
|
Yes
|
Yes
|
Yes
|
Yes
|
Yes
|
|||||||||
|
Baltimore
CA
|
Yes
|
Yes
|
Yes
|
Yes
|
Yes
|
|||||||||
|
DOD
PKI CA
|
Yes
|
Yes
|
Yes
|
Yes
|
Yes
|
|||||||||
|
|
||||||||||||||
| Firewall & VPN User Authentication |
Built-in
(internal) database - user limit
|
1,500
|
1,500
|
500
|
500
|
100
|
||||||||
|
RADIUS
(external) database
|
Yes
|
Yes
|
Yes
|
Yes
|
Yes
|
|||||||||
|
RSA
SecureID (external) database
|
Yes
|
Yes
|
Yes
|
Yes
|
Yes
|
|||||||||
|
LDAP
(external) database
|
Yes
|
Yes
|
Yes
|
Yes
|
Yes
|
|||||||||
|
|
||||||||||||||
| Traffic Management |
Guaranteed
bandwidth
|
Yes
|
Yes
|
Yes
|
Yes
|
Yes
|
||||||||
|
Maximum
bandwidth
|
Yes
|
Yes
|
Yes
|
Yes
|
Yes
|
|||||||||
|
Priority-bandwidth
utilization
|
Yes
|
Yes
|
Yes
|
Yes
|
Yes
|
|||||||||
|
DiffServ
stamp
|
Yes
|
Yes
|
Yes
|
Yes
|
Yes
|
|||||||||
|
|
||||||||||||||
| High Availability (HA) |
High
Availability
|
Yes
|
Yes
|
Q3
2002
|
No
|
No
|
||||||||
|
Session
protection for firewall and VPN
|
Yes
|
Yes
|
Q3
2002
|
No
|
No
|
|||||||||
|
Device
failure detection
|
Yes
|
Yes
|
Q3
2002
|
No
|
No
|
|||||||||
|
Link
failure detection
|
Yes
|
Yes
|
Q3
2002
|
No
|
No
|
|||||||||
|
Network
notification on failover
|
Yes
|
Yes
|
Q3
2002
|
No
|
No
|
|||||||||
|
Authentication
for new HA members
|
Yes
|
Yes
|
Q3
2002
|
No
|
No
|
|||||||||
|
Encryption
of HA traffic
|
Yes
|
Yes
|
Q3
2002
|
No
|
No
|
|||||||||
|
|
||||||||||||||
| System Management |
WebUI
(HTTP and HTTPS)
|
Yes
|
Yes
|
Yes
|
Yes
|
Yes
|
||||||||
|
Command
line interface (console)
|
Yes
|
Yes
|
Yes
|
Yes
|
Yes
|
|||||||||
|
Command
line interface (telnet)
|
Yes
|
Yes
|
Yes
|
Yes
|
Yes
|
|||||||||
|
Secure
Command Shell (ssh v1 compatible)
|
Yes
|
Yes
|
Yes
|
Yes
|
Yes
|
|||||||||
|
NetScreen-Global
PRO
|
Yes
|
Yes
|
Yes
|
Yes
|
Yes
|
|||||||||
|
NetScreen-Global
PRO Express
|
Yes
|
Yes
|
Yes
|
Yes
|
Yes
|
|||||||||
|
All
mgm’t via VPN tunnel on any interface
|
Yes
|
Yes
|
Yes
|
Yes
|
Yes
|
|||||||||
|
SNMP
full custom MIB
|
Yes
|
Yes
|
Yes
|
Yes
|
Yes
|
|||||||||
|
|
||||||||||||||
| Administration |
Multiple
administrators
|
20
|
20
|
20
|
20
|
20
|
||||||||
|
Remote
administrator database
|
RADIUS
|
RADIUS
|
RADIUS
|
RADIUS
|
RADIUS
|
|||||||||
|
Administrative
networks
|
6
|
6
|
6
|
6
|
6
|
|||||||||
|
Root
admin, admin, and read only user levels
|
Yes
|
Yes
|
Yes
|
Yes
|
Yes
|
|||||||||
|
Software
upgrades and config changes
|
TFTP/Web
UI/Global
|
TFTP/Web
UI/Global
|
TFTP/Web
UI/Global
|
TFTP/Web
UI/Global
|
TFTP/Web
UI/Global
|
|||||||||
|
|
||||||||||||||
| Logging/Monitoring |
Syslog
|
External
|
External
|
External
|
External
|
External
|
||||||||
|
E-mail
(2 addresses)
|
Yes
|
Yes
|
Yes
|
Yes
|
Yes
|
|||||||||
|
NetIQ
WebTrends
|
External
|
External
|
External
|
External
|
External
|
|||||||||
|
SNMP
|
Yes
|
Yes
|
Yes
|
Yes
|
Yes
|
|||||||||
|
Traceroute
|
Yes
|
Yes
|
Yes
|
Yes
|
Yes
|
|||||||||
|
VPN
tunnel monitor
|
Yes
|
Yes
|
Yes
|
Yes
|
Yes
|
|||||||||
|
Websense
URL filtering
|
External
|
External
|
External
|
External
|
External
|
|||||||||
|
|
||||||||||||||
| External Flash |
CompactFlash
|
96
or 512 MB options
|
No
|
96
or 512 MB options
|
96
or 512 MB options
|
No
|
||||||||
|
PCMCIA
Flash
|
No
|
96
MB options
|
No
|
No
|
No
|
|||||||||
|
Event
logs and alarms
|
Yes
|
Yes
|
Yes
|
Yes
|
No
|
|||||||||
|
System
config script
|
Yes
|
Yes
|
Yes
|
Yes
|
No
|
|||||||||
|
ScreenOS
software
|
Yes
|
Yes
|
Yes
|
Yes
|
No
|
|||||||||
|
|
||||||||||||||
| Dimensions and Power |
Height
|
1.73
inches
|
1.75
inches
|
1.73
inches
|
1.73
inches
|
1.25
inches
|
||||||||
|
Width
|
17.5
inches
|
17.5
inches
|
17.5
inches
|
17.5
inches
|
5XT:
8 inches
5XP: 6 inches |
|||||||||
|
Lenght
|
10.8
inches
|
10.8
inches
|
10.8
inches
|
10.8
inches
|
5
inches
|
|||||||||
|
Weight
|
8
lbs.
|
8
lbs.
|
8
lbs.
|
8
lbs.
|
5XT:
1.5 lb.
5XP: 1 lb. |
|||||||||
|
Rack
mountable
|
Yes
|
Yes
|
Yes
|
Yes
|
Yes,
with separate kit
|
|||||||||
|
Power
Supply (AC)
|
90
to 264 VAC, 45 W
|
90
to 264 VAC, 30 W
|
90
to 264 VAC, 45 W
|
90
to 264 VAC, 45 W
|
5XT:
90 to 264 VAC,12W
5XP: 90 to 264 VAC, 7.5W |
|||||||||
|
Power
Supply (AC)
|
-36
to -72 VDC, 50 W
|
-36
to -72 VDC, 30 W
|
36
to -72 VDC, 50 W
|
36
to -72 VDC, 50 W
|
N/A
|
|||||||||
| (1)
Performance, capacity, and features provided with NetScreen ScreenOS 3.1.0.
May vary with other NetScreen ScreenOS releases. (2) Performance, capacity, and features provided with NetScreen ScreenOS 3.0.3. May vary with other NetScreen ScreenOS releases. (3) Only three interfaces currently supported. Fourth interface supported in future NetScreen ScreenOS release. |
||||||||||||||