NetScreen System Features

. Feature       NetScreen-1000   NetScreen-500
Performance   Concurrent sessions   500,000 (ES: 300,000)* (1)   250,000 (1)
    New sessions/second   15,000 (1)   22,000 (1)
    Firewall performance   2,000 Mbps wire speed (6)   700 Mbps
    Triple-DES (168 bit)   1000 Mbps wire speed   250 Mbps
    Policies   40,000 (1)   20,000 (1)
    Schedules   256 (1)   256 (1)
    Maximum number of Virtual Systems   100   25
Virtual Systems   Number of VLANs supported   500   100
Mode of Operation   Transparent Mode (All Interfaces)   Yes (2)   Yes (2)
    Route Mode   Yes   Yes
    NAT (Network Address Translation)   Yes   Yes
    PAT (Port Address Translation)   Yes   Yes
    Virtual IP (VIP)   4 (2)   4 (2)
    Mapped IP   4096 (1)   4096 (1)
    IP routing – Static Routes   1024 (1)   512 (1)
    Policy-based NAT   Yes   Yes
    Users per port   Unrestricted   Unrestricted
Firewall Attack Detection   Syn Attack   Yes (3)   Yes (3)
    ICMP Flood detection, threshold selectable   Yes (3)   Yes (3)
    UDP Flood detection, threshold selectable   Yes (3)   Yes (3)
    Detect Ping of Death   Yes (3)   Yes (3)
    Detect IP Spoofing   Yes (3)   Yes (3)
    Detect Port Scan   Yes (3)   Yes (3)
    Detect Land Attack   Yes (3)   Yes (3)
    Detect Tear Drop   Yes (3)   Yes (3)
    Filter IP source route option   Yes (3)   Yes (3)
    Detect IP address Sweep Attack     Yes (3)   Yes (3)
    Detect WinNuke Attack   Yes (3)   Yes (3)
    Java/ActiveX/Zip/EXE   Yes (3)   Yes (3)
    Default Packet deny   Yes (3)   Yes (3)
    DoS, DDoS Protection   Yes (3)   Yes (3)
VPN   Dedicated tunnels   25,000 (ES:15,000)*(1)   10,000 (1)
    Manual Key, IKE, PKI (X.509)   Yes   Yes
    DES (56-bit) & 3DES (168-bit) Encryption   Yes   Yes
    Perfect Forward Secrecy (DH Groups)   1,2,5   1,2,5
    Prevent Replay Attack   Yes   Yes
    Remote access VPN   Yes   Yes
    Site-to-site VPN   Yes   Yes
    Star (hub and spoke) VPN network topology   Yes   Yes
    L2TP   N/A   Yes
IPSec   Authentication        
      SHA-1   Yes   Yes
      MD5   Yes   Yes
    Certificates requests (PKCS 7 & PKCS 10)   Yes   Yes
    Certificate Servers Supported        
      Verisign CA   Yes   Yes
      Entrust CA   Yes   Yes
      Microsoft CA   Yes   Yes
      RSA Keon CA   Yes   Yes
      IPlanet (Netscape) CA   Yes   Yes
      Baltimore CA   Yes   Yes
High Availability (HA)   High Availability (HA)   Yes   Yes
   

Active/Active Support

   Yes   Yes
   

Full mesh deployments supported

   Yes   Yes
   

Redundant interfaces

   Yes   Yes
    Session protection for Firewall and VPN   Yes   Yes
    Device failure detection   Yes   Yes
    Link failure detection   Yes   Yes
    Network notification on failover   Yes   Yes
Firewall & VPN User Authentication   Built-In (internal) Database -
user limit		   25,000 (ES: 15,000)*   15,000
    RADIUS (external) database   Yes   Yes
    SA SecureID (external) database   Yes   Yes
    LDAP (external) database   Yes   Yes
Traffic Management   Guaranteed bandwidth   N/A   Yes (2)
    Maximum bandwidth   N/A   Yes (2)
    Priority-bandwidth utilization   N/A   Yes (2)
    DiffServ stamp   N/A   Yes (2)
System Management   Web UI (HTTP and HTTPS)   Yes   Yes
    Command Line Interface (console)   Yes   Yes
    Command Line Interface (telnet)   Yes   Yes
    Secure Command Shell (ssh v1 compatible)   Yes   Yes
    NetScreen-Global Manager   Yes   Yes
    NetScreen-Global PRO   Yes   Yes
    All management via VPN tunnel on any interface   Yes   Yes
Administration   Multiple administrators   20 (2)   20 (2)
    Remote administrator database   Radius   Radius
    Administrative Networks   6   6
    Root Admin, Admin, & Read Only user levels   Yes   Yes
    Software Upgrades & Configuration Changes   TFTP/WebUI/Global   TFTP/WebUI
Logging/Monitoring     Syslog   External   External
    E-mail (2 addresses)   Yes   Yes
    WebTrends   External   External
    SNMP   Yes   Yes
    Traceroute   Yes   Yes
    VPN Tunnel Monitor   Yes   Yes
    Websense URL filtering   N/A   External (3)
PCMCIA   PCMCIA Card   96 MB, Type 1   440 MB, Type 2 & 3
    Event logs and alarms   Yes   Yes
    System config script   Yes   Yes
    ScreenOS Software   Yes   Yes
Dimensions and Power   Height   22 inches   3.5 inches
    Width   17.5 inches   17.5 inches
    Length   20 inches   17 inches
    Weight   50 lbs.   27 lbs.
    Rack mountable   Yes   Yes
    Power input AC   95 - 240 variable (47 to 63 Hz)   95 - 240 variable (47 to 63 Hz)
    Power input DC   Option, -36 to -72VDC   Option, -36 to -72VDC
    Power consumption   350 Watts   100 Watts
             
*ES indicates NetScreen-1000ES where different from NetScreen-1000SP
(1) Shared among all Virtual Systems
(2) Not available with Virtual Systems
(3) Feature enabled or disabled for whole system, no individual Virtual System control
(4) Virtual Systems only
(5) Performance tested with GBIC cards, 10/100 cards support wire speed performance