Juniper Netscreen-5200, Netscreen-5400 Specifications

DATASHEET

NETSCREEN SERIES
SECURITY SYSTEMS

Product Overview

The Juniper Networks NetScreen

Series is a line of purpose-built,

high-performance security systems

designed for large enterprise, carrier,

and data center networks. Architected

with both existing and future network

design in mind, the NetScreen Series

consists of two platforms: the 2-slot

NetScreen-5200 and the 4-slot

NetScreen-5400. Integrating firewall,

VPN, trac management functionality,

Denial of Service (DoS) and Distributed

Denial of Service (DDoS) protection

in a low profile modular chassis, the

NetScreen Series delivers scalable

performance for the most demanding

network environments.

Product Description

The Juniper Networks® NetScreen Series Security Systems are ideally suited for large

enterprise network backbones, including:

• Departmental or campus segmentation

• Enterprise data centers for securing high-density server environments

• Carrier-based managed services or core infrastructure

Offering excellent scalability and flexibility while providing high levels of security, the

NetScreen Series is differentiated by its chassis configuration for fans, power supplies,

and number of slots for modules. Both the Juniper Networks NetScreen-5200 and Juniper

Networks NetScreen-5400 support secure port modules that offer different throughput

and interface options for deployment flexibility. All chassis are designed with hot-

swappable, redundant fans and power supplies. This enables businesses to maximize

device uptime and meet stringent government and industry certifications, such as the

rigorous Network Equipment Building System criteria, the requirement for equipment used

in the central office in the North American Public Switched Network.

Employing a switch fabric for data exchange and separate multi-bus channel for control

information, the NetScreen Series can scale up to 30 Gbps firewall and 15 Gbps 3DES/AES

VPN. It provides low-latency performance for all packet sizes and is ideal for multimedia,

VoIP, and other streaming media applications.

Juniper Networks delivers all the components necessary to build and secure a highly

available infrastructure. Redundant links for full-mesh topologies, sub-second stateful

fail-over, path monitoring, and a secured control protocol all join to provide complete

resilience for the security layer. The NetScreen Series also supports Juniper Networks

virtual systems capability, with capacity up to 500 virtual systems. Virtual systems allow a

single security device to be partitioned logically into multiple security domains, each with

a unique virtual router, policy set, address book, and administrative login. Virtual systems

can be used with physical interfaces, as well as VLAN tagged interfaces bound to any

interface, with multiple security zones supported within each virtual system.

1

Whether the requirement is high-capacity session/tunnel

aggregation, high-performance small-packet throughput, a

high degree of system virtualization or a high degree of physical

segmentation, the NetScreen Series is the ideal platform for

large enterprise and carrier grade networks. The additional

benefits associated with lower total cost of ownership and the

ability to meet future service or application requirements make

the NetScreen Series firewall/VPN the clear choice for network

security operations.

Juniper Networks further expands overall system functionality and

performance by introducing a new management module and three

new secure port modules (SPMs) for the NetScreen Series. The

new management module takes advantage of faster CPU speeds

and larger CPU cache to enhance performance while the new

SPMs take advantage of Juniper’s fourth generation security ASIC

to deliver advanced functionality at multi-gigabit rates. These

new management and SPM modules deliver the Juniper heritage

of high-performance security while expanding capabilities and

capacities for NetScreen Series customers.

Features and Benefits

FEATURE FEATURE DESCRIPTION BENEFIT

Purpose-built platform Modular, chassis-based security systems. Delivers the high performance and configuration

High performance ASIC based architecture employs a switch fabric for

data exchange and a separate multi-bus channel for
control information.

Advanced network segmentation Security zones, virtual LANs and virtual routers allow

administrators to deploy security policies to isolate
guests, regional servers, or databases.

System and network resiliency Hardware component redundancy and full mesh

configurations enable redundant physical paths in the
network.

High availability (HA) Active/passive, active/active and active/active

full mesh HA configurations using dedicated high
availability interfaces.

Interface flexibility Modular architecture enables deployment with a wide

variety of interface options, including SFP (SX, LX, TX)
and XFP 10 gigabit (SR or LR).

Robust routing engine The NetScreen Series routing engine supports OSPF,

BGP, RIP v1/2, transparent Layer 2 operation, NAT and
Route mode.

Virtual system support Supports up to 500 virtual firewalls – each with a

unique set of administrators, policies, VPNs, and
address books.

World-class professional services From simple lab testing to major network

implementations, Juniper Networks Professional
Services will collaborate with your team to identify
goals, define the deployment process, create or
validate the network design, and manage the
deployment.

flexibility required to protect large enterprise and
carrier environments.

Ensures scalable performance and low latency in
sensitive applications such as VoIP and streaming
media.

Prevents unauthorized access, contains any attacks
that may occur, and facilitates regulatory compliance.

Provides the reliability required for high-speed network
deployments.

Achieve maximum availability and ensure
synchronization for sub-second failover between
interfaces or devices.

Simplifies network integration and helps reduce the
cost of future network upgrades.

Facilitates the deployment of the NetScreen Series as
a combined security and LAN routing device, lowering
operational and capital expenditures.

Reduces the number of physical units and allows
the partitioning of the network into separate
administrative domains.

Transforms the network infrastructure to ensure that it
is secure, flexible, scalable, and reliable.

Product Options

OPTION OPTION DESCRIP TION APPLICABLE PRODU CTS

Integrated IPS (Deep Inspection) Prevents application level attacks from flooding the

network using a combination of stateful signatures
and protocol anomaly detection mechanisms. IPS is
annually licensed.

Web filtering (redirect) Block access to malicious Web sites using a Web

filtering redirect solution such as SurfControl or
Websense technology.

Virtual systems Supports up to 500 virtual firewalls—each with a

unique set of administrators, policies, VPNs, and
address books.

2

NetScreen-5200 and

NetScreen-5400

NetScreen-5200 and

NetScreen-5400

NetScreen-5200 and

NetScreen-5400

NETSCREEN-5200

NETSCREEN-5400

Specifications

NetScreeN-5 200 NetScreeN-5 400

Maximum Performance and Capacity

ScreenOS® version tested ScreenOS 6.2 ScreenOS 6.2

Firewall performance (large packets)

2

Firewall performance (small packets) 4 Gbps 12 Gbps

Firewall Packets Per Second (64 byte) 6 M PPS 18 M PPS

AES256+SHA-1 VPN performance

3DES+SHA-1 VPN performance

Maximum concurrent sessions

New sessions/second

10

2

2

3

Maximum security policies 40,000 40,000

Maximum users supported Unrestricted Unrestricted

Network Connectivity

Fixed I/O

Interface expansion slots

LAN interface options

Firewall

Network attack detection Yes Yes

Denial of Service (DoS) and Distributed Denial of Service
(DDoS) protection

TCP reassembly for fragmented packet protection Yes Yes

Brute force attack mitigation Yes Yes

SYN cookie protection Yes Yes

Zone-based IP spoofing Yes Yes

Malformed packet protection Yes Yes

Unified Threat Management / Content Security

IPS (Deep Inspection firewall)

Protocol anomaly detection

Stateful protocol signatures

IPS/Deep Inspection attack pattern obfuscation

External URL filtering

5

1

10/8 Gbps 30/24 Gbps

5/4 Gbps 15/12 Gbps

5/4 Gbps 15/12 Gbps

1,000,000 2,000,000

26,500/22,000 26,500/22,000

0 0

2 (1 x Management, 1 x SPM) 4 (1 x Management, 3 x SPM)

8 mini-GBIC (SX, LX or TX), or 2 XFP 10Gig
(SR or LR)

8 mini-GBIC (SX, LX or TX), or 2 XFP 10Gig
(SR or LR)

Yes Yes

4

Yes Yes

Yes Yes

Yes Yes

Yes Yes

Yes Yes

(9)

3