Juniper SSG320M, SSG350M Datasheet
SSG320M AND
SSG350M SECURE
SERVICES
GATEWAYS
DATASHEET
Product Overview
The Juniper Networks SSG300 line
consists of purpose-built security
appliances that deliver the ideal
blend of performance, security,
routing, and LAN/WAN connectivity
for large, regional branch offices and
medium-size, standalone businesses.
Traffic flowing in and out of a regional
office or business is protected
from worms, spyware, trojans, and
malware by a complete set of Unified
Threat Management security features,
including stateful firewall, IPsec VPN,
intrusion prevention system (IPS),
antivirus (includes antispyware,
antiadware, antiphishing), antispam,
and Web filtering. The SSG300 line
comprises the SSG350M and the
SSG320M Secure Services Gateways.
Product Description
The Juniper Networks® SSG300 line of secure services gateways comprises highperformance security platforms that help businesses stop internal and external attacks,
prevent unauthorized access, and achieve regulatory compliance. The Juniper Networks
SSG350M Secure Services Gateway provides 500 Mbps of stateful firewall performance
and 225 Mbps of IPsec VPN performance, while the Juniper Networks SSG320M Secure
Services Gateway provides 400 Mbps of stateful firewall performance and 175 Mbps of
IPsec VPN performance.
These products focus on three key disciplines:
Security: Protection against worms, viruses, trojans, spam, and emerging malware
is delivered by proven Unified Threat Management (UTM) security features that are
backed by best-in-class partners. To address internal security requirements and facilitate
regulatory compliance, the SSG300 line supports an advanced set of network protection
features such as security zones, virtual routers, and VLANs that allow administrators to
divide the network into distinct, secure domains, each with their own unique security
policy. Policies protecting each security zone can include access control rules and
inspection by any of the supported UTM security features.
Regional Oce
Zone A
SSG350M
Internet
Headquarters
M7i
NetScreen-5400
Zone C
The SSG350M deployed at a branch oce for secure Internet connectivity and site-to-site
VPN to corporate headquarters. Internal branch oce resources are protected with unique
Zone B
security policies applied to each security zone.
1
Connectivity and Routing: The SSG300 line provides four onboard
10/100/1000 interfaces complemented by I/O expansion slots that
can house a mix of LAN or WAN interfaces, making the SSG300
line an extremely flexible platform. The broad array of I/O options
coupled with WAN protocol and encapsulation support makes the
SSG300 line of gateways easily deployable as traditional branch
oce routers or as consolidated security and routing devices, which
can help reduce CapEx and OpEx.
Access Control Enforcement: The SSG300 line of gateways can act
as enforcement points in a Juniper Networks Unified Access Control
deployment with the simple addition of the Juniper Networks IC
management engine by interacting with the SSG300 line to augment
or replace the firewall-based access control. It grants/denies access
based on more granular criteria, including endpoint state and user
identity in order to accommodate the dramatic shis in attack
landscape and user characteristics.
In addition, Juniper Networks Professional Services will collaborate
with your team to identify goals, define the deployment process,
create or validate the network design, and manage the deployment
to its successful conclusion. Whether it involves simple lab testing
or a major network implementation, Juniper Networks Professional
Services is there to help you ensure success.
Series UAC Appliances. The IC Series functions as a central policy
Features and Benefits
Feature Feature Description Benefit
High performance Purpose-built platform is assembled from custom-built
Best-in-class UTM security features UTM security features (antivirus, antispam, Web
Integrated antivirus Annually licensed antivirus engine, provided by Juniper,
Integrated antispam Annually licensed antispam oering, provided by
Integrated Web filtering Annually licensed Web filtering solution, provided by
Integrated intrusion prevention
system (IPS) (Deep Inspection)
Fixed Interfaces Four fixed 10/100/1000 interfaces, two USB ports, one
Network segmentation Bridge groups, security zones, virtual LANs and virtual
Interface modularity Six interface expansion slots support optional T1, E1,
Robust routing engine Proven routing engine supports OSPF, BGP and RIP v1/2
Juniper Networks Unified Access
Control enforcement point
Management flexibility Use any one of three mechanisms, CLI, WebUI or Juniper
Auto-Connect VPN Automatically sets up and takes down VPN tunnels
World-class professional services From simple lab testing to major network
hardware, powerful processing and a security-specific
operating system.
filtering, IPS) stop all manner of viruses and malware
before they damage the network.
is based on Kaspersky Lab engine.
Juniper, is based on Sophos technology.
Juniper, is based on Websense SurfControl technology.
Annually licensed IPS engine is available with Juniper
Networks Deep Inspection Firewall Signature Packs.
console port and one auxiliary port are standard on all
SSG300 line models.
routers allow administrators to deploy security policies
to isolate guests, wireless networks and regional servers
or databases.*
Serial, ADSL/ADSL2/ADSL2+, G.SHDSL, 10/100/1000,
and SFP connectivity.
along with Frame Relay, Multilink Frame Relay, PPP,
Multilink PPP and HDLC.
Interacts with the centralized policy management
engine (IC Series) to enforce session-specific access
control policies using criteria such as user identity,
device security state and network location.
Networks Network and Security Manager (NSM), to
securely deploy, monitor and manage security policies.
between spoke sites in a hub-and-spoke topology.
implementations, Juniper Networks Professional
Services will collaborate with your team to identify
goals, define the deployment process, create or validate
the network design and manage the deployment.
Delivers performance headroom required to protect
against internal and external attacks now and into
the future.
Ensures that the network is protected against all
manner of attacks.
Stops viruses, spyware, adware and other malware.
Blocks unwanted email from known spammers and
phishers.
Controls/blocks access to malicious Web sites.
Prevents application-level attacks from flooding the
network.
Provides high-speed LAN connectivity, future
connectivity and flexible management.
Powerful capabilities facilitate deploying security for
various internal, external and DMZ sub-groups on the
network, to prevent unauthorized access.
Delivers combination of LAN and WAN connectivity
on top of unmatched security to reduce costs and
extend investment protection.
Enables the deployment of consolidated security
and routing device, thereby lowering operational and
capital expenditures.
Improves security posture in a cost-eective
manner by leveraging existing customer network
infrastructure components and best-in-class
technology.
Enables management access from any location,
eliminating on-site visits thereby improving response
time and reducing operational costs.
Provides a scalable VPN solution for mesh
architectures with support for latency-sensitive
applications such as VoIP and video conferencing.
Transforms the network infrastructure to ensure that
it is secure, flexible, scalable and reliable.
*Bridge groups supported only on uPIMs in Juniper Networks ScreenOS® Software 6.0 and higher releases.
2
Product Options
Option Option Description Applicable Products
Network Equipment Building
Systems (NEBS) compliance
NEBS-compliant versions of the SSG350M are
available.
SSG350M
DRAM All models in the SSG300 line are available with
UTM/Content Security (high
memory option required)
I/O options Three (SSG320M) or five (SSG350M) expansion slots
1 GB of DRAM. The SSG320M and SSG350M are also
available in 256 MB-DRAM versions.
With the addition of licensing keys, the SSG300
line can be configured with any combination of the
following best-in-class UTM and content security
functionality: antivirus (includes antispyware,
antiphishing), IPS (Deep Inspection firewall), Web
filtering and/or antispam.
support optional T1, E1, Serial, ADSL2+, G.SHDSL,
10/100/1000, and SFP.
SSG320M
SSG350M
SSG320M
SSG350M high-memory model only
SSG320M high-memory model only
SSG350M
SSG320M
SSG350M
Specifications
SSG320M SSG350M
Maximum Performance and Capacity
ScreenOS version tested ScreenOS 6.3 ScreenOS 6.3
Firewall performance (Large packets) 450+ Mbps 550+ Mbps
Firewall performance (IMIX)
Firewall Packets Per Second (64 byte) 175,000 PPS 225,000 PPS
AES256+SHA-1 VPN performance 175 Mbps 225 Mbps
3DES+SHA-1 VPN performance 175 Mbps 225 Mbps
Maximum concurrent sessions 64,000 128,000
New sessions/second 10,000 12,500
Maximum security policies 2,000 2,000
Maximum users supported Unrestricted Unrestricted
Convertible to Juniper Networks Junos
system 8.0 or higher
(2)
®
operating
(1)
400 Mbps 500 Mbps
Yes Yes
Network Connectivity
Fixed I/O 4x10/100/1000 4x10/100/1000
Physical Interface Module (PIM) Slots 3 5
WAN interface options (PIMS) Serial, T1, E1, ADSL/ADSL2/ADSL2+, G.SHDSL Serial, T1, E1, ADSL/ADSL2/ADSL2+, G.SHDSL
LAN interface options (uPIMS) 8x10/100/1000, 16x10/100/1000, and 6xSFP 8x10/100/1000, 16x10/100/1000, and 6xSFP
3
Loading...