Juniper Networks NetScreen-500 / NetScreen-500 GPRS
- Purpose-built, high-performance, integrated security system for medium to large enterprises and carriers
- Virtual System support for logical partitioning of the system into separate firewall and/or VPN domains
- GPRS support to provide mobile operators with a purpose-built, high-performance, security solution for protecting GPRS data networks
Overview
The Juniper Networks NetScreen-500 system is a purpose-built, integrated security system that provides a flexible, high-performance solution for medium and large enterprise central sites and service providers. The NetScreen-500 network security system integrates firewall, DoS, VPN, and traffic-management functionality in a low-profile, modular chassis. It provides high levels of total throughput for firewall and VPN plus support for virtual systems and security zones. Its flexible and resilient hardware architecture incorporates modular physical interfaces, redundant power supplies, fans, and high-availability interfaces. The NetScreen-500 system is well suited to match the peak load and strong deterrence requirements of the most demanding environments.
The Juniper Networks NetScreen-500 GPRS system combines the hardware-accelerated firewall, VPN, and traffic management capabilities of the NetScreen-500 with enhanced features designed to provide mobile operators with a purpose-built, high-performance, and scalable security solution for protecting GPRS data networks. The NetScreen-500 GPRS solution secures roaming connections using a combination of Stateful inspection, traffic rate limiting, traffic sanity checks, traffic logging, and traffic accounting. These features allow mobile operators to protect their network infrastructure from Denial of Service (DoS) attacks and subscriber hijacking attacks. The NetScreen-500 GPRS features can also be used to control roaming partner network access, in addition to controlling which external networks subscribers may access (through APN filtering). GTP Releases 1997 and 1999 are both fully supported, including charging gateway traffic. The NetScreen-500 GPRS system provides secure, scalable Internet and corporate intranet connectivity from a mobile operator's network.
Features and Benefits
Key features and benefits of the NetScreen-500 system and the NetScreen-500 GPRS system include the following:
- Integrated security system with security-optimized hardware, operating system, and applications, providing a higher level of security than software-based solutions
- Comprehensive, high-availability solution for sub-second failover between interfaces or devices
- Full mesh configurations to allow for redundant physical paths in the network, thereby providing maximum resiliency and uptime
- Virtual System support to allow partitioning into multiple security domains, each with a unique set of administrators, policies, VPNs, and address books
- Interface flexibility for varying network-connectivity requirements and future growth requirements
- Virtual Router support to map internal, private, or overlapped IP addresses to a new IP address, providing an alternate route to the final destination and concealing it from public view
- Customizable security zones to increase interface density without additional hardware expenditures, lower policy-creation costs, contain unauthorized users and attacks, and simplify management of VPNs
- Redundant VPN gateways for an additional level of redundancy in a VPN network, by allowing backup tunnel definitions in the event of a lost VPN connection
- Firewall attack protection on every interface, for a secure internal as well as external network
- Transparent mode to allow the device to function as a Layer 2 IP security bridge, providing firewall, VPN, and DoS protections, but with minimal change to the existing network
- Management through graphical Web UI, CLI, or the NetScreen-Security Manager central management system
- Policy-based management for centralized, end-to-end life-cycle management
Specific Features and Benefits of the NetScreen-500 GPRS:
- Policy-based GTP enforcement for all GPRS features
- Support for GTP Releases 1997 and 1999
- Full support at all GPRS interfaces
- Ability to combine multiple interfaces in single device (Gn, Gp, Ga, Gi)
- Malicious attack prevention, such as overbilling prevention
- Support for IPSec, L2TP, and 802.1q VLANs to logically separate the connections from the mobile operator's network to the external networks, and enable the application of security policies
Specifications
| Advanced Feature/Capacity | NetScreen-500 Advanced | NetScreen-500 GPRS |
|---|---|---|
| Number of Interfaces | Up to 8 10/100, or 8 Mini-GBIC, or 4 GBIC | Up to 8 10/100, or 8 Mini-GBIC, or 4 GBIC |
| Maximum Number of IP Addresses in Trusted Interfaces | Unrestricted | Unrestricted |
| Maximum Throughput | 700M FW 250 3DES VPN |
600M FW 250 3DES VPN |
| Maximum Number of Sessions | 250,000 | 250,000 |
| Maximum Number of VPN Tunnels | 5,000 site-to-site 10,000 remote access |
10,000 VPN or 150,000 GTP Tunnels |
| Maximum Number of Policies | 20,000 | 20,000 |
| Maximum Number of Virtual Systems | 0 default, up to 25 additional | 0 default, up to 10 additional |
| Maximum Number of Virtual LANs | 100 | 100 |
| Maximum Number of Security Zones | 8 default, up to 50 additional | 250 |
| Maximum Number of Virtual Routers | 2 default, up tp 25 additional | 250 |
| High-Availability Modes Supported | Active/Passive Active/Active Active/Active Full Mesh |
Active/Passive Active/Active Active/Active Full Mesh |
| IPS (Deep Inspection FW) | Yes | Yes |
The features and capacities described in the table above represent the Advanced licensing option for the NetScreen-500.
A Baseline software license is also available for the NetScreen-500 (non-GPRS) as an entry-level solution for customer environments where features such as Deep Inspection, OSPF and BGP dynamic routing, advanced High Availabilty, and full capacity are not critical requirements. The following table shows the Baseline features and capacities that are different than the Advanced models.
| Baseline Feature/Capacity | NetScreen-500 Baseline |
|---|---|
| Maximum Number of Sessions | 128,000 |
| Maximum Number of Concurrent VPN Tunnels | 1,000 |
| Routing Protocols Supported | RIPv1/v2 Only |
| IPS (Deep Inspection FW) | Not Available |
| High Availability | Active/Passive |
| NetScreen-Security Manager | Supported |
All product specifications can be found in the datasheets:
Demos
Managing Your Network Security
Take a tour of the NetScreen-Security Manager system to see how to manage Juniper Networks integrated FW/VPN devices. This demo shows how to use this centralized, rule-based management platform to manage every aspect of the device life cycle, including all device, network, and security functionality, through a single, user-friendly interface. This demo will also show how to accomplish some key activities, such as how to set up a device, create a security policy, configure a VPN, investigate security incidents, and pull reports. See how easy it is to manage network security with the NetScreen-Security Manager system efficiently completing security tasks. See the demo
Literature
Datasheets
Brochure
Feature Briefs
- Denial of Service and Attack Protection
788 KB - Firewall with Integrated IPS180 KB
- Firewall / VPN Central Management34 KB
- High Availability174 KB
- Integrated Networking117 KB
- Network Deployment Options117 KB
- Network Segmentation212 KB
- Purpose-Built Architecture143 KB
- Secure Dynamic VPNs90 KB
- Secure VoIP86 KB
- Stateful Inspection Firewall70 KB
- Virtual Systems96 KB
- VPN Resiliency661 KB
- Web Filtering135 KB
White Papers
- Dynamic VPNs Achieving Scalable, Secure Site-to-Site Connectivity377 KB
- GPRS Security Threats and Solution Recommendations1.3 MB
- Juniper Networks Deep Inspection Firewall862 KB
- Juniper Networks Layered Security Solution1.25 MB
- Juniper Networks NetScreen-500 Security System Overview1 MB
- Stateful Inspection Firewalls277 KB
- The Need for Pervasive Application-Level Attack Protection287 KB
- Virtualization Technologies Overview554 KB
- Voice Over IP 101: Understanding VoIP Networks692 KB
Solution Briefs
- Different Approaches to Site-to-Site VPNs354 KB
- Enterprise Secure Wireless230 KB
- Integrated and Redirect Web Filtering67 KB
Case Studies
Buyer's Guide
View all Juniper Networks Literature