NetScreen Appliance Features

      Feature   Netscreen-5XP   NetScreen-10   NetScreen-100
  Performance   Concurrent sessions   2,000   4,000   128,000
      New sessions/second   960   3,800   19,000
      Firewall performance   10 Mbps*   10 Mbps*   200 Mbps*
      DES (56-Bit)   10 Mbps*   10 Mbps*   200 Mbps*
      Triple-DES (168 bit)   10 Mbps*   10 Mbps*   200 Mbps*
      Policies   100   1,000   4,000
      Schedules   256   256   256
 
  Mode of Operation   Transparent mode (All Interfaces)   Yes   Yes   Yes
      Route mode   Yes   Yes   Yes
      Route mode on all interfaces   Yes   Yes   Yes
      NAT (Network Address Translation)   Yes   Yes   Yes
      Policy-based NAT   Yes   Yes   Yes
      PAT (Port Address Translation)   Yes   Yes   Yes
      Virtual IP   1   2   4
      Mapped IP   10   1,000   4,000
      IP routing—static routes   16   60   250
      Users per port, Trusted   10 or unrestricted   Unrestricted   Unrestricted
 
  IP Address Assignment   Static   All   All   All
      DHCP client   Untrusted   Untrusted   N/A
      PPPoE client   Untrusted   N/A   N/A
      Internal DHCP server   Trusted   Trusted   N/A
      DHCP Relay   Yes   Yes   Yes
 
  Firewall Attacks Detected   Syn attack   Yes   Yes   Yes
      ICMP flood   Yes   Yes   Yes
      UDP flood   Yes   Yes   Yes
      Ping of death   Yes   Yes   Yes
      IP spoofing   Yes   Yes   Yes
      Port scan   Yes   Yes   Yes
      Land attack   Yes   Yes   Yes
      Tear drop attack   Yes   Yes   Yes
      Filter IP source route option   Yes   Yes   Yes
      IP address sweep attack   Yes   Yes   Yes
      WinNuke attack   Yes   Yes   Yes
      Java/ActiveX/Zip/EXE   Yes   Yes   Yes
      Default packet deny   Yes   Yes   Yes
      DoS & DDoS   Yes   Yes   Yes
 
  VPN   Dedicated tunnels   10   100   1,000
      Manual Key, IKE, PKI (X.509)   Yes   Yes   Yes
      DES (56-bit) & 3DES (168-bit) encryption   Yes   Yes   Yes
      Perfect forward secrecy (DH Groups)   1,2,5   1,2,5   1,2,5
      Prevent replay attack   Yes   Yes   Yes
      Remote access VPN   Yes   Yes   Yes
      L2TP within IPSec            
      Site-to-site VPN   Yes   Yes   Yes
      Star (hub and spoke) VPN network topology   Yes   Yes   Yes
 
  IPSec   Authentication            
      SHA-1   Yes   Yes   Yes
      MD5   Yes   Yes   Yes
      Certificate requests (PKCS 7 & PKCS 10)   Yes   Yes   Yes
      Certificate Authorities supported       Yes   Yes
     

Verisign CA

   Yes   Yes   Yes
     

Entrust CA

   Yes   Yes   Yes
     

Microsoft CA

   Yes   Yes   Yes
     

RSA Keon CA

   Yes   Yes   Yes
     

IPlanet (Netscape) CA

   Yes   Yes   Yes
     

Baltimore CA

   Yes   Yes   Yes
 
  Firewall & VPN User Authentication   Built-in (internal) database - user limit   100   500   1,500
      RADIUS (external) database   Yes   Yes   Yes
      RSA SecureID (external) database   Yes   Yes   Yes
      LDAP (external) database   Yes   Yes   Yes
 
  Traffic Management   Guaranteed bandwidth   Yes   Yes   Yes
      Maximum bandwidth   Yes   Yes   Yes
      Priority-bandwidth utilization   Yes   Yes   Yes
      DiffServ stamp   Yes   Yes   Yes
 
  Load Balancing   Round robin   N/A   N/A   Yes
      Weighted round robin   N/A   N/A   Yes
      Least connections   N/A   N/A   Yes
      Weighted least connections   N/A   N/A   Yes
 
  High Availability (HA)   High Availability (HA)   N/A   N/A   Yes
      Session protection for firewall and VPN   N/A   N/A   Yes
      Device failure detection   N/A   N/A   Yes
      Link failure detection   N/A   N/A   Yes
      Network notification on failover   N/A   N/A   Yes
      Authentication for New HA Members   N/A   N/A   Yes
      Encryption of HA Traffic   N/A   N/A   Yes
 
  System Management   WebUI (HTTP and HTTPS)   Yes   Yes   Yes
      Command line interface (console)   Yes   Yes   Yes
      Command line interface (telnet)   Yes   Yes   Yes
      Secure Command Shell (ssh v1 compatible)   Yes   Yes   Yes
      NetScreen-Global Manager   Yes   Yes   Yes
      NetScreen-Global PRO   Yes   Yes   Yes
      All management via VPN tunnel on any interface   Yes   Yes   Yes
 
  Administration   Multiple administrators   20   20   20
      Remote administrator database   RADIUS   RADIUS   RADIUS
      Administrative networks   6   6   6
      Root Admin, Admin, & Read Only user levels   Yes   Yes   Yes
      Software upgrades & configuration changes   TFTP/WebUI/Global   TFTP/WebUI/Global   TFTP/WebUI/Global
 
  Logging/Monitoring   Syslog   External   External   External
      E-mail (2 addresses)   Yes   Yes   Yes
      WebTrends   External   External   External
      SNMP   Yes   Yes   Yes
      Traceroute   Yes   Yes   Yes
      VPN tunnel monitor   Yes   Yes   Yes
      Websense URL filtering   External   External   External
 
  PCMCIA   PCMCIA Flash   No   96MB option   96MB option
      Event logs & alarms   N/A   Yes   Yes
      System config script   N/A   Yes   Yes
      ScreenOS software   N/A   Yes   Yes
 
  Dimensions and Power   Height   1.25 inches   1.875 inches   1.875 inches
      Width   6.2 inches   17.5 inches   17.5 inches
      Length   5 inches   10.8 inches   10.8 inches
      Weight   1 lb.   8 lbs.   8 lbs.
      Rack mountable   N/A   Yes   Yes
      Power (AC)   100-240 VAC to power supply, 5V DC to NS-5, 7.5 watts   100-240 VAC, 20 watts   100-240 VAC, 30 watts
      Power (DC)   N/A   -48 VDC, 30 watts   -48 VDC, 30 watts
 
* Performance achieved with 512 byte UDP packets