Model
|
NetScreen-5200
|
NetScreen-5400
|
Maximum Performance and Capacity1
|
|
|
ScreenOS® Software version tested
|
ScreenOS 6.2
|
ScreenOS 6.2
|
Firewall performance (large packets)2
|
10/8 Gbps
|
30/24 Gbps
|
Firewall performance (small packets)
|
4 Gbps
|
12 Gbps
|
Firewall Packets Per Second (64 byte)
|
6 M PPS
|
18 M PPS
|
AES256+SHA-1 VPN performance2
|
5/4 Gbps
|
15/12 Gbps
|
3DES+SHA-1 VPN performance2
|
5/4 Gbps
|
15/12 Gbps
|
Maximum concurrent sessions3
|
1,000,000(9, 10)
|
2,000,000(9, 10)
|
New sessions/second11
|
26,500/22,000
|
26,500/22,000
|
Maximum security policies
|
40000
|
40000
|
Maximum users supported
|
Unrestricted
|
Unrestricted
|
Network Connectivity
|
Fixed I/O
|
0
|
0
|
Interface expansion slots
|
2 (1 x Management, 1 x SPM)
|
4 (1 x Management, 3 x SPM)
|
AN interface options
|
8 mini-GBIC (SX, LX or TX), or 2 XFP 10GB (SR or LR)
|
8 mini-GBIC (SX, LX or TX), or 2 XFP 10GB (SR or LR)
|
Firewall
|
Network attack detection
|
Yes
|
Yes
|
Denial of Service (DoS) and Distributed Denial of Service (DDoS) protection
|
Yes
|
Yes
|
TCP reassembly for fragmented packet protection
|
Yes
|
Yes
|
Brute force attack mitigation
|
Yes
|
Yes
|
SYN cookie protection
|
Yes
|
Yes
|
Zone-based IP spoofing
|
Yes
|
Yes
|
Malformed packet protection
|
Yes
|
Yes
|
Unified Threat Management / Content Security4
|
IPS (Deep Inspection firewall)
|
Yes
|
Yes
|
Protocol anomaly detection
|
Yes
|
Yes
|
Stateful protocol signatures
|
Yes
|
Yes
|
IPS/Deep Inspection attack pattern obfuscation
|
Yes
|
Yes
|
External URL filtering5
|
Yes
|
Yes
|
VoIP Security
|
H.323 ALG
|
Yes
|
Yes
|
SIP ALG
|
Yes
|
Yes
|
MGCP ALG
|
Yes
|
Yes
|
SCCP ALG
|
Yes
|
Yes
|
NAT for VoIP protocols
|
Yes
|
Yes
|
IPsec VPN
|
Concurrent VPN tunnels3
|
Up to 25,000
|
Up to 25,000
|
Tunnel interfaces3
|
Up to 8,191
|
Up to 8,191
|
DES (56-bit), 3DES (168-bit) and AES encryption
|
Yes
|
Yes
|
MD-5 and SHA-1 authentication
|
Yes
|
Yes
|
Manual key, IKE, PKI (X.509), IKEv2 with EAP
|
Yes
|
Yes
|
Perfect forward secrecy (DH Groups)
|
1,2,5
|
1,2,5
|
Prevent replay attack
|
Yes
|
Yes
|
Remote access VPN
|
Yes
|
Yes
|
L2TP within IPsec
|
Yes
|
Yes
|
IPsec NAT traversal
|
Yes
|
Yes
|
Redundant VPN gateways
|
Yes
|
Yes
|
User Authentication and Access Control
|
Built-in (internal) database - user limit3
|
Up to 50,000
|
Up to 50,000
|
Third-party user authentication
|
RADIUS, RSA SecurID, and LDAP
|
RADIUS, RSA SecurID, and LDAP
|
RADIUS Accounting
|
Yes – start/stop
|
Yes – start/stop
|
XAUTH VPN authentication
|
Yes
|
Yes
|
Web-based authentication
|
Yes
|
Yes
|
802.1X authentication
|
Yes
|
Yes
|
Unified access control enforcement point
|
Yes
|
Yes
|
PKI Support
|
PKI Certificate requests (PKCS 7 and PKCS 10)
|
Yes
|
Yes
|
Automated certificate enrollment (SCEP)
|
Yes
|
Yes
|
Online Certificate Status Protocol (OCSP)
|
Yes
|
Yes
|
Certificate Authorities supported
|
VeriSign, Entrust, Microsoft, RSA Keon, iPlanet (Netscape) Baltimore, DoD PKI
|
VeriSign, Entrust, Microsoft, RSA Keon, iPlanet (Netscape) Baltimore, DoD PKI
|
Self-signed certificates
|
Yes
|
Yes
|
Virtualization6
|
Maximum number of virtual systems
|
0 default, upgradeable to 500
|
0 default, upgradeable to 500
|
Maximum number of security zones
|
23 default, upgradeable to 1,023
|
23 default, upgradeable to 1,023
|
Maximum number of virtual routers
|
3 default, upgradeable to 503
|
3 default, upgradeable to 503
|
Maximum number of VLANs
|
4093
|
4093
|
Inter-VSYS Communication (shared-DMZ)
|
Yes
|
Yes
|
Routing
|
BGP instances
|
128
|
128
|
BGP peers
|
256
|
256
|
BGP routes
|
30000
|
30000
|
OSPF instances
|
Up to 8
|
Up to 8
|
SPF routes
|
30000
|
30000
|
RIP v1/v2 instances
|
Up to 512
|
Up to 512
|
RIP v2 routes
|
30000
|
30000
|
Dynamic routing
|
Yes
|
Yes
|
Static routes
|
30000
|
30000
|
Source-based routing
|
Yes
|
Yes
|
Policy-based routing
|
Yes
|
Yes
|
ECMP
|
Yes
|
Yes
|
Multicast
|
Yes
|
Yes
|
Reverse Path Forwarding (RPF)
|
Yes
|
Yes
|
IGMP (v1, v2)
|
Yes
|
Yes
|
IGMP Proxy
|
Yes
|
Yes
|
PIM SM
|
Yes
|
Yes
|
PIM SSM
|
Yes
|
Yes
|
Multicast inside IPsec tunnel
|
Yes
|
Yes
|
IPv6
|
Syn-Cookie and Syn-Proxy DoS Attack Detection
|
Yes
|
Yes
|
SIP, RTSP, Sun-RPC, and MS-RPC ALG’s
|
Yes
|
Yes
|
Dual stack IPv4/IPv6 firewall and VPN
|
Yes
|
Yes
|
IPv4 to/from IPv6 translations and encapsulations
|
Yes
|
Yes
|
Virtualization (VSYS, Security Zones, VR, VLAN)
|
Yes
|
Yes
|
RIPng
|
Yes
|
Yes
|
BGP version 4
|
Yes
|
Yes
|
DHCPv6 Relay
|
Yes
|
Yes
|
NSRP (active/passive, active/active)
|
Yes
|
Yes
|
Transparent mode for IPv6
|
Yes
|
Yes
|
Mode of Operation
|
Layer 2 (transparent) mode7
|
Yes
|
Yes
|
Layer 3 (route and/or NAT) mode
|
Yes
|
Yes
|
Address Translation
|
Network Address Translation (NAT)
|
Yes
|
Yes
|
Port Address Translation (PAT)
|
Yes
|
Yes
|
Policy-based NAT/PAT
|
Yes
|
Yes
|
Mapped IP (MIP)8
|
20000
|
20000
|
Virtual IP (VIP)
|
64
|
64
|
MIP/VIP grouping
|
Yes
|
Yes
|
IP Address Assignment
|
Static
|
Yes
|
Yes
|
DHCP, PPPoE client
|
No, No
|
No, No
|
Internal DHCP server
|
No
|
No
|
DHCP relay
|
Yes
|
Yes
|
Traffic Management Quality of Service (QoS)
|
Guaranteed bandwidth
|
No
|
No
|
Maximum bandwidth
|
Yes – per physical interface only
|
Yes – per physical interface only
|
Ingress traffic policing
|
No
|
No
|
Priority-bandwidth utilization
|
No
|
No
|
DiffServ marking
|
Yes – per policy
|
Yes – per policy
|
Jumbo frames
|
Yes
|
Yes
|
Link aggregation up to 4 ports
|
8G2 SPM only
|
8G2 SPM only
|
High Availability (HA)
|
Active/Active
|
Yes
|
Yes
|
Active/Passive
|
Yes
|
Yes
|
Redundant interfaces
|
8G2 SPM only
|
8G2 SPM only
|
Configuration synchronization
|
Yes
|
Yes
|
Session synchronization for firewall and VPN
|
Yes
|
Yes
|
Session failover for routing change
|
Yes
|
Yes
|
Device failure detection
|
Yes
|
Yes
|
Link failure detection
|
Yes
|
Yes
|
Authentication for new HA members
|
Yes
|
Yes
|
Encryption of HA traffic
|
Yes
|
Yes
|
LDAP and RADIUS server failover
|
Yes
|
Yes
|
System Management
|
WebUI (HTTP and HTTPS)
|
Yes
|
Yes
|
Command line interface (console)
|
Yes
|
Yes
|
Command line interface (telnet)
|
Yes
|
Yes
|
Command line interface (SSH)
|
Yes
|
Yes
|
Juniper Networks Network and Security Manager
|
Yes
|
Yes
|
All management via VPN tunnel on any interface
|
Yes
|
Yes
|
Rapid deployment
|
Yes
|
Yes
|
Administration
|
Local administrator database size
|
8 MB
|
8 MB
|
External administrator database support
|
RADIUS/LDAP/SecurID
|
RADIUS/LDAP/SecurID
|
Restricted administrative networks
|
6
|
6
|
Root admin, admin and read only user levels
|
Yes
|
Yes
|
Software upgrades
|
Yes
|
Yes
|
Configuration rollback
|
Yes
|
Yes
|
Logging/Monitoring
|
Syslog (multiple servers)
|
Yes
|
Yes
|
Email (two addresses)
|
Yes
|
Yes
|
NetIQ WebTrends
|
Yes
|
Yes
|
SNMP (v2)
|
Yes
|
Yes
|
SNMP full/custom MIB
|
Yes
|
Yes
|
Traceroute
|
Yes
|
Yes
|
VPN tunnel monitor
|
Yes
|
Yes
|
External Flash
|
Additional log storage
|
Supports 1 GB or 2 GB industrial-grade SanDisk
|
Supports 1 GB or 2 GB industrial-grade SanDisk
|
Event logs and alarms
|
Yes
|
Yes
|
System configuration script
|
Yes
|
Yes
|
ScreenOS Software
|
Yes
|
Yes
|
Dimensions and Power
|
Dimensions (W x H x D)
|
17.5 X 3.4 X 20 in (44.5 X 8.6 X 50.8 cm)
|
17.5 X 8.6 X 14 in (44.5 X 21.8 X 35.6 cm)
|
Weight
|
37 lb / 17 kg
|
45 lb / 20 kg
|
Rack mountable
|
Yes, 2U
|
Yes, 2U
|
Power supply (AC)
|
Yes, redundant, 100-240 VAC
|
Yes, redundant, 100-240 VAC
|
Power supply (DC)
|
Yes, redundant, -36 to -60 VDC
|
Yes, redundant, -36 to -60 VDC
|
Maximum thermal output
|
472 BTU/hour (W)
|
943 BTU/hour (W)
|
Certifications
|
Safety certifications
|
UL, CUL, CSA, CB, Austel, NEBS Level 3
|
UL, CUL, CSA, CB, Austel, NEBS Level 3
|
EMC certifications
|
FCC class A, CE class A, C-Tick, VCCI class A
|
FCC class A, CE class A, C-Tick, VCCI class A
|
NEBS
|
Yes
|
Yes
|
MTBF (Bellcore model)
|
7.9 years
|
7.0 years
|
Security Certifications
|
Common Criteria: EAL4 and EAL4+
|
Yes, MGT2 / 8G2 / 2XGE
|
Yes, MGT2 / 8G2 / 2XGE
|
FIPS 140-2: Level 2
|
Yes, MGT2 / 8G2 / 2XGE
|
Yes, MGT2 / 8G2 / 2XGE
|
ICSA Firewall and VPN
|
Yes
|
Yes
|
Operating Environment
|
Operating temperature
|
32° to 105° F (0° to 45° C)
|
32° to 105° F (0° to 45° C)
|
Non-operating temperature
|
- 4° to 158° F (-20° to 70° C)
|
- 4° to 158° F (-20° to 70° C)
|
Humidity
|
10% to 90% non-condensing
|
10% to 90% non-condensing
|