SPEC SHEET Security Appliances

Juniper Networks NetScreen-5GT

Weighing in at less than 2 pounds, the Juniper Networks NetScreen-5GT is a feature rich enterprise-class
network security solution with one Untrust 10/100 Ethernet port, four Trust 10/100 Ethernet ports, a
console port and a modem port. Using the same firewall, VPN, and DoS mitigation technology as NetScreen’s
high-end central site products, the NetScreen-5GT is fully capable of securing a remote office, retail outlet, or
a broadband telecommuter. The NetScreen-5GT supports dial-backup or dual Ethernet ports for redundant
Internet connections when network uptime is business critical. The NetScreen-5GT supports embedded virus
scanning using Trend Micro’s antivirus technology.

10 User or plus Extended 10 User or plus Extended

(1) (2)
Maximum Performance and Capacity Antivirus
Firewall performance 75 Mbps 75 Mbps Embedded Scan Engine Yes Yes
3DES performance 20 Mbps 20 Mbps External antivirus (Trend Micro) No No
Deep Inspection performance 75 Mbps 75 Mbps Antivirus signatures >80,000 >80,000
Concurrent sessions 2,000 4,000 Protocols (POP3,SMTP,HTTP) Yes Yes
New sessions/second 2,000 2,000 HTTP Webmail only Yes Yes
Policies 100 100 Maximum AV Users 10 or 25(3) 25(4)
Interfaces 5 10/100 Base-T 5 10/100 Base-T Automated Pattern file updates Yes Yes
Mode of Operation Firewall and VPN User Authentication
Layer 2 mode (transparent mode)(6) Yes Yes Built-in (internal) database - user limit up to 100 up to 100
Layer 3 mode (route and/or NAT mode) Yes Yes 3rd Party user authentication RADIUS, RSA RADIUS, RSA
NAT (Network Address Translation) Yes Yes SecurID, and LDAP SecurID, and LDAP
PAT (Port Address Translation) Yes Yes XAUTH VPN authentication Yes Yes
Home/work zones Yes Yes Web-based authentication Yes Yes
Dual Untrust Yes Yes
System Management
DMZ No Yes
WebUI (HTTP and HTTPS) Yes Yes
Dial backup Yes Yes
Command Line Interface (console) Yes Yes
Policy-based NAT Yes Yes
Command Line Interface (telnet) Yes Yes
Virtual IP 1 1
Command Line Interface (SSH) Yes, v1.5 and Yes, v1.5 and
Mapped IP 32 32
v2.0 compatible v2.0 compatible
Users supported 10 or Unrestricted Unrestricted
NetScreen-Security Manager Yes Future
Firewall All management via VPN tunnel on any interface Yes Yes
Number of network attacks detected 31 31 Rapid deployment Yes Yes
Network attack detection Yes Yes
Logging/Monitoring
DoS and DDoS protections Yes Yes
Syslog (multiple servers) External, up External, up
TCP reassembly for fragmented packet protection Yes Yes
to 4 servers to 4 servers
Malformed packet protections Yes Yes
E-mail (2 addresses) Yes Yes
Deep Inspection firewall(5) Yes Yes
NetIQ WebTrends External External
Protocol anomaly Yes Yes
SNMP (v2) Yes Yes
Stateful protocol signatures Yes Yes
Standard and custom MIB Yes Yes
Protocols supported HTTP, FTP, SMTP, HTTP, FTP, SMTP
Traceroute Yes Yes
POP, IMAP, DNS POP, IMAP, DNS
Number of application attacks Virtualization
detected w/DI over 250 over 250 Virtual Routers (VRs) 2 2
Content Inspection Yes Yes Routing
Malicious URL filtering up to 48 URLs up to 48 URLs OSPF/BGP dynamic routing 2 instances each 2 instances each
External URL filtering (Websense) Yes Yes RIPv2 dynamic routing 2 instances 2 instances
VPN Static routes 1,024 1,024
Concurrent VPN tunnels up to 10 up to 25 Source-based routing Yes Yes
Tunnel interfaces up to 10 up to 10 High Availability (HA)
DES (56-bit), 3DES (168-bit) and AES encryption Yes Yes HA mode None HA Lite
MD-5 and SHA-1 authentication Yes Yes Firewall/VPN session synchronization No No
Manual Key, IKE, PKI (X.509) Yes Yes Redundant interfaces No Yes
Perfect forward secrecy (DH Groups) 1,2,5 1,2,5 Configuration synchronization No Yes
Prevent replay attack Yes Yes Device failure detection No Yes
Remote access VPN Yes Yes Link failure detection No Yes
L2TP within IPSec Yes Yes Authentication for new HA members No Yes
IPSec NAT traversal Yes Yes Encryption of HA traffic No Yes
Redundant VPN gateways Yes Yes Dial Backup(7) Yes Yes
VPN tunnel monitor Yes Yes Dual Untrust Yes Yes

Juniper Networks Juniper Networks

Security Appliances Juniper Networks NetScreen-5GT

10 User or plus Extended Certifications

Safety Certifications
IP Address Assignment
UL, CUL, CB, TUV
Static Yes Yes
EMC Certifications
DHCP, PPPoE client Yes Yes
FCC class B, CE class B, C-Tick, VCCI class B
Internal DHCP server Yes Yes
DHCP relay Yes Yes Environment
Operational temperature: 23° to 122° F, -5° to 50° C
PKI Support
Non-operational temperature: -4° to 158° F, -20° to 70° C
PKI certificate requests (PKCS 7 and PKCS 10) Yes Yes
Humidity: 10 to 90% non-condensing
Automated certificate enrollment (SCEP) Yes Yes
Online Certificate Status Protocol (OCSP) Yes Yes MTBF (Bellcore model)
Certificate Authorities Supported NetScreen-5GT: 8.5 years
Verisign CA Yes Yes
Security
Entrust CA Yes Yes
ICSA Firewall and VPN
Microsoft CA Yes Yes
RSA Keon CA Yes Yes
iPlanet (Netscape) CA Yes Yes Ordering Information
Baltimore CA Yes Yes
Product Part Number
DOD PKI CA Yes Yes
Juniper Networks NetScreen-5GT 10 User*
Administration
NetScreen-5GT US linear supply NS-5GT-001
Local administrators database 20 20
NetScreen-5GT UK linear supply NS-5GT-003
External administrator database RADIUS/LDAP/ RADIUS/LDAP/
NetScreen-5GT Europe linear supply NS-5GT-005
SecurID SecurID
NetScreen-5GT Japan linear supply NS-5GT-007
Restricted administrative networks 6 6
Root Admin, Admin, and Read Only user levels Yes Yes Juniper Networks NetScreen-5GT Plus (unrestricted users)*
Software upgrades TFTP/WebUI/SCP/ TFTP/WebUI/SCP/ NetScreen-5GT Plus US power cord NS-5GT-101
NSM NSM NetScreen-5GT Plus UK power cord NS-5GT-103
Configuration Roll-back Yes Yes NetScreen-5GT Plus European power cord NS-5GT-105
NetScreen-5GT Plus Japanese power cord NS-5GT-107
Traffic Management
Guaranteed bandwidth Yes Yes Juniper Networks NetScreen-5GT Extended*
Maximum bandwidth Yes Yes NetScreen-5GT Extended US power cord NS-5GT-201
Priority-bandwidth utilization Yes Yes NetScreen-5GT Extended UK power cord NS-5GT-203
DiffServ stamp Yes Yes NetScreen-5GT Extended European power cord NS-5GT-205
NetScreen-5GT Extended Japanese power cord NS-5GT-207
Dimensions and Power
Rack mount kit for 2 NetScreen-5GTs NS-5GT-RMK
Dimensions (H/W/L) 1.25/8/5 inches 1/8.25/5 inches
Weight 1.5 lbs. 1.3 lbs. *For antivirus products add -AV to the above NetScreen-5GT sku (NS-5GT-101-AV). For more information contact your NetScreen
Rack mountable Yes, w/separate kit Yes, w/separate kit representative.

Power Supply (AC) 12 VDC, 12 W 12 VDC, 12 W

90 to 264 VAC to power supply 12VDC, 12 W 12 VDC, 12 W
(1) Performance and capacity provided are the measured maximums under ideal testing conditions. May vary by deployment
with regional linear supply and features enabled.
Power Supply (DC) No No (2) Requires additional purchase of antivirus signature subscription
(3) Recommended number of users
(4) Limited by License on the NetScreen-5GT Extended
License Options: The NetScreen-5GT is available in three models to support different
(5) Updates to Deep Inspection signatures requires signature service which is available for additional purchase
numbers of users. (6) The following features are not supported in layer 2 (transparent mode): NAT, PAT, policy based NAT, virtual IP, mapped IP,
10 User Product License: The 10 user product license (NetScreen-5GT 10-User) support 10 OSPF, BGP, RIPv2, and IP address assignment
users. (7) Tested with 3COM 5686 56K modem and ZyXel omni.net LCD ISDN modem

Unrestricted Product License: The unrestricted product license (NetScreen-5GT Plus) support
an unlimited number of users.
Extended Product License: The extended product license (NetScreen-5GT Extended)
supports greater capacity, HA and a DMZ zone

Copyright © 2004 Juniper Networks, Inc. All rights reserved.

Juniper Networks, the Juniper Networks logo, NetScreen, NetScreen Technologies, GigaScreen, and the NetScreen logo are registered trademarks of Juniper
Networks, Inc. NetScreen-5GT, NetScreen-5XP, NetScreen-5XT, NetScreen-25, NetScreen-50, NetScreen-100, NetScreen-204, NetScreen-208, NetScreen-500,
NetScreen-5200, NetScreen-5400, NetScreen-Global PRO, NetScreen-Global PRO Express, NetScreen-Remote Security Client, NetScreen-Remote VPN Client,
1194 North Mathilda Avenue Sunnyvale, CA 94089 USA NetScreen-IDP 10, NetScreen-IDP 100, NetScreen-IDP 500, GigaScreen ASIC, GigaScreen-II ASIC, and NetScreen ScreenOS are trademarks of Juniper
Phone: 888-JUNIPER (888-586-4737) or 408-745-2000 Networks, Inc. All other trademarks and registered trademarks are the property of their respective companies.
Fax: 408-745-2100 Part Number: 110001-001 July 2004