3
Maximum Performance and Capacity
(1)
ScreenOS version tested ScreenOS 6.1
Firewall throughput (large packets) 350+ Mbps
Firewall throughput (IMIX)
(2)
300 Mbps
Firewall packets per second (64 byte) 100,000 PPS
Advanced Encryption Standard (AES) 256+SHA-1 VPN throughput 100 Mbps
3DES encryption +SHA-1 VPN throughput 100 Mbps
Maximum concurrent sessions 48,000
New sessions/second 8,000
Maximum security policies 1,000
Maximum users supported Unrestricted
Network Connectivity
Fixed I/O 8x10/100, 2x10/100/1000
Physical Interface Module (PIM) slots 4
Modular WAN/LAN interface options (PIMs/uPIMs) 2xT1, 2xE1, 2xSerial, 1xISDN BRI S/T
SFP, 10/100/1000
Firewall
Network attack detection Yes
DoS and DDoS protection Yes
TCP reassembly for fragmented packet protection Yes
Brute force attack mitigation Yes
SYN cookie protection Yes
Zone-based IP spoong Yes
Malformed packet protection Yes
Unified Threat Management
(3)
IPS (Deep Inspection rewall) Yes
Protocol anomaly detection Yes
Stateful protocol signatures Yes
IPS/DI attack pattern obfuscation Yes
Antivirus Yes
Signature database 200,000+
Protocols scanned POP3, HTTP, SMTP, IMAP, FTP, IM
Anti-spyware Yes
Anti-adware Yes
Anti-keylogger Yes
Instant message AV Yes
Anti-spam Yes
Integrated URL ltering Yes
External URL ltering
(4)
Yes
Voice over IP (VoIP) Security
H.323. Application-level gateway (ALG) Yes
SIP ALG Yes
MGCP ALG Yes
SCCP ALG Yes
Network Address Translation (NAT) for VoIP protocols Yes
IPSec VPN
Concurrent VPN tunnels 150
Tunnel interfaces 50
DES encryption (56-bit), 3DES encryption (168-bit) and AES (256-bit) Yes
MD-5 and SHA-1 authentication Yes
Manual key, Internet Key Exchange (IKE), IKEv2 with EAP public
key infrastructure (PKI) (X.509) Yes
Perfect forward secrecy (DH Groups) 1,2,5
Prevent replay attack Yes
IPSec VPN (cont’d)
Remote access VPN Yes
Layer 2 Tunneling Protocol (L2TP) within IPSec Yes
IPSec Network Address Translation (NAT) traversal Yes
Auto-Connect VPN Yes
Redundant VPN gateways Yes
User Authentication and Access Control
Built-in (internal) database user limit 250
Third-party user authentication RADIUS, RSA SecureID, LDAP
RADIUS Accounting Yes – start/stop
XAUTH VPN authentication Yes
Web-based authentication Yes
802.1X authentication Yes
Unied Access Control (UAC) enforcement point Yes
PKI Support
PKI certicate requests (PKCS 7 and PKCS 10) Yes
Automated certicate enrollment (SCEP) Yes
Online Certicate Status Protocol (OCSP) Yes
Certicate Authorities supported Verisign, Entrust, Microsoft, RSA Keon,
iPlanet (Netscape) Baltimore, DOD PKI
Self signed certicates Yes
Virtualization
Maximum number of security zones 40
Maximum number of virtual routers 3
Bridge groups* Yes
Maximum number of VLANs 100
Routing
BGP instances 2
BGP peers 4
BGP routes 2,048
OSPF instances 2
OSPF routes 2,048
RIPv1/v2 instances 2
RIP v2 routes 2,048
Static routes 2,048
Source-based routing Yes
Policy-based routing Yes
Equal-cost multipath (ECMP) Yes
Multicast Yes
Reverse Forwarding Path (RFP) Yes
Internet Group Management Protocol (IGMP) (v1, v2) Yes
IGMP Proxy Yes
Protocol Independent Multicast (PIM) single mode Yes
PIM source-specic multicast Yes
Multicast inside IPSec tunnel Yes
Encapsulations
Point-to-Point Protocol (PPP) Yes
Multilink Point-to-Point Protocol (MLPPP) Yes
MLPPP max physical interfaces 8
Frame relay Yes
Multilink Frame Relay (MLFR) (FRF 15, FRF 16) Yes
MLFR max physical interfaces 8
HDLC Yes
*Bridge groups supported only on uPIMs in ScreenOS 6.0 and greater releases
Specifications
(4 pages)
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Commentaires sur ces manuels