Quick Reference Guide Juniper Networks Quick Reference Guide Juniper Networks Quick Reference Guide Juniper Networks Overview Contents 1

Juniper Networks Overview Juniper Networks Overview Transforming our Business Partners...... 2 J-Partner Reseller Program Overview ...... 3 Specialization Helps Capture New Opportunity...... 3 Juniper Networks transforms the business of networking. A leading global provider of Maximizing the Total Financial Opportunity – The Juniper TFO...... 3 networking and security solutions, Juniper Networks maintains an intense focus on customers who derive strategic value from their networks. Its customers include major Juniper Networks Product Portfolio ...... 4 network operators, enterprises, government agencies, and research and educational Routers ...... 6 institutions globally. Juniper Networks delivers a portfolio of networking solutions that Juniper Enterprise Routers at a Glance...... 6 support the complex scale, security and performance requirements of the world’s most JUNOS Router Software...... 6 demanding mission-critical networks, including the world’s top 25 service providers and 8 J-Series Routers ...... 8 of the top 15 Fortune 500 companies. M-Series Routers...... 11 Juniper Networks was founded with a single mission - to anticipate and solve the industry’s most difficult networking and security problems. Today, Juniper Networks is enabling Firewall / IPSec VPN Products ...... 17 customers worldwide to create a competitive advantage by transforming the business of NetScreen ScreenOS Software...... 18 networking through: Small Office / Remote Office Security Solutions...... 19 • Securing networks against increasingly frequent and sophisticated attacks Juniper Networks NetScreen-Hardware Security Client...... 21 • Leveraging networked applications and services that provide a competitive market Juniper Networks NetScreen-5GT ...... 22 advantage Juniper Networks NetScreen-5GT ADSL...... 23 • Providing secure and tailored access to remote resources for customers and business Juniper Networks NetScreen-5GT Wireless ...... 24 partners Juniper Networks NetScreen-5XT ...... 26 Juniper Networks brings a new pace of innovation to the industry through purpose-built platforms and sophisticated software. It is recognized as a center of excellence in the Regional Office / Medium Enterprise Security Solutions...... 27 development of silicon and software that support high- performance, intelligent networks, Juniper Networks NetScreen-25 / NetScreen-50 ...... 29 and remains at the forefront of industry initiatives that drive the continuing transformation Juniper Networks NetScreen-204 / NetScreen-208 ...... 30 of these networks and the businesses they support. Central Office / Large Enterprise Security Solutions ...... 31 Juniper Networks NetScreen-500...... 33 Juniper Networks NetScreen-ISG 2000 ...... 34 Juniper Networks NetScreen-5200 / NetScreen-5400 ...... 36 Juniper Networks NetScreen-Remote VPN & NetScreen-Remote Security Client ....38 SSL VPN Juniper Networks SSL VPN Appliance Line...... 39 Juniper Networks NetScreen-RA 500 Series...... 40 Juniper Networks NetScreen-SA 1000 Series ...... 42 Juniper Networks NetScreen-SA 3000 Series ...... 44 Juniper Networks NetScreen-SA 5000 Series ...... 46 Intrusion Detection and Prevention (IDP) ...... 48 Security Management Juniper Networks NetScreen-Security Manager ...... 50 Juniper Networks NetScreen-SA Central Manager...... 53 Juniper Networks Frequently asked Questions...... 54 Product Warranty Information ...... 56 General Disclaimer...... 57 Juniper Networks Quick Reference Guide Juniper Networks Quick Reference Guide 2 Transforming our Business Partners J-Partner Reseller Program Overview 3

Transforming our Business Partners J-Partner Reseller Program Overview

This compact reference guide gives you all the information needed to help you sell Juniper Juniper Networks revolutionizes the way resellers and vendors work together with the Networking Solutions. It includes product overviews, key features and benefits, plus J-Partner Reseller program. Regardless of purchase volume, J-Partner rewards you for the essential selling suggestions that will enable you to effectively and efficiently position value you add to selling and supporting Juniper Networks solutions. Through specialization Juniper Networking solutions. and certification options, you gain access to one of the broadest portfolios of networking and security solutions available today. You can use this quick reference guide to: • Identify key sales opportunities and recommend Juniper Network solutions Specialization Helps Capture New Opportunity • Identify customer scenarios and cross sell Juniper Networking products Define your value-add through specialization in one or more Juniper Networks solutions: • Familiarize yourself with the Juniper Networks Product portfolio • Enterprise Networking – solutions associated with deploying, securing and maintaining • Get all the extra information that you need when closing a deal. enterprise business-critical networks • Advanced Security – solutions associated with bringing network and application-level protection to high performance networks • Service Provider Infrastructure – solutions deployed in the core of large service providers to deliver an assured customer experience on their networks J-Partner gives you the flexibility to do business with Juniper Networks in the way that best fits your business model.

Maximizing the Total Financial Opportunity – The Juniper TFO Juniper Networks is committed to the financial health of our partners. The J-Partner Total Financial Opportunity, or TFO, goes beyond pricing and gross margin. We find innovative ways to expand the financial opportunity for you. Beyond product access via specialization and value add pricing, the Juniper Networks TFO includes investment protection for industry certifications earned, flexible service programs, and the J-Rewards personal incentive program. To learn more about the J-Partner Reseller Program, please visit www.juniper.net/partners. Product Portfolio Product Juniper Networks Juniper Networks Quick Reference Guide Juniper Networks Quick Reference Guide 4 Juniper Networks Product Portfolio Juniper Networks Product Portfolio 5

Fixed Telecommuter or Small Medium Branch Office J-series E-series Office (Trusted) J6300 ERX-1440 N S J23 NS- 00 I NS J4300 ERX-1410 10DP NetScreen-5GT or - HSC J2300 ERX-710 J2300 NetScreen-IDP 10 NetScreen-25 or -50 ERX-310 N N 5 S- HSCS- GT NS NS 2 .... - or 5 .... - NetScreen-5GT NetScreen-HSC 5 0 M-series T-series NetScreen-25 NetScreen-50 M320 T640 M40e T320 Small Medium Office (Untrusted) M20 Per Application Secure Access to M10i NetScreen-SA 1000/ 3000/ 5000 M7i Network Secure Access to NetScreen-RA 500 Regional Office or Medium Central Site Online Collaboration to NetScreen-SM 3000 Firewall & IPSec VPN J4 300 NS NS -IDP NetScreen-5200/5400 100 NetScreen-ISG 2000 Remote or Mobile Employee / Partner / Customer J4300 NetScreen-204 or -208 NetScreen-IDP 100 NetScreen-500 Remote Mobile • Trusted Network DMZ NetScreen-500 GPRS Employee Employee • Untrusted Network NS- NS- NetScreen-204/208 • Managed or Unmanaged Device 204 or 20 8 NetScreen-25/50 NS- and NS NetScreen-204 NetScreen-208 R -SM Per Application Secure Access to NetScreen-SA 1000/ 3000/ 5000 A NetScreen-5GT Network Secure Access to NetScreen-RA 500 NetScreen-RA 500 NetScreen-Secure Meeting NetScreen-5GT ADSL Partner Customer NetScreen-5XT Online Collaboration to NetScreen-SM 3000 NetScreen-HSC

SSL VPN

SDX-300 M 40 M320 e NetScreen-SA 5000 NetScreen-SA 5000 FIPS M20 M10 SDX-300 i NetScreen-SA 3000 INTERNET M7i or or or or Software-based Service Delivery NetScreen-SA 3000 FIPS System that enables rapid creation M7i M10i M20 M40e M320 NetScreen-SA 1000 deployment of new IP services for INFRANET CORE Juniper Networks router solutions IP/MPLS NetScreen-RA 500

ERX ER 1410 X- T - 14 T32 640 40 LAYER 2/FRAME RELAY/ATM 0 Intrusion Detection E & Prevention ER RX Broadband Edge X 71 - or 310 - or 0 or or NetScreen-IDP 1000 NetScreen-IDP 500 ERX310 ERX710 ERX1410 ERX1440 T320 T640 NetScreen-IDP 100 NetScreen-IDP 10

M J6 10i M1 Juniper J6300, 30 Secure Meeting DMZ 0i 0 orM7i or M7i or M10i NetScreen-SM 3000 N S-ID J6300 M7i M10i 5 P 00 NS 3 -SM 00 NetScreen-Secure Meeting NetScreen-IDP 500 0

Zone 1 Zone 2 Zone 3 NS S -SA er N ies NetScreen-500, 5 S- N NS N 40 54 S- NS -IS S- 0 0 ISG 2000-5200, 50 - or20 G or 52 or NetScreen-Secure Access (SSL VPN) 0 0 00 00 or -5400 or or NetScreen-500 NetScreen-ISG 2000 NetScreen-5200 NetScreen-5400 NS N NS -SA S-SA -S 10 30 50 A 00 00 00 Secure Access Series Wireless Central Site

N S-ID Customer Support 100 P 0 Design & Planning Advanced Training NetScreen-IDP 1000 Juniper offers departmental NS-Security Basic Product Training Network Optimization ManageNSr-Security Manager segmentation & policy control SSL VPN for protected Integration & Migration Technical Certification Admin - Internal/External threats wireless access NetScreen-Security treated equally Premier Support Manager Servers Resident Engineering Network Support Services Juniper Networks Quick Reference Guide Juniper Networks Quick Reference Guide 6 Routers Routers 7

Routers Key Features & Benefits of JUNOS - SUPOR Advantages

Juniper Enterprise Routers at a Glance SECURE Juniper offers a broad portfolio of enterprise routers to meet the complex demands of widely distributed, business-critical applications. Juniper Networks enterprise routing • Dedicated control plane resources ensure CLI is always accessible even while under attack • Filters can be dynamically and instantly added even under DOS/DDOS attack platforms include: Routers • Optional Integrated NAT, stateful firewall, and IPSec to protect user data and network hosts • M7i and M10i high performance enterprise edge routers focused on data centers, large • Unicast RPF, rate limiting, and stateful firewall protects the router itself offices and campus borders which demand very secure, dependable, high-speed (45Mbps+) WAN connectivity. • J2300, J4300, and J6300 enterprise routers focused on the WAN access routing needs of UPTIME smaller sites such as remote, branch and regional offices (2Mbps to 45Mbps). • Modular JUNOS ensures that faults are isolated to individual processes (e.g. SNMP) M-series and J-series routers are based on JUNOS; an advanced modular operating system • Next generation hierarchical JUNOS CLI dramatically reduces human error proven in the most demanding routed networks, and is designed to ensure high reliability, • World class implementation of protocols built by leading IETF engineers ensures stable security and performance. software in stressful conditions • Rigorous system test ensures Juniper finds the bugs not customers JUNOS Router Software JUNOS software is the first routing operating system designed specifically for the Internet, PERFORMANCE and is now deployed in the largest and fastest-growing networks worldwide. Its full suite of industrial-strength standards-based routing protocols, flexible policy language, and leading • Dedicated resources and memory for control plane ensure a busy control plane does not MPLS implementation efficiently scale to large numbers of network interfaces and routes. affect forwarding • Dedicated resources and memory for the forwarding plane ensure a busy forwarding Architecture plane does not affect the control plane • CoS features ensure real time and transactional applications are prioritized for high The JUNOS architecture is a multi-module design, with each process running in protected performance memory to guard against system crashes and to ensure runaway applications do not corrupt each other. This modular design makes it significantly easier to restart or upgrade a specific module since a reboot of the entire platform is not required. Introducing new OPEX REDUCED services does not adversely impact the entire operating system, resulting in highly reliable • One OS across M & J-series reduces qualifications cycles, resources required for upgrades software architecture. and patches The J-series and M-series platform architecture cleanly separates routing from packet forwarding, and from services. This ensures predictable high performance and resiliency For More Information: even under the most stressful operating conditions. http://www.juniper.net/products/junos/ Juniper Networks Quick Reference Guide Juniper Networks Quick Reference Guide 8 Routers Routers 9

J-Series Routers Product Specs At-A-Glance The J-series routers deliver the advanced JUNOS modular PLATFORM J2300 J4300 J6300 operating system in a hardware platform ideal for smaller Size 1U 2U 2U sites, including remote, branch, and regional offices. The Site Connections 2xE1/Serial 2xE1/Serial to 8xE1 2xE1/Serial to DS3 JUNOS software runs many functions independently to deliver Fixed LAN Ports 2xFE 2xFE 2xFE high levels of security, uptime and performance with reduced Routers operations effort. The J-series provides enterprises, WAN Interface Slots 1 fixed primary 6 Open Slots 6 Open Slots government organizations, and research and education groups Fixed WAN Interfaces 2xE1 or 2xSerial N/a N/a a forward-looking platform to build converged IP and IP/MPLS infrastructures. The modular

Routers WAN Interface Modules N/a 2xE1/2xSerial/2xFE 2xE1/2xSerial/ and coherent design of the JUNOS operating system is fundamentally different from legacy 2xFE/DS3 routing systems. By running multiple functions in parallel on assigned processing resources, Memory (default/max) 256 / 512 MB DRAM 256 / 512 MB DRAM 256 MB / 1 GB JUNOS delivers high stability with the flexibility to enable advanced routing, QoS, security, DRAM and management policies with predictable performance. Redundancy No No Power (optional) Services (IPSec, Software Software Software Key Features & Benefits stateful firewall / NAT, • Comprehensive range of interfaces supporting NxE1, FE and DS3 J-Flow, Advanced BGP) • Wide array of Layer 2 access protocols including Frame Relay, Ethernet, and PPP/HDLC • Rich and granular QoS and instrumentation for prioritizing mission critical traffic such as voice • Services features including Network Address Translation (NAT), Stateful firewall, IPSec, Selected Part Numbers and Ordering Information and J-Flow accounting J-SERIES BASE SYSTEMS J-SERIES OPTIONS • Single JUNOS image regardless of features activated for reduced operational cost and J2300 – Fixed chassis includes: Additional DRAM: complexity 256 MB (J2300-MEM-256M-S) • JUNOS(Worldwide version) When to Sell • 2xE1, or 2xSerial ports with 1 interface Primary Compact Flash: • Customer looking to upgrade legacy routers due to performance, stability, or security issues port license Replaces default • Internet Gateway with multi-E1 to DS3 capacity where router and network security is • 2xFE interfaces & 2xFE licenses 256 MB (JX-CF-256M-S) critical • 256 MB DRAM in one slot with one open 512 MB (JX-CF-512M-S) • WAN gateway with multi-E1 to DS3 capacity where QoS performance is critical memory slot 1 GB (JX-CF-1G-S) • 128 MB Compact Flash • IPSec VPN deployments to the remote or branch office locations Additional Port Licenses: • Power supply and country/region-specific • Deploying applications which require predictable QoS even under load such as voice, E1(JX-1E1-LTU), power cable video, or mission critical transactional applications Serial (JX-1Serial-LTU) Available Models- Competitive Products Additional Software Feature Licenses: E1: J2300-1E2FEL-S-AC-EU IPSEC (J2300-IPSEC-LTU) Cisco 1700/1800, Cisco 2600/2800, Cisco 3600/3700, Allied Telesyn 725, 745, Nortel Other power versions –UK, -IT Stateful Firewall (J2300-SFW-LTU) Passport 2430, 4400, 5430 Serial: J2300-1S2FEL-S-AC-EU, Advanced BGP (JX-BGP-ADV-LTU) Other power versions –UK, -IT JFlow Accounting (JX-JFlow-LTU) Juniper Networks Quick Reference Guide Juniper Networks Quick Reference Guide 10 Routers Routers 11

Selected Part Numbers and Ordering Information continued M-Series Routers J-SERIES BASE SYSTEMS J-SERIES OPTIONS The M7i and M10i platforms are ideal enterprise routing J4300 – Modular chassis with 6 slots and Additional DRAM: solutions for central offices, no PICs includes: 256 MB (J4300-MEM-256M-S) campus networks and • JUNOS(Worldwide version) Interface Modules: corporate backbones needing Routers • 2 Fast Ethernet ports with licenses 2xE1(JX-2E1-1EL-RJ48-S) 2xDS-3 or higher connectivity • 256 MB DRAM in one slot with one 2xSerial (JX-2Serial-1ISL-S) along with rich packet open memory slot 2xFE (JX-2FE-1FEL-TX-S) processing services. These platforms provide the key building blocks for high performance Routers • 256 MB primary Compact Flash Primary Compact Flash: IP infrastructure that can be used for consolidation of voice, video, and data onto a single • Power supply and country/region- Replaces default network. The modular and coherent design of the JUNOS operating system is fundamentally specific power cable 256 MB (JX-CF-256M-S) different from legacy routing systems. By running multiple functions in parallel on assigned Available Models- 512 MB (JX-CF-512M-S) processing resources, JUNOS delivers high stability with the flexibility to enable advanced routing, QoS, security, and management policies with predictable performance. J4300-2FEL-S-AC-EU 1 GB (JX-CF-1G-S) Other power versions: -UK, -IT Secondary Compact Flash: Key Features & Benefits 128 MB (JX-CF-129M-S) • 16 million packets per second of forwarding and packet processing performance 256 MB (JX-CF-256M-S) • Adaptive Services Module (M7i) or Adaptive Services PIC (M7i/M10i) for hardware-based 512 MB (JX-CF-512M-S) Network Address Translation (NAT), stateful firewall, attack detection, IPSec, and J-Flow 1 GB (JX-CF-1G-S) accounting Additional Software Feature Licenses: • Comprehensive range of interfaces supporting NxE1, DS3/E3, OC-3/STM-1, Fast Ethernet IPSEC (J4300-IPSEC-LTU) and Gigabit Ethernet WAN links Stateful Firewall (J4300-SFW-LTU) • Wide array of Layer 2 access protocols including ATM, Frame Relay, Ethernet, PPP, and HDLC Advanced BGP (JX-BGP-ADV-LTU) • Rich and granular QoS and instrumentation for prioritizing real time traffic such as voice JFlow Accounting (JX-JFlow-LTU) and video • Single JUNOS image regardless of features activated for reduced operational cost and J6300 – Modular chassis with 6 slots and Additional DRAM: complexity no PICs includes: 256 MB (J6300-MEM-256M-S) 1 GB (J6300-MEM-1G-S) When to Sell • JUNOS(Worldwide version) • 2 Fast Ethernet ports with license Interface Modules: • Customer looking to upgrade legacy routers due to performance, stability, or security • 256 MB DRAM in one slot with one Same options as J4300 plus issues open memory slot JX-1DS3-S (J6300 only) • Internet Gateway with 2xDS-3 or above where router and network security is critical • 256 MB primary Compact Flash • WAN Gateway with 2xDS-3 or above where QoS performance is critical Primary Compact Flash: • Power supply and country/region- • Campus core or backbone router with GE connectivity where layer 3 routing Same options as above specific power cable performance and reliability are critical Secondary Compact Flash: Available Models- • Datacenter router with GE connectivity layer 3 performance is important Same options as above • Customer needs to run large filter lists (ACLs) while maintaining line rate performance J6300-2FEL-S-1AC-EU Additional Software Feature Licenses: • VPN Migration — M-series routers support IPSec VPNs and stateful firewall; stand-alone Other power versions: -UK, -IT, IPSEC (J6300-IPSEC-LTU) or in combination with Juniper’s advanced security appliances. Stateful Firewall (J6300-SFW-LTU) • VoIP Adoption — M-series platforms support VoIP transport with low jitter and delay, Advanced BGP (JX-BGP-ADV-LTU) even during periods of heavy traffic load, through the extensive prioritization and QoS JFlow Accounting (JX-JFlow-LTU) mechanisms of JUNOS Redundant Power: J6300-PWR-AC-S Competitive Products For More Information Cisco 7204, 73xx, 75xx, 76xx http://www.juniper.net/products/jseries/ Juniper Networks Quick Reference Guide Juniper Networks Quick Reference Guide 12 Routers Routers 13

Product Specs At-A-Glance M7i Bundles PLATFORM M7i M10i One chassis, one Fixed Interface Card (FIC) with either 2 x Size 2U 5U Fast Ethernet or 1 Gigabit Ethernet (GE includes small form Site Connections 2xDS3 to GE/OC-12/STM4 2xOC-3 to OC-48/STM16 factor pluggable optic module with SX optics), one routing engine with 256M DRAM, one compact forwarding engine Fixed Interfaces 2xFE or 1 GE (SFP) None board with 256M DRAM, one power supply, one fan tray Routers WAN Interface Slots 4 open PIC slots 8 open PIC slots JUNOS software, documentation CD. AC bundles include WAN Interface Modules See ordering information See ordering information country-appropriate power cable. The Adaptive Services Module option can be ordered installed on the compact forwarding engine board by using

Routers Memory (default/max) 256 / 768 MB DRAM 256 / 768 MB DRAM Flash Optional 128M flash + PCMCI model numbers in the right column. adapter for secondary boot media FIXED INTERFACE CARD WITH STANDARD WITH ADAPTIVE Redundancy Power Power, cooling, forwarding engine, routing engine FAST ETHERNET SERVICES MODULE M7i, AC (UK Cable), 2 FE Ports M7i-AC-2FE-UK-B M7i-AC-2FE-ASM-UK-B Services (IPSec, stateful Optional integrated ASM Optional AS PIC hardware firewall/NAT, J-Flow, CRTP) hardware Module module M7i, AC (IT Cable), 2 FE Ports M7i-AC-2FE-IT-B M7i-AC-2FE-ASM-IT-B M7i, AC (EU Cable), 2 FE Ports M7i-AC-2FE-EU-B M7i-AC-2FE-ASM-EU-B M7i, DC, 2 FE Ports M7i-DC-2FE-B M7i-DC-2FE-ASM-B Ordering Information

For a complete parts list please see the M-series datasheet located at FIXED INTERFACE CARD WITH STANDARD WITH ADAPTIVE http://www.juniper.net/products/mseries/100042.html GIGABIT ETHERNET AND SFP SERVICES MODULE M7i, AC (UK Cable), 1 GE Port M7i-AC-1GE-UK-B M7i-AC-1GE-ASM-UK-B (w/SFP SX) M7i, AC (IT Cable), 1 GE Port M7i-AC-1GE-IT-B M7i-AC-1GE-ASM-IT-B (w/SFP SX) M7i, AC (EU Cable), 1 GE Port M7i-AC-1GE-EU-B M7i-AC-1GE-ASM-EU-B (w/SFP SX) M7i, DC, 1 GE Port (w/SFP SX) M7i-DC-1GE-B M7i-DC-1GE-ASM-B Juniper Networks Quick Reference Guide Juniper Networks Quick Reference Guide 14 Routers Routers 15

M10i bundles M10i/M7i Physical Interface Cards Each bundle includes chassis, one routing engine with 256M ETHERNET DRAM (2 for redundant), one compact forwarding engine board 1-port Gigabit Ethernet IQ PIC (Requires SFP) PE-1GE-SFP-QPP with 256M DRAM (two for redundant), one high availability 1-port Gigabit Ethernet PIC (Requires SFP) PE-1GE-SFP chassis manager board (two for redundant), two fan trays, two 12-port 10/100 TX Ethernet PIC. Includes 3-meter RJ21 cable PE-12FE-TX power supplies (three for AC redundancy, four for DC Routers redundancy), JUNOS software, documentation CD. AC bundles 4-port Fast Ethernet PIC, TX interface, RJ45 connector PE-4FE-TX include country-appropriate power cables. ATM

Routers 1-port OC-12/STM4 ATM2 IQ PIC, Single mode, IR PE-1OC12-ATM2-SMIR 2-port OC-3/STM1 ATM2 IQ PIC, Multi mode PE-2OC3-ATM2-MM M10i NON-REDUNDANT REDUNDANT 2-port OC-3/STM1 ATM2 IQ PIC, Single mode, IR PE-2OC3-ATM2-SMIR M10i, AC (UK Cable) M10i-AC-UK-B M10i-AC-HA-UK-B 4-port DS3 ATM2 IQ PIC (ships with cable) PE-4DS3-ATM2 M10i, AC (IT Cable) M10i-AC-IT-B M10i-AC-HA-IT-B 2-port E3 ATM2 IQ PIC (ships with cable) PE-2E3-ATM2 M10i, AC (EU Cable) M10i-AC-EU-B M10i-AC-HA-EU-B M10i, DC M10i-DC-B M10i-DC-HA-B POS 1-port SONET/SDH OC12/STM4 PIC, Single-Mode, IR PE-1OC12-SON-SMIR 2-ports SONET/SDH OC3/STM1 PIC, Single-Mode, IR PE-2OC3-SON-SMIR M10i/M7i Spares 2-ports SONET/SDH OC3/STM1 PIC, Multi-mode PE-2OC3-SON-MM M10i/M7i Forwarding Engine Spare FEB-M10i-M7i-S CLEAR CHANNEL M7i Forwarding engine Spare with built-in Services Module FEB-M7i-SVCS-S 4-port DS3 PIC (and cables) with PIC ejector PE-4DS3 Routing Engine board spare. Flash media kit sold separately RE-400-256-WW-S 2-port DS3 PIC (and cables) with PIC ejector PE-2DS3 M10i Chassis Spare CHAS-MP-M10i-S 4-port E3 IQ PIC PE-4E3-QPP M7i Chassis Spare, 1 built-in GE port CHAS-MP-M7i-1GE-S 2-port E3 PIC (and cables) with PIC ejector PE-2E3 M7i Chassis Spare, 2 built-in FE ports CHAS-MP-M7i-2FE-S 4-port E1 PIC (75-ohm BNC connectors) (ships with cables) PE-4E1-COAX High Availability Chassis Manager Board for M10i HCM-M10i-S 4-port E1 PIC (120-ohm RJ48 connectors) PE-4E1-RJ48 M10i/M7i AC Power Supply Spare PWR-M10i-M7i-AC-S 4-port T1 PIC, (120-ohm, RJ48 connectors) PE-4T1-RJ48 M10i/M7i DC Power Supply Spare PWR-M10i-M7i-DC-S 2-port EIA-530 PIC (DB-25 Connector) PE-2EIA530 M7i Fan Tray Spare FANTRAY-M7i-S CHANNELIZED M10i Fan Tray Spare FANTRAY-M10i-S 1-port Channelized STM1 to DS0 IQ PIC, SM, IR PE-1CHSTM1-SMIR-QPP Flash media kit with 256 MB flash drive and PCMCIA adapter CF-ADAP-256M-S 4-port Channelized DS3 to DS0 IQ PIC, BNC PE-4CHDS3-QPP Optional RE Memory Upgrade: 256 MB DRAM Module MEM-RE-256-S 10-port Channelized E1 to DS0 IQ PIC, RJ48 PE-10CHE1-RJ48-QPP SERVICES Adaptive Services II PIC PE-AS2 Link Services PIC, 4 ML bundles, 256 LFI links, Tunnel Services PE-LS-4 Tunnel Services PIC with PIC ejector PE-TUNNEL

For additional physical interface cards please see www.juniper.net/products/modules/ Juniper Networks Quick Reference Guide Juniper Networks Quick Reference Guide 16 Routers Firewall / IPSec VPN Products 17

Interface Accessories Firewall / IPSec VPN

EIA-530 to V.35 cable (DTE) for M-series CBL-EIA530-V35-DTE EIA-530 to X.21 cable (DTE) for M-series CBL-EIA530-X21-DTE 3-meter VHDCI to RJ21 Ethernet cable spare for PE-12FE-TX. CBL-RJ21-MDI-S 3-meter VHDCI to RJ21 Ethernet cable spare for PE-12FE-TX CBL-RJ21-MDIX-S 10-ft SMZ to BNC coaxial cable spare, for DS3/E3 PICs CBL-SMZ-BNC-M-S SFP 1000Base-LX Gigabit Ethernet Optic Module SFP-1GE-LX Routers SFP 1000Base-SX Gigabit Ethernet Optic Module SFP-1GE-SX SFP 1000Base-T Gigabit Ethernet Module (for Cat 5 cable) SFP-1GE-T Products

The Juniper Networks integrated firewall / IPSec VPN security devices are purpose-built to perform /IPSecVPN Firewall Software Licenses for the Adaptive Services Module/PICs essential security functions. These integrated devices combine a Stateful Inspection firewall with Deep Inspection technology for application-level protection, IPSec virtual private networking (VPN) M7i can be ordered with the optional built in Adaptive Services Module (ASM), which capabilities, and denial of service (DoS) mitigation functions. Plus they are all manageable by a Products comes with the stateful firewall/NAT software license for free (S-NAT-FW-MULTI). Additional policy-based central management system, NetScreen-Security Manager. They are available in a licenses must be purchased. The Adaptive Services PIC or the Adaptive Services II PIC can range of devices built to meet the throughput requirements of enterprises of all sizes. be purchased for use with either M7i or M10i, all licenses for these PICs must be purchased. CUSTOMER PRODUCTS TOENTERPRISE J- Flow S-ACCT NETWORK RECOMMEND CLASS FEATURES CRTP S-CRTP Small Office / NetScreen-HSC • Integrated security devices with Stateful L2TP LNS license for M7i S-LNS Remote Office / NetScreen-5GT and Deep Inspection firewall, IPSec VPN, NAT/FW Multi-instance S-NAT-FW-MULTI Retail Outlet / NetScreen-5GT ADSL Antivirus and Web Filtering NAT/FW Single-instance S-NAT-FW-SINGLE Fixed Telecommuters NetScreen-5GT • Rapid Deployment to quickly get a new Wireless device up and running IPSec S-ES NetScreen-5XT • Device redundancy and resiliency for high availability

For More Information: http://www.juniper.net/products/mseries/ Regional Office / NetScreen-25 • Denial of service attack protection Branch Office / NetScreen-50 • Application-level security with Deep Medium Enterprise NetScreen-204 Inspection and Web Filtering NetScreen-208 • Transparent mode to drop device into existing network with minimal changes • Dynamic routing support to reduce reliance on manual intervention

Medium & Large NetScreen-500 • Purpose-built high-performance, scalable Enterprise Central NetScreen-ISG 2000 and flexible security solutions Sites / Carrier NetScreen-5200 • Interface flexibility for varying network Networks / Data NetScreen-5400 connectivity requirements Centers • Customizable security zones to increase interface density • Comprehensive high availability solution for sub-second fail-over • Virtual System support for partitioning devices into multiple security domains Juniper Networks Quick Reference Guide Juniper Networks Quick Reference Guide 18 Firewall / IPSec VPN Products Firewall / IPSec VPN Products 19

NetScreen ScreenOS Software Small Office / Remote Office Security Solutions A controlling element of the Juniper Networks firewall / IPSec VPN devices is the operating Enterprises require integrated security products for their small offices, retail outlets, and system, ScreenOS, a real-time, security-specific operating system. fixed telecommuters that don’t compromise on security, manageability, resiliency or price. Juniper Networks has the most robust portfolio of security solutions for the small office / Key features and benefits remote office in the industry, providing solutions with superior security, central management • Security specific real-time operating system that eliminates vulnerabilities found in and deployment, resiliency and high availability, all at competitive prices. general purpose operating systems • Designed from the ground up to perform computationally intensive security functions These solutions include the NetScreen-Hardware Security Client, NetScreen-5GT, without compromising throughput NetScreen-5GT ADSL, NetScreen-5GT Wireless and NetScreen-5XT. • Stateful, protocol-level intelligence to prevent attacks in VoIP and other new technologies • Integrated application-level attack protection with Deep Inspection, Antivirus and Web Filtering (not available on all products) • Same operating system across the entire firewall / IPSec VPN product line means less Key Features & Benefits Firewall /IPSecVPN Firewall training time for security administrators • Integrated Deep Inspection firewall for application-level attack protection • Certified by Common Criteria and ICSA • Integrated Antivirus at the network edge to stop viruses before they spread Products (NetScreen-HSC, NetScreen-5GT, NetScreen-5GT ADSL and NetScreen-5GT Wireless only) For More Information: • Integrated Web Filtering available to set policies on corporate web use (NetScreen-HSC http://www.juniper.net/products/integrated/ and NetScreen-5GT)

Products • Rapid Deployment to quickly get a new device up and running for a telecommuter or small office without onsite IT staff and minimal effort

Firewall VPN IPSec / • Restricted security zones (home / work zones) to separate corporate traffic and resources from non-business activity • Integrated ADSL modem eliminates the need for an external ADSL modem reducing upfront hardware and ongoing operational costs (NetScreen-5GT ADSL only) • Device Redundancy for high availability and to minimize the potential for a single point of failure (NetScreen-5GT, NetScreen-5GT Wireless and NetScreen-5GT ADSL with Extended license only) • Support for dial-backup or backup Ethernet ports for redundant Internet connections when network uptime is business critical • Reduction in failover time of a VPN connection with redundant VPN tunnels and VPN monitoring • Policy-based management for centralized, end-to-end lifecycle management

Licenses available on Juniper Networks Small Office / Remote Office Security Solutions NETSCREEN NETSCREEN NETSCREEN NETSCREEN NETSCREEN -HSC -5GT -5GT ADSL -5GT WIRELESS -5XT

10-user No Yes Yes Yes Yes

Plus or Elite No Yes Yes Yes Yes

Extended No Yes Yes Yes No

Deep Inspection Signatures Yes Yes Yes Yes Yes

Antivirus Included Yes Yes Yes No Web Filtering Yes YesNo No No Juniper Networks Quick Reference Guide Juniper Networks Quick Reference Guide 20 Firewall / IPSec VPN Products Firewall / IPSec VPN Products 21

Product Specs At-A-Glance Juniper Networks NetScreen-Hardware Security Client FEATURE / NETSCREEN- NETSCREEN- NETSCREEN- NETSCREEN- NETSCREEN- The Juniper Networks NetScreen-Hardware Security Client CAPACITY HSC 5GT 10-USER/ 5GT ADSL 5GT WIRELESS 5XT (NetScreen-HSC) is the most cost effective integrated PLUS AND 10-USER/ USER/PLUS 10-USER/ security solution for the fixed telecommuter and small EXTENDED PLUS AND AND ELITE remote office combining Stateful Firewall, Deep Inspection EXTENDED EXTENDED Firewall, Antivirus and Web Filtering. It can easily be Number of 5 10/100 5 10/100 5 10/100 5 10/100 5 10/100 deployed and managed in large deployments with Juniper Interfaces Ethernet Ethernet Ethernet + 1 ADSL Ethernet + 1 Wireless Ethernet Networks NetScreen-Security Manager and the Rapid Deployment capabilities, eliminating port with up to 4 SSIDs, expensive staging steps. 1 ADSL port (optional) Maximum Number 5 10 / Unrestricted 10 / Unrestricted 10 / Unrestricted 10 / Unrestricted of IP Addresses in Unrestricted on the Unrestricted on the Unrestricted on the When to Sell

Trusted Interfaces Extended Version Extended Version Extended Version • When integrated best of breed security functionality, reduced network complexity and low-cost are requirements Maximum 50M FW 75M FW 75M FW 75M FW 70M FW /IPSecVPN Firewall Throughput 10M 3DES VPN 20M 3DES VPN 20M 3DES VPN 20M 3DES VPN 20M 3DES VPN• Large scale fixed telecommuter / small remote office deployments where central Number of Sessions 1,000 2,000 2,000 2,000 2,000 management and configuration is a requirement 4,000 on 4,000 on 4,000 on • Large scale deployments where minimal IT resources are available at the remote Products Extended version Extended version Extended version locations Maximum Number 2 10 10 10 10 of VPN Tunnels 25 on Extended 25 on Extended 25 on Extended Products Competitive Products version version version Cisco PIX 501, Check Point VPN-1 Edge, Check Point on Nokia IP40, Fortinet FG50A, Maximum Number 50 100 100 100 100

Firewall VPN IPSec / SonicWall TZ170, TELE3, WatchGuard V10 and Firebox-X Edge of Policies Maximum Number 2 (3 with home/ 2 (3 with home/ 2 (3 with home/ 2 (3 with home/ 2 (3 with home/Selected Part Numbers and Ordering Information of Security Zones work zones) work zones) work zones) work zones) work zones) Trust/Untrust/ Trust/Untrust/ Trust/Untrust/ PRODUCT PART NUMBER DMZ on Extended DMZ on Extended DMZ on Extended Juniper Networks NetScreen-HSC with AV Version Version Version NetScreen-HSC UK linear supply NS-HSC-003-AV Maximum Number 2 3 3 3 2 NetScreen-HSC Europe linear supply NS-HSC-005-AV of Virtual Routers Routing Protocol RIPv1/v2 RIPv1/v2, RIPv1/v2, RIPv1/v2, OSPF, BGP, Support OSPF, BGP OSPF, BGP OSPF, BGP RIPv1/v2 For More Information: Dial Backup Support No Yes Yes Yes Yes http://www.juniper.net/products/integrated/dsheet/110014.pdf High Availability No No No No No Yes on Extended Yes on Extended Yes on Extended

version version version Redundant Yes Yes Yes Yes Yes Connections with

Dual Untrust Support

Embedded Antivirus Yes Yes Yes Yes No Integrated Web Yes Yes No No No Filtering External Web Yes Yes Yes Yes Yes Filtering Juniper Networks Quick Reference Guide Juniper Networks Quick Reference Guide 22 Firewall / IPSec VPN Products Firewall / IPSec VPN Products 23

Juniper Networks NetScreen-5GT Juniper Networks NetScreen-5GT ADSL The Juniper Networks NetScreen-5GT is a feature rich The Juniper Networks NetScreen-5GT ADSL is a feature rich enterprise-class network security solution that integrates network security solution that integrates multiple security multiple security functions—Stateful and Deep Inspection functions—Stateful and Deep Inspection firewall, IPSec firewall, IPSec VPN, Denial of Service protection, Antivirus and VPN, Denial of Service protection and Antivirus—with an Web Filtering. The NetScreen-5GT is fully capable of securing ADSL interface. a remote office, retail outlet, or a broadband telecommuter. When to Sell When to Sell • To service provider or MSSP for a managed secure broadband service – integrated ADSL • For a fixed telecommuter / small remote office (NetScreen-5GT 10/Plus) or Large modem reduces CAPEX Remote Office / Small Company (NetScreen-5GT Extended) • When integrated security functionality (Deep Inspection, Antivirus) are required with an • When integrated security functionality - Stateful and Deep Inspection firewall, IPSec integrated ADSL modem VPN, Denial of Service protection, Antivirus and Web Filtering – are requirements Firewall /IPSecVPN Firewall • When superior price/performance is a requirement Competitive Products • When dial-back up is a requirement Cisco PIX 501, PIX 506E, Cisco 831, CheckPoint VPN-1 Edge, Check Point on Nokia IP40, Products • When device redundancy or network segmentation is a requirement (Extended license Fortinet FG50A, FG60, SonicWall TZ170, SOHO TZW, WatchGuard V10 and Firebox-X Edge required) Competitive Products Selected Part Numbers and Ordering Information Products Cisco PIX 501, PIX 506E, Check Point VPN-1 Edge, Check Point on Nokia IP40, Fortinet PRODUCT PART NUMBER FG50A, FG60, SonicWall TZ170, SOHO3, WatchGuard V10 and Firebox-X Edge Juniper Networks NetScreen-5GT ADSL 10 User* Annex A Firewall VPN IPSec / NetScreen-5GT ADSL UK supply NS-5GT-013-A Selected Part Numbers and Ordering Information NetScreen-5GT ADSL Europe supply NS-5GT-015-A PRODUCT PART NUMBER Juniper Networks NetScreen-5GT ADSL Plus (unrestricted users)* Annex A Juniper Networks NetScreen-5GT 10 User* NetScreen-5GT ADSL Plus UK power cord NS-5GT-113-A NetScreen-5GT UK linear supply NS-5GT-003 NetScreen-5GT ADSL Plus European power cord NS-5GT-115-A NetScreen-5GT Europe linear supply NS-5GT-005 Juniper Networks NetScreen-5GT ADSL Extended* Annex A Juniper Networks NetScreen-5GT Plus (unrestricted users)* NetScreen-5GT ADSL Extended UK power cord NS-5GT-213-A NetScreen-5GT Plus UK power cord NS-5GT-103 NetScreen-5GT ADSL Extended European power cord NS-5GT-215-A NetScreen-5GT Plus European power cord NS-5GT-105 Juniper Networks NetScreen-5GT ADSL 10 User* Annex B Juniper Networks NetScreen-5GT Extended* NetScreen-5GT ADSL UK supply NS-5GT-013-B NetScreen-5GT Extended UK power cord NS-5GT-203 NetScreen-5GT ADSL Europe supply NS-5GT-015-B NetScreen-5GT Extended European power cord NS-5GT-205 Juniper Networks NetScreen-5GT ADSL Plus (unrestricted users)* Annex B Rack mount kit for 2 NetScreen-5GTs NS-5GT-RMK NetScreen-5GT ADSL Plus UK power cord NS-5GT-113-B *For antivirus products add -AV to the above NetScreen-5GT SKU (NS-5GT-101-AV). NetScreen-5GT ADSL Plus European power cord NS-5GT-115-B Juniper Networks NetScreen-5GT ADSL Extended* Annex B NetScreen-5GT ADSL Extended UK power cord NS-5GT-213-B For More Information: http://www.juniper.net/products/integrated/dsheet/110001.pdf NetScreen-5GT ADSL Extended European power cord NS-5GT-215-B *For antivirus products add -AV to the above NetScreen-5GT sku (NS-5GT-011-A-AV).

For More Information: http://www.juniper.net/products/integrated/dsheet/110027.pdf Juniper Networks Quick Reference Guide Juniper Networks Quick Reference Guide 24 Firewall / IPSec VPN Products Firewall / IPSec VPN Products 25

Juniper Networks NetScreen-5GT Wireless Selected Part Numbers and Ordering Information The Juniper Networks NetScreen-5GT Wireless brings PRODUCT PART NUMBER enterprise level security applications, routing protocols and Juniper Networks NetScreen-5GT Wireless 10 User resiliency features to remote offices, retail outlets or NetScreen-5GT Wireless World - UK Power Cord NS-5GT-023 broadband telecommuters that want to deploy 802.11b/g NetScreen-5GT Wireless World - Europe Power Cord NS-5GT-025 networks in a secure manner. The NetScreen-5GT Wireless offers administrators up to four configurable Wireless Security Juniper Networks NetScreen-5GT Wireless Plus Zones each with a unique SSID that can be used to provision appropriate levels of security NetScreen-5GT Wireless World - UK Power Cord NS-5GT-123 for different types of users. The NetScreen-5GT Wireless also possesses the broadest range NetScreen-5GT Wireless World - Europe Power Cord NS-5GT-125 of wireless specific security support to help protect wireless communications and network Juniper Networks NetScreen-5GT Wireless Extended resources. Wireless specific security includes: NetScreen-5GT Wireless World - UK Power Cord NS-5GT-223 • Security/Privacy: WEP, WPA (AES or TKIP), IPSec VPN NetScreen-5GT Wireless World - Europe Power Cord NS-5GT-225

• Authentication: PSK, EAP-PEAP, EAP-TLS, EAP-TTLS over 802.1x /IPSecVPN Firewall Juniper Networks NetScreen-5GT Wireless ADSL 10 User The broad range of supported wireless security also helps ensure policy consistency and NetScreen-5GT Wireless ADSL World - UK Power Cord NS-5GT-033-x interoperability with other wireless solutions that may be deployed throughout the Products enterprise. The NetScreen-5GT Wireless includes standard Ethernet connectivity with ADSL NetScreen-5GT Wireless ADSL World - Europe Power Cord NS-5GT-035-x as a hardware option. Juniper Networks NetScreen-5GT Wireless ADSL Plus NetScreen-5GT Wireless ADSL World - UK Power Cord NS-5GT-133-x Products When to Sell NetScreen-5GT Wireless ADSL World - Europe Power Cord NS-5GT-135-x • For a fixed telecommuter / remote office / retail outlet requiring deployment of secure Juniper Networks NetScreen-5GT Wireless ADSL Extended Firewall VPN IPSec / wireless access NetScreen-5GT Wireless ADSL World - UK Power Cord NS-5GT-233-x • When integrated security functionality - Stateful and Deep Inspection firewall, IPSec NetScreen-5GT Wireless ADSL World - Europe Power Cord NS-5GT-235-x VPN, Denial of Service protection and Antivirus – with wireless access is a requirement • Requirement for a broad set of wireless-specific security and authentication -x must be replaced with an -A for Annex A units or a -B for annex B units mechanisms This is only a subset of all part numbers available for • Need to assign appropriate levels of security to different user groups using Security this product. For the latest part number and pricing Zones information, please see the Juniper Networks price list. Competitive Products Cisco 831 + 1100 access point, Cisco PIX firewall + 1100 access point, Check Point 400W, Fortinet FG60WiFi, SonicWall TZ170 Wireless, WatchGuard Firebox-X Edge

For More Information: http://www.juniper.net/products/integrated/dsheet/ Juniper Networks Quick Reference Guide Juniper Networks Quick Reference Guide 26 Firewall / IPSec VPN Products Firewall / IPSec VPN Products 27

Juniper Networks NetScreen-5XT Regional Office / Medium Enterprise Security Solutions The Juniper Networks NetScreen-5XT is a feature rich The Juniper Networks integrated security solutions for the regional office, branch office or enterprise-class network security solution integrating Stateful medium enterprise provide superior price/performance with extremely robust security features. Inspection and Deep Inspection firewall, IPSec VPN, and DoS mitigation technology. These solutions include the NetScreen-25, NetScreen-50, When to Sell NetScreen-204 and NetScreen-208. • For a fixed telecommuter / small remote office • Government deployments where Common Criteria and/or FIPS certifications are a requirement Key Features & Benefits • Integrated Deep Inspection firewall for application-level attack protection Competitive Products • Integrated Web Filtering available to set policies on corporate web use (NetScreen-25 &

Cisco PIX 501, 506E, CheckPoint VPN-1 Edge, Check Point on Nokia IP40, Fortinet FG60, NetScreen-50 only) /IPSecVPN Firewall FG50A, SonicWall TZ170, SOHO3, WatchGuard V10 and Firebox-X Edge • Denial of service protection to protect against more than 30 different attacks, both internal and external Products Selected Part Numbers and Ordering Information • Comprehensive high availability solution for sub-second fail-over between interfaces or PRODUCT PART NUMBER devices (HA Lite only on NetScreen-25) • Dynamic routing support to reduce reliance on manual intervention to establish a new Juniper Networks NetScreen-5XT 10 User Products route NetScreen-5XT UK power cord NS-5XT-003 • Reduction in failover time of a VPN connection with redundant VPN tunnels and VPN

Firewall VPN IPSec / NetScreen-5XT European power cord NS-5XT-005 monitoring Upgrade from NetScreen-5XT 10-user to Elite NS-5XT-ELU • Transparent mode where the device functions as a Layer 2 IP security bridge with Juniper Networks NetScreen-5XT Elite (unrestricted users) minimal change to the existing network • Virtual Router support to map internal, private or overlapped IP addresses to a new IP NetScreen-5XT Elite UK power cord NS-5XT-103 address NetScreen-5XT Elite European power cord NS-5XT-105 • Customizable security zones to increase interface density without additional hardware Rack mount kit for 2 NetScreen-5XTs NS-5XT-RMK expenditures • Manageable through graphical WebUI, CLI or central management system, NetScreen-Security Manager For More Information: • Policy-based management for centralized, end-to-end lifecycle management http://www.juniper.net/products/integrated/dsheet/110002.pdf Juniper Networks Quick Reference Guide Juniper Networks Quick Reference Guide 28 Firewall / IPSec VPN Products Firewall / IPSec VPN Products 29

Product Specs At-A-Glance – Advanced Feature Set Juniper Networks NetScreen-25 / NetScreen-50 ADVANCED NETSCREEN-25 NETSCREEN-50 NETSCREEN-204 NETSCREEN-208 The Juniper Networks NetScreen-25 and NetScreen-50 offer FEATURE/CAPACITY ADVANCED ADVANCED ADVANCED ADVANCED complete security solutions for enterprise branch and Number of Interfaces 4 10/100 4 10/100 4 10/100 8 10/100 remote offices as well as small and medium size companies. Maximum Throughput 100M FW 170M FW 400M FW 550M FW They provide solutions for perimeter security with multiple 20M 3DES VPN 45M 3DES VPN 200M 3DES VPN 200M 3DES VPN DMZs, VPNs for wireless LAN security, or protection of internal networks. Maximum Number of 32,000 64,000 128,000 128,000 Sessions NetScreen-25 offers 100 Mbps of firewall and NetScreen-50 is a high performance security 20 Mbps of 3DES or AES VPN performance, appliance, offering 170 Mbps of firewall and 45 Maximum Number of 125 + 100 500 + 400 1,000 1,000 VPN Tunnels dial up dial up with support for 32,000 concurrent sessions, Mbps of 3DES or AES VPN performance, with 125 site-to-site VPN tunnels, and 100 VPN support for 64,000 concurrent sessions, 500 Maximum Number of 500 1,000 4,000 4,000 users site-to-site VPN tunnels, and 400 VPN users. Policies

Maximum Number of 8 8 32 default, up to 32 default, up to When to Sell /IPSecVPN Firewall Virtual LANs 32 additional 32 additional • Need for fully integrated security solution for enterprise branch and remote offices, as Maximum Number of 4 4 4 default, up to 8 default, up to well as small and medium size companies Products Security Zones 10 additional 10 additional • Need for application-level protection with integrated Deep Inspection or Web Filtering Maximum Number of 3 3 3 default, up to 3 default, up to • When high availability and resiliency are requirements Virtual Routers 5 additional 5 additional • Perimeter security solutions for multiple DMZs, VPNs for wireless LAN security, or Products Routing Protocols OSPF, BGP, OSPF, BGP, OSPF, BGP, OSPF, BGP, protection of internal networks Supported RIPv1/v2 RIPv1/v2 RIPv1/v2 RIPv1/v2

Firewall VPN IPSec / High Availability Modes HA Lite Active/Passive Active/Passive Active/Passive Competitive Products Supported Active/Active Active/Active Cisco PIX 506E, Check Point on Nokia IP130, Fortinet FG100A, FG200A, SonicWall Active/Active Full Mesh PRO3060, TELE3, PRO230, WatchGuard V60 and Firebox-X Deep Inspection Yes Yes Yes Yes Selected Part Numbers and Ordering Information Integrated / Redirect Yes / Yes Yes / Yes No / Yes No / Yes Web Filtering PRODUCT PART NUMBER Juniper Networks NetScreen-50 w/AC power supply Product Specs At-A-Glance – Baseline Feature Set NetScreen-50 UK power cord NS-050-003 BASELINE NETSCREEN-25 NETSCREEN-50 NETSCREEN-204 NETSCREEN-208 NetScreen-50f* UK power cord NS-050-103 FEATURE/CAPACITY BASELINE BASELINE BASELINE BASELINE NetScreen-50 European power cord NS-050-005 Sessions 24,000 48,000 64,000 64,000 NetScreen-50f* European power cord NS-050-105 Site-to-site tunnels 50 150 500 500 Juniper Networks NetScreen-50 w/DC power supply Remote-access tunnels Shared with Shared with N/A N/A NetScreen-50 w/DC power supply DC power NS-050-001-DC site-to-site site-to-site Juniper Networks NetScreen-25 w/AC power supply VLANs 0 0 02 02 NetScreen-25 UK power cord NS-025-003 Routing Protocols RIPv1/v2 RIPv1/v2 RIPv1/v2 RIPv1/v2 NetScreen-25 European power cord NS-025-005 Supported Baseline Products High Availability (HA) HA Lite1 HA Lite1 Active/Passive Active/Passive NetScreen-50 Baseline UK power cord NS-050B-003 Deep Inspection No No No No NetScreen-50 Baseline European power cord NS-050B-005 Integrated / Redirect Yes / Yes Yes / Yes No / Yes No / Yes NetScreen-50 Baseline to Advanced Upgrade NS-050-UPG-A Web Filtering NetScreen-25 Baseline UK power cord NS-025B-003 1 HA Lite provides configuration synchronization only (does not provide session or tunnel synchronization). NetScreen-25 Baseline European power cord NS-025B-005 2 Virtualization key option – add 32 VLANs, 5 Virtual Routers and 10 Security Zones NetScreen-25 Baseline to Advanced Upgrade NS-025-UPG-A *If products do not include VPN functionality (international only) For More Information: http://www.juniper.net/products/integrated/dsheet/110003.pdf Juniper Networks Quick Reference Guide Juniper Networks Quick Reference Guide 30 Firewall / IPSec VPN Products Firewall / IPSec VPN Products 31

Juniper Networks NetScreen-204 / NetScreen-208 Central Office / Large Enterprise Security Solutions The Juniper Networks NetScreen-204 and NetScreen-208 are Juniper Networks offers a line of purpose built, high-performance integrated security two of the most versatile security appliances available today, systems designed to deliver flexible and scalable solutions for large enterprise, carrier, and easily integrating into many different environments, including data center networks. These modular chassis-based systems offer virtual systems, robust medium and large enterprise offices, e-business sites, data high availability as well as interface flexibility. centers, and carrier infrastructures. In addition to physical interface density, the NetScreen-200 Series optionally supports virtualization, including VLAN support and additional custom security zones and virtual routers. This line of products includes the NetScreen-500, NetScreen-ISG 2000, NetScreen-5200 and NetScreen-5400. NetScreen-204 offers four 10/100 Mbps NetScreen-208 offers eight 10/100 Mbps interfaces with firewall functions at wire interfaces with firewall functions at wire speed (400 Mbps). speed (550 Mbps). Key Features & Benefits

• Comprehensive high availability solution for sub-second fail-over between interfaces or /IPSecVPN Firewall When to Sell devices • Medium and large enterprise branch offices, e-business sites, data centers, and carrier • Full mesh configurations to allow for redundant physical paths in the network thereby Products infrastructures providing maximum resiliency and uptime • Where network segmentation, high availability and/or dynamic routing are requirements • Virtual System support allowing devices to be partitioned into multiple security domains, • Perimeter security solutions for multiple DMZs, VPNs for wireless LAN security, or each with a unique set of administrators, policies, VPNs, and address books

Products protection of internal networks • Interface flexibility for varying network connectivity requirements and future growth requirements

Firewall VPN IPSec / Competitive Products • Virtual Router support to map internal, private or overlapped IP addresses to a new IP Cisco PIX 515E-UR/R, Check Point on Nokia IP 350, Fortinet FG300A, FG400A, FG500A, address SonicWall PRO5060, PRO4060, PRO230 and WatchGuard V80 • Customizable security zones to increase interface density without additional hardware expenditures Selected Part Numbers and Ordering Information • Transparent mode where the device functions as a Layer 2 IP security bridge with minimal change to the existing network PRODUCT PART NUMBER • Manageable through graphical WebUI, CLI or central management system, Juniper Networks NetScreen-208 w/ AC power supply NetScreen-Security Manager NetScreen-208 UK power cord NS-208-003 • Policy-based management for centralized, end-to-end lifecycle management NetScreen-208 European power cord NS-208-005 Juniper Networks NetScreen-208 w/ DC power supply NetScreen-208 DC power NS-208-001-DC Juniper Networks NetScreen-204 w/ AC power supply NetScreen-204 UK power cord NS-204-003 NetScreen-204 European power cord NS-204-005 Juniper Networks NetScreen-204 w/ DC power supply NetScreen-204 DC power NS-204-001-DC Juniper Networks NetScreen-200 Series Virtualization NetScreen-200 Virtualization Key* NS-200-VIRT Baseline Products NetScreen-208 Baseline UK power cord NS-208B-003 NetScreen-208 Baseline European power cord NS-208B-005 NetScreen-204 Baseline UK power cord NS-204B-003 NetScreen-204 Baseline European power cord NS-204B-005 *Virtualization Key adds 32 VLANs, 5 additional virtual routers, and 10 additional security zones. Only available with NetScreen ScreenOS 4.0.2 and later. For More Information: http://www.juniper.net/products/integrated/dsheet/110004.pdf Juniper Networks Quick Reference Guide Juniper Networks Quick Reference Guide 32 Firewall / IPSec VPN Products Firewall / IPSec VPN Products 33

Product Specs At-A-Glance – Advanced Feature Set Juniper Networks NetScreen-500 ADVANCED NETSCREEN-500 NETSCREEN-ISG NETSCREENNETSCREEN The Juniper Networks NetScreen-500 is a purpose-built, FEATURE/CAPACITY ADVANCED 2000 ADVANCED -5200 -5400 security system designed to provide a flexible, high Number of Interfaces Up to 8 10/100 Up to 8 Mini-GBIC 8 Mini-GBIC or 24 Mini-GBIC or performance solution. The NetScreen-500 security system or 8 Mini-GBIC (SX or LX) or up 2 Mini-GBIC + 6 Mini-GBIC + integrates firewall, DoS, VPN and traffic management or 4 GBIC to 28 10/100 24 10/100 72 10/100 functionality. Combined with a flexible and resilient Maximum Throughput 700M FW 2G FW 4G FW 12G FW hardware architecture, the NetScreen 500 exceeds most 250 3DES VPN 1G 3DES VPN 2G 3DES VPN 6G 3DES VPN enterprises’ typical traffic conditions. It is well suited to match the peak load and strong Maximum Number of 250,000 512,000 1,000,000 1,000,000 deterrence requirements of the most demanding environments. Sessions Maximum Number of 5,000 10,000 25,000 25,000 When to Sell VPN Tunnels • For medium and large enterprise central sites and service providers Maximum Number of 20,000 30,000 40,000 40,000 • High-performance, scalable and flexible security solution required Firewall /IPSecVPN Firewall Policies • High availability for resiliency and virtual systems for departmental firewalls required Maximum Number of 25 50 500 500 Virtual Systems Competitive Products Products Maximum Number of 100 per 500 4,000 4,000 Cisco PIX 525-UR/R, PIX 535-UR/R, Check Point on Nokia IP710, IP380, Fortinet FG500A, Virtual LANs physical port FG800, FG1000, FG3000, SonicWall PRO5060, and WatchGuard V100

Products Maximum Number of 8 default, up to 26 default, up 16 default, up to 16 default, up to Security Zones 50 additional to 100 additional 1000 additional 1000 additional Selected Part Numbers and Ordering Information Maximum Number of 2 default, up to 3 default, up to 3 default, up to 3 default, up to Firewall VPN IPSec / Virtual Routers 25 additional 50 additional 500 additional 500 additional PRODUCT PART NUMBER High Availability Modes Active/Passive Active/Passive Active/Passive Active/Passive Juniper Networks NetScreen-500SP Bundles Supported Active/Active Active/Active Active/Active Active/Active NetScreen-500 System SX GBIC, AC power NS-500SP-GB1-AC Active/Active Active/Active Active/Active Active/Active NetScreen-500 System SX GBIC, DC power NS-500SP-GB1-DC Full Mesh Full Mesh Full Mesh Full Mesh NetScreen-500 System SX dual-GBIC, AC power NS-500SP-GB2-AC Routing Protocols OSPF, BGP, OSPF, BGP, OSPF, BGP, OSPF, BGP, Supported RIPv1/v2 RIPv1/v2 RIPv1/v2 RIPv1/v2 NetScreen-500 System SX dual-GBIC, DC power NS-500SP-GB2-DC Juniper Networks NetScreen-500ES Bundles Deep Inspection Yes Yes Yes Yes NetScreen-500 System 2 SX GBIC modules, 2 AC power supplies NS-500ES-GB1-AC Integrated / Redirect No / Yes No / Yes No / Yes No / Yes Web Filtering NetScreen-500 System 2 SX GBIC modules, 2 DC power supplies NS-500ES-GB1-DC NetScreen-500 System 2 SX dual-GBIC modules, 2 AC power supplies NS-500ES-GB2-AC Product Specs At-A-Glance – Baseline Feature Set NetScreen-500 System 2 SX dual-GBIC modules, 2 DC power supplies NS-500ES-GB2-DC BASELINE NETSCREEN-500 NETSCREEN-ISG NetScreen-500 System 3 dual-10/100 modules, 2 AC power supplies NS-500ES-FE1-AC FEATURE/CAPACITY BASELINE 2000 BASELINE NetScreen-500 System 3 dual-10/100 modules, 2 DC power supplies NS-500ES-FE1-DC Sessions 128,000 256,000 NetScreen-500 System 2 dual-10/100 modules, 1 AC power supply NS-500ES-FE2-AC Concurrent VPN Tunnels 1,000 1,000 NetScreen-500 System 2 dual-10/100 modules, 1 DC power supply NS-500ES-FE2-DC VLANs 100 100 Juniper Networks NetScreen-500 Baseline Systems Routing Protocols Supported RIPv1/v2 RIPv1/v2 NetScreen-500 System 2 dual-10/100 modules, 1 AC power supply NS-500B-FE2 NetScreen-500 System 2 SX GBIC modules, 1 AC power supply NS-500B-GB1 High Availability Active/Passive Active/Passive Juniper Networks NetScreen-500 Virtual System Upgrades Deep Inspection No No Upgrade to 5 Virtual Systems NS-500-VSYS-5 Integrated / Redirect Web Filtering No / Yes No / Yes Upgrade from 5 to 10 Virtual Systems NS-500-VSYS-10 Upgrade from 10 to 25 Virtual Systems NS-500-VSYS-25 SP Systems include 25 Virtual Systems and 2 power supplies ES Systems include 0 Virtual Systems For More Information: http://www.juniper.net/products/integrated/dsheet/110005.pdf Juniper Networks Quick Reference Guide Juniper Networks Quick Reference Guide 34 Firewall / IPSec VPN Products Firewall / IPSec VPN Products 35

Juniper Networks NetScreen-ISG 2000 Selected Part Numbers and Ordering Information Juniper Network’s Integrated Security Gateway 2000 PRODUCT PART NUMBER (NetScreen-ISG 2000), is a purpose-built, high-performance Juniper Networks NetScreen-ISG 2000 Bundles Advanced* system. Integrating Deep Inspection firewall, VPN and DoS NetScreen-ISG 2000 system 1 4 port 10/100 I/O Module NS-ISG-2000-P00A-S00 solutions, the NetScreen-ISG 2000 enables secure, reliable NetScreen-ISG 2000 system 1 8 port 10/100 I/O Module NS-ISG-2000-P01A-S00 connectivity along with network and application-level NetScreen-ISG 2000 system 1 Dual-Port mini-GBIC I/O Module NS-ISG-2000- P02A-S00 protection for key, high-traffic network segments. Built on Juniper Network’s next generation architecture which includes a fourth generation security NetScreen-ISG 2000 system 1 dual port 10/100/1000 Copper I/O Module NS-ISG-2000- P03A-S00 ASIC, the GigaScreen3. This enables high-speed microprocessors and add-on security modules to provide the predictable, multi-Gigabit performance needed for the most Juniper Networks NetScreen-ISG 2000 Bundles Baseline* demanding network segments. NetScreen-ISG 2000 system 1 4 port 10/100 I/O Module NS-ISG-2000B-P00A-S00 NetScreen-ISG 2000 system 1 8 port 10/100 I/O Module NS-ISG-2000B-P01A-S00 When to Sell NetScreen-ISG 2000 system 1 Dual port mini-GBIC I/O Module NS-ISG-2000B-P02A-S00 Firewall /IPSecVPN Firewall • Requirement for network and application security at the gateway of a large enterprise, NetScreen-ISG 2000 system 1 dual port 10/100/1000 carrier or data center network Copper I/O Module NS-ISG-2000B-P03A-S00 • Customer needs linear performance for all packet sizes for VoIP deployment or other Juniper Networks NetScreen-ISG 2000 Virtual System Upgrades Products advanced application that requires low latency and small packet throughput VSYS Upgrade 0 to 5 NS-ISG-2000-VSYS-5 • High-performance, scalable and flexible security solution required VSYS Upgrade 5 to 25 NS-ISG-2000-VSYS-25

Products • Needs a solution that will meet future security requirements and leverage their investment VSYS Upgrade 25 to 50 NS-ISG-2000-VSYS-50 • High availability for resiliency and virtual systems for departmental firewalls required VSYS Upgrade 0 to 25 NS-ISG-2000-VSYS-025

Firewall VPN IPSec / Competitive Products VSYS Upgrade 0 to 50 NS-ISG-2000-VSYS-050 Juniper Networks NetScreen-ISG 2000 Components Cisco PIX 535-UR/R, Check Point on Nokia IP1220, IP740, IP710, Fortinet FG1000, FG3000, I/O Module - Dual Port Mini GBIC-SX NS-ISG-2000-SX2 FG3600, SonicWall PRO5060, and WatchGuard V200 I/O Module - Dual Port Mini GBIC-LX NS-ISG-2000-LX2 I/O Module - 4 Port 10/100 Fast Ethernet NS-ISG-2000-FE4 I/O Module - 8 Port 10/100 Fast Ethernet NS-ISG-2000-FE8 I/O Module - Dual Port 10/100/1000 Gig Ethernet NS-ISG-2000-TX2 SX transceiver (mini-GBIC) NS-SYS-GBIC-MSX LX transceiver (mini-GBIC) NS-SYS-GBIC-MLX AC power supply NS-ISG-2000-PWR-AC DC power supply NS-ISG-2000-PWR-DC Fan module NS-ISG-2000-FAN Rack Mount Kit (19 in., all mounting hardware) NS-ISG-2000-RCK-01 Rack Mount Kit (23 in., all mounting hardware) NS-ISG-2000-RCK-02 Blank Interface Panel NS-ISG-2000-IPAN Blank Power Supply Cover NS-ISG-2000-PPAN *All systems include 2 AC power supplies and 0 virtual systems.

For More Information: http://www.juniper.net/products/integrated/dsheet/110011.pdf Juniper Networks Quick Reference Guide Juniper Networks Quick Reference Guide 36 Firewall / IPSec VPN Products Firewall / IPSec VPN Products 37

Juniper Networks NetScreen-5200 / NetScreen-5400 PRODUCT PART NUMBER The Juniper NetScreen-5000 Series are purpose built, high- Juniper Networks NetScreen-5400 bundles performance security systems. Designed to deliver a new NetScreen-5400 1 2G24FE SPM, 0 VSYS, AC NS-5400-P00A-S00 level of high-peformance capabilities with integrated firewall, NetScreen-5400 1 2G24FE SPM, 0 VSYS, DC NS-5400-P00D-S00 DoS and DDoS protection, VPN, and traffic management NetScreen-5400 1 8G SPM, 0 VSYS, AC NS-5400-P01A-S00 functionality. Built around Juniper’s third generation security NetScreen-5400 1 8G SPM, 0 VSYS, DC NS-5400-P01D-S00 ASIC and distributed system architecture, the NetScreen-5000 Series offers excellent scalability and flexibility while NetScreen-5400 1 8G SPM, 100 VSYS, AC NS-5400-P01A-S01 providing high levels of security through Juniper Networks NetScreen-5400 1 8G SPM, 100 VSYS, DC NS-5400-P01D-S01 custom operating system, NetScreen ScreenOS. Both NetScreen-5400 1 8G SPM, 500 VSYS, AC NS-5400-P01A-S02 products employ a switch fabric for data exchange and NetScreen-5400 1 8G SPM, 500 VSYS, DC NS-5400-P01D-S02 separate multi-bus channel for control information, delivering scalable performance for the Juniper Networks NetScreen-5400 bundles with Management 2 most demanding environments. NetScreen-5400 5400, 2G24FE, AC, no VSYS, MGT2 NS-5400-P10A-S00 Firewall /IPSecVPN Firewall NetScreen-5400 5400, 2G24FE, DC, no VSYS, MGT2 NS-5400-P10D-S00 NetScreen-5400 5400, 8G, AC, no VSYS, MGT NS-5400-P11A-S00

NetScreen-5200 is a 2-slot modular chassis. NetScreen-5400 is a 4 slot modular chassis. Products NetScreen-5400 5400, 8G, DC, no VSYS, MGT2 NS-5400-P11D-S00 Juniper Networks NetScreen-5000 Virtual System Upgrades When to Sell NetScreen-5000 VSYS Upgrade 0 to 5 NS-5000-VSYS-5 Products • For large enterprise, carrier, and data center networks NetScreen-5000 VSYS Upgrade 5 to 25 NS-5000-VSYS-25 • When multi-gigabit performance for both firewall and VPN is required NetScreen-5000 VSYS Upgrade 25 to 50 NS-5000-VSYS-50

Firewall VPN IPSec / • High availability for resiliency and virtual systems for departmental firewalls required NetScreen-5000 VSYS Upgrade 50 to 100 NS-5000-VSYS-100 Competitive Products NetScreen-5000 VSYS Upgrade 100 to 250 NS-5000-VSYS-250 Cisco PIX 535-UR/R; Check Point on Nokia IP1220, IP1260, IP2250; Fortinet FG3000, NetScreen-5000 VSYS Upgrade 250 to 500 NS-5000-VSYS-500 FG3600, FG4000; SonicWall PRO5060, and WatchGuard V200 NetScreen-5000 VSYS Upgrade 0 to 500 NS-5000-VSYS Juniper Networks NetScreen-5000 Components Selected Part Numbers and Ordering Information Management Module NS-5000-MGT PRODUCT PART NUMBER Management Module 2 NS-5000-MGT2 Juniper Networks NetScreen-5200 bundles 8G (8 mini-GBIC) Secure Port Module NS-5000-8G NetScreen-5200 1 2G24FE SPM, 0 VSYS, AC NS-5200-P00A-S00 2G24FE (2 mini-GBIC24 10/100) Secure Port Module NS-5000-2G24FE NetScreen-5200 1 2G24FE SPM, 0 VSYS, DC NS-5200-P00D-S00 mini-GBIC transceiver - SX NS-SYS-GBIC-MSX NetScreen-5200 1 8G SPM, 0 VSYS, AC NS-5200-P01A-S00 mini-GBIC transceiver - LX NS-SYS-GBIC-MLX NetScreen-5200 1 8G SPM, 0 VSYS, DC NS-5200-P01D-S00 Juniper Networks NetScreen-5200 Components NetScreen-5200 1 8G SPM, 100 VSYS, AC NS-5200-P01A-S01 NetScreen-5200 Chassis NS-5200-CHA NetScreen-5200 1 8G SPM, 100 VSYS, DC NS-5200-P01D-S01 NetScreen-5200 AC Power Supply NS-5200-PWR-AC NetScreen-5200 1 8G SPM, 500 VSYS, AC NS-5200-P01A-S02 NetScreen-5200 DC Power Supply NS-5200-PWR-DC NetScreen-5200 1 8G SPM, 500 VSYS, DC NS-5200-P01D-S02 NetScreen-5200 Fan Assembly NS-5200-FAN Juniper Networks NetScreen-5200 bundles with Management 2 Juniper Networks NetScreen-5400 Components NetScreen-5200 5200, 2G24FE, AC, no VSYS, MGT2 NS-5200-P10A-S00 NetScreen-5400 Chassis NS-5400-CHA NetScreen-5200 5200, 2G24FE, DC, no VSYS, MGT2 NS-5200-P10D-S00 NetScreen-5400 AC Power Supply NS-5400-PWR-AC NetScreen-5200 5200, 8G, AC, no VSYS, MGT2 NS-5200-P11A-S00 NetScreen-5400 DC Power Supply NS-5400-PWR-DC NetScreen-5200 5200, 8G, DC, no VSYS, MGT2 NS-5200-P11A-S00 NetScreen-5400 Fan Assembly NS-5400-FAN

For More Information: http://www.juniper.net/products/integrated/dsheet/110007.pdf Juniper Networks Quick Reference Guide Juniper Networks Quick Reference Guide 38 Firewall / IPSec VPN Products SSL VPN 39

Juniper Networks NetScreen-Remote VPN & NetScreen-Remote SSL VPN Security Client Juniper Networks SSL VPNs lead the market with a Juniper Networks enables enterprises to quickly and securely connect their remote users to complete range of products, tailored to meet the needs the corporate resources they need to be productive. With the number of remote users for companies of all sizes. Juniper Networks SSL VPNs enterprises potentially have to secure, they can’t afford to have a solution that is difficult to are based on the Instant Virtual Extranet (IVE) platform, deploy and configure. Understanding this, Juniper Networks has created a solution that is which uses SSL, the security protocol found in all very easy to deploy and maintain. Enterprises can use the Juniper Networks NetScreen- standard Web browsers. The use of SSL eliminates the Remote VPN client for VPN functionality or combine VPN and personal firewall need for client software deployment, changes to internal functionality with the Juniper Networks NetScreen-Remote Security Client to ensure the servers, and costly ongoing maintenance and desktop information remains private and the network secure against unauthorized users. support. Juniper Networks SSL VPN appliances combine the overall benefit of a lower total cost of ownership compared to traditional IPSec client Key Features & Benefits solutions, with unique end-to-end security features. • Interoperable with IPSec compliant communication devices • Support for the highest levels of encryption and authentication algorithms Juniper Networks SSL VPN Appliance Line • Integrated with personal firewall for stronger security CUSTOMER PRODUCTS TOENTERPRISE When to Sell NETWORK RECOMMEND CLASS FEATURES Small to mid-sized Juniper Networks • Secure access for remote/mobile employees, • Customer requests an IPSec remote access solution companies NetScreen-RA 500 with no client software Products • Plug-n-play deployment Selected Part Numbers and Ordering Information • Robust security features

Firewall VPN IPSec / PRODUCT PART NUMBER Small to mid-sized Juniper Networks • Secure LAN, intranet and extranet access for NetScreen-Remote Security Client – 10 User License NS-R8P-010 enterprises NetScreen-SA 1000 employees, business partners and customers • Three access methods allow administrators NetScreen-Remote Security Client – 100 User License NS-R8P-100 to provision access by purpose NetScreen-Remote Security Client – 1,000 User License NS-R8P-110 • Dynamic access privilege management SSL VPN NetScreen-Remote VPN Client – 10 User License NS-R8A-010 • Simplified administration available via Central Manager NetScreen-Remote VPN Client – 100 User License NS-R8A-100 • Upgrade to Secure Meeting available NetScreen-Remote VPN Client – 1,000 User License NS-R8A-110 Mid-sized to large Juniper Networks • Scalable platform enables medium to large enterprises NetScreen-SA 3000 enterprises to offer secure extranet, intranet For More Information: and LAN access from one platform. • Enterprise performance/high availability http://www.juniper.net/products/integrated/dsheet/110012.pdf • Dynamic access privilege management, with 3 access methods • FIPS compliant platform available • Simplified administration available via Central Manager • Upgrade to Secure Meeting available Large and Juniper Networks • High performance platform for the largest multinational NetScreen-SA 5000 and most complex secure extranet, intranet enterprises and LAN access deployments • Hardware-based SSL acceleration and HTTP compression • Dynamic access privilege management with 3 access methods • Simplified administration available via Central Manager • Upgrade to Secure Meeting available Juniper Networks Quick Reference Guide Juniper Networks Quick Reference Guide 40 SSL VPN SSL VPN 41

Juniper Networks NetScreen-RA 500 Series Selected Part Numbers and Ordering Information The Juniper Networks NetScreen-RA 500 series of SSL VPN PRODUCT PART NUMBER appliances provide small to medium enterprises a secure, NetScreen-RA 510 for 10 simultaneous users NS-RA-510 cost-effective way to deploy employee remote access to NetScreen-RA 525 for 25 simultaneous users NS-RA-525 corporate networks. Using SSL to provide encrypted NetScreen-RA 550 for 50 simultaneous users NS-RA-550 transport, the NetScreen-RA 500 enables instant access for Upgrade NetScreen-RA 510 to 525 - 25 simultaneous users NS-RA-525-UPG users with just a Web browser and eliminates Network Address Translation (NAT) and firewall traversal issues found with traditional remote access Upgrade NetScreen-RA 525 to 550 - 50 simultaneous users NS-RA-550-UPG products. Built on Juniper’s market-leading IVE platform, the NetScreen-RA 500 series For More Information: http://www.juniper.net/products/ssl/ra_500.html delivers enterprise-strength AAA (authentication, authorization, auditing), comprehensive endpoint defense, and a core security architecture that has been audited in depth by TruSecure and Cryptography Research and certified by ICSA labs.

Key Features & Benefits • Provides secure access to remote or mobile employees by levering the Network Connect access provisioning method. This creates a secure virtual network layer connection between the remote user and the corporate LAN. • Plug-n-play appliance that installs in minutes with minimal IT knowledge required. • No client-side software to install, no changes to servers and limited ongoing maintenance resulting in a significantly reduced total cost of ownership versus traditional client-based IPSec solutions. • Complete, secure access to LAN resources, ensuring that the endpoint device, data in transit and internal resources are secure. • Seamless integration with broad range of authentication methods and protocols. • Improved productivity for remote employees • No network interoperability issues SSL VPN

When to Sell

SSL VPN SSL • Small to medium enterprise with between 10 and 50 concurrent users • No need for business partner or customer access • Customer looking for a plug-n-play appliance without client software or changes to infrastructure • Enterprise has limited IT department, budget and rack space • Need to eliminate NAT or firewall traversal issues • No need for Secure Meeting or Central Manager functionality

Competitive Products AEP AG-60, Cisco VPN Concentrator 3005, Net6 HV 2000, Nokia IP 130, Safenet iGate Juniper Networks Quick Reference Guide Juniper Networks Quick Reference Guide 42 SSL VPN SSL VPN 43

Juniper Networks NetScreen-SA 1000 Series Selected Part Numbers and Ordering Information The Juniper Networks NetScreen-SA 1000 Series of SSL VPNs PRODUCT PART NUMBER enables small-to-medium-sized companies to deploy cost NetScreen-SA 1000 Baseline Products effective remote access, extranet and intranet security. Users NetScreen-SA-1005-Baseline for 25 Simultaneous Users NS-SA-1005B can access the corporate network and applications from any NetScreen-SA-1010-Baseline for 50 Simultaneous Users NS-SA-1010B standard Web browser. The NetScreen-SA 1000 Series uses NetScreen-SA-1020-Baseline for 100 Simultaneous Users NS-SA-1020B SSL, the security protocol found in all standard Web browsers, as a secure access transport mechanism. The use of SSL eliminates the need for client NetScreen-SA 1000 Baseline Cluster Pairs software deployment, changes to internal servers, and costly ongoing maintenance. NetScreen-SA-1005-Baseline Cluster Pair for 25 Simultaneous Users NS-SA-1005B-CP NetScreen-SA-1010-Baseline Cluster Pair for 50 Simultaneous Users NS-SA-1010B-CP Key Features & Benefits NetScreen-SA-1020-Baseline Cluster Pair for 100 Simultaneous Users NS-SA-1020B-CP • End-to-end security with Granular authorization and auditing down to the URL, file, NetScreen-SA 1000 Advanced Products application and server level NetScreen-SA-1005-Advanced for 25 Simultaneous Users NS-SA-1005A • Juniper’s Endpoint Defense Initiative provides best-of-breed endpoint security NetScreen-SA-1010-Advanced for 50 Simultaneous Users NS-SA-1010A • Identity-driven access can be specified by user group or role, as well as network, device NetScreen-SA-1020-Advanced for 100 Simultaneous Users NS-SA-1020A and session attributes NetScreen-SA 1000 Advanced Cluster Pairs • No client software deployments or changes to servers, and virtually no ongoing NetScreen-SA-1005-Advanced Cluster Pair for 25 Simultaneous Users NS-SA-1005A-CP maintenance • Secure extranet access with no DMZ build out, server hardening, resource duplication, NetScreen-SA-1010-Advanced Cluster Pair for 50 Simultaneous Users NS-SA-1010A-CP or incremental deployments to add applications or users NetScreen-SA-1020-Advanced Cluster Pair for 100 Simultaneous Users NS-SA-1020A-CP • Secure remote access, intranets and extranets from one platform NetScreen-SA 1000 Secure Meeting Series Upgrades • Streamlined manageability for unified administration Secure Meeting Upgrade Option for 10 Simultaneous Users/ • Cluster pair deployment option, for high availability across the LAN and the WAN 5 Simultaneous Meetings NS-SA-UPG-M10 • Secure Meeting upgrade for secure, cross-enterprise online meetings Secure Meeting Upgrade Option for 25 Simultaneous Users/ 10 Simultaneous Meetings NS-SA-UPG-M25 SSL VPN When to Sell This is only a subset of all part numbers available for this product. For the latest part number and pricing • For small to medium enterprises with between 25 and 100 concurrent users information, please see the Juniper Networks price list. • Seeking secure remote access for employees as well as business partners and/or SSL VPN SSL customers • Need for granular access controls at the file, URL and application levels For More Information: • Require cluster pair deployment for high availability http://www.juniper.net/products/ssl/sa_1000.html • Need Secure Meeting and/or Central Manager functionality

Competitive Products Aventail EX-1500, Check Point Connectra, Cisco VPN 3000, F5 FirePass, Netilla Secure Gateway Appliance, Nokia Secure Access System, NetScaler Secure Remote Access Juniper Networks Quick Reference Guide Juniper Networks Quick Reference Guide 44 SSL VPN SSL VPN 45

Juniper Networks NetScreen-SA 3000 Series Selected Part Numbers and Ordering Information The Juniper Networks NetScreen-SA 3000 Series of SSL VPNs PRODUCT PART NUMBER enable mid-to-large-sized organizations to provide cost NetScreen-SA 3000 Baseline Products effective remote access, partner extranet, and intranet NetScreen-SA-3010-Baseline for 50 Simultaneous Users NS-SA-3010B security. Users can securely access corporate applications and NetScreen-SA-3020-Baseline for 100 Simultaneous Users NS-SA-3020B resources from any standard Web browser. Based on the NetScreen-SA-3030-Baseline for 250 Simultaneous Users NS-SA-3030B award-winning IVE platform, the NetScreen-SA 3000 Series appliances feature rich access privilege management functionality that can be used to NetScreen-SA-3040-Baseline for 500 Simultaneous Users NS-SA-3040B create secure customer or partner extranets with no infrastructure changes, no DMZ NetScreen-SA-3050-Baseline for 1000 Simultaneous Users NS-SA-3050B deployments, and no software agents. NetScreen-SA 3000 Baseline Cluster Pairs NetScreen-SA-3010-Baseline Cluster Pair for 50 Simultaneous Users NS-SA-3010B-CP Key Features & Benefits NetScreen-SA-3020-Baseline Cluster Pair for 100 Simultaneous Users NS-SA-3020B-CP • Enhanced security with access privilege management for powerful, flexible authentication NetScreen-SA-3030-Baseline Cluster Pair for 250 Simultaneous Users NS-SA-3030B-CP and authorization policies with no software deployments NetScreen-SA-3040-Baseline Cluster Pair for 500 Simultaneous Users NS-SA-3040B-CP • Identity driven access can be specified by user group & role, as well as network, device, NetScreen-SA-3050-Baseline Cluster Pair for 1000 Simultaneous Users NS-SA-3050B-CP and session attributes NetScreen-SA 3000 Advanced Products • Endpoint client, device, data and server security controls NetScreen-SA-3010-Advanced for 50 Simultaneous Users NS-SA-3010A • Three different access methods allow enterprises to provision by purpose • No client software deployments or changes to servers, and virtually no ongoing maintenance NetScreen-SA-3020-Advanced for 100 Simultaneous Users NS-SA-3020A • High-performance, scalable and manageable with cluster pair deployment option, for NetScreen-SA-3030-Advanced for 250 Simultaneous Users NS-SA-3030A high availability across the LAN and the WAN NetScreen-SA-3040-Advanced for 500 Simultaneous Users NS-SA-3040A • Secure Meeting upgrade for secure, cross-enterprise online meetings NetScreen-SA-3050-Advanced for 1000 Simultaneous Users NS-SA-3050A • Fine grained auditing and logging NetScreen-SA 3000 Advanced Cluster Pairs • FIPS-cryptographic key handling in a certified module NetScreen-SA-3010-Advanced Cluster Pair for 50 Simultaneous Users NS-SA-3010A-CP

When to Sell NetScreen-SA-3020-Advanced Cluster Pair for 100 Simultaneous Users NS-SA-3020A-CP SSL VPN NetScreen-SA-3030-Advanced Cluster Pair for 250 Simultaneous Users NS-SA-3030A-CP • For medium to large enterprises with between 50 and 1000 concurrent users NetScreen-SA-3040-Advanced Cluster Pair for 500 Simultaneous Users NS-SA-3040A-CP • Seeking secure remote access for employees as well as business partners and/or customers

SSL VPN SSL NetScreen-SA-3050-Advanced Cluster Pair for 1000 Simultaneous Users NS-SA-3050A-CP • Need for granular access controls at the file, URL and application levels • Require cluster pair deployment for high availability NetScreen-SA 3000 Secure Meeting Series Upgrades • Need Secure Meeting and/or Central Manager functionality Secure Meeting Upgrade Option for 25 Simultaneous Users/ • Where FIPS certification is a requirement 10 Simultaneous Meetings NS-SA-UPG-M25 Secure Meeting Upgrade Option for 50 Simultaneous Users/ Competitive Products 10 Simultaneous Meetings NS-SA-UPG-M50 Aventail EX-1500, Check Point Connectra, Cisco VPN 3000, F5 FirePass, Netilla Secure This is only a subset of all part numbers available for this product. For the latest part number and pricing Gateway Appliance, Nokia Secure Access System, NetScaler Secure Remote Access information, please see the Juniper Networks price list.

For More Information: http://www.juniper.net/products/ssl/sa_3000.html Juniper Networks Quick Reference Guide Juniper Networks Quick Reference Guide 46 SSL VPN SSL VPN 47

Juniper Networks NetScreen-SA 5000 Series Selected Part Numbers and Ordering Information The Juniper Networks NetScreen-SA 5000 Series of SSL VPNs PRODUCT PART NUMBER is designed for large and multinational enterprises. Featuring NetScreen-SA 5000 Baseline Products best-in-class performance, scalability, and redundancy for NetScreen-SA-5020-Baseline for 100 Simultaneous Users NS-SA-5020B organizations with high volume secure access and authori- NetScreen-SA-5030-Baseline for 250 Simultaneous Users NS-SA-5030B zation requirements. Built on the IVE platform, they use SSL NetScreen-SA-5040-Baseline for 500 Simultaneous Users NS-SA-5040B available in all Web browsers as a means of secure transport. NetScreen-SA-5050-Baseline for 1000 Simultaneous Users NS-SA-5050B This enables the enterprise to provide remote access to NetScreen-SA-5060-Baseline for 2500 Simultaneous Users NS-SA-5060B mobile employees and contractors without deploying client software, as well as secure NetScreen-SA 5000 Baseline Cluster Pairs extranet or intranet access with no DMZ build out, server hardening, Web agent NetScreen-SA-5020-Baseline Cluster Pair for 100 Simultaneous Users NS-SA-5020B-CP deployments, or ongoing maintenance. It can be centrally managed with NetScreeen-SA NetScreen-SA-5030-Baseline Cluster Pair for 250 Simultaneous Users NS-SA-5030B-CP Central Manager and deployed in multi-unit and multi-site clusters for a solution that is NetScreen-SA-5040-Baseline Cluster Pair for 500 Simultaneous Users NS-SA-5040B-CP both manageable and scaleable. NetScreen-SA-5050-Baseline Cluster Pair for 1000 Simultaneous Users NS-SA-5050B-CP Key Features & Benefits NetScreen-SA-5060-Baseline Cluster Pair for 2500 Simultaneous Users NS-SA-5060B-CP NetScreen-SA 5000 Baseline Three Unit Single-Site Clusters • Performance, scalability & robust high availability ideal for large number of users and NetScreen-SA-5000-Baseline 3-Unit Cluster for 1000 Simultaneous Users NS-SA-5000B-C3-1000 complex application needs NetScreen-SA-5000-Baseline 3-Unit Cluster for 2500 Simultaneous Users NS-SA-5000B-C3-2500 • Hardware-based performance enhancing features, including SSL acceleration and HTTP NetScreen-SA 5000 Baseline Four Unit Single-Site Clusters compression, to provide optimal scalability NetScreen-SA-5000-Baseline 4-Unit Cluster for 1000 Simultaneous Users NS-SA-5000B-C4-1000 • End-to-end security with access privilege management for powerful authentication and NetScreen-SA-5000-Baseline 4-Unit Cluster for 2500 Simultaneous Users NS-SA-5000B-C4-2500 authorization policies with no additional software deployments NetScreen-SA-5000-Baseline 4-Unit Cluster for 5000 Simultaneous Users NS-SA-5000B-C4-5000 • Identity-driven access can be specified by user group or role, as well as network, device, NetScreen-SA 5000 Advanced Products and session attributes NetScreen-SA-5020-Advanced for 100 Simultaneous Users NS-SA-5020A • Fine-grained auditing and logging NetScreen-SA-5030-Advanced for 250 Simultaneous Users NS-SA-5030A • High availability multi-unit clustering options across the LAN and WAN

NetScreen-SA-5040-Advanced for 500 Simultaneous Users NS-SA-5040A SSL VPN • Central management option for unified administration and user self service features NetScreen-SA-5050-Advanced for 1000 Simultaneous Users NS-SA-5050A enhance productivity while lowering administrative overhead • Secure remote access with no client software deployments or changes to servers, and NetScreen-SA-5060-Advanced for 2500 Simultaneous Users NS-SA-5060A NetScreen-SA 5000 Advanced Cluster Pairs SSL VPN SSL virtually no ongoing maintenance • Secure Meeting upgrade for secure, cross-enterprise online meetings NetScreen-SA-5020-Advanced Cluster Pair for 100 Simultaneous Users NS-SA-5020A-CP • FIPS-cryptographic key handling in a certified module NetScreen-SA-5030-Advanced Cluster Pair for 250 Simultaneous Users NS-SA-5030A-CP NetScreen-SA-5040-Advanced Cluster Pair for 500 Simultaneous Users NS-SA-5040A-CP When to Sell NetScreen-SA-5050-Advanced Cluster Pair for 1000 Simultaneous Users NS-SA-5050A-CP NetScreen-SA-5060-Advanced Cluster Pair for 2500 Simultaneous Users NS-SA-5060A-CP • For large and multinational enterprises with between 100 and 2,500 concurrent users in a single appliance and thousands of users across the enterprise serviced with clustering NetScreen-SA 5000 Advanced Three Unit Single-Site Clusters capabilities NetScreen-SA-5000-Advanced 3-Unit Cluster for 1000 Simultaneous Users NS-SA-5000A-C3-1000 • Seeking secure remote access for employees as well as business partners and/or NetScreen-SA-5000-Advanced 3-Unit Cluster for 2500 Simultaneous Users NS-SA-5000A-C3-2500 customers NetScreen-SA 5000 Advanced Four Unit Single-Site Clusters • Need for remote access controls at the file, URL and application levels NetScreen-SA-5000-Advanced 4-Unit Cluster for 1000 Simultaneous Users NS-SA-5000A-C4-1000 • Where multi-unit clustering is a requirement for scalability of secure LAN, intranet and NetScreen-SA-5000-Advanced 4-Unit Cluster for 2500 Simultaneous Users NS-SA-5000A-C4-2500 extranet access NetScreen-SA-5000-Advanced 4-Unit Cluster for 5000 Simultaneous Users NS-SA-5000A-C4-5000 • Need Secure Meeting and/or Central Manager functionality NetScreen-SA 5000 Secure Meeting Series Upgrades • Where FIPS certification is a requirement Secure Meeting Upgrade Option for 25 Simultaneous Users/ 10 Simultaneous Meetings NS-SA-UPG-M25 Competitive Products Secure Meeting Upgrade Option for 50 Simultaneous Users/ 10 Simultaneous Meetings NS-SA-UPG-M50 Aventail EX-1500, Check Point Connectra, Cisco VPN 3000, F5 FirePass, Netilla Secure Secure Meeting Upgrade Option for 100 Simultaneous Users/ Gateway Appliance, Nokia Secure Access System, NetScaler Secure Remote Access 20 Simultaneous Meetings NS-SA-UPG-M100 This is only a subset of all part numbers available for this product. For the latest part number and pricing information, please see the Juniper Networks price list. For More Information: http://www.juniper.net/products/ssl/sa_5000.html Juniper Networks Quick Reference Guide Juniper Networks Quick Reference Guide 48 Intrusion Detection and Prevention (IDP) Intrusion Detection and Prevention (IDP) 49

Intrusion Detection and Prevention (IDP) Product Specs At-A-Glance The Juniper Networks Intrusion Detection and Prevention NETSCREEN-IDP NETSCREEN-IDP NETSCREEN-IDP NETSCREEN-IDP products (Juniper Networks IDP) integrate application and 10 100 500 1000 network visibility with incident investigation and remediation Maximum Throughput 20 MB 200 MB 500 MB 1 GB to help customers quickly and confidently deploy inline attack Maximum Number of prevention. When deployed inline, Juniper Networks IDP Sessions 10,000 70,000 220,000 500,000 effectively identifies and stops network and application level Operational Modes Passive sniffer, inline bridge, inline Proxy-ARP, and inline router attacks before they inflict any damages, minimizing the time Detection Mechanisms 8 including Stateful Signatures and backdoor detection and costs associated with intrusions. Signature Updates Weekly and emergency Number of Interfaces 2 Copper Gigabit 2 Copper Gigabit 2 Copper Gigabit 2 Copper Gigabit The Juniper Networks IDP product line includes the NetScreen-IDP 10, NetScreen-IDP 100, and 1 10/100 and 2 10/100 and 2 GBIC and 2 GBIC NetScreen-IDP 500 and the NetScreen-IDP 1000. All of the products contain the full IDP Standard Standard Standard Standard features and are managed using the same management interface. High Availability Support Fail-Open Only Standard failover, load sharing, clustering and 3rd (Requires party failover Bypass Unit) Key Features & Benefits • Multi-method detection system that includes compound signatures, stateful signatures, Selected Part Numbers and Ordering Information protocol anomaly and backdoor detection PRODUCT PART NUMBER • Extensive signature customization to improve the ability to detect unique attacks and Juniper Networks NetScreen-IDP 10 NS-IDP-10-003 tailor the signature specific to the customer’s requirements Juniper Networks NetScreen-IDP 100 NS-IDP-100-002 • Closed loop investigation process to quickly see the big picture and then drill down to Juniper Networks NetScreen-IDP 500 NS-IDP-500-002 the appropriate level of detail to make informed security decisions Juniper Networks NetScreen-IDP 1000 NS-IDP-1000 • Enterprise Security Profiler to gain insight into network and attack activity that accelerates inline deployment and facilitates attack investigation Accessories • Policy Editor to create and deploy granular security policies based on what traffic to NetScreen-IDP Bypass Fail-Open Device (IDP-10 / -100 only) NS-IDP-BYP look at, what attacks to look for in that traffic, and how to respond when an attack has NetScreen-IDP Fiber Gigabit NICs (set of 2 Cards, IDP-100 only) NS-IDP-GB been detected NetScreen IDP Dual Fiber Gigabit NIC (IDP-500/-1000 only) NS-IDP-GB2 • Log Viewer to investigate specific security incidents with the ability to customize the NetScreen-IDP Quad 10/100/1000 NIC (IDP-100/-500/-1000 only) NS-IDP-QUAD-NIC way information is processed within the system NetScreen-IDP Redundant Hard Drive (IDP-100 only) NS-IDP-HD-002 • Centralized rule-based management approach to simplify deployment, configuration NetScreen-IDP AC Power Supply (IDP-100 only) NS-IDP- PWR-AC-002 and maintenance • Fully customizable reporting to generate up to the minute status on network activity NetScreen-IDP Rapid Rail Kit NS-IDP-RCK-01 NetScreen-IDP Chatsworth Rail Kit NS-IDP-RCK-02 • IDP clustering to enable stateful, standalone high availability minimizing the risk of a (IDP) and Prevention Intrusion Detection Intrusion single point of failure and maximizing network protection This is only a subset of all part numbers available for this product. For the latest part number and pricing information, please see the Juniper Networks price list. When to Sell • NetScreen-IDP 10: For small network segments or low speed links For More Information: • NetScreen-IDP 100: For medium central site and large branch offices http://www.juniper.net/products/intrusion/ • NetScreen-IDP 500: For medium to large central sites or high traffic areas • NetScreen-IDP 1000: For large central site or high traffic areas • When preventing and not just detecting attacks is a requirement for the customer • When a customer is looking for a more accurate and manageable intrusion detection solution

Competitive Products Enterasys Dragon, Intruvert, ISS Proventia, NFR, Sourcefire, Tipping Point UnityOne Juniper Networks Quick Reference Guide Juniper Networks Quick Reference Guide 50 Security Management Security Management 51

Security Management Competitive Products Check Point SmartCenter and Provider-1, Cisco VPN and Security Management Solution (VMS), Juniper Networks NetScreen-Security Manager Fortinet FortiManager, SonicWALL Global Management System (GMS), WatchGuard System Manager Juniper Networks NetScreen-Security Manager takes a new approach to security (Firebox III and Firebox X products), WatchGuard Central Policy Manager (vClass products) management by providing IT departments with an easy-to-use solution that controls all aspects of the Juniper Networks firewall / IPSec VPN devices including device configuration, Product Specs At-A-Glance network settings, and security policy. Unlike some solutions that require the use of multiple USER INTERFACE management tools to control a single device, NetScreen-Security Manager enables IT Operating System Support Microsoft® Windows® 2000, Windows NT, Windows XP, and departments to control the entire device lifecycle with a single, centralized solution. Red Hat Linux® 8.0, Red Hat Linux 9.0, Red Hat Enterprise 3.0 The NetScreen-Statistical Report Server is the statistical archival and reporting tool for Minimum CPU 400 mHz Pentium II or equivalent NetScreen-Security Manager. The Statistical Report Server is used to store statistical Minimum RAM 256 MB RAM, 512 MB recommended information from the managed firewall / IPSec VPN devices in the network, and then Minimum Available Disk Space 100 MB generate reports from this data enabling further viewing and analysis of the information Minimum Connectivity to Server 384 kbps (DSL) or LAN about a security deployment. Management Server (GUI Server and Device Server combined) Key Features & Benefits Operating System Support Solaris® 8, Solaris 9, Red Hat Linux 8.0, Red Hat Linux 9.0, Red Hat Enterprise 3.0 • Intuitive GUI simplifies complex tasks such as device configuration, policy creation, and VPN deployment Minimum CPU 1 GHz • Delegation of administrative roles provides information access to those who need it Minimum RAM 1 GB • Object locking allows multiple administrators to safely modify different policies or Minimum Hard Disk 10K rpm disk with at least 18 GB disk space (logs are devices concurrently estimated to be an average of 100 bytes each) • Full High Availability with automatic synchronization and failover Minimum NIC 100 Mbs • Device templates to minimize configuration errors by managing any or all aspects of a Maximum devices managed device or group of devices via a template per server 2000* • VPN manager to accelerate VPN deployments by creating all the necessary rules after a Juniper Networks Firewall / IPSec VPN Device & Software Support basic topology has been defined Device Support NetScreen-Hardware Security Client, NetScreen-5XP, • Log viewing allows logs stored within the system to be viewed in real time with filters to NetScreen-5XT, NetScreen-5GT, NetScreen-5GT ADSL, allow an administrator to perform rapid analysis of security status and events NetScreen-25, NetScreen-50, NetScreen-204, NetScreen-208, • Statistical Report Server: Up to 40 different reports in 4 categories cover a full range of NetScreen-500, NetScreen-ISG 2000, NetScreen-5200, data points that can be used for historical analysis to make sound business decisions NetScreen-5400 moving forward ScreenOS Support ScreenOS 5.1.0*, ScreenOS 5.0.0, ScreenOS 5.0-GPRS, • Statistical Report Server: Report filter can be set up based on specific devices or device ScreenOS 4.0.3, ScreenOS 4.0.1, ScreenOS 4.0.1-SBR, groups, or timeframe for a customized viewpoint. ScreenOS 4.0.1-MCAST, ScreenOS 4.0.0, ScreenOS 4.0.0 DIAL2 *Using NetScreen-Security Manager Feature Pack 3 When to Sell • Customer has a large-scale security deployment to manage • Wants one central interface for configuration, management and reporting of devices • Wants to ensure policy enforcement from the corporate headquarters • Has different administrators that manage different aspects of the company’s network security • Needs to provide reports to different levels within the organization • Needs to reduce provisioning, configuration and troubleshooting time as well as the associated costs Management Security Juniper Networks Quick Reference Guide Juniper Networks Quick Reference Guide 52 Security Management Security Management 53

Selected Part Numbers and Ordering Information Juniper Networks NetScreen-SA Central Manager PRODUCT PART NUMBER The Juniper Networks Secure Access family of appliances has consistently led the SSL VPN market, NetScreen-Security Manager, 10 devices NS-SM-10 providing secure access to remote/mobile employees, business partners, and customers. As SSL VPN NetScreen-Security Manager, 25 devices NS-SM-25 deployments grow both in cluster size and in breadth of geographic reach, so too has the challenge in providing streamlined, efficient management. Juniper Networks has extended its core competence in NetScreen-Security Manager, 50 devices NS-SM-50 the SSL VPN marketplace with the introduction of the Juniper Networks NetScreen-SA Central NetScreen-Security Manager, 100 devices NS-SM-100 Manager, a robust product with an intuitive web-based UI designed to facilitate the task of NetScreen-Security Manager, 200 devices NS-SM-200 configuring, updating and monitoring Secure Access appliances whether within a single cluster or NetScreen-Security Manager, 500 devices NS-SM-500 across a global cluster deployment. NetScreen-Security Manager, 1000 devices NS-SM-1000 NetScreen-Statistical Report Server NS-SM-SRS Key Features & Benefits This is only a subset of all part numbers available for this product. For the latest part number and • System dashboard for an at-a-glance graphical representation of system-wide activities. pricing information, please see the Juniper Networks price list. • Local back-up and restore eliminates time-intensive process of saving files, downloading to ftp site, then uploading files when needed • Back-up essential for quick disaster recovery – configurations can be restored in seconds For More Information: instead of in minutes http://www.juniper.net/products/integrated/dsheet/110018.pdf • Push technology eliminates incomplete security policy enforcement by sending information to other gateways or clusters • Consistent security policy enforcement with synchronization to automate propagation of changes within a cluster • Comprehensive, actionable auditing with rich log filtering capabilities for quick searches of critical events • Custom log filters, so events can be viewed in the most pertinent context for each admin

When to Sell • Customer has a large-scale secure access solution to manage and needs a disaster recovery plan • Wants to maintain a consistent security policy across the enterprise • Needs a system-wide view of the deployment to see the impact of activity as well as which applications are being utilized

Competitive Products F5, Nokia

Selected Part Numbers and Ordering Information PRODUCT PART NUMBER NetScreen-SA Central Manager for Secure Access Appliances NetScreen-SA Central Manager for 1 device NS-SA-CM NetScreen-SA Central Manager for 2 devices in a single cluster NS-SA-CM2 NetScreen-SA Central Manager for 3 devices in a single cluster NS-SA-CM3 NetScreen-SA Central Manager for 4 devices in a single cluster NS-SA-CM4 NetScreen-SA Central Manager for Secure Meeting Appliances

NetScreen-SM Central Manager for 1 device NS-SM-CM Management NetScreen-SM Central Manager for 2 devices in a single cluster NS-SM-CM2 Security For More Information: http://www.juniper.net/products/ssl/management.html Security Security Management Juniper Networks Quick Reference Guide Juniper Networks Quick Reference Guide 54 Juniper Networks Frequently asked Questions Juniper Networks Frequently asked Questions 55

Juniper Networks Frequently asked Questions What if I need more information? Juniper Networks provides a comprehensive set of literature to spark ideas, provide Why recommend Juniper Networking solutions? frameworks and ensure that you have the technical information you need to design, select, Juniper Networks brings a new pace of innovation to the industry through purpose-built implement and sell Juniper Networks. Please see below a list of useful URLs and the platforms and sophisticated software. It is recognized as a center of excellence in the J-partner help desk telephone number and e-mail address. development of silicon and software that support high-performance, intelligent networks, Home Page: http://www.juniper.net and remains at the forefront of industry initiatives that drive the continuing transformation Product Information: http://www.juniper.net/products/ of these networks and the businesses they support. Solutions Information: http://www.juniper.net/solutions/ Does Juniper Networks have a Sales Incentive program? Technical Support: http://www.juniper.net/support/ Yes. The J-Rewards program rewards you for the value you add to selling and supporting J-Partner Center: http://www.juniper.net/partners/ Juniper Networks solutions. It is available exclusively to members of the J-Partner Program, Certification Requirements: http://www.juniper.net/training/certification/ whether you are a sales representative or sales engineer. You can earn and accumulate Find a Partner: http://www.juniper.net/partners/find_partner.html points quickly by selling Juniper Networks which can quickly turn into fantastic rewards. Partner Registration: http://www.juniper.net/partners/partner_channels.html For more information go to http://www.juniper.net/jrewards/ Product End of Life Matrix: http://www.juniper.net/support/eol/ What about Reseller Training? Training: http://www.juniper.net/training/ Juniper Networks Partner Training delivers the training and knowledge requested by our Sales Offices Contact Info: http://www.juniper.net/company/contactus/sales.html authorized Partners. The comprehensive curriculum includes Sales and Technical Essentials J-partner helpdesk: + 31 20 712 58 57 designed to highlight products and solutions. These on-demand training modules have Email: [email protected]. ‘learning maps’ to help you determine your technology, platforms and solutions training needs. For more information go to http://www.juniper.net/training/

What about Customer and Support Services? Juniper Networks provides a comprehensive and flexible portfolio of industry leading technical support, professional services, and education programs that help customers gain the maximum value from their network investments. The full range of service elements within our three Customer Services families – Transition, Operation, and Optimization – allows you to not just respond to market factors, but anticipate them. Juniper Networks portfolio of support services provides the backup support that large networks demand and lets customers select from a variety of options that augment their in-house technical expertise. For more Information see the Partner Center Customer Support pages at: (Partner Center login required) https://www.juniper.net/partners/partner_center/content/reseller/cs/services/ Juniper Networks Quick Reference Guide Juniper Networks Quick Reference Guide 56 Product Warranty Information General Disclaimer 57

Product Warranty Information JUNIPER WARRANTY HARDWARE** SOFTWARE JUNIPER TECHNICAL PRODUCT START DATE* ASSISTANCE (JTAC)*** All Juniper E-, M-, Juniper product 1 year 20-day 90 days software 1 year online support T-, and J-Series date-of-ship return-to-factory media for JUNOS(e) for RMA processing (RTF) return/replace products only NetScreen FW/VPN Juniper product 1 year 20-day 1x software update 1 year online support and Secure Access date-of-ship return-to-factory or upgrade for RMA processing Products (RTF) return/replace only NetScreen AV Juniper product 1 year 20-day 1 year - ScreenOS 1 year online support Products date-of-ship return-to-factory AV Signature Service for RMA processing (RTF) return/replace DI Signature only Service NetScreen IDP Juniper product 1 year 20-day 1x software update 1 year online support date-of-ship return-to-factory or upgrade for RMA processing (RTF) return/replace only NetScreen Juniper product Not Applicable 1x software update Not Applicable Remote date-of-ship or upgrade *90 days will be added for any product shipped via channel on the back-end systems **The 20 day clock starts once product has been received by Juniper; Ship time is not part of 20 days ***For customers that require troubleshooting, install/config assistance should purchase a support contract This is intended as a summary only. Please refer to the current published version of the Juniper Networks Warranty policy located at: http://www.juniper.net/support/warranty/

General Disclaimer

Although Juniper Networks has attempted to provide accurate information in this Guide, Juniper Networks assumes no responsibility for the accuracy of the information. Juniper Networks may change the programs or products mentioned at any time without prior notice. Mention of non-Juniper Networks products or services is for information purposes only and constitutes neither an endorsement nor a recommendation of such products or services or of any company that develops or sells such products or services.

Many of the Juniper Networks products and services identified in this Guide are provided with written software licenses and limited warranties. Those licenses and warranties provide the purchasers of those products with certain rights. Nothing in this Guide shall be deemed to expand, alter, or modify any warranty or license provided by Juniper Networks with any Juniper Networks product, or to create any new or additional warranties or licenses. About Juniper Networks, Inc.

Juniper Networks is the leader in enabling secure and assured communications over a single IP network. The company's purpose-built, high performance IP platforms enable customers to support many different services and applications at scale. Service providers, enterprises, governments and research and education institutions worldwide rely on Juniper Networks to deliver products for building networks that are tailored to the specific needs of their users, services and applications. Juniper Networks' portfolio of proven networking and security solutions supports the complex scale, security and performance requirements of the world's most demanding networks. Additional information can be found at www.juniper.net.

Europe, Middle East, Africa Regional Sales Headquarters Juniper Networks B.V. Beech Avenue 3 1119 RA Schiphol Rijk Amsterdam Phone: 31-20-712-5700 Fax: 31-20-712-5701

Copyright © 2005 Juniper Networks, Inc. All rights reserved. Juniper Networks, the Juniper Networks logo, NetScreen, NetScreen Technologies, GigaScreen, NetScreen-Global PRO, NetScreen-Remote, NetScreenOS and the NetScreen logo are trademarks and registered trademarks of Juniper Networks, Inc. in the United States and other countries. The following are trademarks of Juniper Networks, Inc.: ERX, ESP, E-Series, Instant Virtual Extranet, Internet Processor, J2300, J4300, J6300, J-Protect, J-series, J-Web, JUNOS, JUNOScope, JUNOscript, JUNOSe, M5, M7i, M10, M20, M40, M40e, M160, M320, M- series, MMD, NetScreen-5GT, NetScreen-5XP, NetScreen-25, NetScreen-50, NetScreen-204, NetScreen-208, NetScreen-500, NetScreen-5200, NetScreen-5400, NetScreen-IDP 10, NetScreen-IDP 100, NetScreen-IDP 500, NetScreen-Remote-Security Client, NetScreen-Remote VPN Client, NetScreen 1000 Series, NetScreen-SA 3000 Series, NetScreen-SA 5000 Series, NetScreen-SA Central Manager, NetScreen Secure Access, NetScreen-SM 3000, NetScreen-Security Manager, NMC-RX, SDX, Stateful Signature, T320, T640, and T-series. All other trademarks and registered trademarks are the property of their respective companies. Information in this document is subject to change with out notice. No part of this document may be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without receiving written permission from Juniper Networks, Inc. Printed in the UK Stock No: 080570-001 03/05