| JUNOS Software version tested | JUNOS 10.0 | JUNOS 10.0 | JUNOS 10.0 | JUNOS 10.0 | JUNOS 10.0 | JUNOS 10.0 | JUNOS 10.0 | JUNOS 10.0 |
| Firewall performance (max) | 650 Mbps | 750 Mbps | 1.5 Gbps | 7 Gbps | 20 Gbps | 30 Gbps | 60 Gbps | 120 Gbps |
| IPS performance (NSS 4.2.1) | 60 Mbps | 80 Mbps | 250 Mbps | 900 Mbps | 6 Gbps | 10 Gbps | 15 Gbps | 30 Gbps |
| AES256+SHA-1 / 3DES+SHA-1 VPN performance | 65 Mbps | 75 Mbps | 250 Mbps | 1.5 Gbps | 6 Gbps | 10 Gbps | 15 Gbps | 30 Gbps |
| Maximum concurrent sessions | 16 K (512 MB DRAM) / 32 K (1 GB DRAM) | 32 K (512 MB DRAM) / 64 K (1 GB DRAM) | 64 K (512 MB DRAM) / 128 K (1 GB DRAM) | 512 k (2 GB DRAM) | 2.25 Million | 2.25 Million | 9 Million | 10 Million |
| New sessions/second (sustained, TCP, 3-way) | 2,000 | 2,000 | 9,000 | 30,000 | 175,000 | 175,000 | 350,000 | 350,000 |
| Maximum security policies | 384 | 512 | 4,096 | 8,192 | 40,000 | 40,000 | 80,000 | 80,000 |
| Maximum users supported | Unrestricted | Unrestricted | Unrestricted | Unrestricted | Unrestricted | Unrestricted | Unrestricted | Unrestricted |
| Maximum available slots for IOCs | N/A | N/A | N/A | N/A | 4 (front slots) | 6 (front slots) | 5 | 11 |
| Fixed I/O ports | 8 x 10/100 | 2 x 10/100/1000BASE-T + 6 x 10/100 | 16 x 10/100/1000BASE-T | 4 x 10/100/1000BASE-T | 8 10/100/1000 + 4 SFP | 8 10/100/1000 + 4 SFP | N/A | N/A |
| CX111 3G Bridge support | Yes | Yes | Yes | Yes | N/A | N/A | N/A | N/A |
| Internal 3G Express Card Slot support | N/A | Yes | N/A | N/A | N/A | N/A | N/A | N/A |
| WAN / LAN interface options | N/A | - T1/E1
- ADSL2 Annex A
- ADSL2 Annex B
- SFP
- Sync Serial
| - T1/E1
- ADSL2 Annex A
- ADSL2 Annex B
- SFP
- Sync Serial
| - Dual Port T1/E1
- Quad Port T1/E1
- 16 x 1 10/100/1000 copper (PoE optional)
- 24 x 1 10/100/1000 copper w / 4SFP ports (PoE optional)
| - 16 x 1 10/100/1000 copper
- 16 x 1 Gigabit Ethernet small form-factor pluggable transceivers (SFP)
- 2 x 10 Gigabit Ethernet XFP
| - 16 x 1 10/100/1000 copper
- 16 x 1 Gigabit Ethernet small form-factor pluggable transceivers (SFP)
- 2 x 10 Gigabit Ethernet XFP
| - 40 x 1 Gigabit Ethernet SFP
- 4 x 10 Gigabit Ethernet (short reach (SR) or long reach (LR))
- 16 x 10/100/1000 Ethernet FlexIOC
- 4 x 10 Gigabit Ethernet (SR or LR) FlexIOC
| - 40 x 1 Gigabit Ethernet SFP
- 4 x 10 Gigabit Ethernet (short reach (SR) or long reach (LR))
- 16 x 10/100/1000 Ethernet FlexIOC
- 4 x 10 Gigabit Ethernet (SR or LR) FlexIOC
|
| High-availability support | Yes | Yes | Yes | Yes | - Active/Passive, Active/Active
- Low impact chassis cluster
| - Active/Passive, Active/Active
- Low impact chassis cluster
| - Active/Passive, Active/Active
- Low impact chassis cluster
| - Active/Passive, Active/Active
- Low impact chassis cluster
|
| Firewall | - Network attack detection: Yes
- DoS and DDoS protection: Yes
- TCP reassembly for fragmented packet protection: Yes
- Brute force attack mitigation: Yes
- SYN cookie protection: Yes
- Zone-based IP spoofing: Yes
- Malformed packet protection: Yes
| - Network attack detection: Yes
- DoS and DDoS protection: Yes
- TCP reassembly for fragmented packet protection: Yes
- Brute force attack mitigation: Yes
- SYN cookie protection: Yes
- Zone-based IP spoofing: Yes
- Malformed packet protection: Yes
| - Network attack detection: Yes
- DoS and DDoS protection: Yes
- TCP reassembly for fragmented packet protection: Yes
- Brute force attack mitigation: Yes
- SYN cookie protection: Yes
- Zone-based IP spoofing: Yes
- Malformed packet protection: Yes
| - Network attack detection: Yes
- DoS and DDoS protection: Yes
- TCP reassembly for fragmented packet protection: Yes
- Brute force attack mitigation: Yes
- SYN cookie protection: Yes
- Zone-based IP spoofing: Yes
- Malformed packet protection: Yes
| - Network attack detection: Yes
- DoS and DDoS protection: Yes
- TCP reassembly for fragmented packet protection: Yes
- Brute force attack mitigation: Yes
- SYN cookie protection: Yes
- Zone-based IP spoofing: Yes
- Malformed packet protection: Yes
| - Network attack detection: Yes
- DoS and DDoS protection: Yes
- TCP reassembly for fragmented packet protection: Yes
- Brute force attack mitigation: Yes
- SYN cookie protection: Yes
- Zone-based IP spoofing: Yes
- Malformed packet protection: Yes
| - Network attack detection: Yes
- DoS and DDoS protection: Yes
- TCP reassembly for fragmented packet protection: Yes
- Brute force attack mitigation: Yes
- SYN cookie protection: Yes
- Zone-based IP spoofing: Yes
- Malformed packet protection: Yes
| - Network attack detection: Yes
- DoS and DDoS protection: Yes
- TCP reassembly for fragmented packet protection: Yes
- Brute force attack mitigation: Yes
- SYN cookie protection: Yes
- Zone-based IP spoofing: Yes
- Malformed packet protection: Yes
|
| Intrusion Prevention System | - Stateful protocol signatures: Yes
- Attack detection mechanisms: Stateful signatures, protocol anomaly detection (zero-day coverage), application identification
- Attack response mechanisms: Drop connection, close connection, session packet log, session summary, email, custom session
- Attack notification mechanisms: Structured syslog
- Worm protection: Yes
- Simplified installation through recommended policies: Yes
- Trojan protection: Yes
- Spyware/adware/keylogger protection: Yes
- Other malware protection: Yes
- Protection against attack proliferation from infected systems: Yes
- Reconnaissance protection: Yes
- Request and response side attack protection: Yes
- Compound attacks — combines stateful signatures and protocol anomalies: Yes
- Create custom attack signatures: Yes
- Access contexts for customization: 500+
- Attack editing (port range, other): Yes
- Stream signatures: No
- Protocol thresholds: Yes
- Stateful protocol signatures: Yes
- Approximate number of attacks covered: 5,500+
- Detailed threat descriptions and remediation/patch info: Yes
- Create and enforce appropriate application-usage policies: Yes
- Attacker and target audit trail and reporting: Yes
- Deployment modes: Inline
| - Stateful protocol signatures: Yes
- Attack detection mechanisms: Stateful signatures, protocol anomaly detection (zero-day coverage), application identification
- Attack response mechanisms: Drop connection, close connection, session packet log, session summary, email, custom session
- Attack notification mechanisms: Structured syslog
- Worm protection: Yes
- Simplified installation through recommended policies: Yes
- Trojan protection: Yes
- Spyware/adware/keylogger protection: Yes
- Other malware protection: Yes
- Protection against attack proliferation from infected systems: Yes
- Reconnaissance protection: Yes
- Request and response side attack protection: Yes
- Compound attacks — combines stateful signatures and protocol anomalies: Yes
- Create custom attack signatures: Yes
- Access contexts for customization: 500+
- Attack editing (port range, other): Yes
- Stream signatures: Yes
- Protocol thresholds: Yes
- Stateful protocol signatures: Yes
- Approximate number of attacks covered: 5,500+
- Detailed threat descriptions and remediation/patch info: Yes
- Create and enforce appropriate application-usage policies: Yes
- Attacker and target audit trail and reporting: Yes
- Deployment modes: Inline
| - Stateful protocol signatures: Yes
- Attack detection mechanisms: Stateful signatures, protocol anomaly detection (zero-day coverage), application identification
- Attack response mechanisms: Drop connection, close connection, session packet log, session summary, email, custom session
- Attack notification mechanisms: Structured syslog
- Worm protection: Yes
- Simplified installation through recommended policies: Yes
- Trojan protection: Yes
- Spyware/adware/keylogger protection: Yes
- Other malware protection: Yes
- Protection against attack proliferation from infected systems: Yes
- Reconnaissance protection: Yes
- Request and response side attack protection: Yes
- Compound attacks — combines stateful signatures and protocol anomalies: Yes
- Create custom attack signatures: Yes
- Access contexts for customization: 500+
- Attack editing (port range, other): Yes
- Stream signatures: Yes
- Protocol thresholds: Yes
- Stateful protocol signatures: Yes
- Approximate number of attacks covered: 5,500+
- Detailed threat descriptions and remediation/patch info: Yes
- Create and enforce appropriate application-usage policies: Yes
- Attacker and target audit trail and reporting: Yes
- Deployment modes: Inline
| - Stateful protocol signatures: Yes
- Attack detection mechanisms: Stateful signatures, protocol anomaly detection (zero-day coverage), application identification
- Attack response mechanisms: Drop connection, close connection, session packet log, session summary, email, custom session
- Attack notification mechanisms: Structured syslog
- Worm protection: Yes
- Simplified installation through recommended policies: Yes
- Trojan protection: Yes
- Spyware/adware/keylogger protection: Yes
- Other malware protection: Yes
- Protection against attack proliferation from infected systems: Yes
- Reconnaissance protection: Yes
- Request and response side attack protection: Yes
- Compound attacks — combines stateful signatures and protocol anomalies: Yes
- Create custom attack signatures: Yes
- Access contexts for customization: 500+
- Attack editing (port range, other): Yes
- Stream signatures: Yes
- Protocol thresholds: Yes
- Stateful protocol signatures: Yes
- Approximate number of attacks covered: 5,500+
- Detailed threat descriptions and remediation/patch info: Yes
- Create and enforce appropriate application-usage policies: Yes
- Attacker and target audit trail and reporting: Yes
- Deployment modes: Inline
| - Stateful protocol signatures: Yes
- Attack detection mechanisms: Stateful signatures, protocol anomaly detection (zero-day coverage), application identification
- Attack response mechanisms: Drop connection, close connection, session packet log, session summary, email, custom session
- Attack notification mechanisms: Structured syslog
- Worm protection: Yes
- Application identification: Yes
- Application Denial of Service protection: Yes
- SSL encrypted traffic inspection: Yes
- Simplified installation through recommended policies: Yes
- Trojan protection: Yes
- Spyware/adware/keylogger protection: Yes
- Other malware protection: Yes
- Protection against attack proliferation from infected systems: Yes
- Reconnaissance protection: Yes
- Request and response side attack protection: Yes
- Compound attacks — combines stateful signatures and protocol anomalies: Yes
- Create custom attack signatures: Yes
- Access contexts for customization: 500+
- Attack editing (port range, other): Yes
- Stream signatures: Yes
- Protocol thresholds: Yes
- Stateful protocol signatures: Yes
- Approximate number of attacks covered: 6,000+
- Detailed threat descriptions and remediation/patch info: Yes
- Create and enforce appropriate application-usage policies: Yes
- Attacker and target audit trail and reporting: Yes
- Deployment modes: Inline or TAP
| - Stateful protocol signatures: Yes
- Attack detection mechanisms: Stateful signatures, protocol anomaly detection (zero-day coverage), application identification
- Attack response mechanisms: Drop connection, close connection, session packet log, session summary, email, custom session
- Attack notification mechanisms: Structured syslog
- Worm protection: Yes
- Application identification: Yes
- Application Denial of Service protection: Yes
- SSL encrypted traffic inspection: Yes
- Simplified installation through recommended policies: Yes
- Trojan protection: Yes
- Spyware/adware/keylogger protection: Yes
- Other malware protection: Yes
- Protection against attack proliferation from infected systems: Yes
- Reconnaissance protection: Yes
- Request and response side attack protection: Yes
- Compound attacks — combines stateful signatures and protocol anomalies: Yes
- Create custom attack signatures: Yes
- Access contexts for customization: 500+
- Attack editing (port range, other): Yes
- Stream signatures: Yes
- Protocol thresholds: Yes
- Stateful protocol signatures: Yes
- Approximate number of attacks covered: 6,000+
- Detailed threat descriptions and remediation/patch info: Yes
- Create and enforce appropriate application-usage policies: Yes
- Attacker and target audit trail and reporting: Yes
- Deployment modes: Inline or TAP
| - Stateful protocol signatures: Yes
- Attack detection mechanisms: Stateful signatures, protocol anomaly detection (zero-day coverage), application identification
- Attack response mechanisms: Drop connection, close connection, session packet log, session summary, email, custom session
- Attack notification mechanisms: Structured syslog
- Worm protection: Yes
- Application identification: Yes
- Application Denial of Service protection: Yes
- SSL encrypted traffic inspection: Yes
- Simplified installation through recommended policies: Yes
- Trojan protection: Yes
- Spyware/adware/keylogger protection: Yes
- Other malware protection: Yes
- Protection against attack proliferation from infected systems: Yes
- Reconnaissance protection: Yes
- Request and response side attack protection: Yes
- Compound attacks — combines stateful signatures and protocol anomalies: Yes
- Create custom attack signatures: Yes
- Access contexts for customization: 500+
- Attack editing (port range, other): Yes
- Stream signatures: Yes
- Protocol thresholds: Yes
- Stateful protocol signatures: Yes
- Approximate number of attacks covered: 6,000+
- Detailed threat descriptions and remediation/patch info: Yes
- Create and enforce appropriate application-usage policies: Yes
- Attacker and target audit trail and reporting: Yes
- Deployment modes: Inline or TAP
| - Stateful protocol signatures: Yes
- Attack detection mechanisms: Stateful signatures, protocol anomaly detection (zero-day coverage), application identification
- Attack response mechanisms: Drop connection, close connection, session packet log, session summary, email, custom session
- Attack notification mechanisms: Structured syslog
- Worm protection: Yes
- Application identification: Yes
- Application Denial of Service protection: Yes
- SSL encrypted traffic inspection: Yes
- Simplified installation through recommended policies: Yes
- Trojan protection: Yes
- Spyware/adware/keylogger protection: Yes
- Other malware protection: Yes
- Protection against attack proliferation from infected systems: Yes
- Reconnaissance protection: Yes
- Request and response side attack protection: Yes
- Compound attacks — combines stateful signatures and protocol anomalies: Yes
- Create custom attack signatures: Yes
- Access contexts for customization: 500+
- Attack editing (port range, other): Yes
- Stream signatures: Yes
- Protocol thresholds: Yes
- Stateful protocol signatures: Yes
- Approximate number of attacks covered: 6,000+
- Detailed threat descriptions and remediation/patch info: Yes
- Create and enforce appropriate application-usage policies: Yes
- Attacker and target audit trail and reporting: Yes
- Deployment modes: Inline or TAP
|
| Dimensions and Power | - Dimensions (W x H x D): 8.5 x 1.4 x 5.8 in (21.6 x 3.6 x 14.7 cm)
- Weight [device and power supply]: Chassis: 2.5 lbs (1.1kg)
- Power supply (AC): 100-240 VAC, 30 W
- Maximum power draw: 30 W
- Average power consumption: 10 W
| - Dimensions (W x H x D): 11.1 x 1.75 x 7.1 in (28.2 x 4.4 x 18 cm)
- Weight: Chassis: 3.3 lb (1.5 kg) Non-PoE / 4.4 lb (2 kg) PoE No interface modules
- Power supply (AC): 100–240 VAC, 60 W (Non-PoE) / 150 W PoE
- Maximum power draw: 50 W
- Average power consumption: 27 W Low Memory (LM), 28 W High Memory (HM), 84 W (PoE)
| - Dimensions (W x H x D): 17.5 x 1.75 x 16.1 in (44.4 x 4.4 x 40.8 cm)
- Weight: Chassis: 11.2 lb (5.1 kg) Non-PoE / 12.3 lb (5.6 kg) PoE No interface modules
- Power supply 100–240 VAC, 150 W Non PoE / 350 W PoE
- Maximum power draw: 150 W
- Average power consumption: 61 W (LM), 65 W (HM), 179 W (PoE)
| - Dimensions (W x H x D): 17.5 x 3.5 x 18.2 in (44.4 x 8.8 x 46.2 cm)
- Weight: Chassis: 24.9 lbs (11.3 kg) No interface modules 1 power supply
- Power supply (AC): 100–240 VAC, Single 250 W or Dual 250 W
- Maximum power draw: 247 W redundant, or 494 W non-redundant
- Average power consumption: 122 W
| - Dimensions (W x H x D): 17.5 x 5.25 x 25.5 in (44.5 x 13.3 x 64.8 cm)
- Weight: Chassis: 32.3 lb (14.7 kg), Fully Configured: 75 lb (34.1 kg)
- Power supply (AC): 100 to 240 V AC
- Power supply (DC): -40 to -60 V DC
- Maximum power draw: 1,000 W (AC power), 850 W (DC power)
- Power supply redundancy: 1 + 1
| - Dimensions (W x H x D): 17.5 x 8.75 x 25.5 in (44.5 x 22.2 x 64.8 cm)
- Weight: Chassis: 43.6 lb (19.8 kg), Fully Configured: 115.7 lb (52.6 kg)
- Power supply (AC): 100 to 240 V AC
- Power supply (DC): -40 to -60 V DC
- Maximum power draw: 1,500 W (AC power), 1500 W (DC power)
- Power supply redundancy: 2 + 1 / 2 + 2
| - Dimensions (W x H x D): 17.5 x 14 x 23.8 in (44.5 x 35.6 x 60.5 cm)
- Weight: Chassis: Fully Configured: 180 lb / 81.7 kg
- Power supply (AC): 100 to 240 V AC
- Power supply (DC): -40 to -60 V DC
- Maximum power draw: 2,800 W
| - Dimensions (W x H x D): 17.5 x 27.8 x 23.5 in (44.5 x 70.5 x 59.7 cm)
- Weight: Chassis: Fully Configured: 334 lb / 151.6 kg
- Power supply (AC): 200 to 240 V AC
- Power supply (DC): -40 to -60 V DC
- Maximum power draw: 5,100 W
|
