ScreenOS5.1 17 2 Version1.00
Web Filtering Anti Virus Deep Inspection VoIP H.323 SIP ALG NAT ALG(Application Layer Gateway Multicast QOS DNS PPPoE VPN NetScreen
ScreenOS 5.1 ScreenOS 5.1 Web Filtering Netscreen-HSC/5GT/25/50 SurfControl CPA PPPoE PPPoE Deep Inspection PPPoE DNS DynamicDNS ProxyDNS VPN NetScreen-5GT MTU GRE (Generic Routing Encapsulation) MIME L2TP L2TPoverIPSec VoIP NAT Reject H323,SIP ALG SNMP L2TP MIB Trap Multicast Routing ECMP (Equal Cost Multipath Routing) SIBP (Source Interface-Based Routing) ALG
ScreenOS 5.1 http://support.nox.co.jp/ ScreenOS 5.1 NetScreen ScreenOS Migration Guide NetScreen-HSC NetScreen-5XT NetScreen-5GT NetScreen-25 NetScreen-50 NetScreen-204 NetScreen-208 NetScreen-500 NetScreen-5000 ScreenOS 3 ScreenOS WebUI Configuration > Update > Config File > Save To File ns >get config TFTP ns >save config [from flash] to tftp <TFTP IP> < > ns >save config to tftp 192.168.1.100 cfg-0214.txt ScreenOS 5.0
Web Filtering NetScreen Web Filtering Integrated NetScreen-HSC NetScreen-5GT NetScreen-25 NetScreen-50 SurfControl CPA Profile URL IP Custom URL URL : URL :
Web Filtering HTML Black List N N N N Pre-defined White List Y Y Y Y Block Permit Block or Permit Block or Permit Block or Permit
Web Filtering Profile Black List White List Default Action
Web Filtering Web Filtering
Web Filtering Web Filtering Web Filtering 1 1 Web Filtering NS-WF-xx Expire NS-WF-xx Expire NS-WF-xx NS-MNT1-xx NS-MNT2-xx NS-MNT2-xx
Anti Virus NetScreen Anti Virus NetScreen-5GT HTTP SMTP POP3 FTP IMAP MIME Multipurpose Internet Mail Extensions NetScreen-5GT TO: A FROM: B Subject:: CCC TO: A FROM: B Subject:: CCC Attachment Has been Dropped Virus Scanning Application Programming Interface (VSAPI)
Anti Virus Pattern Update
Anti Virus Anti Virus Anti virus 1 1 NetScreen-5GT Anti Virus Deep Inspection NS-5GT-007-AV NS-5GT-107-AV NS-5GT-207-AV Expire NS-AVS-5GT NS-AVS-5GTP NS-AVS-5GTE Expire NS-AVS-5GT NS-AVS-5GTP NS-AVS-5GTE NetScreen-5GT NS-AV-5GT Anti Virus NS-AV-5GTP NS-AV-5GTE Expire NS-AVS-5GT NS-AVS-5GTP NS-AVS-5GTE Expire NS-AVS-5GT NS-AVS-5GTP NS-AVS-5GTE NS-5GT-007 NS-5GT-107 NS-MNT1-5GT NS-MNT1-5GTP NS-MNT2-5GT NS-MNT2-5GTP NS-MNT2-5GT NS-MNT2-5GTP
Deep Inspection NetScreen Deep Inspection FTP DNS HTTP IMAP POP3 SMTP AOL Instant Messenger, Yahoo! Messenger, MSN, MS-RPC, NetBIOS/SMB, Gnutella, P2P Attack Object Action Layer 3 4 IP NO Drop YES NO YES Deep Inspection NO Drop NO Forward packet Src IP Dst IP Src Port Dst Port Protocol Payload Deep Deep YES YES Inspection Inspection Drop Close Ignore Src IP Dst IP Src Port Dst Port Protocol Payload
Deep Inspection
Deep Inspection Attack Object Action Log
Deep Inspection Deep Inspection Deep Inspection 1 1 Web Filtering NS-DI-xx Expire NS-DI-xx Expire NS-DI-xx NS-MNT1-xx NS-MNT2-xx NS-MNT2-xx
VoIP VoIP H.323 NAT H.323 SIP NAT
VoIP Route Routing Trust DMZ Trust Untrust DMZ Untrust GK 10.1.1.0/24 DMZ Untrust Untrust Trust 10.1.3.0/24 10.1.2.0/24 Trust
VoIP NAT GK 10.1.1.0/24 DMZ Untrust Untrust Trust 10.1.3.0/24 10.1.2.0/24 Trust Gatekeeper MIP Trust DIP Trust DIP
VoIP Transparent V1-DMZ 10.16.0.200-250 GK V1-Trust V1-Untrust 10.16.0.1-99 10.16.0.100-199
VoIP VPN 10.1.1.0/24 GK/Proxy DMZ Untrust VPN Trust Untrust 10.1.3.0/24 Trust 10.1.2.0/24
Routing Equal Cost Multipath Routing(ECMP)
Routing Source Interface-Based Routing (SIBR) Source Interface
Routing Multicast Routing Internet Group Management Protocol (IGMP) versions 1, 2, 3 Protocol Independent Multicast - Sparse Mode (PIM-SM) Protocol Independent Multicast -Source Specific Multicast (PIM-SSM)
Routing Dynamic Routing RIP RIPv1 RIPv2 P2MP interface OSPF Demand Circuit P2MP interface
ALG Application Layer Gateway ALG Sun RPC ALG Remote Procedure Call Application Layer Gateway Microsoft RPC ALG Remote Procedure Call Application Layer Gateway RTSP ALG Real Time Streaming Protocol Application-Layer Gateway NAT Support for SIP ALG H.323 SIP Attack Protection
PPPoE Multiple PPPoE Sessions Over a Single Interface I/F untagged sub-interface (encap) PPPoE PPPoE and NSRP PPPoE IP VPN IP
DNS Dynamic DNS Dynamic DNS IP Proxy DNS NetScreen DNS DNS Proxy
VPN MTU on Tunnel Interface Maximum Transmission Unit (MTU) Generic Routing Encapsulation (GRE) GRE ON NetScreen NetScreen IPSec VPN Outgoing Dialup Policy for L2TP and L2TP over IPSEC L2TP L2TP over IPSec Outgoing L2TP L2TP over IPSec
New Policy Action Reject Reject NetScreen Drop TCP Src RST UDP ICMP destination unreachable, port unreachable
SNMP NS-VPN-L2TP.mib L2TP MIB NsVpnL2tpMonTunnelEntry NsVpnL2tpMonCallEntry NS-TRAPS.mib vpn-l2tp-tunnel-remove(43), -- VPN tunnel removed vpn-l2tp-tunnel-remove-err(44), -- VPN tunnel removed and error detected vpn-l2tp-call-remove(45), -- VPN call removed vpn-l2tp-call-remove-err(46), -- VPN call removed and error detected DiffServ Code Point Marking DSCP 3bit global option 0 NetScreen NetScreen
NetScreen NetScreen /VPN NetScreen-HSC NetScreen-5XT/Elite NetScreen-5GT/Plus/Extended/AV NetScreen-25 NetScreen-50 NetScreen-204 NetScreen-208 NetScreen-500 NetScreen-ISG2000 NetScreen-5200 NetScreen-5400 NetScreen NetScreen-Remote VPN NetScreen-Remote Security NetScreen NetScreen-IDP 10 NetScreen-IDP 100 NetScreen-IDP 500 NetScreen-IDP 1000 NetScreen NetScreen-SA 1010/1020/1030 NetScreen-SA 3010/3020/3030/3040/3050 NetScreen-SA 5020/5030/5040/5050/5060 NetScreen-RA 500 NetScreen NetScreen-Security Manager
NetScreen FW/VPN (ScreenS 5.1 NetScreen-5400 NetScreen-5200 Netscreen-ISG-2000 VPN 24 * mini-gbic 1,000,000 6 * mini-gbic 72 * 10/100Base-T 8 * mini-gbic 1,000,000 2 * mini-gbic 24 * 10/100Base-T 28* 10/100Base-T 512.000 8 * mini-gbic(sx/lx) FW:4Gbps VPN 3DES 2Gbps DI: 375Mbps FW 2Gbps VPN 3DES 1Gbps DI: 375Mbps FW 2Gbps VPN 3DES 1Gbps DI: 300Mbps 16,000 16,000 10,000 VSYS/VLAN 40,000 40,000 30,000 ACT/ACT (Full Mesh) ACT/ACT ACT/SBY ACT/ACT (Full Mesh) ACT/ACT ACT/SBY ACT/ACT (Full Mesh) ACT/ACT ACT/SBY 500VSYS 4,000VLAN 500VSYS 4,000VLAN 50VSYS 500VLAN NetScreen-500 NetScreen-204/208 NetScreen-50 NetScreen-25 NetScreen-5XT NetScreen-5GT NetScreen-HSC 8 * 10/100Base-T 250,000 8 * mini-gbic(sx/lx) 4 * GBIC(SX/LX) 4/8 * 10/100Base-T 4 * 10/100Base-T 4 * 10/100Base-T 1 * 10/100Base-(Untrust) 4 * 10/100Base-T(Trust) 5 * 10/100Base-T 5 * 10/100Base-T 128,000 64,000 16,000 2,000 2,000 FW 75Mbps 4,000 VPN 3DES 20Mbps Extended DI: 75Mbps 1,000 FW 700Mbps VPN 3DES 250Mbps DI: 300Mbps FW 400/550Mbps VPN 3DES 200Mbps DI: 180Mbps FW 170Mbps VPN 3DES 50Mbps DI: 75Mbps FW 100Mbps VPN 3DES 20Mbps DI: 75Mbps FW: 70MB VPN 3DES 20Mbps DI: 55Mbps FW 50Mbps VPN 3DES 10Mbps DI: 50Mbps 5,000 1,000 100 400(Remote) 25 100(Remote) 10 10 2 20,000 4,000 1,000 500 100 100 50 ACT/ACT (Full Mesh) ACT/ACT ACT/SBY ACT/ACT (Full Mesh/208) ACT/ACT ACT/SBY ACT/SBY ACT/SBY (HA Lite) N/A N/A N/A 25VSYS 100VLAN 32VLAN VLAN 8 8 N/A N/A N/A
Thank You! Version1.00