4
NetScreeN-5200
NetScreeN-5400
VoiP security
H.323 ALG
Yes
Yes
SIP ALG
Yes
Yes
MGCP ALG
Yes
Yes
SCCP ALG
Yes
Yes
NAT for VoIP protocols
Yes
Yes
iPsec VPn
Concurrent VPN tunnels
3
Up to 25,000
Up to 25,000
Tunnel interfaces
3
Up to 4,095
Up to 4,095
DES (56-bit), 3DES (168-bit) and AES encryption
Yes
Yes
MD-5 and SHA-1 authentication
Yes
Yes
Manual key, IKE, PKI (X.509), IKEv2 with EAP
Yes
Yes
Perfect forward secrecy (DH Groups)
1,2,5
1,2,5
Prevent replay attack
Yes
Yes
Remote access VPN
Yes
Yes
L2TP within IPsec
Yes
Yes
IPsec NAT traversal
Yes
Yes
Redundant VPN gateways
Yes
Yes
user authentication and access control
Built-in (internal) database - user limit
3
Up to 50,000
Up to 50,000
Third-party user authentication
RADIUS, RSA SecurID, and LDAP
RADIUS, RSA SecurID, and LDAP
RADIUS Accounting
Yes – start/stop
Yes – start/stop
XAUTH VPN authentication
Yes
Yes
Web-based authentication
Yes
Yes
802.1X authentication
Yes
Yes
Unified access control enforcement point
Yes
Yes
PKi support
PKI Certificate requests (PKCS 7 and PKCS 10)
Yes
Yes
Automated certificate enrollment (SCEP)
Yes
Yes
Online Certificate Status Protocol (OCSP)
Yes
Yes
Certificate Authorities supported
VeriSign, Entrust, Microsoft, RSA Keon, iPlanet
(Netscape) Baltimore, DoD PKI
VeriSign, Entrust, Microsoft, RSA Keon, iPlanet
(Netscape) Baltimore, DoD PKI
Self-signed certificates
Yes
Yes
Virtualization
6
Maximum number of virtual systems
0 default, upgradeable to 500
0 default, upgradeable to 500
Maximum number of security zones
16 default, upgradeable to 1,016
16 default, upgradeable to 1,016
Maximum number of virtual routers
3 default, upgradeable to 503
3 default, upgradeable to 503
Maximum number of VLANs
4,094
4,094
Inter-VSYS Communication (shared-DMZ)
Yes
Yes
routing
BGP instances
128
128
BGP peers
256
256
BGP routes
30,000
30,000
OSPF instances
Up to 8
Up to 8
OSPF routes
30,000
30,000
specifications (continued)