TweetFollow Us on Twitter

Focus Review: Juniper/Netscreen Protection

Volume Number: 23 (2007)
Issue Number: 01
Column Tag: Real World Review

Focus Review: Juniper/Netscreen Protection

Today's big bad world presents its challenges...

By Marianne Shilpa Jacobie and Neil Ticktin

The Dangers

For whatever reason, there's a group of people out there in the world who think it's fun or right to poke around and disrupt networks that are not theirs. As a result, we have more secure networks today that include routers and switches, firewalls, and VPNs (virtual private networks).

One of the biggest brands in the security business is NetScreen, which is part of Juniper Networks. Juniper has a variety of offerings, but we're going to focus on three products: the NetScreen 25, the SA 2000 and the NetScreen 5GT Wireless.

Netscreen 25

The NetScreen 25 (and the 50) are security appliances. These are integrated devices that target the enterprise "branch" office as well as remote offices, and small to medium-sized businesses. The idea is that this box protects the perimeter of your network from unwanted activities.

The NetScreen-25 offers 100Mbps of firewall and 20 Mbps of VPN performance. It can support 32,000 concurrent sessions, and 125 VPN tunnels. The NetScreen-50 offers even greater capacity: 170 Mbps of firewall and 45 Mbps of 3DES or AES VPN performance, with support for 64,000 concurrent sessions, and 500 VPN tunnels.


The most important feature to the NetScreen-25/50 is that you plug it in, and it works. With little configuration, this box will immediately start protecting your network with various deep inspection firewall services, denial of service protection, and more.

This is a very capable box, and we watched it prove it's worth in stopping attacks cold that came from all over the world. It's amazing how many times networks get attacked, and the NetScreen-25 just deals with it ... cleanly and transparently.

Finally, take your pick of interfaces to match your managing style: Web UI, CLI, or NetScreen's Security Manager central management system application.

At $2,500 and up, street price, you'll more than make up for this in time on your first attack, or in creating VPNs. See for more information

Juniper Networks Secure Access 2000

The Secure Access 2000 (SA 2000) SSL VPN was introduced to the Juniper Network Secure Access series in 2005. It utilizes the SSL security protocol, a secure access transport mechanism available in all standard web browsers. This enables small to medium-sized companies to provide controlled remote and extranet access to employees, partners, and clients with no infrastructure changes, DMZ deployments or software agents.

Juniper SA 2000

Apart from lowering the total cost of ownership, this function allows companies to secure access to the corporate intranet, enabling administrators to restrict access to various employees, contractors or visitors, based on the information and resources they need. The SA 2000 is based on industry-standard protocols, therefore its investment can be leveraged across many applications and resources over time. It also boasts extensive directory integration (including LDAP!) and advanced software feature sets such as multiple hostname support and a customizable user interface.

The SA 2000 series provides complete end-to-end layered security, including endpoint client, device, data and server layered security controls. The numerous security options from the end-user device to the application data and servers, also covers coordinated threat control with Juniper Network's IDP product line. Juniper's endpoint defense initiative incorporates native functionality, client and server-side API's (created in partnership with best-of-breed endpoint security vendors), and advanced malware protection capabilities. While this keeps your Mac systems secure, it really shines for those initially difficult-to-secure Windows machines.

With the native functionality, client computers can be checked at the beginning and throughout the session to verify an acceptable security posture requiring or requesting network ports. Files and processes can also be checked, and their authenticity validated with MD5 checksums. The native host checker also performs security and applications checks, and carries out pre-authentication checks and enforcement. Enterprises are also enabled to write their own host check method to customize policy checks. Again, this targets Windows machines, as they need this kind of help and monitoring.

The SA 2000's access privilege management capabilities provide dynamic controlled access at the URL, file, application and server-level. This is based on a variety of session specific variables that include identity, device, security control, and network trust level.

Streamlined manageability of Juniper's SA 2000 provides role-based delegation of administrative tasks and a central management option for more unified administration. There is also a self-service feature for users that lowers help-desk support costs. Auditing and logging is fine-grained, and there are three different secure access methods to allow administrators provision by purpose. The streamlined feature set that the SA 2000 comes with would enable an enterprise to deploy secure remote access as well as a basic customer/partner extranet or secure intranet.

A cluster pair deployment option for the SA 2000 ensures high-availability across the LAN and the WAN.

An advanced license feature for the SA 2000 provides additional state-of-the-art features that would satisfy the needs of other complex deployments of varied audiences and uses, including Juniper's Central Manager. You'll find the SA 2000 Base System for about $2,000, with the Advance License at an additional cost. More information at

NetScreen-5GT Wireless Firewall/VPN

Ok, so you have your VPN heart with the SA 2000, and your perimeter firewall with the NetScreen-25, what about remote office security? That's where the NetScreen-5GT comes in. The NetScreen-5GT is an enterprise-class network security solution for remote office security.

The NetScreen-5GT Wireless is a part in a series of firewall/VPN line of products offered from Juniper. It is part of an integrated security solution combining stateful firewall, deep inspection firewall, IPSec VPN, antivirus and web filtering for securing a small remote office, retail outlet, or broadband telecommuter.

The NetScreen-5GT is specifically aimed at those that want to run an 802.11 b/g wireless network in a secure setting. But it gives you some fairly sophisticated features including restricted security zones (e.g., home vs. work zones), configurable wireless security zones (each with their own SSID for different types of users), redundancy for high availability, support for dual connections, fast failovers with redundant VPN tunnels and VPN monitoring.

NetScreen-5GT Wireless: Front and Back

At a street price of around $1,000, it's a great, integrated solution for those that need a secure remote office or home office, and especially one that wants seamless VPN integration with an SA 2000. For more information, see


You need to secure your network -- one way or another. If you aren't, you're asking for trouble. Once you do secure your network, run some reports, you'll realize how often people are trying to break in. Miss one patch of some piece of web server software? They will break in.

Juniper has a set of world-class products that will protect you without you needing to be a security expert (although, you do need to know what you're doing on some level -- there's no magic here). Whether you configure them to the hilt, or use them in a more plug-in-play environment, you'll have a level of protection that will give you peace of mind. While you may not want to pay $1,000 for a router, or more for VPN and firewall software, you are protecting your network for a reason. Juniper's offerings will give you an end-to-end solution, that works well with the Mac.

The editors of MacTech Magazine are a jolly crew who spend their work time playing with their Macs and their spare time working with their Macs. You can reach them at


Community Search:
MacTech Search:

Software Updates via MacUpdate

World of Tanks Generals guide - Tips and...
World of Tanks Generals is a brand new card game by the developer behind the World of Tanks shooter franchise. It plays like a cross between chess and your typical card game. You have to keep in consideration where you place your tanks on the board... | Read more »
TruckSimulation 16 guide: How to succeed...
Remember those strangely enjoyable truck missions in Grand Theft Auto V whereit was a disturbing amount of fun to deliver cargo? TruckSimulation 16 is reminiscent of that, and has you play the role of a truck driver who has to deliver various... | Read more »
The best GIF making apps
Animated GIFs have exploded in popularity recently which is likely thanks to a combination of Tumblr, our shorter attention spans, and the simple fact they’re a lot of fun. [Read more] | Read more »
The best remote desktop apps for iOS
We've been sifting through the App Store to find the best ways to do computer tasks on a tablet. That gave us a thought - what if we could just do computer tasks from our tablets? Here's a list of the best remote desktop apps to help you use your... | Read more »
Warhammer 40,000: Freeblade guide - How...
Warhammer 40,000: Freebladejust launched in the App Store and it lets you live your childhood dream of blowing up and slashing a bunch of enemies as a massive, hulking Space Marine. It's not easy being a Space Marine though - and particularly if... | Read more »
Gopogo guide - How to bounce like the be...
Nitrome just launched a new game and, as to be expected, it's a lot of addictive fun. It's called Gopogo, and it challenges you to hoparound a bunch of platforms, avoiding enemies and picking up shiny stuff. It's not easy though - just like the... | Read more »
Sago Mini Superhero (Education)
Sago Mini Superhero 1.0 Device: iOS Universal Category: Education Price: $2.99, Version: 1.0 (iTunes) Description: KAPOW! Jack the rabbit bursts into the sky as the Sago Mini Superhero! Fly with Jack as he lifts impossible weights,... | Read more »
Star Wars: Galaxy of Heroes guide - How...
Star Wars: Galaxy of Heroes is all about collecting heroes, powering them up, and using them together to defeat your foes. It's pretty straightforward stuff for the most part, but increasing your characters' stats can be a bit confusing because it... | Read more »
The best cooking apps (just in time for...
It’s that time of year again, where you’ll be gathering around the dinner table with your family and a huge feast in front of you. [Read more] | Read more »
Square Rave guide - How to grab those te...
Square Rave is an awesome little music-oriented puzzle game that smacks of games like Lumines, but with its own unique sense of gameplay. To help wrap your head around the game, keep the following tips and tricks in mind. [Read more] | Read more »

Price Scanner via

World’s First USB-C Adapter For MacBook Suppo...
Innergie, a brand of Delta Electronics, has announced its official release of the world’s first USB-C adapter supporting four DC output voltages, the PowerGear USB-C 45. This true Type C adapter... Read more
13-inch and 11-inch MacBook Airs on sale for...
B&H Photo has 13″ and 11″ MacBook Airs on sale for up to $120 off MSRP as part of their Holiday sale including free shipping plus NY sales tax only: - 11″ 1.6GHz/128GB MacBook Air: $819 $90 off... Read more
13-inch MacBook Pros on sale for up to $150 o...
Take up to $150 off MSRP on the price of a new 13″ MacBook Pro at B&H Photo today as part of their Holiday sale. Shipping is free, and B&H charges NY tax only. These prices are currently the... Read more
13-inch 128GB MacBook Air now on sale for $79...
Best Buy has just lowered their price on the 2015 13″ 1.6GHz/128GB MacBook Air to $799.99 on their online store for Cyber Monday. Choose free shipping or free local store pickup (if available). Sale... Read more
Best Buy lowers 13-inch MacBook Pro prices, n...
Best Buy has lowered prices on select 13″ MacBook Pros this afternoon. Now save up to $200 off MSRP for Cyber Monday on the following models. Choose free shipping or free local store pickup (if... Read more
Cyber Monday: Apple MacBooks on sale for up t...
Apple resellers have MacBook Pros, MacBook Airs, and MacBooks on sale for up to $250 off MSRP for Cyber Monday 2015. The following is a roundup of the lowest prices available for new models from any... Read more
Cyber Monday: Apple Watch on sale for up to $...
B&H Photo has the Apple Watch on sale for Cyber Monday for $50-$100 off MSRP. Shipping is free, and B&H charges NY sales tax only: - Apple Watch Sport: $50 off - Apple Watch: $50-$100 off B... Read more
Cyber Monday: 15% off Apple products, and sto...
Use code CYBER15 on Cyber Monday only to take 15% on Apple products at Target, and store-wide. Choose free shipping or free local store pickup (if available). Sale prices for online orders only, in-... Read more
iPad Air 2 And iPad mini Among Top Five Black...
Adobe has released its 2015 online shopping data for Black Friday and Thanksgiving Day. The five best selling electronic products on Black Friday were Samsung 4K TVs, Apple iPad Air 2, Microsoft Xbox... Read more
All-in-one PC Shipments Projected To Drop Ove...
Digitimes’ Aaron Lee and Joseph Tsai report that all-in-one (AIO) PC shipments may drop a double-digit percentage on-year in 2015 due to weaker-than-expected demand, although second-largest AIO make... Read more

Jobs Board

Software Engineer, *Apple* Watch - Apple (U...
# Software Engineer, Apple Watch Job Number: 33362459 Santa Clara Valley, Califo ia, United States Posted: Jul. 28, 2015 Weekly Hours: 40.00 **Job Summary** Join the Read more
SW Engineer - *Apple* Music - Apple (United...
# SW Engineer - Apple Music Job Number: 40899104 San Francisco, Califo ia, United States Posted: Aug. 18, 2015 Weekly Hours: 40.00 **Job Summary** Join the Android Read more
Sr Software Engineer *Apple* Pay - Apple (U...
# Sr Software Engineer Apple Pay Job Number: 44003019 Santa Clara Valley, Califo ia, United States Posted: Nov. 13, 2015 Weekly Hours: 40.00 **Job Summary** Apple Read more
*Apple* Site Security Manager - Apple (Unite...
# Apple Site Security Manager Job Number: 42975010 Culver City, Califo ia, United States Posted: Oct. 2, 2015 Weekly Hours: 40.00 **Job Summary** The Apple Site Read more
iOS Wallet & *Apple* Pay Engineer - App...
# iOS Wallet & Apple Pay Engineer Job Number: 40586801 Santa Clara Valley, Califo ia, United States Posted: Nov. 16, 2015 Weekly Hours: 40.00 **Job Summary** The iOS Read more
All contents are Copyright 1984-2011 by Xplain Corporation. All rights reserved. Theme designed by Icreon.