3
Product Options
Option Option Description Applicable Products
DRAM The SSG140 is available with either 256 MB or
512 MB of DRAM.
SSG140
Unified Threat Management/
Content Security (high memory
option required)
The SSG140 can be configured with any combination
of the following best-in-class UTM and content
security functionality: antivirus (includes antispyware,
antiphishing), IPS (Deep Inspection), Web filtering,
and/or antispam.
SSG140 high memory model only
I/O options Four SSG140 interface expansion slots support
optional T1, E1, ISDN BRI S/T, G.SHDSL and serial
physical interface modules (PIMs), and 10/100/1000
and SFP universal PIMs (uPIMs).
SSG140
Specifications
Maximum Performance and Capacity
(1)
ScreenOS version tested ScreenOS 6.2
Firewall throughput (large packets) 350+ Mbps
Firewall throughput (IMIX)
(2)
300 Mbps
Firewall packets per second (64 byte) 90,000 PPS
Advanced Encryption Standard (AES)
256+SHA-1 VPN throughput
100 Mbps
3DES encryption +SHA-1 VPN throughput 100 Mbps
Maximum concurrent sessions 48,000
New sessions/second 8,000
Maximum security policies 1,000
Maximum users supported Unrestricted
Network Connectivity
Fixed I/O 8x10/100, 2x10/100/1000
Physical Interface Module (PIM) slots 4
Modular WAN/LAN interface options
(PIMs/uPIMs)
2xT1, 2xE1, 2xSerial,
1xISDN BRI S/T SFP,
10/100/1000
Firewall
Network attack detection Yes
DoS and DDoS protection Yes
TCP reassembly for fragmented packet
protection
Yes
Brute force attack mitigation Yes
SYN cookie protection Yes
Zone-based IP spoofing Yes
Malformed packet protection Yes
Unified Threat Management
(3)
IPS (Deep Inspection firewall) Yes
Protocol anomaly detection Yes
Stateful protocol signatures Yes
IPS/DI attack pattern obfuscation Yes
Antivirus Yes
Signature database 200,000+
Protocols scanned POP3, HTTP, SMTP, IMAP,
FTP, IM
Antispyware Yes
Antiadware Yes
Anti-keylogger Yes
Instant message AV Yes
Antispam Yes
Integrated URL filtering Yes
External URL filtering
(4)
Yes
VoIP Security
H.323. Application-level gateway (ALG) Yes
SIP ALG Yes
MGCP ALG Yes
SCCP ALG Yes
Network Address Translation (NAT) for VoIP
protocols
Yes
IPsec VPN
Concurrent VPN tunnels 500
Tunnel interfaces 50
DES encryption (56-bit), 3DES encryption
(168-bit) and AES (256-bit)
Yes
MD-5 and SHA-1 authentication Yes
Manual key, Internet Key Exchange (IKE),
IKEv2 with EAP public key infrastructure
(PKI) (X.509)
Yes
Perfect forward secrecy (DH Groups) 1,2,5
Prevent replay attack Yes
Remote access VPN Yes
Layer 2 Tunneling Protocol (L2TP) within
IPsec
Yes
IPsec Network Address Translation (NAT)
traversal
Yes
Auto-Connect VPN Yes
Redundant VPN gateways Yes
User Authentication and Access Control
Built-in (internal) database user limit 250
Third-party user authentication RADIUS, RSA SecureID,
LDAP
RADIUS Accounting Yes – start/stop
XAUTH VPN authentication Yes
Web-based authentication Yes
802.1X authentication Yes
Unified Access Control (UAC) enforcement
point
Yes
SSG140
To Next Page
Loading...
Need help?
General
