4
PKI Support
PKI certificate requests (PKCS 7 and
PKCS 10)
Yes
Automated certificate enrollment (SCEP) Yes
Online Certificate Status Protocol (OCSP) Yes
Certificate Authorities supported Verisign, Entrust,
Microso, RSA Keon,
iPlanet (Netscape)
Baltimore, DOD PKI
Self signed certificates Yes
Virtualization
Maximum number of security zones 30
Maximum number of virtual routers 6
Bridge groups* Yes
Maximum number of VLANs 100
Routing
BGP instances 6
BGP peers 24
BGP routes 2,048
OSPF instances 3
OSPF routes 2,048
RIPv1/v2 instances 64
RIP v2 routes 2,048
Static routes 2,048
Source-based routing Yes
Policy-based routing Yes
Equal-cost multipath (ECMP) Ye s
Multicast Yes
Reverse Forwarding Path (RFP) Yes
Internet Group Management Protocol
(IGMP) (v1, v2)
Yes
IGMP Proxy Yes
Protocol Independent Multicast (PIM)
single mode
Yes
PIM source-specific multicast Yes
Multicast inside IPsec tunnel Ye s
Encapsulations
Point-to-Point Protocol (PPP) Yes
Multilink Point-to-Point Protocol (MLPPP) Yes
MLPPP max physical interfaces 4
Frame relay Yes
Multilink Frame Relay (MLFR) (FRF 15, FRF 16) Yes
MLFR max physical interfaces 4
HDLC Yes
Specifications (continued)
IPv6
Dual stack IPv4/IPv6 firewall and VPN Yes
IPv4 to/from IPv6 translations and
encapsulations
Yes
Syn-Cookie and Syn-Proxy DoS Attack
Detection
Yes
SIP, RTSP, Sun-RPC, and MS-RPC ALG’s Yes
RIPng Yes
BGP Yes
Transparent mode Yes
NSRP Yes
DHCPv6 Relay Yes
Mode of Operation
Layer 2 (transparent) mode
(5)
Yes
Layer 3 (route and/or NAT) mode Yes
Address Translation
Network Address Translation (NAT) Yes
Port Address Translation (PAT) Yes
Policy-based NAT/PAT (L2 and L3 mode) Yes
Mapped IP (MIP) (L3 mode) 1,500
Virtual IP (VIP) (L3 mode) 16
MIP/VIP Grouping (L3 mode) Yes
IP Address Assignment
Static Yes
Dynamic Host Configuration Protocol
(DHCP),Point-to-Point Protocol over
Ethernet (PPPoE) client
Yes
Internal DHCP server Yes
DHCP relay Yes
Trac Management Quality of Service (QoS)
Guaranteed bandwidth Yes - per policy
Maximum bandwidth Yes - per policy
Ingress trac policing Yes
Priority-bandwidth utilization Yes
Dierentiated Services marking Yes - per policy
High Availability (HA)
Active/active - L3 mode Yes
Active/passive - Transparent & L3 mode Yes
Configuration synchronization Yes
Session synchronization for firewall and
VPN
Yes
Session failover for routing change Yes
VRRP Yes
Device failure detection Yes
Link failure detection Yes
Authentication for new HA members Yes
Encryption of HA trac Yes
*Bridge groups supported only on uPIMs in ScreenOS 6.0 and higher releases.
To Next Page
Loading...
Need help?
General
