NetScreen 10 and 100 - High performing dedicated firewall appliances

Are you looking for dedicated firewall appliances for your network? Read the article to know complete details of NetScreen 10 & 100.

NetScreen 10 & 100 are hybrid of stateful inspection and SOCK proxy. NetScreen 10 is a firewall version for 4000 simultaneous Ethernet connections having speed of 10 Mbps while NetScreen 100 is for 34000 simultaneous Fast Ethernet connections having 100 Mbps speed. They are dedicated firewall appliances (computers with inbuilt operating system and firewall software) based on application specific integrated circuits. The firewall engine is based on a microchip designed exclusively for firewalling. This makes it faster than most PCs.

NetScreen 10 & 100 can provide 84Mbps throughput for 64 clients and therefore, the appliances can firewall a 100Mbps Ethernet connection with negligible latency. No information about the performance under connection saturation conditions is provided. The machine is 1 ¾ inches high and 19 inches wide. It can easily fit in a standard TIA rack. For operational interface management, internal, external and DMZ network ports are provided along with a serial port. The firewall supports transparent operations. Thus, you need not reconfigure internal hosts and routers when installing the firewall.


The web interface of NetScreen is simple, efficient and allows more customization than the interfaces of most firewalls. Instead of a simple on/off selector, the company has provided a policy based rule set interface. The SNMP manageable firewall can be configured via a command line interface by a terminal emulator via serial port. Not much configuration would be needed due to the transparency present. The web management interface shows access policies wherein there are six blocks- source, destination, service, action, option and configure. By clicking on the configure option, administrators will be able to view details or remove the policy if required.

Security features

Stateful inspection filter

The firewall is a combination of a generic TCP proxy and stateful inspection filter. Thus, even though it does not provide security specific proxies, it qualifies as hybrid technology firewall. The inspection filter allows only data packets from trustworthy sources to enter the network to prevent denial of service, spoofing and other hacking attempts. Port numbers, source and destination addresses are stored for reference.

SOCKS proxy

Unlike most firewalls, NetScreen supports generic SOCKS proxy. A SOCKS proxy improves performance but a generic proxy can't provide content security. As it is not a security proxy, it cannot filter content. The routed link in the firewall is broken to provide high immunity against session layer attacks.


For user authentication, MD-5 and SHA are included in the firewall. Both are shared-secret algorithms.

Network Address Translator (NAT)

NAT performs client hiding to protect internal machines from the network. All IPs are passed to their legal addresses.

Traffic management

This feature allows prioritizing the available bandwidth per service. Thus, if you use real time streaming multimedia services, a specific amount of bandwidth can be allocated for these services. This ensures that the quality of services is not compromised.

Load balancing

To put multiple servers behind a single IP address, load balancing feature is used. Connections can be assigned on various criteria including weighted round robin basis, weighted lowest number of connections basis, round robin basis and lowest number of connections basis. The weighted options allow lightening the load. No monitoring software is needed as these methods do not require any type of communication with servers.

Virtual IP

This feature allows translating certain ports on an external address to different hosts in DMZ. This helps a single IP address to provide multiple services on the network machines. If used in combination with the load balancing feature, the Virtual IP feature can provide a wide range of web services via a single IP address only.

Real time monitoring services

The firewall supports logging to all sorts of syslog daemons. These systems can integrate the firewall into the logging infrastructure. Email alerts are sent to the administrator if an event is detected.

Pricing & support

As the firewall is not available through standard distribution channels, you will have to contact your regional Value Added Resellers (VAR) to purchase it. The prices may vary from seller to seller but generally NetScreen 10 costs $3,995, NetScreen 100 costs $4,995 and the Remote Client costs $95. For more details, you can visit the official website of NetScreen. Customer support is provided via emails and phone.


This high performance firewall gives a built in VPN, DMZ support and small form factor but it lacks content filtering and security proxies. Other features like Java & Active-X blocking and URL screening are also absent. But then the price is also less if compared with that of other firewalls. The firewall is a good deal in this price range.

Read Lucent Managed Firewall - A dedicated firewall for network security


No responses found. Be the first to comment...

  • Do not include your name, "with regards" etc in the comment. Write detailed comment, relevant to the topic.
  • No HTML formatting and links to other web sites are allowed.
  • This is a strictly moderated site. Absolutely no spam allowed.
  • Name: