We're running a Netscreen-50 Advanced with 5.4.0r13.0 firmware. According to Juniper's datasheet, the "Firewall performance" is listed as 170 Mbps with "3DES + SHA1 performance" of 45 Mbps (which I'm assuming is VPN).
In our environment running 1:1 NAT, we cannot get more than about 40-45 Mbps throughput for standard (non-VPN) traffic. So we built a lab network to experiment.
In the lab we tested 2 machines, as follows:
First we directly connected each machine's Fast-E interface to a switch, and addressed both hosts in the 10.1.1.0/24 subnet. (directly connected network) FTP was used for transfers. Speed tests show data transfers sustained at nearly 95 Mbps between them. This proves the machines are capable of talking at full Fast-E speeds.
Next we put the NS-50 between them to simulate a Trust / Untrust scenario. One host was put on Netscreen E1 "trust" interface, and the other was put on E4 "untrust". Proper subnetting was done, a mapped IP (MIP) was created for the server to simulate our production NAT setup, and a policy was created to allow the "untrust" host to access the "trust" host for the specified service.
The NS-50 could not pass traffic any faster than 48 Mbps maximum. Just 1 host downloading a large binary file from the other via FTP. CPU of the NS-50 was under 30% during the tests. I swapped this NS-50 with another spare NS-50, uploaded the config and re-tested. Same exact result. Neither NS-50 could achieve any more than upper 40's Mbps.
That is less than 30% of the peformance Juniper claims. Is this REALLY the upper limit on Netscreen-50 devices?