Juniper Networks ISG Series with IDP
- Purpose-built, high-performance integrated security gateways designed to deliver scalable network and application security for large enterprise, carrier and data center networks
- Enables secure, reliable connectivity and network and application-level protection for the network gateway
- Delivers linear firewall and IPSec VPN performance, for all packet sizes, at gigabit levels to support applications that require low latency and small packet throughput
The Juniper Networks Integrated Security Gateways (ISG) are purpose-built, security solutions that leverage a fourth generation security ASIC, the GigaScreen3, along with high-speed microprocessors to deliver unmatched firewall and VPN performance. The Juniper Networks ISG 1000 and ISG 2000 are ideally suited for securing enterprise, carrier and data center environments where advanced applications such as VoIP and streaming media dictate consistent, scalable performance. Integrating best-in-class Deep Inspection firewall, VPN and DoS solutions, the ISG 1000 and ISG 2000 enable secure, reliable connectivity along with network and application-level protection for critical, high-traffic network segments.
- ISG 1000: The ISG 1000 is a fully integrated FW/VPN/IDP system with gigabit performance, a modular architecture, and rich virtualization capabilities. The base FW/VPN system comes with four fixed 10/100/1000 interfaces and two additional I/O modules for interface expansion.
- ISG 2000: The ISG 2000 is a fully integrated FW/VPN/IDP system with multi-gigabit performance, a modular architecture, and rich virtualization capabilities. The base FW/VPN system allows for up to four I/O modules and three security modules for IDP integration.
Optionally Integrated IDP
The ISG Series can be upgraded to support integrated Intrusion Detection and Prevention (IDP) to provide robust network and application layer protection against current and emerging threats. Leveraging the same software as found on Juniper Networks IDP platforms, but integrated into ScreenOS, the ISG Series provides a combination of best in class firewall, VPN, and IDP in a single solution. Plus, with dedicated processing modules called security modules, dedicated processing is provided to ensure multi-gigabit firewall, VPN, and IDP. With unmatched security processing power and network segmentation features, the ISG Series can be deployed to protect perimeter deployments as well as internal networks.
Optional GPRS for Mobile Networks
The ISG 1000 & ISG 2000 GPRS solutions are GPRS Tunneling Protocol (GTP) aware and are designed for the high performance security of GPRS (2.5G) and UMTS (3G) enabled mobile networks. In addition to countering sophisticated availably threats, Denial of Service (DoS) attacks, and malicious users, the ISG Series GPRS Firewall/VPN can limit messages, throttle bandwidth hungry applications that consume uplink/downlink traffic and perform 3GPP R6 IE removal to help retain interoperability in roaming between 2G and 3G networks.
Features & Benefits
Key features and benefits of the ISG 1000 and ISG 2000 include the following:
- Linear gigabit firewall and IPSec VPN throughput for all packet sizes to protect applications of all types including those that require low latency yet scalable small packet performance such as VoIP and streaming media
- Combination of GigaScreen3 ASIC and high performance CPUs deliver parallel processing for application level protection, network level protection and management to ensure multi-gigabit firewall, VPN, and IDP performance
- Optional integrated IDP upgrade protects critical high speed networks against the penetration and proliferation of existing and emerging application level threats such as worms, Trojans, Spyware and malware
- Scalability to meet future requirements, ensuring organizations' ability to leverage their investment and reduce their total cost of ownership
- Comprehensive high-availability solution for sub-second failover between interfaces or devices
- Full mesh configurations to allow for redundant physical paths in the network, thereby providing maximum resiliency and uptime
- Virtual System support to allow partitioning into multiple security domains, each with a unique set of administrators, policies, firewall/VPNs, and address books
- Interface flexibility for varying network-connectivity requirements and future growth requirements
- Virtual Router support to map internal, private, or overlapped IP addresses to a new IP address, providing an alternate route to the final destination and concealing it from public view
- Customizable security zones to increase interface density without additional hardware expenditures, lower policy-creation costs, contain unauthorized users and attacks, and simplify management of firewall/VPNs
- Transparent mode to enable the device to function as a Layer 2 IP security bridge, providing firewall, VPN, and DoS protections, with minimal change to the existing network
- Management through graphical Web UI, CLI, or Juniper Networks NetScreen-Security Manager central management system
- Policy-based management to allow centralized, end-to-end life-cycle management
The Juniper Networks Integrated Security Gateway (ISG) Series with IDP tightly integrates the same software found on Juniper Networks' IDP platform into ScreenOS to provide unmatched application level protection against worms, Trojans, Spyware, and malware. The ISG Series delivers gigabit plus IDP performance through a combination of a fourth generation security ASIC, the GigaScreen3, high-speed microprocessors and pluggable security modules each with their own processing and memory.
- ISG 1000: The ISG 1000 with IDP uses up to two security modules to deliver up to 1Gbps of IDP throughput to deliver application level protection. The ISG 1000 comes with four fixed 10/100/1000 interfaces and two additional I/O modules for interface expansion.
- ISG 2000: The ISG 2000 with IDP uses up to three security modules to deliver up to 2Gbps of IDP throughput. The ISG 2000 with IDP is fully managed by NetScreen-Security Manager for centralized and unified policy management, network settings, and device configuration across all the security components. Up to four I/O modules provide support for up to 28 interfaces to address a wide variety of networking needs.
The ISG Series with IDP provides the throughput and networking features that are required to protect high speed perimeter and internal network deployments where advanced applications such as VoIP and streaming media dictate network and application level protection with consistent, scalable performance. A stateful inspection firewall, along with an IPSec VPN and robust networking capabilities complement the integrated IDP functionality to deliver secure, reliable connectivity for critical, high-traffic network segments. The ISG Series with IDP includes the following features:
- Application level protection: Unmatched security processing power and network segmentation features allow the ISG Series to protect critical high-speed networks against the penetration and proliferation of existing and emerging application level threats such as worms, Trojans, Spyware, and malware. With multiple attack detection mechanisms including stateful signatures and protocol anomaly, IDP performs in-depth analysis of application protocol, context and state to deliver Zero Day coverage against existing and emerging threats.
- Network friendly: To simplify network deployments, the IDP functionality is seamlessly integrated with ScreenOS and takes full advantage of proven networking features such as dynamic routing, including OSPF, BGP, and RIP; multiple routing domains via virtual routers; and NAT/Route/Transparent deployment options. Seamless ScreenOS integration also means that IDP attack protection can be deployed across Virtual Systems and Security Zones to stop attacks from penetrating or proliferating throughout the network.
- Policy-based management:Using granular, rule-by-rule flexibility provided by NetScreen-Security Manager, administrators can deploy IDP inline or inline-tap mode on a per rule, per protocol basis. Role based administration allows a security team to delegate management authority to appropriate personnel, allowing one team to manage only the IDP component while others can manage firewall, VPN or other tasks. Attack and incident investigation as well as auditing and reporting for compliance purposes are managed easily and quickly with the NetScreen-Security Manager's intuitive graphical user interface.
|Advanced Feature/Capacity||ISG 1000 Advanced||ISG 2000 Advanced|
|Number of Interfaces||4 fixed 10/100/1000 plus up to 8 mini GBIC (SX, LX, or TX), up to 8 10/100/1000, up to 20 10/100, or up to 2 10GE||Up to 16 mini GBIC (SX, LX, or TX), up to 8 10/100/1000, up to 28 10/100, or up to 4 10GE|
|Maximum Number of IP Addresses in Trusted Interfaces||Unrestricted||Unrestricted|
|Maximum Throughput||1G FW
1G 3DES VPN
2G 3DES/AES VPN
|Maximum Number of Sessions||250,000 / 512,000 with IDP Upgrade||512,000 / 1,000,000 with IDP Upgrade|
|Maximum Number of VPN Tunnels||2,000||10,000|
|Maximum Number of Policies||10,000||30,000|
|Maximum Number of Virtual Systems||0 default, up to 10 additional||0 default, up to 50 additional|
|Maximum Number of Virtual LANs||1000||2000|
|Maximum Number of Security Zones||20 default, up to 20 additional||26 default, up to 100 additional|
|Maximum Number of Virtual Routers||3 default, up to 10 additional||3 default, up to 50 additional|
|High-Availability Modes Supported||Active/Passive
Active/Active Full Mesh
Active/Active Full Mesh
|IPS (Deep Inspection FW)||Yes||Yes|
|IPS (Integrated IDP)||Yes - optional upgrade||Yes - optional upgrade|
|Integrated / Redirect Web Filtering||Yes / Yes||Yes / Yes|
A Baseline software license is available for both the ISG 1000 and the ISG 2000 as an entry-level solution for customer environments where features such as Deep Inspection, OSPF and BGP dynamic routing, advanced High Availability, and full capacity are not critical requirements.
|Baseline Feature/Capacity||ISG 1000 Baseline||ISG 2000 Baseline|
|Maximum Number of Sessions||125,000||256,000|
|Maximum Number of VPN Tunnels||1,000||1000|
|Routing Protocols Supported||RIPv1/v2 only||RIPv1/v2 only|
|IPS (Deep Inspection FW)||Not Available||Not Available|
|IPS (Integrated IDP)||Not Available||Not Available|
|High Availability Modes Supported||Active/Passive||Active/Passive|
|Integrated / Redirect Web Filtering||Yes / Yes||Yes / Yes|
Managing Your Network Security
Take a tour of the NetScreen-Security Manager system to see how to manage Juniper Networks integrated FW/VPN devices. This demo shows how to use this centralized, rule-based management platform to manage every aspect of the device life cycle, including all device, network, and security functionality, through a single, user-friendly interface. This demo will also show how to accomplish some key activities, such as how to set up a device, create a security policy, configure a VPN, investigate security incidents, and pull reports. See how easy it is to manage network security with the NetScreen-Security Manager system efficiently completing security tasks. See the demo
- Intrusion Detection and Prevention Solutions944 KB
- Juniper Networks Firewall/VPN Solutions Brochure660 KB
- Denial of Service and Attack Protection788 KB
- Firewall with Integrated IPS180 KB
- Firewall / VPN Central Management34 KB
- High Availability174 KB
- Integrated Networking117 KB
- Network Deployment Options117 KB
- Network Segmentation212 KB
- Purpose-Built Architecture143 KB
- Secure Dynamic VPNs90 KB
- Secure VoIP86 KB
- Stateful Inspection Firewall70 KB
- Virtual Systems96 KB
- VPN Resiliency661 KB
- Web Filtering135 KB
- Optimizing the Data Center with Juniper Networks1.4 MB
- Dynamic VPNs Achieving Scalable, Secure Site-to-Site Connectivity377 KB
- GPRS Security Threats and Solution Recommendations1.3 MB
- Integrated Security Gateway (ISG) Series Architecture113 KB
- Juniper Networks Layered Security Solution937 KB
- The Top 8 Criteria for Evaluating Multi-Service Security Gateways231 KB
- Virtualization Technologies Overview554 KB
- Voice Over IP 101: Understanding VoIP Networks488 KB