Skip to content

Products & Services

Intrusion Prevention

Juniper Networks ISG Series with IDP

Juniper Networks ISG Series Enterprise Security Gateway with IDP image


    • Purpose-built, high-performance integrated security gateways designed to deliver scalable network and application security for large enterprise, carrier and data center networks
    • Enables secure, reliable connectivity and network and application-level protection for the network gateway
    • Delivers linear firewall and IPSec VPN performance, for all packet sizes, at gigabit levels to support applications that require low latency and small packet throughput
 

Overview

The Juniper Networks Integrated Security Gateways (ISG) are purpose-built, security solutions that leverage a fourth generation security ASIC, the GigaScreen3, along with high-speed microprocessors to deliver unmatched firewall and VPN performance. The Juniper Networks ISG 1000 and ISG 2000 are ideally suited for securing enterprise, carrier and data center environments where advanced applications such as VoIP and streaming media dictate consistent, scalable performance. Integrating best-in-class Deep Inspection firewall, VPN and DoS solutions, the ISG 1000 and ISG 2000 enable secure, reliable connectivity along with network and application-level protection for critical, high-traffic network segments.

  • ISG 1000: The ISG 1000 is a fully integrated FW/VPN/IDP system with gigabit performance, a modular architecture, and rich virtualization capabilities. The base FW/VPN system comes with four fixed 10/100/1000 interfaces and two additional I/O modules for interface expansion.
  • ISG 2000: The ISG 2000 is a fully integrated FW/VPN/IDP system with multi-gigabit performance, a modular architecture, and rich virtualization capabilities. The base FW/VPN system allows for up to four I/O modules and three security modules for IDP integration.

Optionally Integrated IDP

The ISG Series can be upgraded to support integrated Intrusion Detection and Prevention (IDP) to provide robust network and application layer protection against current and emerging threats. Leveraging the same software as found on Juniper Networks IDP platforms, but integrated into ScreenOS, the ISG Series provides a combination of best in class firewall, VPN, and IDP in a single solution. Plus, with dedicated processing modules called security modules, dedicated processing is provided to ensure multi-gigabit firewall, VPN, and IDP. With unmatched security processing power and network segmentation features, the ISG Series can be deployed to protect perimeter deployments as well as internal networks.

Optional GPRS for Mobile Networks

The ISG 1000 & ISG 2000 GPRS solutions are GPRS Tunneling Protocol (GTP) aware and are designed for the high performance security of GPRS (2.5G) and UMTS (3G) enabled mobile networks. In addition to countering sophisticated availably threats, Denial of Service (DoS) attacks, and malicious users, the ISG Series GPRS Firewall/VPN can limit messages, throttle bandwidth hungry applications that consume uplink/downlink traffic and perform 3GPP R6 IE removal to help retain interoperability in roaming between 2G and 3G networks.


 

Features & Benefits

Key features and benefits of the ISG 1000 and ISG 2000 include the following:

  • Linear gigabit firewall and IPSec VPN throughput for all packet sizes to protect applications of all types including those that require low latency yet scalable small packet performance such as VoIP and streaming media
  • Combination of GigaScreen3 ASIC and high performance CPUs deliver parallel processing for application level protection, network level protection and management to ensure multi-gigabit firewall, VPN, and IDP performance
  • Optional integrated IDP upgrade protects critical high speed networks against the penetration and proliferation of existing and emerging application level threats such as worms, Trojans, Spyware and malware
  • Scalability to meet future requirements, ensuring organizations' ability to leverage their investment and reduce their total cost of ownership
  • Comprehensive high-availability solution for sub-second failover between interfaces or devices
  • Full mesh configurations to allow for redundant physical paths in the network, thereby providing maximum resiliency and uptime
  • Virtual System support to allow partitioning into multiple security domains, each with a unique set of administrators, policies, firewall/VPNs, and address books
  • Interface flexibility for varying network-connectivity requirements and future growth requirements
  • Virtual Router support to map internal, private, or overlapped IP addresses to a new IP address, providing an alternate route to the final destination and concealing it from public view
  • Customizable security zones to increase interface density without additional hardware expenditures, lower policy-creation costs, contain unauthorized users and attacks, and simplify management of firewall/VPNs
  • Transparent mode to enable the device to function as a Layer 2 IP security bridge, providing firewall, VPN, and DoS protections, with minimal change to the existing network
  • Management through graphical Web UI, CLI, or Juniper Networks NetScreen-Security Manager central management system
  • Policy-based management to allow centralized, end-to-end life-cycle management

 

Integrated IDP

The Juniper Networks Integrated Security Gateway (ISG) Series with IDP tightly integrates the same software found on Juniper Networks' IDP platform into ScreenOS to provide unmatched application level protection against worms, Trojans, Spyware, and malware. The ISG Series delivers gigabit plus IDP performance through a combination of a fourth generation security ASIC, the GigaScreen3, high-speed microprocessors and pluggable security modules each with their own processing and memory.

  • ISG 1000: The ISG 1000 with IDP uses up to two security modules to deliver up to 1Gbps of IDP throughput to deliver application level protection. The ISG 1000 comes with four fixed 10/100/1000 interfaces and two additional I/O modules for interface expansion.
  • ISG 2000: The ISG 2000 with IDP uses up to three security modules to deliver up to 2Gbps of IDP throughput. The ISG 2000 with IDP is fully managed by NetScreen-Security Manager for centralized and unified policy management, network settings, and device configuration across all the security components. Up to four I/O modules provide support for up to 28 interfaces to address a wide variety of networking needs.

The ISG Series with IDP provides the throughput and networking features that are required to protect high speed perimeter and internal network deployments where advanced applications such as VoIP and streaming media dictate network and application level protection with consistent, scalable performance. A stateful inspection firewall, along with an IPSec VPN and robust networking capabilities complement the integrated IDP functionality to deliver secure, reliable connectivity for critical, high-traffic network segments. The ISG Series with IDP includes the following features:

  • Application level protection: Unmatched security processing power and network segmentation features allow the ISG Series to protect critical high-speed networks against the penetration and proliferation of existing and emerging application level threats such as worms, Trojans, Spyware, and malware. With multiple attack detection mechanisms including stateful signatures and protocol anomaly, IDP performs in-depth analysis of application protocol, context and state to deliver Zero Day coverage against existing and emerging threats.
  • Network friendly: To simplify network deployments, the IDP functionality is seamlessly integrated with ScreenOS and takes full advantage of proven networking features such as dynamic routing, including OSPF, BGP, and RIP; multiple routing domains via virtual routers; and NAT/Route/Transparent deployment options. Seamless ScreenOS integration also means that IDP attack protection can be deployed across Virtual Systems and Security Zones to stop attacks from penetrating or proliferating throughout the network.
  • Policy-based management:Using granular, rule-by-rule flexibility provided by NetScreen-Security Manager, administrators can deploy IDP inline or inline-tap mode on a per rule, per protocol basis. Role based administration allows a security team to delegate management authority to appropriate personnel, allowing one team to manage only the IDP component while others can manage firewall, VPN or other tasks. Attack and incident investigation as well as auditing and reporting for compliance purposes are managed easily and quickly with the NetScreen-Security Manager's intuitive graphical user interface.

 

Specs

Advanced Feature/Capacity ISG 1000 Advanced ISG 2000 Advanced
Number of Interfaces 4 fixed 10/100/1000 plus up to 8 mini GBIC (SX, LX, or TX), up to 8 10/100/1000, up to 20 10/100, or up to 2 10GE Up to 16 mini GBIC (SX, LX, or TX), up to 8 10/100/1000, up to 28 10/100, or up to 4 10GE
Maximum Number of IP Addresses in Trusted Interfaces Unrestricted Unrestricted
Maximum Throughput 1G FW
1G 3DES VPN		 4G FW
2G 3DES/AES VPN
Maximum Number of Sessions 250,000 / 512,000 with IDP Upgrade 512,000 / 1,000,000 with IDP Upgrade
Maximum Number of VPN Tunnels 2,000 10,000
Maximum Number of Policies 10,000 30,000
Maximum Number of Virtual Systems 0 default, up to 10 additional 0 default, up to 50 additional
Maximum Number of Virtual LANs 1000 2000
Maximum Number of Security Zones 20 default, up to 20 additional 26 default, up to 100 additional
Maximum Number of Virtual Routers 3 default, up to 10 additional 3 default, up to 50 additional
High-Availability Modes Supported Active/Passive
Active/Active
Active/Active Full Mesh		 Active/Passive
Active/Active
Active/Active Full Mesh
IPS (Deep Inspection FW) Yes Yes
IPS (Integrated IDP) Yes - optional upgrade Yes - optional upgrade
Integrated / Redirect Web Filtering Yes / Yes Yes / Yes

A Baseline software license is available for both the ISG 1000 and the ISG 2000 as an entry-level solution for customer environments where features such as Deep Inspection, OSPF and BGP dynamic routing, advanced High Availability, and full capacity are not critical requirements.


Baseline Feature/Capacity ISG 1000 Baseline ISG 2000 Baseline
Maximum Number of Sessions 125,000 256,000
Maximum Number of VPN Tunnels 1,000 1000
Virtual LANs 50 100
Routing Protocols Supported RIPv1/v2 only RIPv1/v2 only
IPS (Deep Inspection FW) Not Available Not Available
IPS (Integrated IDP) Not Available Not Available
High Availability Modes Supported Active/Passive Active/Passive
Integrated / Redirect Web Filtering Yes / Yes Yes / Yes
 

Demos

Managing Your Network Security

Take a tour of the NetScreen-Security Manager system to see how to manage Juniper Networks integrated FW/VPN devices. This demo shows how to use this centralized, rule-based management platform to manage every aspect of the device life cycle, including all device, network, and security functionality, through a single, user-friendly interface. This demo will also show how to accomplish some key activities, such as how to set up a device, create a security policy, configure a VPN, investigate security incidents, and pull reports. See how easy it is to manage network security with the NetScreen-Security Manager system efficiently completing security tasks. See the demo