Datasheet

ManualsBrandsJuniper ManualsNetworkingNS-ISG-1XG

DATASHEET

Product Description

The Juniper Networks

ISG1000 and ISG2000 Integrated Security Gateways are

fully integrated firewall/VPN systems that offer multi-gigabit performance, modular

architecture and rich virtualization capabilities. They are an ideal security solution for large

enterprise, data center and service provider networks.

The ISG Series Integrated Security Gateways are firewall/VPN-based systems that deliver

security features such as intrusion prevention system (IPS), antispam, Web filtering,

and Internet Content Adaptation Protocol (ICAP) antivirus redirection support. The

advanced system is further expandable with optionally integrated Intrusion Detection and

Prevention (IDP) or as a General Packet Radio Service (GPRS) firewall/VPN for mobile

network service provider environments.

The ISG Series modular architecture enables deployment with a wide variety of copper

and fiber interface options. Highly flexible segmentation and isolation of traffic belonging

to different trust levels can be achieved using advanced features such as virtual systems,

virtual LANs, and security zones. The ISG Series Integrated Security Gateways allow

multiple, separate firewall inspection or routing policies to simplify network design. This

enables the enforcement of security policies to traffic streams—even in highly complex

environments—without significant impact on the network itself.

The flexibility and efficiency offered by the ISG Series architecture provides state-of-

the-art performance and best-in-class functionality as a firewall/VPN or integrated

firewall/VPN/IDP solution with optional security modules. The ISG1000 supports up to

two security modules, while the ISG2000 can support up to three security modules. The

security modules maintain their own dedicated processing and memory, and incorporate

technology designed to accelerate IDP packet processing. This reduces the number of

separate security devices and management applications, and simplifies deployment effort

and network complexity. The result is higher cost savings.

The ISG Series with IDP utilizes the same award-winning software found on Juniper

Networks IDP Series Intrusion Detection and Prevention Appliances. The IDP security

module supports multi-method detection, combining eight different detection

mechanisms—including stateful signatures and protocol anomaly detection. In addition

to helping businesses defend against security threats such as worms, trojans, malware,

spyware, and hackers, the ISG Series with IDP can provide information on rogue servers

as well as types and versions of the applications and operating systems that may have

inadvertently been added to the network. Application signatures go a step further by

enabling administrators to maintain compliance and enforce corporate business policies

with accurate detection of application traffic.

Product Overview

The ISG Series Integrated Security

Gateways are ideally suited for

securing enterprise, carrier, and

data center environments where

advanced applications, such as

VoIP and streaming media, demand

consistent, scalable performance.

The Juniper Networks ISG1000

and ISG2000 Integrated Security

Gateways are purpose-built security

solutions that leverage a fourth-

generation security ASIC, along

with high-speed microprocessors

to deliver unmatched firewall and

VPN performance. Integrating best-

in-class firewall, VPN, and optional

Intrusion Detection and Prevention,

the ISG1000 and ISG2000 enable

secure, reliable connectivity along

with network-and application-level

protection for critical, high-traffic

network segments.

ISG SERIES

INTEGRATED

SECURITY

GATEWAYS

Summary of content (12 pages)

PAGE 1
DATASHEET ISG Series Integrated Security Gateways Product Overview The ISG Series Integrated Security Gateways are ideally suited for securing enterprise, carrier, and data center environments where advanced applications, such as VoIP and streaming media, demand consistent, scalable performance.
PAGE 2
The ISG1000 and ISG2000 can be deployed in a number of different configurations to protect both the perimeter and internal network resources. When deployed in a mobile operator network, the ISG1000 and ISG2000 GPRS solutions are GPRS Tunneling Protocol (GTP) aware and fully support GTP functionality in virtual systems.
PAGE 3
Product Options Option Option Description Applicable Products Integrated antispam Blocks unwanted email from known spammers and phishers, using an annually licensed antispam offering based on Symantec technology. ISG1000 and ISG2000 Integrated IPS (Deep Inspection) Prevents application level attacks from flooding the network using a combination of stateful signatures and protocol anomaly detection mechanisms. IPS is annually licensed.
PAGE 4
Specifications ISG1000 ISG2000 ScreenOS® version tested ScreenOS 6.3 ScreenOS 6.3 Firewall performance (large packets) 2 Gbps 4 Gbps Firewall performance (small packets) 1 Gbps 2 Gbps Firewall packets per second (64 byte) 1.
PAGE 5
Specifications (continued) ISG1000 Integrated IPS (Optional Integrated IDP) 2, 10 ISG2000 (continued) Request and response side attack protection Yes Yes Compound attacks – combines stateful signatures and protocol anomalies Yes Yes Create custom attack signatures Yes Yes Access contexts for customization 500+ 500+ Attack editing (port range, etc.
PAGE 6
Specifications (continued) ISG1000 ISG2000 Concurrent VPN tunnels8 10,000 10,000 Tunnel interfaces Up to 512 Up to 1,024 DES (56-bit), 3DES (168-bit) and AES (256-bit) Yes Yes MD-5 and SHA-1 authentication Yes Yes Manual key, IKE, PKI (X.
PAGE 7
Specifications (continued) ISG1000 ISG2000 RIP v2 tablesize 10,000 20,000 Dynamic routing Yes Yes Static routes 10,000 20,000 Source-based routing Yes Yes Policy-based routing Yes Yes ECMP Yes Yes Multicast Yes Yes Reverse path forwarding (RPF) Yes Yes IGMP (v1, v2) Yes Yes IGMP proxy Yes Yes PIM SM Yes Yes PIM SSM Yes Yes Multicast inside IPsec tunnel Yes Yes Dual stack IPv4/IPv6 firewall and VPN Yes Yes Syn-cookie and Syn-proxy DoS attack detection Yes Yes SI
PAGE 8
Specifications (continued) ISG1000 ISG2000 Traffic Management Quality of Service (QoS) Maximum bandwidth Yes - per physical interface only Yes - per physical interface only Jumbo frames Yes Yes11 DiffServ marking Yes - per policy Yes - per policy Active/active - transparent & L3 mode Yes Yes Active/passive Yes Yes Configuration synchronization Yes Yes Session synchronization for firewall and VPN Yes Yes Session failover for routing change Yes Yes Device failure detection Yes Yes
PAGE 9
Specifications (continued) ISG1000 ISG2000 Additional log storage Supports 1 GB or 2 GB industrial-grade SanDisk Supports 1 GB or 2 GB industrial-grade SanDisk Event logs and alarms Yes Yes System configuration script Yes Yes ScreenOS Software Yes Yes Dimensions (W x H x D) 17.5 x 5.25 x 17.3 in (44.5 x 13.3 x 43.9 cm) 17.5 x 5.25 x 23 in (44.5 x 13.3 x 58.
PAGE 10
Licensing Options The ISG1000 and ISG2000 are available with two licensing options to provide two different levels of functionality and capacity: Advanced Models: the Advanced software license provides all of the features and capacities listed within this spec sheet.
PAGE 11
Ordering Information Model Number Description ISG1000 Systems NS-ISG-1000 ISG1000 system (includes DC power supply, no I/O cards) NS-ISG-1000B ISG1000 baseline system (includes AC power supply, no I/O cards) ISG1000 baseline system (includes DC power supply, no I/O cards) ISG2000 Systems NS-ISG-2000 ISG2000 system (includes AC power supplies, no I/O cards) NS-ISG-2000-DC ISG2000 system (includes DC power supplies, no I/O cards) NS-ISG-2000B NS-ISG-2000B-DC Description ISG1000 Software Options IS
PAGE 12
Corporate and Sales Headquarters APAC Headquarters EMEA Headquarters Juniper Networks, Inc. Juniper Networks (Hong Kong) Juniper Networks Ireland 1194 North Mathilda Avenue 26/F, Cityplaza One Airside Business Park Sunnyvale, CA 94089 USA 1111 King’s Road Swords, County Dublin, Ireland Phone: 888.JUNIPER (888.586.4737) Taikoo Shing, Hong Kong Phone: 35.31.8903.600 or 408.745.2000 Phone: 852.2332.3636 EMEA Sales: 00800.4586.4737 Fax: 408.745.2100 Fax: 852.2574.7803 Fax: 35.31.8903.