Website:
Juniper Networks
Catalog excerpts
DATASHEET ISG Series Integrated Security Gateways Product Overview The ISG Series Integrated Security Gateways are ideally suited for securing enterprise, carrier, and data center environments where advanced applications, such as VoIP and streaming media, demand consistent, scalable performance. The Juniper Networks ISG1000 and ISG2000 Integrated Security Gateways are purpose-built security solutions that leverage a fourthgeneration security ASIC, along with high-speed microprocessors to deliver unmatched firewall and VPN performance. Integrating bestin-class firewall, VPN, and optional Intrusion Detection and Prevention, the ISG1000 and ISG2000 enable secure, reliable connectivity along with network-and application-level protection for critical, high-traffic network segments. Product Description The Juniper Networks® ISG1000 and ISG2000 Integrated Security Gateways are fully integrated firewall/VPN systems that offer multi-gigabit performance, modular architecture and rich virtualization capabilities. They are an ideal security solution for large enterprise, data center and service provider networks. The ISG Series Integrated Security Gateways are firewall/VPN-based systems that deliver security features such as intrusion prevention system (IPS), antispam, Web filtering, and Internet Content Adaptation Protocol (ICAP) antivirus redirection support. The advanced system is further expandable with optionally integrated Intrusion Detection and Prevention (IDP) or as a General Packet Radio Service (GPRS) firewall/VPN for mobile network service provider environments. The ISG Series modular architecture enables deployment with a wide variety of copper and fiber interface options. Highly flexible segmentation and isolation of traffic belonging to different trust levels can be achieved using advanced features such as virtual systems, virtual LANs, and security zones. The ISG Series Integrated Security Gateways allow multiple, separate firewall inspection or routing policies to simplify network design. This enables the enforcement of security policies to traffic streams—even in highly complex environments—without significant impact on the network itself. The flexibility and efficiency offered by the ISG Series architecture provides state-ofthe-art performance and best-in-class functionality as a firewall/VPN or integrated firewall/VPN/IDP solution with optional security modules. The ISG1000 supports up to two security modules, while the ISG2000 can support up to three security modules. The security modules maintain their own dedicated processing and memory, and incorporate technology designed to accelerate IDP packet processing. This reduces the number of separate security devices and management applications, and simplifies deployment effort and network complexity. The result is higher cost savings. The ISG Series with IDP utilizes the same award-winning software found on Juniper Networks IDP Series Intrusion Detection and Prevention Appliances. The IDP security module supports multi-method detection, combining eight different detection mechanisms—including stateful signatures and protocol anomaly detection. In addition to helping businesses defend against security threats such as worms, trojans, malware, spyware, and hackers, the ISG Series with IDP can provide information on rogue servers as well as types and versions of the applications and operating systems that may have inadvertently been added to the network. Application signatures go a step further by enabling administrators to maintain compliance and enforce corporate business policies with accurate detection of application traffic. 1
Open the catalog to page 1
The ISG1000 and ISG2000 can be deployed in a number of different configurations to protect both the perimeter and internal network resources. When deployed in a mobile operator network, the ISG1000 and ISG2000 GPRS solutions are GPRS Tunneling Protocol (GTP) aware and fully support GTP functionality in virtual systems. The ISG Series can be deployed at the Gp interface connection between two Public Land Mobile Networks (PLMN), the Gn interface connection between the SGSN and the GGSN support nodes, and the Gi interface connection between the GGSN and the Internet. In addition to countering...
Open the catalog to page 2
Product Options Option Option Description Applicable Products Integrated antispam Blocks unwanted email from known spammers and phishers, using an annually licensed antispam offering based on Symantec technology. ISG1000 and ISG2000 Integrated IPS (Deep Inspection) Prevents application level attacks from flooding the network using a combination of stateful signatures and protocol anomaly detection mechanisms. IPS is annually licensed. ISG1000 and ISG2000 Integrated Web filtering Blocks access to malicious Web sites using the annually licensed Web filtering solution based on SurfControl’s...
Open the catalog to page 3
Specifications ISG1000 ISG2000 ScreenOS® version tested ScreenOS 6.3 ScreenOS 6.3 Firewall performance (large packets) 2 Gbps 4 Gbps Firewall performance (small packets) 1 Gbps 2 Gbps Firewall packets per second (64 byte) 1.5 M PPS 3 M PPS AES256+SHA-1 VPN performance 1 Gbps 2 Gbps 3DES+SHA-1 VPN performance 1 Gbps 2 Gbps Maximum concurrent sessions 500,000 1,000,000 New sessions/second 20,000 23,000 Maximum security policies 10,000 30,000 Maximum users supported Unrestricted Unrestricted Fixed I/O 4 10/100/1000 ports 0 Interface expansion slots 2 4 LAN interface options Up to 8 mini-GBIC...
Open the catalog to page 4
Specifications (continued) Integrated IPS (Optional Integrated IDP)2-10 (continued) Request and response side attack protection Yes Compound attacks - combines stateful signatures and Yes protocol anomalies Create custom attack signatures Yes Access contexts for customization 500 + Attack editing (port range, etc.) Yes Stateful protocol signatures Yes Approximate number of attacks covered 6,700* Detailed threat descriptions and remediation/patch info Yes Enterprise security profiler Yes Create and enforce appropriate application-usage policies Yes Attacker and target audit trail and...
Open the catalog to page 5All Juniper Networks catalogs and technical brochures
-
EX2300 ETHERNET SWITCH12 Pages
-
QFX5200 SWITCH13 Pages
-
QFX5210 SWITCH9 Pages
-
EX9250 Ethernet Switch12 Pages
-
EX9200 Ethernet Switch15 Pages
-
EX4650 Ethernet Switch11 Pages
-
EX4600 ETHERNET SWITCH14 Pages
-
EX4300 LINE OF ETHERNET SWITCHES15 Pages
-
EX3400 ETHERNET SWITCH11 Pages
-
AP5502 Pages
-
AP2502 Pages
-
AP150W2 Pages
-
AP245X2 Pages
-
PTX10004 Pages
-
SRX3006 Pages
-
SRX15004 Pages
-
SRX40005 Pages
-
JSA75008 Pages
-
ISG Series11 Pages
-
vSRX6 Pages
-
ACX5007 Pages
-
LN1000 Mobile Secure Router6 Pages
-
JSA Series Secure Analytics12 Pages
-
EX4550 Ethernet Switch12 Pages
-
EX4300 Ethernet Switch12 Pages
-
WLA Series Antenna Matrix2 Pages
-
QFX3100 QFabric Director4 Pages
-
EX Series Ethernet Switches20 Pages
-
QFX3500 Switch12 Pages
-
QFX3600 Switch12 Pages
-
QFabric System12 Pages
-
QFX5100 Ethernet Switch12 Pages
-
Unified Access Control12 Pages
-
DDoS Secure4 Pages
-
LN2600 Rugged Secure Router6 Pages
-
11000186 Pages
-
10001956 Pages
-
10003004 Pages
-
backgrounder4 Pages
-
VXA Series4 Pages
-
SRX1400 Services Gateway8 Pages
-
Security Services Gateways8 Pages
-
T Series Core Routers8 Pages
-
JCS1200 Control System6 Pages
-
J Series Services Routers16 Pages
-
BX7000 Multi-Access Gateway4 Pages
