Juniper Networks

Overview

The Juniper Networks Integrated Security Gateways (ISG) are purpose-built, security solutions that leverage a fourth generation security ASIC, the GigaScreen3, along with high-speed microprocessors to deliver unmatched firewall and VPN performance. The Juniper Networks ISG 1000 and ISG 2000 are ideally suited for securing enterprise, carrier and data center environments where advanced applications such as VoIP and streaming media dictate consistent, scalable performance. Integrating best-in-class Deep Inspection firewall, VPN and DoS solutions, the ISG 1000 and ISG 2000 enable secure, reliable connectivity along with network and application-level protection for critical, high-traffic network segments.

• ISG 1000: The ISG 1000 is a fully integrated FW/VPN/IDP system with gigabit performance, a modular architecture, and rich virtualization capabilities. The base FW/VPN system comes with four fixed 10/100/1000 interfaces and two additional I/O modules for interface expansion.
• ISG 2000: The ISG 2000 is a fully integrated FW/VPN/IDP system with multi-gigabit performance, a modular architecture, and rich virtualization capabilities. The base FW/VPN system allows for up to four I/O modules and three security modules for IDP integration.

Optionally Integrated IDP

The ISG Series can be upgraded to support integrated Intrusion Detection and Prevention (IDP) to provide robust network and application layer protection against current and emerging threats. Leveraging the same software as found on Juniper Networks IDP platforms, but integrated into ScreenOS, the ISG Series provides a combination of best in class firewall, VPN, and IDP in a single solution. Plus, with dedicated processing modules called security modules, dedicated processing is provided to ensure multi-gigabit firewall, VPN, and IDP. With unmatched security processing power and network segmentation features, the ISG Series can be deployed to protect perimeter deployments as well as internal networks.

Optional GPRS for Mobile Networks

The ISG 1000 & ISG 2000 GPRS solutions are GPRS Tunneling Protocol (GTP) aware and are designed for the high performance security of GPRS (2.5G) and UMTS (3G) enabled mobile networks. In addition to countering sophisticated availably threats, Denial of Service (DoS) attacks, and malicious users, the ISG Series GPRS Firewall/VPN can limit messages, throttle bandwidth hungry applications that consume uplink/downlink traffic and perform 3GPP R6 IE removal to help retain interoperability in roaming between 2G and 3G networks.

Features & Benefits

Key features and benefits of the ISG 1000 and ISG 2000 include the following:

• Linear gigabit firewall and IPSec VPN throughput for all packet sizes to protect applications of all types including those that require low latency yet scalable small packet performance such as VoIP and streaming media
• Combination of GigaScreen3 ASIC and high performance CPUs deliver parallel processing for application level protection, network level protection and management to ensure multi-gigabit firewall, VPN, and IDP performance
• Optional integrated IDP upgrade protects critical high speed networks against the penetration and proliferation of existing and emerging application level threats such as worms, Trojans, Spyware and malware
• Scalability to meet future requirements, ensuring organizations' ability to leverage their investment and reduce their total cost of ownership
• Comprehensive high-availability solution for sub-second failover between interfaces or devices
• Full mesh configurations to allow for redundant physical paths in the network, thereby providing maximum resiliency and uptime
• Virtual System support to allow partitioning into multiple security domains, each with a unique set of administrators, policies, firewall/VPNs, and address books
• Interface flexibility for varying network-connectivity requirements and future growth requirements
• Virtual Router support to map internal, private, or overlapped IP addresses to a new IP address, providing an alternate route to the final destination and concealing it from public view
• Customizable security zones to increase interface density without additional hardware expenditures, lower policy-creation costs, contain unauthorized users and attacks, and simplify management of firewall/VPNs
• Transparent mode to enable the device to function as a Layer 2 IP security bridge, providing firewall, VPN, and DoS protections, with minimal change to the existing network
• Management through graphical Web UI, CLI, or Juniper Networks NetScreen-Security Manager central management system
• Policy-based management to allow centralized, end-to-end life-cycle management