• Purpose-built, high-performance integrated security gateways designed to deliver scalable network and application security for large enterprise, carrier and data center networks
• Enables secure, reliable connectivity and network and application-level protection for the network gateway
• Delivers linear firewall and IPSec VPN performance, for all packet sizes, at gigabit levels to support applications that require low latency and small packet throughput

The Juniper Networks Integrated Security Gateways (ISG) are purpose-built, security solutions that leverage a fourth generation security ASIC, the GigaScreen3, along with high-speed microprocessors to deliver unmatched firewall and VPN performance. The Juniper Networks ISG 1000 and ISG 2000 are ideally suited for securing enterprise, carrier and data center environments where advanced applications such as VoIP and streaming media dictate consistent, scalable performance. Integrating best-in-class Deep Inspection firewall, VPN and DoS solutions, the ISG 1000 and ISG 2000 enable secure, reliable connectivity along with network and application-level protection for critical, high-traffic network segments.

• ISG 1000: The ISG 1000 is a fully integrated FW/VPN/IDP system with gigabit performance, a modular architecture, and rich virtualization capabilities. The base FW/VPN system comes with four fixed 10/100/1000 interfaces and two additional I/O modules for interface expansion.

The ISG Series can be upgraded to support integrated Intrusion Detection and Prevention (IDP) to provide robust network and application layer protection against current and emerging threats. Leveraging the same software as found on Juniper Networks IDP platforms, but integrated into ScreenOS, the ISG Series provides a combination of best in class firewall, VPN, and IDP in a single solution. Plus, with dedicated processing modules called security modules, dedicated processing is provided to ensure multi-gigabit firewall, VPN, and IDP. With unmatched security processing power and network segmentation features, the ISG Series can be deployed to protect perimeter deployments as well as internal networks.

Key features and benefits of the ISG 1000 and ISG 2000 include the following:

• Linear gigabit firewall and IPSec VPN throughput for all packet sizes to protect applications of all types including those that require low latency yet scalable small packet performance such as VoIP and streaming media
• Combination of GigaScreen3 ASIC and high performance CPUs deliver parallel processing for application level protection, network level protection and management to ensure multi-gigabit firewall, VPN, and IDP performance
• Optional integrated IDP upgrade protects critical high speed networks against the penetration and proliferation of existing and emerging application level threats such as worms, Trojans, Spyware and malware
• Scalability to meet future requirements, ensuring organizations' ability to leverage their investment and reduce their total cost of ownership
• Comprehensive high-availability solution for sub-second failover between interfaces or devices
• Full mesh configurations to allow for redundant physical paths in the network, thereby providing maximum resiliency and uptime
• Virtual System support to allow partitioning into multiple security domains, each with a unique set of administrators, policies, firewall/VPNs, and address books
• Interface flexibility for varying network-connectivity requirements and future growth requirements
• Virtual Router support to map internal, private, or overlapped IP addresses to a new IP address, providing an alternate route to the final destination and concealing it from public view
• Customizable security zones to increase interface density without additional hardware expenditures, lower policy-creation costs, contain unauthorized users and attacks, and simplify management of firewall/VPNs
• Transparent mode to enable the device to function as a Layer 2 IP security bridge, providing firewall, VPN, and DoS protections, with minimal change to the existing network
• Management through graphical Web UI, CLI, or Juniper Networks NetScreen-Security Manager central management system
• Policy-based management to allow centralized, end-to-end life-cycle management

ISG Series Data Sheet

ISG Series with IDP Data Sheet

Integrated IDP

The Juniper Networks Integrated Security Gateway (ISG) Series with IDP tightly integrates the same software found on Juniper Networks' IDP platform into ScreenOS to provide unmatched application level protection against worms, Trojans, Spyware, and malware. The ISG Series delivers gigabit plus IDP performance through a combination of a fourth generation security ASIC, the GigaScreen3, high-speed microprocessors and pluggable security modules each with their own processing and memory.

• ISG 1000: The ISG 1000 with IDP uses up to two security modules to deliver up to 1Gbps of IDP throughput to deliver application level protection. The ISG 1000 comes with four fixed 10/100/1000 interfaces and two additional I/O modules for interface expansion.

The ISG Series with IDP provides the throughput and networking features that are required to protect high speed perimeter and internal network deployments where advanced applications such as VoIP and streaming media dictate network and application level protection with consistent, scalable performance. A stateful inspection firewall, along with an IPSec VPN and robust networking capabilities complement the integrated IDP functionality to deliver secure, reliable connectivity for critical, high-traffic network segments. The ISG Series with IDP includes the following features:

• Application level protection: Unmatched security processing power and network segmentation features allow the ISG Series to protect critical high-speed networks against the penetration and proliferation of existing and emerging application level threats such as worms, Trojans, Spyware, and malware. With multiple attack detection mechanisms including stateful signatures and protocol anomaly, IDP performs in-depth analysis of application protocol, context and state to deliver Zero Day coverage against existing and emerging threats.
• Network friendly: To simplify network deployments, the IDP functionality is seamlessly integrated with ScreenOS and takes full advantage of proven networking features such as dynamic routing, including OSPF, BGP, and RIP; multiple routing domains via virtual routers; and NAT/Route/Transparent deployment options. Seamless ScreenOS integration also means that IDP attack protection can be deployed across Virtual Systems and Security Zones to stop attacks from penetrating or proliferating throughout the network.
• Policy-based management:Using granular, rule-by-rule flexibility provided by NetScreen-Security Manager, administrators can deploy IDP inline or inline-tap mode on a per rule, per protocol basis. Role based administration allows a security team to delegate management authority to appropriate personnel, allowing one team to manage only the IDP component while others can manage firewall, VPN or other tasks. Attack and incident investigation as well as auditing and reporting for compliance purposes are managed easily and quickly with the NetScreen-Security Manager's intuitive graphical user interface.