Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Juniper Networks' ISG-2000 with IDP

Juniper's NetScreen Security Manager

Click to Enlarge

The ISG-2000 firewall is a hefty unit, coming in at just over 50 lbs. This size accommodates three internal expansion slots. Juniper says each IDP module can support between 500 Mbps and 650 Mbps of traffic, depending on the mix, but traffic loading of the IDP is not an all-or-nothing scenario--you can selectively allocate traffic flows to the IDP and leave others for basic firewalling.

We racked this fully loaded firewall into our test rig and began the brutalization process. Juniper has finally integrated the IDP and firewall management platforms into the beta of the NSM (NetScreen Security Manager) we tested as well, which made configuration much easier.

Adding Ingredients

Using the test environment from our firewall blowout gave us fully loaded internal, external and DMZ network ranges with clients and servers distributed across each. Using two pair of Spirent Avalanche and Reflectors, we created 500 Mbps of multidirectional HTTP traffic (transactions of 4-KB, 16-KB and 64-KB sizes) emulating up to 150 servers and 22,000 clients. We then injected attacks into those streams. The test was harsh: We were flexing state tables from multiple directions, the firewall rule set we deployed had more than 400 rules, and we enabled IDP rules incrementally throughout testing.

  • 1