NetScreen-1000

Product at a Glance

Firewall

Stateful inspection firewall able to maintain 500,000 concurrent connections while at the same time providing detection and blocking of common denial of service attacks.

VPN

1 Gbps throughput and 25,000 IPSec tunnels for large site-to- site and remote-access VPNs.

High Availability

Optional software module can provide support for hot standby redundant unit that is able to maintain current sessions and VPN tunnels.

Virtual Systems

Allows for multi-tenant configuration where each of 100 Virtual Systems can have its own set of policies. Allows ASPs and web hosters to provide managed firewall and VPN services.

Manageability

Extensive CLI and embedded web server provide powerful management.

Product Overview

The NetScreen-1000, Gigabit Security System, is an Internet security system for the most demanding data center environments including: e-business sites, web hosting sites and ASPs. NetScreen integrates firewall and VPN security functionality with Gigabit Ethernet throughput. By combining parallel processing with the hardware acceleration of NetScreen's GigaScreen ASIC, the fastest firewall and encryption acceleration engine available, the NetScreen-1000 delivers the highest performance needed for broadband data applications. The NetScreen-1000's scalable architecture ensures long-term growth, as your traffic needs increase, ensuring years of continued protection. The NetScreen-1000 can easily integrate into the most demanding environments.

• Gigabit Security System

  Firewall: Stateful inspection - up to 500,000 concurrent sessions
  VPN: Up to 25,000 IPSec tunnels

• "Multi-tenant" architecture

  100 Virtual Systems, each an unique security domain with its own address book, policies and management

• Gigabit Security System

  Mirrored configuration maintains active sessions through a failure
  Hot swappable power supplies, fans, cards

Hardware components

• Chassis: 8 slots, 19-inch rack mountable.

• Switch module: Provides data packet interfaces with two Gigabit Ethernet ports: trusted and untrusted. Provides 6 Gbps switch fabric.

• Processor module: Session management, firewall security and VPN.

• Auxiliary module: Management interface contains a separate out- of-band management port, a console port and a high availability interface.

• Power supply: Redundant AC power supplies with dual AC power cords. Option for DC power supplies

• Full system: Chassis, switch module, six processor modules, auxiliary module, two power supplies and full software features.

• Starter system: Chassis, switch module, two processor modules, auxiliary module, two power supplies, firewall software.

• Optional software: Every NetScreen-1000 comes with NetScreen's award winning firewall software. Add on other software modules such as VPN and high availability

E-Business Application

Today's e-business site is the life-blood of many companies. Your success depends on your web site. It costs a lot to bring a prospect to your site, but if they have to wait more than a few seconds, they are gone - probably for good. You need high-performance firewall security, but conventional software-based firewalls just can't keep up with the demands of e-business sites. Heavy bursts of traffic and common hacker attacks, like SYN flood attacks, can bring conventional software based fire-walls to their knees.
 
The wrong firewall can put your e-business out of business. E-business sites now support tens of thousands of concurrent users. Network security devices need to support large numbers of concurrent users and respond to thousands of simultaneous requests. Today's firewall products based on commercial operating systems do not have the capability to scale to this level. Many sites today rely on additional network devices to load balance across multiple firewalls.
 
Multiple firewalls make management all that more difficult as administrators try to synchronize policies across the multiple firewalls. The NetScreen-1000, with its ability to scale up to 500,000 concurrent connections, supports the demands that a high- traffic E-business site requires. Since it is typical to have the site hosted at a co-location facility, the NetScreen-1000 supports VPN features allowing a means to access orders or data collected from the site securely as the data is tunneled back to the corporate office or order fulfillment facility.

 

 

The NetScreen-1000 supports high availability with a hot standby unit. NetScreen's high-availability software option can maintain con-current connections along with existing VPN tunnels. This insures that even in the event of a system failure, sessions are maintained and customers do not suffer the slightest inconvenience that causes them to go elsewhere.

Web Hosting Security Solution

Today's hot e-business companies locate servers at web hosting or co-location facilities to provide quick responses to their customers. Many are focused on their core competencies and require that the web host facility provide network services that include security. The NetScreen- 1000 allows for managed firewall and VPN security offerings. Its multi- tenant architecture of Virtual Systems within a system provides for a convenient method to manage multiple customers with one system. Each Virtual System can have its own set of polices that can be set based on the individual customer's requirements. Each Virtual System's traffic can be secured to the customer's rack by deploying IEEE 802.1q VLAN tags between the NetScreen-1000 and a switch, and then providing private, secure links from the switch to the customer rack.

 

NetScreen-1000's high throughput and redundancy insures that network performance is never compromised. Gigabit Ethernet interfaces easily integrate into the co-location sites advanced net-work infrastructure. NetScreen's high-availability option provides that redundant systems can maintain customer's sessions as well as existing VPN tunnels.

ASP Application

The Application Service Provider (ASP) model is based upon centrally hosted applications that are securely delivered across the internet to customer sites. IPSec VPN tunnels provide the secure connection to the customer. NetScreen's family of security appliances provides the ASP with different price performance points depending on the customer's requirements. The NetScreen-100 can handle 128,000 concurrent connections supporting large organizations. The NetScreen-10 can support branch offices with hundreds of users connecting to the ASP. In addition, the NetScreen-5 can support small offices with only a few employees, up to 25. The NetScreen-5 can also be used for telecommuters accessing via the latest broadband technology. Each NetScreen security appliance can be managed remotely with NetScreen-Global Manager. The NetScreen-1000 resides at the ASP's hosting site where it is able to terminate thousands of VPN tunnels originating from the customer's locations. The NetScreen-1000 can provide Virtual System support for each customer allowing the ASP to set unique policies and VPNs for each customer.

Virtual Systems allow the ASP to view each customer's VPN tunnels as a separate system as though each customer has his own dedicated security appliance which allows for quick viewing and editing of that customer's security policy.

Enterprise security solution

Enterprise security requires the ability to handle a large number of concurrent sessions. Enterprises will have multiple servers that either remote sites access or remote users access. Enterprise sites host multiple servers that provide e-mail, web, ftp, NFS or other application servers that support large numbers of concurrent users with multiple connections. In addition, deployment of large server farms, all connected via Gigabit Ethernet, requires internal firewall protection as more business applications are provided via the IP network. Enterprise sites are also increasing the size of their Internet connections as more and more services are provided via the Internet. It is not uncommon to have sites with either multiple T3 or OC3 connections that need to be secured.

Enterprises also need to support high speed VPN as they connect to other large campus sites which require their own large Internet connection pipe providing the ability to do video conferencing or connecting large server/mainframe databases together. They also require support for a large number of VPN tunnels as they connect their branch offices and remote office together replacing costly frame relay services. They also require support for large numbers of telecommuters who will be using the latest broadband technology to access the corporate network.

Specifications:

Performance: 1 Gigabit wire-speed firewall and NAT, 1 Gigabit 3DES IPSec VPN performance
VPN: IPSec, DES, Triple-DES, Automated Key Exchange - (IKE ISAKMP), MD5, SHA-1: Up to 25,000 IPSec tunnels
Firewall: 1-Gigabit wire-speed stateful-inspection, 500,000 concurrent sessions, up to 40,000 advanced access screening policies, Network Address Translation (NAT), Port Address Translation (PAT), transparent mode, dynamic filter, ICSA certified, URL blocking via WebSENSE Server Advanced features: VLAN: IEEE 802.1q VLAN Tag support per Virtual Interface per Virtual System, Virtual Systems: Multi-tenant architecture provides up to 100 Virtual Systems within a system, High availability: Redundant processing modules and power supply; fail over of processing modules, System Redundancy: 1+1 redundancy. Maintains firewall and VPN session state through failover, Expansion: up to 6 processor modules. Minimum 2 modules required
System management: WebUI, Telnet, Console interface (CLI), 3DES encrypted sessions
Logging and monitoring: SYSLOG, WebTrends, E-mail, SNMP, SNMP MIB-II, SNMP generic traps, SNMPv2
Standards supported ARP, TCP/IP, UDP, ICMP, HTTP, RADIUS, IPSec (IPESP), MD5, SHA-1, DES, Triple-DES, IKE, (ISAKMP) Interfaces: Two Gigabit Ethernet SC connector based ports (Trusted and Untrusted), Separate Out of band Management port (10/100Base- T Ethernet), Separate high availability port (10/100Base-T Ethernet), One RS232 console port and one RS232 modem port
Software upgrades: Via web browser or TFTP server
Power: AC power Input: 95 - 240 variable (47 to 63 Hz), DC 48 v option, power consumption: 350 watts
Dimensions: Size: Width: 17.5 inches, Height: 17.5 inches, Depth: 17.75 inches Standard 19 inch rack mountable Weight: 50 lbs. (approximate)
Certification: Safety Certification: UL 1950, CE; EMI: FCC Part 15 class A, CE
Environmental: Temperature: 32 to 131 F (0 to 55 c), Relative Humidity: 10 to 90% non-condensing operating

 

home | search | products | services | research | company | partners | downloads | contact

Please contact our Webmaster with any questions or comments.

Copyright 1999, 2000, 2001 I.D.T., Inc.. All rights reserved.