DATASHEET
ISG Series
Integrated
Security
Gateways
Product Overview
The ISG Series Integrated Security
Gateways are ideally suited for
securing enterprise, carrier, and
data center environments where
advanced applications, such as
VoIP and streaming media, demand
consistent, scalable performance.
The Juniper Networks ISG1000
and ISG2000 Integrated Security
Gateways are purpose-built security
solutions that leverage a fourthgeneration security ASIC, along
with high-speed microprocessors
to deliver unmatched firewall and
VPN performance. Integrating bestin-class firewall, VPN, and optional
Intrusion Detection and Prevention,
the ISG1000 and ISG2000 enable
secure, reliable connectivity along
with network-and application-level
protection for critical, high-traffic
network segments.
Product Description
The Juniper Networks® ISG1000 and ISG2000 Integrated Security Gateways are
fully integrated firewall/VPN systems that offer multi-gigabit performance, modular
architecture and rich virtualization capabilities. They are an ideal security solution for large
enterprise, data center and service provider networks.
The ISG Series Integrated Security Gateways are firewall/VPN-based systems that deliver
security features such as intrusion prevention system (IPS), antispam, Web filtering,
and Internet Content Adaptation Protocol (ICAP) antivirus redirection support. The
advanced system is further expandable with optionally integrated Intrusion Detection and
Prevention (IDP) or as a General Packet Radio Service (GPRS) firewall/VPN for mobile
network service provider environments.
The ISG Series modular architecture enables deployment with a wide variety of copper
and fiber interface options. Highly flexible segmentation and isolation of traffic belonging
to different trust levels can be achieved using advanced features such as virtual systems,
virtual LANs, and security zones. The ISG Series Integrated Security Gateways allow
multiple, separate firewall inspection or routing policies to simplify network design. This
enables the enforcement of security policies to traffic streams—even in highly complex
environments—without significant impact on the network itself.
The flexibility and efficiency offered by the ISG Series architecture provides state-ofthe-art performance and best-in-class functionality as a firewall/VPN or integrated
firewall/VPN/IDP solution with optional security modules. The ISG1000 supports up to
two security modules, while the ISG2000 can support up to three security modules. The
security modules maintain their own dedicated processing and memory, and incorporate
technology designed to accelerate IDP packet processing. This reduces the number of
separate security devices and management applications, and simplifies deployment effort
and network complexity. The result is higher cost savings.
The ISG Series with IDP utilizes the same award-winning software found on Juniper
Networks IDP Series Intrusion Detection and Prevention Appliances. The IDP security
module supports multi-method detection, combining eight different detection
mechanisms—including stateful signatures and protocol anomaly detection. In addition
to helping businesses defend against security threats such as worms, trojans, malware,
spyware, and hackers, the ISG Series with IDP can provide information on rogue servers
as well as types and versions of the applications and operating systems that may have
inadvertently been added to the network. Application signatures go a step further by
enabling administrators to maintain compliance and enforce corporate business policies
with accurate detection of application traffic.
1
The ISG1000 and ISG2000 can be deployed in a number of
different configurations to protect both the perimeter and internal
network resources. When deployed in a mobile operator network,
the ISG1000 and ISG2000 GPRS solutions are GPRS Tunneling
Protocol (GTP) aware and fully support GTP functionality
in virtual systems. The ISG Series can be deployed at the Gp
interface connection between two Public Land Mobile Networks
(PLMN), the Gn interface connection between the SGSN and the
GGSN support nodes, and the Gi interface connection between the
GGSN and the Internet.
In addition to countering sophisticated threats, denial of service
(DoS) attacks, and malicious users, the ISG Series GPRS firewall/
VPN can limit messages, throttle bandwidth-hungry applications
that consume uplink/downlink traffic, and perform 3GPP R6 IE
removal to help retain interoperability in roaming between 2G and
3G networks.
Features and Benefits
Feature
Feature Description
Benefit
Purpose-built platform
Dedicated, security-specific processing hardware and
software platform.
Delivers the required performance to protect highspeed LAN environments.
Predictable performance
ASIC-based architecture provides linear performance
for all packet sizes at multi-gigabit speeds.
Ensures low latency in sensitive applications such as
VoIP and streaming media.
System and network resiliency
Hardware component redundancy, multiple high
availability options, and route-based VPNs.
Provides the reliability required for high-speed network
deployments.
Best-in-class network security
features
Embedded Web filtering, antispam, IPS, ICAP antivirus
redirect, and optionally integrated IDP.
Additional security features backed by best-in-class
security partners such as Symantec and SurfControl.
Interface flexibility
Modular architecture enables deployment with a wide
variety of copper and fiber interface options.
Simplifies network integration and helps to reduce the
cost of future network upgrades.
Network segmentation
Security zones, virtual LANs, and virtual routers allow
administrators to deploy security policies to isolate
guests and regional servers or databases.
Powerful capabilities facilitate deploying security for
various internal, external, and DMZ subgroups on the
network to prevent unauthorized access.
Centralized management
Centralized management of Juniper Networks firewall
and IDP products enabled through NSM.
Tight integration across multiple platforms
enables simple and intuitive network-wide security
management.
Robust routing engine
Proven routing engine supports OSPF, BGP, and RIP
v1/2, along with Frame Relay, Multilink Frame Relay,
PPP, Multilink PPP, and HDLC.
Enables the deployment of consolidated security
and routing device, thereby lowering operational and
capital expenditures.
Comprehensive threat protection
Dedicated processing modules provide best-in-class
multigigabit firewall/VPN/IDP capability in a single
solution.
Unmatched performance ensures that the network is
protected against all manner of attacks in high-speed
networks.
World-class professional services
From simple lab testing to major network
implementations, Juniper Networks Professional
Services will collaborate with your team to identify
goals, define the deployment process, create or
validate the network design, and manage the
deployment.
Transforms the network infrastructure to ensure that it
is secure, flexible, scalable, and reliable.
2
Product Options
Option
Option Description
Applicable Products
Integrated antispam
Blocks unwanted email from known spammers and
phishers, using an annually licensed antispam offering
based on Symantec technology.
ISG1000 and ISG2000
Integrated IPS (Deep Inspection)
Prevents application level attacks from flooding the
network using a combination of stateful signatures
and protocol anomaly detection mechanisms. IPS is
annually licensed.
ISG1000 and ISG2000
Integrated Web filtering
Blocks access to malicious Web sites using the
annually licensed Web filtering solution based on
SurfControl’s market-leading technology.
ISG1000 and ISG2000
ICAP antivirus redirect
ICAP antivirus content redirection allows the
implementation of a third-party/large-enterprise
antivirus solution at the perimeter.
ISG1000 and ISG2000
Optionally integrated IDP
Dedicated IDP security modules enable high-speed
packet inspection. Requires no network changes to
add full IDP functionality, helping to protect against
layer 4-7 attacks including zero-day, worms, trojans,
and spyware, etc. Additional hardware and system
upgrade required.
ISG1000 and ISG2000
Application awareness/
identification
Includes use of contexts, protocol information and
signatures to accurately identify applications on any
port. Optional IDP security module required.
ISG1000 and ISG2000
GPRS firewall/VPN for mobile
networks
Support for GPRS networks to provide stateful
firewalling and filtering capabilities that mitigate a
wide variety of attacks on the Gp, Gn, and Gi interfaces
to protect key nodes within the mobile operators’
network. Additional license required.
ISG1000 and ISG2000
ISG1000
ISG2000
3
Specifications
ISG1000
ISG2000
ScreenOS® version tested
ScreenOS 6.3
ScreenOS 6.3
Firewall performance (large packets)
2 Gbps
4 Gbps
Firewall performance (small packets)
1 Gbps
2 Gbps
Firewall packets per second (64 byte)
1.5 M PPS
3 M PPS
AES256+SHA-1 VPN performance
1 Gbps
2 Gbps
3DES+SHA-1 VPN performance
1 Gbps
2 Gbps
Maximum concurrent sessions
500,000
1,000,000
New sessions/second
20,000
23,000
Maximum security policies
10,000
30,000
Maximum users supported
Unrestricted
Unrestricted
Fixed I/O
4 10/100/1000 ports
0
Interface expansion slots
2
4
LAN interface options
Up to 8 mini-GBIC (SX, LX, or TX),
up to 8 10/100/1000,
up to 20 10/100, up to 2 10GbE
Up to 16 mini-GBIC (SX, LX, or TX),
up to 8 10/100/1000,
up to 28 10/100, up to 4 10GbE
Network attack detection
Yes
Yes
Denial of service (DoS) and distributed denial of service
(DDoS) protection
Yes
Yes
TCP reassembly for fragmented packet protection
Yes
Yes
Brute force attack mitigation
Yes
Yes
SYN cookie protection
Yes
Yes
Zone-based IP spoofing
Yes
Yes
Malformed packet protection
Yes
Yes
Maximum Performance and Capacity
3
1
Network Connectivity
Firewall
Integrated IPS (Optional Integrated IDP)2, 10
Stateful protocol signatures
Yes
Yes
Attack detection mechanisms
Stateful signatures, traffic anomaly
detection, protocol anomaly detection
(zero-day coverage), backdoor detection
Stateful signatures, traffic anomaly
detection, protocol anomaly detection
(zero-day coverage), backdoor detection
Attack response mechanisms
Drop connection, close connection, session
packet log, session summary, email, custom
Drop connection, close connection, session
packet log session summary, email, custom
Attack notification mechanisms
Session packet log, session summary, email,
SNMP, system log, WebTrends
Session packet log, session summary, email,
SNMP, system log, WebTrends
Worm protection
Yes
Yes
Simplified installation through recommended policies
Yes
Yes
Trojan protection
Yes
Yes
Spyware/adware/keylogger protection
Yes
Yes
Other malware protection
Yes
Yes
Protection against attack proliferation from infected
systems
Yes
Yes
Reconnaissance protection
Yes
Yes
4
Specifications (continued)
ISG1000
Integrated IPS (Optional Integrated IDP)
2, 10
ISG2000
(continued)
Request and response side attack protection
Yes
Yes
Compound attacks – combines stateful signatures and
protocol anomalies
Yes
Yes
Create custom attack signatures
Yes
Yes
Access contexts for customization
500+
500+
Attack editing (port range, etc.)
Yes
Yes
Stream signatures
Yes
Yes
Protocol thresholds
Yes
Yes
Stateful protocol signatures
Yes
Yes
Approximate number of attacks covered
6,700*
6,700*
Detailed threat descriptions and remediation/patch info
Yes
Yes
Enterprise security profiler
Yes
Yes
Create and enforce appropriate application-usage policies
Yes
Yes
Attacker and target audit trail and reporting
Yes
Yes
Deployment modes
In-line or in-line TAP
In-line or in-line TAP
Frequency of updates
Daily and emergency
Daily and emergency
Unified Threat Management/Content Security5
Deep Inspection signature packs4
Yes
Yes
IPS (Deep Inspection firewall)
Yes
Yes
Protocol anomaly detection
Yes
Yes
Stateful protocol signatures
Yes
Yes
IPS/Deep Inspection attack pattern obfuscation
Yes
Yes
ICAP antivirus redirection
Yes
Yes
Antispam
Yes
Yes
Integrated URL filtering
Yes
Yes
External URL filtering
Yes
Yes
H.323 ALG
Yes
Yes
SIP ALG
Yes
Yes
MGCP ALG
Yes
Yes
SCCP ALG
Yes
Yes
Yes
Yes
GTP tunnels7
200,000
400,000
GTP packet inspection (IPS or IDP)
Yes
Yes
4
6
VoIP Security
NAT for VoIP protocols
GPRS Security
10
*As of December 2011, there are 6,700 signatures with approximately 70 new signatures added monthly. Subscription to signature update service is required to receive new signatures.
5
Specifications (continued)
ISG1000
ISG2000
Concurrent VPN tunnels8
10,000
10,000
Tunnel interfaces
Up to 512
Up to 1,024
DES (56-bit), 3DES (168-bit) and AES (256-bit)
Yes
Yes
MD-5 and SHA-1 authentication
Yes
Yes
Manual key, IKE, PKI (X.509), IKEv2 with EAP
Yes
Yes
Perfect forward secrecy (DH Groups)
1, 2, 5
1, 2, 5
Prevent replay attack
Yes
Yes
Remote access VPN
Yes
Yes
L2TP within IPsec
Yes
Yes
IPsec NAT traversal
Yes
Yes
Redundant VPN gateways
Yes
Yes
Built-in (internal) database - user limit8
50,000
50,000
Third-party user authentication
RADIUS, RSA SecurID, and LDAP
RADIUS, RSA SecureID, LDAP
RADIUS accounting
Yes – start/stop
Yes – start/stop
XAUTH VPN authentication
Yes
Yes
Web-based authentication
Yes
Yes
802.1X authentication
Yes
Yes
Unified access control enforcement point
Yes
Yes
PKI Certificate requests (PKCS 7 and PKCS 10)
Yes
Yes
Automated certificate enrollment (SCEP)
Yes
Yes
Online Certificate Status Protocol (OCSP)
Yes
Yes
Certificate Authorities supported
VeriSign, Entrust, Microsoft, RSA Keon,
iPlanet (Netscape) Baltimore, DoD PKI
VeriSign, Entrust, Microsoft, RSA Keon,
iPlanet (Netscape) Baltimore, DoD PKI
Self-signed certificates
Yes
Yes
Maximum number of virtual systems
0 default, upgradeable to 50
0 default, upgradeable to 250
Maximum number of security zones
28 default, upgradeable to 128
34 default, upgradeable to 534
Maximum number of virtual routers
3 default, upgradeable to 53
3 default, upgradeable to 253
Maximum number of VLANs
4,093
4,093
BGP instances
32
64
BGP peers
64
128
BGP routes
10,000
20,000
OSPF instances
8
8
OSPF routes
4,096
6,000
RIP v1/v2 instances
Up to 12 instances supported
Up to 50 instances supported
IPsec VPN
8
User Authentication and Access Control
PKI Support
Virtualization10
Routing
6
Specifications (continued)
ISG1000
ISG2000
RIP v2 tablesize
10,000
20,000
Dynamic routing
Yes
Yes
Static routes
10,000
20,000
Source-based routing
Yes
Yes
Policy-based routing
Yes
Yes
ECMP
Yes
Yes
Multicast
Yes
Yes
Reverse path forwarding (RPF)
Yes
Yes
IGMP (v1, v2)
Yes
Yes
IGMP proxy
Yes
Yes
PIM SM
Yes
Yes
PIM SSM
Yes
Yes
Multicast inside IPsec tunnel
Yes
Yes
Dual stack IPv4/IPv6 firewall and VPN
Yes
Yes
Syn-cookie and Syn-proxy DoS attack detection
Yes
Yes
SIP, RTSP, Sun-RPC, and MS-RPC ALG’s
Yes
Yes
IPv4 to/from IPv6 translations and encapsulations
Yes
Yes
Virtualization (VSYS, security zones, VR, VLAN)
Yes
Yes
RIPng
Yes
Yes
BGP version 4
Yes
Yes
DHCPv6 Relay
Yes
Yes
NSRP (Active/Passive and Active/Active)
Yes
Yes
Transport Mode for IPv6
Yes
Yes
Layer 2 (transparent) mode7
Yes
Yes
Layer 3 (route and/or NAT) mode
Yes
Yes
Network Address Translation (NAT)
Yes
Yes
Port Address Translation (PAT)
Yes
Yes
Policy-based NAT/PAT
Yes
Yes
Mapped IP
4,096
8,192
Virtual IP (VIP)9
32
32
MIP/VIP grouping
Yes
Yes
Static
Yes
Yes
DHCP, PPPoE client
Yes, No
No, No
Internal DHCP server
Yes
No
DHCP relay
Yes
Yes
Routing (continued)
IPv6
Mode of Operation
Address Translation
Address Translation
7
Specifications (continued)
ISG1000
ISG2000
Traffic Management Quality of Service (QoS)
Maximum bandwidth
Yes - per physical interface only
Yes - per physical interface only
Jumbo frames
Yes
Yes11
DiffServ marking
Yes - per policy
Yes - per policy
Active/active - transparent & L3 mode
Yes
Yes
Active/passive
Yes
Yes
Configuration synchronization
Yes
Yes
Session synchronization for firewall and VPN
Yes
Yes
Session failover for routing change
Yes
Yes
Device failure detection
Yes
Yes
Link failure detection
Yes
Yes
Authentication for new HA members
Yes
Yes
Encryption of HA traffic
Yes
Yes
WebUI (HTTP and HTTPS)
Yes
Yes
Command line interface (console)
Yes
Yes
Command line interface (telnet)
Yes
Yes
Command line interface (SSH)
Yes
Yes
Network and Security Manager
Yes
Yes
All management via VPN tunnel on any interface
Yes
Yes
Rapid deployment
Yes
Yes
Local administrator database size
256
256
External administrator database support
RADIUS, LDAP
RADIUS, LDAP
Restricted administrative networks
Yes
Yes
Root Admin, Admin, and Read Only user levels
Yes
Yes
Software upgrades
Yes
Yes
Configuration rollback
Yes
Yes
Syslog (multiple servers)
Yes
Yes
Email (two addresses)
Yes
Yes
NetIQ WebTrends
Yes
Yes
SNMP (v2)
Yes
Yes
SNMP full/custom MIB
Yes
Yes
Traceroute
Yes
Yes
VPN tunnel monitor
Yes
Yes
11
High Availability (HA)
System Management
Administration
Logging/Monitoring
8
Specifications (continued)
ISG1000
ISG2000
Additional log storage
Supports 1 GB or 2 GB industrial-grade
SanDisk
Supports 1 GB or 2 GB industrial-grade
SanDisk
Event logs and alarms
Yes
Yes
System configuration script
Yes
Yes
ScreenOS Software
Yes
Yes
Dimensions (W x H x D)
17.5 x 5.25 x 17.3 in
(44.5 x 13.3 x 43.9 cm)
17.5 x 5.25 x 23 in
(44.5 x 13.3 x 58.4 cm)
Weight
30 lb/14 kg
50 lb/23 kg
Rack-mountable
Yes, 3 RUs
Yes, 3 RUs
Power supply (AC)
Single, field upgradeable
Dual, redundant
Power supply (DC)
Single, field upgradeable
Dual, redundant
Maximum thermal output
444 BTU/hour (W)
537 BTU/hour (W)
Safety certifications
UL, CUL, CSA, CB
UL, CUL, CSA, CB
EMC certifications
FCC class A, CE class A, C-Tick, VCCI class A
FCC class A, CE class A, C-Tick, VCCI class A
NEBS
Yes
Yes
MTBF (Bellcore model)
7.6 years
7.6 years
Common Criteria: EAL4 and EAL4+
Yes
Yes
FIPS 140-2: Level 2
Yes
Yes
ICSA firewall and VPN
Yes
Yes
Operating temperature
32° to 122° F (0° to 50° C)
32° to 122° F (0° to 50° C)
Nonoperating temperature
- 4° to 158° F (-20° to 70° C)
- 4° to 158° F (-20° to 70° C)
Humidity
10% to 90% noncondensing
10% to 90% noncondensing
External Flash
Dimensions and Power
Certifications
Security Certifications
Operating Environment
1. Performance, capacity, and features listed are based upon systems running ScreenOS 6.3 and are the measured maximums under ideal testing conditions unless otherwise noted. Actual results
may vary based on ScreenOS release and by deployment. For a complete list of supported ScreenOS versions for ISG1000 and ISG2000 gateways, please visit the Juniper Customer Support Center
(www.juniper.net/customers/support/).
2. Additional IDP license and hardware upgrade required.
3. Concurrent sessions listed are based upon maximums with current shipping ISG Series hardware. Older ISG Series units may need the optional memory upgrade to achieve maximum concurrent
session capacity. Firewall/VPN concurrent sessions maximum for older ISG Series units without the optional memory upgrade are 250,000 for the ISG1000 and 500,000 for the ISG2000. Older
ISG Series units with the optional IDP upgrades installed already have the maximum concurrent session capacity and do not require a memory upgrade.
4. IPS (Deep Inspection firewall) is automatically disabled when optionally integrated IDP is installed.
5.Security features (IPS/Deep Inspection, antispam and Web filtering) are delivered by annual subscriptions purchased separately from Juniper Networks. Annual subscriptions provide signature
updates and associated support.
6. Redirect Web filtering sends traffic to a secondary server and therefore entails purchasing a separate Web filtering license from either Websense or SurfControl.
7. NAT, PAT, policy-based NAT, virtual IP, mapped IP, virtual routers, VLANs, OSPF, BGP, RIPv2, active/active HA, and IP address assignment are not available in layer 2 transparent mode.
8. Shared among all virtual systems.
9. Not available with virtual systems.
10.Additional license required.
11. Requires 4-port mini GBIC modules - NS-ISG-SX4, NS-ISG-LX4 or NS-ISG-TX4.
9
Licensing Options
The ISG1000 and ISG2000 are available with two licensing options to provide two different levels of functionality and capacity:
Advanced Models: the Advanced software license provides all of the features and capacities listed within this spec sheet.
Baseline Models: the Baseline software license provides an entry-level solution for customer environments where features such as Deep
Inspection, OSPF and BGP dynamic routing, advanced High Availability, and full capacity are not critical requirements.
The following table shows the features and capacities that differ between the Baseline and Advanced models:
Baseline
Advanced
ISG1000
ISG2000
ISG1000
ISG2000
Sessions
125,000
256,000
500,000
1,000,000
Concurrent VPN tunnels
1,000
1,000
10,000
10,000
Deep Inspection firewall
No
No
Yes
Yes
VLANs
50
100
4,093
4,093
OSPF/BGP
No
No
Yes
Yes
High availability (HA)
A/P
A/P
A/A
A/A
Integrated IDP
No
No
Optional upgrade
Optional upgrade
GTP inspection
No
No
Optional upgrade
Optional upgrade
Juniper Networks Services and Support
Juniper Networks is the leader in performance-enabling services that are designed to accelerate, extend, and optimize your highperformance network. Our services allow you to maximize operational efficiency while reducing costs and minimizing risk, achieving a
faster time to value for your network. Juniper Networks ensures operational excellence by optimizing the network to maintain required
levels of performance, reliability, and availability. For more details, please visit www.juniper.net/us/en/products-services.
10
Ordering Information
Model Number
Description
ISG1000 Systems
NS-ISG-1000
ISG1000 system (includes DC power supply,
no I/O cards)
NS-ISG-1000B
ISG1000 baseline system (includes AC
power supply, no I/O cards)
ISG1000 baseline system (includes DC
power supply, no I/O cards)
ISG2000 Systems
NS-ISG-2000
ISG2000 system (includes AC power
supplies, no I/O cards)
NS-ISG-2000-DC
ISG2000 system (includes DC power
supplies, no I/O cards)
NS-ISG-2000B
NS-ISG-2000B-DC
Description
ISG1000 Software Options
ISG1000 system (includes AC power supply,
no I/O cards)
NS-ISG-1000-DC
NS-ISG-1000B-DC
Model Number
ISG2000 baseline system (includes AC
power supplies, no I/O cards)
ISG2000 baseline system (includes DC
power supplies, no I/O cards)
Integrated IDP Upgrades
NS-ISG-1000-VSYS-5
VSYS upgrade 0 to 5
NS-ISG-1000-VSYS-10
VSYS upgrade 5 to 10
NS-ISG-1000-VSYS-25
VSYS upgrade 10 to 25
NS-ISG-1000-VSYS-50
VSYS upgrade 25 to 50
NS-ISG-1000-GKT
GPRS firewall/VPN license
ISG2000 Software Options
NS-ISG-2000-VSYS-5
VSYS upgrade 0 to 5
NS-ISG-2000-VSYS-25
VSYS upgrade 5 to 25
NS-ISG-2000-VSYS-50
VSYS upgrade 25 to 50
NS-ISG-2000-VSYS-100
VSYS upgrade 50 to 100
NS-ISG-2000-VSYS-250
VSYS upgrade 100 to 250
NS-ISG-2000-GKT
GPRS firewall/VPN license
ISG1000 and ISG2000 Spares
NS-SYS-GBIC-MSX
SX transceiver (mini-GBIC)
NS-SYS-GBIC-MLX
LX transceiver (mini-GBIC)
NS-ISG-SEC
Security module for IDP on ISG1000 and
ISG2000 systems
NS-ISG-1000-PWR-AC
ISG1000 AC power supply
NS-ISG-1000-IKT
IDP upgrade kit for ISG1000 system,
including IDP license key, additional memory,
and 5-device NSM
NS-ISG-1000-PWR-DC
ISG1000 DC power supply
NS-ISG-2000-PWR-AC2
ISG2000 AC power supply
NS-ISG-2000-PWR-DC2
ISG2000 DC power supply
NS-ISG-2000-Japan
Japan power cord option
NS-ISG-FAN
Fan module
NS-ISG-2000-RCK-01
Rack-mount kit (19 in, all mounting
hardware)
NS-ISG-2000-IKT
IDP upgrade kit for ISG2000 system,
including IDP license key, additional memory,
and 5-device NSM
ISG1000 and ISG2000 I/O Modules
NS-ISG-1XG
I/O Module - 1-port 10-Gigabit Ethernet does NOT include transceiver
NS-ISG-2000-RCK-02
NS-SYS-GBIC-MXSR
Transceiver - XFP 10GbE Short Range (SR)
(300 m)
Rack-mount kit (23 in, all mounting
hardware)
NS-ISG-IPAN2
Blank interface panel
NS-SYS-GBIC-MXLR
Transceiver - XFP 10GbE Long Range (LR)
(10 km)
NS-ISG-2000-PPAN2
ISG2000 blank power supply cover
NS-ISG-SX2
I/O Module - 2-port mini GBIC-SX
NS-ISG-LX2
I/O Module - 2-port mini GBIC-LX
NS-ISG-SX4
I/O Module - 4-port mini GBIC-SX
NS-ISG-LX4
I/O Module - 4-port mini GBIC-LX
NS-ISG-TX4
I/O Module - 4-port mini GBIC-TX
NS-ISG-FE4
I/O Module - 4-port 10/100 Fast Ethernet
NS-ISG-FE8
I/O Module - 8-port 10/100 Fast Ethernet
NS-ISG-TX2
I/O Module - 2-port 10/100/1000 Gigabit
Ethernet
Note: The appropriate power cord is included based upon the sales order “Ship To” destination.
Every virtual system includes 1 additional virtual router and 2 additional security zones,
usable in the virtual or root system.
About Juniper Networks
Juniper Networks is in the business of network innovation. From
devices to data centers, from consumers to cloud providers,
Juniper Networks delivers the software, silicon and systems that
transform the experience and economics of networking. The
company serves customers and partners worldwide. Additional
information can be found at www.juniper.net.
11
Corporate and Sales Headquarters
APAC Headquarters
EMEA Headquarters
Juniper Networks, Inc.
Juniper Networks (Hong Kong)
Juniper Networks Ireland
1194 North Mathilda Avenue
26/F, Cityplaza One
Airside Business Park
Sunnyvale, CA 94089 USA
1111 King’s Road
Swords, County Dublin, Ireland
Phone: 888.JUNIPER (888.586.4737)
Taikoo Shing, Hong Kong
Phone: 35.31.8903.600
or 408.745.2000
Phone: 852.2332.3636
EMEA Sales: 00800.4586.4737
Fax: 408.745.2100
Fax: 852.2574.7803
Fax: 35.31.8903.601
www.juniper.net
Copyright 2012 Juniper Networks, Inc. All rights reserved. Juniper Networks, the Juniper Networks logo, Junos,
NetScreen, and ScreenOS are registered trademarks of Juniper Networks, Inc. in the United States and other
countries. All other trademarks, service marks, registered marks, or registered service marks are the property of
their respective owners. Juniper Networks assumes no responsibility for any inaccuracies in this document. Juniper
Networks reserves the right to change, modify, transfer, or otherwise revise this publication without notice.
1100036-009-EN
12
Mar 2012
Printed on recycled paper
To purchase Juniper Networks solutions,
please contact your Juniper Networks
representative at 1-866-298-6428 or
authorized reseller.