DATASHEET ISG Series Integrated Security Gateways Product Overview Juniper Networks ISG Series Integrated Security Gateways are ideally suited for securing enterprise, carrier, and Product Description The Juniper Networks® ISG1000 and ISG2000 Integrated Security Gateways are fully integrated firewall/VPN systems that offer multi-gigabit performance, modular architecture and rich virtualization capabilities. They are an ideal security solution for large enterprise, data center and service provider networks. data center environments where The Juniper Networks ISG Series Integrated Security Gateways are firewall/VPN- advanced applications, such as based systems that deliver security features such as intrusion prevention system (IPS), VoIP and streaming media, demand antispam, Web filtering, and Internet Content Adaptation Protocol (ICAP) antivirus consistent, scalable performance. redirection support. The advanced system is further expandable with optionally integrated The Juniper Networks ISG1000 and Intrusion Detection and Prevention (IDP) or as a General Packet Radio Service (GPRS) ISG2000 Integrated Security Gateways firewall/VPN for mobile network service provider environments. are purpose-built security solutions The ISG Series modular architecture enables deployment with a wide variety of copper that leverage a fourth- generation and fiber interface options. Highly flexible segmentation and isolation of traffic belonging security ASIC, along with high-speed to different trust levels can be achieved using advanced features such as virtual systems, microprocessors to deliver unmatched virtual LANs, and security zones. The ISG Series Integrated Security Gateways allow firewall and VPN performance. multiple, separate firewall inspection or routing policies to simplify network design. This Integrating best-in-class firewall, VPN, enables the enforcement of security policies to traffic streams—even in highly complex and optional Intrusion Detection and environments—without significant impact on the network itself. Prevention, the ISG1000 and ISG2000 enable secure, reliable connectivity along with network-and applicationlevel protection for critical, high-traffic network segments. The flexibility and efficiency offered by the ISG Series architecture provides state-ofthe-art performance and best-in-class functionality as a firewall/VPN or integrated firewall/VPN/IDP solution with optional security modules. The ISG1000 supports up to two security modules, while the ISG2000 can support up to three security modules. The security modules maintain their own dedicated processing and memory, and incorporate technology designed to accelerate IDP packet processing. This reduces the number of separate security devices and management applications, and simplifies deployment effort and network complexity. The result? Higher cost savings. The ISG Series with IDP utilizes the same award-winning software found on Juniper Networks IDP Series Intrusion Detection and Prevention Appliances. The IDP security module supports multi-method detection, combining eight different detection mechanisms—including stateful signatures and protocol anomaly detection. In addition to helping businesses defend against security threats such as worms, trojans, malware, 1 spyware, and hackers, the ISG Series with IDP can provide in virtual systems. The ISG Series can be deployed at the Gp information on rogue servers as well as types and versions of the interface connection between two Public Land Mobile Networks applications and operating systems that may have inadvertently (PLMN), the Gn interface connection between the SGSN and the been added to the network. Application signatures go a step GGSN support nodes, and the Gi interface connection between the further by enabling administrators to maintain compliance and GGSN and the Internet. enforce corporate business policies with accurate detection of application traffic. In addition to countering sophisticated threats, denial of service (DoS) attacks, and malicious users, the ISG Series GPRS firewall/ The ISG1000 and ISG2000 can be deployed in a number of VPN can limit messages, throttle bandwidth-hungry applications different configurations to protect both the perimeter and internal that consume uplink/downlink traffic, and perform 3GPP R6 IE network resources. When deployed in a mobile operator network, removal to help retain interoperability in roaming between 2G and the ISG1000 and ISG2000 GPRS solutions are GPRS Tunneling 3G networks. Protocol (GTP) aware and fully support GTP functionality Features and Benefits Feature Feature Description Benefit Purpose-built platform Dedicated, security-specific processing hardware and software platform. Delivers the required performance to protect highspeed LAN environments. Predictable performance ASIC-based architecture provides linear performance for all packet sizes at multi-gigabit speeds. Ensures low latency in sensitive applications such as VoIP and streaming media. System and network resiliency Hardware component redundancy, multiple high availability options, and route-based VPNs. Provides the reliability required for high-speed network deployments. Best-in-class network security features Embedded Web filtering, antispam, IPS, ICAP antivirus redirect, and optionally integrated IDP. Additional security features backed by best-in-class security partners such as Symantec and SurfControl. Interface flexibility Modular architecture enables deployment with a wide variety of copper and fiber interface options. Simplifies network integration and helps to reduce the cost of future network upgrades. Network segmentation Security zones, virtual LANs, and virtual routers allow administrators to deploy security policies to isolate guests and regional servers or databases. Powerful capabilities facilitate deploying security for various internal, external, and DMZ subgroups on the network to prevent unauthorized access. Centralized management Centralized management of Juniper Networks firewall and IDP products enabled through NSM. Tight integration across multiple platforms enables simple and intuitive network-wide security management. Robust routing engine Proven routing engine supports OSPF, BGP, and RIP v1/2, along with Frame Relay, Multilink Frame Relay, PPP, Multilink PPP, and HDLC. Enables the deployment of consolidated security and routing device, thereby lowering operational and capital expenditures. Comprehensive threat protection Dedicated processing modules provide best-in-class multigigabit firewall/VPN/IDP capability in a single solution. Unmatched performance ensures that the network is protected against all manner of attacks in high-speed networks. World-class professional services From simple lab testing to major network implementations, Juniper Networks Professional Services will collaborate with your team to identify goals, define the deployment process, create or validate the network design, and manage the deployment. Transforms the network infrastructure to ensure that it is secure, flexible, scalable, and reliable. 2 Product Options Option Option Description Applicable Products Integrated antispam Blocks unwanted email from known spammers and phishers, using an annually licensed antispam offering based on Symantec technology. ISG1000 and ISG2000 Integrated IPS (Deep Inspection) Prevents application level attacks from flooding the network using a combination of stateful signatures and protocol anomaly detection mechanisms. IPS is annually licensed. ISG1000 and ISG2000 Integrated Web filtering Blocks access to malicious Web sites using the annually licensed Web filtering solution based on SurfControl’s market-leading technology. ISG1000 and ISG2000 ICAP antivirus redirect ICAP antivirus content redirection allows the implementation of a third-party/large-enterprise antivirus solution at the perimeter. ISG1000 and ISG2000 Optionally integrated IDP Dedicated IDP security modules enable high-speed packet inspection. Requires no network changes to add full IDP functionality, helping to protect against layer 4-7 attacks including zero-day, worms, trojans, and spyware, etc. Additional hardware and system upgrade required. ISG1000 and ISG2000 Application awareness/ identification Includes use of contexts, protocol information and signatures to accurately identify applications on any port. Optional IDP security module required. ISG1000 and ISG2000 GPRS firewall/VPN for mobile networks Support for GPRS networks to provide stateful firewalling and filtering capabilities that mitigate a wide variety of attacks on the Gp, Gn, and Gi interfaces to protect key nodes within the mobile operators’ network. Additional license required. ISG1000 and ISG2000 ISG1000 ISG2000 3 Specifications ISG1000 ISG2000 ScreenOS® version tested ScreenOS 6.2 ScreenOS 6.2 Firewall performance (large packets) 2 Gbps 4 Gbps Firewall performance (small packets) 1 Gbps 2 Gbps Firewall packets per second (64 byte) 1.5 M PPS 3 M PPS AES256+SHA-1 VPN performance 1 Gbps 2 Gbps 3DES+SHA-1 VPN performance 1 Gbps 2 Gbps Maximum Performance and Capacity 1 Maximum concurrent sessions 500,000 1,000,000 New sessions/second 20,000 23,000 Maximum security policies 10,000 30,000 Maximum users supported Unrestricted Unrestricted Fixed I/O 4 10/100/1000 ports 0 Interface expansion slots 2 4 LAN interface options Up to 8 mini-GBIC (SX, LX, or TX), up to 8 10/100/1000, up to 20 10/100, up to 2 10GbE Up to 16 mini-GBIC (SX, LX, or TX), up to 8 10/100/1000, up to 28 10/100, up to 4 10GbE Network attack detection Yes Yes Denial of service (DoS) and distributed denial of service (DDoS) protection Yes Yes TCP reassembly for fragmented packet protection Yes Yes Brute force attack mitigation Yes Yes SYN cookie protection Yes Yes Zone-based IP spoofing Yes Yes Malformed packet protection Yes Yes Stateful protocol signatures Yes Yes Attack detection mechanisms Stateful signatures, traffic anomaly detection, protocol anomaly detection (zero-day coverage), backdoor detection Stateful signatures, traffic anomaly detection, protocol anomaly detection (zero-day coverage), backdoor detection Attack response mechanisms Drop connection, close connection, session packet log, session summary, email, custom Drop connection, close connection, session packet log session summary, email, custom Attack notification mechanisms Session packet log, session summary, email, SNMP, system log, WebTrends Session packet log, session summary, email, SNMP, system log, WebTrends 3 Network Connectivity Firewall Integrated IPS (Optional Integrated IDP)2, 10 Worm protection Yes Yes Simplified installation through recommended policies Yes Yes Trojan protection Yes Yes Spyware/adware/keylogger protection Yes Yes Other malware protection Yes Yes Protection against attack proliferation from infected systems Yes Yes Reconnaissance protection Yes Yes 4 Specifications (continued) ISG1000 ISG2000 Integrated IPS (Optional Integrated IDP)2, 10 (continued) Request and response side attack protection Yes Yes Compound attacks – combines stateful signatures and protocol anomalies Yes Yes Create custom attack signatures Yes Yes Access contexts for customization 500+ 500+ Attack editing (port range, etc.) Yes Yes Stream signatures Yes Yes Protocol thresholds Yes Yes Stateful protocol signatures Yes Yes Approximate number of attacks covered 6,500+* 6,500+* Detailed threat descriptions and remediation/patch info Yes Yes Enterprise security profiler Yes Yes Create and enforce appropriate application-usage policies Yes Yes Attacker and target audit trail and reporting Yes Yes Deployment modes In-line or in-line TAP In-line or in-line TAP Frequency of updates Daily and emergency Daily and emergency Deep Inspection signature packs4 Yes Yes IPS (Deep Inspection firewall)4 Yes Yes Protocol anomaly detection Yes Yes Stateful protocol signatures Yes Yes IPS/Deep Inspection attack pattern obfuscation Yes Yes ICAP antivirus redirection Yes Yes Antispam Yes Yes Integrated URL filtering Yes Yes External URL filtering Yes Yes H.323 ALG Yes Yes SIP ALG Yes Yes MGCP ALG Yes Yes SCCP ALG Yes Yes Yes Yes GTP tunnels7 200,000 400,000 GTP packet inspection (IPS or IDP) Yes Yes Unified Threat Management/Content Security5 6 VoIP Security NAT for VoIP protocols GPRS Security 10 *As of November 2010, there are 6,633 signatures and anomalies with approximately 40 new signatures added every month. 5 Specifications (continued) ISG1000 ISG2000 Concurrent VPN tunnels8 2,000 10,000 Tunnel interfaces8 Up to 512 Up to 1,024 DES (56-bit), 3DES (168-bit) and AES (256-bit) Yes Yes IPsec VPN MD-5 and SHA-1 authentication Yes Yes Manual key, IKE, PKI (X.509), IKEv2 with EAP Yes Yes Perfect forward secrecy (DH Groups) 1, 2, 5 1, 2, 5 Prevent replay attack Yes Yes Remote access VPN Yes Yes L2TP within IPsec Yes Yes IPsec NAT traversal Yes Yes Redundant VPN gateways Yes Yes Built-in (internal) database - user limit8 50,000 50,000 Third-party user authentication RADIUS, RSA SecurID, and LDAP RADIUS, RSA SecureID, LDAP RADIUS accounting Yes – start/stop Yes – start/stop XAUTH VPN authentication Yes Yes User Authentication and Access Control Web-based authentication Yes Yes 802.1X authentication Yes Yes Unified access control enforcement point Yes Yes PKI Certificate requests (PKCS 7 and PKCS 10) Yes Yes Automated certificate enrollment (SCEP) Yes Yes Online Certificate Status Protocol (OCSP) Yes Yes Certificate Authorities supported VeriSign, Entrust, Microsoft, RSA Keon, iPlanet (Netscape) Baltimore, DoD PKI VeriSign, Entrust, Microsoft, RSA Keon, iPlanet (Netscape) Baltimore, DoD PKI Self-signed certificates Yes Yes Maximum number of virtual systems 0 default, upgradeable to 50 0 default, upgradeable to 250 Maximum number of security zones 28 default, upgradeable to 128 34 default, upgradeable to 534 Maximum number of virtual routers 3 default, upgradeable to 53 3 default, upgradeable to 253 Maximum number of VLANs 4,093 4,093 BGP instances 8 64 BGP peers 64 128 BGP routes 10,000 20,000 OSPF instances 8 8 OSPF routes 4,096 6,000 RIP v1/v2 instances Up to 12 instances supported Up to 50 instances supported PKI Support Virtualization 10 Routing 6 Specifications (continued) ISG1000 ISG2000 RIP v2 tablesize 10,000 20,000 Dynamic routing Yes Yes Static routes 10,000 20,000 Routing (continued) Source-based routing Yes Yes Policy-based routing Yes Yes ECMP Yes Yes Multicast Yes Yes Reverse path forwarding (RPF) Yes Yes IGMP (v1, v2) Yes Yes IGMP proxy Yes Yes PIM SM Yes Yes PIM SSM Yes Yes Multicast inside IPsec tunnel Yes Yes Dual stack IPv4/IPv6 firewall and VPN Yes Yes Syn-cookie and Syn-proxy DoS attack detection Yes Yes SIP, RTSP, Sun-RPC, and MS-RPC ALG’s Yes Yes IPv4 to/from IPv6 translations and encapsulations Yes Yes Virtualization (VSYS, security zones, VR, VLAN) Yes Yes RIPng Yes Yes BGP version 4 Yes Yes DHCPv6 Relay Yes Yes NSRP (Active/Passive and Active/Active) Yes Yes Transport Mode for IPv6 Yes Yes Layer 2 (transparent) mode7 Yes Yes Layer 3 (route and/or NAT) mode Yes Yes Network Address Translation (NAT) Yes Yes Port Address Translation (PAT) Yes Yes Policy-based NAT/PAT Yes Yes Mapped IP 4,096 8,192 Virtual IP (VIP) 8 8 MIP/VIP grouping Yes Yes Static Yes Yes DHCP, PPPoE client Yes, No No, No Internal DHCP server Yes No DHCP relay Yes Yes IPv6 Mode of Operation Address Translation 9 Address Translation 7 ISG1000 ISG2000 Maximum bandwidth Yes - per physical interface only Yes - per physical interface only Jumbo frames Yes Yes11 DiffServ marking Yes - per policy Yes - per policy Active/active - transparent & L3 mode Yes Yes Active/passive Yes Yes Configuration synchronization Yes Yes Session synchronization for firewall and VPN Yes Yes Session failover for routing change Yes Yes Device failure detection Yes Yes Link failure detection Yes Yes Authentication for new HA members Yes Yes Encryption of HA traffic Yes Yes WebUI (HTTP and HTTPS) Yes Yes Command line interface (console) Yes Yes Command line interface (telnet) Yes Yes Command line interface (SSH) Yes Yes Network and Security Manager Yes Yes All management via VPN tunnel on any interface Yes Yes Rapid deployment Yes Yes Local administrator database size 256 256 External administrator database support RADIUS, LDAP RADIUS, LDAP Restricted administrative networks Yes Yes Root Admin, Admin, and Read Only user levels Yes Yes Software upgrades Yes Yes Configuration rollback Yes Yes Syslog (multiple servers) Yes Yes Email (two addresses) Yes Yes NetIQ WebTrends Yes Yes SNMP (v2) Yes Yes SNMP full/custom MIB Yes Yes Traceroute Yes Yes VPN tunnel monitor Yes Yes Traffic Management Quality of Service (QoS) 11 High Availability (HA) System Management Administration Logging/Monitoring 8 ISG1000 ISG2000 Additional log storage Supports 1 GB or 2 GB industrial-grade SanDisk Supports 1 GB or 2 GB industrial-grade SanDisk Event logs and alarms Yes Yes System configuration script Yes Yes ScreenOS Software Yes Yes Dimensions (W x H x D) 17.5 x 5.25 x 17.3 in (44.5 x 13.3 x 43.9 cm) 17.5 x 5.25 x 23 in (44.5 x 13.3 x 58.4 cm) Weight 30 lb/14 kg 50 lb/23 kg Rack-mountable Yes, 3 RUs Yes, 3 RUs Power supply (AC) Single, field upgradeable Dual, redundant Power supply (DC) Single, field upgradeable Dual, redundant Maximum thermal output 444 BTU/hour (W) 537 BTU/hour (W) Safety certifications UL, CUL, CSA, CB UL, CUL, CSA, CB EMC certifications FCC class A, CE class A, C-Tick, VCCI class A FCC class A, CE class A, C-Tick, VCCI class A NEBS Yes Yes MTBF (Bellcore model) 7.6 years 7.6 years Common Criteria: EAL4 and EAL4+ Yes Yes FIPS 140-2: Level 2 Yes Yes ICSA firewall and VPN Yes Yes Operating temperature 32° to 122° F (0° to 50° C) 32° to 122° F (0° to 50° C) Nonoperating temperature - 4° to 158° F (-20° to 70° C) - 4° to 158° F (-20° to 70° C) Humidity 10% to 90% noncondensing 10% to 90% noncondensing External Flash Dimensions and Power Certifications Security Certifications Operating Environment 1 Performance, capacity, and features listed are based upon systems running ScreenOS 6.2 and are the measured maximums under ideal testing conditions unless otherwise noted. Actual results may vary based on ScreenOS release and by deployment. For a complete list of supported ScreenOS versions for ISG1000 and ISG2000 gateways, please visit the Juniper Customer Support Center (www.juniper.net/customers/support/). 2 Additional IDP license and hardware upgrade required. 3 Concurrent sessions listed are based upon maximums with current shipping ISG Series hardware. Older ISG Series units may need the optional memory upgrade to achieve maximum concurrent session capacity. Firewall/VPN concurrent sessions maximum for older ISG Series units without the optional memory upgrade are 250,000 for the ISG1000 and 500,000 for the ISG2000. Older ISG Series units with the optional IDP upgrades installed already have the maximum concurrent session capacity and do not require a memory upgrade. 4 IPS (Deep Inspection firewall) is automatically disabled when optionally integrated IDP is installed. 5Security features (IPS/Deep Inspection, antispam and Web filtering) are delivered by annual subscriptions purchased separately from Juniper Networks. Annual subscriptions provide signature updates and associated support. 6 Redirect Web filtering sends traffic to a secondary server and therefore entails purchasing a separate Web filtering license from either Websense or SurfControl. 7 NAT, PAT, policy-based NAT, virtual IP, mapped IP, virtual routers, VLANs, OSPF, BGP, RIPv2, active/active HA, and IP address assignment are not available in layer 2 transparent mode. 8 Shared among all virtual systems. 9 Not available with virtual systems. 10 Additional license required. 11 Requires 4-port mini GBIC modules - NS-ISG-SX4, NS-ISG-LX4 or NS-ISG-TX4. 9 Licensing Options The ISG1000 and ISG2000 are available with two licensing options to provide two different levels of functionality and capacity: • Advanced Models: the Advanced software license provides all of the features and capacities listed within this spec sheet. • Baseline Models: the Baseline software license provides an entry-level solution for customer environments where features such as Deep Inspection, OSPF and BGP dynamic routing, advanced High Availability, and full capacity are not critical requirements. The following table shows the features and capacities that differ between the Baseline and Advanced models: Baseline Advanced ISG1000 ISG2000 ISG1000 ISG2000 Sessions 125,000 256,000 500,000 1,000,000 Concurrent VPN tunnels 1,000 1,000 2,000 10,000 Deep Inspection firewall No No Yes Yes VLANs 50 100 4,093 4,093 OSPF/BGP No No Yes Yes High availability (HA) A/P A/P A/A A/A Integrated IDP No No Optional upgrade Optional upgrade GTP inspection No No Optional upgrade Optional upgrade Juniper Networks Services and Support Juniper Networks is the leader in performance-enabling services that are designed to accelerate, extend, and optimize your highperformance network. Our services allow you to maximize operational efficiency while reducing costs and minimizing risk, achieving a faster time to value for your network. Juniper Networks ensures operational excellence by optimizing the network to maintain required levels of performance, reliability, and availability. For more details, please visit www.juniper.net/us/en/products-services/. 10 Ordering Information Model Number Description ISG1000 Systems NS-ISG-1000 ISG1000 system (includes DC power supply, no I/O cards) NS-ISG-1000B ISG1000 baseline system (includes AC power supply, no I/O cards) NS-ISG-1000B-DC ISG1000 baseline system (includes DC power supply, no I/O cards) ISG2000 Systems NS-ISG-2000-DC NS-ISG-2000B NS-ISG-2000B-DC Description ISG1000 Software Options ISG1000 system (includes AC power supply, no I/O cards) NS-ISG-1000-DC NS-ISG-2000 Model Number ISG2000 system (includes AC power supplies, no I/O cards) ISG2000 system (includes DC power supplies, no I/O cards) ISG2000 baseline system (includes AC power supplies, no I/O cards) ISG2000 baseline system (includes DC power supplies, no I/O cards) NS-ISG-1000-VSYS-5 VSYS upgrade 0 to 5 NS-ISG-1000-VSYS-10 VSYS upgrade 5 to 10 NS-ISG-1000-VSYS-25 VSYS upgrade 10 to 25 NS-ISG-1000-VSYS-50 VSYS upgrade 25 to 50 NS-ISG-1000-GKT GPRS firewall/VPN license ISG2000 Software Options NS-ISG-2000-VSYS-5 VSYS upgrade 0 to 5 NS-ISG-2000-VSYS-25 VSYS upgrade 5 to 25 NS-ISG-2000-VSYS-50 VSYS upgrade 25 to 50 NS-ISG-2000-VSYS-100 VSYS upgrade 50 to 100 NS-ISG-2000-VSYS-250 VSYS upgrade 100 to 250 NS-ISG-2000-GKT GPRS firewall/VPN license ISG1000 and ISG2000 Spares NS-SYS-GBIC-MSX SX transceiver (mini-GBIC) NS-SYS-GBIC-MLX LX transceiver (mini-GBIC) NS-ISG-1000-PWR-AC ISG1000 AC power supply NS-ISG-1000-PWR-DC ISG1000 DC power supply NS-ISG-2000-PWR-AC2 ISG2000 AC power supply NS-ISG-2000-PWR-DC2 ISG2000 DC power supply NS-ISG-2000-Japan Japan power cord option NS-ISG-FAN Fan module NS-ISG-2000-RCK-01 Rack-mount kit (19 in, all mounting hardware) I/O Module - 1-port 10-Gigabit Ethernet - does NOT include transceiver NS-ISG-2000-RCK-02 Rack-mount kit (23 in, all mounting hardware) NS-SYS-GBIC-MXSR Transceiver - XFP 10GbE Short Range (SR) (300 m) NS-ISG-IPAN2 Blank interface panel NS-ISG-2000-PPAN2 ISG2000 blank power supply cover NS-SYS-GBIC-MXLR Transceiver - XFP 10GbE Long Range (LR) (10 km) NS-ISG-SX2 I/O Module - 2-port mini GBIC-SX NS-ISG-LX2 I/O Module - 2-port mini GBIC-LX NS-ISG-SX4 I/O Module - 4-port mini GBIC-SX NS-ISG-LX4 I/O Module - 4-port mini GBIC-LX NS-ISG-TX4 I/O Module - 4-port mini GBIC-TX NS-ISG-FE4 I/O Module - 4-port 10/100 Fast Ethernet NS-ISG-FE8 I/O Module - 8-port 10/100 Fast Ethernet NS-ISG-TX2 I/O Module - 2-port 10/100/1000 Gigabit Ethernet Integrated IDP Upgrades NS-ISG-SEC NS-ISG-1000-IKT NS-ISG-2000-IKT Security module for IDP on ISG1000 and ISG2000 systems IDP upgrade kit for ISG1000 system, including IDP license key, additional memory, and 5-device NSM IDP upgrade kit for ISG2000 system, including IDP license key, additional memory, and 5-device NSM ISG1000 and ISG2000 I/O Modules NS-ISG-1XG Note: The appropriate power cord is included based upon the sales order “Ship To” destination. E very virtual system includes 1 additional virtual router and 2 additional security zones, usable in the virtual or root system. 11 About Juniper Networks Juniper Networks is in the business of network innovation. From devices to data centers, from consumers to cloud providers, Juniper Networks delivers the software, silicon and systems that transform the experience and economics of networking. The company serves customers and partners worldwide. Additional information can be found at www.juniper.net. Corporate and Sales Headquarters APAC Headquarters EMEA Headquarters To purchase Juniper Networks solutions, Juniper Networks, Inc. Juniper Networks (Hong Kong) Juniper Networks Ireland please contact your Juniper Networks 1194 North Mathilda Avenue 26/F, Cityplaza One Airside Business Park Sunnyvale, CA 94089 USA 1111 King’s Road Swords, County Dublin, Ireland representative at 1-866-298-6428 or Phone: 888.JUNIPER (888.586.4737) Taikoo Shing, Hong Kong Phone: 35.31.8903.600 or 408.745.2000 Phone: 852.2332.3636 EMEA Sales: 00800.4586.4737 Fax: 408.745.2100 Fax: 852.2574.7803 Fax: 35.31.8903.601 www.juniper.net Copyright 2011 Juniper Networks, Inc. All rights reserved. Juniper Networks, the Juniper Networks logo, Junos, NetScreen, and ScreenOS are registered trademarks of Juniper Networks, Inc. in the United States and other countries. All other trademarks, service marks, registered marks, or registered service marks are the property of their respective owners. Juniper Networks assumes no responsibility for any inaccuracies in this document. Juniper Networks reserves the right to change, modify, transfer, or otherwise revise this publication without notice. 1100036-006-EN 12 July 2011 Printed on recycled paper authorized reseller.