DATASHEET

ISG Series
Integrated
Security Gateways

Product Overview Product Description

The Juniper Networks® ISG1000 and ISG2000 Integrated Security Gateways are fully
Juniper Networks ISG Series integrated firewall/VPN systems that offer multi-gigabit performance, modular
Integrated Security Gateways are architecture and rich virtualization capabilities. They are an ideal security solution for
ideally suited for securing enterprise, large enterprise, data center and service provider networks.
carrier, and data center environments The Juniper Networks ISG Series Integrated Security Gateways are firewall/VPN-based
where advanced applications, such as systems that deliver security features such as Intrusion Prevention System (IPS),
anti-spam, Web filtering, and Internet Content Adaptation Protocol (ICAP) antivirus
VoIP and streaming media, demand
redirection support. The advanced system is further expandable with optionally
consistent, scalable performance.
integrated Intrusion Detection and Prevention (IDP) or as a General Packet Radio Service
The Juniper Networks ISG1000 (GPRS) firewall/VPN for mobile network service provider environments.
and ISG2000 Integrated Security
The ISG Series modular architecture enables deployment with a wide variety of copper
Gateways are purpose-built security and fiber interface options. Highly flexible segmentation and isolation of traffic belonging
solutions that leverage a fourth- to different trust levels can be achieved using advanced features such as virtual systems,
generation security ASIC, along virtual LANs, and security zones. The ISG Series Integrated Security Gateways allow
with high-speed microprocessors multiple, separate firewall inspection or routing policies to simplify network design. This
enables the enforcement of security policies to traffic streams—even in highly complex
to deliver unmatched firewall and
environments—without significant impact on the network itself.
VPN performance. Integrating best-
The flexibility and efficiency offered by the ISG Series architecture provides state-of-
in-class firewall, VPN, and optional
the-art performance and best-in-class functionality as a firewall/VPN or integrated
Intrusion Detection and Prevention,
firewall/VPN/IDP solution with optional security modules. The ISG1000 supports up to
the ISG1000 and ISG2000 enable two security modules, while the ISG2000 can support up to three security modules. The
secure, reliable connectivity along security modules maintain their own dedicated processing and memory, and incorporate
with network-and application-level technology designed to accelerate IDP packet processing. This reduces the number of
protection for critical, high-traffic separate security devices and management applications, and simplifies deployment
effort and network complexity. The result? Higher cost savings.
network segments.
The ISG Series with IDP utilizes the same award-winning software found on Juniper
Networks IDP Series Intrusion Detection and Prevention Appliances. The IDP security
module supports multi-method detection, combining eight different detection
mechanisms—including stateful signatures and protocol anomaly detection. In addition
to helping businesses defend against security threats such as worms, trojans, malware,

1
spyware, and hackers, the ISG Series with IDP can provide GTP functionality in virtual systems. The ISG Series can be
information on rogue servers as well as types and versions of the deployed at the Gp interface connection between two Public Land
applications and operating systems that may have inadvertently Mobile Networks (PLMN), the Gn interface connection between
been added to the network. Application signatures go a step the SGSN and the GGSN support nodes, and the Gi interface
further by enabling administrators to maintain compliance and connection between the GGSN and the Internet.
enforce corporate business policies with accurate detection of In addition to countering sophisticated threats, denial of service
application traffic. (DoS) attacks, and malicious users, the ISG Series GPRS firewall/
The ISG1000 and ISG2000 can be deployed in a number of VPN can limit messages, throttle bandwidth-hungry applications
different configurations to protect both the perimeter and that consume uplink/downlink traffic, and perform 3GPP R6 IE
internal network resources. When deployed in a mobile removal to help retain interoperability in roaming between 2G
operator network, the ISG1000 and ISG2000 GPRS solutions and 3G networks.
are GPRS Tunneling Protocol (GTP) aware and fully support

Features and Benefits

Feature Feature Description Benefit

Purpose-built platform Dedicated, security-specific processing hardware Delivers the required performance to protect high-
and software platform. speed LAN environments.

Predictable performance ASIC-based architecture provides linear Ensures low latency in sensitive applications such
performance for all packet sizes at multi-gigabit as VoIP and streaming media.
speeds.

System and network resiliency Hardware component redundancy, multiple high Provides the reliability required for high-speed
availability options, and route-based VPNs. network deployments.

Best-in-class network security Embedded Web filtering, anti-spam, IPS, ICAP Additional security features backed by best-in-
features antivirus redirect, and optionally integrated IDP. class security partners such as Symantec and
SurfControl.

Interface flexibility Modular architecture enables deployment with a Simplifies network integration and helps to reduce
wide variety of copper and fiber interface options. the cost of future network upgrades.

Network segmentation Security zones, virtual LANs, and virtual routers Powerful capabilities facilitate deploying security
allow administrators to deploy security policies to for various internal, external, and DMZ subgroups
isolate guests and regional servers or databases. on the network to prevent unauthorized access.

Centralized management Centralized management of Juniper Networks Tight integration across multiple platforms
firewall and IDP products enabled through NSM. enables simple and intuitive network-wide
security management.

Robust routing engine Proven routing engine supports OSPF, BGP, and Enables the deployment of consolidated security
RIP v1/2, along with Frame Relay, Multilink Frame and routing device, thereby lowering operational
Relay, PPP, Multilink PPP, and HDLC. and capital expenditures.

Comprehensive threat protection Dedicated processing modules provide best-in- Unmatched performance ensures that the
class multigigabit firewall/VPN/IDP capability in a network is protected against all manner of attacks
single solution. in high-speed networks.

World-class professional From simple lab testing to major network Transforms the network infrastructure to ensure
services implementations, Juniper Networks Professional that it is secure, flexible, scalable, and reliable.
Services will collaborate with your team to identify
goals, define the deployment process, create or
validate the network design, and manage the
deployment.

2
Product Options
Option Option Description Applicable Products

Integrated anti-spam Blocks unwanted email from known spammers ISG1000 & ISG2000
and phishers, using an annually licensed anti-
spam offering based on Symantec technology.

Integrated IPS (Deep Inspection) Prevents application level attacks from flooding ISG1000 & ISG2000
the network using a combination of stateful
signatures and protocol anomaly detection
mechanisms. IPS is annually licensed.

Integrated Web filtering Blocks access to malicious Web sites using the ISG1000 & ISG2000
annually licensed Web filtering solution based on
SurfControl’s market-leading technology.

ICAP antivirus redirect ICAP antivirus content redirection allows the ISG1000 & ISG2000
implementation of a third-party/large-enterprise
antivirus solution at the perimeter.

Optionally integrated IDP Dedicated IDP security modules enable high- ISG1000 & ISG2000
speed packet inspection. Requires no network
changes to add full IDP functionality, helping to
protect against layer 4-7 attacks including zero-
day, worms, trojans, and spyware, etc. Additional
hardware and system upgrade required.

Application awareness/ Includes use of contexts, protocol information and ISG1000 & ISG2000
identification signatures to accurately identify applications on
any port. Optional IDP security module required.

GPRS firewall/VPN for mobile Support for GPRS networks to provide stateful ISG1000 & ISG2000
networks firewalling and filtering capabilities that mitigate
a wide variety of attacks on the Gp, Gn, and Gi
interfaces to protect key nodes within the mobile
operators’ network. Additional license required.

ISG1000 ISG2000

3
Specifications
ISG1000 ISG2000

Maximum Performance and Capacity 1

ScreenOS® version tested ScreenOS 6.2 ScreenOS 6.2

Firewall performance (large packets) 2 Gbps 4 Gbps

Firewall performance (small packets) 1 Gbps 2 Gbps

Firewall packets per second (64 byte) 1.5 M PPS 3 M PPS

AES256+SHA-1 VPN performance 1 Gbps 2 Gbps

3DES+SHA-1 VPN performance 1 Gbps 2 Gbps

Maximum concurrent sessions 3

500,000 1,000,000

New sessions/second 20,000 23,000

Maximum security policies 10,000 30,000

Maximum users supported Unrestricted Unrestricted

Network Connectivity
Fixed I/O 4 10/100/1000 ports 0

Interface expansion slots 2 4

LAN interface options Up to 8 mini-GBIC (SX, LX, or TX), up to 8 Up to 16 mini-GBIC (SX, LX, or TX), up to 8
10/100/1000, 10/100/1000,
up to 20 10/100, up to 2 10GE up to 28 10/100, up to 4 10GE

Firewall
Network attack detection Yes Yes

Denial of service (DoS) and distributed denial of Yes Yes

service (DDoS) protection

TCP reassembly for fragmented packet protection Yes Yes

Brute force attack mitigation Yes Yes

SYN cookie protection Yes Yes

Zone-based IP spoofing Yes Yes

Malformed packet protection Yes Yes

Integrated IPS (Optional Integrated IDP) 2, 10

Stateful protocol signatures Yes Yes

Attack detection mechanisms Stateful signatures, traffic anomaly detection, Stateful signatures, traffic anomaly detection,
protocol anomaly detection (zero-day coverage), protocol anomaly detection (zero-day coverage),
backdoor detection backdoor detection

Attack response mechanisms Drop connection, close connection, session Drop connection, close connection, session
packet log, session summary, email, custom packet log session summary, email, custom

Attack notification mechanisms Session packet log, session summary, email, Session packet log, session summary, email,
SNMP, system log, WebTrends SNMP, system log, WebTrends

Worm protection Yes Yes

Simplified installation through recommended policies Yes Yes

Trojan protection Yes Yes

Spyware/adware/keylogger protection Yes Yes

Other malware protection Yes Yes

Protection against attack proliferation from infected Yes Yes

systems

Reconnaissance protection Yes Yes

4
Specifications (continued)
ISG1000 ISG2000

Integrated IPS (Optional Integrated IDP) 2, 10

(continued)
Request and response side attack protection Yes Yes

Compound attacks – combines stateful signatures and Yes Yes

protocol anomalies

Create custom attack signatures Yes Yes

Access contexts for customization 500+ 500+

Attack editing (port range, etc.) Yes Yes

Stream signatures Yes Yes

Protocol thresholds Yes Yes

Stateful protocol signatures Yes Yes

Approximate number of attacks covered 5,500+* 5,500+*

Detailed threat descriptions and remediation/patch info Yes Yes

Enterprise security profiler Yes Yes

Create and enforce appropriate application-usage Yes Yes

policies

Attacker and target audit trail and reporting Yes Yes

Deployment modes In-line or in-line TAP In-line or in-line TAP

Frequency of updates Daily and emergency Daily and emergency

Unified Threat Management/Content Security5

Deep Inspection signature packs4 Yes Yes

IPS (Deep Inspection firewall) 4

Yes Yes

Protocol anomaly detection Yes Yes

Stateful protocol signatures Yes Yes

IPS/Deep Inspection attack pattern obfuscation Yes Yes

ICAP antivirus redirection Yes Yes

Anti-spam Yes Yes

Integrated URL filtering Yes Yes

External URL filtering 6

Yes Yes

VoIP Security
H.323 ALG Yes Yes

SIP ALG Yes Yes

MGCP ALG Yes Yes

SCCP ALG Yes Yes

NAT for VoIP protocols Yes Yes

GPRS Security 10

GTP tunnels7 200,000 400,000

GTP packet inspection (IPS or IDP) Yes Yes

*As of November 2008, there are 5,560 signatures with approximately 10 new signatures added every week.

5
Specifications (continued)
ISG1000 ISG2000

IPsec VPN
Concurrent VPN tunnels8 2,000 10,000

Tunnel interfaces8 Up to 512 Up to 1,024

DES (56-bit), 3DES (168-bit) and AES (256-bit) Yes Yes

MD-5 and SHA-1 authentication Yes Yes

Manual key, IKE, PKI (X.509), IKEv2 with EAP Yes Yes

Perfect forward secrecy (DH Groups) 1, 2, 5 1, 2, 5

Prevent replay attack Yes Yes

Remote access VPN Yes Yes

L2TP within IPsec Yes Yes

IPsec NAT traversal Yes Yes

Redundant VPN gateways Yes Yes

User Authentication and Access Control

Built-in (internal) database - user limit8 50,000 50,000

Third-party user authentication RADIUS, RSA SecurID, and LDAP RADIUS, RSA SecureID, LDAP

RADIUS accounting Yes – start/stop Yes – start/stop

XAUTH VPN authentication Yes Yes

Web-based authentication Yes Yes

802.1X authentication Yes Yes

Unified access control enforcement point Yes Yes

PKI Support
PKI Certificate requests (PKCS 7 and PKCS 10) Yes Yes

Automated certificate enrollment (SCEP) Yes Yes

Online Certificate Status Protocol (OCSP) Yes Yes

Certificate Authorities supported VeriSign, Entrust, Microsoft, RSA Keon, iPlanet VeriSign, Entrust, Microsoft, RSA Keon, iPlanet
(Netscape) Baltimore, DoD PKI (Netscape) Baltimore, DoD PKI

Self-signed certificates Yes Yes

Virtualization10
Maximum number of virtual systems 0 default, upgradeable to 50 0 default, upgradeable to 250

Maximum number of security zones 20 default, upgradeable to 120 26 default, upgradeable to 526

Maximum number of virtual routers 3 default, upgradeable to 53 3 default, upgradeable to 253

Maximum number of VLANs 4,094 4,094

Routing
BGP instances 8 64

BGP peers 128 128

BGP routes 10,000 20,000

OSPF instances 8 8

OSPF routes 4,096 6,000

RIP v1/v2 instances Up to 12 instances supported Up to 50 instances supported

6
Specifications (continued)
ISG1000 ISG2000

Routing (continued)
RIP v2 tablesize 10,000 20,000

Dynamic routing Yes Yes

Static routes 10,000 20,000

Source-based routing Yes Yes

Policy-based routing Yes Yes

ECMP Yes Yes

Multicast Yes Yes

Reverse path forwarding (RPF) Yes Yes

IGMP (v1, v2) Yes Yes

IGMP proxy Yes Yes

PIM SM Yes Yes

PIM SSM Yes Yes

Multicast inside IPsec tunnel Yes Yes

IPv6
Dual stack IPv4/IPv6 firewall and VPN Yes Yes

Syn-cookie and Syn-proxy DoS attack detection Yes Yes

SIP, RTSP, Sun-RPC, and MS-RPC ALG’s Yes Yes

IPv4 to/from IPv6 translations and encapsulations Yes Yes

Virtualization (VSYS, security zones, VR, VLAN) Yes Yes

RIPng Yes Yes

BGP version 4 Yes Yes

DHCPv6 Relay Yes Yes

NSRP (Active/Passive and Active/Active) Yes Yes

Transport Mode for IPv6 Yes Yes

Mode of Operation
Layer 2 (transparent) mode7 Yes Yes

Layer 3 (route and/or NAT) mode Yes Yes

Address Translation
Network Address Translation (NAT) Yes Yes

Port Address Translation (PAT) Yes Yes

Policy-based NAT/PAT Yes Yes

Mapped IP 4,096 8,192

Virtual IP (VIP) 9
8 8

MIP/VIP grouping Yes Yes

Address Translation
Static Yes Yes

DHCP, PPPoE client Yes, No No, No

Internal DHCP server Yes No

DHCP relay Yes Yes

7
Specifications (continued)
ISG1000 ISG2000

Traffic Management Quality of Service (QoS)

Maximum bandwidth Yes - per physical interface only Yes - per physical interface only

Jumbo frames Yes11

Yes11

DiffServ marking Yes - per policy Yes - per policy

High Availability (HA)

Active/active - transparent & L3 mode Yes Yes

Active/passive Yes Yes

Configuration synchronization Yes Yes

Session synchronization for firewall and VPN Yes Yes

Session failover for routing change Yes Yes

Device failure detection Yes Yes

Link failure detection Yes Yes

Authentication for new HA members Yes Yes

Encryption of HA traffic Yes Yes

System Management
WebUI (HTTP and HTTPS) Yes Yes

Command line interface (console) Yes Yes

Command line interface (telnet) Yes Yes

Command line interface (SSH) Yes Yes

Network and Security Manager Yes Yes

All management via VPN tunnel on any interface Yes Yes

Rapid deployment Yes Yes

Administration
Local administrator database size 256 256

External administrator database support RADIUS, LDAP RADIUS, LDAP

Restricted administrative networks Yes Yes

Root Admin, Admin, and Read Only user levels Yes Yes

Software upgrades Yes Yes

Configuration rollback Yes Yes

Logging/Monitoring
Syslog (multiple servers) Yes Yes

Email (two addresses) Yes Yes

NetIQ WebTrends Yes Yes

SNMP (v2) Yes Yes

SNMP full/custom MIB Yes Yes

Traceroute Yes Yes

VPN tunnel monitor Yes Yes

8
Specifications (continued)
ISG1000 ISG2000

External Flash
Additional log storage Supports 1 GB or 2 GB industrial-grade SanDisk Supports 1 GB or 2 GB industrial-grade SanDisk

Event logs and alarms Yes Yes

System configuration script Yes Yes

ScreenOS Software Yes Yes

Dimensions and Power

Dimensions (W x H x D) 17.5 x 5.25 x 17.3 in 17.5 x 5.25 x 23 in
(44.5 x 13.3 x 43.9 cm) (44.5 x 13.3 x 58.4 cm)

Weight 30 lb/14 kg 50 lb/23 kg

Rack-mountable Yes, 3 U’s Yes, 3 U’s

Power supply (AC) Single, field upgradeable Dual, redundant

Power supply (DC) Single, field upgradeable Dual, redundant

Maximum thermal output 444 BTU/hour (W) 537 BTU/hour (W)

Certifications
Safety certifications UL, CUL, CSA, CB UL, CUL, CSA, CB

EMC certifications FCC class A, CE class A, C-Tick, VCCI class A FCC class A, CE class A, C-Tick, VCCI class A

NEBS Yes Yes

MTBF (Bellcore model) 7.6 years 7.6 years

Security Certifications
Common Criteria: EAL4 and EAL4+ Yes Yes

FIPS 140-2: Level 2 Yes Yes

ICSA firewall and VPN Yes Yes

Operating Environment
Operating temperature 32° to 122° F (0° to 50° C) 32° to 122° F (0° to 50° C)

Non-operating temperature - 4° to 158° F (-20° to 70° C) - 4° to 158° F (-20° to 70° C)

Humidity 10% to 90% noncondensing 10% to 90% noncondensing

1 Performance, capacity, and features listed are based upon systems running ScreenOS 6.2 and are the measured maximums under ideal testing conditions unless otherwise noted. Actual results may
vary based on ScreenOS release and by deployment. For a complete list of supported ScreenOS versions for ISG1000 and ISG2000 gateways, please visit the Juniper Customer Support Center
(http://www.juniper.net/customers/support/).
2 Additional IDP license and hardware upgrade required.
3 Concurrent sessions listed are based upon maximums with current shipping ISG Series hardware. Older ISG Series units may need the optional memory upgrade to achieve maximum concurrent
session capacity. Firewall/VPN concurrent sessions maximum for older ISG Series units without the optional memory upgrade are 250,000 for the ISG1000 and 500,000 for the ISG2000. Older ISG
Series units with the optional IDP upgrades installed already have the maximum concurrent session capacity and do not require a memory upgrade.
4 IPS (Deep Inspection firewall) is automatically disabled when optionally integrated IDP is installed.
5 Security features (IPS/Deep Inspection, anti-spam and Web filtering) are delivered by annual subscriptions purchased separately from Juniper Networks. Annual subscriptions provide signature
updates and associated support.
6 Redirect Web filtering sends traffic to a secondary server and therefore entails purchasing a separate Web filtering license from either Websense or SurfControl.
7 NAT, PAT, policy-based NAT, virtual IP, mapped IP, virtual systems, virtual routers, VLANs, OSPF, BGP, RIPv2, active/active HA, and IP address assignment are not available in layer 2 transparent
mode.
8 Shared among all virtual systems.
9 Not available with virtual systems.
10 Additional license required.
11 Requires 4-port mini GBIC modules - NS-ISG-SX4, NS-ISG-LX4 or NS-ISG-TX4.

9
Licensing Options
The ISG1000 and ISG2000 are available with two licensing options to provide two different levels of functionality and capacity:
• Advanced Models: the Advanced software license provides all of the features and capacities listed within this spec sheet.
• Baseline Models: the Baseline software license provides an entry-level solution for customer environments where features such as
Deep Inspection, OSPF and BGP dynamic routing, advanced High Availability, and full capacity are not critical requirements.
The following table shows the features and capacities that differ between the Baseline and Advanced models:

Baseline Advanced
ISG1000 ISG2000 ISG1000 ISG2000
Sessions 125,000 256,000 500,000 1,000,000

Concurrent VPN tunnels 1,000 1,000 2,000 10,000

Deep Inspection firewall No No Yes Yes

VLANs 50 100 4,094 4,094

OSPF/BGP No No Yes Yes

High availability (HA) A/P A/P A/A A/A

Integrated IDP No No Optional upgrade Optional upgrade

GTP inspection No No Optional upgrade Optional upgrade

Performance-Enabling Services and Support

Juniper Networks is the leader in performance-enabling services and support, which are designed to accelerate, extend, and optimize
your high-performance network. Our services allow you to bring revenue-generating capabilities online faster so you can realize bigger
productivity gains, faster rollouts of new business models and ventures, and greater market reach, while generating higher levels of
customer satisfaction. At the same time, Juniper Networks ensures operational excellence by optimizing your network to maintain
required levels of performance, reliability, and availability. For more details, please visit www.juniper.net/products-services.

10
Ordering Information
Model Number Description Model Number Description
ISG1000 Systems ISG1000 Software Options
NS-ISG-1000 NS-ISG-1000 system (includes AC power supply, NS-ISG-1000-VSYS-5 VSYS upgrade 0 to 5
no I/O cards)
NS-ISG-1000-VSYS-10 VSYS upgrade 5 to 10
NS-ISG-1000-DC NS-ISG-1000 system (includes DC power supply,
NS-ISG-1000-VSYS-25 VSYS upgrade 10 to 25
no I/O cards)
NS-ISG-1000-VSYS-50 VSYS upgrade 25 to 50
NS-ISG-1000B NS-ISG-1000 baseline system (includes AC
power supply, no I/O cards) NS-ISG-1000-GKT GPRS firewall/VPN license
NS-ISG-1000B-DC NS-ISG-1000 baseline system (includes DC ISG2000 Software Options
power supply, no I/O cards)
NS-ISG-2000-VSYS-5 VSYS upgrade 0 to 5
ISG2000 Systems
NS-ISG-2000-VSYS-25 VSYS upgrade 5 to 25
NS-ISG-2000 NS-ISG-2000 system (includes AC power
NS-ISG-2000-VSYS-50 VSYS upgrade 25 to 50
supplies, no I/O cards)
NS-ISG-2000-VSYS-100 VSYS upgrade 50 to 100
NS-ISG-2000-DC NS-ISG-2000 system (includes DC power
supplies, no I/O cards) NS-ISG-2000-VSYS-250 VSYS upgrade 100 to 250
NS-ISG-2000B NS-ISG-2000 baseline system (includes AC NS-ISG-2000-GKT GPRS firewall/VPN license
power supplies, no I/O cards)
ISG1000 and ISG2000 Spares
NS-ISG-2000B-DC NS-ISG-2000 baseline system (includes DC
power supplies, no I/O cards) NS-SYS-GBIC-MSX SX transceiver (mini-GBIC)

Integrated IDP Upgrades NS-SYS-GBIC-MLX LX transceiver (mini-GBIC)

NS-ISG-SEC Security module for IDP on ISG1000 and NS-ISG-1000-PWR-AC ISG1000 AC power supply
ISG2000 systems NS-ISG-1000-PWR-DC ISG1000 DC power supply
NS-ISG-1000-IKT IDP upgrade kit for ISG1000 system, including NS-ISG-2000-PWR-AC2 ISG2000 AC power supply
IDP license key, additional memory, and
5-device NSM NS-ISG-2000-PWR-DC2 ISG2000 DC power supply

NS-ISG-2000-IKT IDP upgrade kit for ISG2000 system, including NS-ISG-2000-Japan Japan power cord option
IDP license key, additional memory, and NS-ISG-FAN Fan module
5-device NSM
NS-ISG-2000-RCK-01 Rack-mount kit (19 in, all mounting hardware)
ISG1000 and ISG2000 I/O Modules NS-ISG-2000-RCK-02 Rack-mount kit (23 in, all mounting hardware)
NS-ISG-1XG I/O Module - 1-port 10-Gigabit Ethernet - does
NS-ISG-IPAN2 Blank interface panel
NOT include transceiver
NS-ISG-2000-PPAN2 ISG2000 blank power-supply cover
NS-SYS-GBIC-MXSR Transceiver - XFP 10 GigE Short Range (SR)
(300 m) Note: The appropriate power cord is included based upon the sales order “Ship To” destination.
NS-SYS-GBIC-MXLR Transceiver - XFP 10 GigE Long Range (LR) Note: Every virtual system includes 1 additional virtual router and 2 additional security zones,
(10 km) usable in the virtual or root system.

NS-ISG-SX2 I/O Module - 2-port mini GBIC-SX

NS-ISG-LX2 I/O Module - 2-port mini GBIC-LX
NS-ISG-SX4 I/O Module - 4-port mini GBIC-SX
NS-ISG-LX4 I/O Module - 4-port mini GBIC-LX
NS-ISG-TX4 I/O Module - 4-port mini GBIC-TX
NS-ISG-FE4 I/O Module - 4-port 10/100 Fast Ethernet
NS-ISG-FE8 I/O Module - 8-port 10/100 Fast Ethernet
NS-ISG-TX2 I/O Module - 2-port 10/100/1000 Gigabit
Ethernet

11
About Juniper Networks
Juniper Networks, Inc. is the leader in high-performance
networking. Juniper offers a high-performance network
infrastructure that creates a responsive and trusted environment
for accelerating the deployment of services and applications
over a single network. This fuels high-performance businesses.
Additional information can be found at www.juniper.net.

Corporate And Sales Headquarters APAC Headquarters EMEA Headquarters Copyright 2009 Juniper Networks, Inc. All rights
reserved. Juniper Networks, the Juniper Networks
Juniper Networks, Inc. Juniper Networks (Hong Kong) Juniper Networks Ireland
logo, JUNOS, NetScreen, and ScreenOS are
1194 North Mathilda Avenue 26/F, Cityplaza One Airside Business Park registered trademarks of Juniper Networks, Inc.
Sunnyvale, CA 94089 USA 1111 King’s Road Swords, County Dublin, Ireland in the United States and other countries. JUNOSe
Phone: 888.JUNIPER (888.586.4737) Taikoo Shing, Hong Kong Phone: 35.31.8903.600 is a trademark of Juniper Networks, Inc. All other
trademarks, service marks, registered marks, or
or 408.745.2000 Phone: 852.2332.3636 Fax: 35.31.8903.601
registered service marks are the property of their
Fax: 408.745.2100 Fax: 852.2574.7803 respective owners. Juniper Networks assumes
no responsibility for any inaccuracies in this
document. Juniper Networks reserves the right to
To purchase Juniper Networks solutions, please change, modify, transfer, or otherwise revise this
contact your Juniper Networks representative publication without notice.
at 1-866-298-6428 or authorized reseller.

1100036-002-EN Mar 2009 Printed on recycled paper.

12