NetScreen's IDP integration enters new phase

NetScreen’s IDP integration enters new phase

NetScreen Technologies Inc has put more of its intrusion detection and prevention (IDP) technology into hardware, the latest phase of an 20-month-old strategy, with the release yesterday of the NetScreen ISG-2000 line of firewall appliances.

The ASIC that sits at the heart of NetScreen firewalls has been updated, and the overall hardware architecture has been revamped to give room for modules that will be able to accelerate IDP processing in hardware.

The devices have been designed to accommodate up to three modules, each of which can be devoted to a specific additional security function. In the second half of the year the first module, containing IDP functionality, will be released.

Buyers will be able to deploy whichever modules they feel they need. The could use all three modules as IDP processors, for example, giving a theoretical limit of 1.5Gbps of IDP throughput, the firm said.

The devices can conservatively handle 2Gbps of firewall throughput, 1Gbps of VPN throughput, 10,000 VPN tunnels, 500,000 sessions in total and 30,000 sessions per second, the company said.

The security modules are made up of two 1Ghz PowerPC processors, 2GB of DDR DRAM, and an FPGA that that runs the logic. The IDP modules will have an accelerator for speeding up parsing text-based protocols such as SMTP and HTTP.

The IDP modules will do pretty much the same thing as NetScreen IDP appliances. While they’re not available yet, the ISG-2000 does come with deep inspection, NetScreen’s name for a subset of the IDP functionality.

Deep inspection, which comprises attack signature and protocol anomaly detection, has been a part of the firewall itself since last October. It’s based on IDP, which NetScreen acquired when it bought OneSecure two years ago.

Building in more advanced inspection features in the firewall has been a project for NetScreen, and much of the firewall industry, since that acquisition. Old-style firewalls are seen as being ineffective against application-level attacks.

Just don’t call it a god-box, NetScreen senior director of product marketing Rod Murchison said. That term should be reserved for the type of lower-end boxes that have multiple discrete applications running on the same platform, he said.

The ISG-2000 will sit between NetScreen 500 and 5000 appliances, in the middle of the company’s enterprise line, and will sell for between $38,000 and $115,000. The architecture and the ISG brand have not yet been extended to other NetScreen models.

This article is based on material originally published by ComputerWire

Sign up for our weekly news round-up!

Sign up to the newsletter: In Brief

Sign up for our regular news round-up!

Sign up for our weekly news round-up!

Sign up to the newsletter: In Brief

I would also like to subscribe to:

Thank you for subscribing