View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
April 12, 2004

NetScreen’s IDP integration enters new phase

NetScreen Technologies Inc has put more of its intrusion detection and prevention (IDP) technology into hardware, the latest phase of an 20-month-old strategy, with the release yesterday of the NetScreen ISG-2000 line of firewall appliances.

By CBR Staff Writer

The ASIC that sits at the heart of NetScreen firewalls has been updated, and the overall hardware architecture has been revamped to give room for modules that will be able to accelerate IDP processing in hardware.

The devices have been designed to accommodate up to three modules, each of which can be devoted to a specific additional security function. In the second half of the year the first module, containing IDP functionality, will be released.

Buyers will be able to deploy whichever modules they feel they need. The could use all three modules as IDP processors, for example, giving a theoretical limit of 1.5Gbps of IDP throughput, the firm said.

The devices can conservatively handle 2Gbps of firewall throughput, 1Gbps of VPN throughput, 10,000 VPN tunnels, 500,000 sessions in total and 30,000 sessions per second, the company said.

The security modules are made up of two 1Ghz PowerPC processors, 2GB of DDR DRAM, and an FPGA that that runs the logic. The IDP modules will have an accelerator for speeding up parsing text-based protocols such as SMTP and HTTP.

The IDP modules will do pretty much the same thing as NetScreen IDP appliances. While they’re not available yet, the ISG-2000 does come with deep inspection, NetScreen’s name for a subset of the IDP functionality.

Deep inspection, which comprises attack signature and protocol anomaly detection, has been a part of the firewall itself since last October. It’s based on IDP, which NetScreen acquired when it bought OneSecure two years ago.

Content from our partners
Rethinking cloud: challenging assumptions, learning lessons
DTX Manchester welcomes leading tech talent from across the region and beyond
The hidden complexities of deploying AI in your business

Building in more advanced inspection features in the firewall has been a project for NetScreen, and much of the firewall industry, since that acquisition. Old-style firewalls are seen as being ineffective against application-level attacks.

Just don’t call it a god-box, NetScreen senior director of product marketing Rod Murchison said. That term should be reserved for the type of lower-end boxes that have multiple discrete applications running on the same platform, he said.

The ISG-2000 will sit between NetScreen 500 and 5000 appliances, in the middle of the company’s enterprise line, and will sell for between $38,000 and $115,000. The architecture and the ISG brand have not yet been extended to other NetScreen models.

This article is based on material originally published by ComputerWire

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.