• High Performance Security Systems designed with security components
  Custom designed, ASIC-based hardware platforms to deliver market-leading performance of up to 2 Gbps throughput, and up to 25,000 VPN tunnels
  
• Managed security domains
  Using NetScreen's unique Virtual Systems feature, up to 100 security domains can be provided for managed security services or enterprise partitioning
  
• High availability
  Solid-state design, redundant hot-swap power supplies and hot-swap fans deliver maximum uptime within each system. High availability software enables fail over to a redundant system with no loss of firewall sessions or VPN tunnels
  
• NetScreen’s NSRP (NetScreen Redundancy Protocol)
  NSRP provides   redundancy for stateful connections (Firewall and VPN); leaderless clustering; sub-second failover; full-mesh topology with redundant physical paths; and active-active network support.
• User-friendly
  Intuitive user interface, and integrated functionality without complex recurring licensing fees.  In addition,  for complex networks, NSRP adds the concept of state, ability to track session state, for  Stateful inspection firewalling in fault tolerant configurations.  
  

NetScreen Technologies offers a line of purpose-built, high-performance systems, integrating both stateful inspection firewall and VPN functionality with industry-leading performance. NetScreen's integrated security systems are resilient platforms, offering scalable solutions for large enterprises and service providers. All NetScreen security systems include support for Virtual Systems to secure multiple security domains.

Firewall
NetScreen's full-featured firewall uses technology based on stateful inspection, securing against intruders and denial-of-service attacks. NetScreen's custom-built GigaScreen ASIC processes the firewall access policies and encryption algorithms in hardware; providing significantly higher performance than software-only solutions.

• An ICSA-certified stateful inspection firewall
• Fully integrated solution with security-optimized hardware, operating system and firewall provides higher level of security than patched-together software-based solutions
  
• Robust attack prevention including SYN attack, ICMP flood, Port Scan, and others
  
• Network Address Translation (NAT), Port Address Translation (PAT)-which hide internal, non-routable IP addresses-as well as transparent mode
  
• Policy-based NAT allows inbound address translation
  

  Virtual Private Networking (VPN)
  Integrated into all NetScreen security systems is a full-featured VPN solution. They support site-to-site and remote access VPN applications.
  

• Comprehensive VPN support for both remote access and site-to-site VPN applications. Network designs can blend full mesh with hub-and-spoke topologies to simplify configuration and management of remote office VPNs, while delivering redundant, high performance links between major sites
  
• NetScreen-ScreenOS is ICSA- and VPNC- certified for IPSec interoperability
  
• 3DES and DES encryption, IKE with digital certificates (PKIX.509) or pre-shared secrets or manual key negotiation
  
• SHA-1 and MD5 strong authentication
  
• Policy-based NAT enables extranet & VPN Appliances
  

Virtual Systems
NetScreen's Virtual Systems allow the creation of multiple security domains, each with its own address book, policies, and management. Virtual systems are combined with 802.1q VLAN tags to extend the Security Domain throughout the switch network. The NetScreen-1000 or NetScreen-500 and the corresponding VLAN switch network can appear as a combined security system with up to 500 ports.

• Expand service offerings in the Internet data center to include managed VPN and firewall on shared hardware platform
  
• Segment the enterprise network for multiple DMZs or provide security between internal departments
  
• Map multiple VLANs to one Virtual System
  
• Separate WebUI, CLI, and administration access for each Virtual System

High Availability
NetScreen's security systems include critical high availability and redundancy features, including automated mirrored configurations, active session and VPN maintenance through a failure, and hot-swappable redundant power supplies, fans, and processing modules. Redundant, high availability (HA) topologies are implemented utilizing the NetScreen Redundancy Protocol, which delivers four main features:

• Configurations are mirrored between HA group members to ensure proper behavior in case of a failover
  
• All active sessions and VPN tunnels are maintained across the HA group
  
• The fail-over algorithm determines which system is the master system based on system health, link status with adjacent systems or path monitoring through adjacent systems to remote systems
  
• Failure detection and switching to the standby unit can be done in less than six seconds, independent of the number of active sessions and VPN tunnels

Extranet VPN solutions
NetScreen-ScreenOS enables extranet VPN solutions by allowing content hosting companies and enterprises to easily establish security perimeters for customers and trading partners. Content hosts can now use what is known as Policy-based NAT (network address translation) to accept and differentiate individual customer's traffic. This enables traffic to access one or more servers even though the customer's private network addresses may be used by another customer. This is accomplished by applying security policies that translate each customer's address into distinct addresses that are recognizable by the central NetScreen device.

Modularity
NetScreen systems are modular, allowing custom configuration and extra reliability. All systems offer redundant AC or DC power supplies as well as removable fan modules. The NetScreen-1000 also comes equipped with multiple processing boards for increased redundancy and performance. The NetScreen-500 offers two types of interface modules and four interface module bays to allow increased system configuration.

Comprehensive management
NetScreen's security systems include robust management support, allowing a network administrator to securely manage the devices.
Since VPN functionality is built in, all management can be encrypted for truly secure remote management.

• Menu-driven central site management* using NetScreen-Global Manager or NetScreen-Global PRO
  
• Browser-based management with the built in Web UI (HTTP and HTTPS)
  
• Command line interface (CLI) accessible via SSH, Telnet, and console port
  
• E-mail alerts, SNMP alarms
  
• Integrates with Syslog or WebTrends™ for external logging, monitoring, and analysis
  
• Provides up to 20 administrators with 3 levels of access: root admin, admin, and read-only
  

Click here to enlarge image

The NetScreen-1000 Gigabit Security System is an Internet security system for the most demanding enterprise and service provider environments. NetScreen integrates firewall and VPN security functionality with gigabit Ethernet throughput. By combining parallel processing with the hardware acceleration of NetScreen's GigaScreen ASIC, the fastest firewall and encryption acceleration engine available, the NetScreen-1000 delivers the highest performance needed for broadband data applications.

The NetScreen-1000's scalable architecture ensures that customers are able to meet escalating bandwidth requirements, ensuring years of continued protection.
The NetScreen-1000 can easily integrate into the most demanding environments.

The NetScreen-1000 architecture
The main components of the NetScreen-1000 are the Processor Modules, the Switch Module and the Auxiliary Module. These modules are linked together via a passive back plane in a 19-inch rack mountable chassis and powered by redundant power supplies with individual power feeds. Each Module performs dedicated functions; the Processor Modules, powered by a RISC processor and NetScreen's GigaScreen ASIC, performs the packet classification, policy lookup and firewall and VPN packet processing. A fully equipped system contains up to six processors, providing additional capacity.

The Switch Module provides a 6 Gbps data path to distribute the traffic across the multiple Processor Modules and also links to the gigabit Ethernet connection of the trusted and untrusted networks. The Auxiliary Module provides both management system interface and backup for the system.

The NetScreen-1000 includes the following hardware components:

• Chassis: 8 slots, 19-inch rack mountable
• Switch module: Provides data packet interfaces with two gigabit Ethernet ports: trusted and untrusted. It also provides a 6 Gbps switch fabric.
• Processor module: Session management, firewall security and VPN.
  
• Auxiliary module: Management interface contains a separate out-of-band management port, a console port and a high availability interface
  
• Power supplies: Redundant DC or AC power supplies
  
• Swappable fan module
  

  

Click here to enlarge image

 

The NetScreen-500 Security System integrates firewall, VPN, and traffic management functionality in a low-profile, modular chassis. Using NetScreen's GigaScreen ASIC, the NetScreen-500 is capable of up to 700 Mbps firewall throughput, 250 Mbps 3DES VPN throughput, and supports 10,000 IPSec tunnels and up to 250,000 concurrent sessions. up to 25 Virtual Systems and 100 VLANs.

Leveraging features from both the NetScreen-100 and NetScreen-1000, the NetScreen-500 is ideally suited for large enterprise environments with high bandwidth requirements, enterprise collocation facilities, and environments providing managed security services.

The NetScreen-500 architecture
The NetScreen-500 is a high performance, reliable, and highly redundant platform. To address performance, the NetScreen-500 is designed around the custom, purpose-built GigaScreen ASIC, which provides accelerated encryption and policy look-ups. In addition, there are two processing busses to separate management traffic from traffic passing through the system. This prevents high availability and other management traffic from impacting throughput performance.

To address reliability and redundancy concerns, the NetScreen-500 has minimal moving parts, and offers a hot-swappable fan module (made up of four fans), and redundant power supplies. In addition, the NetScreen-500 can be set up in a high-availability topology with a fail-over system that is fully synchronized with firewall sessions and VPN tunnel information.

Summary of hardware components:

• Four interface module bays supporting GBIC or dual-port 10/100 Fast Ethernet interface modules
  
• Two DB9 serial ports, 1 for console and 1 for an external analog modem
  
• One 10/100 out-of-band management port
  
• Two redundant 10/100 high availability ports
  
• Hot-swappable fan module
  
• Two redundant hot-swappable power supply trays accommodating AC or DC power
  
• LCD display for basic configuration and status alerts

All this, in a 2U, 19-inch rack mountable chassis.

Programmable LCD Eases Deployment:
The programmable LCD can be used to set basic system functionality, such as:

• Interface IP addresses, including the management interface
  
• Manageability options on those interfaces
  
• Alarm thresholds and status reports
  
• Can be disabled to prevent tampering with the device
  

Traffic management
Traffic management allows a network administrator to monitor, analyze, and allocate bandwidth utilized by various types of network traffic in real time; ensuring business-critical traffic is never compromised by lower priority activity.

• Manage based on IP Address, user, application, or time of day
  
• Set guaranteed bandwidth and maximum bandwidth
  
• Prioritize traffic to fit business needs

Content filtering
The NetScreen-500 can integrate with the Websense™ content filtering solution, to block inappropriate content and defer personal browsing to non-work hours.

 

Click here to view NetScreen System Features

 

Standards Supported

ARP, TCP/IP, UDP, ICMP, HTTP, RADIUS, IPSec (IPESP, IPAH), MD5, SHA-1, DES, 3DES, IKE, TFTP (client), SNMP, X 509v3, VLAN 802.1q

Certifications

NetScreen-1000:
Safety Certifications: CSA
EMI: FCC Part 15 class A, CE, VCCI, C-Tick, BSMI
NetScreen-500:
Safety Certifications: CSA
EMI: FCC Part 15 class A, CE, VCCI, C-Tick, BSMI

NetScreen-1000 Environment

Temperature: 0 to 55 C (32 to 131 F)
Relative Humidity: 10 to 90% non-condensing

NetScreen-500 Environment

Temperature: 0 to 50 C (32 to 122 F)
Relative Humidity: 10 to 90% non-condensing