All in One?
Juniper is touting the ISG 2000 as its first purpose-built platform to combine a firewall, VPN and intrusion prevention. Juniper's firewall devices have been playing VPN and firewall roles for years, but I've been waiting for a unit that includes some of NetScreen's acquisitions--such as the OneSecure IDP and the Neoteris SSL VPN platform. There's much industry buzz about inline network intrusion prevention, and Juniper is one of the few companies positioned to put the technology where it belongs: in access-control devices, such as firewalls.
Unfortunately, though the ISG is supposed to deliver this integrated platform, the modular blade for IDP isn't here yet, and Juniper wouldn't comment on its SSL VPN plans.
The ISG came with two eight-port 10/100 blades and four 1-Gbps fiber ports. Setting up the ISG was trivial. I used its serial console to supply basic configuration settings--IP address, default gateway and so on. Then I accessed the machine over its Web interface, from which I configured the system quickly and easily.
I ran basic firewall throughput tests using Spirent's WebAvalanche and WebReflector, generating about 1 GB of HTTP traffic between two of the fiber ports. Handling loads of 1,500 64-Kbps NAT'd new sessions per second, the ISG successfully completed the test runs with one caveat: It appeared to struggle during the initial ramping period. I can't give the ISG a full nod on performance until I test final code using a larger test set, but it appears that Juniper is taking steps in the right direction.