Juniper IDP8200 firewall (hardware)
Contents
1. JUNIP EL NETWORKS Product Overview With the growing number of applications allowed in from the Internet and the increased exposure to sophisticated network attacks it s ever more important for companies to safeguard their networks Evasive methods of delivering exploits continue to increase and the problem is further compounded by the growing number of application and OS vulnerabilities as well as the increasing speed with which new attacks are created to exploit these vulnerabilities Juniper Networks IDP Series Intrusion Detection and Prevention Appliances offer the latest capabilities in in line network intrusion prevention system IPS functionality to manage the use of unwanted applications and protect the network from a wide range of attacks delivered by those allowed applications IDP Series appliances deliver comprehensive threat coverage and industry leading response time for maximum protection of network resources DATASHEET IDP SERIES INTRUSIO DETECTION AND PREVENTION APPLIANCE iD a74 D 224s 0D 211010 B 2157100 Product Description Juniper Networks IDP Series Intrusion Detection and Prevention Appliances provide comprehensive management of unwanted applications and easy to use in line protection that stops network and application level attacks before they inflict any damage minimizing the time and costs associated with maintaining a secure network Using industry recognized stateful detecti2. L NUMBER DESCRIPTION IDP Series Appliances DP800 DP 1O0GE 2SR BYP DP 10GE 2XFP DP 1GE 4COP BYP DP 1GE 4SFP DP 1GE 4SX BYP UNIV SFP COP UNIV SFP FLX UNIV SFP FSX UNIV SFP FSR UNIV SFP FLR Management NS SM S BSE NS SM ADD 50D NS SM ADD 100D DP75 Intrusion Detection and Prevention Appliance DP250 Intrusion Detection and Prevention Appliance DP800 Intrusion Detection and Prevention Appliance DP8200 Intrusion Detection and Prevention Appliance DP 2 port IOGbE with bypass SR For IDP8200 only DP 2 port IOGbE SR LR For IDP8200 only DP 4 port copper with bypass DP 4 port SFP non bypass DP 4 port fiber with bypass SX DP copper SFP DP fiber SFP LX DP fiber SFP SX XFP short range fiber transceiver XFP long range fiber transceiver Network and Security Manager software with 25 Device License Additional 50 Device License Additional 100 Device License Additional NSM license options available MODEL NUMBER DESCRIPTION Accessories UNIV 74G HDD UNIV PS 710W DC UNIV PS 400W AC UNIV PS 700W AC UNIV PS 300W AC IDP FLASH IDP FLASH 8200 UNIV MR2U FAN UNIV HE2U FAN UNIV HE2U RAILKIT UNIV MR2U RAILKIT UNIV MRIU RAILKIT Replacement HDD for IDP800 and IDP8200 DC power supply for IDP800 and IDP8200 AC power supply for IDP800 AC power supply for IDP8200 AC power supply for IDP250 Installation media for IDP75 IDP250 IDP800 Installation media for IDP8200 Replacement fan for IDP800
3. Replacement fan for IDP8200 Rack mounting kit for IDP8200 includes rails Rack mounting kit for IDP800 includes rails Rack mounting kit for IDP250 and IDP75 includes rails 5 Device License included with every IDP Series appliance About Juniper Networks Juniper Networks Inc is the leader in high performance networking Juniper offers a high performance network infrastructure that creates a responsive and trusted environment for accelerating the deployment of services and applications over a single network This fuels high performance businesses Additional information can be found at www juniper net APAC Headquarters Juniper Networks Hong Kong 26 F Cityplaza One T11 King s Road Taikoo Shing Hong Kong Phone 852 2332 3636 Fax 852 2574 7803 Corporate and Sales Headquarters Juniper Networks Inc 1194 North Mathilda Avenue Sunnyvale CA 94089 USA Phone 888 JUNIPER 888 586 4737 or 408 745 2000 Fax 408 745 2100 www juniper net EMEA Headquarters Juniper Networks Ireland Airside Business Park Swords County Dublin Ireland Phone 35 31 8903 600 EMEA Sales 00800 4586 4737 Fax 35 31 8903 601 Copyright 2009 Juniper Networks Inc All rights reserved Juniper Networks the Juniper Networks logo Junos NetScreen and ScreenOS are registered trademarks of Juniper Networks Inc in the United States and other countries All other trademarks service marks registered marks or registered service mark
4. Storage temperature Relative humidity operating Relative humidity storage Altitude operating Altitude storage 41 to 104 F 5 to 40 C 40 to 158 F 40 to 70 C 8 to 90 noncondensing 5 to 95 noncondensing 10 000 ft 3 048 m 40 000 ft 41 to 104 F 5 to 40 C 40 to 158 F 40 to 70 C 8 to 90 noncondensing 5 to 95 noncondensing 10 000 ft 3 048 m 40 000 ft 41 to 104 F 5 to 40 C 40 to 158 F 40 to 70 C 8 to 90 noncondensing 5 to 95 noncondensing 10 000 ft 3 048 m 40 000 ft 41 to 1049 F 5 to 40 C 40 to 158 F 40 to 70 C 8 to 90 noncondensing 5 to 95 noncondensing 10 000 ft 3 048 m 40 000 ft 12 192 m Juniper Networks Services and Support 12 192 m 12 192 m 12 192 m Juniper Networks is the leader in performance enabling services and support which are designed to accelerate extend and optimize your high performance network Our services allow you to bring revenue generating capabilities online faster so you can realize bigger productivity gains and faster rollouts of new business models and ventures At the same time Juniper Networks ensures operational excellence by optimizing your network to maintain required levels of performance reliability and availability For more details please visit www juniper net us en products services Ordering Information MODE
5. aintenance are simplified while ensuring the highest network security Traffic Detection Methods The IDP Series offers a combination of eight different detection methods to accurately identify the traffic flowing through the network By providing the highest flexibility the various detection methods also minimize false positives FEATURE FEATURE DESCRIPTION BENEFIT Stateful signature detection Protocol anomaly detection Backdoor detection Traffic anomaly detection IP spoofing detection Denial of service DoS detection Layer 2 detection Network honeypot Granular Traffic Control Signatures are applied only to relevant portions of the network traffic determined by the appropriate protocol context Protocol usage against published RFCs is verified to detect any violations or abuse Heuristic based anomalous traffic patterns and packet analysis detect trojans and rootkits Heuristic rules detect unexpected traffic patterns that may suggest reconnaissance or attacks The validity of allowed addresses inside and outside the network is checked SYN cookie based protection from SYN flood attacks is provided Layer 2 attacks are detected using implied rules for Address Resolution Protocol ARP table restrictions fragment handling connection timeouts and byte length thresholds for packets Open ports are impersonated with fake resources to track reconnaissance activities Minimize false positives Proactiv
6. ccess Control infrastructure to enforce application and security policies based on user role information learned from the IC Series Unified Access Control Appliances The IC Series interacts with companies Active Directory AD or LDAP servers to assign users to roles and provides host information upon which the IDP Series can act This extends the application policy enforcement APE and IPS rules for management of applications and more control over threats Juniper Networks IDP8200 Intrusion Detection and Prevention Appliance offers market leading performance with 10 Gbps of real world throughput suited for large enterprises and service providers The large throughput also enables the deployment of IPS appliances at the network core in addition to the network perimeter to secure and enforce QoS within the corporate network The built in bypass features as well as separation of control and data plane make the IDP8200 an ideal solution for networks requiring the highest throughput and reliability Juniper Networks IDP250 and IDP800 Intrusion Detection and Prevention Appliances offer market leading IPS capabilities for mid size and large enterprises as well as service providers Supporting various high availability HA options the IDP250 and IDP800 offer continual security coverage for enterprise and service provider networks Features and Benefits IDP Series Capabilities The Juniper Networks IDP75 Intrusion Detection and Prevention Appl
7. ely protect network from undiscovered vulnerabilities Prevent proliferation of malware in case other security measures have been compromised Proactively prevent reconnaissance activities or block distributed denial of service DDoS attacks Permit only authentic traffic while blocking disguised source Protect your key network assets from being overwhelmed with SYN floods Prevent compromised host from polluting an internal network using methods such as ARP cache poisoning Gain insight into real world network threats and proactively defend your network before a critical asset can be attacked To support a wide range of business requirements the IDP Series offers granular visibility and control over the flow of traffic in the network Customers can interact with the IDP Series appliances using an application focus threat prevention focus or both by utilizing the application enforcement policy rules and IPS policy rules respectively FEATURE FEATURE DESCRIPTION BENEFIT Application policy enforcement Active traffic responses Application rate limiting QoS DiffServ marking Passive traffic responses Recommended actions IPAction VLAN aware rules MPLS traffic inspection A rule base is dedicated to managing Unwanted applications using any number of actions Various response methods are supported including drop packet drop connection close client close server and close client server This defines the am
8. entralized management of IDP Series appliances and firewall products is enabled through Network and Security Manager NSM has tight integration across multiple platforms that enables simple and intuitive network wide security management FEATURE FEATURE DESCRIPTION BENEFIT Role based administration More than 100 different activities can be assigned as Streamline business operations by logically separating unique permissions for different administrators and enforcing roles of various administrators Scheduled security update Automatically update IDP Series appliances with new Up to the minute security coverage is provided attack objects signatures without manual intervention Domains Enable logical separation of devices policies reports Conform to business operations by grouping of devices and other management activities based on business practices Object locking Enable safe concurrent modification to the Avoid incorrect configuration due to overwritten management settings management settings Scheduled database backup Automatic backup of NSM database is provided Provide configuration redundancy Job manager View pending and completed jobs Simplify update of multiple tasks and IDP Series appliances Logging Reporting and Notification The combination of IDP Series appliances and NSM offers extensive logging and reporting capabilities FEATURE FEATURE DESCRIPTION BENEFIT IDP reporter Preconfigured real time reporting capability is Pr
9. iance brings full IPS capabilities to small and mid size businesses as well as remote offices The built in bypass functionality also provides a cost effective method of ensuring continuous network availability By offering the entire suite of IPS and high resiliency capabilities businesses need not compromise on security when deploying cost effective IPS products IDP Series Intrusion Detection and Prevention Appliances are managed by Juniper Networks Network and Security Manager a centralized rule based management solution offering granular control over the system s behavior NSM also provides easy access to extensive logging fully customizable reporting and management of all Juniper Networks firewall VPN IDP Series appliances from a single user interface With the combination of highest security coverage granular network control and visibility and centralized management the IDP Series is the best solution to keep critical information assets safe Juniper Networks IDP Series Intrusion Detection and Prevention Appliances offer several unique features that assure the highest level of network security FEATURE FEATURE DESCRIPTION BENEFIT Application awareness identification This includes use context protocol information and signatures to identify applications on any port Enable rules and policies based on application traffic rather than ports protect or police standard applications on non standard ports Protocol decode
10. nt max 400 W Optional 36 75 VDC 24 11A Hot swappable dual Redundant 710 W max 108 000 hrs 4GB 2 x 74 GB Redundant RAID 17x 3 4 x19 in 43 2 x 8 6 x 48 3 cm 41 lb 100 240 VAC 50 60 Hz 10 0 4 0 A Hot swappable dual redundant max 700 W Optional 36 75 VDC 24 11A Hot swappable dual redundant 710 W max 73 000 hrs 16 GB 2 x 74 GB Redundant RAID l array array Fixed I O Modular I O slots Modular I O cards Management High Availability HA Two RJ 45 Ethernet 10 100 1000 with bypass ie N A One RJ 45 Ethernet 10 100 1000 N A Eight RJ 45 Ethernet 10 100 1000 with bypass o N A One RJ 45 Ethernet 10 100 1000 One RJ 45 Ethernet 10 100 1000 Two RJ 45 Ethernet 10 100 1000 with bypass 2 4 port Gigabit Ethernet copper with bypass 4 port Gigabit Ethernet fiber SFP 4 port Gigabit Ethernet SX bypass One RJ 45 Ethernet 10 100 1000 One RJ 45 Ethernet 10 100 1000 4 port Gigabit Ethernet copper with bypass 4 port Gigabit Ethernet fiber SFP 4 port Gigabit Ethernet SX byPass 2 port 10 Gigabit Ethernet w o bypass 2 port 10 Gigabit Ethernet SR bypass One RJ 45 Ethernet 10 100 1000 One RJ 45 Ethernet 10 100 1000 Performance Max session Throughput 100 000 150 Mbps 300 000 300 Mbps 1 Million 1 Gbps 5 Million 10 Gbps Redundant power DC RAID Built in bypass Environment Operating temperature
11. on and prevention techniques the IDP Series provides zero day protection against worms trojans spyware key loggers and other malware from penetrating the network or spreading from already infected users IDP Series Intrusion Detection and Prevention Appliances not only help protect networks against attacks they provide information on rogue servers as well as types and versions of applications and operating systems that may have unknowingly been added to the network Application signatures available on the IDP Series go a step further by enabling accurate detection and reporting of volume used by applications such as social networking peer to peer or instant messaging Armed with the knowledge of specific applications running in the network administrators can use application policy enforcement rules to easily manage these applications by limiting bandwidth restricting their use or prioritizing them lower with DiffServ marking Not only can administrators control the access of specific applications they can ensure that business critical applications receive a predictable quality of service QoS while enforcing security policies to maintain compliance with corporate application usage policies Collaborative projects are commonplace in today s workplace Making sure that security policies are easily enforced requires knowledge of how those collaborative user groups are formed The IDP Series works in harmony with Juniper Networks Unified A
12. ount of bandwidth allowed for an individual or group of applications by direction client to server and server to client Packets are marked using DiffServ code point DSCP Several passive responses such as logging and TCP reset are supported Juniper Networks Security Team provides recommendations on appropriate action for each attack object Disable access at granular level is provided ranging from specific host down to particular traffic flow for configurable duration of time Unique policies are applied to different VLANs Network traffic encapsulated in MPLS labels is inspected Easily mange the applications allowed into the network while maintaining threats at bay Provide appropriate level of response to attacks Preserve network resources by controlling the amount of bandwidth consumed by applications allowed into the network Optimize network and ensure necessary bandwidth for business critical applications Gain visibility into current threats on the network with the ability to preempt possible attacks Ease of maintenance is provided Administrators no longer need to research or be aware of appropriate response to each and every threat Thwart attempts to launch DDoS attacks detected through traffic anomaly DoS detection or network honeypot Apply unique policies based on department customer and compliance requirements The number of IDP Series sensors is reduced Centralized Management C
13. ovides detailed real time reports from each IDP available in each IDP Series appliance Series appliance installed in the network without taxing the central IT organization Profiler Captures accurate and granular detail of the traffic Provides details on what threats are encountered by pattern over a specific span of time the network as well as the mix of various application traffic Security explorer Interactive and dynamic touch graph provides Greatly simplify the understanding of the network comprehensive network and application layer views traffic as well as details of attacks Application profiler Works with application volume tracking feature to Quickly identify and control which applications are display application Usage and create application running on the network by simple log to rule creation policy enforcement rules step IDP75 IDP250 TPs IDP800 IDP8200 Specifications Dimensions and Power Dimensions W x H x D Weight A C power supply D C power supply Mean Time Between Failures MTBF Memory Hard drive 17 x 1 69 x15 in 43 2 x 4 3 x 38 1cm 15 lb 100 240 VAC 50 60 Hz 4 0 2 0A Max 200 W N A 75 000 hrs 1GB 80 GB 17x 1 69 x15 in 43 2 x 4 3 x 38 1cm 16 5 lb 100 240 VAC 50 60 Hz 5 0 1 5A Cold swappable max 300 W N A 73 000 hrs 2 GB 80 GB 17x3 4x19in 43 2 x 8 6 x 48 3 cm 27 lb 100 240 VAC 50 60 Hz 6 0 2 0 A Hot swappable dual redunda
14. s Predefined and custom signatures Traffic interpretation Application Volume Tracking AVT Zero day protection Recommended policy More than 60 protocol decodes are supported along with more than 500 contexts to enforce proper usage of protocols More than 6 200 predefined signatures are included for identifying anomalies attacks spyware and applications Customization of signatures to personalize the attack database is allowed Reassembly normalization and protocol decoding are provided This tracks and collects volumetric application usage information Protocol anomaly detection and same day coverage for newly found vulnerabilities are provided Group of attack signatures are identified by Juniper Networks Security Team as critical for the typical enterprise to protect against As of June 2009 there are 6 200 signatures available with daily updates provided Accuracy of signatures is improved through precise context of protocols Attacks are accurately identified and attempts at exploiting a known vulnerability are detected Customers fine tune the attack database specific to their environment to avoid false positives Overcome attempts to bypass other IDP Series detections by using obfuscation methods This aids in proper creation of application policies based on observed network bandwidth consumption by application Your network is already protected against any new exploits Installation and m
15. s are the property of their respective owners Juniper Networks assumes no responsibility for any inaccuracies in this document Juniper Networks reserves the right to change modify transfer or otherwise revise this publication without notice 1000221 004 EN Dec 2009 To purchase Juniper Networks solutions please contact your Juniper Networks representative at 1 866 298 6428 or authorized reseller Printed on recycled paper
Download Pdf Manuals
Related Search