Juniper is adding intrusion detection to one of its firewall/VPN devices and revamping its line of stand-alone intrusion-detection gear, making it possible for businesses to streamline network administration by deploying fewer boxes.

The company last week announced hardware blades for its ISG 2000 firewall/VPN appliance that supports its intrusion-detection and -prevention (IDP) software. The box has three slots for the blades, which do all the processing for the IDP software so it doesn't sap the main CPU that handles the firewall and VPN processing.

---

Also: Juniper, Avaya agree to expand joint development partnership

---

Adding IDP puts the ISG 2000 in the same category as Crossbeam, Fortinet and 3Com's TippingPoint Technologies gear, says Jim Slaby, an analyst with The Yankee Group. And the company says it likely will come out with software to support other security functions such as anti-virus.

Fully loaded, the box is suitable for protecting a data center, with 2G bit/sec firewall protection, 1G bit/sec VPN encryption and up to 2G bit/sec of IDP throughput.

The IDP blades process only those packets for which customers have set IDP policies. For example, the main processor might identify signaling packets for a VoIP phone call and have it run through an IDP check looking for an attack. But when it identifies a VoIP payload packet that contains only voice content, it could pass it through without IDP inspection because there are no known voice payload attacks.

Juniper is announcing a second multi-slot firewall/VPN/IDP device called ISG 1000. It has only two slots for IDP cards, and its top firewall speed is 1G bit/sec. The IDP cards are not available yet.

Juniper also is announcing six new appliances that only perform IDP. The boxes will replace older Juniper IDP devices that will be phased out over the next two quarters. The devices are the IDP 50, IDP 200, IDP 600 C (with copper Gigabit Ethernet interfaces), IDP 600 F (with fiber Gigabit Ethernet interfaces), IDP 1100 C and IDP 1100 F. They range in through put from 50M to 1G bit/sec.

Along with the IDP hardware, Juniper is releasing a new version of its IDP software that adds the capability to screen for attacks that violate Session Initiation Protocol, making the software suitable to guard against attacks on VoIP and video. The IDP software checks with Juniper's network daily to download newly found attack signatures, including spyware.

The software also lets users run suspected attacks in a protected environment to determine whether they are actual attacks. This helps reduce the number of false positives, the company says.

The stand-alone IDP devices cost from $9,000 for the IDP 50 to $65,000 for the IDP 1100 F. The price range for the ISG 2000 is $40,000 to $55,000 for firewall/VPN capabilities. An IDP license costs $6,000 and the IDP cards cost $12,000 each.