How the Network World Lab Alliance tested Juniper’s ISG 2000.We installed the ISG 2000 with IDP blades into our production network at its very edge, connected directly to our two upstream routers. With two 45M bit/sec circuits coming into our network, we kept the ISG 2000 busy, but did not stress it. The hardware was specified to operate at speeds far above our load.Throughout the test, the ISG 2000 ran on Version 5.0 of Juniper’s ScreenOS operating system. The management system was more fluid. We upgraded an existing NetScreen-Security Manager management system to version 2004-IDP (and later to 2005.1 and 2005.2) and proceeded to push our standard firewall policy to the ISG 2000. Because the ISG 2000 was upstream of all our existing firewalls, we combined all of the other firewall policies into a super-policy, adjusted for network topology, and were running within a few hours.With the ISG 2000, the firewall configuration drives data streams into the intrusion-prevention system (IPS) part of the product. For every firewall rule, you say whether the IPS is enabled. We started with IPS turned on for all traffic, but simply alerting and not dropping or resetting connections. After studying the false positives over a month, we refined our IPS policy to skip problematic systems and signatures.Then we put the IPS into block mode, asking it to drop packets or reset connections that triggered its signatures. (A few days after we put the IDP into block mode we discovered one of our IDP boards had failed and was blocking traffic at random.) For the next three months, we checked in on the management system daily, looking for log entries that might be signs of false positives, and updating and tuning the system. We used the logs several times to track down problems for our help desk. And of course, we had to make a number of changes to the firewall configuration.During the testing, we worked with Juniper technical support to resolve questions and refine our understanding of the system. Juniper also provided on-site technical support at the end of the test to let us sanity-check our conclusions and to collect feedback.Return to Juniper ISG 2000 Clear Choice Test Related content news Cisco CCNA and AWS cloud networking rank among highest paying IT certifications Cloud expertise and security know-how remain critical in building today’s networks, and these skills pay top dollar, according to Skillsoft’s annual ranking of the most valuable IT certifications. Demand for talent continues to outweigh s By Denise Dubie Nov 30, 2023 7 mins Certifications Certifications Certifications news Mainframe modernization gets a boost from Kyndryl, AWS collaboration Kyndryl and AWS have expanded their partnership to help enterprise customers simplify and accelerate their mainframe modernization initiatives. By Michael Cooney Nov 30, 2023 4 mins Mainframes Cloud Computing Data Center news AWS and Nvidia partner on Project Ceiba, a GPU-powered AI supercomputer The companies are extending their AI partnership, and one key initiative is a supercomputer that will be integrated with AWS services and used by Nvidia’s own R&D teams. By Andy Patrizio Nov 30, 2023 3 mins CPUs and Processors Generative AI Supercomputers news VMware stung by defections and layoffs after Broadcom close Layoffs and executive departures are expected after an acquisition, but there's also concern about VMware customer retention. By Andy Patrizio Nov 30, 2023 3 mins Virtualization Data Center Industry Podcasts Videos Resources Events NEWSLETTERS Newsletter Promo Module Test Description for newsletter promo module. Please enter a valid email address Subscribe