I believe on the ISG2000 you can put up to 3 of the NS-ISG-SEC modules in, and yes you would need the upgrade kits as well to cover the memory requirments. The ISG2000's are rated at 4Gbps on the backplane. Is your question relating throughput regarding IDP or just in general?

Greg

Hi,

if i remember right :

you need 1x the NS-ISG-2000-IKT (with includes 2GB RAM of memory and a License of 5 Netscreen Security Users)

with 2 security modules you can go up to 1Gb and with 3 (maximum) you can go up to 2gb performance.

Regards

Hi, if you use two out of the three IDP slots, make sure to take the advice on which of the three slots to use. It is clearly marked in the documentation.

Only one kit per chassis, with 1-3 modules per chassis.

In a HA pair, equal numbers of cards are required.

Hi,

 greenmug  is so right, can only agree, forgot to mention ,Sorry ! :

if you are going with active / passive configuration (recommended) 

or active/active (personally i would stay away from this configuration , as this causes only problems even on checkpoint ) , and even as i can remember not recommended from jtac you should have to meet this requiremends :

• each cluster member sould have the same expansion modules (and speed settings)

• each cluster member should be the same model
• each cluster member should be have the same NS-ISG-2000-IKT
• and of couse the same number of security modules...

Regards

p.s personally i i`m verry happy with our idp2000 A/P Cluster with 2 Security Modules.

The Device(s) works as aspected.

Regards

Can ISG work without NS-ISG-SEC?

If IDP is not needed, do we actually need NS-ISG-SEC?

Pls share your thought

Yes, the NS-ISG-SEC modules are optional.

If you do not wish to use IDP functions on the ISG-2000, you do not need any NS-ISG-SEC modules.  The ISG-2000 will still function perfreclty fine as a L4 firewall/VPN device.