ScreenOS Firewalls (NOT SRX)
Reply
Visitor
Emitac
Posts: 2
Registered: ‎10-30-2010
0

ISG 2000

 

Hi,

 

I have a small clarifications regarding ISG; Can we implement 2 x NS-ISG-SEC per ISG 2000 chassis to reach 1.5Gbps of throughput? If yes, do we need two to obtain 2 x NS-ISG-2000-IKT upgrade kit as well?

 

thank you,

Contributor
ghaugsness@yahoo.com
Posts: 37
Registered: ‎06-04-2010
0

Re: ISG 2000

I believe on the ISG2000 you can put up to 3 of the NS-ISG-SEC modules in, and yes you would need the upgrade kits as well to cover the memory requirments. The ISG2000's are rated at 4Gbps on the backplane. Is your question relating throughput regarding IDP or just in general?

 

Greg

Trusted Contributor
piccolo78
Posts: 108
Registered: ‎09-13-2009
0

Re: ISG 2000

Hi,

 

if i remember right : :smileyhappy:

 

you need 1x the NS-ISG-2000-IKT (with includes 2GB RAM of memory and a License of 5 Netscreen Security Users)

 

with 2 security modules you can go up to 1Gb and with 3 (maximum) you can go up to 2gb performance.

 

Regards

-PIccolo
Contributor
greenmug
Posts: 28
Registered: ‎08-21-2009
0

Re: ISG 2000

Hi, if you use two out of the three IDP slots, make sure to take the advice on which of the three slots to use. It is clearly marked in the documentation.

 

Only one kit per chassis, with 1-3 modules per chassis.

 

In a HA pair, equal numbers of cards are required.

Trusted Contributor
piccolo78
Posts: 108
Registered: ‎09-13-2009
0

Re: ISG 2000

Hi,

 

 greenmug  is so right, can only agree, forgot to mention ,Sorry ! :

 

if you are going with active / passive configuration (recommended) 

or active/active (personally i would stay away from this configuration , as this causes only problems even on checkpoint :smileyvery-happy:) , and even as i can remember not recommended from jtac you should have to meet this requiremends :


  • each cluster member sould have the same expansion modules (and speed settings)
  • each cluster member should be the same model
  • each cluster member should be have the same NS-ISG-2000-IKT
  • and of couse the same number of security modules...

Regards

 

p.s personally i i`m verry happy with our idp2000 A/P Cluster with 2 Security Modules.

The Device(s) works as aspected.

 

Regards

 

 

 

 

 

-PIccolo
Trusted Contributor
michael.saw
Posts: 1,048
Registered: ‎09-26-2011
0

Re: ISG 2000

[ Edited ]

Can ISG work without NS-ISG-SEC?

If IDP is not needed, do we actually need NS-ISG-SEC?

 

Pls share your thought :smileyhappy:

Thanks!

Michael
JNCIA-JUNOS, JNCIS-ENT/SEC, JNCIP-ENT
(CCNA, ACMP, ACFE, CISE)
"http://www.thechampioncommunity.com/"
CONNECT EVERYTHING. EMPOWER EVERYONE.
Share & Learn. Knowledge is Power.

"If there's a will, there's a way!"
Distinguished Expert
keithr
Posts: 979
Registered: ‎09-10-2009
0

Re: ISG 2000

Yes, the NS-ISG-SEC modules are optional.

 

If you do not wish to use IDP functions on the ISG-2000, you do not need any NS-ISG-SEC modules.  The ISG-2000 will still function perfreclty fine as a L4 firewall/VPN device.

-kr


---
If this solves your problem, please mark this post as "Accepted Solution."
Kudos are always appreciated.
Trusted Contributor
michael.saw
Posts: 1,048
Registered: ‎09-26-2011
0

Re: ISG 2000

thanks for the clarification, keithr!
Thanks!

Michael
JNCIA-JUNOS, JNCIS-ENT/SEC, JNCIP-ENT
(CCNA, ACMP, ACFE, CISE)
"http://www.thechampioncommunity.com/"
CONNECT EVERYTHING. EMPOWER EVERYONE.
Share & Learn. Knowledge is Power.

"If there's a will, there's a way!"
Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.