Juniper IDP 200

Juniper IDP 200

|GCN Lab Reviewer's Choice|

Pros: Good price for the features

Cons: Complicated setup

Price: $19,000

Performance: A

Ease of setup: B-

Configurability: A

Value: A



Also reviewed:

Protection you can trust: The Juniper IDP 200 made it easy to prevent all network attacks.

The IDP 200 from Juniper Networks is capable of protecting multiple networks at the same time. It takes up 2U of rack space and, at just 29 pounds, is a bit lighter than most rack-mounted devices.

It has eight 10/100 autosensing Ethernet ports that can be paired as pass-through ports or set up individually as sniffer ports. It also has a 10/100 management port, a 10/100 high availability port, a serial port and a CD-ROM drive.

The IDP 200 requires a management server (NetScreen Security Manager), which means any RedHat Linux or Solaris server running the provided software. The server needs to be running a 1-GHz processor (more if it's managing multiple sensors) and includes 1GB of memory, a 100-Mbps network interface card and 18GB of disk space.

To set up the IDP, you first connect to it through its serial console port. This is necessary for setting the IP address of the management port and other features. As in the case of the Cisco IPS, this process increases security because it requires physical access to make certain major changes.

Next, you hook up the management server. The setup guide recommends that you put the management server, the user interface and the management port on a local area network all their own.

This could be done easily with a small hub you might have lying around. Otherwise, you can buy a hub for less than $100.

Once you have all three connected and able to ping each other, you're ready to configure the sensor by logging into the management server through the user interface and adding the IDP sensor to the list of managed security devices. Once this is done, you have access to the sensor and can configure the traffic ports the way you need them. We set the first two in Inline Active Mode, then hooked it up between our router and firewall.

In all, the setup process was straightforward, but it was also more involved than others in this review. Most admins shouldn't have a problem with it, but it will require a little more time and effort.

Once we were finished, it was a simple matter to set the sensor's policies for blocking our simulated network attacks. By changing just a few policies in the sensor definitions, we quickly had the Juniper IDP preventing all intrusions.

For large organizations that have multiple subnetworks to protect, the 250-Mbps IDP 200 is a strong solution.

At $19,000, it's cheaper than other multiple-traffic-port sensors we've tested. Just keep in mind you may need to buy a management server if you don't have one you can reprovision.

Juniper Networks Inc., Sunnyvale, Calif., (866) 298-6428, www.juniper.net

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above