NetScreen Confidential 1 NetScreen Corporate Overview June 2001

NetScreen Confidential1

NetScreen Corporate Overview

June 2001


About NetScreen

• Founded October 1997• Leading maker of ASIC-based integrated security solutions

– Firewall, VPN and traffic management

• Fast growing revenue– $40 million in calendar 2000– $8 million in calendar 1999

• Primary markets: Internet data centers, service providers and enterprises

• Employees: > 270• Pre-IPO: $53 million VC investment

– Sequoia, Spectrum, Juniper, Ericsson, WorldCom

• Based in Sunnyvale, Calif. USA– Other offices in Boston, UK, Germany, Hong Kong, Beijing


NetScreen’s Security Solutions

• Integrated security systems and appliances • Product line provides near-wire-speed

performance at 1-Gbps, 700-Mbps, 100-Mbps & 10-Mbps– Stateful inspection hardware firewall, IPSec,

authentication, PKI and NAT acceleration

• Small form factor• IPSec VPN – Triple DES at wire speed• High availability

– Protect against hacker attacks (8 to 10 times faster than software solutions)

– Redundant topologies

• ICSA-certified (firewall and VPN)


The Internet Revolution …

• Proliferation of access to and usage of the Internet continues worldwide

• Broadband services are proliferating

• Security is required to protect against attacks and forge trusted relationships

Internet Users Worldwide

59

250

0

50

100

150

200

250

300

1998 2003

Users (in millions)


… Is Changing the Security Paradigm

• Network performance outstrips security performance, creating a bottleneck

• The ongoing care and feeding of legacy solutions

• Lack of qualified security personnel

• The interest in outsourcing of the enterprise network and applications, in general,or just security


NetScreen Meets The Customer Challenge for Security

• Developer of next generation Internet security systems and appliances, delivering:– Performance: Security performance must scale to protect new

high-speed networks

– Integration: Firewall, VPN and traffic management

– Ease of use: Must be easy to deploy in order to proliferate

– Availability: High-reliability architectures

• NetScreen security solutions–proven technology– NetScreen has three years of experience building purpose-

built, high-performance integrated security solutions

– More than 35,000 units shipped to date


Security Market Growth

• Firewall and VPN markets in rapid-growth stage– Hardware predominant

platform for firewalls and VPNs

• Key drivers– Need to protect Internet

links and encrypt data

– Enterprises looking to outsource or out-task some element of security

Worldwide Market Growth (Infonetics Research)

$0

$1

$2

$3

$4

$5

$6

2000 2001 2002 2003 2004

Bill

ion

s

Firewall Dedicated VPN hardware


Product Overview: NetScreen-1000

• Gigabit Performance– 1 Gbps 3DES IPSec VPN– 1 Gbps firewall and NAT

• High Capacity– Firewall: Stateful inspection - 500,000 sessions– VPN: 25,000 IPSec tunnels,

• High availability/redundancy– Hot swappable power supplies, fans, cards– Mirrored configuration maintains sessions through a failover

• Virtual Systems based – for ASPs & managed services– 100 discrete security domains– Per VS address book, policies and management


Product Overview: NetScreen-500

• High performance– 250 Mbps 3DES IPSec VPN

– 700 Mbps stateful firewall

• High capacity– 10,000 IPSec tunnels

– 250,000 concurrent sessions

– 22,000 new sessions per second

• Up to 25 Virtual Systems

• Redundant– High availability features– Internal system redundancies

(swappable fans, power)– Separate traffic and

management bus

• Flexible– Multiple ports– AC/DC power


Product Overview:NetScreen Security Appliances

• Suite of wire-speed appliances– NetScreen-100: 100-Mbps performance; 128,000 sessions; 1,000 tunnels– NetScreen-10: 10-Mbps performance; 4,000 sessions; 100 tunnels– NetScreen-5XP: 10-Mbps performance; 2,000 sessions; 10 tunnels

• Stateful-inspection firewall– Leading denial of service attack deterrence

• NAT (mapped IP, Virtual IP), URL blocking• Line rate IPSec VPNs

– IPSec, DES/3DES, MD5, SHA-1, IKE key management– 1,000 tunnels: site to site or remote access

• Traffic Shaping: guaranteed & max bandwidth


NetScreen Management Interfaces

SNMP

CLI

Web UI

3rd Party

Syslog

Global

NetScreen Management Interfaces

• CLI – familiar command line interface [telnet, ssh]

• Web Interface – embedded Web server [http, SSL]

• NetScreen Global – proprietary interface

• SNMP – Standard MIB & private extensions

• Syslog – standard traffic reporting and alerts

• 3rd Party – WebSense, WebTrends


Enterprise Security Management: Global Manager

• Central management for multiple NetScreen security appliances – Set policies and configuration options

– Define configuration once, apply to multiple devices

– Device grouping to simplify administration

• Collect and display status information for hundreds of devices– Detailed reporting: configuration, traffic,

CPU utilization, logs

• Securely manages via VPN tunnels to devices

• Windows NT/2000-based platform

Global Manager

Configuration

Monitoring & Reporting

NetScreen Security Devices


NetScreen Global PRO 2.6

• Configure 1000s of devices– Set common policies and drag-

and-drop to device groups

Oracle DB

Web Server

Data Collector

Global PRO UI

Configuration

Reporting Presentation layer

Solaris collector layer

Data Storage layer

Device layer

Monitoring

NetScreen Security Devices

Global Pro Components

• Customer or Role based reporting– Web reporting interface

• Extensive interoperability– Industry leading data base

– Open schema

– Netcool Integration Module

• Highly scaleable performance reporting and monitoring system– Track and present sophisticated

reports


Custom Technologies Deliver Performance & Security

• GigaScreen ASIC: Highest performance, most integrated security acceleration silicon available– Single chip HW firewall, IPSec, authentication, PKI and NAT

acceleration

– HW firewall: TCP header parsing, session lookup, policy lookup

– 1.2 Gbps DES, 400 Mb 3DES, MD-5, SHA-1

– PKI acceleration

– HW NAT

– Multi-bus architecture

– RISC processor interface

• ScreenOS – Dedicated, real-time operating system that drives all NetScreen

systems and appliances


NetScreen Virtual Systems

• NetScreen-1000 and NetScreen-500 include NetScreen’s unique Virtual Systems technology– Create up to 100 individual security domains

on the NetScreen-1000 and 25 on the NetScreen-500, each with its own policies

– Integrated firewall and VPN features– Reduce capital cost, ease management and

administration, simplify network architecture

• NetScreen Virtual Systems– Physical ports mapped into VLAN groups

within the switch– VLAN traffic passed over 802.1Q tagged

trunk– VLANs mapped to Virtual Systems within

the NetScreen system

Physical ports mapped to VLANs within switch

IEEE 802.1Q VLAN Trunk

Traffic Mapped to VLANs via Virtual Systems

Standard Ethernet connections


NetScreen Target Markets

Enterprise Networks• Enterprise central site and broadband

remote access

Internet data centers• Web hosts, AIPs

Service provider networks• MANs, ISPs

Managed Security Service Providers• Integrating security solutions for Internet data centers,

service providers and enterprises of all sizes


Central Site Firewall & VPN Intranet

Firewall Application• WAN access multiple T1s /T3• E-business

VPN Application• Private network replaced by VPN intranet• Hundreds or thousands of remote offices /

users• Extranets• Trust limited to “Need to know”

employees

Internet

Corp HQ

DMZ

NetScreen delivers• Increased performance, scalability,

flexibility & cost effectiveness of the solution


Multi-Department Security

Internet

Corp HQ

Finance Dept M & A Group Engineering Dept

DMZs

Traditional Solution

• Multiple Firewalls required to provide internal security

NetScreen-500 Solution• Virtual Systems employed to

provide departmental security• Can also be used for

additional DMZs, security domains and for extranets

• Trust limited to “Need to know” employees


Multi-Department with Remote Users

Internet

Corp HQ

DMZs

Finance Dept

Finance Dept mobile worker

Finance Vsys

Finance Dept remote worker

Firewall• Traffic sent to the Finance dept is

firewall-ed by the Finance Vsys• Finance SOHO worker firewall-ed from

the InternetVPN• Remote finance workers VPN

connections terminate in the Finance Virtual System

• Essentially extending the finance intranet to include those workers


• Low performance• Requires load

balanced Firewalls

• Loose ability to offer

VPN access

• Expensive access• Slow to establish

• Time consuming (staff)

• Lost revenue to telco

Traditional Data Center Approach

Internet

Customers

www Access

Front End

BackEnd

Internet Data Center

Front End

BackEnd

• Resource intensive• Device

• Management

• Skilled Staff

• Time (setup /support)

Admin or ASP Customer Access (WAN link or VPN)

Front End

BackEnd

Administration

Front End

BackEnd

Load-balancers


• Dedicated VPN and / or FW solution

• High Bandwidth FW and VPN without having load balanced security devices

• Additional Backend or Database security

• High performance multi-customer solution

• Reduced Capital Cost• Rapid Deployment• Low support burden

• Differentiated services• Customer site VPN

• High speed VPN between Data Centers

NetScreen’s Complete Data Center Platform

Trust

Untrust

Internet


Front End

BackEnd

VLAN 2 VLAN 3

NetScreen 1000

(Firewall & VPN)

Front End

BackEnd

VLAN 4 VLAN 5

Mirrored Data Center

Customers

www Access

BackEnd

Front End

NetScreen 1000

Shared Hosting / Core Systems

VLAN 1

or Low end dedicated

Customer Access (VPN)

NS Remote, 5, 10, 100

NetScreen 10

Front End

BackEnd

NetScreen 100


xSP – Selling with CPE in the Enterprise

NetScreen- 1000ES

Internet

Branch Office

Small Office/Telecommuter

Remote VPN Client

Finance Domain

Finance Remote Worker

Dark Fiber

Data CenterCorp HQ

DMZs

Global / Pro

SOC

• Integrated Firewall and VPN solution for the enterprise

–Gigabit firewall to address internet and intranet bandwidth

–High speed and capacity VPN to address broadband remote access VPN

–Multiple DMZ–Option for departmental policy and

VPNs (departmental Firewall replacement)

–Intra office VPN

• Comprehensive line of enterprise security products

• Single security vendor solution for management and support


Optical Access

Metropolitan Area Networks

Metropolitan area network • High speed inter-city inter-

office security solution

• Enterprise remote site VPN via the Internet

• High bandwidth FW and VPN without having load balanced security devices

• Customer deployed or managed service

• In the cloud or CPE-based

Optical Backbone

InternetRemote Site

Access (VPN)

NetScreen- 1000ES

Customer A City A

NetScreen- 1000ES

Customer A City B

GE over Fiber

Optical Access

NetScreen- 1000SP


Using Virtual Systems in NSP networks

Fiber Backbone

Internet

Fiber Access

Fiber Access

Vsys #1

Vsys #2

Vsys #3

Vsys #1 Vsys #2

Metropolitan area network • Ethernet over Fiber

• Discrete Customer Fibers mapped to Virtual Systems via VLAN tagged trunk

• Customer FW & VPN services per Virtual System


Managed Security Service Provider Solutions

Internet

HQ / Branch Office

Small Office/TelecommuterRemote VPN Client

NetScreen- 1000ES

Finance Domain

Dark Fiber

Data Center

Corp HQ

DMZs

MAN

NetScreen- 1000ES

Trust

Untrust

Front End

BackEnd


VLAN 1 VLAN 2

Front End

BackEnd

NetScreen 1000ES

Front End

BackEnd

NetScreen 100

NetScreen-1000SP

Global / Pro

SOC

NetScreen-100

NetScreen-5

NetScreen -Remote


Industry Recognition“Products from NetScreen, Cisco and CyberGuard fit the bill for the highest throughput, with NetScreen offering overall outstanding performance with consistently high numbers across all our tests.” NetworkWorld, March 12, 2001

“NetScreen's combination firewall/VPN is a powerful and cost-effective solution for companies of all sizes. NetScreen's speed, reliability, and ease-of-use make it an ideal solution for companies that have enterprise-level security needs.” InfoWorld, Sept. 29, 2000

“Topping our list was the NetScreen-100 from NetScreen Technologies Inc., which had no security issues, the fastest throughput of any device we tested, and a reasonable price tag.” – CommWeb, Sept. 12, 2000

“Don't be fooled by the size of the NetScreen-5. It's only as big as a paperback novel, but it offers bandwidth management and complete firewall and VPN gateway implementations.” – Network Computing, June 12, 2000

“At 1U in height, the NetScreen-100 packs a small-form-factor wallop. A stateful-inspection firewall ensconced in proprietary ASIC hardware, the NetScreen-100 is built for speed.” – Network Computing, April 3, 2000

Tester’s Choice Firewalls: The NetScreen-100 “offered the best combination of airtight security, screaming performance and simple management.” – Data Communications, May 1999

Tester’s Choice Traffic Shaping: “The Netscreen-100 turned in a strong showing in our rate enforcement and burst handling tests while posting respectable numbers in our prioritization tests.” – Data Communications, November 1998


Award-Winning Performance

• VPN Gateway Tester’s Choice award for the NetScreen-100– CommWeb is a leading Web site

published by CMP media for Network Magazine, Tele.Com and other leading publications

– Published Sept. 12, 2000

• 12 vendors tested, including Cisco, Check Point• “Topping our list was the NetScreen-100 from

NetScreen Technologies Inc., which had no security issues, the fastest throughput of any device we tested, and a reasonable price tag.”


NetScreen Customers & Partners

Documents

NetScreen Confidential 1 NetScreen Corporate Overview June 2001