SlideShare a Scribd company logo

1500024 en

Alber Louis
Alber Louis
Education
1 of 8
Download to read offline
PRODUCT CATEGORY BROCHURE INTEGRATED FIREWALL/ VPN PLATFORMS
Strong Security for Access Control, User Authentication, and Attack Protection at the Network and Application Level As threats to the network grow more prevalent and destructive, securing the infrastructure is critical to maintaining a viable business. Attacks come from multiple sources in a variety of forms. Enterprises and service providers need more than just a security device; they require a comprehensive, reliable, and integrated security solution backed by an industry leader. The Juniper Networks integrated security devices are purpose-built to perform essential networking security functions. Optimized for maximum performance and feature integration, they are designed on top of robust networking and security real-time operating systems, Juniper Networks® Junos® operating system and ScreenOS®. Designed from ground up to provide the superior networking and security capabilities, these operating systems are not plagued by inefficiencies and vulnerabilities of general-purpose operating systems. With a range of purpose-built, high-performance platforms that deliver integrated security and LAN/WAN routing across high-density LAN/WAN interfaces, Juniper Networks integrated security devices address the needs of small to medium sized locations, large distributed enterprises, and service providers as well as large and co-located datacenters. These integrated devices can protect the network from all manner of attacks and malware while simultaneously facilitating secure business-to-business communications. Product Line Highlights: • Complete set of Unified Threat Management (UTM) security features—including stateful firewall, application security, intrusion prevention, antivirus, antispyware, anti- adware, and antiphishing), antispam, and Web filtering—stops worms, spyware, trojans, malware, and other emerging attacks. (Note: Not all UTM features are available on all platforms.) • Centralized, policy-based management minimizes the chance of overlooking security holes by simplifying rollout and network-wide updates. • Virtualization technologies make it easy for administrators to divide the network into secure segments for additional protection. • Various high availability (HA) options offer the best redundant capabilties for any given network. • Rapid-deployment features, including Auto Connect VPN and Dynamic VPN services, help minimize the administrative burden associated with widespread IPsec deployments. 2
Perimeter Defense Begins with Network-Level Protection SeCUrity PLAtformS To protect against network-level attacks, Juniper Networks devices use a dynamic packet • SRX100 filtering method known as stateful inspection to unmask malicious traffic. With this • SRX210 method, firewalls collect information on various components in a packet header, including source and destination IP addresses, source and destination port numbers, and packet • SRX220 sequence numbers. When a responding packet arrives, the firewall will compare the • SRX240 information reported in its header with the state of its associated session. If they do not • SRX650 match, the firewall will execute the actions specified in the security policy, which typically • SRX1400 involves dropping the packet and logging the action. • SRX3400 Stateful inspection provides more security than other firewall technology such as packet • SRX3600 filtering because the traffic is examined under the context of the connection and not as • SRX5600 a collection of various packets. By default, the Juniper Networks firewall denies all traffic • SRX5800 in all directions. Then, by using centralized, policy-based management, enterprises can • SSG5/SSG5 Wireless create security policies that define the parameters of traffic that is permitted to pass from • SSG20/SSG20 Wireless specified sources to specified destinations. • SSG140 Secure, reliable WAN connectivity also plays an important role in network-level protection. • SSG320M/350M By deploying robust virtual private networks (VPNs), remote sites can be securely • SSG520M/550M connected to other remote sites and to centralized data and applications using high- • ISG1000 bandwidth shared media such as the Internet. Features such as Auto Connect VPN, available on select models, can help ease the administration and management of VPNs, • ISG2000 particularly in hub-and-spoke topologies, allowing secure connections to be automatically • NetScreen-5200 set up and taken down without manual configuration. • NetScreen-5400 Day-Zero Protection Against Application-Level Attacks To help block malicious application-level attacks, Juniper Networks seamlessly integrates intrusion prevention across the entire product line. For central enterprise sites, data center environments and service provider networks with high volumes of throughput, the Juniper Networks ISG Series Integrated Security Gateways with IPS, Juniper Networks SRX100, SRX210, SRX220, SRX240, SRX650, SRX1400, SRX3000 line and SRX5000 line of services gateways can be deployed for application-level protection. The ISG Series and SRX Series tightly integrates the same software found on the Juniper Networks IDP Series Intrusion Detection and Prevention Appliances to provide unmatched application-level protection against worms, trojans, spyware, and malware. More than 60 protocols are recognized including those used by advanced applications such as VoIP and streaming media. Unmatched security processing power and network segmentation features protect critical high-speed networks against the penetration and proliferation of existing and emerging application-level threats. With multiple attack detection mechanisms, including stateful signatures and protocol anomaly, the ISG Series and SRX Series Services Gateways performs in-depth analysis of application protocol, context, state and behavior to deliver Zero-day protection. Security administrators can deploy Juniper Networks AppSecure capability using deep inspection to block application-level attacks before they infect the network and inflict any damages. AppSecure utilizes advanced, high-performance detection mechanisms integrated with stateful inspection firewall, along with multiple threat inspection engines operating in parallel to accurately detect advanced persistent threats, including those found in nested applications within applications. 3
integrated Antivirus Protects remote Locations For remote offices or smaller locations with limited IT staff, integration and simplicity are an absolute must in any security solution. Juniper Networks currently provides integrated file-based antivirus protection from Kaspersky Lab on the Juniper Networks SSG Series Secure Services Gateways and the SRX Series Services Gateways for the branch. These products combine firewall and VPN capabilities with an antivirus scanning engine that includes antiphishing, antispyware, anti-adware to provide a comprehensive security solution in a single device. These integrated appliances scan for viruses imbedded in both email and Web traffic by scrutinizing IMAP, SMTP, FTP, POP3, IM and HTTP protocols. They provide the most advanced protection from today’s fast-spreading worms, viruses, trojans, spyware, and other malware from damaging the network. With its ability to uncompress files using common protocols, the engine scans deep inside attachments to detect threats hidden in multiple levels of compression. Controlling Access to Known malware and Phishing Websites Employees who access inappropriate websites from the corporate network risk bringing malicious software into the organization. Worse, their errors in judgment could also expose the company to litigation for not having adequate controls in place. Juniper Networks integrated security devices are the ideal solution to help organizations devise and enforce responsible Web usage policies. Two approaches are available: external and integrated Web filtering. External Web filtering, available on all Juniper Networks firewall and VPN devices, redirects traffic from the device to a dedicated Websense Web filtering server for enforcement of the organization’s policies. Integrated Web filtering, available on the SRX Series for the branch and SSG Series, enables enterprises to build their own Web access policies by selectively blocking access to sites listed in a continuously updated database. Maintained by Websense, a Juniper Networks security alliance partner, the database lists more than 20+ million URLs organized into more than 54 categories of potentially problematic content. Customers can rapidly deploy integrated or external Web filtering using default configurations based on the Websense database. Web filtering profiles can be customized by using black lists or white lists, plus a number of predefined and user-defined categories. Blocking inbound Spam and Phishing Attacks Juniper Networks has teamed up with Sophos to leverage their market-leading antispam solution and reputation service for Juniper’s small-to-medium office platforms to help limit unwanted emails and the potential attacks they carry. Installed on the Juniper Networks firewall/VPN gateway, the antispam engine filters incoming email from known spam and phishing users, acting as a first line of defense. When a known malicious email arrives, it is blocked and/or flagged so that the email server can take appropriate action. Integrated antispam is available on the entire SSG Series family and the SRX Series for the branch. 4
Virtualization Boosts Security by Dividing the Network into multiple Network Segments Virtualization technologies in the Juniper Networks integrated firewall/VPN, and secure router security solutions enable users to segment their network into many separate compartments, all controlled through a single appliance. Administrators can simply segment traffic bound for different destinations, or they can further divide the network into distinct, secure segments with their own firewalls and separate security policies. The firewall/VPN devices support the following virtualization technologies: • Security Zones: Supported on every product, security zones represent virtual sections of the network, segmented into logical areas. Security zones can be assigned to a physical interface or, on the larger devices, to a virtual system. When assigned to a virtual system, multiple zones can share a single physical interface which lowers ownership costs by effectively increasing interface densities. • Virtual Systems (VSyS): Available on the ISG Series and Juniper Networks NetScreen Series Security Systems, virtual systems are an additional level of partitioning that creates multiple independent virtual environments, each with its own set of users, firewalls, VPNs, security policies, and management interfaces. By providing administrators with the ability to quickly segment networks into multiple secure environments managed through a single device, VSYS enables network operators to build multi-customer solutions with fewer physical firewalls and reduced administrative attention. This reduces both capital and operational expenses. • Virtual routers (Vr): Supported on all products, virtual routers enable administrators to partition a single device so it functions like multiple physical routers. Each VR can support its own domains, ensuring that no routing information is exchanged with domains established on other VRs. This enables a single device to support multiple customer environments, lowering total cost of ownership. • Virtual LANs (VLAN): Supported on all platforms, VLANs are a logical – not physical – division of a subnetwork that enables administrators to identify and segment traffic at a very granular level. Security policies can specify how traffic is routed from each VLAN to a security zone, virtual system or physical interface. This makes it easy for administrators to identify and organize traffic from multiple departments and define what resources each can access. INTERNET Firewall/VPN Domain 1 Domain N Zone A Zone N Zone A Zone N VLAN 1 VLAN N VLAN 1 VLAN N VLAN 1 VLAN N VLAN 1 VLAN N Networks are segmented into hierarchies of secure compartments using virtual technology. 5
Comprehensive High Availability Solutions ensure Uptime A security system is only as good as its reliability and uptime. Juniper Networks security solutions include reliable, high availability systems based on the NetScreen Redundancy Protocol (NSRP) and Juniper Services Redundancy Protocol (JSRP) to run on Junos operating system-based products. Firewall, VPN, and IPS flows can be synchronized between high availability pairs to provide subsecond failover to a backup device. Configuration options include: • Active/Passive: Master device shares all network, Active/Active Active/Active configuration setting, and current session information with the backup so that, in the event of a failure, the INTERNET INTERNET backup can take over in a seamless manner. Juniper Networks Network and Security Manager provides centralized, policy-based control. Active Active Failure Active SRX Series SRX Series SRX Series SRX Series • Active/Active: Both devices are configured to be active, EX Series EX Series EX Series EX Series with traffic flowing through each. Should one device fail, the other device becomes the master and continues to handle 100 percent of the traffic. The redundant physical paths provide maximum resiliency and uptime. High availability configurations maintain service despite device or link failures Device integration made easy Networks are never static. Potentially costly and time-consuming changes and additions occur all the time. When the network topology changes, or as new offices, business partners, and customers are added to the network, network interoperability becomes especially important. To simplify network integration and help minimize administrative effort when changes are required, Juniper Networks integrated security solutions can operate in three different modes: • transparent mode affords the simplest way to add security to the network. In transparent mode, organizations can deploy a Juniper Networks firewall/VPN appliance without making any other changes to the network: firewall, VPN, IPS, and denial-of-service (DoS) mitigation functions work without an IP address, making the device “invisible” to the user. • route mode enables the security device to actively participate in network routing by supporting both static and dynamic routing protocols, including BGP, OSPF, RIPv1, RIPv2, and ECMP. Route mode enables administrators to quickly deploy multilayer security solutions with a minimum of manual configuration. • NAt mode automatically translates an IP address or a group of IP addresses to a single address to hide an organization’s private addresses from public view. Juniper Networks integrated security devices support both static and dynamic address assignment through DHCP or PPPoE, enabling Juniper Networks solutions to operate in any network environment. Unbound Scalability As network requirements continue to evolve, the processing and I/O requirements for various network devices will also evolve. To meet the demands of ever changing scalability requirements, the SRX1400, SRX3000 line and SRX5000 line of services gateways leverage the Juniper Networks Dynamic Services Architecture. 6
Dynamic Services Architecture enables the most flexible I/O and processing configuration JUNiPer NetWorKS by supporting service processing cards and I/O cards on the same slot, allowing the high- SerViCe AND SUPPort end SRX Series Services Gateways to be configured as a processing-intensive solution or an I/O-intensive solution and anywhere in between. The SRX3000 line and SRX5000 line Juniper Networks is the leader in is able to scale performance almost linearly by adding additional network and services performance-enabling services processing cards with very little overhead. This extensive I/O and processing scalability and support, which are designed to brought about by Juniper’s Dynamic Services Architecture is only available on the data accelerate, extend, and optimize your center class of SRX Series Services Gateways. high-performance network. Our services allow you to bring revenue-generating capabilities online faster so you can managing the Network and Security realize bigger productivity gains and Unlike solutions that require administrators to use multiple management tools to control faster rollouts of new business models a single device, Network and Security Manager (NSM) enables IT departments to control and ventures. At the same time, the device throughout its life cycle with a single, centralized dashboard. NSM is designed Juniper Networks ensures operational specifically to foster teamwork among device technicians, network administrators, and excellence by optimizing your network to security personnel. maintain required levels of performance, reliability, and availability. For more Network and Security Manager takes a new approach to security management by providing details, please visit www.juniper.net/us/ IT departments with an easy-to-use solution that controls all aspects of the firewall/VPN en/products-services/. security device, including device configuration, network settings, and security policy. Juniper Networks STRM Series Security Threat Response Managers provides Security Information and Event Management (SIEM) capabilities with advanced multivendor monitoring and event correlation and sophisticated comprehensive log management. Juniper Networks Advanced Insight Solution(AIS) and Juniper Networks Advanced Insight Manager (AIM) provide in-service diagnostic functionality with flexible automated monitoring and reporting. Third-party network management partners supporting the Juniper products provide additional management solutions for network, fault, performance, and change control. By selecting the appropriate management tool, network administrators can deploy, manage and troubleshoot large network deployments. for Low-Cost rapid Deployment, Drop Ship Devices— Not Administrators To avoid the high cost of sending administrators to configure systems at remote sites, Juniper Networks integrated security devices can be installed by nontechnical users. With the Network and Security Manager Rapid Deployment functionality, network administrators do not need to preconfigure the devices or handle them in any way. At the remote site, the new device simply needs to be cabled up and loaded with a small configuration file, which a central administrator has either emailed or sent on CD to the remote location. The initial configuration file establishes a secure connection to Network and Security Manager which then pushes the complete configuration files to the new device. About Juniper Networks Juniper Networks, Inc. is the leader in high-performance networking. Juniper offers a high- performance network infrastructure that creates a responsive and trusted environment for accelerating the deployment of services and applications over a single network. This fuels high-performance businesses. Additional information can be found at www.juniper.net. 7
Corporate and Sales Headquarters Juniper Networks, Inc. 1194 North Mathilda Avenue Sunnyvale, CA 94089 USA Phone: 888.JUNIPER (888.586.4737) or 408.745.2000 Fax: 408.745.2100 www.juniper.net APAC Headquarters Juniper Networks (Hong Kong) 26/F, Cityplaza One 1111 King’s Road Taikoo Shing, Hong Kong Phone: 852.2332.3636 Fax: 852.2574.7803 emeA Headquarters Juniper Networks Ireland Airside Business Park Swords, County Dublin, Ireland Phone: 35.31.8903.600 EMEA Sales: 00800.4586.4737 Fax: 35.31.8903.601 Copyright 2010 Juniper Networks, Inc. All rights reserved. Juniper Networks, the Juniper Networks logo, Junos, NetScreen, and ScreenOS are registered trademarks of Juniper Networks, Inc. in the United States and other countries. All other trademarks, service marks, registered marks, or registered service marks are the property of their respective owners. Juniper Networks assumes no responsibility for any inaccuracies in this document. Juniper Networks reserves the right to change, modify, transfer, or otherwise revise this publication without notice. Printed on recycled paper 1500024-010-EN Nov 2010

Recommended

Watchguard Firewall overview and implemetation
Watchguard Firewall overview and implemetationWatchguard Firewall overview and implemetation
Watchguard Firewall overview and implemetationKaveh Khosravi
 
Watchguard short introduction
Watchguard short introductionWatchguard short introduction
Watchguard short introductionJimmy Saigon
 
Ds nsa series_4500
Ds nsa series_4500Ds nsa series_4500
Ds nsa series_4500Yustinus Malawau
 
Nice network intrusion detection and countermeasure
Nice network intrusion detection and countermeasureNice network intrusion detection and countermeasure
Nice network intrusion detection and countermeasureIEEEFINALYEARPROJECTS
 
Next Generation Network: Security and Architecture
Next Generation Network: Security and ArchitectureNext Generation Network: Security and Architecture
Next Generation Network: Security and Architectureijsrd.com
 
network security, group policy and firewalls
network security, group policy and firewallsnetwork security, group policy and firewalls
network security, group policy and firewallsSapna Kumari
 
Wireless Networking
Wireless NetworkingWireless Networking
Wireless NetworkingGulshanAra14
 
Firewall
FirewallFirewall
FirewallApo
 

Recommended

Watchguard Firewall overview and implemetation
Watchguard Firewall overview and implemetationWatchguard Firewall overview and implemetation
Watchguard Firewall overview and implemetationKaveh Khosravi
 
Watchguard short introduction
Watchguard short introductionWatchguard short introduction
Watchguard short introductionJimmy Saigon
 
Ds nsa series_4500
Ds nsa series_4500Ds nsa series_4500
Ds nsa series_4500Yustinus Malawau
 
Nice network intrusion detection and countermeasure
Nice network intrusion detection and countermeasureNice network intrusion detection and countermeasure
Nice network intrusion detection and countermeasureIEEEFINALYEARPROJECTS
 
Next Generation Network: Security and Architecture
Next Generation Network: Security and ArchitectureNext Generation Network: Security and Architecture
Next Generation Network: Security and Architectureijsrd.com
 
network security, group policy and firewalls
network security, group policy and firewallsnetwork security, group policy and firewalls
network security, group policy and firewallsSapna Kumari
 
Wireless Networking
Wireless NetworkingWireless Networking
Wireless NetworkingGulshanAra14
 
Firewall
FirewallFirewall
FirewallApo
 
TACTiCS_WP Security_Addressing Security in SDN Environment
TACTiCS_WP Security_Addressing Security in SDN EnvironmentTACTiCS_WP Security_Addressing Security in SDN Environment
TACTiCS_WP Security_Addressing Security in SDN EnvironmentSaikat Chaudhuri
 
Approach of Data Security in Local Network Using Distributed Firewalls
Approach of Data Security in Local Network Using Distributed FirewallsApproach of Data Security in Local Network Using Distributed Firewalls
Approach of Data Security in Local Network Using Distributed FirewallsInternational Journal of Science and Research (IJSR)
 
Data Security in Local Area Network Using Distributed Firewall
Data Security in Local Area Network Using Distributed FirewallData Security in Local Area Network Using Distributed Firewall
Data Security in Local Area Network Using Distributed FirewallManish Kumar
 
Software defined security-framework_final
Software defined security-framework_finalSoftware defined security-framework_final
Software defined security-framework_finalLan & Wan Solutions
 
Miercom Unified Threat Management Report - WatchGuard M270
Miercom Unified Threat Management Report - WatchGuard M270Miercom Unified Threat Management Report - WatchGuard M270
Miercom Unified Threat Management Report - WatchGuard M270BAKOTECH
 
Data center webinar_v2_1
Data center webinar_v2_1Data center webinar_v2_1
Data center webinar_v2_1Lancope, Inc.
 
Data security in local network using distributed firewall ppt
Data security in local network using distributed firewall ppt Data security in local network using distributed firewall ppt
Data security in local network using distributed firewall ppt Sabreen Irfana
 
Traditional Firewall vs. Next Generation Firewall
Traditional Firewall vs. Next Generation FirewallTraditional Firewall vs. Next Generation Firewall
Traditional Firewall vs. Next Generation Firewall美兰 曾
 
Network firewall function & benefits
Network firewall function & benefitsNetwork firewall function & benefits
Network firewall function & benefitsAnthony Daniel
 
Day1
Day1Day1
Day1Jai4uk
 
Firewall Basing
Firewall BasingFirewall Basing
Firewall BasingPina Parmar
 
Next generation firewall(ngfw)feature and benefits
Next generation firewall(ngfw)feature and benefitsNext generation firewall(ngfw)feature and benefits
Next generation firewall(ngfw)feature and benefitsAnthony Daniel
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentationyogendrasinghchahar
 
What is micro segmentation?
What is micro segmentation?What is micro segmentation?
What is micro segmentation?Mir Mustafa Ali
 
Eximbank security presentation
Eximbank security presentationEximbank security presentation
Eximbank security presentationlaonap166
 
Introduction of firewall slides
Introduction of firewall slidesIntroduction of firewall slides
Introduction of firewall slidesrahul kundu
 
Firewall ppt
Firewall pptFirewall ppt
Firewall pptOECLIB Odisha Electronics Control Library
 
4 (data security in local network using)
4 (data security in local network using)4 (data security in local network using)
4 (data security in local network using)JIEMS Akkalkuwa
 
Robust Cyber Security for Power Utilities
Robust Cyber Security for Power UtilitiesRobust Cyber Security for Power Utilities
Robust Cyber Security for Power UtilitiesNir Cohen
 
Firewalls
FirewallsFirewalls
FirewallsJyoti Akhter
 
Ldn slide
Ldn slideLdn slide
Ldn slideAlber Louis
 
Kalimat majemuk setara dan bertingkat
Kalimat majemuk setara dan bertingkat Kalimat majemuk setara dan bertingkat
Kalimat majemuk setara dan bertingkat mujahidah khilafah (Shintia Minandar)
 

More Related Content

What's hot

TACTiCS_WP Security_Addressing Security in SDN Environment
TACTiCS_WP Security_Addressing Security in SDN EnvironmentTACTiCS_WP Security_Addressing Security in SDN Environment
TACTiCS_WP Security_Addressing Security in SDN EnvironmentSaikat Chaudhuri
 
Data Security in Local Area Network Using Distributed Firewall
Data Security in Local Area Network Using Distributed FirewallData Security in Local Area Network Using Distributed Firewall
Data Security in Local Area Network Using Distributed FirewallManish Kumar
 
Software defined security-framework_final
Software defined security-framework_finalSoftware defined security-framework_final
Software defined security-framework_finalLan & Wan Solutions
 
Miercom Unified Threat Management Report - WatchGuard M270
Miercom Unified Threat Management Report - WatchGuard M270Miercom Unified Threat Management Report - WatchGuard M270
Miercom Unified Threat Management Report - WatchGuard M270BAKOTECH
 
Data center webinar_v2_1
Data center webinar_v2_1Data center webinar_v2_1
Data center webinar_v2_1Lancope, Inc.
 
Data security in local network using distributed firewall ppt
Data security in local network using distributed firewall ppt Data security in local network using distributed firewall ppt
Data security in local network using distributed firewall ppt Sabreen Irfana
 
Traditional Firewall vs. Next Generation Firewall
Traditional Firewall vs. Next Generation FirewallTraditional Firewall vs. Next Generation Firewall
Traditional Firewall vs. Next Generation Firewall美兰 曾
 
Network firewall function & benefits
Network firewall function & benefitsNetwork firewall function & benefits
Network firewall function & benefitsAnthony Daniel
 
Next generation firewall(ngfw)feature and benefits
Next generation firewall(ngfw)feature and benefitsNext generation firewall(ngfw)feature and benefits
Next generation firewall(ngfw)feature and benefitsAnthony Daniel
 
What is micro segmentation?
What is micro segmentation?What is micro segmentation?
What is micro segmentation?Mir Mustafa Ali
 
Eximbank security presentation
Eximbank security presentationEximbank security presentation
Eximbank security presentationlaonap166
 
Introduction of firewall slides
Introduction of firewall slidesIntroduction of firewall slides
Introduction of firewall slidesrahul kundu
 
4 (data security in local network using)
4 (data security in local network using)4 (data security in local network using)
4 (data security in local network using)JIEMS Akkalkuwa
 
Robust Cyber Security for Power Utilities
Robust Cyber Security for Power UtilitiesRobust Cyber Security for Power Utilities
Robust Cyber Security for Power UtilitiesNir Cohen
 

What's hot (20)

TACTiCS_WP Security_Addressing Security in SDN Environment
TACTiCS_WP Security_Addressing Security in SDN EnvironmentTACTiCS_WP Security_Addressing Security in SDN Environment
TACTiCS_WP Security_Addressing Security in SDN Environment
 
Approach of Data Security in Local Network Using Distributed Firewalls
Approach of Data Security in Local Network Using Distributed FirewallsApproach of Data Security in Local Network Using Distributed Firewalls
Approach of Data Security in Local Network Using Distributed Firewalls
 
Data Security in Local Area Network Using Distributed Firewall
Data Security in Local Area Network Using Distributed FirewallData Security in Local Area Network Using Distributed Firewall
Data Security in Local Area Network Using Distributed Firewall
 
Software defined security-framework_final
Software defined security-framework_finalSoftware defined security-framework_final
Software defined security-framework_final
 
Miercom Unified Threat Management Report - WatchGuard M270
Miercom Unified Threat Management Report - WatchGuard M270Miercom Unified Threat Management Report - WatchGuard M270
Miercom Unified Threat Management Report - WatchGuard M270
 
Data center webinar_v2_1
Data center webinar_v2_1Data center webinar_v2_1
Data center webinar_v2_1
 
Data security in local network using distributed firewall ppt
Data security in local network using distributed firewall ppt Data security in local network using distributed firewall ppt
Data security in local network using distributed firewall ppt
 
Traditional Firewall vs. Next Generation Firewall
Traditional Firewall vs. Next Generation FirewallTraditional Firewall vs. Next Generation Firewall
Traditional Firewall vs. Next Generation Firewall
 
Network firewall function & benefits
Network firewall function & benefitsNetwork firewall function & benefits
Network firewall function & benefits
 
Day1
Day1Day1
Day1
 
Firewall Basing
Firewall BasingFirewall Basing
Firewall Basing
 
Next generation firewall(ngfw)feature and benefits
Next generation firewall(ngfw)feature and benefitsNext generation firewall(ngfw)feature and benefits
Next generation firewall(ngfw)feature and benefits
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentation
 
What is micro segmentation?
What is micro segmentation?What is micro segmentation?
What is micro segmentation?
 
Eximbank security presentation
Eximbank security presentationEximbank security presentation
Eximbank security presentation
 
Introduction of firewall slides
Introduction of firewall slidesIntroduction of firewall slides
Introduction of firewall slides
 
Firewall ppt
Firewall pptFirewall ppt
Firewall ppt
 
4 (data security in local network using)
4 (data security in local network using)4 (data security in local network using)
4 (data security in local network using)
 
Robust Cyber Security for Power Utilities
Robust Cyber Security for Power UtilitiesRobust Cyber Security for Power Utilities
Robust Cyber Security for Power Utilities
 
Firewalls
FirewallsFirewalls
Firewalls
 

Viewers also liked

Congratulation on your wedding zeenu
Congratulation on your wedding zeenuCongratulation on your wedding zeenu
Congratulation on your wedding zeenuaijazghani
 
Congratulation on your wedding zeenu
Congratulation on your wedding zeenuCongratulation on your wedding zeenu
Congratulation on your wedding zeenuaijazghani
 
Be Digital or Be Extinct. Wharton Guest Lecture by Sandeep Kishore – Corporat...
Be Digital or Be Extinct. Wharton Guest Lecture by Sandeep Kishore – Corporat...Be Digital or Be Extinct. Wharton Guest Lecture by Sandeep Kishore – Corporat...
Be Digital or Be Extinct. Wharton Guest Lecture by Sandeep Kishore – Corporat...HCL Technologies
 
Developing Successful Strategies & Planning to Win - APMP Best Practices Web...
Developing Successful Strategies & Planning to Win - APMP Best Practices Web...Developing Successful Strategies & Planning to Win - APMP Best Practices Web...
Developing Successful Strategies & Planning to Win - APMP Best Practices Web...Abhijit Majumdar CP.APMP
 

Viewers also liked (7)

Ldn slide
Ldn slideLdn slide
Ldn slide
 
Kalimat majemuk setara dan bertingkat
Kalimat majemuk setara dan bertingkat Kalimat majemuk setara dan bertingkat
Kalimat majemuk setara dan bertingkat
 
Congratulation on your wedding zeenu
Congratulation on your wedding zeenuCongratulation on your wedding zeenu
Congratulation on your wedding zeenu
 
Congratulation on your wedding zeenu
Congratulation on your wedding zeenuCongratulation on your wedding zeenu
Congratulation on your wedding zeenu
 
Powerpoint.02
Powerpoint.02Powerpoint.02
Powerpoint.02
 
Be Digital or Be Extinct. Wharton Guest Lecture by Sandeep Kishore – Corporat...
Be Digital or Be Extinct. Wharton Guest Lecture by Sandeep Kishore – Corporat...Be Digital or Be Extinct. Wharton Guest Lecture by Sandeep Kishore – Corporat...
Be Digital or Be Extinct. Wharton Guest Lecture by Sandeep Kishore – Corporat...
 
Developing Successful Strategies & Planning to Win - APMP Best Practices Web...
Developing Successful Strategies & Planning to Win - APMP Best Practices Web...Developing Successful Strategies & Planning to Win - APMP Best Practices Web...
Developing Successful Strategies & Planning to Win - APMP Best Practices Web...
 

Similar to 1500024 en

fortigate-600f-series pdf manual routeur
fortigate-600f-series pdf manual routeurfortigate-600f-series pdf manual routeur
fortigate-600f-series pdf manual routeurrezkellahhichem
 
A Complete Guide To Firewall How To Build A Secure Networking System.pptx
A Complete Guide To Firewall How To Build A Secure Networking System.pptxA Complete Guide To Firewall How To Build A Secure Networking System.pptx
A Complete Guide To Firewall How To Build A Secure Networking System.pptxBluechipComputerSyst
 
Descripcion Tecnica del Barracuda NG Firewall
Descripcion Tecnica del Barracuda NG FirewallDescripcion Tecnica del Barracuda NG Firewall
Descripcion Tecnica del Barracuda NG Firewallrivefapy
 
Integration of pola alto and v mware nsx to protect virtual and cloud environ...
Integration of pola alto and v mware nsx to protect virtual and cloud environ...Integration of pola alto and v mware nsx to protect virtual and cloud environ...
Integration of pola alto and v mware nsx to protect virtual and cloud environ...David kankam
 
Sns en-sn160 w-datasheet-201702
Sns en-sn160 w-datasheet-201702Sns en-sn160 w-datasheet-201702
Sns en-sn160 w-datasheet-201702Balázs Antók
 
Juniper Networks SRX Branch Solutions
Juniper Networks SRX Branch SolutionsJuniper Networks SRX Branch Solutions
Juniper Networks SRX Branch SolutionsAltaware, Inc.
 
Cisco Firepower Next-Generation Firewall (NGFW).pdf
Cisco Firepower Next-Generation Firewall (NGFW).pdfCisco Firepower Next-Generation Firewall (NGFW).pdf
Cisco Firepower Next-Generation Firewall (NGFW).pdfTaherAzzam2
 
CyberoamVirtualSecurityBrochure
CyberoamVirtualSecurityBrochureCyberoamVirtualSecurityBrochure
CyberoamVirtualSecurityBrochureBaqar kazmi
 
CyberoamVirtualSecurityBrochure
CyberoamVirtualSecurityBrochureCyberoamVirtualSecurityBrochure
CyberoamVirtualSecurityBrochureMaliha Ali
 
CyberoamVirtualSecurityBrochure
CyberoamVirtualSecurityBrochureCyberoamVirtualSecurityBrochure
CyberoamVirtualSecurityBrochureBaqar Kazmi
 
CyberoamVirtualSecurityBrochure
CyberoamVirtualSecurityBrochureCyberoamVirtualSecurityBrochure
CyberoamVirtualSecurityBrochurebakar kazmi
 
Draft Juniper Experience First Networking | Slideshare
Draft Juniper Experience First Networking | SlideshareDraft Juniper Experience First Networking | Slideshare
Draft Juniper Experience First Networking | SlideshareSelena829218
 
Trend micro deep security
Trend micro deep securityTrend micro deep security
Trend micro deep securityTrend Micro
 

Similar to 1500024 en (20)

FortiGate_600E(2).pdf
FortiGate_600E(2).pdfFortiGate_600E(2).pdf
FortiGate_600E(2).pdf
 
fortigate-600f-series pdf manual routeur
fortigate-600f-series pdf manual routeurfortigate-600f-series pdf manual routeur
fortigate-600f-series pdf manual routeur
 
A Complete Guide To Firewall How To Build A Secure Networking System.pptx
A Complete Guide To Firewall How To Build A Secure Networking System.pptxA Complete Guide To Firewall How To Build A Secure Networking System.pptx
A Complete Guide To Firewall How To Build A Secure Networking System.pptx
 
NGFW Brochure 08 08
NGFW Brochure 08 08NGFW Brochure 08 08
NGFW Brochure 08 08
 
Descripcion Tecnica del Barracuda NG Firewall
Descripcion Tecnica del Barracuda NG FirewallDescripcion Tecnica del Barracuda NG Firewall
Descripcion Tecnica del Barracuda NG Firewall
 
Sonic Wall Product Line Brochure
Sonic Wall Product Line BrochureSonic Wall Product Line Brochure
Sonic Wall Product Line Brochure
 
Integration of pola alto and v mware nsx to protect virtual and cloud environ...
Integration of pola alto and v mware nsx to protect virtual and cloud environ...Integration of pola alto and v mware nsx to protect virtual and cloud environ...
Integration of pola alto and v mware nsx to protect virtual and cloud environ...
 
Sns en-sn160 w-datasheet-201702
Sns en-sn160 w-datasheet-201702Sns en-sn160 w-datasheet-201702
Sns en-sn160 w-datasheet-201702
 
Juniper
JuniperJuniper
Juniper
 
1000281 en 2
1000281 en 21000281 en 2
1000281 en 2
 
Juniper Networks SRX Branch Solutions
Juniper Networks SRX Branch SolutionsJuniper Networks SRX Branch Solutions
Juniper Networks SRX Branch Solutions
 
Fortigate fortiwifi-80f-series
Fortigate fortiwifi-80f-seriesFortigate fortiwifi-80f-series
Fortigate fortiwifi-80f-series
 
Cisco Firepower Next-Generation Firewall (NGFW).pdf
Cisco Firepower Next-Generation Firewall (NGFW).pdfCisco Firepower Next-Generation Firewall (NGFW).pdf
Cisco Firepower Next-Generation Firewall (NGFW).pdf
 
Ds e class-nsa_e8500_us
Ds e class-nsa_e8500_usDs e class-nsa_e8500_us
Ds e class-nsa_e8500_us
 
CyberoamVirtualSecurityBrochure
CyberoamVirtualSecurityBrochureCyberoamVirtualSecurityBrochure
CyberoamVirtualSecurityBrochure
 
CyberoamVirtualSecurityBrochure
CyberoamVirtualSecurityBrochureCyberoamVirtualSecurityBrochure
CyberoamVirtualSecurityBrochure
 
CyberoamVirtualSecurityBrochure
CyberoamVirtualSecurityBrochureCyberoamVirtualSecurityBrochure
CyberoamVirtualSecurityBrochure
 
CyberoamVirtualSecurityBrochure
CyberoamVirtualSecurityBrochureCyberoamVirtualSecurityBrochure
CyberoamVirtualSecurityBrochure
 
Draft Juniper Experience First Networking | Slideshare
Draft Juniper Experience First Networking | SlideshareDraft Juniper Experience First Networking | Slideshare
Draft Juniper Experience First Networking | Slideshare
 
Trend micro deep security
Trend micro deep securityTrend micro deep security
Trend micro deep security
 

Recently uploaded

Food processing presentation for bsc agriculture hons
Food processing presentation for bsc agriculture honsFood processing presentation for bsc agriculture hons
Food processing presentation for bsc agriculture honsManeerUddin
 
Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17Celine George
 
Karra SKD Conference Presentation Revised.pptx
Karra SKD Conference Presentation Revised.pptxKarra SKD Conference Presentation Revised.pptx
Karra SKD Conference Presentation Revised.pptxAshokKarra1
 
Global Lehigh Strategic Initiatives (without descriptions)
Global Lehigh Strategic Initiatives (without descriptions)Global Lehigh Strategic Initiatives (without descriptions)
Global Lehigh Strategic Initiatives (without descriptions)cama23
 
4.16.24 21st Century Movements for Black Lives.pptx
4.16.24 21st Century Movements for Black Lives.pptx4.16.24 21st Century Movements for Black Lives.pptx
4.16.24 21st Century Movements for Black Lives.pptxmary850239
 
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptxECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptxiammrhaywood
 
What is Model Inheritance in Odoo 17 ERP
What is Model Inheritance in Odoo 17 ERPWhat is Model Inheritance in Odoo 17 ERP
What is Model Inheritance in Odoo 17 ERPCeline George
 
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17Celine George
 
Active Learning Strategies (in short ALS).pdf
Active Learning Strategies (in short ALS).pdfActive Learning Strategies (in short ALS).pdf
Active Learning Strategies (in short ALS).pdfPatidar M
 
AUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptx
AUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptxAUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptx
AUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptxiammrhaywood
 
Concurrency Control in Database Management system
Concurrency Control in Database Management systemConcurrency Control in Database Management system
Concurrency Control in Database Management systemChristalin Nelson
 
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATIONTHEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATIONHumphrey A Beña
 
4.16.24 Poverty and Precarity--Desmond.pptx
4.16.24 Poverty and Precarity--Desmond.pptx4.16.24 Poverty and Precarity--Desmond.pptx
4.16.24 Poverty and Precarity--Desmond.pptxmary850239
 
How to do quick user assign in kanban in Odoo 17 ERP
How to do quick user assign in kanban in Odoo 17 ERPHow to do quick user assign in kanban in Odoo 17 ERP
How to do quick user assign in kanban in Odoo 17 ERPCeline George
 
Activity 2-unit 2-update 2024. English translation
Activity 2-unit 2-update 2024. English translationActivity 2-unit 2-update 2024. English translation
Activity 2-unit 2-update 2024. English translationRosabel UA
 
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...Postal Advocate Inc.
 
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITY
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITYISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITY
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITYKayeClaireEstoconing
 
Full Stack Web Development Course for Beginners
Full Stack Web Development Course for BeginnersFull Stack Web Development Course for Beginners
Full Stack Web Development Course for BeginnersSabitha Banu
 
Daily Lesson Plan in Mathematics Quarter 4
Daily Lesson Plan in Mathematics Quarter 4Daily Lesson Plan in Mathematics Quarter 4
Daily Lesson Plan in Mathematics Quarter 4JOYLYNSAMANIEGO
 
Field Attribute Index Feature in Odoo 17
Field Attribute Index Feature in Odoo 17Field Attribute Index Feature in Odoo 17
Field Attribute Index Feature in Odoo 17Celine George
 

Recently uploaded (20)

Food processing presentation for bsc agriculture hons
Food processing presentation for bsc agriculture honsFood processing presentation for bsc agriculture hons
Food processing presentation for bsc agriculture hons
 
Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17
 
Karra SKD Conference Presentation Revised.pptx
Karra SKD Conference Presentation Revised.pptxKarra SKD Conference Presentation Revised.pptx
Karra SKD Conference Presentation Revised.pptx
 
Global Lehigh Strategic Initiatives (without descriptions)
Global Lehigh Strategic Initiatives (without descriptions)Global Lehigh Strategic Initiatives (without descriptions)
Global Lehigh Strategic Initiatives (without descriptions)
 
4.16.24 21st Century Movements for Black Lives.pptx
4.16.24 21st Century Movements for Black Lives.pptx4.16.24 21st Century Movements for Black Lives.pptx
4.16.24 21st Century Movements for Black Lives.pptx
 
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptxECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
 
What is Model Inheritance in Odoo 17 ERP
What is Model Inheritance in Odoo 17 ERPWhat is Model Inheritance in Odoo 17 ERP
What is Model Inheritance in Odoo 17 ERP
 
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
 
Active Learning Strategies (in short ALS).pdf
Active Learning Strategies (in short ALS).pdfActive Learning Strategies (in short ALS).pdf
Active Learning Strategies (in short ALS).pdf
 
AUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptx
AUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptxAUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptx
AUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptx
 
Concurrency Control in Database Management system
Concurrency Control in Database Management systemConcurrency Control in Database Management system
Concurrency Control in Database Management system
 
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATIONTHEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
 
4.16.24 Poverty and Precarity--Desmond.pptx
4.16.24 Poverty and Precarity--Desmond.pptx4.16.24 Poverty and Precarity--Desmond.pptx
4.16.24 Poverty and Precarity--Desmond.pptx
 
How to do quick user assign in kanban in Odoo 17 ERP
How to do quick user assign in kanban in Odoo 17 ERPHow to do quick user assign in kanban in Odoo 17 ERP
How to do quick user assign in kanban in Odoo 17 ERP
 
Activity 2-unit 2-update 2024. English translation
Activity 2-unit 2-update 2024. English translationActivity 2-unit 2-update 2024. English translation
Activity 2-unit 2-update 2024. English translation
 
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
 
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITY
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITYISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITY
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITY
 
Full Stack Web Development Course for Beginners
Full Stack Web Development Course for BeginnersFull Stack Web Development Course for Beginners
Full Stack Web Development Course for Beginners
 
Daily Lesson Plan in Mathematics Quarter 4
Daily Lesson Plan in Mathematics Quarter 4Daily Lesson Plan in Mathematics Quarter 4
Daily Lesson Plan in Mathematics Quarter 4
 
Field Attribute Index Feature in Odoo 17
Field Attribute Index Feature in Odoo 17Field Attribute Index Feature in Odoo 17
Field Attribute Index Feature in Odoo 17
 

1500024 en

  • 1. PRODUCT CATEGORY BROCHURE INTEGRATED FIREWALL/ VPN PLATFORMS
  • 2. Strong Security for Access Control, User Authentication, and Attack Protection at the Network and Application Level As threats to the network grow more prevalent and destructive, securing the infrastructure is critical to maintaining a viable business. Attacks come from multiple sources in a variety of forms. Enterprises and service providers need more than just a security device; they require a comprehensive, reliable, and integrated security solution backed by an industry leader. The Juniper Networks integrated security devices are purpose-built to perform essential networking security functions. Optimized for maximum performance and feature integration, they are designed on top of robust networking and security real-time operating systems, Juniper Networks® Junos® operating system and ScreenOS®. Designed from ground up to provide the superior networking and security capabilities, these operating systems are not plagued by inefficiencies and vulnerabilities of general-purpose operating systems. With a range of purpose-built, high-performance platforms that deliver integrated security and LAN/WAN routing across high-density LAN/WAN interfaces, Juniper Networks integrated security devices address the needs of small to medium sized locations, large distributed enterprises, and service providers as well as large and co-located datacenters. These integrated devices can protect the network from all manner of attacks and malware while simultaneously facilitating secure business-to-business communications. Product Line Highlights: • Complete set of Unified Threat Management (UTM) security features—including stateful firewall, application security, intrusion prevention, antivirus, antispyware, anti- adware, and antiphishing), antispam, and Web filtering—stops worms, spyware, trojans, malware, and other emerging attacks. (Note: Not all UTM features are available on all platforms.) • Centralized, policy-based management minimizes the chance of overlooking security holes by simplifying rollout and network-wide updates. • Virtualization technologies make it easy for administrators to divide the network into secure segments for additional protection. • Various high availability (HA) options offer the best redundant capabilties for any given network. • Rapid-deployment features, including Auto Connect VPN and Dynamic VPN services, help minimize the administrative burden associated with widespread IPsec deployments. 2
  • 3. Perimeter Defense Begins with Network-Level Protection SeCUrity PLAtformS To protect against network-level attacks, Juniper Networks devices use a dynamic packet • SRX100 filtering method known as stateful inspection to unmask malicious traffic. With this • SRX210 method, firewalls collect information on various components in a packet header, including source and destination IP addresses, source and destination port numbers, and packet • SRX220 sequence numbers. When a responding packet arrives, the firewall will compare the • SRX240 information reported in its header with the state of its associated session. If they do not • SRX650 match, the firewall will execute the actions specified in the security policy, which typically • SRX1400 involves dropping the packet and logging the action. • SRX3400 Stateful inspection provides more security than other firewall technology such as packet • SRX3600 filtering because the traffic is examined under the context of the connection and not as • SRX5600 a collection of various packets. By default, the Juniper Networks firewall denies all traffic • SRX5800 in all directions. Then, by using centralized, policy-based management, enterprises can • SSG5/SSG5 Wireless create security policies that define the parameters of traffic that is permitted to pass from • SSG20/SSG20 Wireless specified sources to specified destinations. • SSG140 Secure, reliable WAN connectivity also plays an important role in network-level protection. • SSG320M/350M By deploying robust virtual private networks (VPNs), remote sites can be securely • SSG520M/550M connected to other remote sites and to centralized data and applications using high- • ISG1000 bandwidth shared media such as the Internet. Features such as Auto Connect VPN, available on select models, can help ease the administration and management of VPNs, • ISG2000 particularly in hub-and-spoke topologies, allowing secure connections to be automatically • NetScreen-5200 set up and taken down without manual configuration. • NetScreen-5400 Day-Zero Protection Against Application-Level Attacks To help block malicious application-level attacks, Juniper Networks seamlessly integrates intrusion prevention across the entire product line. For central enterprise sites, data center environments and service provider networks with high volumes of throughput, the Juniper Networks ISG Series Integrated Security Gateways with IPS, Juniper Networks SRX100, SRX210, SRX220, SRX240, SRX650, SRX1400, SRX3000 line and SRX5000 line of services gateways can be deployed for application-level protection. The ISG Series and SRX Series tightly integrates the same software found on the Juniper Networks IDP Series Intrusion Detection and Prevention Appliances to provide unmatched application-level protection against worms, trojans, spyware, and malware. More than 60 protocols are recognized including those used by advanced applications such as VoIP and streaming media. Unmatched security processing power and network segmentation features protect critical high-speed networks against the penetration and proliferation of existing and emerging application-level threats. With multiple attack detection mechanisms, including stateful signatures and protocol anomaly, the ISG Series and SRX Series Services Gateways performs in-depth analysis of application protocol, context, state and behavior to deliver Zero-day protection. Security administrators can deploy Juniper Networks AppSecure capability using deep inspection to block application-level attacks before they infect the network and inflict any damages. AppSecure utilizes advanced, high-performance detection mechanisms integrated with stateful inspection firewall, along with multiple threat inspection engines operating in parallel to accurately detect advanced persistent threats, including those found in nested applications within applications. 3
  • 4. integrated Antivirus Protects remote Locations For remote offices or smaller locations with limited IT staff, integration and simplicity are an absolute must in any security solution. Juniper Networks currently provides integrated file-based antivirus protection from Kaspersky Lab on the Juniper Networks SSG Series Secure Services Gateways and the SRX Series Services Gateways for the branch. These products combine firewall and VPN capabilities with an antivirus scanning engine that includes antiphishing, antispyware, anti-adware to provide a comprehensive security solution in a single device. These integrated appliances scan for viruses imbedded in both email and Web traffic by scrutinizing IMAP, SMTP, FTP, POP3, IM and HTTP protocols. They provide the most advanced protection from today’s fast-spreading worms, viruses, trojans, spyware, and other malware from damaging the network. With its ability to uncompress files using common protocols, the engine scans deep inside attachments to detect threats hidden in multiple levels of compression. Controlling Access to Known malware and Phishing Websites Employees who access inappropriate websites from the corporate network risk bringing malicious software into the organization. Worse, their errors in judgment could also expose the company to litigation for not having adequate controls in place. Juniper Networks integrated security devices are the ideal solution to help organizations devise and enforce responsible Web usage policies. Two approaches are available: external and integrated Web filtering. External Web filtering, available on all Juniper Networks firewall and VPN devices, redirects traffic from the device to a dedicated Websense Web filtering server for enforcement of the organization’s policies. Integrated Web filtering, available on the SRX Series for the branch and SSG Series, enables enterprises to build their own Web access policies by selectively blocking access to sites listed in a continuously updated database. Maintained by Websense, a Juniper Networks security alliance partner, the database lists more than 20+ million URLs organized into more than 54 categories of potentially problematic content. Customers can rapidly deploy integrated or external Web filtering using default configurations based on the Websense database. Web filtering profiles can be customized by using black lists or white lists, plus a number of predefined and user-defined categories. Blocking inbound Spam and Phishing Attacks Juniper Networks has teamed up with Sophos to leverage their market-leading antispam solution and reputation service for Juniper’s small-to-medium office platforms to help limit unwanted emails and the potential attacks they carry. Installed on the Juniper Networks firewall/VPN gateway, the antispam engine filters incoming email from known spam and phishing users, acting as a first line of defense. When a known malicious email arrives, it is blocked and/or flagged so that the email server can take appropriate action. Integrated antispam is available on the entire SSG Series family and the SRX Series for the branch. 4
  • 5. Virtualization Boosts Security by Dividing the Network into multiple Network Segments Virtualization technologies in the Juniper Networks integrated firewall/VPN, and secure router security solutions enable users to segment their network into many separate compartments, all controlled through a single appliance. Administrators can simply segment traffic bound for different destinations, or they can further divide the network into distinct, secure segments with their own firewalls and separate security policies. The firewall/VPN devices support the following virtualization technologies: • Security Zones: Supported on every product, security zones represent virtual sections of the network, segmented into logical areas. Security zones can be assigned to a physical interface or, on the larger devices, to a virtual system. When assigned to a virtual system, multiple zones can share a single physical interface which lowers ownership costs by effectively increasing interface densities. • Virtual Systems (VSyS): Available on the ISG Series and Juniper Networks NetScreen Series Security Systems, virtual systems are an additional level of partitioning that creates multiple independent virtual environments, each with its own set of users, firewalls, VPNs, security policies, and management interfaces. By providing administrators with the ability to quickly segment networks into multiple secure environments managed through a single device, VSYS enables network operators to build multi-customer solutions with fewer physical firewalls and reduced administrative attention. This reduces both capital and operational expenses. • Virtual routers (Vr): Supported on all products, virtual routers enable administrators to partition a single device so it functions like multiple physical routers. Each VR can support its own domains, ensuring that no routing information is exchanged with domains established on other VRs. This enables a single device to support multiple customer environments, lowering total cost of ownership. • Virtual LANs (VLAN): Supported on all platforms, VLANs are a logical – not physical – division of a subnetwork that enables administrators to identify and segment traffic at a very granular level. Security policies can specify how traffic is routed from each VLAN to a security zone, virtual system or physical interface. This makes it easy for administrators to identify and organize traffic from multiple departments and define what resources each can access. INTERNET Firewall/VPN Domain 1 Domain N Zone A Zone N Zone A Zone N VLAN 1 VLAN N VLAN 1 VLAN N VLAN 1 VLAN N VLAN 1 VLAN N Networks are segmented into hierarchies of secure compartments using virtual technology. 5
  • 6. Comprehensive High Availability Solutions ensure Uptime A security system is only as good as its reliability and uptime. Juniper Networks security solutions include reliable, high availability systems based on the NetScreen Redundancy Protocol (NSRP) and Juniper Services Redundancy Protocol (JSRP) to run on Junos operating system-based products. Firewall, VPN, and IPS flows can be synchronized between high availability pairs to provide subsecond failover to a backup device. Configuration options include: • Active/Passive: Master device shares all network, Active/Active Active/Active configuration setting, and current session information with the backup so that, in the event of a failure, the INTERNET INTERNET backup can take over in a seamless manner. Juniper Networks Network and Security Manager provides centralized, policy-based control. Active Active Failure Active SRX Series SRX Series SRX Series SRX Series • Active/Active: Both devices are configured to be active, EX Series EX Series EX Series EX Series with traffic flowing through each. Should one device fail, the other device becomes the master and continues to handle 100 percent of the traffic. The redundant physical paths provide maximum resiliency and uptime. High availability configurations maintain service despite device or link failures Device integration made easy Networks are never static. Potentially costly and time-consuming changes and additions occur all the time. When the network topology changes, or as new offices, business partners, and customers are added to the network, network interoperability becomes especially important. To simplify network integration and help minimize administrative effort when changes are required, Juniper Networks integrated security solutions can operate in three different modes: • transparent mode affords the simplest way to add security to the network. In transparent mode, organizations can deploy a Juniper Networks firewall/VPN appliance without making any other changes to the network: firewall, VPN, IPS, and denial-of-service (DoS) mitigation functions work without an IP address, making the device “invisible” to the user. • route mode enables the security device to actively participate in network routing by supporting both static and dynamic routing protocols, including BGP, OSPF, RIPv1, RIPv2, and ECMP. Route mode enables administrators to quickly deploy multilayer security solutions with a minimum of manual configuration. • NAt mode automatically translates an IP address or a group of IP addresses to a single address to hide an organization’s private addresses from public view. Juniper Networks integrated security devices support both static and dynamic address assignment through DHCP or PPPoE, enabling Juniper Networks solutions to operate in any network environment. Unbound Scalability As network requirements continue to evolve, the processing and I/O requirements for various network devices will also evolve. To meet the demands of ever changing scalability requirements, the SRX1400, SRX3000 line and SRX5000 line of services gateways leverage the Juniper Networks Dynamic Services Architecture. 6
  • 7. Dynamic Services Architecture enables the most flexible I/O and processing configuration JUNiPer NetWorKS by supporting service processing cards and I/O cards on the same slot, allowing the high- SerViCe AND SUPPort end SRX Series Services Gateways to be configured as a processing-intensive solution or an I/O-intensive solution and anywhere in between. The SRX3000 line and SRX5000 line Juniper Networks is the leader in is able to scale performance almost linearly by adding additional network and services performance-enabling services processing cards with very little overhead. This extensive I/O and processing scalability and support, which are designed to brought about by Juniper’s Dynamic Services Architecture is only available on the data accelerate, extend, and optimize your center class of SRX Series Services Gateways. high-performance network. Our services allow you to bring revenue-generating capabilities online faster so you can managing the Network and Security realize bigger productivity gains and Unlike solutions that require administrators to use multiple management tools to control faster rollouts of new business models a single device, Network and Security Manager (NSM) enables IT departments to control and ventures. At the same time, the device throughout its life cycle with a single, centralized dashboard. NSM is designed Juniper Networks ensures operational specifically to foster teamwork among device technicians, network administrators, and excellence by optimizing your network to security personnel. maintain required levels of performance, reliability, and availability. For more Network and Security Manager takes a new approach to security management by providing details, please visit www.juniper.net/us/ IT departments with an easy-to-use solution that controls all aspects of the firewall/VPN en/products-services/. security device, including device configuration, network settings, and security policy. Juniper Networks STRM Series Security Threat Response Managers provides Security Information and Event Management (SIEM) capabilities with advanced multivendor monitoring and event correlation and sophisticated comprehensive log management. Juniper Networks Advanced Insight Solution(AIS) and Juniper Networks Advanced Insight Manager (AIM) provide in-service diagnostic functionality with flexible automated monitoring and reporting. Third-party network management partners supporting the Juniper products provide additional management solutions for network, fault, performance, and change control. By selecting the appropriate management tool, network administrators can deploy, manage and troubleshoot large network deployments. for Low-Cost rapid Deployment, Drop Ship Devices— Not Administrators To avoid the high cost of sending administrators to configure systems at remote sites, Juniper Networks integrated security devices can be installed by nontechnical users. With the Network and Security Manager Rapid Deployment functionality, network administrators do not need to preconfigure the devices or handle them in any way. At the remote site, the new device simply needs to be cabled up and loaded with a small configuration file, which a central administrator has either emailed or sent on CD to the remote location. The initial configuration file establishes a secure connection to Network and Security Manager which then pushes the complete configuration files to the new device. About Juniper Networks Juniper Networks, Inc. is the leader in high-performance networking. Juniper offers a high- performance network infrastructure that creates a responsive and trusted environment for accelerating the deployment of services and applications over a single network. This fuels high-performance businesses. Additional information can be found at www.juniper.net. 7
  • 8. Corporate and Sales Headquarters Juniper Networks, Inc. 1194 North Mathilda Avenue Sunnyvale, CA 94089 USA Phone: 888.JUNIPER (888.586.4737) or 408.745.2000 Fax: 408.745.2100 www.juniper.net APAC Headquarters Juniper Networks (Hong Kong) 26/F, Cityplaza One 1111 King’s Road Taikoo Shing, Hong Kong Phone: 852.2332.3636 Fax: 852.2574.7803 emeA Headquarters Juniper Networks Ireland Airside Business Park Swords, County Dublin, Ireland Phone: 35.31.8903.600 EMEA Sales: 00800.4586.4737 Fax: 35.31.8903.601 Copyright 2010 Juniper Networks, Inc. All rights reserved. Juniper Networks, the Juniper Networks logo, Junos, NetScreen, and ScreenOS are registered trademarks of Juniper Networks, Inc. in the United States and other countries. All other trademarks, service marks, registered marks, or registered service marks are the property of their respective owners. Juniper Networks assumes no responsibility for any inaccuracies in this document. Juniper Networks reserves the right to change, modify, transfer, or otherwise revise this publication without notice. Printed on recycled paper 1500024-010-EN Nov 2010