Juniper Networks is leading the revolution in networking, making it one of the most exciting technology companies in Silicon Valley today. Since being founded by Pradeep Sindhu, Dennis Ferguson, and Bjorn Liencres nearly 20 years ago, Juniper’s sole mission has been to create innovative products and solutions that meet the growing demands of the connected world. Juniper Networks [NYSE: JNPR] is headquartered in Sunnyvale, California, with over 9,000 employees in 70 countries and nearly $5 billion in revenue. Our customers include the top 100 global service providers and 30,000 enterprises, including the Global Fortune 100 as well as hundreds of federal, state and local government agencies and higher educational organizations. At Juniper Networks, we believe the network is the single greatest vehicle for knowledge, understanding, and human advancement that the world has ever known. Now more than ever, the world needs network innovation to connect ideas and unleash our full potential. Juniper is taking a new approach to the network — one that is intelligent, agile, secure and open to any vendor and any network environment. To learn more about Juniper, products, and our vision for the decade ahead, visit our site at www.juniper.net.
Next-Generation Firewalls – SRX
Modernize your perimeter to run as part of the network-wide security ecosystem.
To make this new approach effective, your next-generation firewalls need to assume an expanded role. Traditionally their role has been to work alongside other devices to secure the network perimeter. But as malware has become more complex, that role is no longer enough. Today, a next-generation firewall must perform as part of a comprehensive detection and enforcement system, leveraging the entire network for threat intelligence and detection.
Juniper delivers on these advanced requirements with the SRX Series Services Gateways. These next-generation firewalls modernize your perimeter, making it more adaptable as new threats emerge. They use information from our Sky Advanced Threat Protection cloud-based service and third-party GeoIP feeds to block malicious activities as they enter or traverse the network.
The SRX Series delivers firewall performance up to 2 Tbps and six-nines of reliability to ensure that your network stays secure, fast, and operational. They provide application visibility and control, IPS and user-based application policies, plus unified threat management (UTM) to protect and control your business assets. They can perform deep packet inspection and apply role-based access policies, giving you granular control.
Available in both physical and virtual form factors, SRX Series firewalls work with our integrated threat defense and intelligence portfolio to provide essential security services that guard against botnets, command and control servers, advanced persistent threats (APT), and zero-day threats.
SRX Series firewalls allow you to simplify your perimeter with a single-box solution. Ranging from all-in-one security and networking appliances to highly scalable, high-performance, chassis-based solutions, the SRX Series can be centrally managed using Junos® Space Security Director. You can easily add security services such as AppSecure, IPS, UTM, and Spotlight Secure Threat Intelligence feeds to existing SRX Series platforms for a cost-effective perimeter security solution.
Integrated Security Gateway – ISG
The Juniper Networks ISG 1000 and ISG 2000 are fully integrated firewall/VPN systems that provide:
• Multi-gigabit performance
• Modular architecture
• Rich virtualization capabilities
They provide an ideal solution for large enterprise, data center, and service provider networks. The ISG Series firewall/VPN based system delivers security features such as Intrusion Prevention System (IPS), anti-spam, Web filtering, and Internet Content Adaptation Protocol (ICAP) antivirus redirection support. The advanced system is further expandable with optionally integrated IDP or as a General Packet Radio Service (GPRS) firewall/VPN for mobile network service provider environments.
The ISG Series firewall/VPN modular architecture enables deployment with a wide variety of copper and fiber interface options. Highly flexible segmentation and isolation of traffic belonging to different trust levels can be achieved using advanced features such as virtual systems, virtual LANs, and security zones. The ISG Series firewall/VPN allows multiple, separate firewall inspection or routing policies to simplify network design. This enables the enforcement of security policies to traffic streams – even in highly complex environments – without significant impact on the network itself.
The flexibility and efficiency offered by the ISG Series architecture provides stateof-the-art performance and best-in-class functionality in three different deployment configurations: firewall/VPN, firewall/VPN/IDP, and IDP only – all in a single solution. The ISG 1000 supports up to two security modules, while the ISG 2000 can support up to three security modules. The security modules maintain their own dedicated processing and memory and incorporate technology designed to accelerate IDP packet processing. This reduces the number of separate security devices and management applications, and simplifies deployment effort and network complexity. The result? Higher cost savings.
The ISG Series firewall/VPN with IDP utilizes the same award-winning software found on Juniper Networks IDP platforms, which are now fully integrated into Juniper Networks ScreenOS. ScreenOS is a purpose-built, hardened operating system that can be deployed in either inline or TAP mode to protect both perimeter deployments as well as internal networks. The IDP security module supports multi-method detection, combining eight different detection mechanisms – including stateful signatures and protocol anomaly detection. This helps businesses defend against security threats such as worms, trojans, malware, spyware, and hackers.
The ISG 1000 and ISG 2000 can be deployed in a number of different configurations to protect both the perimeter and internal network resources. When deployed in a mobile operator network, the ISG 1000 and ISG 2000 GPRS solutions are GPRS Tunneling Protocol (GTP) aware and fully support GTP functionality in virtual systems. The ISG Series firewall/VPN can be deployed at the Gp interface connection between two Public Land Mobile Networks (PLMN), the Gn interface connection between the SGSN and the GGSN support nodes, and the Gi interface-connection between the GGSN and the Internet.
In addition to countering sophisticated availably threats, Denial of Service (DoS) attacks, and malicious users, the ISG Series GPRS firewall/VPN can limit messages, throttle bandwidth-hungry applications that consume uplink/downlink traffic, and perform 3GPP R6 IE removal to help retain interoperability in roaming between 2G and 3G networks.
Secure Series Gateway -SSG
Juniper SSG (Secure Series Gateway) firewalls represent the 2nd generation of Netscreen products. This article provides information about each model, a comparison with their predecessors, and ideal use for each.
ScreenOS is the software used on the SSG line which was also used to power the Netscreen line. ScreenOS version 6 was designed to run specifically on the SSG line. However, Juniper has recently released version 6 for the Netscreen 5GT. The 5GT was the only model of the older series to get a version 6 release. Larger models such as the Netscreen 25, Netscreen 50, and Netscreen 208 did not
Screen OS can be managed in three ways:
- CLI (command line) via SSH, telnet, or console
- Web Interface
- NSM (Netscreen Security Manager, now known as Network Security Manager)
The CLI is the generally accepted method among most system/network administrators. However, the web interface is surprisingly full allowing admins to do 90-95% of tasks through an easy to use web GUI. NSM is an add-on product from Juniper which needs to be licensed. By default it allows management of up to 25 devices. However, NSM requires a dedicated machine to run. It will do neat things like upgrade firmware on multiple devices, move policies between different devices, and collect log information. There are a total of 7 models in the SSG series. Two of them offer a wireless option. The following information provides an overview each model.