SRX Series Services Gateways For The Branch: Jorge Enrique Niño C Systems Engineer CANSAC Enterprise

SRX Series Services Gateways for
the branch
Jorge Enrique Nio C
Systems Engineer
CANSAC Enterprise
JUNIPER SECURITY LEADERSHIP A $1B business
Market
Leadership
Security
Innovation
Proven Reach
& Scale
Data Center with HighEnd Firewall #1 at 39%

Secure Mobility with
SSL VPN #1 at 28%
Intelligent Networking
with Secure Routing
#2 at 21%
Across device, network

and application
One Junos for Routing,
Switching and Security
Security and Mobile
Threat Research Teams
Protecting 80%+ of
smartphones in
North America
24 of the Fortune 25
for secure connectivity
GTM Scale with IBM,
Dell, Ericsson & NSN
Juniper and Partner Confidential
Copyright 2012 Juniper Networks, Inc.
www.juniper.net
Agenda
Industry trends & customer challenges
Junipers solution
Branch SRX portfolio and features
3rd Party Validation

3
www.juniper.net
SECURITY MARKET TREND EVOLVING THREATS

Notoriety
Profitability
.gov /.com
.me / .you
Attacker
Sophisticatio
n (Maturity)
Threats
Type of Attack
APT
New Devices
Internet Information
Services
Target
New Applications
ER
P
www.juniper.net
Addressing the Evolving Threat Landscape

Customer Priorities
Visibility into Web 2.0 Threats
Control of Application Usage

Rapid Response to New
Threats
Scalable Policy Enforcement &
Management
Juniper Security Solutions
AppSecure Software
5
Security Research Teams
SRX Series Gateways

www.juniper.net
IT INITIaTIVES TO IMPROVE Networking/Security

PERFORMANCE AND ECONOMICS
Consolidation
LICENSED
UTM
IPS
Antispam
Network migration to multi-service platform

Secure W/Router instead of multiple
appliances
Secure Router:
Web filtering Antivirus
Content Filtering
FREE
UAC
Routing
Ethernet
Switching
NETWORK
IPSec VPN
Firewall
Router + Firewall + VPN + Switching + WLAN

Unified Threat Management
Application Security
SECURITY
Convergence
Power Over
Ethernet
VoIP
WLAN AP
Security
Camera
VoIP Gateway and VoIP handsets

Power over Ethernet
Wireless Access Points
Connectivity
3G/4G
Internet
MPLS
Metro
Internet
Metro Ethernet
MPLS / VPNs
Wireless WAN 3G/4G, LTE
www.juniper.net
Customer Challenges and Drivers

Growing
number &
sophistication
of attacks
Need a trustworthy,
flexible and efficient
way to counter the
growing risks
Limited IT staff
resources
Need networking and

security that is easy
to use and manage

Partner and Company Confidential
Limited IT
budgets
Need to do more
with less
www.juniper.net
Agenda
Junipers solution

8
www.juniper.net
The SIMPLY Connected solution
An integrated portfolio of resilient wired,

wireless and security products that
simply enable mobility at scale.
Consistent Security
9
Performance at Scale
Highly Resilient
www.juniper.net
Branch srx benefits

All-in-One
Unified
Management
Best Price/
Performance
UTM
UTM
Next Gen Firewall

Next Gen Firewall
VPN
VPN
IPS, AppSecure
IPS, AppSecure
Anti-Virus
Anti-Virus
Anti-Spam
Anti-Spam
Web filtering
Web filtering
Routing / WAN
Routing / WAN
WLAN, LAN, Switching
Easy to activate new

security layer in UTM
when needed to address
new concerns
10
Easy to manage all

aspects with Junos, a
single OS platform

Lower TCO and high

performance allows IT
to do more with less
www.juniper.net
BRANCH SRX DELIVERS

CONSOLIDATED SECURITY AND NETWORKING
UTM
UTM
All-in-One
11
Next Generation Firewall

Next Generation Firewall
VPN
VPN
IPS
IPS
AppSecure
AppSecure
Anti-Virus
Anti-Virus
Anti-Spam
Anti-Spam
Enhanced Web filtering
Routing / WAN
Routing / WAN
Single device for routing, switching,

and security
Comprehensive security
Easy to activate new layers of security
www.juniper.net
BRANCH SRX OFFERS

REDUCED IT MANAGEMENT BURDEN
Unified
Management
Single OS platform for routing, switching,

and security
Reduces time and effort to plan,
deploy, and manage
Provides stable delivery of new
functionality in a steady, timely manner
12
www.juniper.net
BRANCH SRX ENSURES

MAXIMUM CUSTOMER VALUE
Best
Price/Performance
Top Performer
Lowest cost to deploy
(Opex, Capex savings)
Reduces TCO and
cost burden
Faster processing
performance with
multiple dedicated
cores
13
www.juniper.net
Agenda
Junipers solution

14
www.juniper.net
Branch SRX: Serving Multiple Customer Needs

Multi-services Gateway
Secure Router
Routing and WAN

Interfaces
Firewall, VPN, NAT
In-line IPS
High availability
Transparent mode
NGFW
Next generation firewall

(AppSecure)
In-line IPS
Application visibility,
tracking and enforcement
User-role based policies
UTM
Ease of use
Best-of-breed Anti-Virus,
Anti-Spam, Web filtering
New AV offering - Sophos
In-line IPS
AppSecure
Branch SRX
15
www.juniper.net
Branch SRX Series customer wins

Milestones
200,000+ platforms shipped
The fastest ramping product in

Juniper history
Hardware quality and reliability
exceeds expectations
Platforms exceeding Telecordia reliability

standards by up to 3X
Large customer deployments
16
Payless Shoes
5,000 x SRX240
7-11 USA
8,000 x SRX210
Cosmopolitan Hotel
3,000 x SRX210
Brinkers
1,500 x SRX210
Clearwire
200 x SRX650
www.juniper.net
BRANCH SRX SERIES GATEWAYS
Delivering No-Compromise Services with Scale & Performance

Hardware Platforms Scale from 1G to 10G
Junos Software across Security, Routing and Switching
12.1
12.1
+ More LAN slots,

2mPIM+6GPIM
Dual P/S, + Hot Swap I/O
4 GB DRAM
WAN slots, 10 x GigE,
PoE, Dual PS
SRX650
2 GB DRAM
Q1 2012
+ 4 WAN slots,
16 x GigE, PoE
1 GB DRAM
+ 2 WAN slots,
8 x GigE, PoE
1 GB DRAM
Fixed Config
8 x FE1
GB DRAM
Fixed Config
VDSL2 WAN
8 x FE1
GB DRAM
SRX550
10G
SRX240
SRX220
WAN slot,
2 x GigE, PoE,
1 GB DRAM
SRX210
SRX110
SRX100
1G
Small Office
17
Small to
Medium Office
Large Branch/
Regional Office
www.juniper.net
BRANCH SRX FEATURES - HIGHLIGHTS

Security
Firewall
VPN
IPS
AppSecure
Antivirus
Antispam
Routing & Switching

RIP, OSPF, BGP,
Multicast, IPv6
MPLS; Full BGP table
J Flow, RPM
L2 Switching
POE Options
18

Wireless LAN and

3G/4G WAN
802.11n
3G/4G WiMax & LTE
Physical Interfaces
T1/E1, Serial, DS3/E3

VDSL, ADSL, G.SHDSL
DOCSIS Cable Modem
Ethernet 10/100/1000
& 10G, Copper or Fiber
www.juniper.net
Branch srx services gateways

NEW
3/12
Highly configurable
Highly configurable
Fixed, semi-modular, and modular

form
factors
Fixed
& modular form factors
Choice of WAN, wireless, and
LAN
WAN,
WLAN, and LAN interfaces
interfaces
Extensive integration
Extensive integration
Routing and switching capabilities
Full suite of JUNOS routing and switching
capabilities
Unmatched core and UTM security
Unmatched security, including FW, VPN, UTM,
AppSecure, UAC, and full IPS
Exceptional performance
Magnitude greater performance

performance
and availability
Exceptional
HW Content
Security Acceleration
Hardware-assisted Content Security
Control & data plane separation,
Acceleration for ExpressAV and IPS
redundant
processing and power
Control
& data plane separation, redundant
processing and power
19

www.juniper.net
Branch Srx Physical interfaces WAN, LAN, WLAN and 3G/4G

MPIMs
Wireless LAN
GPIMs/XPIMs
T1/E1
AX411 dual-radio AP
16XGE
Serial
WLA
16XGE POE
1XGE SFP
WLC2
24XGE
ADSL
24XGE POE
G.SHDSL
Wireless WAN
VDSL2
EVDO/HSPA/WI
Docsis3.0
MAX/LTE
4XT1E1
2XT1E1
2x10GE
SFP+/Copper
1xDS3
Supported on
SRX210/220/240/550
20
Supported on
SRX550/650
Supported across all

Branch SRX platforms
www.juniper.net
BRANCH SRX SERIES GATEWAYS
Delivering No-Compromise Services with Scale & Performance

Hardware Platforms Scale from 1G to 10G
Junos Software across Security, Routing and Switching
NEW
NEW
+ More LAN slots,

2mPIM+6GPIM
Dual P/S, + Hot Swap I/O
4 GB DRAM
WAN slots, 10 x GigE,
PoE, Dual PS
SRX650
2 GB DRAM
Q1 2012
+ 4 WAN slots,
16 x GigE, PoE
1 GB DRAM
+ 2 WAN slots,
8 x GigE, PoE
1 GB DRAM
NEW
NEW
Fixed Config
8 x FE1
GB DRAM
Fixed Config
VDSL2 WAN
8 x FE1
GB DRAM
SRX550
10G
SRX240
SRX220
WAN slot,
2 x GigE, PoE,
1 GB DRAM
SRX210
SRX110
SRX100
1G
Small Office
21
Small to
Medium Office
Large Branch/
Regional Office
www.juniper.net
FRS 12.1
Announcing SRX550 Services Gateway

No-Compromise Services with scale and performance
for the medium to large branch
Advanced Security
Comprehensive Routing
Firewall and VPN
UTM: IPS, antivirus, enhanced web-filtering,

anti-spam
Application visibility, tracking & enforcement
High Density Switching
Wide range of WAN options: 3G/LTE,

T1/E1/DS3/E3, xDSL, Nx1GE, 10 GE
L2/L3 VPN, MPLS, VPLS, IPv6, v4
Business Continuity, Resiliency
HA cluster (A/A or A/P)
10 x GE on board (6 Copper, 4 SFP)
WAN backup and redundancy
Modular switching with POE
Control plane, data plane separation
GPIM Online-Insertion-Removal*
Optional redundant power supplies (AC and

DC)
22
www.juniper.net
SRX100
Ideal for small sites and managed
telecommuters
Full security features
Firewall and VPN
UTM: IPS, AppSecure, antivirus,
web-filtering, and anti-spam

UTM requires high memory version
23
www.juniper.net
SRX110 IDEAL SOLUTION FOR SMALL BRANCH

Designed for flexibility, investment protection, and lowest total cost of ownership (TCO).
Primary
Primary
WAN
WAN
VDSL
VDSL
Additional
Additional
USB
port
USB port
Front
Backup 3G
Backup
WAN 3G
WAN
Back
24
www.juniper.net
11.4
SRX210E
Ideal for small branches
Firewall and VPN
UTM: IPS, AppSecure, antivirus,
web-filtering, and anti-spam

UTM requires high memory
version
25

www.juniper.net
SRX220
Ideal for small and medium
branches
Firewall and VPN
UTM: IPS, AppSecure,
antivirus, web-filtering, and

anti-spam
26
www.juniper.net
SRX240
Ideal for small and medium
branches
Firewall and VPN
UTM: IPS, AppSecure,
antivirus, web-filtering, and

anti-spam
UTM requires high memory
version
27
www.juniper.net
SRX240 now available with 2g memory!

New SKUs for SRX240 provide
additional memory
SRX240B2 1GB DRAM, 2GB
Flash
SRX240H2 2GB DRAM, 2GB
Flash
No changes in price, hardware

architecture or security services
Improved scalability for services,
future proofed for growth
28
www.juniper.net
NOW
SHIPPING!
NEW!
SRX550 Services Gateway specifications

Ideal for enterprise medium to large
branch
Ideal office-in-a-box solution for managed
services or commercial business
SRX550 offers:
Comprehensive Routing and Security
Services
High density on-board and modular
switch ports, Copper and SFP
Application Awareness and Control
Business Continuity and Resiliency
29

www.juniper.net
SRX650
Ideal for regional sites and large
branches
Firewall and VPN
UTM: IPS, AppSecure, antivirus, web-
filtering, and anti-spam
Modular
LAN switching
Services Routing Processors with
optional redundancy
Power supplies with optional
redundancy (at FRS)
30

www.juniper.net
Branch sRX Series Specification Summary
31

www.juniper.net
Flexible Physical interfacesWAN, LAN, WLAN and 3G/4G

MPIMs
Wireless LAN
GPIMs
T1/E1
AX411 dual-radio AP
16XGE
Serial
WLA
16XGE POE
1XGE SFP
WLC2
24XGE
ADSL
24XGE POE
Wireless WAN
G.SHDSL
VDSL2
Docsis3.0
EVDO/HSPA/WI
MAX
2x10GE
SFP+/Copper
4XT1E1
2XT1E1
1xDS3/E3
32
www.juniper.net
FRS
MAY 2012
8xserial gpim
Max Synchronous speeds of
up to 8 Mbps
Interface types supported:
V.35, X.21, EIA/TIA-449, E
IA/TIA-232, EIA/TIA-530 and
EIA/TIA-530A
Uses 8 port Smart Connector

Loopback & Diagnostic
support w/ Alarms
Line Encoding: NRZ, NRZI
DTE & DCE Modes
33
8 port Smart Connector
www.juniper.net
FRS DEC
2012
Eight Port GE sfp Xpim

Supported on SRX550, 650
Supports standard fiber and
copper SFPs LX, SX, BX, T,
etc.
Tri-rate operation (10/100/1000
Mbps) with Copper SFPs
Line rate L2 switching between
ports
Software Features:
Jumbo Frame support - 9192

bytes
QinQ
VLAN 802.1Q Filtering and Forwarding

Link Aggregation 802.3ad/LACP on the
ports of the same GPIM
Wide range of SFPs
LLDP, LLDP-MED
Part#: SRX-GP-8SFP
STP, RSTP and MSTP

802.1x
34
www.juniper.net
FRS
DEC 2012
New features for ease of operations

Challenges
Deploying a branch with no IT staff on-site

Adding/Removing branches requires changes at
Hub
Branch
SRX
Solutions
35

www.juniper.net
Auto vpn: Zero Touch Hub deployment

Use Case
Most common deployment
today is hub and spoke VPNs,
where spokes are branches
and hub is HQ
Spoke 2
Spoke 3
Spoke 1
2
Problem
Each time a new spoke is
added/deleted, Hub
configuration needs to be
updated. This is cumbersome
and may impact existing
tunnels.
Solution
2
36
No hub configuration
needed when new
spokes are
added/deleted. Zero
impact on existing
Juniper and Partner
Confidential Copyright 2012 Juniper Networks, Inc.
tunnels.
HUB
Certificate Authority
www.juniper.net
FRS
DEC 2012
New startup wizard

New Startup Wizard that
simplifies user configuration
and reduces time to setup device
Guided setup (step by step)
Basic & Expert Modes
Security topology (zones), security
policy and license configuration

NAT
Remote/Dynamic VPN
Confirm and Apply
(Commit, Import, Export)
Planned availability on all

Branch SRX platforms in
December 2012
37

www.juniper.net
JUNIPERS WIRELESS LAN SOLUTION AX411

No compromise
Leading performance
with high speed

802.11n wireless
Online in record time
Applications
Applications
Voice
Video
Data
Smart phones
Bar code readers
Laptops
Unattended remote
configuration and
troubleshooting
Radical simplicity
One JUNOS for wired
and wireless policy
and quality
Fewer boxes,
more function
38

www.juniper.net
Juniper wireless - Complete WLAN Solution

WLA/WLC products suite
WLM Management and Access Tools
RingMaster
SmartPass
WLM - Appliance
Simple - Secure - Mobile

WLA Access Points
39
WLC Controllers
www.juniper.net
JUNIPERS WIRELESS WAN SOLUTION

Best signal
Bridge
Get the 3G antenna out
of the wiring closet to

optimize reception*
More choices
Choose 3G/LTE USB modem
or standalone 3G bridge
Choose from 70+ modems from
every major manufacturer*
Tightly coupled system speeds
wired to wireless failover

Redundant radio hardware and
provider diversity*
Direct Plug-in USB

Modem support
Higher reliability
Carriers 3G/4G LTE Network
* Requires bridge solution

40

www.juniper.net
Integrated Switching
SRX100/110
SRX210
SRX240
SRX220
Hardware Ethernet PIMs
Hardware (Ethernet Ports)
SRX Mini-PIM (SRX210/SRX240)

1 Port SFP
16 port GigE XPIM for SRX650
Double-high
Full-duplex 20 Gbps backplane
16 port GE and optional PoE
24 port GigE including 4 SFP slots
XPIM for SRX650
Double-high - double-wide
Optional POE - 24 port GE with PoE
incl 4 SFP slots
Full-duplex 20 Gbps backplane
2 port 10GigE SFP+ &XPIM for
SRX 650
2 port 10GigE SFP+ & Copper XPIM
Optics
SRX GE SFP LH
SRX GE SFP LX
SRX GE SFP SX
SRX GE SFP 1000 Base-T
SRX550
SRX650
Software Features
SRX100/110
8 ports:10/100 (Switched or Routed)
SRX210
2 ports:10/100/1000 + 6 ports: 10/100
(Switched or Routed)
PoE - 802.3af optional (2FE + 2GE)
SRX220
8 ports:10/100/1000 (Switched or Routed)
PoE - 802.3af, 802.3at all optional ports
SRX240
16 ports:10/100/1000 (Switched or Routed)
PoE - 802.3af, 802.3at all optional ports
SRX550
-- 52 ports: 10/100/1000, 10 on-board ports ,
SFP (Routed)
-- PoE 802.3af, 802.3at at all optional ports
SRX650
52 ports: 10/100/1000, SFP (Routed)
PoE - 802.3af, 802.3at at all optional ports
802.1Q VLAN support

802.1x Port based Authentication
LLDP/LLDP-MED support
802.3ad (AX) link aggregation*
STP, Spanning Tree Protocol
Jumbo Frame Support
(9,216 Byte)*
For Junipers EX series switches, please visit:

http://www.juniper.net/us/en/products-services/switching
41
* Not supported on SRX100

www.juniper.net
Branch srx delivers advanced security

External
Threats
INTERNET
Internal
Threats
IPS
IDP detects/stops Worms, Trojans,

DoS (L4 & L7), Scans
AppSecure
Application level visibility and classification

Application level policies tied to user roles
Enhanced Web Filtering
Block access to unapproved sites

Real time threat score for each URL
Antivirus
Stops viruses, file-based trojans or spread of

spyware, adware, keyloggers
Antispam
Stops Spam/Phishing
Content Filtering
SRX Series blocks transmission of files for

Data Loss Prevention
Core Security
Firewall, VPN, Unified Access Control
42
www.juniper.net
IPS: Multi-Method Detection & Prevention

Reconnaissance
Attacks
Proliferation
Traffic Anomaly
Detection Screens
l
Ma
ou
i ci
s
tie
i
v
cti
A
s
Recon
Recon Ma
Proliferation
Proliferation
lic
iou
s
Ac
ti
vit
ie
u
io
Attack
Attack
Must-haves:
Fast response time for new threats
Dedicated security research team
43
lic
a
M
c
sA
s
tie
i
v
ti
Protocol
Anomaly Detection
Stateful Signatures
Synflood Protector
www.juniper.net
Backdoor
Detection
IP Spoof Detection
Layer-2 Attack
Detection
Application visibility and control is easy with appsecure

Now on
Now on
Branch
Branch
SRX
SRX
Application
Enforcement
by User
Application
View
Threat
Mitigation
IPS
Application Awareness and Classification Engine

What application?
What user?
User location?
User device?
Application logs sent to

HQ(STRM) for reporting
44
www.juniper.net
APPTRACK VISIBILITY FOR

INFORMED RISK ANALYSIS
AppTrack
AppTrac
k
Monitor & Track Applications
View application by protocol, Web
application, and utilization
Analyze usage and trends
Web 2.0 application visibility
Customize application monitoring

App usage monitoring
Scalable, flexible logging &
reporting
45
Log and report across security

solutions and systems
www.juniper.net
APPFW: BEYOND JUST FW OR APP CONTROL

AppFW
AppFW
Control & Enforce Web 2.0 Apps

Inspect ports and protocols
Uncover tunneled apps
HTTP
Stop multiple threat types
Dynamic application security
Control nested apps, chat, file

sharing and other Web 2.0 activities
Web 2.0 policy enforcement
Threat detection & prevention
46
www.juniper.net
IPS FOR CUSTOMIZABLE PROTECTION
Monitor & Mitigate Custom Attacks
IPS
AppSecure IPS
VULNERABILITY
Exploits
Other
IPSs
On-going threat protection
Mobile traffic monitoring
Custom attack mitigation
47
IPS
Detect and monitor suspicious

behavior
Tune open signatures to detect and
mitigate tailored attacks
Uncover attacks exploiting encrypted

methods
Address vulnerabilities instead of

ever-changing exploits of the
vulnerability
www.juniper.net
NEW
ENHANCED Web Filtering
Internet
Productivity
In the Cloud
Categorization Server
Performance
Security
Continuous updates
Large number of URLs
Category granularity
Real time threat score
SRX
Internal network
48

www.juniper.net
Customer Choice for Antivirus
Cloud-based option:
Sophos
On-box option:
Kaspersky
Juniper is the only vendor offering customers a choice

between two market proven antivirus solutions.
49

www.juniper.net
new av service: Sophos Live Protection

Anti-Malware for Juniper SRX
Cloud-based intelligence
delivers high performance

malware protection
Effective, instant protection
SRX
against malware and

infected web sites
Target customers that want
the performance and ease

of a cloud-based antivirus
solution
50

www.juniper.net
User-Role Firewall for Active Directory

Windows ADs
Windows ADs
11
33
SRX Series
44
Finance
22 55
Video
Internet
51
Doman user logins into domain

from domain member device
22
Unauthenticated Client tries to

access resource through SRX,
and dropped
33
SRX redirects client to IC for

authentication process using
Kerberos
44
Upon successful authentication

and identification of user, IC gets
AD group membership using
LDAP and maps to Roles and
sends info to SRX
55
Client device passes traffic

through SRX per corresponding
policy enforcement controls based
on User/Role
IC Series
Data
Client
11
Apps
Corporate Data Center
www.juniper.net
Now for
AppSecure
User role firewall BENEFITS
Allows different users to have different application

policies based on their role and group
P2P apps blocked
Marketing
Youtube allowed
Anti-virus applied
WF profile A
Branch SRX
Sales
P2P, Youtube
blocked
Anti-virus applied
WF profile B
No apps blocked
CEO
Anti-virus applied
WF profile C
52
www.juniper.net
Comprehensive User policy enforcement
Standard
Server
Hardware
Flexibility
Rich OS Support
Agent-based deployment
can provide advanced
functionalities
Agentless access can be
used for unintrusive,
transparent user
experience
Local web portal can be
used for guest access or
as a fallback mechanism
Windows XP, Windows

Vista and Windows 7
MacOS support
Linux/Solaris support
Thin clients can be
supported using the local
web portal
53

Advanced Services
Host checker
Coordinated Threat
Control
SSL tunneling
www.juniper.net
REMOTE ACCESS VPN

Dynamic VPN Service Access
Manager Client
Clientless dynamic IPSEC client
automatically downloaded
Simultaneous tunnel enforcement
Automatic client upgrade
capabilities
Self-provisioning
IPSec with TCP-based fallback
for NAT traversal
Windows platform supportXP,
Vista, Win 2000, and Windows 7
Wireless
Wired
3G/4G
Wireless
INTERNET
SRX210
54

www.juniper.net
The power of one junos

T Series
EX Series
SRX
Series
MX Series
QFX Series
M Series
J Series
SECURITY
ROUTERS
One Release Train
One OS
Reduces time/effort
to operate network
infrastructure
Delivers new
functionality stably
Reduces OPEX
Simplifies management
55
SWITCHES
One Architecture
Ensures available &
scalable software for

growing needs
Reduces TCO
www.juniper.net
JUNIPER NETWORK & SECURITY MANAGER (NSM)

NMS
Visibility
Network & Security

Manager
Security Threat
Response Manager
Single, Centralized
Management Console
Granular RBAC
Log Correlation shows single

network view
Device
Mgmt
Routing
56
Security
Switching
www.juniper.net
SPACE - Simple, SMART, OPEN Platform

Network Application
Platform
Open Network Application

Platform
OSS BSS Green/Energy End-user

Forensics Adapters (MTOSI, OneAPI)
others
Open, extensible, standardsbased (SOA)
Infrastructure
Widgets
Sche
dul
er
Data
bas
e
Tasks
UI
Widg
ets
Even
ts
Network Widgets
Polic
y
Easy integration with OSS via

NBI/SDK
APPLICATIONS
RESTful Web Service API
Carrier-grade scale
Transparent communication with
all Junos devices (any device, any
OS version) total management
of Juniper infrastructure
3rd Party Applications
Traf
c
Purpose-built for network

orchestration and automation
Juniper
Applications
Inven
to
ry
Conf
gs
Abstractions for generic service

definitions
JUNOS SPACE PLATFORM

Device Management Interface (DMI)
57

www.juniper.net
SECURITY THREAT RESPONSE MANAGER (STRM)
STRM supports SRX Series

Intrusion Prevention System (IPS) and AppSecure
220+ out-of-the box report templates
Fully customizable reporting engine:
creating, branding and scheduling delivery of reports

Compliance reporting packages for PCI, SOX, FISMA, GLBA, and HIPAA
Reports based on control frameworks: NIST, ISO and CoBIT
58

www.juniper.net
The juniper appsecure difference
$ COST EFFECTIVE
All in One
COMPREHENSIVE
FLEXIBILE
Traditional & Web 2.0

security
Open attack signatures
QoS & IPS
Scriptable CLI
User role firewall
Easily activated
Wireless & wired user

protection
Easy to manage
Runs on Junos
Layered security services
Rich networking interfaces
Lower TCO
59
www.juniper.net
J-Web wizards
Initial
InitialDevice
Device
Setup
Setup
Firewall
Firewall
NAT
NAT
VPN
VPN
JavaScript and XML based with all activity executed by browser

Provides a responsive user experience
Complete Wizard UI is loaded after hitting launch button
Single commit
Reduces configuration time

60
www.juniper.net
RAPID DEPLOYMENT
Simplified deployment
Eliminate need for
Pre-staging device
IT at point of
installation
SRX 210
6. SRX In
Service
Reduce -
2. USB Loads startup config

3. Validation of start up config
4. Secure communication to NSM
5. Download Running
Config
1. Generate and export

startup config to USB
A Unique ID for tracking
purposes
Untrust Interface
configuration
Configuration parameters
to enable registration
of device to management
server
User/Password
Management Server IP
Address/Domain Name
One time password
Provisioning time
Installation cost
No truck roll
Network and Security

Manager
61

www.juniper.net
High availability
Features
Stateful fail-over
Active/Backup Control Plane
Active/Active Data Plane
Single System View
Benefits
Maintains connection
persistence & improves

system resiliency for services
Load sharing across systems
Optimized for complex
routing environments
62

www.juniper.net
Agenda
Junipers solution

63
www.juniper.net
SRX SERIES AWARDS GREAT MOMENTUM!

SRX1400 Wins Best Security
Hardware Product Category
SRX650 Wins Best of Interop Award,

Infrastructure Category
SRX1400
SRX650
SRX210 Wins Tokyo Interop Grand Prix,

Highest Honor for SMB Infrastructure
SRX210
64
SRX5600 Wins Grand Prix, Highest

Honor for Best of Show Awards
SRX5600
www.juniper.net
Juniper Networks Tops New ABI Research

UTM Vendor Matrix Ranking
Enterprise Security:
Unified Threat Management Vendor Matrix Top Five Listing
Rank
Company
1.
2. Fortinet
3. Cisco Systems Inc.
4.
Check Point Software

Technologies Inc.
5. SonicWALL Inc.
Denotes highest-rated company along the Implementation scale
Denotes highest-rated company along the Innovation scale
After individual scores are established for Innovation and
Implementation using the above criteria, an overall company score is
established using the Root Mean Square(RMS) method.
65
https://www.abiresearch.com/research/1006397?ll
www.juniper.net
Customer and industry Recognition

The foundational strength of the SRX family is
Junipers new Dynamic Services Architecture, which
allows a much more intelligent sharing of resources
among security services running on the gateway.
Something
to TALK
Current Analysis
about
One of the key aspects of the relationship with
SRX is the leading platform.

Andreas Antonopoulos, Nemertes
Juniper is their ability to listen to what the customer

needs. Weve developed a long-term relationship. We
have helped influence some of the evolution of the
products and features that we as well as other
customers would see as a benefit.
7-Eleven
For both Juniper and the SRX, you

continue to build out the arsenal.
Jeremy Duke, Synergy Research
I can sum up Juniper Networks in

three words: security, performance,
and reliability.
The simplicity of Junos providing
integrated routing, switching, and security,
Romanos Macaroni Grill
coupled with the automation that Junos
Space provides, is a nice value-add for
CIOs who are constantly being asked to do
more with less in a tighter economic
environment.
IDC Link
66
www.juniper.net
LEVERAGING THE POWER OF JUNOS

UPGRADE TO SRX SERIES
SRX Upgrade Store of the Future
Broadband router
DSL, Fiber, Cable
Digital Signage
SRX210
Business Drivers
CX111
3g/4g/LTE
Wireless AP
EX2200-48P
Random other
equipment
(Microwave)
Rapidly bring new stores online

Lower outsourced management costs
PCI compliance for retain transactions
Flexibility on modems and carriers
Point of Sale Terminals In-Store Store Security Video Inventory

incl. Gas Pumps, lottery, Processor
Scanner
PoE
ATMs and registers
(brain)
Key Requirements
67
Rapid WAN provisioning

Consolidate equipment
Reliable WAN failover
Better wireless coverage in store
Wireless security
Juniper Advantage
Rapid turn up via 3G WAN (CX111)

Security compliance built into router
One Junos, higher performance & scale
Reduced outsourcing costs
Physically flexible 3G/4G solution
All in one consolidated solution
www.juniper.net
Thank you
68
www.juniper.net

SRX Series Services Gateways For The Branch: Jorge Enrique Niño C Systems Engineer CANSAC Enterprise

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

SRX Series Services Gateways For The Branch: Jorge Enrique Niño C Systems Engineer CANSAC Enterprise

Uploaded by

Copyright:

Available Formats

SRX Series Services Gateways for

JUNIPER SECURITY LEADERSHIP A $1B business

Data Center with HighEnd Firewall #1 at 39%

Across device, network

Juniper and Partner Confidential

Copyright 2012 Juniper Networks, Inc.

Branch SRX portfolio and features

3rd Party Validation

Juniper and Partner Confidential

Copyright 2012 Juniper Networks, Inc.

SECURITY MARKET TREND EVOLVING THREATS

Juniper and Partner Confidential

Copyright 2012 Juniper Networks, Inc.

Addressing the Evolving Threat Landscape

Visibility into Web 2.0 Threats

Control of Application Usage

Security Research Teams

SRX Series Gateways

Copyright 2012 Juniper Networks, Inc.

IT INITIaTIVES TO IMPROVE Networking/Security

Network migration to multi-service platform

Web filtering Antivirus

Router + Firewall + VPN + Switching + WLAN

VoIP Gateway and VoIP handsets

Juniper and Partner Confidential

Customer Challenges and Drivers

Need networking and

Juniper and Partner Confidential

Copyright 2012 Juniper Networks, Inc.

Branch SRX portfolio and features

3rd Party Validation

Juniper and Partner Confidential

Copyright 2012 Juniper Networks, Inc.

The SIMPLY Connected solution

An integrated portfolio of resilient wired,

Juniper and Partner Confidential

Copyright 2012 Juniper Networks, Inc.

Branch srx benefits

Next Gen Firewall

Easy to activate new

Easy to manage all

Juniper and Partner Confidential

Copyright 2012 Juniper Networks, Inc.

Lower TCO and high

BRANCH SRX DELIVERS

Next Generation Firewall

Juniper and Partner Confidential

Single device for routing, switching,

Copyright 2012 Juniper Networks, Inc.

BRANCH SRX OFFERS

Single OS platform for routing, switching,

Juniper and Partner Confidential

Copyright 2012 Juniper Networks, Inc.

BRANCH SRX ENSURES

Juniper and Partner Confidential

Copyright 2012 Juniper Networks, Inc.

Branch SRX portfolio and features

3rd Party Validation

Juniper and Partner Confidential

Copyright 2012 Juniper Networks, Inc.

Branch SRX: Serving Multiple Customer Needs

Routing and WAN

Next generation firewall