SRX Series Services Gateways - Juniper 5 Daagse

wartrashyNetworking and Communications

Oct 26, 2013 (3 years and 7 months ago)

134 views

SRX SERIES SERVICES GATEWAYS










2

Copyright ©
2011
Juniper Networks, Inc. www.juniper.net

Introduction

AGENDA

Solution Differentiators

SRX Portfolio

3

Copyright ©
2011
Juniper Networks, Inc. www.juniper.net

JUNIPER SECURITY LEADERSHIP A $1B BUSINESS

Market

Leadership


Data Center with High
-
End Firewall #1 at 42%


Secure Mobility with
SSL VPN #1 at 25%


Intelligent Networking

with Secure Routing

#2 at 22%

Security

Innovation


Across device, network
and application


One Junos for Routing,
Switching and Security


Security and Mobile
Threat Research Teams

Proven Reach

&
Scale


Protecting 80%+ of
smartphones in North
America


24 of the Fortune 25
for secure connectivity


GTM Scale with IBM,
Dell, Ericsson & NSN

4

Copyright ©
2011
Juniper Networks, Inc. www.juniper.net


SECURITY TRENDS

Sophistication
(Maturity)

Type of Attack

Botnets

Trojans

Virus

Worms

DOS

APT

Malware

Notoriety

Profitability

.gov /.com

.me / .you

New Devices

ERP

I nt ernet Informat ion Services

New Applications

Target

Threats

Attacker

5

Copyright ©
2011
Juniper Networks, Inc. www.juniper.net

Industry trends & customer challenges

AGENDA

Solution Differentiators

SRX Portfolio

6

Copyright ©
2011
Juniper Networks, Inc. www.juniper.net

SRX PORTFOLIO

Small Office/Branch Office

Data Center

7

Copyright ©
2011
Juniper Networks, Inc. www.juniper.net

SRX FOR THE SMALL OFFICE/

BRANCH OFFICE

8

Copyright ©
2011
Juniper Networks, Inc. www.juniper.net

Branch SRX

9

Copyright ©
2011
Juniper Networks, Inc. www.juniper.net

Branch SRX

10

Copyright ©
2011
Juniper Networks, Inc. www.juniper.net

NETWORKING TRENDS

Too many devices and too much complexity


Complex Topology


Service disparity and lack

of integration


Too many vendors


Too many Operating
-
Systems


Too many Management
interfaces and tools


Too much cost

11

Copyright ©
2011
Juniper Networks, Inc. www.juniper.net

BRANCH SRX ADDRESSES
THESE
TRENDS

Easy to manage all
aspects with Junos, a
single OS platform





Easy to activate new
security layer in UTM
when needed to address
new
concerns

Lower TCO and high
performance allows IT to
do more with less





All
-
in
-
One

Best Price/

Performance

Firewall

VPN

IPS/AppSecure

Anti
-
Virus

Anti
-
Spam

Web filtering

Routing / WAN

UTM

WLAN, LAN, Switching




Unified

Management

12

Copyright ©
2011
Juniper Networks, Inc. www.juniper.net

BRANCH SRX
DELIVERS…

CONSOLIDATED SECURITY AND NETWORKING

All
-
in
-
One


Single device for routing, switching,

and security


Comprehensive security
with best
-
in
-
class partners


Easy to activate new
layers
of
security
without adding new hardware or software

Firewall

VPN

IPS/AppSecure

Anti
-
Virus

Anti
-
Spam

Web filtering

Routing / WAN

UTM

WLAN, LAN, Switching

13

Copyright ©
2011
Juniper Networks, Inc. www.juniper.net

Unified
Management

BRANCH SRX
OFFERS…

REDUCED IT MANAGEMENT BURDEN


Single OS platform for routing, switching,
and security


Reduces time and effort to plan,

deploy, and manage


Provides stable delivery of new functionality
in a steady, timely
manner


Flexibility of web device and comprehensive
network security management

14

Copyright ©
2011
Juniper Networks, Inc. www.juniper.net

BRANCH SRX ENSURES


MAXIMIZED CUSTOMER VALUE




Best
Price/Performance


Lowest cost to deploy
(
Opex, Capex
savings)


Single OS/single console reduces training
costs


Fewer IT staff needed for network
management


Faster processing performance with

multiple dedicated cores

15

Copyright ©
2011
Juniper Networks, Inc. www.juniper.net

BRANCH SRX PORTFOLIO

Small Office

Small to

Medium
Office

Large
Branch/

Regional
Office

SRX

100/110

SRX210


WAN slot,

2
x GigE, PoE

SRX220

+ 2 WAN slots,

8
x GigE, PoE

SRX240

+ 4 WAN slots,

16
x GigE, PoE

SRX650

+ More LAN slots, dual


processors, dual P/S


WAN
slot

16

Copyright ©
2011
Juniper Networks, Inc. www.juniper.net



SRX FOR DATA CENTER

17

Copyright ©
2011
Juniper Networks, Inc. www.juniper.net

18

Copyright ©
2011
Juniper Networks, Inc. www.juniper.net

THREE DRAMATIC SHIFTS IN THE DATA CENTER

Sources: AFCOM Data Center Research, Gartner, KRC Research
-

Each trend is driving changes in networking and security

Copyright © 2011 Juniper Networks, Inc. www.juniper.net

Mega Consolidation

Efficiency improvements

and simplified administration

Cloud Services &

Virtualization projects

Virtualization

Web 2.0 and

Application Mashups

Service Oriented
Architectures

19

Copyright ©
2011
Juniper Networks, Inc. www.juniper.net

DATA CENTER SRX ADDRESSES THESE TRENDS

Meets your specific
business needs for an
integrated physical and
virtualized data center





Delivers efficient
infrastructure for high
-
performance network
scale to meet even the
most demanding of
network productivity
needs

Ensures protection
against evolving threats
with next
-
generation,
layered security
services





Consolidation

at Scale

Next Generation
Security Services




Virtualization
Security

20

Copyright ©
2011
Juniper Networks, Inc. www.juniper.net

DATA CENTER SRX
DELIVERS…

CONSOLIDATED SECURITY AND NETWORKING

Consolidation

at Scale


Scalable data center security


More efficient infrastructure with modular
SPCs and IOCs


Carrier grade networking powering Top 130
Service Providers & nearly all of Fortune 500


Protecting online assets with AppSecure, IPS,
FW, NAT, and more

21

Copyright ©
2011
Juniper Networks, Inc. www.juniper.net

DATA CENTER SRX ENSURES


APPLICATION VISIBILITY AND PROTECTION




Next Generation
Security Services


Rapid response to evolving threats through
layered, next
-
generation security services


Control and enforcement of application usage



Visibility into Web 2.0 threats with application
security against latest attacks


Scalable policy enforcement and management
via Junos


22

Copyright ©
2011
Juniper Networks, Inc. www.juniper.net

DATA CENTER
SRX PRODUCT LINE

Smaller Data Center

Campus/

Corporate Office

Large

Data Center

SRX1400

FW 10 Gbps

IPS 2 Gbps

SRX3400

FW 20 Gbps

IPS 6 Gbps

SRX3600

FW 30 Gbps

IPS 10 Gbps

SRX5600

FW
70
Gbps

IPS 15 Gbps

SRX5800

FW
150
Gbps

IPS 30 Gbps

23

Copyright ©
2011
Juniper Networks, Inc. www.juniper.net

Industry trends & customer challenges

AGENDA

Solution Differentiators

SRX Portfolio

24

Copyright ©
2011
Juniper Networks, Inc. www.juniper.net

JUNOS OPERATING SYSTEM

SECURITY

ROUTERS

J Series

M Series

T Series

EX Series

SWITCHES

MX Series

SRX

Series


Reduces time/effort

to operate network
infrastructure


Simplifies management




One OS

One Release Train


Delivers new
functionality stably


Reduces OPEX



One Architecture


Ensures available &
scalable software for
growing needs


Reduces TCO



QFX Series

25

Copyright ©
2011
Juniper Networks, Inc. www.juniper.net

ARCHITECTURE:

SEPARATE DATA AND CONTROL PLANE

Control Plane

Module n

Interfaces

Management

Routing



Kernel

Data Plane

Physical Interfaces

Packet Forwarding

DOS &

DDOS
ATTACKS

Data

Management

Routing

DOS & DDOS
ATTACKS

Attacks overwhelm the box


Administrator loses management access

your
network is down


Attacks can be thwarted


Under attack, administrator maintains management
access to modify policy, disallow bad traffic, and
process good traffic

your network stays up



Shared Plane

26

Copyright ©
2011
Juniper Networks, Inc. www.juniper.net


SRX Series


Physical

Hypervisor

vGW Series

VM

VM

VM

VM


vGW Virtual Gateway

Management and Security Services

Security


Design

Security Threat

Response Manager

STRM

Services


Virtual

Firewall


IPS


DoS Prevention


AppSecure

DoS

DATA CENTER SECURITY SOLUTION THAT SPANS
PHYSICAL AND VIRTUAL NETWORKS

27

Copyright ©
2011
Juniper Networks, Inc. www.juniper.net

Juniper SRX

with IPS and
AppSecure

Fabric

Switching

Policies




vGW Virtual Gateway

VMware
vSphere Hypervisor





1.
SRX Zone Visibility
extends to include VM
awareness


2.
Firewall Event Syslogs
and Netflow for Inter
-
VM
Traffic to STRM


3.
VM Traffic Inspection and
Enforcement with
selective mirroring to
SRX IPS


vGW Solution Integration

VM 1

VM 2

VM 3

VM 20

Security
Design

Copyright © 2011 Juniper Networks, Inc. www.juniper.net

INTEGRATION WITH
v
GW VIRTUAL GATEWAY

EXTENDING ENFORCEMENT TO ANY FLOW IN THE DATA CENTER

28

Copyright ©
2011
Juniper Networks, Inc. www.juniper.net

APPSECURE: APPLICATION INTELLIGENCE


BRANCH TO DATA CENTER


Understand
security risks



Address new
user behaviors




Easy add
-
on security services for SRX gateways



Delivers application visibility, enforcement and protection

up to 100 Gbps



Integrates nested application detection/ protection, control, & remediation



Subscription service includes all modules and updates



Juniper Security Lab provides 800+ application signatures

AppTrack

AppDoS

IPS


Block access to
risky apps



Allows user
tailored policies



Prioritize
important apps



Rate limit less
important apps



Protect apps
from bot attacks



Allow legitimate
user traffic



Remediate
security threats



Stay current with
daily signatures






AppFW

AppQoS

29

Copyright ©
2011
Juniper Networks, Inc. www.juniper.net

AppTrack

IPS

AppQoS

Flow
Processing

AppFW

AI

Application Identification Engine

NAI

Ingress

Egress

Application
ID Results

AppDoS

APPSECURE SERVICE MODULES

30

Copyright ©
2011
Juniper Networks, Inc. www.juniper.net

UNIFIED MANAGEMENT

Network Management

Junos Space
Security Design

SIEM

Security Threat
Response Manager

Web UI

J
-
Web


Automated configuration
and deployment of
security


Reduced
security risk,
faster deployment, and
lower TCO


All
-
in
-
one log, threat, and
compliance management


Greater visibility including
web 2.0 and application
intelligence for improved
security




Seamless GUI access to
Junos features & functions


Quick configurations
/
wizards


Cost
effective & intuitive


Routing

Security

Switching

31

Copyright ©
2011
Juniper Networks, Inc. www.juniper.net

VIRTUALIZATION

32

Copyright ©
2011
Juniper Networks, Inc. www.juniper.net

VIRTUALIZATION CHALLENGES

Physical Network



One server is
one server


Firewall can
see all traffic


Applications
don’t move
much

=

Complexity



One physical
server
represents
many virtual
ones

Dynamic Applications



As applications move,
how does the physical
security follow?

V
-
Motion

Hidden Traffic



Traffic on the
same
hypervisor isn’t
sent to the
physical
firewall

33

Copyright ©
2011
Juniper Networks, Inc. www.juniper.net

34

Copyright ©
2011
Juniper Networks, Inc. www.juniper.net

VGW MODULES

Network

Traffic flows

IDS

Introspect
ion

Reports

View of IDS alerts

VM “x
-
ray”

(OS, apps, etc.)

Granular reports

and scheduler

Main

Dashboard view of
virtual data center

Firewall

AntiVirus

Complian
ce

Firewall policy

and logs

AV protection
w
/
quarantine

Alerts on VM/host
non
-
compliance

35

Copyright ©
2011
Juniper Networks, Inc. www.juniper.net


Service Provider & Enterprise Grade


Three
-
tiered Model


VMware Certified


Protects each VM
and
the hypervisor


Fault
-
tolerant architecture (i.e., HA)


Virtualization
-
aware


“Secure
VMotion
” scales to

1,000+ hosts


“Auto Secure” detects/protects

new VMs


Granular, Tiered Defense


Stateful

firewall, integrated IDS,

and AV


Flexible Policy Enforcement

THE VGW PURPOSE
-
BUILT APPROACH

THE vGW ENGINE

Virtual
Center

VM

VM1

VM2

VM3

Partner Server

(IDS, SIM,

Syslog
,
Netflow
)

Packet Data

VMWARE API’s

Any vSwitch


(Standard, DVS, 3
rd

Party)

HYPERVISOR

VMware Kernel

ESX or ESXi Host

Security
Design
for
v
GW

1

2

3

36

Copyright ©
2011
Juniper Networks, Inc. www.juniper.net

PERFORMANCE & SCALABILITY

37

Copyright ©
2011
Juniper Networks, Inc. www.juniper.net

SECURITY SOLUTION SUMMARY

No new hardware

needed to add AppSecure,
UTM or robust network security

Massive advantage in scale
over all other competitors
accommodates growth

Performance and

Scalability Leader

Modular architecture allows
pay
-
as
-
you
-
grow approach

and simplifies operations

Security leadership (Gartner
leader quadrant in five cate
-
gories*), and financial stability

Strong Company

Carrier
-
grade networking
performance and robust

feature set integration

Top performance and lower
TCO in a better networking

and security solution

High Overall Value

* Sources: Gartner 2010 Magic Quadrants for Enterprise Network Firewalls, Network Intrusion Prevention Systems, SSL VPN, SIEM

(2
011) ,
and Network Access Controls

Better Security

Superior Design

Superior Networking

38

Copyright ©
2011
Juniper Networks, Inc. www.juniper.net

3RD PARTY VALIDATION

39

Copyright ©
2011
Juniper Networks, Inc. www.juniper.net

ANALYST
AND CUSTOMER RECOGNITION

“Juniper’s maturing and expanding SRX family of security gateway appliances are threatening,
because
they deliver an
impressive combination
of performance
, functionality, and

product family
breadth.”





Andrew
Braunberg, Current Analysis

“Juniper has consistently shown exceptional differentiation in terms of feature
-
set, performance and implementation

flexibility in a market that is getting increasingly crowded. It continues to excel as a value differentiator.”






Subha Rama, ABI Research

“The simplicity of Junos providing integrated routing, switching, and security, coupled with the automation that

Junos Space provides, is a nice value
-
add for CIOs who are constantly being asked to do more with less in a tighter
economic environment.”






IDC
Link

“I can sum up Juniper Networks in three words: security, performance, and reliability.”







Rich Acevedo, Network Engineer, Romano’s Macaroni Grill

“One of the key aspects of the relationship with Juniper is their ability to listen to what the customer needs. We’ve develop
ed
a long
-
term relationship. We have helped influence some of the evolution of the products and features that we as well as
other customers would see as a benefit.”




Eric Walters, Network Manager, 7
-
Eleven

“The foundational strength of the SRX family is Juniper’s new Dynamic Services Architecture, which allows a much more
intelligent sharing of resources among security services running on the gateway.”



Current Analysis, 2010