Juniper SA 700 Datasheet
Juniper SA 700 Datasheet
Juniper SA 700 Datasheet
Product Description
Product Overview The Juniper Networks® SA700 SSL VPN Appliance creates a secure network-layer
connection via a lightweight, cross-platform dynamic download. The SA700 also enables
The Juniper Networks SA700 SSL VPN
connections from any device at any location to Web-enabled applications, including those
Appliance enables small- to medium-
with XML and Flash content, files, standards-based email, and telnet/SSH sessions. The
sized enterprises to deploy remote
SA700 appliance delivers enterprise-strength AAA (authentication, authorization, and
access to the corporate network in a accounting) and comprehensive endpoint defense.
secure and cost-effective way. Because
The SA700 is ideal for small enterprises as it supports up to 25 concurrent users.
the SA700 uses Secure Sockets Layer
(SSL) to provide encrypted transport, Please note that the SA700 has a limited available feature set and is licensed differently
it enables instant remote access from than the rest of the SA Series product line. No feature or enterprise class licenses are
architecture eliminates the high cost of In addition, no third party licenses such as the Enhanced Endpoint Security license
installing, configuring and maintaining will be supported on the SA700 since 50 concurrent users is the minimum count to use
client software on every device, those licenses.
significantly reducing the total cost of
ownership (TCO) versus traditional VPN
Architecture and Key Components
solutions. SSL delivery also eliminates Lower TCO
the Network Address Translation • Dependable technology tailored to the needs of small- to medium-sized enterprises by
(NAT) and firewall traversal issues the SSL VPN market leader—Juniper Networks
encountered with traditional remote • Plug-n-play appliance that installs in minutes with minimal IT knowledge required
access products, allowing remote & • No client software deployment or maintenance—users only need an Internet connection
mobile users reliable and ubiquitous for access
access from external networks such as • Simple end user and administrator interfaces facilitate quick and easy use
homes or hotels. • Improved productivity for remote employees
• No network interoperability issues
End-to-End Security
• Complete, secure access to LAN resources, ensuring that the endpoint device, data in
transit and internal resources are secure.
• Seamless integration with broad range of authentication methods and protocols.
1
Features and Benefits
The SA700 deploys quickly and easily, and it does not require the costly deployment and maintenance of individual client software on each
device. The SA700 delivers an appliance tailored to the specific needs of small- to medium-sized companies, in an affordable plug-n-play form
factor. Since the SA700 is designed primarily to address the remote access needs of smaller organizations, it will not have the same enterprise-
class features found in Juniper Network SA2500, SA4500, or SA6500 SSL VPN Appliances. Please consult your Juniper Networks sales
representative or authorized channel partner to ensure the correct SA Series model will address your remote access needs.
Uses SSL, available in all standard Enables secure remote access from any browser. Users only need an Internet connection for access.
Web browsers
No end user client to install • Requires no changes to existing network • Eliminates the cost and complexity associated with
infrastructure. maintaining installed clients on user devices.
• Supports multiple operating systems, including • Enables the addition of new users or access to new
Windows, Linux, Mac, PocketPC and more. applications with just a few clicks.
Leverages existing security • Integrates with existing user directories. Simplifies any network administration.
infrastructure • Fully compatible with a broad range of
authentication methods and protocols.
Interoperation with external • Improves user experience by simplifying access to Eliminates network interoperability issues.
networks—eliminating issues with internal resources from external networks.
(NAT) or firewall traversal • Reduces costly support calls.
Desktop or 1U rack-mountable form Runs quietly on desktop if no server rack is available. Saves valuable rack space in the data closet.
factor
Individual models provide support for Offers customers the flexibility to purchase according IT investments can be made according to budget and
10, 15, or 25 concurrent users to their capacity requirements and budgetary need.
limitations.
The SA700 series provides complete end-to-end layered security, ensuring that the endpoint device, data in transit and internal resources
are secure. The SA700 integrates seamlessly with a broad range of authentication methods and protocols, and its hardened architecture
effectively protects internal resources.
Native Host Checker Client computers can be checked at the beginning • Enables enterprises to write their own host checker
and throughout the session to verify an acceptable method to customize the policy checks.
security posture requiring or restricting network • Resource access policy for non-compliant
ports, checking files/processes, and validating their endpoints is configurable by administrator.
authenticity with Message Digest 5 (MD5) hash
checksums. Performs version checks on security
applications, and carries out pre-authentication
checks and enforcement.
Host Checker API Created in partnership with best-in-class endpoint Uses current security policies with remote users and
security vendors, enables enterprises to enforce an devices; easier management.
endpoint trust policy for managed PCs that have
personal firewall, antivirus clients, or other installed
security clients, and quarantine non-compliant
endpoints.
Host Checker server integration API Enables enterprises to deliver and update third-party • Reduces public-facing infrastructure.
security agents from the SA700. • Enables consolidated reporting of security events.
• Enables policy-based remediation of non-compliant
clients.
Hardened security appliance and Purpose-built hardware appliance and hardened Not designed to run any additional services and is
Web server security infrastructure, with no general purpose less susceptible to attacks; no backdoors to exploit.
services, system-level user accounts or interactive
shell.
Security services employ kernel-level Ensures that unauthenticated connection attempts, Effective protection against threats and attacks.
packet filtering and safe routing such as malformed packets or denial of service
(DoS) attacks, are filtered out.
Cache cleaner All proxy downloads and temp files installed during Ensures that no potentially sensitive session data is
the session are erased at logout, ensuring that no left behind on the endpoint machine.
data is left behind.
2
Table 2: SA700 End-to-End Layered Security (continued)
Support for strong authentication Enables enterprise-strength authentication via Allows administrators to establish dynamic
methods and protocols including optional integration with directories (PKI) and authentication policies for each user session, based
RADIUS, Lightweight Directory leading multi-factor authentication systems. on user/device/network attributes and specific login
Access Protocol (LDAP), public key Also includes a secure internal user database for conditions, including an optional pre-authentication
infrastructure (PKI), Active Directory, enterprises that have not deployed third-party assessment to examine the client’s security state
RSA/Secure ID authentication. before the login page is presented.
Auditing and logging Full auditing and logging capabilities in a clear, easy- Simplifies configuration, assessment and
to-understand format. troubleshooting.
The SA700 features a user-friendly Web-based interface and streamlined administration making it easy to use and administer.
Streamlined administration process Instant deployment and activation requires minimal Increased productivity for IT resources.
designed specifically for small/ IT knowledge.
medium enterprises
Dynamically provisioned user At login, end users are immediately provisioned full Flexibility of allowing users access to different types
connectivity connectivity as if running on the LAN, while important of resources.
layered security functions run transparently. Users
provisioned using the Core Clientless access method
upgrade are restricted to administrator configurable
Web-based applications.
Simple, Web-based interfaces Both the end user and administrator interfaces Enables end user and administrator productivity.
are simple and Web-based, facilitating quick and
easy use.
The SA700 includes two different access methods. These different methods are selected as part of the user’s role, so the administrator
can enable the appropriate access on a per-session basis, taking into account user, device and network attributes in combination with
enterprise security policies.
Network Connect Provides complete network-layer connectivity via an • Users only need a Web browser for access.
automatically provisioned cross-platform download. • Network Connect transparently selects between
two possible transport methods to automatically
deliver the highest performance possible for every
network environment.
Clientless Core Web access • Access to Web-based applications, including • Provides the most easily accessible form of
complex JavaScript, XML or Flash-based apps and application and resource access.
Java applets that require a socket connection, as • Enables extremely granular security control options.
well as standards-based email, files and telnet/SSH
hosted applications.
• Core Web access also enables the delivery of Java
applets directly from the SA Series appliance.
Specifications
SA700
• Dimensions (W x H x D): 17.25 x 1.74 x 9 in
(43.80 x 4.41 x 22.86 cm)
• Weight: 10 lb (4.53 kg) typical (unboxed)
• Material: 18 gauge (.048 in) aluminum
SA700
• Fans: 1 ball-bearing inlet fan, plus 1 CPU blower
Panel Display
• Front Panel Power Switch
• Power LED
• Access LED (drive access)
3
Specifications (continued) Juniper Networks Services and Support
Ports Juniper Networks is the leader in performance-enabling services
Network and support, which are designed to accelerate, extend, and
• Two RJ-45 Ethernet optimize your high-performance network. Our services allow
• 10/100 full or half-duplex (auto-negotiation) you to bring revenue-generating capabilities online faster so
• IEEE 802.3 compliant you can realize bigger productivity gains and faster rollouts of
Console new business models and ventures. At the same time, Juniper
• One 9-pin serial console port Networks ensures operational excellence by optimizing your
Power network to maintain required levels of performance, reliability, and
• Input voltage and current 90-264 VAC full range availability. For more details, please visit www.juniper.net/us/en/
• 4 A (RMS) at 90 VAC products-services/.
• 2 A (RMS) at 264 VAC
• Input frequency 47-63 Hz Ordering Information
• Efficiency 65% min, at full load
Model Number Description
• Output power 220 W
• Power supply mean time between failures (MTBF) 100,000
SA700 Base System
hours at 25° C SA700 SA700 Base System
Corporate and Sales Headquarters APAC Headquarters EMEA Headquarters To purchase Juniper Networks solutions,
Juniper Networks, Inc. Juniper Networks (Hong Kong) Juniper Networks Ireland please contact your Juniper Networks
1194 North Mathilda Avenue 26/F, Cityplaza One Airside Business Park representative at 1-866-298-6428 or
Sunnyvale, CA 94089 USA 1111 King’s Road Swords, County Dublin, Ireland
authorized reseller.
Phone: 888.JUNIPER (888.586.4737) Taikoo Shing, Hong Kong Phone: 35.31.8903.600
or 408.745.2000 Phone: 852.2332.3636 EMEA Sales: 00800.4586.4737
Fax: 408.745.2100 Fax: 852.2574.7803 Fax: 35.31.8903.601
www.juniper.net
Copyright 2010 Juniper Networks, Inc. All rights reserved. Juniper Networks, the Juniper Networks logo, Junos,
NetScreen, and ScreenOS are registered trademarks of Juniper Networks, Inc. in the United States and other
countries. All other trademarks, service marks, registered marks, or registered service marks are the property of
their respective owners. Juniper Networks assumes no responsibility for any inaccuracies in this document. Juniper
Networks reserves the right to change, modify, transfer, or otherwise revise this publication without notice.