Juniper Networks: Przegląd Oferty
Juniper Networks: Przegląd Oferty
Juniper Networks: Przegląd Oferty
Przegld oferty
Piotr Kdra [email protected]
M-Series
MX
EX-series
96
1998
1999
2000
UAC T-Series
10 Gb IDP
corporated
SSG
STRM
Revenue
$1B
$2B
$2.3B 4800+
$2.8B 5800+
Employees
2500 3500
Provide a scalable approach to accelerating application performance, increasing WAN capacity, and enabling application prioritization and visibility in speeds from 64 Kbps to 155 Mbps Common management system (NSM, NSMXpress); Log Management and SIEM (Security Information and Event Management) system (STRM)
IPS
IPSec
Current Trends
By 2007, 50% of the companies surveyed will significantly increase their WAN access bandwidth Infonetics More employees working away from main offices
91% of employees in companies of all sizes, work outside of main office Nemertes Research
Wi Fi
Internet
Range of WAN connections: from DS3 to low speed modem Require protection for owned and non-owned IT assets
Firewall, VPN, IPS and File-based AV scanning, Spyware detection Internal network segmentation for attack mitigation, access control
100+ Mbps Outbound link = > T1, DSL, DS3 IPSec
Local Apps
Internet
Users WLAN
www
Ideal Solution
Protect the network, stop all manner of attacks with a rich set of proven security features
Network, application and content level attack protection
Ideal small to medium stand alone business / branch office offerings Can be deployed as a traditional Firewall, as a Site-to-Site VPN and as a Security Router
SSG 520M
SSG 550M
Networking
Security Zones Dynamic Routing Deployment Modes WAN Encapsulations
ScreenOS
Inbound Threats Juniper IDP detects/stops Worms, Trojans, DoS (L4 & L7), Recon, Scans
Outbound Threats Juniper IDP detects/stops Worms, Trojans SurfControl to block to Spyware / Phishing / Unapproved Site Access
IPS
Web Filtering Kaspersky Lab AV stops Viruses, file-based Trojans, Spyware, Adware, Keyloggers Symantec stops Spam / Phishing Juniper Stateful Firewall, VPN, Access Control
AV
Kaspersky Lab AV stops Viruses, file-based Trojans or spread of Spyware, Adware, Keyloggers
Brightmail-based database blocks (and/or tags) spam by using robust IP based, constantly updated worldwide list of spammers and phishers
Intrusion Prevention (Deep Inspection) detects several thousand attacks such as Worms, Trojans and other malware for up to 43 protocols Delivered by Juniper in the form of an annual subscription fees Juniper for Support and for Subscription Updates
Superior and highly-capable, single, integrated solution with a single Point of Contact
Network Segmentation
Security zones, VLANs Virtual Routers
Divide network into logical, secure domains Protect network with Inter-, Intra-zone policies A single stop Single Policy Between Zones, versus Traditional Router+FW with multiple "stops" for each traffic flow
Key benefits
Better Security
Divide the network into distinct, secure domains Able to assign appropriate levels of security to different user groups
Internet
Competitive differentiator
Benefit
Automatically learns network configuration Facilitates security deployment without network configuration changes Simplifies network integration
Reduces manual configuration efforts
Bridge Groups
bgroup
eth eth
Dst1
SSG
Traffic
SSG
wireless eth
Rapid Deployment
Reduce provisioning time / streamline large deployments
Role-based administration
Delegate administrative access to key support people by assigning specific tasks to specific individuals
SSG 520M
SSG 550M
SSG 5 Overview
Performance and physical characteristics
160 Mbps FW (large packets) / 90 Mbps FW (IMIX) / 40 Mbps VPN
Integrated Fan w/Temp Sensor (wireless only)
Flexible connectivity
Fixed form factor w/ 7 Fast Ethernet + 1 WAN interface
Factory configured WAN options include ISDN BRI S/T or V.92 or RS-232 Serial/Aux Optional factory configured Dual radio 802.11a + 802.11 b/g Six models to choose from
SSG 20 Overview
Performance and physical characteristics
160 Mbps FW (large packets) / 90 Mbps FW (IMIX) / 40 Mbps VPN
Integrated Fan w/Temp Sensor (wireless only)
Flexible connectivity
5 Fast Ethernet + 2 Mini I/O slots
Mini PIM options include ADSL2+, T1, E1, ISDN BRI S/T, SFP, serial, and V.92 Optional factory configured Dual radio 802.11a + 802.11 b/g Two models to choose from
Front View
Back View
Back View
5 Front View
1RU High, Full Rack Width, 15 Depth Three modular PIM slots 4-port 10/100/1000 Ethernet ports
Optional Encryption Card USB, compact flash, Console, AUX 400 Mbps firewall (IMIX), 175 Mbps VPN performance
1.5 RU High, Full Rack Width, 15 Depth Five modular PIM slots
DC Power supply option NEBS compliant 500 Mbps firewall (IMIX), 225 Mbps VPN performance
SSG 20
SSG 140
------
SS G S 551 G 32M 0M S -
JUNOS
Micro Branch, Small Office, Managed Service Small Branch, SME Branch/Regional, Medium Enterprise Medium Ent to Large HQ
Performance: Purpose built platforms that deliver unmatched price/performance to branch office market WAN Connectivity: Widest range of FW platforms with WAN interfaces and protocols
Security platforms with LAN and WAN routing capabilities
Dynamic routing, virtual routers, VPN, high availability, VLANs New WAN interfaces and encapsulations taken from J-Series & JUNOS
ISG
ISG Overview
Purpose-built HW and SW
Built from the ground up ASIC-based platforms Security-hardened Proprietary ScreenOS Operation System
ISG 2000
4 Gbps 2 Gbps 3 Million 1.5 Million 1 Million 10,000 Up to 2 Gbps Up to 3 0 Up to 28 4
3-Tier Management
ISG with IDP
NSM
SSGs
IDP Appliances
Management Level
Deploy Security
Define security of entire network
Configure
Push devicespecific policy out
Monitor
Attack Logs Reports Profiler Security Explorer
Upgrade
Signature updates Policy adjustment
Needs to accommodate different tasks, management levels Different people within organization need access
Network
Device
VPN monitoring Network failure recognition HA monitoring HW monitoring (interfaces up/down, power failure)
Ops
Design,Deploy Design,Deploy
Configure Configure
Policy
Dashboard
Multiple, integrated tools offer wide variet of information See all firewall and IDP data in one place Jump to policy for Closed Loop Investigation