SRX Series Services Gateways
Download
Report
Transcript SRX Series Services Gateways
SRX SERIES SERVICES GATEWAYS
AGENDA
Introduction
SRX Portfolio
Solution Differentiators
2
Copyright © 2011 Juniper Networks, Inc.
www.juniper.net
JUNIPER SECURITY LEADERSHIP A $1B BUSINESS
3
Market
Leadership
Security
Innovation
Data Center with HighEnd Firewall #1 at 42%
Across device, network
and application
Secure Mobility with
SSL VPN #1 at 25%
One Junos for Routing,
Switching and Security
Intelligent Networking
with Secure Routing
#2 at 22%
Security and Mobile
Threat Research Teams
Copyright © 2011 Juniper Networks, Inc.
www.juniper.net
Proven Reach
& Scale
Protecting 80%+ of
smartphones in North
America
24 of the Fortune 25
for secure connectivity
GTM Scale with IBM,
Dell, Ericsson & NSN
SECURITY TRENDS
Notoriety
Profitability
.gov /.com
.me / .you
Attacker
Sophistication
(Maturity)
Threats
Type of Attack
APT
Botnets
Malware
DOS
Trojans
Worms
Virus
New Devices
Target
New Applications
Internet Information Services
ERP
4
Copyright © 2011 Juniper Networks, Inc.
www.juniper.net
AGENDA
Industry trends & customer challenges
SRX Portfolio
Solution Differentiators
5
Copyright © 2011 Juniper Networks, Inc.
www.juniper.net
SRX PORTFOLIO
Small Office/Branch Office
6
Copyright © 2011 Juniper Networks, Inc.
Data Center
www.juniper.net
SRX FOR THE SMALL OFFICE/
BRANCH OFFICE
7
Copyright © 2011 Juniper Networks, Inc.
www.juniper.net
Branch SRX
8
Copyright © 2011 Juniper Networks, Inc.
www.juniper.net
Branch SRX
9
Copyright © 2011 Juniper Networks, Inc.
www.juniper.net
NETWORKING TRENDS
Too many devices and too much complexity
Complex Topology
Service disparity and lack
of integration
Too many vendors
Too many Operating-Systems
Too many Management
interfaces and tools
Too much cost
10
Copyright © 2011 Juniper Networks, Inc.
www.juniper.net
BRANCH SRX ADDRESSES THESE TRENDS
UTM
All-in-One
Best Price/
Performance
Easy to manage all
aspects with Junos, a
single OS platform
Lower TCO and high
performance allows IT to
do more with less
Firewall
VPN
IPS/AppSecure
Anti-Virus
Anti-Spam
Web filtering
Routing / WAN
WLAN, LAN, Switching
Easy to activate new
security layer in UTM
when needed to address
new concerns
11
Unified
Management
Copyright © 2011 Juniper Networks, Inc.
www.juniper.net
BRANCH SRX DELIVERS…
CONSOLIDATED SECURITY AND NETWORKING
All-in-One
Firewall
VPN
UTM
IPS/AppSecure
Anti-Virus
Anti-Spam
Web filtering
Routing / WAN
WLAN, LAN, Switching
12
Single device for routing, switching,
and security
Comprehensive security with best-inclass partners
Easy to activate new layers of security
without adding new hardware or software
Copyright © 2011 Juniper Networks, Inc.
www.juniper.net
BRANCH SRX OFFERS…
REDUCED IT MANAGEMENT BURDEN
Unified
Management
Single OS platform for routing, switching,
and security
Reduces time and effort to plan,
deploy, and manage
Provides stable delivery of new functionality
in a steady, timely manner
Flexibility of web device and comprehensive
network security management
13
Copyright © 2011 Juniper Networks, Inc.
www.juniper.net
BRANCH SRX ENSURES…
MAXIMIZED CUSTOMER VALUE
Best
Price/Performance
Lowest cost to deploy (Opex, Capex
savings)
Single OS/single console reduces training
costs
Fewer IT staff needed for network
management
Faster processing performance with
multiple dedicated cores
14
Copyright © 2011 Juniper Networks, Inc.
www.juniper.net
BRANCH SRX PORTFOLIO
+ More LAN slots, dual
processors, dual P/S
SRX650
+ 4 WAN slots,
16 x GigE, PoE
SRX240
+ 2 WAN slots,
8 x GigE, PoE
WAN slot,
2 x GigE, PoE
SRX220
SRX210
WAN slot
SRX
100/110
Small Office
15
Small to
Medium Office
Copyright © 2011 Juniper Networks, Inc.
www.juniper.net
Large Branch/
Regional Office
SRX FOR DATA CENTER
16
Copyright © 2011 Juniper Networks, Inc.
www.juniper.net
17
Copyright © 2011 Juniper Networks, Inc.
www.juniper.net
THREE DRAMATIC SHIFTS IN THE DATA CENTER
Mega Consolidation
Virtualization
Efficiency improvements
and simplified administration
Cloud Services &
Virtualization projects
Service Oriented
Architectures
Web 2.0 and
Application Mashups
Each trend is driving changes in networking and security
Sources: AFCOM Data Center Research, Gartner, KRC Research -
18
Copyright
© 2011
Juniper
Networks,Inc.
Inc.www.juniper.net
www.juniper.net
Copyright
© 2011
Juniper
Networks,
DATA CENTER SRX ADDRESSES THESE TRENDS
19
Consolidation
at Scale
Virtualization
Security
Next Generation
Security Services
Delivers efficient
infrastructure for highperformance network
scale to meet even the
most demanding of
network productivity
needs
Meets your specific
business needs for an
integrated physical and
virtualized data center
Ensures protection
against evolving threats
with next-generation,
layered security
services
Copyright © 2011 Juniper Networks, Inc.
www.juniper.net
DATA CENTER SRX DELIVERS…
CONSOLIDATED SECURITY AND NETWORKING
Consolidation
at Scale
Scalable data center security
More efficient infrastructure with modular
SPCs and IOCs
Carrier grade networking powering Top 130
Service Providers & nearly all of Fortune 500
Protecting online assets with AppSecure, IPS,
FW, NAT, and more
20
Copyright © 2011 Juniper Networks, Inc.
www.juniper.net
DATA CENTER SRX ENSURES…
APPLICATION VISIBILITY AND PROTECTION
Next Generation
Security Services
Rapid response to evolving threats through
layered, next-generation security services
Control and enforcement of application usage
Visibility into Web 2.0 threats with application
security against latest attacks
Scalable policy enforcement and management
via Junos
21
Copyright © 2011 Juniper Networks, Inc.
www.juniper.net
DATA CENTER SRX PRODUCT LINE
FW 150 Gbps
IPS 30 Gbps
SRX5800
FW 70 Gbps
IPS 15 Gbps
SRX5600
FW 30 Gbps
IPS 10 Gbps
SRX3600
FW 20 Gbps
IPS 6 Gbps
SRX3400
FW 10 Gbps
IPS 2 Gbps
SRX1400
Smaller Data Center
22
Campus/
Corporate Office
Copyright © 2011 Juniper Networks, Inc.
www.juniper.net
Large
Data Center
AGENDA
Industry trends & customer challenges
SRX Portfolio
Solution Differentiators
23
Copyright © 2011 Juniper Networks, Inc.
www.juniper.net
JUNOS OPERATING SYSTEM
T Series
EX Series
QFX Series
SRX
Series
MX Series
M Series
J Series
SECURITY
One OS
Reduces time/effort
to operate network
infrastructure
ROUTERS
SWITCHES
One Release Train
Delivers new
Ensures available &
functionality stably
Reduces OPEX
Simplifies management
24
One Architecture
scalable software for
growing needs
Reduces TCO
Copyright © 2011 Juniper Networks, Inc.
www.juniper.net
25
Module n
Interfaces
Routing
…
Kernel
Packet Forwarding
Physical Interfaces
DOS &
DDOS
ATTACKS
Attacks can be thwarted
Attacks overwhelm the box
Administrator loses management access—your
network is down
Management
Control Plane
Data Plane
Routing
Data
DOS & DDOS
ATTACKS
Management
ARCHITECTURE:
SEPARATE DATA AND CONTROL PLANE
Shared Plane
Under attack, administrator maintains management
access to modify policy, disallow bad traffic, and
process good traffic—your network stays up
Copyright © 2011 Juniper Networks, Inc.
www.juniper.net
DATA CENTER SECURITY SOLUTION THAT SPANS
PHYSICAL AND VIRTUAL NETWORKS
Management and Security Services
Security
Design
STRM
Security Threat
Response Manager
Services
Physical
Virtual
Firewall
VM
VM
VM
vGW Series
IPS
DoS
VM
Hypervisor
DoS Prevention
AppSecure
vGW Virtual Gateway
SRX Series
26
Copyright © 2011 Juniper Networks, Inc.
www.juniper.net
INTEGRATION WITH vGW VIRTUAL GATEWAY
EXTENDING ENFORCEMENT TO ANY FLOW IN THE DATA CENTER
Juniper SRX
with IPS and
AppSecure
Fabric
Switching
Policies
vGW Solution Integration
Security
Design
1. SRX Zone Visibility
extends to include VM
awareness
VM 1
VM 2
VM 3
…
VM 20
vGW Virtual Gateway
VMware vSphere Hypervisor
27
2. Firewall Event Syslogs
and Netflow for Inter-VM
Traffic to STRM
3. VM Traffic Inspection and
Enforcement with
selective mirroring to
SRX IPS
Copyright
2011 Juniper
Networks,
www.juniper.net
Copyright
© 2011©Juniper
Networks,
Inc. Inc.
www.juniper.net
APPSECURE: APPLICATION INTELLIGENCE—
BRANCH TO DATA CENTER
AppTrack
AppFW
AppQoS
AppDoS
IPS
Understand
security risks
Block access to
risky apps
Prioritize
important apps
Protect apps
from bot attacks
Remediate
security threats
Address new
user behaviors
Allows user
tailored policies
Rate limit less
important apps
Allow legitimate
user traffic
Stay current with
daily signatures
Easy add-on security services for SRX gateways
Delivers application visibility, enforcement and protection—up to 100 Gbps
Integrates nested application detection/ protection, control, & remediation
Subscription service includes all modules and updates
Juniper Security Lab provides 800+ application signatures
28
Copyright © 2011 Juniper Networks, Inc.
www.juniper.net
APPSECURE SERVICE MODULES
Flow
Processing
Ingress
AI
NAI
Egress
Application Identification Engine
Application
ID Results
IPS
AppTrack
AppDoS
AppFW
AppQoS
29
Copyright © 2011 Juniper Networks, Inc.
www.juniper.net
UNIFIED MANAGEMENT
Network Management
Automated configuration
and deployment of
security
Reduced security risk,
faster deployment, and
lower TCO
Junos Space
Security Design
Web UI
All-in-one log, threat, and
compliance management
Greater visibility including
web 2.0 and application
intelligence for improved
security
Seamless GUI access to
Junos features & functions
Quick configurations/
wizards
Cost effective & intuitive
Security Threat
Response Manager
Routing
30
SIEM
Security
Copyright © 2011 Juniper Networks, Inc.
J-Web
Switching
www.juniper.net
VIRTUALIZATION
31
Copyright © 2011 Juniper Networks, Inc.
www.juniper.net
VIRTUALIZATION CHALLENGES
Physical Network
Hidden Traffic
Complexity
Dynamic Applications
V-Motion
=
•
•
•
One server is
one server
Firewall can
see all traffic
Applications
don’t move
much
32
•
Traffic on the
same
hypervisor isn’t
sent to the
physical
firewall
•
One physical
server
represents
many virtual
ones
Copyright © 2011 Juniper Networks, Inc.
www.juniper.net
•
As applications move,
how does the physical
security follow?
33
Copyright © 2011 Juniper Networks, Inc.
www.juniper.net
VGW MODULES
Main
Firewall
Dashboard view of
virtual data center
Firewall policy
and logs
Network
Traffic flows
AntiVirus
AV protection w/
quarantine
IDS
View of IDS alerts
Complian
ceVM/host
Alerts on
non-compliance
Introspect
ion
VM “x-ray”
(OS, apps, etc.)
34
Copyright © 2011 Juniper Networks, Inc.
www.juniper.net
Reports
Granular reports
and scheduler
THE VGW PURPOSE-BUILT APPROACH
Service Provider & Enterprise Grade
Three-tiered Model
1
VMware Certified
Protects each VM and the hypervisor
Virtual
Center
2
Security
Design
for vGW
VM
Fault-tolerant architecture (i.e., HA)
VM1
VM2
VM3
ESX or ESXi Host
Virtualization-aware
“Secure VMotion” scales to
3
Packet Data
THE vGW ENGINE
VMWARE API’s
Any vSwitch
(Standard, DVS, 3rd Party)
Granular, Tiered Defense
Stateful firewall, integrated IDS,
HYPERVISOR
and AV
Flexible Policy Enforcement
35
Copyright © 2011 Juniper Networks, Inc.
www.juniper.net
VMware Kernel
1,000+ hosts
“Auto Secure” detects/protects
new VMs
Partner Server
(IDS, SIM,
Syslog, Netflow)
PERFORMANCE & SCALABILITY
36
Copyright © 2011 Juniper Networks, Inc.
www.juniper.net
SECURITY SOLUTION SUMMARY
Better Security
No new hardware
needed to add AppSecure,
UTM or robust network security
Performance and
Scalability Leader
Massive advantage in scale
over all other competitors
accommodates growth
37
Superior Design
Modular architecture allows
pay-as-you-grow approach
and simplifies operations
Strong Company
Security leadership (Gartner
leader quadrant in five categories*), and financial stability
Superior Networking
Carrier-grade networking
performance and robust
feature set integration
High Overall Value
Top performance and lower
TCO in a better networking
and security solution
Copyright © 2011 Juniper Networks, Inc. www.juniper.net
* Sources: Gartner 2010 Magic Quadrants for Enterprise Network Firewalls, Network Intrusion Prevention Systems, SSL VPN, SIEM (2011) ,
and Network Access Controls
3RD PARTY VALIDATION
38
Copyright © 2011 Juniper Networks, Inc.
www.juniper.net
ANALYST AND CUSTOMER RECOGNITION
“The foundational strength of the SRX family is Juniper’s new Dynamic Services Architecture, which allows a much more
intelligent sharing of resources among security services running on the gateway.”
Current Analysis, 2010
“Juniper’s maturing and expanding SRX family of security gateway appliances are threatening, because they deliver an
impressive combination of performance, functionality, and product family breadth.”
Andrew Braunberg, Current Analysis
“Juniper has consistently shown exceptional differentiation in terms of feature-set, performance and implementation
flexibility in a market that is getting increasingly crowded. It continues to excel as a value differentiator.”
Subha Rama, ABI Research
“The simplicity of Junos providing integrated routing, switching, and security, coupled with the automation that
Junos Space provides, is a nice value-add for CIOs who are constantly being asked to do more with less in a tighter
economic environment.”
IDC
Link
“I can sum up Juniper Networks in three words: security, performance, and reliability.”
Rich Acevedo, Network Engineer, Romano’s Macaroni Grill
“One of the key aspects of the relationship with Juniper is their ability to listen to what the customer needs. We’ve developed
a long-term relationship. We have helped influence some of the evolution of the products and features that we as well as
other customers would see as a benefit.”
Eric Walters, Network Manager, 7-Eleven
39
Copyright © 2011 Juniper Networks, Inc.
www.juniper.net