View
219
Download
0
Embed Size (px)
Citation preview
| Copyright © 2009 Juniper Networks, Inc. | www.juniper.net1
SRX Product Presentation
Mike Flaum
Product Marketing Manager
April 23, 2009
| Copyright © 2009 Juniper Networks, Inc. | www.juniper.net2
Legal statement
This statement of product direction sets forth Juniper Networks’ current intention and is subject to change at any time without notice. No purchases are contingent upon Juniper Networks delivering any feature or functionality depicted on this statement.
This presentation is under NDA until May 4, 2009 for all customers, Partners, Resellers, Distributors or any person or entity outside of Juniper Networks.
| Copyright © 2009 Juniper Networks, Inc. | www.juniper.net3
Table of contents
Distributed Enterprise
SRX Series Services Gateways - Product
| Copyright © 2009 Juniper Networks, Inc. | www.juniper.net4
Today’s news
Best reach for a carrier-grade network OS
– New SRX Services Gateway Series starting at $699
– New entry-level EX Series Gigabit access switches
First Secure Router with integrated content security
– Unified Threat Management and Intrusion Prevention Services now integrated into JUNOS software
Only “Support Engineer in a Box” service
– Advanced Insight Solutions now available for branch products
New Distributed Enterprise Solutions
| Copyright © 2009 Juniper Networks, Inc. | www.juniper.net5
Multi-year trends in the enterpriseMega Data
Centers(thousands)
Clients(billions)
Global High-Performance Network
Campus
Branch
Home
Mobile
Workforce Globalization
Data/App Consolidation
Th
e D
istr
ibu
ted
En
terp
rise
Th
e D
istr
ibu
ted
En
terp
rise
| Copyright © 2009 Juniper Networks, Inc. | www.juniper.net6
Distributed enterprise realities
Thousands of employees
Hundreds of employees
Tens of employees
A handful of employees H
eadq
uart
ers
in S
unny
vale
Des
ign
cent
er in
Ban
galo
re
Acq
uisi
tion
in B
osto
n
Reg
iona
l Sal
es O
ffic
e
Ser
vice
off
ice
Sal
es o
ffic
e
Global workforce centers
Cost
Complexity
Risk
Why Does the Distributed Enterprise Need a High-Performance Network? Secure and reliable transactions Responsive and private applications High-quality collaboration and communications
| Copyright © 2009 Juniper Networks, Inc. | www.juniper.net7
Using high-performance networking to reduce complexity
Juniper High-Performance Network
Learn and configure
one OS
Use fewer boxes
Simplifysoftware
management
OS #1
Firewall/VPNSwitchRouterVoice gatewayUTMIPSAccess Control
OS #3 OS #4OS #2
Legacy Network
Dynamic Services Architecture
Firewall/VPNSwitchRouterVoice gatewayUTMIPSAccess Control
9.49.2 9.3
High-performance network
Scalable
Fast
Reliable
Secure
Simple
| Copyright © 2009 Juniper Networks, Inc. | www.juniper.net8
Solution portfolio
EX8208
EX8216
M Series
MX Series
SRX650
SRX3000 Series
SRX240
SRX210
J SeriesEX2200
EX4200
EX3200
SRX100
SERVIC
ES GA
TEW
AYS
RO
UTE
RS
SRX5000 Series
Unified Management (NSM)
SW
ITC
HES
| Copyright © 2009 Juniper Networks, Inc. | www.juniper.net9
SRX SERIES SERVICE GATEWAYS
| Copyright © 2009 Juniper Networks, Inc. | www.juniper.net10
Branch SRX Launch
What
Juniper SRX for the Branch, a broad line of dynamic services platforms with leading connectivity, security, and application delivery capabilities on a single box
WhenNew products will be publicly announced during Juniper’s “Distributed Enterprise Solutions” launch on May 4th
Value Proposition
Single-box integration of fast, highly available routing, switching, adaptive threat management, and application services using a common, proven operating system for exceptional Enterprise-wide consistency
Non-Disclosure Agreement
NDA is required for SRX Series briefings for all customers, partners, resellers, and distributors prior to the May 4, 2009 launch date
| Copyright © 2009 Juniper Networks, Inc. | www.juniper.net11
CONSOLIDATION
CONVERGENCE
CONNECTIVITY
Three key market drivers
VoIP
Analog
Fax WLAN AP
Security Camera
Power Over Ethernet
Antispam AntivirusIPS Web filtering
UTM
Network migration to multi-service platform—“Secure Router” instead of multiple appliances
Secure Router = – Router + Firewall + VPN + Switching– Unified Threat Management
UAC Content Filtering
Routing Ethernet Switching
FirewallIPSec VPN
3G PSTN MPLS
Internet Metro
NETWORK SECURITY NETWORK SECURITY
Voice and Data
VoIP Gateway and VoIP handsets Power over Ethernet Wireless Access Points
Internet Metro Ethernet MPLS
FREE
LICENSED
Wireless WAN 3G PSTN
| Copyright © 2009 Juniper Networks, Inc. | www.juniper.net12
Highly configurable– Fixed, semi-modular, and
modular form factors
– Choice of WAN, wireless, and LAN interfaces
– Available voice media gateway Extensive integration
– Full suite of JUNOS routing and switching capabilities
– Unmatched security, including FW, VPN, UTM, UAC, and full IPS
Exceptional performance and availability
– Hardware-assisted Content Security Acceleration for ExpressAV and IPS
– Control & data plane separation, redundant processing and power
Priced at $699, $1099, $2999, and $16000 (list)
New SRX Services GatewaysLeveraging Juniper’s Dynamic Services Architecture
Model Configuration SIPGateway
ContentSecurity
Acceleration
FW/IPSPerformance
SRX100 Fixed No No 600/50 Mbps
SRX210 1 mini PIM slot Optional Optional 750/80 Mbps
SRX240 4 mini PIM slots Optional Optional 1500/250 Mbps
SRX650 8 GPIM slots Optional Standard 7000/900 Mbps
Advanced FW / VPN /ROUTING
license included
16 X Gigabit Ethernet
Full UTM
20X IPS performance
Up to 80% lower price
Roadmap
| Copyright © 2009 Juniper Networks, Inc. | www.juniper.net13
The SRX Branch portfolio 2009
Large Branch/Regional OfficeTelecommuter/Small Office
SRX 100
Small to Medium Office
SRX 210
SRX 240
SRX 650
+ WAN slot, 2 x Gig E, PoE
+ 4 WAN slots, 16 x Gig E
+ More LAN slots, dual processors, dual P/S
NSM
Centrally managedby NSM
| Copyright © 2009 Juniper Networks, Inc. | www.juniper.net14
Typical Deployment
| Copyright © 2009 Juniper Networks, Inc. | www.juniper.net15
SRX Series Specification Summary FEATURES SRX100 (target) SRX210 SRX240 SRX650
On-board Ethernet 8 x FE 2 x GE + 6 x FE 16 x GE 4 x GE
Power over Ethernet (802.3af, 802.3at) None 4 ports—50 W total
16 ports GE, 150 W
48 ports GE, 250 W or 500 W
WAN slots None 1 x mini PIM 4 x SRX mini PIM 8 x GPIM
USB ports (flash) 1 2 2 2 per processor
Content Security Acceleration— ExpressAV and Intrusion Detection and Prevention No YES YES YES
JUNOS Software version support JUNOS 9.6 JUNOS 9.5 JUNOS 9.5 JUNOS 9.5
Routing Performance 60 Kpps 80Kpps 200Kpps 900Kpps
Firewall performance (Large Packets) 600 Mbps 750 Mbps 1.5 Gbps 7.0 Gbps
Firewall performance (IMIX) 175 Mbps 250 Mbps 500 Mbps 2.5 Gbps
Firewall performance (Firewall + Routing PPS 64byte) 65 Kpps 75 Kpps 150 Kpps 900Kpps
VPN Performance—AES256+SHA-1 3DES+SHA 1 65 Mbps 75 Mbps 250 Mbps 1.5 Gbps
Intrusion Prevention System 50 Mbps 80 Mbps 250 Mbps 900 Mbps
Connections Per Second (CPS) 2K 2K 9K 35K
Maximum Concurrent Sessions (512MB/1GB RAM) 16 K / 32K 32K / 64K 64K / 128K 512 K
Antivirus TBD 30 Mbps 85 Mbps 350 Mbps
High Availability A/A or A/P A/A or A/P A/A* or A/PA/A* or A/P,
Hot swap GPIMs,Dual processors*,
Dual power
* Supported in JUNOS 9.6
| Copyright © 2009 Juniper Networks, Inc. | www.juniper.net16
SRX100
Ideal for micro-branch, managed telecommuters, SOHO
Fixed I/O—8 x 10/100 Ethernet ports Full UTM features
– IDP– Antivirus – Anti-spam – Web filtering– UAC Enforcement– UTM requires High Memory model
(UTM, license), no CSA
Features SRX100 (target)
On-board Ethernet 8 x FE
Power over Ethernet (802.3af, 802.3at) None
WAN slots None
USB ports 1
3G Future
Intrusion Prevention System No
JUNOS Software version support JUNOS 9.6
Routing performance 60 Kpps
Firewall performance (Large Packets) 600 Mbps
Firewall performance (IMIX) 175 Mbps
Firewall performance (Firewall + Routing PPS 64byte) 65 Kpps
VPN Performance—AES256+SHA-1 65 Mbps
VPN Performance —3DES+SHA 1 50 Mbps
Connections Per Second (CPS) 2K
Maximum Concurrent Sessions (512MB/1GB RAM) 16 K / 32K
IPS performance TBD
High Availability A/A or A/P
Q3 2009
| Copyright © 2009 Juniper Networks, Inc. | www.juniper.net17
SRX210
Ideal for Small branches Full UTM features
– IDP, Antivirus, Anti-spam, Web filtering, Content filtering
– UAC Enforcement– UTM requires High Memory model
Available Voice version with mini-PIM options—Q3 2009
– Factory-configured voice model (Q3 2009)
Features SRX210
On-board Ethernet 2 x GE + 6 x FE
Power over Ethernet (802.3af, 802.3at) 4 ports—50 W total
WAN slots 1 x mini PIM
3G wireless (ExpressCard slot) Yes
USB ports (flash) 2
Content Security Accelerator—ExpressAVand Intrusion Detection and Prevention Yes
JUNOS Software version support JUNOS 9.5
Routing performance 80 Kpps
Firewall performance (Large Packets) 750 Mbps
Firewall performance (IMIX) 250 Mbps
Firewall performance (Firewall + Routing PPS 64byte) 75 Kpps
VPN Performance—AES256+SHA-1 75 Mbps
VPN Performance —3DES+SHA 1 75 Mbps
Connections Per Second (CPS) 2K CPS
Maximum Concurrent Sessions (512MB/1GB RAM) 32K / 64K
IPS performance 80 Mbps
High Availability A/A or A/P
Q2 2009
| Copyright © 2009 Juniper Networks, Inc. | www.juniper.net18
Ideal for small–medium branches Full UTM features
– IDP, Antivirus, Anti-spam, Web filtering, Content filtering
– UAC Enforcement– UTM requires High Memory model
Available Voice version with mini-PIM options—Q4 2009
– Factory-configured voice model (Q4 2009)
Features SRX240
On-board Ethernet 16 x GE
Power over Ethernet (802.3af, 802.3at) 16 ports GE, 150 W
WAN slots 4 x SRX mini PIM
USB ports (flash) 2
3G Future
Content Security Accelerator—ExpressAVand Intrusion Detection and Prevention Yes
JUNOS Software version support JUNOS 9.5
Routing performance 200 Kpps
Firewall performance (Large Packets) 1.5 Gbps
Firewall performance (IMIX) 500 Mbps
Firewall performance (Firewall + Routing PPS 64byte) 150 Kpps
VPN Performance—AES256+SHA-1 250 Mbps
VPN Performance —3DES+SHA 1 250 Mbps
Connections Per Second (CPS) 9K CPS
Maximum Concurrent Sessions (512MB/1GB RAM) 64K / 128K
IPS performance 250 Mbps
High Availability A/A* or A/P
SRX240 Q2 2009
* Supported in JUNOS 9.6
| Copyright © 2009 Juniper Networks, Inc. | www.juniper.net19
SRX650
Ideal for regional sites, large branches Modular-
– LAN switching– Services Routing Processors with optional
redundancy (future)– power supplies with optional redundancy
(at FRS)– voice configurations (field upgradable via
PIMs in 2010) Full UTM features
– IDP, Antivirus, Anti-spam, Web filtering, Content filtering
– UAC Enforcement Max Gig E 52 ports
(2 x 24 GE PIM + 4 integrated ports)
Features SRX650
On-board Ethernet 4 x GE
Power over Ethernet (802.3af, 802.3at) 48 ports GE, 250 or 500 W
WAN slots 8 x GPIM
USB ports (flash) 2 per processor
3G Future
Content Security Accelerator—ExpressAVand Intrusion Detection and Prevention Yes
JUNOS Software version support JUNOS 9.5
Routing performance 900 Kpps
Firewall performance (Large Packets) 7.0 Gbps
Firewall performance (IMIX) 2.5 Gbps
Firewall performance (Firewall + Routing PPS 64byte) 900 Kpps
VPN Performance—AES256+SHA-1 1.5 Gbps
VPN Performance —3DES+SHA 1 1.5 Gbps
Connections Per Second (CPS) 35K CPS
Maximum Concurrent Sessions (512MB/1GB RAM) 512 K
IPS performance 900 Mbps
High AvailabilityA/A* or A/P
Hot swap GPIMs,Dual processors*, Dual power
Q2 2009
* Supported in JUNOS 9.6
*Supported in JUNOS 9.6
| Copyright © 2009 Juniper Networks, Inc. | www.juniper.net20
SRX210 with Integrated Convergence Services
SRX Voice Elements Survivable SIP server
SIP Media Gateway
SIP Security
Base and expandable voice ports
PoE Ports
PoE Ports scaling with EX switch
Target Branch Size (# users)
No. Slots
Base DSP
Channels
Base No. of Ports
Expansion Slots
SRX210 2–25 1 mPIM
8–16 (codec
dependent)
2 FXO, 2FXS
T1/E14 FXO
2 FXS + 2 FXOSRX240 10–50 4
mPIMs 30–48 2 FXO, 2 FXS
SRX650 50–200 8 gPIMs
Requires gPIM 0
T1/E1Dual T1/E16 FXO + 2
FXS2 FXO + 6
FXS
Q3 2009
FXS ports – connect your analog phone or
FAX machine hereFXO ports – connect to your wall phone socket
E1/T1 or FXOs for carrier trunk or FXS for additional analog phones/ fax machines
| Copyright © 2009 Juniper Networks, Inc. | www.juniper.net21
SIP Server
CORPORATE OFFICE
SRX210 / SRX240
SIP Soft Switch
SERVICE PROVIDER
VOIP
Analog
PBX, Key System
Channelized T-1 / E1/ FXO
Local PSTNLocal PSTN
INTERNETSIP VoIP handset
Digital
2H 2009Juniper Integrated Convergence ServicesStage 1: Survivable Media Gateway
WANMPLS
Soft PhonesFAX SIP VoIP handset
SIP VoIP handset to digital or analog phone
1
1
Enterprise choice and flexibility
SIP standards Choice of sip phones, call servers and applications
SIP Server and SIP Soft switch
22
SIP Trunking “Toll bypass”, “extension”
23
3
3
SIP Trunking to Corporate to PSTN (typical)
34
4
4
SIP Trunking“VoIP to PSTN” S.P. VoIP
5
5
Failover to PSTN
X
X
| Copyright © 2009 Juniper Networks, Inc. | www.juniper.net22
SRX210
3G Wireless WAN
Deployments- Primary connection where
wired broadband is not available
Back up connectivity with wired primary.
Out of band management, remote deployment.
Available on SRX210
HQDatacenter
3G Wireless
Dynamic VPN Services
INTERNET
2H 2009
Retail Branch Regional
| Copyright © 2009 Juniper Networks, Inc. | www.juniper.net23
Branch Wireless AP Solution Juniper 802.11n indoor Solution
– Backwards compatible to .11a/b/g– Dual mode radio support 300Mbps (Aggregate)– Single radio 200Mbps (160Mbps typical)– Spatial Streams: 2x2:2, 2x3:2, 3x3:2– UL2043 Plenum rated for over ceiling mounting.– 50 Meter range (indoor)– Unit can be mounted on ceiling or wall– Virtual AP technology – Support of up to 16 simultaneous SSIDs– 802.11e WMM capable
1 Gigabit Ethernet POE support
Optional External Power Supply
Serial Consol Support
L2 Managed by SRX Branch Products
Additional licensing cost for Branch SRX to manage multiple access points – Clusters of 4,8,16 APs.
Q4 2009
| Copyright © 2009 Juniper Networks, Inc. | www.juniper.net24
Software Features 802.1Q VLAN support
– Up to 4,096 VLAN support (platform dependent)– Routed VLAN Interface (RVI)– GARP VLAN Registration Protocol (GVRP)– QOS on VLAN interface
L3 Strict priority queuing (LLQ) L3 Smoothed Deficit Weighted Round Robin (SDWRR) L3 Weighted Random Early Discard (WRED) L3 Per port and per queue shaping
802.1x Port based Authentication 802.3ad (AX) link aggregation* STP, Spanning Tree Protocol
– 802.1D Spanning Tree Protocol– 802.1S Multiple STP– 802.1w Rapid STP
Jumbo Frame Support (9,216 Byte)*
Ethernet Switching
SRX210 SRX240 SRX650
Hardware (Onboard Ethernet) SRX100
– 8 Fixed 10/100 (Switched or Routed) SRX210
– Fixed 2 10/100/1000 + 6 10/100 (Switched or Routed)– 802.3af optional POE (2FE + 2GE)
SRX240– Fixed 16 Ports 10/100/1000 (Switched or Routed)– Power over Ethernet (optional all ports)– 802.3af, 802.3at
SRX650– Fixed 4 ports 10/100/1000 (Routed)
Hardware Ethernet PIMs SRX Mini-PIM (SRX210/SRX240)
– 1 Port SFP 16 port GigE XPIM for SRX650
– Double-high– Full-duplex 20 Gbps backplane– 16 port GE and optional PoE
24 port GigE including 4 SFP slots XPIM for SRX650– Double-high - double-wide– Optional POE - 24 port GE with PoE incl 4 SFP slots– Full-duplex 20 Gbps backplane
Optics– SRX GE SFP LH | SRX GE SFP LX | SRX GE SFP SX |
SRX GE SFP 1000 Base-T | SRX FE FX SFP
SRX100
* Not supported on SRX100
| Copyright © 2009 Juniper Networks, Inc. | www.juniper.net25
SRX Series—Firewall, Zones, and Policies
ZONE “UNTRUST”ZONE “UNTRUST”Originating ZoneOriginating Zone
SRXSRX
ZONE “TRUST”ZONE “TRUST”ZONE “TRUST”ZONE “TRUST”
Default Policy—Deny AllDefault Policy—Deny AllDefault Policy—Allow AllDefault Policy—Allow All
INTERNETINTERNET
Originating ZoneOriginating Zone
| Copyright © 2009 Juniper Networks, Inc. | www.juniper.net26
Unified Threat Management (UTM) Features
Websense to block to unapproved site access
Web Filtering
Kaspersky Lab AV stops Viruses, file-based Trojans, Spyware, Adware, Keyloggers
Kaspersky Lab AV stops viruses, file-based trojans or spread of spyware, adware, keyloggers
Antivirus
Symantec stops Spam / Phishing
Anti-spam
Juniper IDP detects/stops Worms, Trojans, DoS (L4 & L7), Scans
IPS
Firewall, VPN, Unified Access ControlCore Security
Firewall, VPN, Unified Access Control
SRX Series blocks transmission of files for Data Loss Prevention
Content Filtering
Internal Threats
External ThreatsINTERNETINTERNET
Juniper IDP detects/stops Worms, Trojans, DoS (L4 & L7), Scans
| Copyright © 2009 Juniper Networks, Inc. | www.juniper.net27
Juniper Networks Unified Access Control (UAC)
UAC Agent EX Series L2 Switch
802.1X Switches & Access Points
APPLICATIONS
Juniper Firewall Platforms
POLICY SERVER
Identity Stores
IC Series
1
UAC Enforcement Points
Data App Internet
NSSSG
ISG
22
3
Control Access to Protected Resources
Dynamically Provision
Policy Enforcement
Authenticate User, Profile Endpoint,
Determine Location
Comprehensive, vendor-agnostic, standards-based access control across heterogeneous environments delivering investment protection
1
SRX
| Copyright © 2009 Juniper Networks, Inc. | www.juniper.net28
SRX210
Remote Access
Dynamic VPN Service – Access Manager Client
A dynamic IPSEC Client that is automatically downloaded
5-user, 10-user, 25-user, 50-user (SRX240) license option with simultaneous tunnel enforcement
Supported on the SRX100, SRX210, and SRX240
Not supported on SRX650 Automatic client upgrade capabilities Self-provisioning from SRX210,
SRX240 IPSec with TCP-based fallback for
NAT traversal Initial release to support Windows
platforms—XP, Vista, Win 2000
WiredWireless
3G Wireless
Dynamic VPN Services
INTERNET
Q2 2009
| Copyright © 2009 Juniper Networks, Inc. | www.juniper.net29
Juniper Unified Management
Unified management across Juniper’s network infrastructure
Network lifecycle management—Provision, Monitor, and Troubleshoot
Consistent and Open standards NBI for easy integration with 3rd party NMS
EMS NMS Visibility Diagnostics
SNMP, Syslog, XMLSNMP, Syslog
NetConf, DMI, Syslog, Sflow
Security Threat Response Manager
Network & Security Manager (NSM)
JUNOScope Advanced Insight Manager
NETWORK MANAGEMENT
ONE
JUNOS
CLI, JUNOScript
ONE
J-Web
Web UI
HTTP / HTTPS XML
Telnet, SSH, XML
SwitchingSecurityRouting
MX Series
M Series
ISG/IDP
SSL VPN
Infranet Controller SRX5600
| Copyright © 2009 Juniper Networks, Inc. | www.juniper.net30
Network Security Manager
Along with SRX, NSM Manages Juniper’s entire enterprise portfolio*
NSM is a great way to port ScreenOS customers over to a JUNOS solution and to help manage a mixed environment
Common Management also offers huge up-sell opportunity
| Copyright © 2009 Juniper Networks, Inc. | www.juniper.net31
Security Threat Response Manager
STRM supports SRX Series– Intrusion Prevention System (IPS)
– 220+ out-of-the box report templates
– Fully customizable reporting engine: creating, branding and scheduling delivery of reports
– Compliance reporting packages for PCI, SOX, FISMA, GLBA, and HIPAA
– Reports based on control frameworks: NIST, ISO and CoBIT
| Copyright © 2009 Juniper Networks, Inc. | www.juniper.net32
Rapid Deployment
Simplified deployment-– Eliminate need for-
Pre-staging device IT at point of
installation
Reduce -– Provisioning time– Installation cost– No “truck roll”
• A Unique ID for tracking purposes
• Untrust Interface configuration
• Configuration parameters to enable “registration” of device to management server
• User/Password
• Management Server IP Address/Domain Name
• One time password
1. Generate and export startup config to USB
Network Security Manager
Q4 2009
2. USB Loads startup config3. Validation of start up config4. Secure communication to NSM
SRX 210
5. Download Running Config
6. SRX In Service
| Copyright © 2009 Juniper Networks, Inc. | www.juniper.net33
Juniper Branch ProductsSSG, SRX, and J Series Products
SSG Family FW, VPN, NAT, UAC
IPv6 Security
Wireless (WLAN)
Unified Threat Management
– Intrusion Prevention: DI
– Antivirus—Kaspersky
– Web filtering—Websense
– Anti-spam—Symantec
J Series FW, VPN, NAT, UAC
Routing, Switching, QOS, MPLS
WX—ISM 200 Application Acceleration
VoIP—Avaya Integ. Gway
Unified Threat Management– Full IDP—Juniper
– Antivirus—Kaspersky
– Web filtering—Websense
– Anti-spam—Symantec
SRX Unified Threat Management
– Full IDP—Juniper
– Antivirus—Kaspersky
– Web filtering—Websense
– Anti-spam—Symantec
VoIP– Juniper OpenCommunications– Power over Ethernet
FW, VPN, NAT, UAC
SSG320M
SSG5 Wireless
SSG20 Wireless J2320
J2350SSG140
SSG350M
SSG520SSG520M
J6350SSG550SSG550M
J4350
SRX 100
SRX 210
SRX 240
SRX 650
| Copyright © 2009 Juniper Networks, Inc. | www.juniper.net34
THANK YOU