| Copyright © 2009 Juniper Networks, Inc. | 1 SRX Product Presentation Mike Flaum Product Marketing Manager April 23, 2009

| Copyright © 2009 Juniper Networks, Inc. | www.juniper.net1

SRX Product Presentation

Mike Flaum

Product Marketing Manager

April 23, 2009


Legal statement

This statement of product direction sets forth Juniper Networks’ current intention and is subject to change at any time without notice. No purchases are contingent upon Juniper Networks delivering any feature or functionality depicted on this statement.

This presentation is under NDA until May 4, 2009 for all customers, Partners, Resellers, Distributors or any person or entity outside of Juniper Networks.


Table of contents

Distributed Enterprise

SRX Series Services Gateways - Product


Today’s news

Best reach for a carrier-grade network OS

– New SRX Services Gateway Series starting at $699

– New entry-level EX Series Gigabit access switches

First Secure Router with integrated content security

– Unified Threat Management and Intrusion Prevention Services now integrated into JUNOS software

Only “Support Engineer in a Box” service

– Advanced Insight Solutions now available for branch products

New Distributed Enterprise Solutions


Multi-year trends in the enterpriseMega Data

Centers(thousands)

Clients(billions)

Global High-Performance Network

Campus

Branch

Home

Mobile

Workforce Globalization

Data/App Consolidation

Th

e D

istr

ibu

ted

En

terp

rise

Th

e D

istr

ibu

ted

En

terp

rise


Distributed enterprise realities

Thousands of employees

Hundreds of employees

Tens of employees

A handful of employees H

eadq

uart

ers

in S

unny

vale

Des

ign

cent

er in

Ban

galo

re

Acq

uisi

tion

in B

osto

n

Reg

iona

l Sal

es O

ffic

e

Ser

vice

off

ice

Sal

es o

ffic

e

Global workforce centers

Cost

Complexity

Risk

Why Does the Distributed Enterprise Need a High-Performance Network? Secure and reliable transactions Responsive and private applications High-quality collaboration and communications


Using high-performance networking to reduce complexity

Juniper High-Performance Network

Learn and configure

one OS

Use fewer boxes

Simplifysoftware

management

OS #1

Firewall/VPNSwitchRouterVoice gatewayUTMIPSAccess Control

OS #3 OS #4OS #2

Legacy Network

Dynamic Services Architecture

Firewall/VPNSwitchRouterVoice gatewayUTMIPSAccess Control

9.49.2 9.3

High-performance network

Scalable

Fast

Reliable

Secure

Simple


Solution portfolio

EX8208

EX8216

M Series

MX Series

SRX650

SRX3000 Series

SRX240

SRX210

J SeriesEX2200

EX4200

EX3200

SRX100

SERVIC

ES GA

TEW

AYS

RO

UTE

RS

SRX5000 Series

Unified Management (NSM)

SW

ITC

HES


SRX SERIES SERVICE GATEWAYS


Branch SRX Launch

What

Juniper SRX for the Branch, a broad line of dynamic services platforms with leading connectivity, security, and application delivery capabilities on a single box

WhenNew products will be publicly announced during Juniper’s “Distributed Enterprise Solutions” launch on May 4th

Value Proposition

Single-box integration of fast, highly available routing, switching, adaptive threat management, and application services using a common, proven operating system for exceptional Enterprise-wide consistency

Non-Disclosure Agreement

NDA is required for SRX Series briefings for all customers, partners, resellers, and distributors prior to the May 4, 2009 launch date


CONSOLIDATION

CONVERGENCE

CONNECTIVITY

Three key market drivers

VoIP

Analog

Fax WLAN AP

Security Camera

Power Over Ethernet

Antispam AntivirusIPS Web filtering

UTM

Network migration to multi-service platform—“Secure Router” instead of multiple appliances

Secure Router = – Router + Firewall + VPN + Switching– Unified Threat Management

UAC Content Filtering

Routing Ethernet Switching

FirewallIPSec VPN

3G PSTN MPLS

Internet Metro

NETWORK SECURITY NETWORK SECURITY

Voice and Data

VoIP Gateway and VoIP handsets Power over Ethernet Wireless Access Points

Internet Metro Ethernet MPLS

FREE

LICENSED

Wireless WAN 3G PSTN


Highly configurable– Fixed, semi-modular, and

modular form factors

– Choice of WAN, wireless, and LAN interfaces

– Available voice media gateway Extensive integration

– Full suite of JUNOS routing and switching capabilities

– Unmatched security, including FW, VPN, UTM, UAC, and full IPS

Exceptional performance and availability

– Hardware-assisted Content Security Acceleration for ExpressAV and IPS

– Control & data plane separation, redundant processing and power

Priced at $699, $1099, $2999, and $16000 (list)

New SRX Services GatewaysLeveraging Juniper’s Dynamic Services Architecture

Model Configuration SIPGateway

ContentSecurity

Acceleration

FW/IPSPerformance

SRX100 Fixed No No 600/50 Mbps

SRX210 1 mini PIM slot Optional Optional 750/80 Mbps

SRX240 4 mini PIM slots Optional Optional 1500/250 Mbps

SRX650 8 GPIM slots Optional Standard 7000/900 Mbps

Advanced FW / VPN /ROUTING

license included

16 X Gigabit Ethernet

Full UTM

20X IPS performance

Up to 80% lower price

Roadmap


The SRX Branch portfolio 2009

Large Branch/Regional OfficeTelecommuter/Small Office

SRX 100

Small to Medium Office

SRX 210

SRX 240

SRX 650

+ WAN slot, 2 x Gig E, PoE

+ 4 WAN slots, 16 x Gig E

+ More LAN slots, dual processors, dual P/S

NSM

Centrally managedby NSM


Typical Deployment


SRX Series Specification Summary FEATURES SRX100 (target) SRX210 SRX240 SRX650

On-board Ethernet 8 x FE 2 x GE + 6 x FE 16 x GE 4 x GE

Power over Ethernet (802.3af, 802.3at) None 4 ports—50 W total

16 ports GE, 150 W

48 ports GE, 250 W or 500 W

WAN slots None 1 x mini PIM 4 x SRX mini PIM 8 x GPIM

USB ports (flash) 1 2 2 2 per processor

Content Security Acceleration— ExpressAV and Intrusion Detection and Prevention No YES YES YES

JUNOS Software version support JUNOS 9.6 JUNOS 9.5 JUNOS 9.5 JUNOS 9.5

Routing Performance 60 Kpps 80Kpps 200Kpps 900Kpps

Firewall performance (Large Packets) 600 Mbps 750 Mbps 1.5 Gbps 7.0 Gbps

Firewall performance (IMIX) 175 Mbps 250 Mbps 500 Mbps 2.5 Gbps

Firewall performance (Firewall + Routing PPS 64byte) 65 Kpps 75 Kpps 150 Kpps 900Kpps

VPN Performance—AES256+SHA-1 3DES+SHA 1 65 Mbps 75 Mbps 250 Mbps 1.5 Gbps

Intrusion Prevention System 50 Mbps 80 Mbps 250 Mbps 900 Mbps

Connections Per Second (CPS) 2K 2K 9K 35K

Maximum Concurrent Sessions (512MB/1GB RAM) 16 K / 32K 32K / 64K 64K / 128K 512 K

Antivirus TBD 30 Mbps 85 Mbps 350 Mbps

High Availability A/A or A/P A/A or A/P A/A* or A/PA/A* or A/P,

Hot swap GPIMs,Dual processors*,

Dual power

* Supported in JUNOS 9.6


SRX100

Ideal for micro-branch, managed telecommuters, SOHO

Fixed I/O—8 x 10/100 Ethernet ports Full UTM features

– IDP– Antivirus – Anti-spam – Web filtering– UAC Enforcement– UTM requires High Memory model

(UTM, license), no CSA

Features SRX100 (target)

On-board Ethernet 8 x FE

Power over Ethernet (802.3af, 802.3at) None

WAN slots None

USB ports 1

3G Future

Intrusion Prevention System No

JUNOS Software version support JUNOS 9.6

Routing performance 60 Kpps

Firewall performance (Large Packets) 600 Mbps

Firewall performance (IMIX) 175 Mbps

Firewall performance (Firewall + Routing PPS 64byte) 65 Kpps

VPN Performance—AES256+SHA-1 65 Mbps

VPN Performance —3DES+SHA 1 50 Mbps

Connections Per Second (CPS) 2K

Maximum Concurrent Sessions (512MB/1GB RAM) 16 K / 32K

IPS performance TBD

High Availability A/A or A/P

Q3 2009


SRX210

Ideal for Small branches Full UTM features

– IDP, Antivirus, Anti-spam, Web filtering, Content filtering

– UAC Enforcement– UTM requires High Memory model

Available Voice version with mini-PIM options—Q3 2009

– Factory-configured voice model (Q3 2009)

Features SRX210

On-board Ethernet 2 x GE + 6 x FE

Power over Ethernet (802.3af, 802.3at) 4 ports—50 W total

WAN slots 1 x mini PIM

3G wireless (ExpressCard slot) Yes

USB ports (flash) 2

Content Security Accelerator—ExpressAVand Intrusion Detection and Prevention Yes



Firewall performance (Large Packets) 750 Mbps





Connections Per Second (CPS) 2K CPS

Maximum Concurrent Sessions (512MB/1GB RAM) 32K / 64K

IPS performance 80 Mbps

High Availability A/A or A/P

Q2 2009


Ideal for small–medium branches Full UTM features


– UAC Enforcement– UTM requires High Memory model

Available Voice version with mini-PIM options—Q4 2009

– Factory-configured voice model (Q4 2009)

Features SRX240

On-board Ethernet 16 x GE

Power over Ethernet (802.3af, 802.3at) 16 ports GE, 150 W

WAN slots 4 x SRX mini PIM

USB ports (flash) 2

3G Future




Firewall performance (Large Packets) 1.5 Gbps






Maximum Concurrent Sessions (512MB/1GB RAM) 64K / 128K


High Availability A/A* or A/P

SRX240 Q2 2009



SRX650

Ideal for regional sites, large branches Modular-

– LAN switching– Services Routing Processors with optional

redundancy (future)– power supplies with optional redundancy

(at FRS)– voice configurations (field upgradable via

PIMs in 2010) Full UTM features


– UAC Enforcement Max Gig E 52 ports

(2 x 24 GE PIM + 4 integrated ports)

Features SRX650

On-board Ethernet 4 x GE

Power over Ethernet (802.3af, 802.3at) 48 ports GE, 250 or 500 W

WAN slots 8 x GPIM

USB ports (flash) 2 per processor

3G Future




Firewall performance (Large Packets) 7.0 Gbps

Firewall performance (IMIX) 2.5 Gbps


VPN Performance—AES256+SHA-1 1.5 Gbps

VPN Performance —3DES+SHA 1 1.5 Gbps


Maximum Concurrent Sessions (512MB/1GB RAM) 512 K


High AvailabilityA/A* or A/P

Hot swap GPIMs,Dual processors*, Dual power

Q2 2009


*Supported in JUNOS 9.6


SRX210 with Integrated Convergence Services

SRX Voice Elements Survivable SIP server

SIP Media Gateway

SIP Security

Base and expandable voice ports

PoE Ports

PoE Ports scaling with EX switch

Target Branch Size (# users)

No. Slots

Base DSP

Channels

Base No. of Ports

Expansion Slots

SRX210 2–25 1 mPIM

8–16 (codec

dependent)

2 FXO, 2FXS

T1/E14 FXO

2 FXS + 2 FXOSRX240 10–50 4

mPIMs 30–48 2 FXO, 2 FXS

SRX650 50–200 8 gPIMs

Requires gPIM 0

T1/E1Dual T1/E16 FXO + 2

FXS2 FXO + 6

FXS

Q3 2009

FXS ports – connect your analog phone or

FAX machine hereFXO ports – connect to your wall phone socket

E1/T1 or FXOs for carrier trunk or FXS for additional analog phones/ fax machines


SIP Server

CORPORATE OFFICE

SRX210 / SRX240

SIP Soft Switch

SERVICE PROVIDER

VOIP

Analog

PBX, Key System

Channelized T-1 / E1/ FXO

Local PSTNLocal PSTN

INTERNETSIP VoIP handset

Digital

2H 2009Juniper Integrated Convergence ServicesStage 1: Survivable Media Gateway

WANMPLS

Soft PhonesFAX SIP VoIP handset

SIP VoIP handset to digital or analog phone

1

1

Enterprise choice and flexibility

SIP standards Choice of sip phones, call servers and applications

SIP Server and SIP Soft switch

22

SIP Trunking “Toll bypass”, “extension”

23

3

3

SIP Trunking to Corporate to PSTN (typical)

34

4

4

SIP Trunking“VoIP to PSTN” S.P. VoIP

5

5

Failover to PSTN

X

X


SRX210

3G Wireless WAN

Deployments- Primary connection where

wired broadband is not available

Back up connectivity with wired primary.

Out of band management, remote deployment.

Available on SRX210

HQDatacenter

3G Wireless

Dynamic VPN Services

INTERNET

2H 2009

Retail Branch Regional


Branch Wireless AP Solution Juniper 802.11n indoor Solution

– Backwards compatible to .11a/b/g– Dual mode radio support 300Mbps (Aggregate)– Single radio 200Mbps (160Mbps typical)– Spatial Streams: 2x2:2, 2x3:2, 3x3:2– UL2043 Plenum rated for over ceiling mounting.– 50 Meter range (indoor)– Unit can be mounted on ceiling or wall– Virtual AP technology – Support of up to 16 simultaneous SSIDs– 802.11e WMM capable

1 Gigabit Ethernet POE support

Optional External Power Supply

Serial Consol Support

L2 Managed by SRX Branch Products

Additional licensing cost for Branch SRX to manage multiple access points – Clusters of 4,8,16 APs.

Q4 2009


Software Features 802.1Q VLAN support

– Up to 4,096 VLAN support (platform dependent)– Routed VLAN Interface (RVI)– GARP VLAN Registration Protocol (GVRP)– QOS on VLAN interface

L3 Strict priority queuing (LLQ) L3 Smoothed Deficit Weighted Round Robin (SDWRR) L3 Weighted Random Early Discard (WRED) L3 Per port and per queue shaping

802.1x Port based Authentication 802.3ad (AX) link aggregation* STP, Spanning Tree Protocol

– 802.1D Spanning Tree Protocol– 802.1S Multiple STP– 802.1w Rapid STP

Jumbo Frame Support (9,216 Byte)*

Ethernet Switching

SRX210 SRX240 SRX650

Hardware (Onboard Ethernet) SRX100

– 8 Fixed 10/100 (Switched or Routed) SRX210

– Fixed 2 10/100/1000 + 6 10/100 (Switched or Routed)– 802.3af optional POE (2FE + 2GE)

SRX240– Fixed 16 Ports 10/100/1000 (Switched or Routed)– Power over Ethernet (optional all ports)– 802.3af, 802.3at

SRX650– Fixed 4 ports 10/100/1000 (Routed)

Hardware Ethernet PIMs SRX Mini-PIM (SRX210/SRX240)

– 1 Port SFP 16 port GigE XPIM for SRX650

– Double-high– Full-duplex 20 Gbps backplane– 16 port GE and optional PoE

24 port GigE including 4 SFP slots XPIM for SRX650– Double-high - double-wide– Optional POE - 24 port GE with PoE incl 4 SFP slots– Full-duplex 20 Gbps backplane

Optics– SRX GE SFP LH | SRX GE SFP LX | SRX GE SFP SX |

SRX GE SFP 1000 Base-T | SRX FE FX SFP

SRX100

* Not supported on SRX100


SRX Series—Firewall, Zones, and Policies

ZONE “UNTRUST”ZONE “UNTRUST”Originating ZoneOriginating Zone

SRXSRX

ZONE “TRUST”ZONE “TRUST”ZONE “TRUST”ZONE “TRUST”

Default Policy—Deny AllDefault Policy—Deny AllDefault Policy—Allow AllDefault Policy—Allow All

INTERNETINTERNET

Originating ZoneOriginating Zone


Unified Threat Management (UTM) Features

Websense to block to unapproved site access

Web Filtering

Kaspersky Lab AV stops Viruses, file-based Trojans, Spyware, Adware, Keyloggers

Kaspersky Lab AV stops viruses, file-based trojans or spread of spyware, adware, keyloggers

Antivirus

Symantec stops Spam / Phishing

Anti-spam

Juniper IDP detects/stops Worms, Trojans, DoS (L4 & L7), Scans

IPS

Firewall, VPN, Unified Access ControlCore Security

Firewall, VPN, Unified Access Control

SRX Series blocks transmission of files for Data Loss Prevention

Content Filtering

Internal Threats

External ThreatsINTERNETINTERNET

Juniper IDP detects/stops Worms, Trojans, DoS (L4 & L7), Scans


Juniper Networks Unified Access Control (UAC)

UAC Agent EX Series L2 Switch

802.1X Switches & Access Points

APPLICATIONS

Juniper Firewall Platforms

POLICY SERVER

Identity Stores

IC Series

1

UAC Enforcement Points

Data App Internet

NSSSG

ISG

22

3

Control Access to Protected Resources

Dynamically Provision

Policy Enforcement

Authenticate User, Profile Endpoint,

Determine Location

Comprehensive, vendor-agnostic, standards-based access control across heterogeneous environments delivering investment protection

1

SRX


SRX210

Remote Access

Dynamic VPN Service – Access Manager Client

A dynamic IPSEC Client that is automatically downloaded

5-user, 10-user, 25-user, 50-user (SRX240) license option with simultaneous tunnel enforcement

Supported on the SRX100, SRX210, and SRX240

Not supported on SRX650 Automatic client upgrade capabilities Self-provisioning from SRX210,

SRX240 IPSec with TCP-based fallback for

NAT traversal Initial release to support Windows

platforms—XP, Vista, Win 2000

WiredWireless

3G Wireless

Dynamic VPN Services

INTERNET

Q2 2009


Juniper Unified Management

Unified management across Juniper’s network infrastructure

Network lifecycle management—Provision, Monitor, and Troubleshoot

Consistent and Open standards NBI for easy integration with 3rd party NMS

EMS NMS Visibility Diagnostics

SNMP, Syslog, XMLSNMP, Syslog

NetConf, DMI, Syslog, Sflow

Security Threat Response Manager

Network & Security Manager (NSM)

JUNOScope Advanced Insight Manager

NETWORK MANAGEMENT

ONE

JUNOS

CLI, JUNOScript

ONE

J-Web

Web UI

HTTP / HTTPS XML

Telnet, SSH, XML

SwitchingSecurityRouting

MX Series

M Series

ISG/IDP

SSL VPN

Infranet Controller SRX5600


Network Security Manager

Along with SRX, NSM Manages Juniper’s entire enterprise portfolio*

NSM is a great way to port ScreenOS customers over to a JUNOS solution and to help manage a mixed environment

Common Management also offers huge up-sell opportunity


Security Threat Response Manager

STRM supports SRX Series– Intrusion Prevention System (IPS)

– 220+ out-of-the box report templates

– Fully customizable reporting engine: creating, branding and scheduling delivery of reports

– Compliance reporting packages for PCI, SOX, FISMA, GLBA, and HIPAA

– Reports based on control frameworks: NIST, ISO and CoBIT


Rapid Deployment

Simplified deployment-– Eliminate need for-

Pre-staging device IT at point of

installation

Reduce -– Provisioning time– Installation cost– No “truck roll”

• A Unique ID for tracking purposes

• Untrust Interface configuration

• Configuration parameters to enable “registration” of device to management server

• User/Password

• Management Server IP Address/Domain Name

• One time password

1. Generate and export startup config to USB

Network Security Manager

Q4 2009

2. USB Loads startup config3. Validation of start up config4. Secure communication to NSM

SRX 210

5. Download Running Config

6. SRX In Service


Juniper Branch ProductsSSG, SRX, and J Series Products

SSG Family FW, VPN, NAT, UAC

IPv6 Security

Wireless (WLAN)

Unified Threat Management

– Intrusion Prevention: DI

– Antivirus—Kaspersky

– Web filtering—Websense

– Anti-spam—Symantec

J Series FW, VPN, NAT, UAC

Routing, Switching, QOS, MPLS

WX—ISM 200 Application Acceleration

VoIP—Avaya Integ. Gway

Unified Threat Management– Full IDP—Juniper




SRX Unified Threat Management

– Full IDP—Juniper




VoIP– Juniper OpenCommunications– Power over Ethernet

FW, VPN, NAT, UAC

SSG320M

SSG5 Wireless

SSG20 Wireless J2320

J2350SSG140

SSG350M

SSG520SSG520M

J6350SSG550SSG550M

J4350

SRX 100

SRX 210

SRX 240

SRX 650


THANK YOU

Documents

| Copyright © 2009 Juniper Networks, Inc. | 1 SRX Product Presentation Mike Flaum Product Marketing Manager April 23, 2009