srx product presentation. 2 copyright © 2009 juniper networks, inc. company confidential table of...
Post on 21-Dec-2015
247 Views
Preview:
TRANSCRIPT
SRX Product Presentation
2 Copyright © 2009 Juniper Networks, Inc. www.juniper.net Company Confidential
TABLE OF CONTENTS
Distributed Enterprise
SRX Series Services Gateways
AX411 Wireless LAN Access Point
3G Connectivity Solutions
Converged Services
3 Copyright © 2009 Juniper Networks, Inc. www.juniper.net Company Confidential
JUNOS OPERATING SYSTEM
NSMXpress
One OS One Release One Architecture
J Series Tx MatrixFrequent Releases
9.4 9.5 9.6
–AP
I–
Modulex
SECURITY ROUTERS
J Series
M Series
T Series
EX4200
EX8208
EX8216
SWITCHES
EX3200
MX Series
EX2200
SRX3600
SRX5800
SRX210
SRX240
SRX650
SRX100
SRX5600
SRX220
4 Copyright © 2009 Juniper Networks, Inc. www.juniper.net Company Confidential
SRX SERVICES GATEWAYS
Highly configurable– Fixed, semi-modular, and
modular form factors
– Choice of WAN, wireless, and LAN interfaces
– Available voice media gateway
Extensive integration– Full suite of JUNOS routing and
switching capabilities
– Unmatched security, including FW, VPN, UTM, UAC, and full IPS
Exceptional performance and availability
– Hardware-assisted Content Security Acceleration (CSA) for ExpressAV and IPS
– Control & data plane separation, redundant processing and power
Priced at $699, $1099, $2199, $2999, and $16000 (list)
Model Configuration SIPGateway
ContentSecurity
Acceleration
FW/IPSPerformance
SRX100 Fixed No No 600/60 Mbps
SRX210 1 mini PIM slot Optional Optional 750/80 Mbps
SRX220 2 mini PIM slots Optional Optional 950/100 Mbps
SRX240 4 mini PIM slots Optional Optional 1500/250 Mbps
SRX650 8 GPIM slots Future Standard 7000/900 Mbps
5 Copyright © 2009 Juniper Networks, Inc. www.juniper.net Company Confidential
AWARD WINNING!
SRX650 wins Best of Interop Award, Infrastructure Category
When: Wednesday, May 20th, 2009 at Interop Las Vegas
Why: Judges praise the SRX650 as a “Branch Office Swiss Army Knife” that “packs a bunch of horsepower and features”
SRX210 wins Tokyo Interop Grand Prix (highest honor) for SMB Infrastructure
When: Wednesday, June 10th, 2009 at Interop Tokyo
Why: Judges are “amazed that high-performance JUNOS software is installed in this small appliance” – the vote was unanimous!
6 Copyright © 2009 Juniper Networks, Inc. www.juniper.net Company Confidential
SRX BRANCH PORTFOLIO
Large Branch/Regional OfficeSmall OfficeSRX100
Small to Medium Office
SRX210
SRX650
WAN slot, 2 x GigE, PoE
+ More LAN slots, dual processors, dual P/S
SRX240+ 4 WAN slots, 16 x GigE, PoE
SRX220+ 2 WAN slots, 8 x GigE, PoE
7 Copyright © 2009 Juniper Networks, Inc. www.juniper.net Company Confidential
SRX SERIES SPECIFICATION SUMMARY
FEATURES SRX100 SRX210 SRX220 SRX240 SRX650
On-board Ethernet 8 x FE 2 x GE + 6 x FE 8 x GE 16 x GE 4 x GE
Power over Ethernet (802.3af, 802.3at) None 4 ports—50 W
total
8 ports GE,
120 W
16 ports GE,
150 W
48 ports GE,
250 W or 500 W
WAN slots None 1 x mini PIM2 x SRX mini
PIM 4 x SRX mini
PIM 8 x GPIM
USB ports (flash) 1 2 2 2 2 per processor
Content Security Acceleration—
ExpressAV and Intrusion Detection and Prevention No YES YES YES YES
JUNOS Software version support JUNOS 10.3 JUNOS 10.3 JUNOS 10.3 JUNOS 10.3 JUNOS 10.3
Routing Performance 75 Kpps 80 Kpps 120 Kpps 200 Kpps 900 Kpps
Firewall performance (Large Packets) 650 Mbps 750 Mbps 950 Mbps 1.5 Gbps 7.0 Gbps
Firewall performance (IMIX) 200 Mbps 250 Mbps 300 Mbps 500 Mbps 2.5 Gbps
VPN Performance—AES256+SHA-1 3DES+SHA 1 65 Mbps 75 Mbps 100 Mbps 250 Mbps 1.5 Gbps
Intrusion Prevention System 60 Mbps 80 Mbps 100 Mbps 250 Mbps 900 Mbps
Connections Per Second (CPS) 2K 2K 2.5K 9K 35K
Maximum Concurrent Sessions (512MB/1GB RAM) 16 K / 32K 32K / 64K 96K 64K / 128K 512 K
Antivirus 25 Mbps 30 Mbps 35 Mbps 85 Mbps 350 Mbps
High Availability A/A or A/P A/A or A/P A/A or A/P A/A or A/P
A/A or A/P,
Hot swap GPIMs,
Dual processors, Dual power
8 Copyright © 2009 Juniper Networks, Inc. www.juniper.net Company Confidential
TYPICAL DEPLOYMENT
9 Copyright © 2009 Juniper Networks, Inc. www.juniper.net Company Confidential
SRX SERIES—FIREWALL, ZONES, AND POLICIESZONE “UNTRUST”ZONE “UNTRUST”
Originating ZoneOriginating Zone
SRXSRX
ZONE “Accounting”ZONE “Accounting”ZONE “Trust”ZONE “Trust”
Default Policy—Deny AllDefault Policy—Deny AllDefault Policy—Allow AllDefault Policy—Allow All
INTERNETINTERNET
Originating ZoneOriginating Zone
ZONE “Guest”ZONE “Guest”
Originating ZoneOriginating Zone
10 Copyright © 2009 Juniper Networks, Inc. www.juniper.net Company Confidential
UNIFIED THREAT MANAGEMENT (UTM) FEATURES
Websense to block to unapproved site access
Web Filtering
Kaspersky Lab AV stops Viruses, file-based Trojans, Spyware, Adware, Keyloggers
Kaspersky Lab AV stops viruses, file-based trojans or spread of spyware, adware, keyloggers
Antivirus
Symantec stops Spam / Phishing
Antispam
Juniper IDP detects/stops Worms, Trojans, DoS (L4 & L7), Scans
IPS
Firewall, VPN, Unified Access ControlCore Security
Firewall, VPN, Unified Access Control
SRX Series blocks transmission of files for Data Loss Prevention
Content Filtering
Internal Threats
External ThreatsINTERNETINTERNET
Juniper IDP detects/stops Worms, Trojans, DoS (L4 & L7), Scans
11 Copyright © 2009 Juniper Networks, Inc. www.juniper.net Company Confidential
UNIFIED ACCESS CONTROL (UAC)
UAC Agent EX Series L2 Switch
802.1X Switches & Access Points
APPLICATIONS
Juniper Firewall Platforms
POLICY SERVER
Identity Stores
IC Series
1
UAC Enforcement Points
Data App Internet
NSSSG
ISG
22
3
Control Access to Protected Resources
Dynamically Provision
Policy Enforcement
Authenticate User, Profile Endpoint,
Determine Location
Comprehensive, vendor-agnostic, standards-based access control across heterogeneous environments delivering investment protection
1
12 Copyright © 2009 Juniper Networks, Inc. www.juniper.net Company Confidential
SRX210
Dynamic VPN Service – Access Manager Client
A dynamic IPSEC Client that is automatically downloaded
5-user, 10-user, 25-user, 50-user, 100-user, and 150-user license option with simultaneous tunnel enforcement
Supported on the SRX100, SRX210, SRX220, SRX240, and SRX650
Automatic client upgrade capabilities Self-provisioning from SRX100, SRX210,
SRX220, SRX240, and SRX650 IPSec with TCP-based fallback for NAT
traversal Initial release to support Windows platforms—
XP, Vista, Win 2000
WiredWireless
3G Wireless
Dynamic VPN Services
INTERNET
REMOTE ACCESS VPN
13 Copyright © 2009 Juniper Networks, Inc. www.juniper.net Company Confidential
UNIFIED MANAGEMENT
Unified management across Juniper’s network infrastructure
Network lifecycle management—Provision, Monitor, and Troubleshoot
Consistent and Open standards NBI for easy integration with 3rd party NMS
EMS NMS Visibility Diagnostics
SNMP, Syslog, XMLSNMP, Syslog
NetConf, DMI, Syslog, Sflow
Security Threat Response Manager
Network & Security Manager (NSM)
JUNOScope Advanced Insight Manager
NETWORK MANAGEMENT
ONE
JUNOS
CLI, JUNOScript
ONE
J-Web
Web UI
HTTP / HTTPS XML
Telnet, SSH, XML
SwitchingSecurityRouting
MX Series
M Series
ISG/IDP
SSL VPN
Infranet Controller SRX5600
14 Copyright © 2009 Juniper Networks, Inc. www.juniper.net Company Confidential
NEWORK AND SECURITY MANAGER (NSM)
Along with SRX, NSM Manages Juniper’s entire enterprise portfolio*
NSM is a great way to port ScreenOS customers over to a JUNOS solution and to help manage a mixed environment
Common Management also offers huge up-sell opportunity
15 Copyright © 2009 Juniper Networks, Inc. www.juniper.net Company Confidential
SECURITY THREAT RESPONSE MANAGER (STRM)
STRM supports SRX Series– Intrusion Prevention System (IPS)
– 220+ out-of-the box report templates
– Fully customizable reporting engine: creating, branding and scheduling delivery of reports
– Compliance reporting packages for PCI, SOX, FISMA, GLBA, and HIPAA
– Reports based on control frameworks: NIST, ISO and CoBIT
16 Copyright © 2009 Juniper Networks, Inc. www.juniper.net Company Confidential
RAPID DEPLOYMENT
Simplified deployment- Eliminate need for-
Pre-staging device
IT at point of installation
Reduce - Provisioning time Installation cost No “truck roll”
• A Unique ID for tracking purposes
• Untrust Interface configuration
• Configuration parameters to enable “registration” of device to management server
• User/Password
• Management Server IP Address/Domain Name
• One time password
1. Generate and export startup config to USB
Network and Security Manager
2. USB Loads startup config3. Validation of start up config4. Secure communication to NSM
SRX 210
5. Download Running Config
6. SRX In Service
17 Copyright © 2009 Juniper Networks, Inc. www.juniper.net
JUNIPER NETWORKS AX SERIES WLAN ACCESS POINTS
18 Copyright © 2009 Juniper Networks, Inc. www.juniper.net Company Confidential
JUNIPER’S NEW WIRELESS LAN SOLUTION
Dual radio, dual band high speed (802.11n) wireless LAN access point (AP)
Integrated JUNOS management
Ideal for branch office applications with up to 16 APs and simple WLAN architectures
AX411 WLANAccess Point
19 Copyright © 2009 Juniper Networks, Inc. www.juniper.net Company Confidential
WIRELESS LAN PAIN POINTS
Remote site management is hard
Few IT resources Physical distance
Wireless networks double network operation overhead
Different wired and wireless policies
Complex management
802.11n speeds create downstream bottlenecks
300 Mbps 802.11n Security and services can’t keep
pace
20 Copyright © 2009 Juniper Networks, Inc. www.juniper.net Company Confidential
JUNIPER’S WIRELESS LAN SOLUTION
No compromisesPowerful blend of leading SRX performance with high speed 802.11n wireless
On line in record timeUnattended remote configuration and troubleshooting
Radical simplicityOne JUNOS for wired AND wireless policy, quality, and access control
Fewer boxes, more functionality
VoiceVideoData
Smart phonesBar code readersLaptops
Applications
Devices
21 Copyright © 2009 Juniper Networks, Inc. www.juniper.net
JUNIPER NETWORKS SOLUTIONS FOR 3G CONNECTIVITY
22 Copyright © 2009 Juniper Networks, Inc. www.juniper.net Company Confidential
JUNIPER’S NEW WIRELESS WAN SOLUTIONS
PoE powered 3G to Ethernet bridge
Supports up to four customer-supplied 3G modems
Ideal backup for wired WAN or as primary connectivity where wired WAN is not available
3G ExpressCardsfor the SRX210
3G integrated on the SRX210
Uses the SRX210 ExpressCard slot
Ideal backup for wired WAN or as primary connectivity where wired WAN is not available
CX111 Cellular Broadband Data Bridge
23 Copyright © 2009 Juniper Networks, Inc. www.juniper.net Company Confidential
Hard to get a high performance signal
Hard to locate gear where RF reception is optimal
New cables needed for antenna extensions
Limited choice and integration Too integrated: network
vendor doesn’t offer preferred 3G card
Not integrated enough: slow or no failover from wired to wireless
WIRELESS WAN PAIN POINTS
24 Copyright © 2009 Juniper Networks, Inc. www.juniper.net Company Confidential
Bri
dg
eS
RX
210
wit
h
inte
gra
ted
3G Carrier’s
3G Network
Best signalGet the 3G antenna out of the wiring closet to optimize reception*
More choicesChoose router-integrated 3G or standalone 3G bridge
Choose 3G modems from every major manufacturer*
Higher reliabilityTightly coupled system speeds wired to wireless failover
Redundant radio hardware and provider diversity*
* Requires bridge solution
JUNIPER’S 3G WIRELESS WAN SOLUTION
25 Copyright © 2009 Juniper Networks, Inc. www.juniper.net Company Confidential
ORDERING, AVAILABILITY, AND HIGHLIGHTS
3xUSB, 1xExpressCard slot 50+ modem support Simple plug & play Multi-modem failover support PoE powered LED signal indicator List: $650
Ships with external antenna
Verizon
Sprint
GSM worldwide
List: $850
CX111 Cellular Broadband Data Bridge
3G ExpressCardsfor the SRX210
26 Copyright © 2009 Juniper Networks, Inc. www.juniper.net Company Confidential
SRX100
Ideal for small sites and managed telecommuters
Fixed I/O – 8 10/100 Ethernet ports
Full UTM features: Firewall, antivirus, anti-spam, anti-spyware, web filtering, IPS (IDP)
UTM requires High memory version
On-board Ethernet 8 x FE
Mini-PIM slot No
USB ports (flash) 1
Power over Ethernet No
PSTN voice ports No
Routing Performance 75 Kpps
Firewall Performance 200 Mbps (IMIX)
VPN Performance 65 Mbps
IDP Performance 60 Mbps
High Availability A/A or A/P
27 Copyright © 2009 Juniper Networks, Inc. www.juniper.net Company Confidential
SRX210
Ideal for Small branches
Full UTM features: Firewall, antivirus, anti-spam, anti-spyware, web filtering, IPS (IDP)
UTM requires High memory version
Available voice version with mini-PIM options
Factory-configured voice model
On-board Ethernet 2 x GE + 6 x FE
Mini-PIM slot 1
USB ports (flash) 2
Power over Ethernet 4 ports—50 W total
PSTN voice ports Yes
Routing Performance 80 Kpps
Firewall Performance 250 Mbps (IMIX)
VPN Performance 75 Mbps
IDP Performance 80 Mbps
High Availability A/A or A/P
28 Copyright © 2009 Juniper Networks, Inc. www.juniper.net Company Confidential
SRX220
Ideal for small to medium branches
Full UTM features: Firewall, antivirus, anti-spam, anti-spyware, web filtering, IPS (IDP)
2 Mini-PIM slots for WAN fail-over
High memory version only Factory configured PoE version (Q4 2010)
Voice configuration (Q4 2010)
On-board Ethernet 8 x GE
Mini-PIM slot 2
USB ports (flash) 2
Power over Ethernet 8 ports GE, 120 W (Q4 2010)
PSTN voice ports Yes (Q4 2010)
Routing Performance 125 Kpps
Firewall Performance 300 Mbps (IMIX)
VPN Performance 100 Mbps
IDP Performance 100 Mbps
High Availability A/A or A/P
29 Copyright © 2009 Juniper Networks, Inc. www.juniper.net Company Confidential
SRX240
Ideal for Small branches
Full UTM features: Firewall, antivirus, anti-spam, anti-spyware, web filtering, IPS (IDP)
UTM requires High memory version
Available voice version with mini-PIM options
Factory-configured voice model
On-board Ethernet 16 x GE
Mini-PIM slot 4
USB ports (flash) 2
Power over Ethernet 16 ports GE, 150 W
PSTN voice ports Yes
Routing Performance 200 Kpps
Firewall Performance 500 Mbps (IMIX)
VPN Performance 250 Mbps
IDP Performance 250 Mbps
High Availability A/A or A/P
30 Copyright © 2009 Juniper Networks, Inc. www.juniper.net Company Confidential
SRX650
Ideal for regional sites, large branches
Modular LAN switching Services Routing Processors with
optional redundancy (Future) Power supplies with optional
redundancy (at FRS) Voice configurations (Future)
Full UTM features: Firewall, antivirus, anti-spam, anti-spyware, web filtering, IPS (IDP)
Max GE 52 ports (2 x 24 GE PIM + 4 integrated ports)
On-board Ethernet 8 x FE
GPIM slot 8
USB ports (flash) 2 per SRE
Power over Ethernet Up to 48 ports GE, 247 W
PSTN voice ports Future
Routing Performance 900Kpps
Firewall Performance 2.5 Gbps (IMIX)
VPN Performance 1.5 Gbps
IDP Performance 900 Mbps
High Availability A/A or A/P
31 Copyright © 2009 Juniper Networks, Inc. www.juniper.net Company Confidential
NEW MINI PIMS FOR SRX200 LINE
Single-port VDSL2
ADSL, ADSL2, ADSL2+ Compatible
ITU-T G.933.2
Annex A, B, F & G
Major DSLAM Interoperability
VDSL2
Single-port G.SHDSL
Standards-based G.991.2
8-wire, 4-wire or 2-wire mode
Provides symmetric speeds between 2.3 Mbps and 22.7 Mbps
Single-port DOCSIS3
Compatible with versions 3.0, 2.0, 1.1 and 1.0 of the standard
Support for 4 downstream/4 upstream channel bonding
Max 170 Mbps down/120 Mbps up
32 Copyright © 2009 Juniper Networks, Inc. www.juniper.net Company Confidential
NEW MINI PIMS FOR SRX200 LINE
1xSFP
Single-port SFP mPIM
Provides Fiber or Copper connectivity @1Gbps throughput
Jumbo frames support
33 Copyright © 2009 Juniper Networks, Inc. www.juniper.net Company Confidential
NEW GPIMS FOR SRX650
2-port 10GE Fiber and Copper GPIM
• 10GE Fiber/SFP+ and Copper (10G BaseT)
• SFP+ ports can support direct-connect (10M) copper
top related