the most flexible, cost-effective solution for mid to large enterprises and service providers

| Copyright © 2009 Juniper Networks, Inc. | www.juniper.net1

Securing the Enterprise - new trends on networking security

SCOP / Bucharest 15th April 2009Uwe Richter

Sr. SE Manager Eastern Europe

The most flexible, cost-effective solution for mid to large enterprises and service providers


NS-5400

Juniper Networks - Leadership & Expertise

1G FW & 1G VPN

100 VSYS

2G FW & 1G VPN

250 VSYSA/A-Full Mesh HA

10G & 30G FW6M & 18M PPS

10 GigE interfacesJumbo FramesHardware AES

2000 Now

NS1000 NS1000 w Switch 2

4G & 12G FW3M & 9M PPS

500 VSYS<78 interfaces & 4000 VLANs

Source: Infonetics, Jun 2008

Juniper Networks

“Upper-right”• Firewall & IPSec

VPN

Gartner’s Magic Quadrant

NS-5200 SRX 5600

SRX 5800

60G & 100+G FW20G & 40+G IPS

4M & 8M Sessions

Worldwide Integrated Security ApplianceRevenue Market Share: ≥$30,000

0%

25%

50%

75%

100%

1Q05 2Q05 3Q05 4Q05 1Q06 2Q06 3Q06 4Q06 1Q07 2Q07 3Q07 4Q07 1Q08Calendar Quarter

Mar

ket S

hare

(%)

Juniper

Cisco

Nortel

Nokia

Fortinet

ISG 2000


Deliver a superior user experience

Faster application and service deployment

Total cost of ownership advantage

Integrated Services

FASTRELIABLE

SECURESECURE

Operational Simplicity

Scalable Performance

What customers expect...


VPN

IPSecIPS

Core / Infrastructure: 10 GigE– More traffic, new/next gen apps, video and other

streaming media

Customers demand full-fledged security posture for network performance– Deliver all security services at scale

10+ Gbps

FW

Today’s Enterprise RequirementsEnablement versus Constraint


Business ChallengesPerformance and Flexibility Compromise

Traditional solutions based on performance/flexibility tradeoff

Limited performance options– Deploy more platforms– Disable “expensive” features

Limited flexibility options– Deploy dedicated appliances

FlexibilityPerformance


Pitfall of Today’s Security Adaptability

Limited flexibility in adapting to business requirements

Poor service integration resulting in poor business operations– Complex rack space planning– Installation, management and maintenance overhead

Network Traffic Requirements

TimeTODAY FUTURE

Security Requirements

FW, IPS & VPN

(Gbps)

10

5

•Rack Space Planning: High

•CAPEX: High

•OPEX: High

ASA 5540

| Copyright © 2009 Juniper Networks, Inc. | www.juniper.net7F

ab

ric

Dynamic Services Architecture ™

Dedicated Control Plane

Built-on Terabit Fabric– Interchangeable I/O and

processing cards– Any service, any card

Feature integration on JUNOS– Fast time to market– Tightest integration

between features

Carrier-class Reliability Interface Scalability

Processing Scalability

Dedicated Management

Service Integration

via JUNOS ™

QoSDoS

NAT VPN

FW IDP


Dynamic Services

Consolidate Management Framework

App LayerForwarding

ThreatPrevention

Access Control

SRX Dynamic Services Gateway

Routing Firewall IPSIPSecVPN

NAT

SRX Services Gateway Family of JUNOS-based Dynamic Services Gateways


SRX5000 Series Services Gateway

Revolutionary Architecture

Integrated Services

Scalable Performance

Operational Simplicity

World’s Fastest Security

Solution

The heritage of ScreenOS on

JUNOS

SRX Dynamic Services Gateways

Sept 2008 Market Introduction


Juniper (mid to high-end) Enterprise Security Portfolio

10 Gbps

30 Gbps

50 Gbps

150 Gbps

• FW and Integrated Security

• Designed for enhanced perimeter and DC security

Products addressing this segment?

ISG/IDP

SRX5600

SRX5800

NS5400

• Services Gateway

• Designed for integration and scalability

• Dynamic Services Architecture

•Terabit Fabric Technology

•Dynamic Processing Pool

•Dynamic I/O Pool

•JUNOS SW feature delivery


No Compromise Security:SRX3000-line: The most cost-effective network security solution

Maximum Flexibility without Sacrificing Security

Unmatched Price / Performance

Powered by JUNOS and Juniper’s Dynamic Services Architecture (DSA)

Based on Dynamic Services Architecture™ for accelerated new service deployment

Based on Dynamic Services Architecture™ for accelerated new service deployment


SRX3400Hardware Modular chassis

– 7 slots (4 front, 3 rear)– MGT module – dual, hot swap– 3U chassis height

Fixed Interfaces– 12 built-in (8-10/100/1000 + 4-SFP)– 2 Ethernet Management Ports

Modular Interfaces– 16-10/100/1000– 16-SFP– 2-XFP

Performance & Capacities FW – 10/20 Gbps VPN – 6 Gbps IDP – 6 Gbps Concurrent sessions – 1M New and sustained CPS – 175k Concurrent IPSec VPN tunnels – 10k

Front

Rear


SRX3600Hardware Modular chassis

– 12 slots (6 front, 6 rear)– MGT module – dual, hot swap– 5U chassis height

Fixed Interfaces– 12 built-in (8-10/100/1000 + 4-SFP)– 2 Ethernet Management Ports

Modular Interfaces– 16-10/100/1000– 16-SFP– 2-XFP

Performance & Capacities FW – 10/20/30 Gbps VPN – 10 Gbps IDP – 10 Gbps Concurrent sessions – 2M New and sustained CPS – 175k Concurrent IPSec VPN tunnels – 20k

Front

Rear


Sample SRX3000 Base Configurations

SRX3400

– Minimal Configuration SRX 3400 Chassis 1 SPC 1 NPC

SRX3600

– Minimal Configuration SRX 3600 Chassis 1 SPC 1 NPC


Services Processing

Cards

Flow LookupClassification

DoS/DDoSPolicing

Ingress Packet

Egress Packet

ServicesFW/VPN/IDPNAT/Routing

RERouting /

Device MGT

QoS/Shaping

Fa

bri

c

Fa

bri

c

Integrated in SRX 5000 IOC

Network Processing

Cards

Oversubscrptn.Control

1.5

Input/Output Cards

SRX 3K Packet Flow – Fully Integrated


Juniper SRX Traditional Appliances

Dedicated Control Plane

Buildable I/O Pool

Buildable Processing Pool

Single device to manage

Single policy/configuration

Scalable Service Engine

Integrated ServicesDynamic Services Architecture Differentiator


Adapting to Changing Security Requirements

High integration supporting wide range of services

Scales as your business grows

Minimal/No policy changes required

•Rack Space Planning: NONE

•CAPEX: LOW

•OPEX: LOW

Network Traffic Requirements

TimeTODAY FUTURE

Security Requirements

FW, IPS & VPN

(Gbps)

10

5


Price per FW Gbps

$0

$50,000

$100,000

$150,000

$200,000

$250,000

$300,000

$350,000

10Gbps 20Gbps 30Gbps

44%44% SAVINGSSAVINGS

Juniper SRX 3600 Cisco ASA 5540

Price per Gbps FW/IPS/IPSec VPN


Juniper SRX 3600 Cisco ASA 5540

Power Savings


Cisco ASA 5580

Juniper SRX 3600

84%84%SPACE SPACE

SAVINGSSAVINGS

10 Gbps FW, IPS & IPSec VPN Solution

31 Appliances

Cisco ASA 5540Juniper SRX 3600

Industry’s Most cost-effective security solution


Juniper (mid to high-end) Enterprise Security Portfolio

10 Gbps

30 Gbps

50 Gbps

150 Gbps

• FW and Integrated Security

• Designed for enhanced perimeter and DC security

• Services Gateway

• Designed for integration and scalability

• Dynamic Services Architecture

•Terabit Fabric Technology

•Dynamic Processing Pool

•Dynamic I/O Pool

•JUNOS SW feature delivery

ISG/IDP

SRX5600

SRX5800

NS5400

SRX3400

SRX3600


Juniper Networks Security Manager

A comprehensive approach to security management

Device-lifecycle management – Manages through every phase of device lifecycle:

design, deploy, configure, monitor, maintain, upgrade, adjust

Manage all aspects of configuration– Manage configuration tasks at device, networking

and security levels

Delegation of administrative access– Provides needed power and tools to the right

groups (access and control)

– Control to provide/restrict information to different people within the organization, allowing them to make appropriate decisions

TheDevice

Lifecycle


NSM Management Features

Features Description

Scheduled Security Updates Automatically update devices with new attack objects

DomainsService providers and distributed enterprises may use this mechanism to logically separate devices, policies, reports, objects, etc…

Role-based AdministrationGranular approach in which all 100+ activities in the system may be assigned as a separate permissions

Object LockingMultiple administrators can safely and concurrently modify different objects in the system at the same time

Audit LogsSort-able and filterable record of who made which changes to which objects in the system

Device Templates Manage shared configuration such as sensor settings in one place

Job ManagerView pending and completed directives (such as device update) and their status

High Availability Active/passive high availability of the management server

Scheduled Database Backups Copies of the NSM database may be saved on a daily basis


3-Tier ManagementNetwork-Security Manager (NSM)

IDP Appliances

ISG / ISG with IDP

CentralizedNSM ServerCommon User

Interface

NSM SSG Series

NS-5000 Series


Future Direction

Best-in-Class Routing

Best-in-Class Security

Continued leadership in networking

Continued leadership in

security

Integrated security and networking on JUNOS

JUNOSJUNOS


The High-Value Branch

When remote sites are essential to the

organization’s strategic mission,you can WIN!

Ministry of Foreign AffairsMinistry of Foreign Affairs


Role Mission ChangesThe HumbleStorefront

RevenueGateway

Create new sources of revenue and operational efficiencies

Support partners, guests, and devices

Reputation and compliance

The MissionCritical Clinic

Service Gateway

Attract and retain valuable clients

Centralization of applications and databases; SaaS

Privacy and compliance

The High-PoweredCenter of Excellence

Innovation Gateway

Retain and activate a high quality workforce

Advanced collaboration

Unrestricted Internet access for employees

What Are High-Value Remote Locations?Gateways to Better Businesses


THANK YOU

the most flexible, cost-effective solution for mid to large enterprises and service providers

Documents

security services

integrated security

fullfledged security

markettightest integration

cardfeature integration

g fw3m

g fw6m

g vpn100 vsys2g fw