SRX Product Presentation Mike Flaum Product Marketing Manager May 14, 2009 ‹#› | Copyright © 2009 Juniper Networks, Inc. | www.juniper.net Table of contents SRX Series Services Gateways - Product SRX Series - Competitive This statement of product direction sets forth Juniper Networks’ current intention and is subject to change at any time without notice. No purchases are contingent upon Juniper Networks delivering any feature or functionality depicted on this statement. ‹#› | Copyright © 2009 Juniper Networks, Inc. | www.juniper.net SRX SERIES SERVICE GATEWAYS ‹#› | Copyright © 2009 Juniper Networks, Inc. | www.juniper.net Three key market drivers UTM IPS Antispam Web filtering Antivirus LICENSED FREE CONSOLIDATION Network migration to multi-service platform—“Secure Router” instead of multiple appliances Secure Router = – – Router + Firewall + VPN + Switching Unified Threat Management Voice Routing UAC Ethernet Switching Content Filtering IPSec VPN NETWORK Firewall SECURITY CONVERGENCE VoIP Gateway and VoIP handsets Power over Ethernet Wireless Access Points VoIP WLAN AP Fax Power Over Ethernet Analog Security Camera CONNECTIVITY Internet Metro Ethernet MPLS Internet Wireless WAN 3G PSTN ‹#› | Copyright © 2009 Juniper Networks, Inc. | www.juniper.net 3G PSTN MPLS Metro Solution portfolio – What’s New SRX5000 Series EX8216 SRX3000 Series MX Series SRX650 EX8208 SRX240 EX4200 M Series SRX210 EX3200 J Series EX2200 SRX100 Unified Management (NSM) ‹#› | Copyright © 2009 Juniper Networks, Inc. | www.juniper.net New SRX Services Gateways Leveraging Juniper’s Dynamic Services Architecture Highly configurable – – – Up tosemi-modular, 80% lower price Fixed, and modular form factors Choice of WAN, wireless, and LAN interfaces 20X IPSvoice performance Available media gateway Extensive integration – – Full suite of JUNOS routing and switching capabilities Full UTM Unmatched security, including FW, VPN, UTM, UAC, and full IPS Exceptional performance 16 X Gigabit Ethernet and availability – – Hardware-assisted Content SecurityAdvanced Acceleration for ExpressAV and IPS FW / VPN /ROUTING Control & data plane separation, license included redundant processing and power Priced at $699, $1099, $2999, and $16000 (list) Model Configuration SIP Gateway Content Security Acceleration FW/IPS Performance SRX100 Fixed No No 600/50 Mbps SRX210 1 mini PIM slot Optional Optional 750/80 Mbps SRX240 4 mini PIM slots Optional Optional 1500/250 Mbps Optional Standard 7000/900 Mbps SRX650 Roadmap ‹#› | Copyright © 2009 Juniper Networks, Inc. | www.juniper.net 8 GPIM slots Key customer requirements Performance– – – – Gigabit Ethernet and port density Firewall and VPN performance “Content Security Accelerator” “ExpressAV” – Anti virus stream matching SRX 100 Functionality – Networking – Routing – OSPF, BGP, Multi-cast – Voice and VoIP – Wireless – WLAN and WAN 3G – Switching- PoE, VLANs SRX 210 SRX 240 Security – Firewall – Performance – IPSec VPN – Client and Site to Site – Unified Threat Management (License) – Antivirus, Anti-spam, Web Filtering, IPS – Intrusion Prevention System (License) – UAC ‹#› | Copyright © 2009 Juniper Networks, Inc. | www.juniper.net SRX 650 SRX Series Specification Summary FEATURES SRX100 (target) SRX210 SRX240 SRX650 On-board Ethernet 8 x FE 2 x GE + 6 x FE 16 x GE 4 x GE Power over Ethernet (802.3af, 802.3at) None 4 ports—50 W total 16 ports GE, 150 W 48 ports GE, 250 W or 500 W WAN slots None 1 x mini PIM 4 x SRX mini PIM 8 x GPIM 1 2 2 2 per processor No YES YES YES JUNOS 9.6 JUNOS 9.5 JUNOS 9.5 JUNOS 9.5 60 Kpps 80Kpps 200Kpps 900Kpps Firewall performance (Large Packets) 600 Mbps 750 Mbps 1.5 Gbps 7.0 Gbps Firewall performance (IMIX) 175 Mbps 250 Mbps 500 Mbps 2.5 Gbps Firewall performance (Firewall + Routing PPS 64byte) 65 Kpps 75 Kpps 150 Kpps 900Kpps VPN Performance—AES256+SHA-1 3DES+SHA 1 65 Mbps 75 Mbps 250 Mbps 1.5 Gbps Intrusion Prevention System 50 Mbps 80 Mbps 250 Mbps 900 Mbps 2K 2K 9K 35K 16 K / 32K 32K / 64K 64K / 128K 512 K TBD 30 Mbps 85 Mbps 350 Mbps A/A* or A/P Hot swap GPIMs, Dual processors*, Dual power USB ports (flash) Content Security Acceleration— ExpressAV and Intrusion Detection and Prevention JUNOS Software version support Routing Performance Connections Per Second (CPS) Maximum Concurrent Sessions (512MB/1GB RAM) Antivirus A/A* or A/P, High Availability A/A or A/P * Supported in JUNOS 9.6 ‹#› | Copyright © 2009 Juniper Networks, Inc. | www.juniper.net A/A or A/P Typical Deployment ‹#› | Copyright © 2009 Juniper Networks, Inc. | www.juniper.net SRX210 with Integrated Convergence Services FXS ports – connect your analog phone or FAX machine here E1/T1 or FXOs for carrier trunk or FXS for additional analog phones/ fax machines FXO ports – connect to your wall phone socket Target Branch Size (# users) SRX Voice Elements Survivable SIP server Q4 2009 No. Slots SIP Media Gateway SRX210 2–25 1 mPIM SIP Security SRX240 10–50 4 mPIMs Base Base Expansion DSP No. of Slots Channels Ports 8–16 (codec dependent) 30–48 2 FXO, 2FXS 2 FXO, 2 FXS Base and expandable voice ports PoE Ports PoE Ports scaling with EX switch ‹#› | Copyright © 2009 Juniper Networks, Inc. | www.juniper.net SRX650 50–200 8 gPIMs Requires gPIM 0 T1/E1 4 FXO 2 FXS + 2 FXO T1/E1 Dual T1/E1 6 FXO + 2 FXS 2 FXO + 6 FXS Juniper Integrated Convergence Services Q4 2009 Stage 1: Survivable Media Gateway SERVICE PROVIDER VOIP SIP Trunking to Corporate to PSTN (typical) Failover to PSTN Local PSTN Local PSTN 3 5 SIP Soft Switch 4 CORPORATE OFFICE SIP Trunking “VoIP to PSTN” S.P. VoIP X INTERNET Channelized T-1 / E1/ FXO SRX210 / SRX240 4 5 SIP VoIP handset SIP Server 4 3 2 X WAN MPLS 3 3 2 2 1 SIP Trunking “Toll bypass”, “extension” PBX, Key System Analog FAX Soft Phones SIP VoIP handset to 1 digital or analog phone SIP VoIP handset Digital Enterprise choice and flexibility SIP standards ‹#› | Copyright © 2009 Juniper Networks, Inc. | www.juniper.net Choice of sip phones, call servers and applications SIP Server and SIP Soft switch SRX Series—Firewall, Zones, and Policies ZONE “UNTRUST” Originating Zone INTERNET Default Policy—Deny All Default Policy—Allow All SRX Originating Zone ZONE “TRUST” ‹#› | Copyright © 2009 Juniper Networks, Inc. | www.juniper.net ZONE “TRUST” Unified Threat Management (UTM) Features INTERNET External Threats IPS Juniper IDP detects/stops Worms, Trojans, DoS (L4 & L7), Scans Internal Threats Juniper IDP detects/stops Worms, Trojans, DoS (L4 & L7), Scans Web Filtering Websense to block to unapproved site access Antivirus Kaspersky Lab AV stops viruses, filebased trojans or spread of spyware, adware, keyloggers Kaspersky Lab AV stops Viruses, file-based Trojans, Spyware, Adware, Keyloggers Anti-spam Symantec stops Spam / Phishing Content Filtering Core Security Firewall, VPN, Unified Access Control ‹#› | Copyright © 2009 Juniper Networks, Inc. | www.juniper.net SRX Series blocks transmission of files for Data Loss Prevention Firewall, VPN, Unified Access Control Juniper Networks Unified Access Control (UAC) POLICY SERVER 1 IC Series Authenticate User, Profile Endpoint, Determine Location 1 Identity Stores 2 Dynamically Provision Policy Enforcement 2 APPLICATIONS 3 UAC Agent EX Series Data Control Access to L2 Switch Protected Resources Internet SRX SSG 802.1X Switches & Access Points App ISG NS Juniper Firewall Platforms UAC Enforcement Points Comprehensive, vendor-agnostic, standards-based access control across heterogeneous environments delivering investment protection ‹#› | Copyright © 2009 Juniper Networks, Inc. | www.juniper.net Remote Access Q2 2009 Dynamic VPN Service – Access Manager Client A dynamic IPSEC Client that is automatically downloaded 5-user, 10-user, 25-user, 50-user (SRX240) license option with simultaneous tunnel enforcement Supported on the SRX100, SRX210, and SRX240 Not supported on SRX650 Automatic client upgrade capabilities Self-provisioning from SRX210, SRX240 IPSec with TCP-based fallback for NAT traversal Initial release to support Windows platforms—XP, Vista, Win 2000 ‹#› | Copyright © 2009 Juniper Networks, Inc. | www.juniper.net Wireless Wired 3G Wireless INTERNET Dynamic VPN Services SRX210 3G Wireless WAN 2H 2009 Deployments Primary connection where wired broadband is not available Back up connectivity with wired primary. Datacenter Out of band management, remote deployment. Available on SRX210 HQ INTERNET 3G Wireless Dynamic VPN Services SRX210 Retail ‹#› | Copyright © 2009 Juniper Networks, Inc. | www.juniper.net Branch Regional Branch Wireless AP Solution Juniper 802.11n indoor Solution – – – – – – Backwards compatible to .11a/b/g Dual mode radio support 300Mbps (Aggregate) Single radio 200Mbps (160Mbps typical) Spatial Streams: 2x2:2, 2x3:2, 3x3:2 UL2043 Plenum rated for over ceiling mounting. 50 Meter range (indoor) – Unit can be mounted on ceiling or wall – Virtual AP technology – Support of up to 16 simultaneous SSIDs – 802.11e WMM capable 1 Gigabit Ethernet POE support Optional External Power Supply Serial Consol Support L2 Managed by SRX Branch Products Additional licensing cost for Branch SRX to manage multiple access points – Clusters of 4,8,16 APs. ‹#› | Copyright © 2009 Juniper Networks, Inc. | www.juniper.net Q4 2009 Ethernet Switching SRX100 SRX210 SRX240 SRX650 Software Features Hardware (Onboard Ethernet) 802.1Q VLAN support – – – – Up to 4,096 VLAN support (platform dependent) Routed VLAN Interface (RVI) GARP VLAN Registration Protocol (GVRP) QOS on VLAN interface L3 Strict priority queuing (LLQ) L3 Smoothed Deficit Weighted Round Robin (SDWRR) L3 Weighted Random Early Discard (WRED) L3 Per port and per queue shaping 802.1x Port based Authentication 802.3ad (AX) link aggregation* STP, Spanning Tree Protocol – 802.1D Spanning Tree Protocol – 802.1S Multiple STP – 802.1w Rapid STP Jumbo Frame Support (9,216 Byte)* * Not supported on SRX100 ‹#› | Copyright © 2009 Juniper Networks, Inc. | www.juniper.net SRX100 – 8 Fixed 10/100 (Switched or Routed) SRX210 – Fixed 2 10/100/1000 + 6 10/100 (Switched or Routed) – 802.3af optional POE (2FE + 2GE) SRX240 – Fixed 16 Ports 10/100/1000 (Switched or Routed) – Power over Ethernet (optional all ports) – 802.3af, 802.3at SRX650 – Fixed 4 ports 10/100/1000 (Routed) Hardware Ethernet PIMs SRX Mini-PIM (SRX210/SRX240) 16 port GigE XPIM for SRX650 – 1 Port SFP – Double-high – Full-duplex 20 Gbps backplane – 16 port GE and optional PoE 24 port GigE including 4 SFP slots XPIM for SRX650 – Double-high - double-wide – Optional POE - 24 port GE with PoE incl 4 SFP slots – Full-duplex 20 Gbps backplane Optics – SRX GE SFP LH | SRX GE SFP LX | SRX GE SFP SX | SRX GE SFP 1000 Base-T | SRX FE FX SFP Network and Security Manager Along with SRX, NSM NSM is a great way to port Manages Juniper’s entire ScreenOS customers over to a enterprise portfolio* JUNOS solution and to help manage a mixed environment ‹#› | Copyright © 2009 Juniper Networks, Inc. | www.juniper.net Common Management also offers huge up-sell opportunity Security Threat Response Manager STRM supports SRX Series – Intrusion Prevention System (IPS) – 220+ out-of-the box report templates – Fully customizable reporting engine: creating, branding and scheduling delivery of reports – Compliance reporting packages for PCI, SOX, FISMA, GLBA, and HIPAA – Reports based on control frameworks: NIST, ISO and CoBIT ‹#› | Copyright © 2009 Juniper Networks, Inc. | www.juniper.net Juniper Branch Products SSG, SRX, and J Series Products SRX Unified Threat Management SSG Family J Series FW, VPN, NAT, UAC – Full IDP—Juniper FW, VPN, NAT, UAC IPv6 Security – Antivirus—Kaspersky Routing, Switching, QOS, MPLS Wireless (WLAN) – Web filtering—Websense WX—ISM 200 Application Acceleration – Anti-spam—Symantec Unified Threat Management VoIP—Avaya Integ. Gway – Intrusion Prevention: DI – Antivirus—Kaspersky – Web filtering—Websense – Anti-spam—Symantec VoIP – Juniper OpenCommunications – Power over Ethernet FW, VPN, NAT, UAC SSG20 Wireless SRX 100 Unified Threat Management – – – – Full IDP—Juniper Antivirus—Kaspersky Web filtering—Websense Anti-spam—Symantec J2320 SSG5 Wireless SSG320M SSG140 SSG520 SSG520M SRX 210 J2350 SRX 240 J4350 SSG350M SSG550 SSG550M SRX 650 ‹#› | Copyright © 2009 Juniper Networks, Inc. | www.juniper.net J6350 SRX COMPETITIVE COMPARISON ‹#› | Copyright © 2009 Juniper Networks, Inc. | www.juniper.net Competitive Advantage Technical features – New Capabilities CSA / ExpressAV 3G VoIP PoE – Existing features JUNOS IPS / Antivirus UTM – Cross portfolio SRX EX STRM NSM ‹#› | Copyright © 2009 Juniper Networks, Inc. | www.juniper.net Business Features – Deploy new technology where it was not feasible due to cost / availability – Deployment and Management – Solution instead of boxes Cisco installed base is a huge opportunity Know your opportunity ~$40 Billion install base of Cisco product has been end-of-lifed in the last 24 months The opportunity for Juniper has never been better Cisco Router Number Sold Lifecycle Status 1600 Series 1 million End of support 1700 Series 2 million End of sales 2500 Series 2 million End of support 2600 Series 2.5 million End of SW / End of sales 3600 Series 680,000 End of SW 3700 Series 200,000 End of sales 7200 Series 330,000 Obsolete technology 7500 Series 100,000 End of sales ‹#› | Copyright © 2009 Juniper Networks, Inc. | www.juniper.net Competitive Platform Comparison Cisco 800 Series Cisco 870 Series Fixed platforms ($649 - $949) Cisco 1800 Series Cisco 1801 – 1812 Fixed platforms ($1,000 - $1,995) Cisco 1841 Modular platform ($1,395) Cisco 2800 Series Cisco 2801 ($1,995 - $2,370) Cisco 2811 ($2,495 - $2,895) Cisco 2821 ($3,895 - $4,395) Cisco 2851 ($6,495 - $6,995) SRX (Entry-Level) SRX 100 Fixed platforms – $699 - $1,149 SRX 210 Modular platforms – $1,099 - $1,699 SRX 240 Modular platforms – $2,999 - $3,699 Cisco 3800 Series Cisco 3825 ($9,500 - $10,250) SRX (Mid-Range) Cisco 3845 ($13,000 - 14,000) SRX 650 - $16,000 Cisco 7200 VXR Series 4 Chassis, $4,000 - $7,500 4 Proc Eng, $4,500 - $19,000 ‹#› | Copyright © 2009 Juniper Networks, Inc. | www.juniper.net Competitive Financial — Cisco ISR 1841 vs. SRX210 $1,395 $ 425 4 port FE Module $1,820 $1,800* BASE PLATFORM ENTERPRISE LICENSE *ISR Advanced Enterprise License $3,000* $6,620 FREE* *Routing/Firewall/VPN IPS $250* *High-memory version with Content Security Accelerator *AIM Module NO Antivirus NO Anti-spam $1,099 (2GE + 6FE included) UTM TOTAL Antivirus Anti-spam Web filtering $1,349 80% Savings Does not take into account Maintenance and Management ‹#› | Copyright © 2009 Juniper Networks, Inc. | www.juniper.net Competitive Financial — Cisco ISR 2811 vs. SRX240 $2,495 $2,295 16 port FE Module $4,790 $2,400 BASE PLATFORM ENTERPRISE LICENSE *ISR Advanced Enterprise License $3,000 $10,190 FREE* *Routing/Firewall/VPN IPS $700* *High-memory version with Content Security Accelerator *AIM Module NO Antivirus NO Anti-spam $2,999 (16GE included) UTM TOTAL Antivirus Anti-spam Web filtering $3,699 74% Savings Does not take into account Maintenance and Management ‹#› | Copyright © 2009 Juniper Networks, Inc. | www.juniper.net Competitive Financial — Cisco ISR 3845 vs. SRX650 $13,000 $3,500 BASE PLATFORM $16,000 ENTERPRISE LICENSE FREE* *ISR Advanced Enterprise License $3,000 *Routing/Firewall/VPN IPS Included *AIM Module NO Antivirus NO Anti-spam $19,500 UTM TOTAL Antivirus Anti-spam Web filtering $16,000 18% Savings Does not take into account Maintenance and Management ‹#› | Copyright © 2009 Juniper Networks, Inc. | www.juniper.net FAT – Financial Analysis Tools Financial Analysis Tools – Data Center – Campus – Branch ‹#› | Copyright © 2009 Juniper Networks, Inc. | www.juniper.net Branch Financial Analysis Tool (B-FAT) v.15 ‹#› | Copyright © 2009 Juniper Networks, Inc. | www.juniper.net Competitive Financial — Cisco ISR Next Generation vs. SRX Series Possibly similar port counts $1,500 - $3,500 BASE PLATFORM SRX Series ENTERPRISE LICENSE FREE* *ISR Advanced Enterprise License Replace existing ISR NO Antivirus ? NO Anti-spam ? Unknown *Routing/Firewall/VPN IPS Opportunity for Juniper Antivirus Anti-spam Web filtering UTM TOTAL 10% - 70% Savings Does not take into account Maintenance and Management ‹#› | Copyright © 2009 Juniper Networks, Inc. | www.juniper.net Cisco Traps Cisco pitches product without licenses and customer purchased product based on price. Customer realizes after the purchase they need the license. – Juniper includes Routing / Firewall / VPN license Cisco pitches the products with license and offers a substantial discount. Customer asks Juniper to match X% discount. This NOT applicable since we are significantly less expensive. – Educate customer on total price not discount %. Cisco pitches a software based solution and performance is undocumented or substandard. – Juniper builds performance into SRX Series and document it publicly Cisco pitches multiple product lines. – JUNOS ‹#› | Copyright © 2009 Juniper Networks, Inc. | www.juniper.net How to set a Juniper Trap Make security part of the buying process, whether they actually deploy it or not. IPS is now affordable at branch locations, can you deal with a breach? Will you get budget for add-on hardware in the future? If Cisco rolls out a new product, its an opportunity to re-evaluate the networking vendor since you have to replace the Cisco product anyway. ‹#› | Copyright © 2009 Juniper Networks, Inc. | www.juniper.net SRX Series Summary (Hot sheet) Feature Cisco ISR 1841 Juniper SRX210 Cisco ISR 2811 Juniper SRX240 Cisco ISR 3845 Juniper SRX650 On-board Ethernet 2 x 10/100 2 x GE + 6 x FE 2 x 10/100 16 x GE 2 x GE 4 x GE Firewall Performance Not stated 750 Mbs Not Stated 1.5 Gbps Not Stated 7.0 Gbps Security Acceleration AIM Module High memory version AIM Module High Memory version AIM Module Standard Antivirus NONE 30Mbps NONE 85Mbs NONE 350Mbs Acceleration of IPS 45Mbs 85Mbs 45Mbs 250Mbs 45Mbs 900Mbs Security Acceleration Hardware $3,000 $250 $3,000 $700 $3000 $0 Chassis Price $1,395 $1,099 $2,495 $3,699 $13,000 $16,000 $425 (4 FE) $0 $2,295 (16FE + 1GE) $0 $3,295 (24FE + 1GE) $5,500 (24GE) Advanced Enterprise License $1,800 $0 $2,400 $0 $3,500 $0 Total MSRP $6,620 $1349 $10,190 $3,699 $22,795 $21,500 Additional Ethernet ports Juniper price advantage 80% 64% 6% Juniper IPS advantage 1.8X 5.6X 20X ‹#› | Copyright © 2009 Juniper Networks, Inc. | www.juniper.net New SRX Services Gateways Leveraging Juniper’s Dynamic Services Architecture Highly configurable – – – Up tosemi-modular, 80% lower price Fixed, and modular form factors Choice of WAN, wireless, and LAN interfaces 20X IPSvoice performance Available media gateway Extensive integration – – Full suite of JUNOS routing and switching capabilities Full UTM Unmatched security, including FW, VPN, UTM, UAC, and full IPS Exceptional performance 16 X Gigabit Ethernet and availability – – Hardware-assisted Content SecurityAdvanced Acceleration for ExpressAV and IPS FW / VPN / Routing Control & data plane separation, license included redundant processing and power Priced at $699, $1099, $2999, and $16000 (list) Model Configuration SIP Gateway Content Security Acceleration FW/IPS Performance SRX100 Fixed No No 600/50 Mbps SRX210 1 mini PIM slot Optional Optional 750/85 Mbps SRX240 4 mini PIM slots Optional Optional 1500/250 Mbps Optional Standard 7000/900 Mbps SRX650 Roadmap ‹#› | Copyright © 2009 Juniper Networks, Inc. | www.juniper.net 8 GPIM slots THANK YOU ‹#› | Copyright © 2009 Juniper Networks, Inc. | www.juniper.net