WHAT’S NEW
NEXT GENERATION FIREWALL
SRX, SECURITY DIRECTOR, FIREFLY
JUNE 25, 2014
1
Juniper Networks
Copyright
© 2014 CONFIDENTIAL
Juniper Networks, Inc.
WHAT’S IMPORTANT
REQUIREMENTS
JUNIPER DELIVERS
Security efficacy
Breadth, depth, threat prevention
Operational efficiency
Scale, performance, centralized control
Support for the business
Open architecture: flexible, better TCO
ENTERPRISE SECURITY 2014
AREAS OF FOCUS
NGFW Services
• Integrated solutions
• AppID efficacy
• Threat / app support –
full portfolio
Simplified
Management
• Integrated solution
• UX leads engineering
• Highly scalable
Open / Extensible
Security Platform
• Open IPS & app
signatures
• Security intelligence
(coming soon)
• Advanced threat
protection (coming soon)
NEW NGFW CAPABILITIES
INTEGRATED USER /
ROLE FIREWALL
• Agent-less one box AD
integration
• Most flexible, scalable user
FW portfolio
APP ID 2.0
• Better application visibility
• Evasive app & tunneled app
detection
SIMPLIFIED MANAGEMENT
• Integrated logging &
reporting
• Role-based access control
• Support of complete
security services suite, now
including UTM
INTEGRATED USER FIREWALL
ROLE-BASED SECURITY
Allows different users to have different application policies
based on their role and group
 P2P apps blocked
Marketing
 WF profile A
 Youtube allowed
 Anti-virus applied
Firewall
Sales
 WF profile B
 P2P, Youtube
blocked
 Anti-virus applied
 No apps blocked
CEO
 WF profile C
 Anti-virus applied
INTEGRATED USER FIREWALL & MORE
Active User Role Firewall
SRX + MAG
NEW! Integrated User Firewall
•Standard NGFW capabilities
•Passive authentication
•Firewall enforced
•Simple single device, No agents
•Provides visibility
•Good for SMB & small scale/demos
•Active authentication
•Deterministic
•Firewall enforced
•SRX + MAG
•Security conscious environments
•Scales up to 50k users
End-to-End User Security
SRX + UAC + NAC
•End-to-end security
•Deterministic
•Enforced at access & firewall
•SRX + MAG
•Security conscious environments
•Good for large scale deployments
NEW NGFW CORE: APPID2.0
AppID 2.0
Flow Processing
Ingress
• Better heuristics for
evasive & tunneled apps
Egress
• More signatures
Application ID
Results
IPS
App Tracking
• Remediate
security threats
• Understand
security risks
• Address new user
behaviors
SSL Proxy
App FW
• Block access
to risky apps
• Allows user tailored
policies
App QoS
• Prioritize important apps
• Rate limit less important apps
• Packet inspection w/ SSL
JUNOS SPACE
SECURITY DIRECTOR V.13.3
Integrated Visibility
Role-Based Access for
Policies & Objects
UTM
Event logging & reporting
Create domains & assign read
or read/write permissions
Configuration and policy
creation for antivirus, web
filtering & content filtering
Dashboard
Alerts
Segment admin responsibility
for policies & objects
FIREFLY PERIMETER: NGFW
Junos Routing Protocols and SDK
Junos Rich and Extensible Security Stack
Perimeter Security
Content
Application
Firewall
VPN
NAT
Routing
CLI, JWEB, SNMP, Junos Space - Security Director, Hypervisor Management, HA/FT
AN NGFW-ENABLED PORTFOLIO
100G
BRANCH


EDGE
DATA CENTER

CORE
SRX5800
SRX5600
SRX5400
SRX3600
SRX3400
SRX1400
10G
SRX650
SRX550
SRX240
1G
SRX110
SRX210
SRX220
SRX100
SINGLE OPERATING PLATFORM: JUNOS -- CENTRALIZED MANAGEMENT: SECURITY DIRECTOR
SIMPLICITY: FROM 4 PRODUCTS TO 2
Secure Analytics
SRX Series Gateway
SRX Series Gateway
Security Director
Security Director
Unified Access Control
HIGHLIGHTS
ANSWERING
CUSTOMER
REQUIREMENTS



Security efficacy
Operational efficiency
Support for the business
NGFW Services
Simplified Management
Integrated user firewall
AppID 2.0
Firefly Perimeter: IPS, UTM
Full SRX portfolio
Security Director
Integrated logging & reporting
Role-based access control
UTM
Open / Extensible
Security Platform
Open signatures
More new features coming soon