MIGRATION FROM SCREENOS TO
JUNOS BASED FIREWALL
PRESENTER NAME
JULY 2014
1
Juniper Networks CONFIDENTIAL
AGENDA
I.
II.
III.
IV.
KEY FW REQUIREMENTS AND SRX OVERVIEW
CUSTOMER MIGRATION BENEFITS
EDUCATION SERVICES
RESOURCES
KEY FIREWALL REQUIREMENTS
REQUIREMENTS
JUNIPER DELIVERS
Security efficacy
Breadth, depth, threat prevention
Operational efficiency
Scale, performance, centralized control
Support for the business
Open architecture: flexible, better TCO
SRX SERIES SERVICES GATEWAYS
CONSOLIDATED, LAYERED NGFW SECURITY
ALL-IN-ONE NGFW SECURITY AND NETWORKING
EASY TO MANAGE & SCALE
OVERALL BEST SECURITY VALUE
ENTERPRISE SECURITY 2014
AREAS OF FOCUS
NGFW Services
• Integrated solutions
• AppID efficacy
• Threat / app support –
full portfolio
Simplified
Management
• Integrated solution
• UX leads engineering
• Highly scalable
Open / Extensible
Security Platform
• Open IPS & app
signatures
• Security intelligence
(coming soon)
• Advanced threat
protection (coming soon)
NGFW CAPABILITIES
INTEGRATED USER /
ROLE FIREWALL
• Easy agent-less SRX AD
integration
APPSECURE & UTM
SIMPLIFIED MANAGEMENT
• Better app visibility &
control including evasive
app & tunneled app
detection
• Centralized management of
complete security services
suite
• Open app & IPS signatures
• Best-in-class content
security
• Integrated logging &
reporting
• Role-based access control
INTEGRATED USER FIREWALL
ROLE-BASED SECURITY
Allows different users to have different application policies
based on their role and group
 P2P apps blocked
Marketing
 WF profile A
 Youtube allowed
 Anti-virus applied
Firewall
Sales
 WF profile B
 P2P, Youtube
blocked
 Anti-virus applied
 No apps blocked
CEO
 WF profile C
 Anti-virus applied
NEW CORE: APPSECURE W/ APPID 2.0
AppID 2.0
Flow Processing
Ingress
• Better heuristics for
evasive & tunneled apps
Egress
• More signatures
Application ID
Results
IPS
App Tracking
• Remediate
security threats
• Understand
security risks
• Address new user
behaviors
SSL Proxy
App FW
• Block access
to risky apps
• Allows user tailored
policies
App QoS
• Prioritize important apps
• Rate limit less important apps
• Packet inspection w/ SSL
VIRTUAL FIREWALL SECURITY
Traditional Firewall/Secure Router
Next Generation Firewall
Firewall
VPN
Application Awareness &
Control, IPS, SSL Proxy
NAT
Routing
UTM: AV, Anti-spam,
web/Content Filtering
Junos Space Security Director, Hypervisor Management, Secure Analytics
BEST FIT FIREWALL PLATFORMS
300G
BRANCH


EDGE

DATA CENTER
CORE
SRX5800
PHYSICAL SRX
100G
or
VIRTUAL FIREFLY
SRX5600
SRX5400
SRX3600
SRX3400
SRX1400
SRX650
SRX550
10G
Firefly
SRX240
1G
SRX110
SRX210
SRX220
SRX100
SINGLE OPERATING PLATFORM: JUNOS -- CENTRALIZED MANAGEMENT: SECURITY DIRECTOR
SCALABLE SECURITY MANAGEMENT
Junos Space Security Director
•Scalable, responsive & accurate policy mgmt.
•Manage all security services
•Visibility, logging & reporting
Secure Analytics
•Market-leading SIEM solution
•Collects, archives, reports and correlates
events, flow data, and application data
•Analyzes network behavior for anomalies
CHOOSE THE EXTENSIVENESS OF
YOUR SOLUTION
SRX Series Gateway
SRX Series Gateway
Security Director
Security Director
WebApp Secure
Spotlight Secure
Secure Analytics
DIFFERENTIATORS
CENTRALIZED
& SCALABLE
MANAGEMENT
for all security
services
ALL-IN-ONE
DEVICE
for security,
routing, and
switching
NEXTGENERATION
FIREWALL with
AppSecure and
user role-based
firewall
BEST-INCLASS
CONTENT
SECURITY
UTM with
intelligence
from multiple
expert security
companies
ALWAYS
AVAILABLE
management
access even
under attack
delivered by
separate control
and data planes
HIGHLIGHTS
ANSWERING
CUSTOMER
REQUIREMENTS



Security efficacy
Operational efficiency
Support for the business
NGFW Services
Simplified Management
Integrated user firewall
AppSecure, UTM
Full portfolio: SRX/Firefly
Perimeter
Security Director
Complete Security Services
Management
Integrated logging & reporting
Open / Extensible
Security Platform
Open signatures
More new features coming soon
CUSTOMER MIGRATION BENEFITS
MODERN PLATFORM FOR PROTECTION AGAINST NEW
THREATS
SRX Advantages
Junos Advantages
 Separate control and data plane
 Broad routing protocol support and MPLS
 Flexible forwarding
 Customer empowered automation
with Junoscript
 3rd party integration with SDK
 Junos CLI philosophy (Commit, Rollback, etc.)
 Virtualization
 Service Now
 Advanced application security
 User-role FW
 Enhanced antivirus (Sophos)
 Integrated IPS with hardware-based Content Security
Acceleration Engine
 Dynamic IPsec VPN w/Junos Pulse
 Broad WAN Interface portfolio
 Class of Service
 Rich switching
 Group VPN
 Deep traffic reporting and monitoring
EDUCATIONAL SERVICES
Partner/Customer Technical Enablement
 Junos Certification Fast Track – Free access to study materials for JNCIx Junos and
Junos for Security Certifications
 Junos for Security Learning & Certification Track
 Junos for Security Instructor Lead Training Schedule
On-demand E-learning –
 Networking Fundamentals - http://www.juniper.net/us/en/training/elearning/net_fun.html
 Junos as Second Language - http://www.juniper.net/us/en/training/elearning/jsl.html
 Junos as a Security Language -
http://www.juniper.net/us/en/training/elearning/junos_security.html
RESOURCES
SRX Series: http://www.juniper.net/us/en/products-services/security/srx-series/
Firefly Perimeter: http://www.juniper.net/us/en/products-services/security/firefly-perimeter/
Security Management and Intelligence: https://www.juniper.net/us/en/productsservices/security/management-intelligence/
Overview of Benefits for customers upgrading from ScreenOS to SRX:
http://www.juniper.net/us/en/dm/junosupgrade/