Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 1 Secure Services Gateway (SSG)Family Overview SSG 5, SSG 20, SSG 140.

Slides:

Advertisements

Similar presentations

| Copyright © 2009 Juniper Networks, Inc. | 1 WX Client Rajoo Nagar PLM, WABU.

Advertisements

DNA-A212 / DNA-A213 ADSL 2+ Modem/Router

Chapter 1: Introduction to Scaling Networks

M A Wajid Tanveer Infrastructure M A Wajid Tanveer

Introducing Quick Heal Terminator.

New Solutions to New Threats. The Threats, They Are A Changing Page 2 | © 2008 Palo Alto Networks. Proprietary and Confidential.

Agenda Product Overview Hardware Interfaces Software Features

© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1 High-performance Gigabit Ethernet ports rapidly transfer large files supporting.

Cisco Confidential 1 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco SB Summit Praha, Jan Křístek Tomáš Chott.

© Copyright 2012 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. Securing You Cyberoam Virtual UTM Our Products Unified Threat Management.

Setting Up a Virtual Private Network Chapter 9. Learning Objectives Understand the components and essential operations of virtual private networks (VPNs)

Module CSY3021 Network Planning and Programming RD-CSY /09 1.

Nada Abdulla Ahmed.  SmoothWall Express is an open source firewall distribution based on the GNU/Linux operating system. Designed for ease of use, SmoothWall.

[Unrestricted]—For everyone ©2009 Check Point Software Technologies Ltd. All rights reserved. Power-1 Appliances Scalable Security Performance.

Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Jonas Lippuner. Overview IPCop  Introduction  Network Structure  Services  Addons Installing IPCop on a SD card  Hardware  Installation.

MSIT 458: Information Security & Assurance By Curtis Pethley.

Presented by Serge Kpan LTEC Network Systems Administration 1.

Copyright © 2003 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 1 Copyright © 2005 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net.

Lesson 18-Internet Architecture. Overview Internet services. Develop a communications architecture. Design a demilitarized zone. Understand network address.

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.

Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.

MIGRATION FROM SCREENOS TO JUNOS based firewall

Cisco Confidential 1 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Small Business RV320/RV325 Product Overview.

SecPath Firewall Architecture. Objectives Upon completion of this course, you will be able to: Understand the architecture of SecPath series firewalls.

1 © 2001, Cisco Systems, Inc. All rights reserved. Session Number Presentation_ID Cisco Easy VPN Solutions Applications and Implementation with Cisco IOS.

Copyright Microsoft Corp Ramnish Singh IT Advisor Microsoft Corporation Secure Remote Access Challenges, Choices, Best Practices.

CISCO CONFIDENTIAL – DO NOT DUPLICATE OR COPY Protecting the Business Network and Resources with CiscoWorks VMS Security Management Software Girish Patel,

© 2012 Cisco and/or its affiliates. All rights reserved. 1 CCNA Security 1.1 Instructional Resource Chapter 10 – Implementing the Cisco Adaptive Security.

Virtual Private Network prepared by Rachna Agrawal Lixia Hou.

Copyright © 2004 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 1 IPSec or SSL VPN? Decision Criteria.

Networking Components Christopher Biles LTEC Assignment 3.

000000_1 Confidential and proprietary information of Ingram Micro Inc. — Do not distribute or duplicate without Ingram Micro's express written permission.

PURE SECURITY Check Point UTM-1 Luděk Hrdina Marketing Manager, Eastern Europe Check Point Software Technologies Kongres bezpečnosti sítí 11. dubna 2007,

Module 3: Planning and Troubleshooting Routing and Switching.

VPN for Sales Nokia FireWall-1 Products Complete Integrated Solution including: –CheckPoint FireWall-1 enterprise security suite –Interfaces installed.

1 © 1999, Cisco Systems, Inc. The Cisco VPN 3080 Concentrator 0844_04F9_c

© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Cisco ASA 5500 Series Content Security Edition License Renewal Program.

Common Devices Used In Computer Networks

Dual WAN Router Brand & Marketing MGMT Dept DrayTek Corp Vigor2912 Series 14 th Jan Based on f/w RC4.

Repeaters and Hubs Repeaters: simplest type of connectivity devices that regenerate a digital signal Operate in Physical layer Cannot improve or correct.

11 SECURING YOUR NETWORK PERIMETER Chapter 10. Chapter 10: SECURING YOUR NETWORK PERIMETER2 CHAPTER OBJECTIVES  Establish secure topologies.  Secure.

Network and Perimeter Security Paula Kiernan Senior Consultant Ward Solutions.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 1: Introduction to Scaling Networks Scaling Networks.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 1: Introduction to Scaling Networks Scaling Networks.

Net Optics Confidential and Proprietary 1 Bypass Switches Intelligent Access and Monitoring Architecture Solutions.

Security fundamentals Topic 10 Securing the network perimeter.

. Large internetworks can consist of the following three distinct components:  Campus networks, which consist of locally connected users in a building.

Chapter 1: Explore the Network

Lesson 2a © 2005 Cisco Systems, Inc. All rights reserved. SNPA v4.0—2-1 Firewall Technologies and the Cisco Security Appliance.

Copyright © 2008 Juniper Networks, Inc. 1 Juniper Networks Access Control Solutions Delivering Comprehensive and Manageable Network Access Control Solutions.

©2013 Check Point Software Technologies Ltd. Small Business. Big Security New SMB Appliances Clinton Cutajar Team Leader – Information Security Computime.

Industrial Security Router LAN/WAN-Router (IE-SR-2GT-LAN) LAN/UMTS/3G-Router (IE-SR-2GT-UMTS-3G)

NSA 240 Overview For End Users. 2 New Challenges To Solve  Threats Are Increasing  Web 2.0 & SaaS  Impacts to servers, users & networks  Threats go.

Network Security Solution. 2 Security Gateway Switch Network Security Products  Multi-Homing  VPN/Firewall  SPI Firewall  Anti-Virus  Anti-Spam 

Network Security Solution. 2 Security Gateway Switch Network Security Products  Multi-Homing  VPN/Firewall  SPI Firewall  Anti-Virus  Anti-Spam 

Security fundamentals

Barracuda NG Firewall ™

Chapter 1: Explore the Network

Chapter 1 Introduction to Networking

Instructor Materials Chapter 1: LAN Design

Chapter 1: Exploring the Network

Product Introduction --QoS VPN Router G3 16/12/2015 Business WLAN

Mike Flaum Product Marketing Manager April 23, 2009

Network Security Solution

Barracuda Firewall The Next-Generation Firewall for Everyone

Wireless IP products: GWN series

CONNECTING TO THE INTERNET

Planning and Troubleshooting Routing and Switching

Presentation transcript:

Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 1 Secure Services Gateway (SSG)Family Overview SSG 5, SSG 20, SSG 140

2 Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net  Key Security and Routing Features  SSG Family Specifications  Deployment Examples Agenda

3 Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net Internal security Content protection No IT staff Current Trends  By 2007, 50% of the companies surveyed will significantly increase their WAN access bandwidth – Infonetics  More employees working away from main offices 91% of employees in companies of all sizes, work outside of main office – Nemertes Research  Security risks continue In 2005, 56% of companies had at least 1 internal attack 65% had at least 1 external attack – CSI/FBI 2005 survey  Small to medium business FW opportunity in 2006 = $1 Billion (Infonetics) Wi Fi DMZ Bandwidth usage Direct Internet Remote mgmt

4 Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net Small to Medium Branch Office / Business Characteristics  Smaller in scale, but not necessarily less complex than big businesses or HQ sites Multiple local networks More complicated security due to environment, support, etc Many devices on a per capita basis No local IT help  Range of WAN connections: from DS3 to low speed modem  Require protection for owned and non-owned IT assets Firewall, VPN, IPS and File-based AV scanning, Spyware detection Internal network segmentation for attack mitigation, access control Outbound link = > T1, DSL, DS3 Local Apps Users WLAN IPSec www 100+ Mbps

5 Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net Secure Service Gateway Family  Secure Services Gateway (SSG) family integrates proven security of ScreenOS and WAN connectivity to deliver secured and assured networking New levels of price/performance and I/O flexibility Unified Threat Management features complement FW, IPSec VPN  Ideal small to medium stand alone business / branch office offerings  Can be deployed as a traditional Firewall, as a Site to Site VPN and as a Security Router SSG 5 SSG 20 SSG 140 SSG 550/SSG 550M SSG 520SSG 520M

6 Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net ScreenOS: Proven Enterprise Class Security SSG Purpose-Built Hardware Platform LAN & WAN I/O Mgmt/ Modem  Rich networking and virtualization capabilities Segmentation (Zones, VLANs) to divide the network into secure segments Combines ScreenOS deployment modes, dynamic routing and high availability with select JUNOS WAN encapsulations  Security Zones  LAN Routing  Deployment Modes  WAN Encapsulations Networking  Network security features / Access control Stateful firewall, IPSec VPN, NAT, DoS protection, user authentication  FW  IPSec VPN  DoS/DDoS  User auth. Network Security Features ScreenOS UTM Features / Content Security  Antivirus/Anti- Spyware  Web filtering  Anti-Spam  IPS (Deep Inspection)  Integrated Unified Threat Management (UTM) security features IPS (Deep Inspection), Antivirus (includes Anti-Spyware, Anti-Phishing) Anti-Spam, Web filtering

7 Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net Unified Threat Management Features Stop Common and Emerging Threats Inbound Threats Outbound Threats SurfControl to block Spyware Site Access / Phishing Site Access Web Filtering Kaspersky Lab AV stops Viruses, file-based Trojans Spyware, Adware, Keyloggers Viruses, file-based Trojans AV Symantec stops Spam / Phishing Anti Spam Worms, Trojans Worms, Trojans, DoS (L4 & L7), Recon, Scans IPS/DI Stateful Firewall

8 Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net UTM Security Backed by Best-In-Class Partners  Integrated Kaspersky Antivirus solution blocks thousands of viruses PLUS Spyware / Adware / Keyloggers  Integrated or redirect Web filtering with SurfControl blocks outbound access to known Spyware, Phishing, & Virus download sites Integrated via SurfControl or redirect via SurfControl or Websense  Integrated Anti-Spam from Symantec Brightmail-based database blocks (and/or tags) spam by using robust IP based, constantly updated worldwide list of spammers and phishers  Intrusion Prevention (Deep Inspection) detects several thousand attacks such as Worms, Trojans and other malware for up to 43 protocols  Delivered in the form of an annual subscription fee

9 Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net Network Segmentation Security Zones, VLANs, Virtual Routers  Security zones, VLANs Virtual Routers Divide network into logical, secure domains Protect network with Inter-, Intra- zone policies  Key benefits: Better Security Divide the network into distinct, secure domains Able to assign appropriate levels of security to different user groups Competitive differentiator DMZ Trusted Zone Full access to all resources Zone2 “Guests” Web access only Zone1 “Hoteling” employees Web, , key apps

10 Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net Routing and Network Deployment Modes Simplify Network Integration  Dynamic routing and deployment modes Support for transparent, static and dynamic route modes Dynamic routing support across entire product line OSPF, BGP, RIPv1/2 available on all products WAN encapsulation support FR, MLFR, PPP, MLPPP and HDLC  Benefit: Automatically learns network configuration Facilitates security deployment without network configuration changes Simplifies network integration Reduces manual configuration efforts Facilitates WAN connectivity Increases network resiliency – especially for VPNs

11 Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net SSG 5 or SSG 20 Bridge Groups Interface Configuration Flexibility  Replaces Port Modes (SSG 5 / SSG 20 only) with more flexible means of interface configuration  Group Ethernet ports and Wireless ports as L2 Switch with one logical L3 interface – no policy between ports - apply policy to bgroup  As policy dictates, Bridge Group interface can act as L2 switch – directing traffic to destination eth wireless eth bgroup Src1 Dst1 Bridge Groups as a virtual L2 Switch eth Server Farm Security Zone Traffic eth wireless eth bgroup Bridge Groups as a L3 interface assigned to a Server Farm Security Zone SSG 5 or SSG 20

12 Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net Secure, Centralized Management  Centralized control over SSG population Remote Management Secure, centralized management of firewall, VPN, content security, and routing across all devices Rapid Deployment Reduce provisioning time / streamline large deployments Role-based administration Delegate administrative access to key support people by assigning specific tasks to specific individuals Centralized activation/deactivation of security features Application attack protection, Web usage control, Payload attack protection, Spam Control SSG Family supported by NSM* now Schema update may be required * Some functions (WAN Config) may be CLI only Network Security Operations Network Security Operations Network Security Operations

13 Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net  Key Security and Routing Features  SSG Family Specifications  Deployment Examples Agenda

14 Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net Secure Service Gateway Family  SSG 5 - Six fixed form factor models 160 Mbps FW / 40 Mbps VPN  SSG 20 – 2 modular models 160 Mbps FW / 40 Mbps VPN  SSG Mbps FW / 100 Mbps VPN 8 FE + 2 GE Interfaces + 4 WAN PIM slots  SSG 520/SSG 520M 650+ Mbps FW / 300 Mbps VPN  SSG 550/SSG 550M 1+ Gbps FW / 500 Mbps VPN SSG 550/SSG 550M SSG 520/SSG 520M SSG 5 SSG 20 SSG 140

15 Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net SSG 5 Overview Performance and physical characteristics  160 Mbps FW (large packets)/ 90 Mbps FW (IMIX) / 40 Mbps VPN Integrated Fan w/ Temp Sensor (wireless only) Reliability and extensibility  External AC power supply  Full Active/Passive (w/ Extended license)  User upgradeable memory Flexible connectivity  Fixed form factor w/ 7 Fast Ethernet + 1 WAN interface Factory configured WAN options include ISDN BRI S/T or V.92 or RS-232 Serial/Aux Optional factory configured Dual radio a b/g Six models to choose from

16 Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net SSG 20 Overview Performance and physical characteristics  160 Mbps FW (large packets)/ 90 Mbps FW (IMIX) / 40 Mbps VPN Integrated Fan w/ Temp Sensor (wireless only) Reliability and extensibility  External AC power supply  Full Active/Passive (w/ Extended license)  User upgradeable memory Flexible connectivity  5 Fast Ethernet + 2 Mini I/O slots Mini PIM options include ADSL2+, T1, E1, ISDN BRI S/T, V.92 at FCS Optional factory configured Dual radio a b/g Two models to choose from

17 Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net SSG 20 I/O Extensibility  Mini-PIMS are small form factor Size of a deck of cards Not compatible with any other SSG or J series ADSL 2+ V.92 E1 T1 ISDN BRI S/T (2) I/O expansion slots

18 Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net SSG 140 Overview  350+ Mbps FW (large packets)/ 300 Mbps FW (IMIX) / 100 Mbps VPN  Brings high performance UTM Security features to the mid- market  Full Active/Passive HA  Fixed 10/100 and 10/100/1000 interfaces  (4) interface expansion slots Existing dual Port T1 Existing dual Port E1 Existing Dual Port Serial  New Interfaces at FCS Single Port ISDN Front View Back View

19 Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net SSG 140 Interface Support 1.Console and RS-232/Aux interfaces 2.(8) 10/100 interfaces 3.(2) 10/100/1000 interfaces 4.(4) interface expansion slots: 2xT1, 2xE1, 2xSerial, 1xISDN BRI S/T 5.Status LEDs for rear installed I/O cards – visible from front Front View 4 Back View 5

20 Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net SSG Family Summary SSG 5SSG 20SSG 140 FW Mbps (Large Packets)160 Mbps 350+ Mbps FW Mbps (IMIX)90 Mbps 300 Mbps FW PPS (64 Byte)30k 100k VPN (1400 Byte)40 Mbps 100 Mbps IPS (Deep Inspection FW)Yes AntivirusYes Anti-spamYes Web FilteringYes Modular I/ONoYes Routing (RIP/OSPF/BGP)Yes WAN EncapsulationsYes HAOptional Yes

21 Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net SSG Family Positioning Availability Full Mesh / Active-Active, Redundant Power Capacity, Performance and Features Active-Passive Optional Active-Passive (w Ext Lic) >2x FW Perf & Sessions >2x VPN Perf & Tunnels >2x Zones & VLANs Stateful HA ( AP ) GigE interfaces ~2x FW Perf & Sessions ~1.5x VPN Perf & Tunnels AA Full Mesh HA Redundant Power Modular I/O 2 x Mini-PIM’s ~2x FW Perf & Sessions >3x VPN Perf & Tunnels Modular LAN (GigE) 10M+ UTM25M+ UTM100M+ UTM200M+ UTMPerformance Recommendations

22 Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net SSG Family Interface Module Summary PIM/EPIM/Mini-PIMSSG 20SSG 140SSG 550 SSG 550M 1 x T1 Mini-PIM  -- 1 x E1 Mini-PIM  -- 1 x ADSL 2+ Mini-PIM  -- 1 x V.92 Mini-PIM  -- 1 x ISDN BRI S/T Mini-PIM  -- 2 x T1 PIM* --  2 x E1 PIM* --  2 x Serial PIM* --  1 x ISDN BRI S/T PIM --  1 x DS3 PIM* --  4 x FE EPIM --  1 x Gbe EPIM --  1 x SFP EPIM --  * I/O card also compatible with J Series routers

23 Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net SSG Product Family Fit Small Branch, Small Business, Telecommuters Regional Office, Medium Enterprise Performance  Improved performance & processing  Wider range of platforms with UTM  Modular (Expandable) Memory  Improved connectivity

24 Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net SSG Family Summary  Security: Proven ScreenOS + Best-in-class UTM Security features without add-on hardware Stateful FW, IPSec VPN, IPS, AV, (incl. Anti-Phishing,Anti-Spyware), Anti-Spam, Web filtering Network segmentation via security zones and VLANs  Performance: Purpose built platforms that deliver unmatched price/performance to branch office market  WAN Connectivity: Widest range of FW platforms with WAN interfaces and protocols Security platforms with LAN and WAN routing capabilities Dynamic routing, virtual routers, VPN, high availability, VLANs New WAN interfaces and encapsulations taken from J-Series and JUNOS  Centralized management with NSM

25 Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net Agenda  Key Security and Routing Features  SSG Family Specifications  Deployment Examples

26 Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net Secure Services Gateway Deployment Options As a security device 1.Firewall protecting the network using ScreenOS stateful FW 2.Site-to-site IPsec VPN using ScreenOS VPN dynamic, route based VPN 3.Multifunction security platform using FW plus best-in-class UTM security features, proven in NetScreen-5GT Antivirus, Web filtering, Anti-Spam, IPS As a security router  Security features = FW, IPSec VPN, UTM features  Branch office routing: Broad range of LAN + WAN connectivity 10/100, 10/100/1000, SFP supported by OSPF, BGP, RIPv1/2 DS3, T1, E1, ADSL 2+, ISDN, V.92 supported by PPP, MLPPP, FR, MLFR, HDLC HQ WWW

27 Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net Small Business Deployment Example SSG 5 Primary Link = External DSL modem ISP Back up options = ISDN S/T or V.92 or Modem connected to Serial interface Internet Wireless Zone Server Zone Small Business  SSG 5 Fixed format appliance: 7x10/100 – connected to DSL modem Factory configured back up I/O options: V.92 or ISDN or Serial Factory configured Wireless option: a/b/g

28 Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net Small/Medium Office Deployment Example SSG 20 Internet Primary Link = ADSL or T1 I/O module Backup = ISDN S/T or V.92 I/O module or externally connected modem Wireless Zone Server Zone Small Business  SSG 20 Modular appliance: 5x10/ I/O slots ADSL 2+, T1, E1, V.92, ISDN BRI/S/T Factory configured Wireless option: a/b/g ISP

Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 29 Thank you