Presentation is loading. Please wait.

Presentation is loading. Please wait.

Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 1 Secure Services Gateway (SSG)Family Overview SSG 5, SSG 20, SSG 140.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 1 Secure Services Gateway (SSG)Family Overview SSG 5, SSG 20, SSG 140."— Presentation transcript:

1 Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 1 Secure Services Gateway (SSG)Family Overview SSG 5, SSG 20, SSG 140

2 2 Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net  Key Security and Routing Features  SSG Family Specifications  Deployment Examples Agenda

3 3 Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net Internal security Content protection No IT staff Current Trends  By 2007, 50% of the companies surveyed will significantly increase their WAN access bandwidth – Infonetics  More employees working away from main offices 91% of employees in companies of all sizes, work outside of main office – Nemertes Research  Security risks continue In 2005, 56% of companies had at least 1 internal attack 65% had at least 1 external attack – CSI/FBI 2005 survey  Small to medium business FW opportunity in 2006 = $1 Billion (Infonetics) Wi Fi DMZ Bandwidth usage Direct Internet Remote mgmt

4 4 Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net Small to Medium Branch Office / Business Characteristics  Smaller in scale, but not necessarily less complex than big businesses or HQ sites Multiple local networks More complicated security due to environment, support, etc Many devices on a per capita basis No local IT help  Range of WAN connections: from DS3 to low speed modem  Require protection for owned and non-owned IT assets Firewall, VPN, IPS and File-based AV scanning, Spyware detection Internal network segmentation for attack mitigation, access control Outbound link = > T1, DSL, DS3 Local Apps Users WLAN IPSec www 100+ Mbps

5 5 Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net Secure Service Gateway Family  Secure Services Gateway (SSG) family integrates proven security of ScreenOS and WAN connectivity to deliver secured and assured networking New levels of price/performance and I/O flexibility Unified Threat Management features complement FW, IPSec VPN  Ideal small to medium stand alone business / branch office offerings  Can be deployed as a traditional Firewall, as a Site to Site VPN and as a Security Router SSG 5 SSG 20 SSG 140 SSG 550/SSG 550M SSG 520SSG 520M

6 6 Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net ScreenOS: Proven Enterprise Class Security SSG Purpose-Built Hardware Platform LAN & WAN I/O Mgmt/ Modem  Rich networking and virtualization capabilities Segmentation (Zones, VLANs) to divide the network into secure segments Combines ScreenOS deployment modes, dynamic routing and high availability with select JUNOS WAN encapsulations  Security Zones  LAN Routing  Deployment Modes  WAN Encapsulations Networking  Network security features / Access control Stateful firewall, IPSec VPN, NAT, DoS protection, user authentication  FW  IPSec VPN  DoS/DDoS  User auth. Network Security Features ScreenOS UTM Features / Content Security  Antivirus/Anti- Spyware  Web filtering  Anti-Spam  IPS (Deep Inspection)  Integrated Unified Threat Management (UTM) security features IPS (Deep Inspection), Antivirus (includes Anti-Spyware, Anti-Phishing) Anti-Spam, Web filtering

7 7 Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net Unified Threat Management Features Stop Common and Emerging Threats Inbound Threats Outbound Threats SurfControl to block Spyware Site Access / Phishing Site Access Web Filtering Kaspersky Lab AV stops Viruses, file-based Trojans Spyware, Adware, Keyloggers Viruses, file-based Trojans AV Symantec stops Spam / Phishing Anti Spam Worms, Trojans Worms, Trojans, DoS (L4 & L7), Recon, Scans IPS/DI Stateful Firewall

8 8 Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net UTM Security Backed by Best-In-Class Partners  Integrated Kaspersky Antivirus solution blocks thousands of viruses PLUS Spyware / Adware / Keyloggers  Integrated or redirect Web filtering with SurfControl blocks outbound access to known Spyware, Phishing, & Virus download sites Integrated via SurfControl or redirect via SurfControl or Websense  Integrated Anti-Spam from Symantec Brightmail-based database blocks (and/or tags) spam by using robust IP based, constantly updated worldwide list of spammers and phishers  Intrusion Prevention (Deep Inspection) detects several thousand attacks such as Worms, Trojans and other malware for up to 43 protocols  Delivered in the form of an annual subscription fee

9 9 Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net Network Segmentation Security Zones, VLANs, Virtual Routers  Security zones, VLANs Virtual Routers Divide network into logical, secure domains Protect network with Inter-, Intra- zone policies  Key benefits: Better Security Divide the network into distinct, secure domains Able to assign appropriate levels of security to different user groups Competitive differentiator DMZ Trusted Zone Full access to all resources Zone2 “Guests” Web access only Zone1 “Hoteling” employees Web, email, key apps

10 10 Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net Routing and Network Deployment Modes Simplify Network Integration  Dynamic routing and deployment modes Support for transparent, static and dynamic route modes Dynamic routing support across entire product line OSPF, BGP, RIPv1/2 available on all products WAN encapsulation support FR, MLFR, PPP, MLPPP and HDLC  Benefit: Automatically learns network configuration Facilitates security deployment without network configuration changes Simplifies network integration Reduces manual configuration efforts Facilitates WAN connectivity Increases network resiliency – especially for VPNs

11 11 Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net SSG 5 or SSG 20 Bridge Groups Interface Configuration Flexibility  Replaces Port Modes (SSG 5 / SSG 20 only) with more flexible means of interface configuration  Group Ethernet ports and Wireless ports as L2 Switch with one logical L3 interface – no policy between ports - apply policy to bgroup  As policy dictates, Bridge Group interface can act as L2 switch – directing traffic to destination eth wireless eth bgroup Src1 Dst1 Bridge Groups as a virtual L2 Switch eth Server Farm Security Zone Traffic eth wireless eth bgroup Bridge Groups as a L3 interface assigned to a Server Farm Security Zone SSG 5 or SSG 20

12 12 Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net Secure, Centralized Management  Centralized control over SSG population Remote Management Secure, centralized management of firewall, VPN, content security, and routing across all devices Rapid Deployment Reduce provisioning time / streamline large deployments Role-based administration Delegate administrative access to key support people by assigning specific tasks to specific individuals Centralized activation/deactivation of security features Application attack protection, Web usage control, Payload attack protection, Spam Control SSG Family supported by NSM* now Schema update may be required * Some functions (WAN Config) may be CLI only Network Security Operations Network Security Operations Network Security Operations

13 13 Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net  Key Security and Routing Features  SSG Family Specifications  Deployment Examples Agenda

14 14 Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net Secure Service Gateway Family  SSG 5 - Six fixed form factor models 160 Mbps FW / 40 Mbps VPN  SSG 20 – 2 modular models 160 Mbps FW / 40 Mbps VPN  SSG 140 350+ Mbps FW / 100 Mbps VPN 8 FE + 2 GE Interfaces + 4 WAN PIM slots  SSG 520/SSG 520M 650+ Mbps FW / 300 Mbps VPN  SSG 550/SSG 550M 1+ Gbps FW / 500 Mbps VPN SSG 550/SSG 550M SSG 520/SSG 520M SSG 5 SSG 20 SSG 140

15 15 Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net SSG 5 Overview Performance and physical characteristics  160 Mbps FW (large packets)/ 90 Mbps FW (IMIX) / 40 Mbps VPN Integrated Fan w/ Temp Sensor (wireless only) Reliability and extensibility  External AC power supply  Full Active/Passive (w/ Extended license)  User upgradeable memory Flexible connectivity  Fixed form factor w/ 7 Fast Ethernet + 1 WAN interface Factory configured WAN options include ISDN BRI S/T or V.92 or RS-232 Serial/Aux Optional factory configured Dual radio 802.11a + 802.11 b/g Six models to choose from

16 16 Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net SSG 20 Overview Performance and physical characteristics  160 Mbps FW (large packets)/ 90 Mbps FW (IMIX) / 40 Mbps VPN Integrated Fan w/ Temp Sensor (wireless only) Reliability and extensibility  External AC power supply  Full Active/Passive (w/ Extended license)  User upgradeable memory Flexible connectivity  5 Fast Ethernet + 2 Mini I/O slots Mini PIM options include ADSL2+, T1, E1, ISDN BRI S/T, V.92 at FCS Optional factory configured Dual radio 802.11a + 802.11 b/g Two models to choose from

17 17 Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net SSG 20 I/O Extensibility  Mini-PIMS are small form factor Size of a deck of cards Not compatible with any other SSG or J series ADSL 2+ V.92 E1 T1 ISDN BRI S/T (2) I/O expansion slots

18 18 Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net SSG 140 Overview  350+ Mbps FW (large packets)/ 300 Mbps FW (IMIX) / 100 Mbps VPN  Brings high performance UTM Security features to the mid- market  Full Active/Passive HA  Fixed 10/100 and 10/100/1000 interfaces  (4) interface expansion slots Existing dual Port T1 Existing dual Port E1 Existing Dual Port Serial  New Interfaces at FCS Single Port ISDN Front View Back View

19 19 Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net SSG 140 Interface Support 1.Console and RS-232/Aux interfaces 2.(8) 10/100 interfaces 3.(2) 10/100/1000 interfaces 4.(4) interface expansion slots: 2xT1, 2xE1, 2xSerial, 1xISDN BRI S/T 5.Status LEDs for rear installed I/O cards – visible from front 1 2 3 Front View 4 Back View 5

20 20 Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net SSG Family Summary SSG 5SSG 20SSG 140 FW Mbps (Large Packets)160 Mbps 350+ Mbps FW Mbps (IMIX)90 Mbps 300 Mbps FW PPS (64 Byte)30k 100k VPN (1400 Byte)40 Mbps 100 Mbps IPS (Deep Inspection FW)Yes AntivirusYes Anti-spamYes Web FilteringYes Modular I/ONoYes Routing (RIP/OSPF/BGP)Yes WAN EncapsulationsYes HAOptional Yes

21 21 Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net SSG Family Positioning Availability Full Mesh / Active-Active, Redundant Power Capacity, Performance and Features Active-Passive Optional Active-Passive (w Ext Lic) >2x FW Perf & Sessions >2x VPN Perf & Tunnels >2x Zones & VLANs Stateful HA ( AP ) GigE interfaces ~2x FW Perf & Sessions ~1.5x VPN Perf & Tunnels AA Full Mesh HA Redundant Power Modular I/O 2 x Mini-PIM’s ~2x FW Perf & Sessions >3x VPN Perf & Tunnels Modular LAN (GigE) 10M+ UTM25M+ UTM100M+ UTM200M+ UTMPerformance Recommendations

22 22 Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net SSG Family Interface Module Summary PIM/EPIM/Mini-PIMSSG 20SSG 140SSG 550 SSG 550M 1 x T1 Mini-PIM  -- 1 x E1 Mini-PIM  -- 1 x ADSL 2+ Mini-PIM  -- 1 x V.92 Mini-PIM  -- 1 x ISDN BRI S/T Mini-PIM  -- 2 x T1 PIM* --  2 x E1 PIM* --  2 x Serial PIM* --  1 x ISDN BRI S/T PIM --  1 x DS3 PIM* --  4 x FE EPIM --  1 x Gbe EPIM --  1 x SFP EPIM --  * I/O card also compatible with J Series routers

23 23 Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net SSG Product Family Fit Small Branch, Small Business, Telecommuters Regional Office, Medium Enterprise Performance  Improved performance & processing  Wider range of platforms with UTM  Modular (Expandable) Memory  Improved connectivity

24 24 Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net SSG Family Summary  Security: Proven ScreenOS + Best-in-class UTM Security features without add-on hardware Stateful FW, IPSec VPN, IPS, AV, (incl. Anti-Phishing,Anti-Spyware), Anti-Spam, Web filtering Network segmentation via security zones and VLANs  Performance: Purpose built platforms that deliver unmatched price/performance to branch office market  WAN Connectivity: Widest range of FW platforms with WAN interfaces and protocols Security platforms with LAN and WAN routing capabilities Dynamic routing, virtual routers, VPN, high availability, VLANs New WAN interfaces and encapsulations taken from J-Series and JUNOS  Centralized management with NSM

25 25 Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net Agenda  Key Security and Routing Features  SSG Family Specifications  Deployment Examples

26 26 Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net Secure Services Gateway Deployment Options As a security device 1.Firewall protecting the network using ScreenOS stateful FW 2.Site-to-site IPsec VPN using ScreenOS VPN dynamic, route based VPN 3.Multifunction security platform using FW plus best-in-class UTM security features, proven in NetScreen-5GT Antivirus, Web filtering, Anti-Spam, IPS As a security router  Security features = FW, IPSec VPN, UTM features  Branch office routing: Broad range of LAN + WAN connectivity 10/100, 10/100/1000, SFP supported by OSPF, BGP, RIPv1/2 DS3, T1, E1, ADSL 2+, ISDN, V.92 supported by PPP, MLPPP, FR, MLFR, HDLC HQ WWW

27 27 Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net Small Business Deployment Example SSG 5 Primary Link = External DSL modem ISP Back up options = ISDN S/T or V.92 or Modem connected to Serial interface Internet Wireless Zone Server Zone Small Business  SSG 5 Fixed format appliance: 7x10/100 – connected to DSL modem Factory configured back up I/O options: V.92 or ISDN or Serial Factory configured Wireless option: 802.11 a/b/g

28 28 Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net Small/Medium Office Deployment Example SSG 20 Internet Primary Link = ADSL or T1 I/O module Backup = ISDN S/T or V.92 I/O module or externally connected modem Wireless Zone Server Zone Small Business  SSG 20 Modular appliance: 5x10/100 + 2 I/O slots ADSL 2+, T1, E1, V.92, ISDN BRI/S/T Factory configured Wireless option: 802.11 a/b/g ISP

29 Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 29 Thank you

Download ppt "Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 1 Secure Services Gateway (SSG)Family Overview SSG 5, SSG 20, SSG 140."

Similar presentations

| Copyright © 2009 Juniper Networks, Inc. | www.juniper.net 1 WX Client Rajoo Nagar PLM, WABU.

| Copyright © 2009 Juniper Networks, Inc. | 1 WX Client Rajoo Nagar PLM, WABU.
DNA-A212 / DNA-A213 ADSL 2+ Modem/Router

DNA-A212 / DNA-A213 ADSL 2+ Modem/Router
Chapter 1: Introduction to Scaling Networks

Chapter 1: Introduction to Scaling Networks
M A Wajid Tanveer http://www.IctDirector.com Infrastructure M A Wajid Tanveer http://www.IctDirector.com.

M A Wajid Tanveer Infrastructure M A Wajid Tanveer
Introducing Quick Heal Terminator.

Introducing Quick Heal Terminator.
New Solutions to New Threats. The Threats, They Are A Changing Page 2 | © 2008 Palo Alto Networks. Proprietary and Confidential.

New Solutions to New Threats. The Threats, They Are A Changing Page 2 | © 2008 Palo Alto Networks. Proprietary and Confidential.
Agenda Product Overview Hardware Interfaces Software Features

Agenda Product Overview Hardware Interfaces Software Features
© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1 High-performance Gigabit Ethernet ports rapidly transfer large files supporting.

© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1 High-performance Gigabit Ethernet ports rapidly transfer large files supporting.
Cisco Confidential 1 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco SB Summit Praha, 26.4.2012 Jan Křístek Tomáš Chott.

Cisco Confidential 1 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco SB Summit Praha, Jan Křístek Tomáš Chott.
Www.cyberoam.com © Copyright 2012 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. Securing You Cyberoam Virtual UTM Our Products Unified Threat Management.

© Copyright 2012 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. Securing You Cyberoam Virtual UTM Our Products Unified Threat Management.
Setting Up a Virtual Private Network Chapter 9. Learning Objectives Understand the components and essential operations of virtual private networks (VPNs)

Setting Up a Virtual Private Network Chapter 9. Learning Objectives Understand the components and essential operations of virtual private networks (VPNs)
Module CSY3021 Network Planning and Programming RD-CSY3021-08/09 1.

Module CSY3021 Network Planning and Programming RD-CSY /09 1.
Nada Abdulla Ahmed.  SmoothWall Express is an open source firewall distribution based on the GNU/Linux operating system. Designed for ease of use, SmoothWall.

Nada Abdulla Ahmed.  SmoothWall Express is an open source firewall distribution based on the GNU/Linux operating system. Designed for ease of use, SmoothWall.
[Unrestricted]—For everyone ©2009 Check Point Software Technologies Ltd. All rights reserved. Power-1 Appliances Scalable Security Performance.

[Unrestricted]—For everyone ©2009 Check Point Software Technologies Ltd. All rights reserved. Power-1 Appliances Scalable Security Performance.
Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.

Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Jonas Lippuner. Overview IPCop  Introduction  Network Structure  Services  Addons Installing IPCop on a SD card  Hardware  Installation.

Jonas Lippuner. Overview IPCop  Introduction  Network Structure  Services  Addons Installing IPCop on a SD card  Hardware  Installation.
MSIT 458: Information Security & Assurance By Curtis Pethley.

MSIT 458: Information Security & Assurance By Curtis Pethley.
Presented by Serge Kpan LTEC 4550.020 Network Systems Administration 1.

Presented by Serge Kpan LTEC Network Systems Administration 1.
Copyright © 2003 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 1 Copyright © 2005 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net.

Copyright © 2003 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 1 Copyright © 2005 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net.

Similar presentations

Ads by Google