260 likes | 509 Views
ScreenOS 6.1 Overview Presentation. January 2008. Agenda. Overview Platform/HW Changes Platforms supported by ScreenOS 6.1 New PIMs Features Capacity Increases Key Features IPv6 Enhancements UTM Enhancements Firewall Enhancements Feature Summary. Overview.
E N D
ScreenOS 6.1Overview Presentation January 2008
Agenda • Overview • Platform/HW Changes • Platforms supported by ScreenOS 6.1 • New PIMs • Features • Capacity Increases • Key Features • IPv6 Enhancements • UTM Enhancements • Firewall Enhancements • Feature Summary
Overview • Release of ScreenOS software for Juniper Networks FW/VPN, UTM and integrated FW/IPS products • Provide feature enhancements across wide range categories and products
Agenda • Overview • Platform/HW Changes • Platforms supported by ScreenOS 6.1 • New PIMs • Features • Capacity Increases • Key Features • IPv6 Enhancements • UTM Enhancements • Firewall Enhancements • Feature Summary
ScreenOS 6.1 Platform Support • Supported • SSG 5/SSG 20 • SSG 140 • SSG 520/SSG 550 • SSG 520M/SSG 550M • ISG 1000/ISG 2000 • ISG 1000/ISG 2000 - IDP • NS 5000 - MGT2/SPM2 • Not Supported • NS 5XT/GT (basic, ADSL, WLAN) • NS 25 / NS 50 • NS 204 / NS 208 • NS 500 • NS 5000 - MGT1/SPM1 • NS 5000 – MGT2/SPM1 • Platforms not supported • Memory and CPU capacity limitation • Cannot support ScreenOS 6.1 and future releases • Customers will continue to receive maintenance and service releases
SSG and NS Product Family • Improved performance & processing • Wider range of platforms with UTM • Modular (Expandable) Memory • Improved connectivity Performance Small Branch, Small Business, Telecommuters Regional Office, Medium Enterprise
New PIMs • Two new PIMs for SSG product line • 1-port ISDN BRI PIM for SSG 320M/SSG 350M • 1-port Gigabit SFP uPIM (all SSG except 5 and 20) • Customer Benefit • Flexible LAN and WAN connectivity interfaces for secure reliable network connectivity to remote, branch, and regional offices • 1-port ISDN BRI expands WAN connectivity options to include ISDN dial backup for the SSG 320M/SSG 350M • 1-port Gigabit SFP uPIM provides a highly flexible interface with a small form-factor pluggable transceiver (SFP) slot • 100 Mbps or Gigabit Ethernet connectivity over diverse media types • uPIMs can be used in regular PIM or enhanced PIM high speed slots for increased deployment flexibility and cost effectiveness SSG Only
New Hardware • New hardware for NS-5000 product line • Management 3 Module • 8-port mini GBIC Interface Secure Port Modules (SPM) • 2 x 10 Gig Ethernet Ports Interface SPM • Customer Benefit • The MGT3 module is designed with faster CPU and increased cache for enhanced overall performance • New SPMs offload CPU to improve packet processing efficiency • New SPMs are designed with 4th generation ASIC supporting Enhanced DMA engine NS-5000 Only
Agenda • Overview • Platform/HW Changes • Platforms supported by ScreenOS 6.1 • New PIMs • Features • Capacity Increases • Key Features • IPv6 Enhancements • UTM Enhancements • Firewall Enhancements • Feature Summary
IKEv2 • Customer Requirements • Service providers wishing to capitalize on Unlicensed Mobile Access (UMA) market require IKEv2 with EAP support • 3GPP has formally adopted a UMA security standard that includes IKEv2 with EAP to ensure privacy, data integrity and user authentication • What is the new feature? • IKEv2 allows for different authentication methods between end-points • Support of EAP allows encapsulation of varying authentication types • EAP-TTLS • EAP-SIM • EAP-PEAP ISG NS-5000 SSG
IPV6 Support • Customer Requirements • Select customers requiring flexibility to support IPv6 on wide range of security products • What is the new feature? • IPv6 is supported across all Juniper security products running ScreenOS 6.1 • All SSG models now support IPv6 adding to the existing support on NS-5K and ISG product line ISG NS-5000 SSG
Active/Active NSRP • Customer Requirements • Some customers require security gateways to run in transparent mode for ease of monitoring • They also require redundant deployment offering high throughput (load-sharing) • What is the new feature? • Support of Active/Active failover in NetScreen Redundant Protocol (NSRP) for transparent mode • Prior to ScreenOS 6.1, only Active/Passive was supported ISG NS-5000 * This feature is supported on NS-5000 products with MGT2/SPM2
Dynamic Discovery of Enforcers for UAC • Customer Requirements • Customers require granular control over which FWs act as enforcement points for UAC • Ensure FWs are not overburdened with Infranet Controller provisioning all FWs • What is the new feature? • The FWs inform the Infranet Controller if it is not configured to support that particular Infranet Controller • Offers granular control of which FWs are provisioned as enforcement points ISG NS-5000 SSG
Agenda • Overview • Platform/HW Changes • Platforms supported by ScreenOS 6.1 • New PIMs • Features • Capacity Increases • Key Features • IPv6 Enhancements • UTM Enhancements • Firewall Enhancements • Feature Summary
IPv6 EnhancementsALG Support • Customer Requirements • Customers require the use of multi-media protocols for various services in IPv6 network • Customer require security solutions that can secure the protocols in IPv6 environment • What is the new feature? • Application Layer Gateway support for the following protocols are provided in IPv6 environment • RTSP • SIP • Sun-RPC • MS-RPC ISG NS-5000 SSG
IPv6 EnhancementsWAN Interface Support • Customer Requirements • In addition to the IPv6 support on the LAN interfaces, customers also require it on the WAN ports • Customers require IPv6 support on wide range of protocols used in WAN connectivity • What is the new feature? • WAN interface now supports IPv6 and are no longer disabled by default when configured for IPv6 • Solutions such as auto-configuration, neighbor discovery and other services now available SSG
IPv6 EnhancementsSyn-Cookie/Syn-Proxy Support • Customer Requirements • Security against common Denial of Service attacks in IPv6 network • What is the new feature? • DoS attack detection mechanism added for IPv6 • Attacks that traverse IPv4 and IPv6 boundaries are also detected ISG NS-5000 SSG
UTM Enhancements • Customer Requirements • Update the AV or DI of security products that don’t have a direct Internet access • Ability to AV scan large files (>10 MB) • Select more than one signature pack • What is the new feature? • Proxy capability permitting updates from proxy server rather than Juniper server • Increased files size support for AV scan • Increased memory for DI to enable more than one signature pack * SSG * Selection of more than one signature pack is supported only on the SSG 500s
Firewall EnhancementsPer-policy Session Establishment Rate Limiting • Customer Requirements • Protect servers and resources from over-zealous users or attackers • Prevent one user from draining network resources and provide a level of QoS • What is the new feature? • Administrator can configure the policy to place a limit on the number of sessions initiated by a single source IP address ISG NS-5000 SSG
Firewall EnhancementsSecurity for Dial-in via V.92 • Customer Requirements • Leverage the remote dial-in console access with security safeguards • Similar to user passwords, apply rules to deny connection after x number of login attempts • Provide some level of control on who can dial-in to the appliance • What is the new feature? • Support white/black phone number lists • Configurable number of log-ins and timeouts • Logging for both successful and unsuccessful log-in attempts SSG 5 and 20
Agenda • Overview • Platform/HW Changes • Platforms supported by ScreenOS 6.1 • New PIMs • Features • Capacity Increases • Key Features • IPv6 Enhancements • UTM Enhancements • Firewall Enhancements • Feature Summary
ScreenOS 6.1 Feature Summary Features identified in black text have not been covered in previous slides
ScreenOS 6.1 Feature Summary (cont.) Features identified in black text have not been covered in previous slides