400 likes | 930 Views
SRX Product Presentation. Mike Flaum Product Marketing Manager April 23, 2009.
E N D
SRX Product Presentation Mike Flaum Product Marketing Manager April 23, 2009
This statement of product direction sets forth Juniper Networks’ current intention and is subject to change at any time without notice. No purchases are contingent upon Juniper Networks delivering any feature or functionality depicted on this statement. This presentation is under NDA until May 4, 2009 for all customers, Partners, Resellers, Distributors or any person or entity outside of Juniper Networks. Legal statement
Table of contents Distributed Enterprise SRX Series Services Gateways - Product
Today’s news New Distributed Enterprise Solutions • Best reach for a carrier-grade network OS • New SRX Services Gateway Series starting at $699 • New entry-level EX Series Gigabit access switches • First Secure Router with integrated content security • Unified Threat Management and Intrusion Prevention Services now integrated into JUNOS software • Only “Support Engineer in a Box” service • Advanced Insight Solutions now available for branch products
Multi-year trends in the enterprise Workforce Globalization The Distributed Enterprise Data/App Consolidation Clients(billions) Global High-Performance Network Mega Data Centers(thousands) Mobile Home Branch Campus
Distributed enterprise realities Global workforce centers Thousands of employees Headquarters in Sunnyvale Why Does the Distributed Enterprise Need a High-Performance Network? • Secure and reliable transactions • Responsive and private applications • High-quality collaboration and communications Hundreds of employees Design center in Bangalore Acquisition in Boston • Cost • Complexity • Risk Regional Sales Office Tens of employees Service office Sales office A handful of employees
Using high-performance networking to reduce complexity High-performance network Scalable OS #1 OS #2 OS #3 OS #4 Fast Firewall/VPN Switch Router Voice gateway UTM IPS Access Control Dynamic Services Architecture Firewall/VPN Switch Router Voice gateway UTM IPS Access Control Reliable Secure Simple Juniper High-Performance Network Legacy Network Learn and configure one OS Use fewer boxes Simplifysoftwaremanagement 9.2 9.3 9.4
Solution portfolio SRX5000 Series EX8216 SRX3000 Series MX Series SERVICES GATEWAYS SRX650 EX8208 ROUTERS SWITCHES SRX240 EX4200 M Series SRX210 EX3200 J Series SRX100 EX2200 Unified Management (NSM)
UTM IPS Antispam Web filtering Antivirus UAC Content Filtering Routing Firewall IPSec VPN VoIP Fax WLAN AP Power Over Ethernet Security Camera Analog MPLS Metro Internet PSTN 3G Three key market drivers LICENSED FREE CONSOLIDATION Voice and Data • Network migration to multi-service platform—“Secure Router” instead of multiple appliances • Secure Router = • Router + Firewall + VPN + Switching • Unified Threat Management Ethernet Switching NETWORK SECURITY CONVERGENCE • VoIP Gateway and VoIP handsets • Power over Ethernet • Wireless Access Points CONNECTIVITY • Internet • Metro Ethernet • MPLS • Wireless WAN 3G • PSTN
Advanced FW / VPN /ROUTING license included Full UTM 16 X Gigabit Ethernet 20X IPS performance Up to 80% lower price New SRX Services GatewaysLeveraging Juniper’s Dynamic Services Architecture • Highly configurable • Fixed, semi-modular, and modular form factors • Choice of WAN, wireless, and LAN interfaces • Available voice media gateway • Extensive integration • Full suite of JUNOS routing and switching capabilities • Unmatched security, including FW, VPN, UTM, UAC, and full IPS • Exceptional performance and availability • Hardware-assisted Content Security Acceleration for ExpressAV and IPS • Control & data plane separation, redundant processing and power • Priced at $699, $1099, $2999, and $16000 (list) Roadmap
NSM The SRX Branch portfolio 2009 SRX 650 + More LAN slots, dual processors, dual P/S SRX 240 + 4 WAN slots, 16 x Gig E Centrally managedby NSM SRX 210 + WAN slot, 2 x Gig E, PoE SRX 100 Large Branch/Regional Office Telecommuter/Small Office Small to Medium Office
SRX Series Specification Summary * Supported in JUNOS 9.6
Q3 2009 SRX100 • Ideal for micro-branch, managed telecommuters, SOHO • Fixed I/O—8 x 10/100 Ethernet ports • Full UTM features • IDP • Antivirus • Anti-spam • Web filtering • UAC Enforcement • UTM requires High Memory model (UTM, license), no CSA
Q2 2009 SRX210 • Ideal for Small branches • Full UTM features • IDP, Antivirus, Anti-spam, Web filtering, Content filtering • UAC Enforcement • UTM requires High Memory model • Available Voice version with mini-PIM options—Q3 2009 • Factory-configured voice model (Q3 2009)
Q2 2009 SRX240 • Ideal for small–medium branches • Full UTM features • IDP, Antivirus, Anti-spam, Web filtering, Content filtering • UAC Enforcement • UTM requires High Memory model • Available Voice version with mini-PIM options—Q4 2009 • Factory-configured voice model (Q4 2009) * Supported in JUNOS 9.6
Q2 2009 SRX650 • Ideal for regional sites, large branches • Modular- • LAN switching • Services Routing Processors with optional redundancy (future) • power supplies with optional redundancy (at FRS) • voice configurations (field upgradable via PIMs in 2010) • Full UTM features • IDP, Antivirus, Anti-spam, Web filtering, Content filtering • UAC Enforcement • Max Gig E 52 ports (2 x 24 GE PIM + 4 integrated ports) * Supported in JUNOS 9.6 *Supported in JUNOS 9.6
Q3 2009 SRX210 with Integrated Convergence Services FXS ports – connect your analog phone or FAX machine here E1/T1 or FXOs for carrier trunk or FXS for additional analog phones/ fax machines FXO ports – connect to your wall phone socket SRX Voice Elements • Survivable SIP server • SIP Media Gateway • SIP Security • Base and expandable voice ports • PoE Ports • PoE Ports scaling with EX switch
5 SIP VoIP handset 5 X 2H 2009 X Juniper Integrated Convergence ServicesStage 1: Survivable Media Gateway SERVICE PROVIDERVOIP Failover to PSTN SIP Trunking to Corporate to PSTN (typical) Local PSTN Local PSTN 3 SIP Soft Switch SIP Trunking “VoIP to PSTN” S.P. VoIP Channelized T-1 / E1/ FXO 4 CORPORATE OFFICE INTERNET SRX210 / SRX240 4 SIP VoIP handset 4 SIP Server 3 3 3 WAN MPLS 2 2 2 SIP VoIP handset to digital or analog phone 1 SIP Trunking “Toll bypass”, “extension” 1 PBX, Key System Analog FAX Soft Phones Digital • SIP Server and SIP Soft switch Enterprise choice and flexibility • SIP standards • Choice of sip phones, call servers and applications
3G Wireless WAN Deployments- Primary connection where wired broadband is not available Back up connectivity with wired primary. Out of band management, remote deployment. Available on SRX210 2H 2009 Datacenter HQ INTERNET 3G Wireless Dynamic VPN Services SRX210 Branch Retail Regional
Q4 2009 Branch Wireless AP Solution • Juniper 802.11n indoor Solution • Backwards compatible to .11a/b/g • Dual mode radio support 300Mbps (Aggregate) • Single radio 200Mbps (160Mbps typical) • Spatial Streams: 2x2:2, 2x3:2, 3x3:2 • UL2043 Plenum rated for over ceiling mounting. • 50 Meter range (indoor) • Unit can be mounted on ceiling or wall • Virtual AP technology – Support of up to 16 simultaneous SSIDs • 802.11e WMM capable • 1 Gigabit Ethernet POE support • Optional External Power Supply • Serial Consol Support • L2 Managed by SRX Branch Products • Additional licensing cost for Branch SRX to manage multiple access points – Clusters of 4,8,16 APs.
Ethernet Switching SRX100 SRX210 SRX240 SRX650 Hardware (Onboard Ethernet) • SRX100 • 8 Fixed 10/100 (Switched or Routed) • SRX210 • Fixed 2 10/100/1000 + 6 10/100 (Switched or Routed) • 802.3af optional POE (2FE + 2GE) • SRX240 • Fixed 16 Ports 10/100/1000 (Switched or Routed) • Power over Ethernet (optional all ports) • 802.3af, 802.3at • SRX650 • Fixed 4 ports 10/100/1000 (Routed) Software Features • 802.1Q VLAN support • Up to 4,096 VLAN support (platform dependent) • Routed VLAN Interface (RVI) • GARP VLAN Registration Protocol (GVRP) • QOS on VLAN interface • L3 Strict priority queuing (LLQ) • L3 Smoothed Deficit Weighted Round Robin (SDWRR) • L3 Weighted Random Early Discard (WRED) • L3 Per port and per queue shaping • 802.1x Port based Authentication • 802.3ad (AX) link aggregation* • STP, Spanning Tree Protocol • 802.1D Spanning Tree Protocol • 802.1S Multiple STP • 802.1w Rapid STP • Jumbo Frame Support (9,216 Byte)* Hardware Ethernet PIMs • SRX Mini-PIM (SRX210/SRX240) • 1 Port SFP • 16 port GigE XPIM for SRX650 • Double-high • Full-duplex 20 Gbps backplane • 16 port GE and optional PoE • 24 port GigE including 4 SFP slots XPIM for SRX650 • Double-high - double-wide • Optional POE - 24 port GE with PoE incl 4 SFP slots • Full-duplex 20 Gbps backplane • Optics • SRX GE SFP LH | SRX GE SFP LX | SRX GE SFP SX |SRX GE SFP 1000 Base-T | SRX FE FX SFP * Not supported on SRX100
SRX Series—Firewall, Zones, and Policies ZONE “UNTRUST” Originating Zone INTERNET Default Policy—Deny All Default Policy—Allow All SRX Originating Zone ZONE “TRUST” ZONE “TRUST”
Unified Threat Management (UTM) Features External Threats Internal Threats INTERNET IPS Juniper IDP detects/stops Worms, Trojans, DoS (L4 & L7), Scans Juniper IDP detects/stops Worms, Trojans, DoS (L4 & L7), Scans Websense to block to unapproved site access Web Filtering Antivirus Kaspersky Lab AV stops viruses, file-based trojans or spread of spyware, adware, keyloggers Kaspersky Lab AV stops Viruses, file-based Trojans, Spyware, Adware, Keyloggers Anti-spam Symantec stops Spam / Phishing SRX Series blocks transmission of files for Data Loss Prevention Content Filtering Core Security Firewall, VPN, Unified Access Control Firewall, VPN, Unified Access Control
ISG SSG NS SRX Juniper Networks Unified Access Control (UAC) POLICY SERVER Comprehensive, vendor-agnostic, standards-based access control across heterogeneous environments delivering investment protection 1 IC Series Identity Stores Authenticate User, Profile Endpoint, Determine Location 1 2 Dynamically Provision Policy Enforcement 2 APPLICATIONS 3 Control Access to Protected Resources Data App Internet UAC Agent EX Series L2 Switch Juniper Firewall Platforms 802.1X Switches & Access Points UAC Enforcement Points
Remote Access Dynamic VPN Service – Access Manager Client A dynamic IPSEC Client that is automatically downloaded 5-user, 10-user, 25-user, 50-user (SRX240) license option with simultaneous tunnel enforcement Supported on the SRX100, SRX210, and SRX240 Not supported on SRX650 Automatic client upgrade capabilities Self-provisioning from SRX210, SRX240 IPSec with TCP-based fallback for NAT traversal Initial release to support Windows platforms—XP, Vista, Win 2000 Q2 2009 Wireless Wired 3G Wireless INTERNET Dynamic VPN Services SRX210
ONE Web UI J-Web ONE JUNOS CLI, JUNOScript Juniper Unified Management • Unified management across Juniper’s network infrastructure • Network lifecycle management—Provision, Monitor, and Troubleshoot • Consistent and Open standards NBI for easy integration with 3rd party NMS SNMP, Syslog, XML SNMP, Syslog EMS NMS Visibility Diagnostics JUNOScope Network & Security Manager (NSM) Security Threat Response Manager Advanced Insight Manager NETWORK MANAGEMENT NetConf, DMI, Syslog, Sflow HTTP / HTTPS XML Telnet, SSH, XML ISG/IDP SSL VPN M Series MX Series Infranet Controller SRX5600 Routing Security Switching
Network Security Manager • Along with SRX, NSM Manages Juniper’s entire enterprise portfolio* • NSM is a great way to port ScreenOS customers over to a JUNOS solution and to help manage a mixed environment • Common Management also offers huge up-sell opportunity
Security Threat Response Manager • STRM supports SRX Series • Intrusion Prevention System (IPS) • 220+ out-of-the box report templates • Fully customizable reporting engine: creating, branding and scheduling delivery of reports • Compliance reporting packages for PCI, SOX, FISMA, GLBA, and HIPAA • Reports based on control frameworks: NIST, ISO and CoBIT
Q4 2009 Rapid Deployment • Simplified deployment- • Eliminate need for- • Pre-staging device • IT at point of installation • Reduce - • Provisioning time • Installation cost • No “truck roll” • USB Loads startup config • Validation of start up config • Secure communication to NSM SRX 210 6. SRX In Service 5. Download Running Config 1. Generate and export startup config to USB • A Unique ID for tracking purposes • Untrust Interface configuration • Configuration parameters to enable “registration” of device to management server • User/Password • Management Server IP Address/Domain Name • One time password Network Security Manager
SRX • Unified Threat Management • Full IDP—Juniper • Antivirus—Kaspersky • Web filtering—Websense • Anti-spam—Symantec • VoIP • Juniper OpenCommunications • Power over Ethernet • FW, VPN, NAT, UAC SSG140 J Series • FW, VPN, NAT, UAC • Routing, Switching, QOS, MPLS • WX—ISM 200 Application Acceleration • VoIP—Avaya Integ. Gway • Unified Threat Management • Full IDP—Juniper • Antivirus—Kaspersky • Web filtering—Websense • Anti-spam—Symantec SSG Family • FW, VPN, NAT, UAC • IPv6 Security • Wireless (WLAN) • Unified Threat Management • Intrusion Prevention: DI • Antivirus—Kaspersky • Web filtering—Websense • Anti-spam—Symantec SRX 100 SRX 210 SRX 240 SRX 650 ScreenOS Juniper Branch ProductsSSG, SRX, and J Series Products SSG20 Wireless J2320 SSG5 Wireless J2350 SSG320M SSG520 SSG520M J4350 SSG350M SSG550 SSG550M J6350