Datasheet
2
End-to-End Layered Security
• Numerous security options from the end user device to the
application data and servers, including coordinated threat
control with Juniper Networks IDP Series Intrusion Detection
and Prevention Appliances
• Native functionality, client- and server-side APIs, and advanced
malware protection capabilities for effective enforcement and
unified administration of best-of-breed endpoint security
Performance Scalability with SA6500 FIPS
• A variety of performance enhancing features, including a
hardware-based SSL acceleration module, and clustering to
provide optimal scalability
• Up to 3,500 concurrent users supported on a single unit; up to
10,000 concurrent users supported on a four-unit cluster
• Dual, hot swappable hard drives and dual, hot swappable fans
• Hot swappable power supplies (second power supply optional,
DC power supplies available)
• 4 gigabyte SDRAM
• 4-port copper 10/100/1000 interface card and 1-port copper
10/100/1000 management interface
High Availability (HA)
• Cluster pair deployment option for HA across the LAN and the WAN
Streamlined Manageability
• Central management option for unified administration
• User self service features that enhance productivity while
lowering administrative overhead
Lower Total Cost of Ownership (TCO)
• Secure remote access with no client software deployments or
changes to servers, and virtually no ongoing maintenance
• Secure extranet access with no demilitarized zone (DMZ)
buildout, server hardening, resource duplication, or incremental
deployments to add applications or users
Features and Benefits
FIPS Security
The SA4500 FIPS and SA6500 FIPS appliances incorporate a
FIPS-certified HSM. The HSM handles cryptographic processing
as well as key and certificate management in a hardened, tamper-
proof hardware module. The HSM provides the additional benefit
of offloading cryptographic processing from the host CPU, thus
optimizing overall system performance while adding a physical
layer of security. The SA4500 FIPS and SA6500 FIPS appliances
also have a tamper evident label that deters physical security
breaches and provides visual indication of appliance integrity.
Table 1: SA4500 FIPS and SA6500 FIPS Security
FEATURE FEATURE DESCRIPTION BENEFIT
FIPS140-2 Level 3 Certified for
the Hardware Security Module
& Network Connect Client
• Complies with the latest U.S. Government best practices.
• FIPS140-2 is recognized by CESG as meeting security
criteria for use in data trac categorized as “Private.” (CESG
is the UK Government’s National Technical Authority for
Information Assurance, responsible for enabling secure and
trusted knowledge.)
Advanced protection to provide the most stringent
security.
Provision by Purpose
The SA4500 FIPS and SA6500 FIPS appliances include three different access methods. These different methods are selected as part of
the user’s role, allowing the administrator to enable the appropriate access on a per-session basis, taking into account user, device, and
network attributes in combination with enterprise security policies.
Table 2: SA4500 FIPS and SA6500 FIPS Provision by Purpose
FEATURE FEATURE DESCRIPTION BENEFIT
Clientless core Web access • Access to web-based applications, including complex
JavaScript, XML, or Flash-based apps and Java applets
that require a socket connection, as well as standards-
based email like Outlook Web Access (OWA), Windows and
UNIX file share, telnet/SSH hosted applications, terminal
emulation, Sharepoint, and others.
• Core Web access also enables the delivery of Java applets
directly from the SA4500 FIPS or SA6500 FIPS appliance.
Provides the most easily accessible form of
application and resource access, and enables
extremely granular security control options;
completely clientless approach using only a Web
browser.
Secure Application Manager
(SAM)
• A lightweight Java or Windows-based download enables
access to client/server applications. Also provides native
access to terminal server applications without the need for a
preinstalled client.
Enables access to client/server applications using
just a Web browser; no client soware is necessary.
Network Connect • Provides complete network-layer connectivity via an
automatically provisioned cross-platform download.
• Users need only a Web browser.
On the FIPS models, Network Connect provides SSL
VPN based transport mode for layer 3 connectivity to
the corporate network.