Datasheet

ManualsBrandsJuniper ManualsNetworkingSA4000

Features and Beneﬁts

High-scalability Support on Secure Access 6000 SSL VPN

The SA 6000 is designed to meet the growing needs of large enterprises and service providers with its ability to support thousands of users

accessing the network remotely. The following shows the number of concurrent users that can be supported on the SA 6000 platform:

• SingleSA6000:Supportsupto5,000concurrentusers

• Two-unitclusterofSA6000s:Supportsupto8,000concurrentusers

• Three-unitclusterofSA6000s:Supportsupto12,000concurrentusers

• Four-unitclusterofSA6000s:Supportsupto15,000concurrentusers

All performance testing is done based on real-world scenarios with simulation of trafﬁc based on observed customer networks. In the case

of Core Access, this means real web applications are being accessed, which entails rigorous HTML rewriting and policy evaluation.

End-to-End Layered Security

The SA 2000, SA 4000, and SA 6000 provide complete end-to-end layered security, including endpoint client, device, data, and server

layered security controls.

These include:

Feature Feature Description Beneﬁt

Host Checker Client computers can be checked both prior to and during

a session to verify an acceptable device security posture

requiring installed/running endpoint security applications

(antivirus, rewall, etc.) also supports custom built checks

including verifying ports opened/closed, checking les/

processes and validating their authenticity with Message

Digest 5 (MD5) hash checksums, verifying registry settings,

machine certicates, and more

Veries/ensures that endpoint device meets corporate

security policy requirements before granting access,

remediating devices and quarantining users when necessary

Host Checker Application

Programming Interface (API)

Created in partnership with best-in-class endpoint security

vendors. Enables enterprises to enforce an endpoint trust

policy for managed PCs that have personal rewall, antivirus

clients, or other installed security clients, and quarantine

non-compliant devices

Utilize current security policies with remote users and

devices; easier management

Trusted Network Connect (TNC)

Support on Host Checker

Allows interoperability with diverse endpoint security

solutions from antivirus to patch management to

compliance management solutions

Enables customers to leverage existing investments

endpoint security solutions from third-party vendors

Policy-based Enforcement Allows the enterprise to establish trustworthiness of non-API

compliant hosts without writing custom API implementations

or locking out external users, such as customers or partners

that run other security clients

Enables access to extranet endpoint devices like PCs from

partners that may run different security clients than that of

the enterprise

Hardened security appliance and

Web server

Hardened security infrastructure extensively audited by third-

party security experts including CyberTrust, iSec Partners,

and has also received Common Criteria Certication

Not designed to run any additional services and is thus less

susceptible to attacks; no backdoors to exploit or hack

Security Services Employ Kernel-

level Packet Filtering and Safe

Routing

Undesirable trafc is dropped before it is processed by the

TCP stack

Ensures that unauthenticated connection attempts, such as

malformed packets or denial of service (DOS) attacks, are

ltered out

Secure Virtual Workspace

(Advanced Feature Set)

A secure and separate environment for remote sessions

that encrypts all data and controls I/O access (printers,

drives, etc.)

Ensures that all corporate data is securely deleted from a

kiosk or other unmanaged endpoint after a session

Cache Cleaner All proxy downloads and temp les installed during the

session are erased at logout

Ensures that no potentially sensitive session data is left

behind on the endpoint machine

Data Trap and Cache Controls Rendering of content in non-cacheable format Prevents sensitive metadata (cookies, headers, form

entries, etc.) from leaving the network

Integrated Malware Protection Pre-installed checks to protect users & devices from

keyloggers, trojans, and remote control applications

Enables customers to provision endpoint containment

capabilities

Coordinated Threat Control Enables Juniper’s SA SSL VPN and Intrusion Detection and

Prevention (IDP) appliances to tie the session identity of the

SSL VPN with the threat detection capabilities of IDP, taking

automatic action on users launching attacks

Effectively identify, stop, and remediate both network and

application-level threats within remote access trafc