Datasheet
3
Features and Benefits
Next Generation Firewall
SRX Series Services Gateways deliver next generation firewall
protection with application awareness and extensive user role-
based control options plus best-
of-breed UTM to protect and
control your business assets. Next
generation firewalls are able to
perform full packet inspection
and can apply security policies
based on layer 7 information. This
means you can create security
policies based on the application
running across your network, the
user who is receiving or sending
network traffic or the content that
is traveling across your network to
protect your environment against
threats, manage how your network
bandwidth is allocated, and control
who has access to what.
AppSecure
AppSecure is a suite of application security capabilities for
Juniper Networks SRX Series services Gateways that identifies
applications for greater visibility, enforcement, control, and
protection of the network.
Intrusion Prevention
The intrusion prevention system (IPS) understands application
behaviors and weaknesses to prevent application-borne security
threats that are difficult to detect and stop.
Unified Threat Management (UTM)
SRX Series can include comprehensive content security against
malware, viruses, phishing attacks, intrusions, spam and other
threats with unified threat management (UTM). Get a best-
of-breed solution with anti-virus, anti-spam, web filtering and
content filtering at a great value by easily adding these services
to your SRX Series Services Gateway. Cloud-based and on-box
solutions are both available.
User Firewall
Juniper offers a range of user role-based firewall control solutions
that support dynamic security policies. User role-based firewall
capabilities are integrated with the SRX Series Services Gateways
for standard next generation firewall controls. More extensive,
scalable, granular access controls for creating dynamic policies
are available through the integration of SRX with a Juniper Unified
Access Control solution.
Adaptive Threat Intelligence
To address the evolving threat landscape that has made it
imperative to integrate external threat intelligence into the
firewall for thwarting advanced malware and other threats, some
SRX Series Services Gateways include threat intelligence via
integration with Spotlight Secure. The Spotlight Secure threat
intelligence platform aggregates threat feeds from multiple
sources to deliver open, consolidated, actionable intelligence to
SRX Series Services Gateways across the organization for policy
enforcement. These sources include Juniper threat feeds, third
party threat feeds and threat detection technologies that the
customer can deploy.
Administrators are able to define enforcement policies from all
feeds via a single, centralized management point, Junos Space
Security Director.
Secure Routing
Many organizations use both a router and a firewall/VPN at their
network edge to fulfill their networking and security needs. For
many organizations, the SRX Series for the branch can fulfill
both roles with one solution. Juniper built best-in-class routing,
switching and firewall capabilities into one product..
SRX Series for the branch checks the traffic to see if it is legitimate
and permissible, and only forwards it on when it is. This reduces
the load on the network, allocates bandwidth for all other mission-
critical applications, and secures the network from malicious users.
The main purpose of a secure router is to provide firewall
protection and apply policies. The firewall (zone) functionality
inspects traffic flows and state to ensure that originating and
returning information in a session is expected and permitted for
a particular zone. The security policy determines if the session
can originate in one zone and traverse to another zone. Due to
the architecture, SRX Series receives packets from a wide variety
of clients and servers and keeps track of every session, of every
application, and of every user. This allows the enterprise to make
sure that only legitimate traffic is on its network and that traffic is
flowing in the expected direction.
High Availability
Junos Services Redundancy Protocol (JSRP) is a core feature of
the SRX Series for the branch. JSRP enables a pair of SRX Series
systems to be easily integrated into a high availability network
architecture, with redundant physical connections between the
systems and the adjacent network switches. With link redundancy,
Juniper Networks can address many common causes of system
failures, such as a physical port going bad or a cable getting
disconnected, to ensure that a connection is available without
having to fail over the entire system. This is consistent with a
typical active/standby nature of routing resiliency protocols.
Figure 2: High availability
Standby
SRX240SRX240
Active
Active/Standby
EX Series EX Series
INTERNET
Failure
SRX240SRX240
Active
Active/Standby
EX Series EX Series
INTERNET
SRX240SRX240
Active Active
Active/Active
EX Series EX Series
INTERNET
Failure
SRX240SRX240
Active
Active/Active
EX Series EX Series
INTERNET
“Untrust” Zone
“Trust” Zone
“Guest” Zone
“DMZ” Zone
Intranet
INTERNET
Figure 1: Firewalls, zones,
and policies