MIGRATING IPS SECURITY POLICY TO JUNIPER NETWORKS SRX SERIES SERVICES GATEWAYS

Size: px
Start display at page:

Download "MIGRATING IPS SECURITY POLICY TO JUNIPER NETWORKS SRX SERIES SERVICES GATEWAYS"

Transcription

1 APPLICATION NOTE MIGRATING IPS SECURITY POLICY TO JUNIPER NETWORKS SRX SERIES SERVICES GATEWAYS Migrating Advanced Security Policies to SRX Series Services Gateways Copyright 2009, Juniper Networks, Inc.

2 Table of Contents Introduction...1 Deployment... 1 Feature Parity... 1 Multi-Method Detection Logging... 1 Scope...1 Description and Deployment Scenario...2 Security Policy Migration... 2 Standalone IDP Series to SRX Series... 3 Sensor Settings... 3 Migrating Policy... 4 ISG Series to SRX Series... 8 About Juniper Networks...9 ii Copyright 2009, Juniper Networks, Inc.

3 Introduction This application note is intended to provide a brief overview of some basic considerations when moving from standalone Juniper Networks IDP Series Intrusion Detection and Protection Appliances, or Juniper Networks ISG Series Integrated Security Gateways with IDP security module, to the SRX Series Services Gateways. Deployment SRX Series Services Gateways can be deployed in inline mode only. In other words, it is not possible to configure the SRX Series in sniffer or transparent mode (like the standalone IDP Series) nor can it be configured in inline tap mode like the ISG Series with IDP. Feature Parity Feature parity between standalone IDP Series and Juniper Networks JUNOS Software-based SRX Series platforms will occur in the near future. Ultimately feature parity is a goal that will be achieved over time, giving customers greater flexibility and allowing customers to choose the best solution to fit their overall business and network security needs. It is recommended that feature availability/requirements be verified before weighing device capabilities and deployment options. Multi-Method Detection SRX Series devices deploy two rulebases: Main IDP Rulebase, and Exempt Rulebase. In addition, SRX Series uses security zones which are based on technology available with ScreenOS-based security devices, and provides detailed screen protection as an alternative for some basic standalone detection methods/rulebases. Logging Logging on an SRX Series gateway must be configured to send records in response to security events via syslog to a preconfigured syslog server, such as the Juniper Networks STRM Series Security Threat Response Managers. Scope Although an SRX Series IDP policy can be configured entirely from within Juniper Networks J-Web Software, this document focuses primarily on command-line interface (CLI) and Juniper Networks Network and Security Manager configuration steps, with the intention of providing an easy transition and learning path for both system engineers new to the IDP Series and those already familiar with managing standalone IDP Series and ISG Series with IDP solutions. That said, brief J-Web configuration steps are also provided at the end of this document. Copyright 2009, Juniper Networks, Inc. 1

4 Description and Deployment Scenario Security Policy Migration This document assumes that the SRX Series gateway has been configured according to the following network diagram with all the required interfaces, security zones, and other needed configuration settings in place. GUI NSM SYSLOG fxp ge-0/0/7 ge-0/0/2 abc-trust abc-untrust ge-0/0/ SRX Series Here is an example of a basic SRX Series configuration: Figure 1: SRX Series Deployment Example set security log format syslog set security log source-address set security log stream jet severity debug set security log stream jet host set interfaces ge-0/0/2 unit 0 family inet address /24 set interfaces ge-0/0/3 unit 0 family inet address /24 set interfaces ge-0/0/7 unit 0 family inet address /24 set interfaces fxp0 unit 0 family inet address /24 set system services ssh root-login allow set system services outbound-ssh client nsm device-id EEC4B8 set system services outbound-ssh client nsm secret $9$iqfz9CuIhrp0IcrlXxbs24aUF39 set system services outbound-ssh client nsm services netconf set system services outbound-ssh client nsm port 7804 set security policies default-policy deny-all set security idp traceoptions file size 100m set security idp traceoptions flag all set security idp traceoptions level all set security zones security-zone abc-trust interfaces ge-0/0/2.0 set security zones security-zone abc-untrust interfaces ge-0/0/3.0 2 Copyright 2009, Juniper Networks, Inc.

5 Standalone IDP Series to SRX Series Because standalone IDP Series devices are typically deployed in either sniffer or transparent mode, additional considerations with regards to the network design must be made. These involve: Network interfaces configuration Security zones configuration In addition, there are considerations with regards to additional security features, such as: Denial of service (DoS)/flood protection Traffic anomaly detection or screens (as well as some of the detection methods which may have yet to be implemented as part of the current JUNOS release) Finally, security policy settings and, more specifically, configured actions have to be closely analyzed, because a new device has the potential to impact production network traffic flows as a result of its participation in Layer 3 processing. Sensor Settings On both standalone IDP Series and SRX Series devices, there are a number of sensor configuration settings which can be configured to fine-tune IDP Series behavior and can be accessed from CLI and Network and Security Manager. If any of the settings have been changed from the default value or need to be further modified, this would need to be done manually; there are no automated processes to export/import these settings. Note: In order to be able to update sensor configuration settings on the SRX Series from NSM, the SRX Series device needs to be configured in In-Device policy management mode. Copyright 2009, Juniper Networks, Inc. 3

6 Migrating Policy Following is a simple DMZ-based IDP Series security policy as it runs on a standalone IDP device. The task of porting this policy to the SRX Series device involves the following steps: 1. Make sure the SRX Series device is in Central Management Policy Mode. 2. Add and configure firewall rulebase. Configure source and destination zones Configure Install On Enable IDP Rename policy so it reflects new platform for easier management 4 Copyright 2009, Juniper Networks, Inc.

7 3. Change Install On in IDP policy and edit rules if needed. 4. Assign the policy. 5. Update device. Copyright 2009, Juniper Networks, Inc. 5

8 6. If the update fails due to inventory mismatch (between the device and associated information in NSM database such as the following Job Information example):.... then reconcile the Inventory:.... and update again 6 Copyright 2009, Juniper Networks, Inc.

9 7. Device update should resemble the following: show security idp idp-policy SRX_DMZ display set set security idp idp-policy SRX_DMZ rulebase-ips rule 1 match source-address any set security idp idp-policy SRX_DMZ rulebase-ips rule 1 match destination-address any set security idp idp-policy SRX_DMZ rulebase-ips rule 1 match attacks predefined-attack-groups IP - Major set security idp idp-policy SRX_DMZ rulebase-ips rule 1 match attacks predefined-attack-groups IP - Critical set security idp idp-policy SRX_DMZ rulebase-ips rule 1 match attacks predefined-attack-groups TCP - Critical set security idp idp-policy SRX_DMZ rulebase-ips rule 1 match attacks predefined-attack-groups TCP - Major set security idp idp-policy SRX_DMZ rulebase-ips rule 1 then action drop-packet set security idp idp-policy SRX_DMZ rulebase-ips rule 1 then notification log-attacks alert set security idp idp-policy SRX_DMZ rulebase-ips rule 2 match source-address any set security idp idp-policy SRX_DMZ rulebase-ips rule 2 match destination-address any set security idp idp-policy SRX_DMZ rulebase-ips rule 2 match attacks predefined-attack-groups DNS - Critical set security idp idp-policy SRX_DMZ rulebase-ips rule 2 match attacks predefined-attack-groups DNS - Major Copyright 2009, Juniper Networks, Inc. 7

10 set security idp idp-policy SRX_DMZ rulebase-ips rule 2 then action drop-connection set security idp idp-policy SRX_DMZ rulebase-ips rule 2 then notification log-attacks alert set security idp idp-policy SRX_DMZ rulebase-ips rule 3 match source-address any set security idp idp-policy SRX_DMZ rulebase-ips rule 3 match destination-address any FINGER - Minor FTP - Minor GOPHER - Minor HTTP - Minor IMAP - Minor NNTP - Minor POP3 - Minor SHELLCODE - Minor SMTP - Minor SSH - Minor set security idp idp-policy SRX_DMZ rulebase-ips rule 3 then action no-action set security idp idp-policy SRX_DMZ rulebase-ips rule 3 then notification log-attacks ISG Series to SRX Series If the ISG Series with IDP is not configured in transparent (L2) mode and the network design is not to change, then the migration process becomes very straightforward. All considerations described in previous sections have already been addressed with the ISG Series and have been used for some length of time, providing greater confidence that the security policy will not impact production. The steps involved in migrating policy do not vary from the process involved in standalone IDP Series migration except that there is no need to additionally create firewall policy, and probably no need to redesign surrounding network and addressing, as well as required DoS and flood protection Even in the most demanding migration scenario, ISG Series migration involves only a subset of standalone IDP Series migration steps. A more demanding scenario would be if the ISG Series has been configured in Transparent (L2) mode. This process becomes more involved than in L3 mode, because breaking the broadcast domains can cause some concerns and would warrant additional care when configuring policy and its appropriate responses. However, just like in case of standalone IDP Series provided that networking configuration is done properly security policy rules (responses to specific events) can be enabled/changed selectively. 8 Copyright 2009, Juniper Networks, Inc.

11 About Juniper Networks Juniper Networks, Inc. is the leader in high-performance networking. Juniper offers a high-performance network infrastructure that creates a responsive and trusted environment for accelerating the deployment of services and applications over a single network. This fuels high-performance businesses. Additional information can be found at Corporate And Sales Headquarters Juniper Networks, Inc North Mathilda Avenue Sunnyvale, CA USA Phone: 888.JUNIPER ( ) or Fax: APAC Headquarters Juniper Networks (Hong Kong) 26/F, Cityplaza One 1111 King s Road Taikoo Shing, Hong Kong Phone: Fax: To purchase Juniper Networks solutions, please contact your Juniper Networks representative at or authorized reseller. EMEA Headquarters Juniper Networks Ireland Airside Business Park Swords, County Dublin, Ireland Phone: Fax: Copyright 2009 Juniper Networks, Inc. All rights reserved. Juniper Networks, the Juniper Networks logo, JUNOS, NetScreen, and ScreenOS are registered trademarks of Juniper Networks, Inc. in the United States and other countries. JUNOSe is a trademark of Juniper Networks, Inc. All other trademarks, service marks, registered marks, or registered service marks are the property of their respective owners. Juniper Networks assumes no responsibility for any inaccuracies in this document. Juniper Networks reserves the right to change, modify, transfer, or otherwise revise this publication without notice EN Mar 2009 Printed on recycled paper. 9

IF-MAP FEDERATION WITH JUNIPER NETWORKS UNIFIED ACCESS CONTROL

IF-MAP FEDERATION WITH JUNIPER NETWORKS UNIFIED ACCESS CONTROL IF-MAP FEDERATION WITH JUNIPER NETWORKS UNIFIED ACCESS CONTROL An illustrated Guide to Configuring a Simple IF-MAP Federated Network Juniper Networks, Inc. 1 Table of Contents Introduction...3 Scope...3

More information

PERFORMANCE VALIDATION OF JUNIPER NETWORKS SRX5800 SERVICES GATEWAY

PERFORMANCE VALIDATION OF JUNIPER NETWORKS SRX5800 SERVICES GATEWAY APPLICATION NOTE PERFORMANCE VALIDATION OF JUNIPER NETWORKS SRX5800 SERVICES GATEWAY Copyright 2010, Juniper Networks, Inc. Table of Contents Introduction........................................................................................

More information

COORDINATED THREAT CONTROL

COORDINATED THREAT CONTROL APPLICATION NOTE COORDINATED THREAT CONTROL Interoperability of Juniper Networks IDP Series Intrusion Detection and Prevention Appliances and SA Series SSL VPN Appliances Copyright 2010, Juniper Networks,

More information

Network and Security. Product Description. Product Overview. Architecture and Key Components DATASHEET

Network and Security. Product Description. Product Overview. Architecture and Key Components DATASHEET DATASHEET Network and Security Manager Product Overview Network and Security Manager provides unparalleled capability for device and security policy configuration, comprehensive monitoring, reporting tools,

More information

Monitoring Network Traffic Using sflow Technology on EX Series Ethernet Switches

Monitoring Network Traffic Using sflow Technology on EX Series Ethernet Switches APPLICATION NOTE Monitoring Network Traffic Using sflow Technology on EX Series Ethernet Switches Exporting sflow to Collectors Through a Separate Virtual Routing Instance Copyright 2009, Juniper Networks,

More information

MONITORING NETWORK TRAFFIC USING sflow TECHNOLOGY ON EX SERIES ETHERNET SWITCHES

MONITORING NETWORK TRAFFIC USING sflow TECHNOLOGY ON EX SERIES ETHERNET SWITCHES APPLICATION NOTE MONITORING NETWORK TRAFFIC USING sflow TECHNOLOGY ON EX SERIES ETHERNET SWITCHES Exporting sflow to Collectors Through a Separate Virtual Routing Instance Copyright 2010, Juniper Networks,

More information

Identity-Based Traffic Logging and Reporting

Identity-Based Traffic Logging and Reporting Application Note Identity-Based Traffic Logging and Reporting Using UAC in Conjunction with NSM and Infranet Enforcers to Give Additional, User-Identified Visibility into Network Traffic Juniper Networks,

More information

J-Flow on J Series Services Routers and Branch SRX Series Services Gateways

J-Flow on J Series Services Routers and Branch SRX Series Services Gateways APPLICATION NOTE Juniper Flow Monitoring J-Flow on J Series Services Routers and Branch SRX Series Services Gateways Copyright 2011, Juniper Networks, Inc. 1 APPLICATION NOTE - Juniper Flow Monitoring

More information

Web Filtering For Branch SRX Series and J Series

Web Filtering For Branch SRX Series and J Series APPLICATION NOTE Web Filtering For Branch SRX Series and J Series Configuring Web Filtering on Branch SRX Series Services Gateways and J Series Services Routers Copyright 2009, Juniper Networks, Inc. Table

More information

Remote Access Protection

Remote Access Protection IMPLEMENTATION GUIDE Remote Access Protection Best Practices for Implementing Remote Access Protection Using Juniper Networks SA Series SSL VPN Appliances, IDP Series Intrusion Detection and Prevention

More information

Configuring and Implementing A10

Configuring and Implementing A10 IMPLEMENTATION GUIDE Configuring and Implementing A10 Networks Load Balancing Solution with Juniper s SSL VPN Appliances Although Juniper Networks has attempted to provide accurate information in this

More information

Identity-Based Application and Network Profiling

Identity-Based Application and Network Profiling Application Note Identity-Based Application and Network Profiling Using UAC in Conjunction with NSM, IDP and Infranet Enforcers Permits User-Identified Application and Network Profiling Juniper Networks,

More information

NETWORK AND SECURITY MANAGER

NETWORK AND SECURITY MANAGER DATASHEET NETWORK AND SECURITY MANAGER Product Overview Juniper Networks Network and Security Manager (NSM) is a unified device management solution for Juniper s network infrastructure of routing, switching

More information

CONFIGURATION OPTIONS FOR HARDWARE RULE SEARCH (RMS) AND SOFTWARE RULE SEARCH (SWRS)

CONFIGURATION OPTIONS FOR HARDWARE RULE SEARCH (RMS) AND SOFTWARE RULE SEARCH (SWRS) APPLICATION NOTE CONFIGURATION OPTIONS FOR HARDWARE RULE SEARCH (RMS) AND SOFTWARE RULE SEARCH (SWRS) Discover Which Juniper Networks ScreenOS Rule Search Works for Your Network Copyright 2010, Juniper

More information

PRODUCT CATEGORY BROCHURE

PRODUCT CATEGORY BROCHURE IDP Series Intrusion Detection and Prevention Appliances PRODUCT CATEGORY BROCHURE Staying One Step Ahead With the accelerating number of applications allowed in from the Internet and the higher frequency

More information

Secure, Mobile Access to Corporate Email, Applications, and Intranet Resources

Secure, Mobile Access to Corporate Email, Applications, and Intranet Resources APPLICATION NOTE Juniper NETWORKS SSL VPN and Windows Mobile Secure, Mobile Access to Corporate Email, Applications, and Intranet Resources Table of Contents Introduction.........................................................................................

More information

WEB FILTERING FOR BRANCH SRX SERIES AND J SERIES

WEB FILTERING FOR BRANCH SRX SERIES AND J SERIES APPLICATION NOTE WEB FILTERING FOR BRANCH SRX SERIES AND J SERIES Configuring Web Filtering on Branch SRX Series Services Gateways and J Series Services Routers Copyright 2010, Juniper Networks, Inc. 1

More information

VMWARE VIEW WITH JUNIPER NETWORKS SA SERIES SSL VPN APPLIANCES

VMWARE VIEW WITH JUNIPER NETWORKS SA SERIES SSL VPN APPLIANCES APPLICATION NOTE VMWARE VIEW WITH JUNIPER NETWORKS SA SERIES SSL VPN APPLIANCES Configuring Secure SSL VPN Access in a VMware Virtual Desktop Environment Copyright 2010, Juniper Networks, Inc. 1 Table

More information

PRODUCT CATEGORY BROCHURE. Juniper Networks SA Series

PRODUCT CATEGORY BROCHURE. Juniper Networks SA Series PRODUCT CATEGORY BROCHURE Juniper Networks SA Series SSL VPN Appliances Juniper Networks SA Series SSL VPN Appliances Lead the Market with Secure Remote Access Solutions That Meet the Needs of Organizations

More information

Introduction...3. Scope...3. Design Considerations...3. Hardware Requirements...3. Software Requirements...3. Description and Deployment Scenario...

Introduction...3. Scope...3. Design Considerations...3. Hardware Requirements...3. Software Requirements...3. Description and Deployment Scenario... APPLICATION NOTE Securing Virtualization in the Cloud-Ready Data Center Integrating vgw Virtual Gateway with SRX Series Services Gateways and STRM Series Security Threat Response Manager for Data Center

More information

Increase Simplicity and Improve Reliability with VPLS on the MX Series Routers

Increase Simplicity and Improve Reliability with VPLS on the MX Series Routers SOLUTION BRIEF Enterprise Data Center Interconnectivity Increase Simplicity and Improve Reliability with VPLS on the Routers Challenge As enterprises improve business continuity by enabling resource allocation

More information

Juniper Networks Solution Portfolio for Public Sector Network Security

Juniper Networks Solution Portfolio for Public Sector Network Security SOLUTION BROCHURE Juniper Networks Solution Portfolio for Public Sector Network Security Protect against Network Downtime, Control Access to Critical Resources, and Provide Information Assurance Juniper

More information

Configuring and Deploying the Dynamic VPN Feature Using SRX Series Services Gateways

Configuring and Deploying the Dynamic VPN Feature Using SRX Series Services Gateways APPLICATION NOTE Dynamic VPN Configuring and Deploying the Dynamic VPN Feature Using SRX Series Services Gateways Copyright 2011, Juniper Networks, Inc. 1 Table of Contents Introduction.....................................................................................................3

More information

SoLuTIoN guide. CLoud CoMPuTINg ANd ThE CLoud-rEAdy data CENTEr NETWork

SoLuTIoN guide. CLoud CoMPuTINg ANd ThE CLoud-rEAdy data CENTEr NETWork SoLuTIoN guide CLoud CoMPuTINg ANd ThE CLoud-rEAdy data CENTEr NETWork Contents BENEfITS of ThE CLoud-rEAdy data CENTEr NETWork............................3 getting ready......................................................................3

More information

Limitation of Riverbed s Quality of Service (QoS)

Limitation of Riverbed s Quality of Service (QoS) Application Note Limitation of Riverbed s Quality of Service (QoS) Riverbed s Quality of Service (QoS) configuration and limitations Juniper Networks, Inc. 1194 North Mathilda Avenue Sunnyvale, California

More information

NETWORK AND SECURITY MANAGER APPLIANCES (NSMXPRESS AND NSM3000)

NETWORK AND SECURITY MANAGER APPLIANCES (NSMXPRESS AND NSM3000) DATASHEET NETWORK AND SECURITY MANAGER APPLIANCES ( AND ) Product Overview Now more than ever, network operators need the ability to easily manage security policies and to have visibility into potential

More information

WAN OPTIMIZATION AND IPSEC FOR THE BRANCH OFFICE

WAN OPTIMIZATION AND IPSEC FOR THE BRANCH OFFICE IMPLEMENTATION GUIDE WAN OPTIMIZATION AND IPSEC FOR THE BRANCH OFFICE Although Juniper Networks has attempted to provide accurate information in this guide, Juniper Networks does not warrant or guarantee

More information

PRODUCT CATEGORY BROCHURE

PRODUCT CATEGORY BROCHURE PRODUCT CATEGORY BROCHURE SA Series SSL VPN Appliances Juniper Networks SA Series SSL VPN Appliances Lead the Market with Secure Remote Access Solutions That Meet the Needs of Organizations of Every Size

More information

Optimizing VoIP Applications with Juniper Networks EX3200 and EX4200 Line of Ethernet Switches

Optimizing VoIP Applications with Juniper Networks EX3200 and EX4200 Line of Ethernet Switches APPLICATION NOTE Deploying IP Telephony with JUNIPER NETWORKS ETHERNET Switches Optimizing Applications with Juniper Networks EX3200 and EX4200 Line of Ethernet Switches Copyright 2009, Juniper Networks,

More information

Meeting PCI Data Security Standards with

Meeting PCI Data Security Standards with WHITE PAPER Meeting PCI Data Security Standards with Juniper Networks STRM Series Security Threat Response Managers When it Comes to Monitoring and Validation it Takes More Than Just Collecting Logs Copyright

More information

Juniper Networks WX Series Large. Integration on Cisco

Juniper Networks WX Series Large. Integration on Cisco APPLICATION NOTE Juniper Networks WX Series Large Deployment with WCCP Off-Path Integration on Cisco Integrating Multiple Juniper Networks WX Series Application Acceleration Platforms into a Cisco Infrastructure

More information

How To Protect Your Network From Attack From A Malicious Computer (For A Network) With Juniper Networks)

How To Protect Your Network From Attack From A Malicious Computer (For A Network) With Juniper Networks) PRODUCT CATEGORY BROCHURE Juniper Networks Integrated Firewall/VPN Platforms Strong Security for Access Control, User Authentication, and Attack Protection at the Network and Application Level As threats

More information

Voice Modules for the CTP Series

Voice Modules for the CTP Series DATASHEET Voice Modules for the CTP Series Product Overview Enterprise organizations are leveraging the cost savings associated with IP transport for a variety of new packet based multimedia services.

More information

Product Description. Product Overview

Product Description. Product Overview DATASHEET vgw Gateway Product Overview The vgw Gateway provides a best-in-class virtual firewall to meet the unique security challenges of virtual data centers and clouds. IT teams can now secure their

More information

PRODUCT CATEGORY BROCHURE. Juniper Networks Integrated

PRODUCT CATEGORY BROCHURE. Juniper Networks Integrated PRODUCT CATEGORY BROCHURE Juniper Networks Integrated Firewall/VPN Platforms Strong Security for Access Control, User Authentication, and Attack Protection at the Network and Application Level As threats

More information

Security Portfolio. Juniper Networks Integrated Firewall/VPN Platforms. Product Brochure. Internet SRX 5600. Fixed Telecommuter or Small Medium Office

Security Portfolio. Juniper Networks Integrated Firewall/VPN Platforms. Product Brochure. Internet SRX 5600. Fixed Telecommuter or Small Medium Office Fixed Telecommuter or Small Medium Office NSM NSM Regional Office SSG 550M Product Brochure Security Portfolio Juniper Networks Integrated Firewall/VPN Platforms SSG 140 Branch Office... SSG 320M... SSG

More information

Service Description Overview

Service Description Overview Service Description Overview Firewall Configuration Migration Service Service Description Overview...1 Firewall Configuration Migration Service...1 1. Introduction...2 2. Service Features...2 3. Service

More information

The dramatic growth in mobile device malware. continues to escalate at an ever-accelerating. pace. These threats continue to become more

The dramatic growth in mobile device malware. continues to escalate at an ever-accelerating. pace. These threats continue to become more The dramatic growth in mobile device malware continues to escalate at an ever-accelerating pace. These threats continue to become more sophisticated while the barrier to entry remains low. As specific

More information

Deploying IP Telephony with EX-Series Switches

Deploying IP Telephony with EX-Series Switches Application Note Deploying IP Telephony with EX-Series Switches Optimizing VoIP Applications with EX 3200 and EX 4200 Series Ethernet Switches Juniper Networks, Inc. 1194 North Mathilda Avenue Sunnyvale,

More information

PRODUCT CATEGORY BROCHURE INTEGRATED FIREWALL/ VPN PLATFORMS

PRODUCT CATEGORY BROCHURE INTEGRATED FIREWALL/ VPN PLATFORMS PRODUCT CATEGORY BROCHURE INTEGRATED FIREWALL/ VPN PLATFORMS Strong Security for Access Control, User Authentication, and Attack Protection at the Network and Application Level As threats to the network

More information

Application Note: Junos NAT Configuration Examples

Application Note: Junos NAT Configuration Examples : Junos NAT Configuration Examples January 2010 Juniper Networks, Inc. 1 Table of Contents Junos NAT Configuration Examples...1 Introduction...3 Requirements...3 Configuration Examples...3 Source NAT...3

More information

SOLUTION BROCHURE. Lifecycle Wireless Infrastructure, Security and Services Management

SOLUTION BROCHURE. Lifecycle Wireless Infrastructure, Security and Services Management SOLUTION BROCHURE Wireless LAN Management Solution Overview Lifecycle Wireless Infrastructure, Security and Services Management Wireless LAN Management Solution Overview A successful wireless LAN (WLAN)

More information

ProteusElite:HowTo. 2011 Proteus Networks Proteus Elite:HowTo Page 1

ProteusElite:HowTo. 2011 Proteus Networks Proteus Elite:HowTo Page 1 Setting up an Out of Band Management Network on an SRX In this guide I describe one of the many methods of creating an out-of-band management network for the SRX Series Services Gateways. Background In

More information

White Paper. Protect Your Virtual. Realizing the Benefits of Virtualization Without Sacrificing Security. Copyright 2012, Juniper Networks, Inc.

White Paper. Protect Your Virtual. Realizing the Benefits of Virtualization Without Sacrificing Security. Copyright 2012, Juniper Networks, Inc. White Paper Five Best Practices to Protect Your Virtual Environment Realizing the Benefits of Virtualization Without Sacrificing Security Copyright 2012, Juniper Networks, Inc. 1 Table of Contents Executive

More information

SECURE ACCESS TO THE VIRTUAL DATA CENTER

SECURE ACCESS TO THE VIRTUAL DATA CENTER SOLUTION BRIEF SECURE ACCESS TO THE VIRTUAL DATA CENTER Ensure that Remote Users Can Securely Access the Virtual Data Center s Virtual Desktops and Other Resources Challenge VDI is driving a unique need

More information

DEPLOYING IP TELEPHONY WITH EX SERIES ETHERNET SWITCHES

DEPLOYING IP TELEPHONY WITH EX SERIES ETHERNET SWITCHES APPLICATION NOTE DEPLOYING IP TELEPHONY WITH EX SERIES ETHERNET SWITCHES Optimizing Applications with Juniper Networks Access Switches Copyright 2011, Juniper Networks, Inc. 1 Table of Contents Introduction.....................................................................................................3

More information

White Paper. Copyright 2012, Juniper Networks, Inc. 1

White Paper. Copyright 2012, Juniper Networks, Inc. 1 White Paper SRX Series as Gi/ Firewall for Mobile Network Infrastructure Protection Copyright 2012, Juniper Networks, Inc. 1 Table of Contents Executive Summary...3 Introduction...3 Overview of LTE (4G)

More information

Electronic Fulfillment of Feature, Capacity and Subscription License Activation Keys via the License Management System (LMS)

Electronic Fulfillment of Feature, Capacity and Subscription License Activation Keys via the License Management System (LMS) Electronic Fulfillment of Feature, Capacity and Subscription License Activation Keys via the License Management System (LMS) Table of Contents OVERVIEW... 2 A LICENSE KEY EXPLAINED... 2 LICENSE... 2 LICENSE

More information

IDP SERIES POLICY DESIGN AND OPTIMIZATION

IDP SERIES POLICY DESIGN AND OPTIMIZATION IMPLEMENTATION GUIDE IDP SERIES POLICY DESIGN AND OPTIMIZATION Although Juniper Networks has attempted to provide accurate information in this guide, Juniper Networks does not warrant or guarantee the

More information

Simplifying the Data Center Network to Reduce Complexity and Improve Performance

Simplifying the Data Center Network to Reduce Complexity and Improve Performance SOLUTION BRIEF Juniper Networks 3-2-1 Data Center Network Simplifying the Data Center Network to Reduce Complexity and Improve Performance Challenge Escalating traffic levels, increasing numbers of applications,

More information

ENTERPRISE SOLUTION FOR DIGITAL AND ANALOG VOICE TRANSPORT ACROSS IP/MPLS

ENTERPRISE SOLUTION FOR DIGITAL AND ANALOG VOICE TRANSPORT ACROSS IP/MPLS SOLUTION BRIEF ENTERPRISE SOLUTION FOR DIGITAL AND ANALOG VOICE TRANSPORT ACROSS IP/MPLS IT Organizations Can Reduce Costly TDM Leased Line Fees Challenge IP networks were not designed to transport bit-synchronous

More information

TECHNICAL NOTE SETTING UP A STRM UPDATE SERVER. Configuring your Update Server

TECHNICAL NOTE SETTING UP A STRM UPDATE SERVER. Configuring your Update Server TECHNICAL NOTE SETTING UP A STRM UPDATE SERVER AUGUST 2012 STRM uses system configuration files to provide useful characterizations of network data flows. Updates to the system configuration files, available

More information

WHITE PAPER. Copyright 2011, Juniper Networks, Inc. 1

WHITE PAPER. Copyright 2011, Juniper Networks, Inc. 1 WHITE PAPER Network Simplification with Juniper Networks Technology Copyright 2011, Juniper Networks, Inc. 1 WHITE PAPER - Network Simplification with Juniper Networks Technology Table of Contents Executive

More information

Strategic Network Consulting

Strategic Network Consulting Strategic Network Consulting Service Description Document November 2009 Contents 1. Introduction... 2 2. Eligibility and Prerequisites... 2 3. Service Features and Deliverables... 2 4. Customer Responsibilities...

More information

Implementing Firewalls inside the Core Data Center Network

Implementing Firewalls inside the Core Data Center Network IMPLEMENTATION GUIDE Implementing Firewalls inside the Core Data Center Network Best Practices for Implementing Juniper Networks Firewall Devices in the Data Center Core Copyright 2010, Juniper Networks,

More information

After you have created your text file, see Adding a Log Source.

After you have created your text file, see Adding a Log Source. TECHNICAL UPLOADING TEXT FILES INTO A REFERENCE SET MAY 2012 This technical note provides information on how to upload a text file into a STRM reference set. You need to be comfortable with writing regular

More information

Reasons Enterprises. Prefer Juniper Wireless

Reasons Enterprises. Prefer Juniper Wireless Reasons Enterprises Prefer Juniper Wireless Juniper s WLAN solution meets the mobility needs of today s enterprises by delivering the highest levels of reliability, scalability, management, and security.

More information

Deploy secure, corporate access for mobile device users with the Junos Pulse Mobile Security Suite

Deploy secure, corporate access for mobile device users with the Junos Pulse Mobile Security Suite WHITE PAPER Mobile Device Security in the Enterprise Deploy secure, corporate access for mobile device users with the Junos Pulse Mobile Security Suite Copyright 2010, Juniper Networks, Inc. Table of Contents

More information

Unless otherwise noted, all references to STRM refer to STRM, STRM Log Manager, and STRM Network Anomaly Detection.

Unless otherwise noted, all references to STRM refer to STRM, STRM Log Manager, and STRM Network Anomaly Detection. TECHNICAL USING NFS FOR STRM BACKUPS SEPTEMBER 2013 This technical note provides guidelines and procedures for using a Network File System (NFS) storage solution in your STRM deployment. Unless otherwise

More information

Network Configuration Example

Network Configuration Example Network Configuration Example Configuring Branch SRX Series for MPLS over IPsec (1500-byte MTU) Published: 2014-12-17 Juniper Networks, Inc. 1194 North Mathilda Avenue Sunnyvale, California 94089 USA 408-745-2000

More information

Unless otherwise noted, all references to STRM refer to STRM, STRM Log Manager, and STRM Network Anomaly Detection.

Unless otherwise noted, all references to STRM refer to STRM, STRM Log Manager, and STRM Network Anomaly Detection. TECHNICAL NOTE FORWARDING LOGS USING TAIL2SYSLOG MARCH 2013 The Tail2Syslog support script provides a method for monitoring and forwarding events to STRM using syslog for real-time correlation. Tail2Syslog

More information

Features and Benefits

Features and Benefits DATASHEET Optic Modules Product Description Juniper Networks has platforms ranging from the Juniper Networks CTP Series Circuit to Packet Platforms, BX Series Multi-Access Gateways, E Series Broadband

More information

J-Care Agility Services

J-Care Agility Services Agility Services Service Description January 2010 Contents 1. Introduction... 2 2. Eligibility and Purchasing... 2 3. Service Features and Deliverable Description... 2 4. Customer Responsibilities... 8

More information

Juniper Networks Solution Portfolio for Public Sector Network Security

Juniper Networks Solution Portfolio for Public Sector Network Security Solution Brochure Juniper Networks Solution Portfolio for Public Sector Network Security Protect against Network Downtime, Control Access to Critical Resources, and Provide Information Assurance STRM NS-Security

More information

Security That Ensures Tenants Do Not Pose a Risk to One Another In Terms of Data Loss, Misuse, or Privacy Violation

Security That Ensures Tenants Do Not Pose a Risk to One Another In Terms of Data Loss, Misuse, or Privacy Violation White Paper Securing Multi-Tenancy and Cloud Computing Security That Ensures Tenants Do Not Pose a Risk to One Another In Terms of Data Loss, Misuse, or Privacy Violation Copyright 2012, Juniper Networks,

More information

Junos Pulse Access Control Service 4.4R4-MDM Supported Platforms Document

Junos Pulse Access Control Service 4.4R4-MDM Supported Platforms Document Junos Pulse Access Control Service 4.4R4-MDM Supported Platforms Document Junos Pulse Access Control Service 4.4R4-MDM Build #22687 OAC Version 5.60.22687 Junos Pulse Client Version 4.0.4.38461 Juniper

More information

Junos Pulse Secure Access Service Enables Service Providers to Deliver Scalable and On-Demand, Cloud-Based Deployments with Simplicity and Agility

Junos Pulse Secure Access Service Enables Service Providers to Deliver Scalable and On-Demand, Cloud-Based Deployments with Simplicity and Agility White Paper Transitioning Enterprise Customers to the Cloud with Junos Pulse Junos Pulse Secure Access Service Enables Service Providers to Deliver Scalable and On-Demand, Cloud-Based Deployments with

More information

Implementation Consulting

Implementation Consulting Implementation Consulting Service Description Document August 2009 Table of Contents 1. Introduction...2 2. Eligibility and Prerequisite...2 3. Service Features and Deliverables...2 4. Customer Responsibilities...3

More information

Security Services Gateways PRODUCT CATEGORY BROCHURE

Security Services Gateways PRODUCT CATEGORY BROCHURE Security Services Gateways PRODUCT CATEGORY BROCHURE Integrated Strong Security for Data Center, Campus, Branch and Cloud Deployments As threats to the network grow more prevalent and destructive, securing

More information

Security Solutions Portfolio

Security Solutions Portfolio Fixed Telecommuter or Small Medium Office Regional Office SSG 520M SSG 550M Security Solutions Portfolio Integrated Firewall/VPN Solutions SSG 140 Branch Office... SSG 320M... SSG 350M... SSG 5 SSG 20...

More information

JUNOScope IP Service Manager

JUNOScope IP Service Manager Datasheet JUNOScope IP Service Manager Product Description As service providers and enterprises evolve to meet the demands of their customer base, one key to success is the enhancement of operational efficiencies

More information

Protecting Physical and Virtual Workloads

Protecting Physical and Virtual Workloads WHITE PAPER An Integrated Security Solution for the Virtual Data Center and Cloud Protecting Physical and Virtual Workloads Copyright 2011, Juniper Networks, Inc. 1 Table of Contents Executive Summary........................................................................................................

More information

Key Strategies for Long-Term Success

Key Strategies for Long-Term Success WHITE PAPER Security in the Next- Generation Data Center Key Strategies for Long-Term Success Copyright 2011, Juniper Networks, Inc. 1 Table of Contents Executive Summary........................................................................................................

More information

Juniper Networks High-Performance Networking for Branch Offices of Financial Services Institutions

Juniper Networks High-Performance Networking for Branch Offices of Financial Services Institutions WHITE PAPER Juniper Networks High-Performance Networking for Branch Offices of Financial Services Institutions Building the FSI Thin Branch Copyright 2010, Juniper Networks, Inc. Table of Contents Executive

More information

Interoperability Test Results for Juniper Networks EX Series Ethernet Switches and NetApp Storage Systems

Interoperability Test Results for Juniper Networks EX Series Ethernet Switches and NetApp Storage Systems APPLICATION NOTE Network Attached Storage Interoperability Testing Interoperability Test Results for Juniper Networks EX Series Ethernet Switches and Storage Systems Copyright 2012, Juniper Networks, Inc.

More information

Meeting PCI Data Security Standards with Juniper Networks Security Threat Response Manager (STRM)

Meeting PCI Data Security Standards with Juniper Networks Security Threat Response Manager (STRM) White Paper Meeting PCI Data Security Standards with Juniper Networks Security Threat Response Manager (STRM) When It Comes To Monitoring and Validation It Takes More Than Just Collecting Logs Juniper

More information

JUNOS Software: The Power

JUNOS Software: The Power PRODUCT CATEGORY BROCHURE JUNOS Software: The Power of One Operating System Reduce Complexity, Achieve Operational Excellence, and Dynamically Deliver Services with Lower TCO Overview Juniper Networks

More information

Demonstrating the high performance and feature richness of the compact MX Series

Demonstrating the high performance and feature richness of the compact MX Series WHITE PAPER Midrange MX Series 3D Universal Edge Routers Evaluation Report Demonstrating the high performance and feature richness of the compact MX Series Copyright 2011, Juniper Networks, Inc. 1 Table

More information

SECURING TODAY S MOBILE WORKFORCE

SECURING TODAY S MOBILE WORKFORCE WHITE PAPER SECURING TODAY S MOBILE WORKFORCE Connect, Secure, and Manage Mobile Devices and Users with Junos Pulse and the Junos Pulse Mobile Security Suite Copyright 2011, Juniper Networks, Inc. Table

More information

Network Configuration Example

Network Configuration Example Network Configuration Example Configuring Multiple Port Mirroring Sessions on EX4200 Switches Published: 2014-04-09 Juniper Networks, Inc. 1194 North Mathilda Avenue Sunnyvale, California 94089 USA 408-745-2000

More information

Juniper Networks and IPv6. Tim LeMaster Ipv6.juniper.net www.juniper.net

Juniper Networks and IPv6. Tim LeMaster Ipv6.juniper.net www.juniper.net Juniper Networks and IPv6 Tim LeMaster Ipv6.juniper.net www.juniper.net IPv6 Leadership IPv6 supported in Junos since 2001 IPv6 supported in ScreenOS since 2004 First router to be IPv6 Certified by DoD/

More information

Product Description. Product Overview. Mobility Services Appliance. Location Appliance. RingMaster Appliance DATASHEET

Product Description. Product Overview. Mobility Services Appliance. Location Appliance. RingMaster Appliance DATASHEET DATASHEET WLM1200 Wireless LAN Management Appliance Product Overview With mobility on the increase, wireless LAN (WLAN) management is becoming more important, as it allows network administrators to better

More information

SRX SERIES AND J SERIES NETWORK ADDRESS TRANSLATION

SRX SERIES AND J SERIES NETWORK ADDRESS TRANSLATION APPLICATION NOTE SRX SERIES AND J SERIES NETWORK ADDRESS TRANSLATION Configuring Next-Generation NAT on Juniper Networks SRX Series Services Gateways and J Series Services Routers Copyright 2010, Juniper

More information

Implementing Firewalls inside the Core Data Center Network

Implementing Firewalls inside the Core Data Center Network Implementation Guide Implementing Firewalls inside the Core Data Center Network Best Practices for Implementing Juniper Networks Firewall Devices in the Data Center Core Juniper Networks, Inc. 1194 North

More information

Pharmacy. Regulatory Agency. Medical Equipment. Clinic. Customers Guest Partners Vendors WEB

Pharmacy. Regulatory Agency. Medical Equipment. Clinic. Customers Guest Partners Vendors WEB PORTALS DEVICES Pharmacy Data Center Hospital Field Trial ATM Regulatory Agency Clinic MD Office Medical Equipment Kiosk Clinic Customers Guest Partners Vendors Customers Guest Partners Vendors SOA WEB

More information

Implementation Guide. Juniper Networks SRX Series Services Gateways/ Websense V10000 G2 appliance. v7.6

Implementation Guide. Juniper Networks SRX Series Services Gateways/ Websense V10000 G2 appliance. v7.6 Juniper Networks SRX Series Services Gateways/ Websense V10000 G2 appliance v7.6 Juniper Networks SRX Series Services Gateways/Websense V10000 G2 appliance Copyright 1996-2011 Websense, Inc. All rights

More information

How To Secure Your Network With Juniper Networks

How To Secure Your Network With Juniper Networks SOLUTION BRIEF ADAPTIVE THREAT MANAGEMENT SOLUTIONS PUBLIC SECTOR High-Performance Security Solutions That Work Together Challenge Because the network is critical to achieving mission-critical objectives

More information

PROFESSIONAL SECURITY SYSTEMS

PROFESSIONAL SECURITY SYSTEMS PROFESSIONAL SECURITY SYSTEMS Security policy, active protection against network attacks and management of IDP Introduction Intrusion Detection and Prevention (IDP ) is a new generation of network security

More information

By default, STRM provides an untrusted SSL certificate. You can replace the untrusted SSL certificate with a self-signed or trusted certificate.

By default, STRM provides an untrusted SSL certificate. You can replace the untrusted SSL certificate with a self-signed or trusted certificate. TECHNICAL NOTE REPLACING THE SSL CERTIFICATE AUGUST 2012 By default, STRM provides an untrusted SSL certificate. You can replace the untrusted SSL certificate with a self-signed or trusted certificate.

More information

Firewall Migration. Migrating to Juniper Networks Firewall/VPN Solutions. White Paper

Firewall Migration. Migrating to Juniper Networks Firewall/VPN Solutions. White Paper White Paper Firewall Migration Migrating to Juniper Networks Firewall/VPN Solutions Juniper Networks, Inc. 1194 North Mathilda Avenue Sunnyvale, California 94089 USA 408.745.2000 1.888 JUNIPER www.juniper.net

More information

This technical note provides information on how to customize your email notifications. This section includes the following topics:

This technical note provides information on how to customize your email notifications. This section includes the following topics: TECHNICAL NOTE CONFIGURING CUSTOM EMAIL NOTIFICATIONS AUGUST 2012 When configuring rules in STRM, you can specify that each time the rule generates a response, an email notification is sent to recipients

More information

SOLUTION BROCHURE. Juniper Networks. Intelligent Security and Performance for the Distributed Enterprise

SOLUTION BROCHURE. Juniper Networks. Intelligent Security and Performance for the Distributed Enterprise SOLUTION BROCHURE Juniper Networks Adaptive Threat Management Solutions Intelligent Security and Performance for the Distributed Enterprise Juniper Networks Adaptive Threat Management Solutions Overview

More information

INTELLIGENT SECURITY: THE STRATEGIC APPROACH TO HIGH-PERFORMANCE NETWORKS FOR HIGHER EDUCATION

INTELLIGENT SECURITY: THE STRATEGIC APPROACH TO HIGH-PERFORMANCE NETWORKS FOR HIGHER EDUCATION WHITE PAPER INTELLIGENT SECURITY: THE STRATEGIC APPROACH TO HIGH-PERFORMANCE NETWORKS FOR HIGHER EDUCATION Copyright 2010, Juniper Networks, Inc. 1 Table of Contents New Challenges Evolving...................................................................................................

More information

Setting up an icap Server for ISG- 1000/2000 AV Support

Setting up an icap Server for ISG- 1000/2000 AV Support Application Note Setting up an icap Server for ISG- 1000/2000 AV Support Version 1.1 Ronald Ng AJTAC Engineer AV/DI/UF Specialist Juniper Networks, Inc. 1194 North Mathilda Avenue Sunnyvale, CA 94089 USA

More information

Security Solutions Portfolio

Security Solutions Portfolio Fixed Telecommuter or Small Medium Office Regional Office SSG 520M SSG 550M Branch Office Security Solutions Portfolio Integrated Firewall/VPN Solutions SSG 140 SSG 350M... SSG 320M... 5GT SSG 5 SSG 20.........

More information

Juniper Networks SRX 5000 Services Gateways

Juniper Networks SRX 5000 Services Gateways Juniper Networks SRX 5000 Services Gateways Datasheet Product Description Juniper Networks SRX 5600 and SRX 5800 are next-generation services gateways based on a revolutionary new architecture that provides

More information

Juniper Networks Education Services

Juniper Networks Education Services Datasheet Education Services Deploying networks that can securely and reliably deliver high-speed services is a must for setting your business apart from the competition. But how do you keep pace with

More information

McAfee Network Security Platform Administration Course

McAfee Network Security Platform Administration Course McAfee Network Security Platform Administration Course Intel Security Education Services Administration Course The McAfee Network Security Platform Administration course from McAfee Education Services

More information

The Global Attacker Security Intelligence Service Explained

The Global Attacker Security Intelligence Service Explained White Paper How Junos Spotlight Secure Works The Global Attacker Security Intelligence Service Explained Copyright 2013, Juniper Networks, Inc. 1 Table of Contents Executive Summary...3 Introduction...3

More information

JUNIPER NETWORKS WIRELESS LAN SOLUTION

JUNIPER NETWORKS WIRELESS LAN SOLUTION SOLUTION BROCHURE JUNIPER NETWORKS WIRELESS LAN SOLUTION Deliver Secure, Scalable, and Reliable Campus Mobility While Maximizing Performance and Minimizing Cost of Ownership Wireless LAN Solution Overview

More information