MIGRATING IPS SECURITY POLICY TO JUNIPER NETWORKS SRX SERIES SERVICES GATEWAYS
|
|
- Silvester Richards
- 8 years ago
- Views:
Transcription
1 APPLICATION NOTE MIGRATING IPS SECURITY POLICY TO JUNIPER NETWORKS SRX SERIES SERVICES GATEWAYS Migrating Advanced Security Policies to SRX Series Services Gateways Copyright 2009, Juniper Networks, Inc.
2 Table of Contents Introduction...1 Deployment... 1 Feature Parity... 1 Multi-Method Detection Logging... 1 Scope...1 Description and Deployment Scenario...2 Security Policy Migration... 2 Standalone IDP Series to SRX Series... 3 Sensor Settings... 3 Migrating Policy... 4 ISG Series to SRX Series... 8 About Juniper Networks...9 ii Copyright 2009, Juniper Networks, Inc.
3 Introduction This application note is intended to provide a brief overview of some basic considerations when moving from standalone Juniper Networks IDP Series Intrusion Detection and Protection Appliances, or Juniper Networks ISG Series Integrated Security Gateways with IDP security module, to the SRX Series Services Gateways. Deployment SRX Series Services Gateways can be deployed in inline mode only. In other words, it is not possible to configure the SRX Series in sniffer or transparent mode (like the standalone IDP Series) nor can it be configured in inline tap mode like the ISG Series with IDP. Feature Parity Feature parity between standalone IDP Series and Juniper Networks JUNOS Software-based SRX Series platforms will occur in the near future. Ultimately feature parity is a goal that will be achieved over time, giving customers greater flexibility and allowing customers to choose the best solution to fit their overall business and network security needs. It is recommended that feature availability/requirements be verified before weighing device capabilities and deployment options. Multi-Method Detection SRX Series devices deploy two rulebases: Main IDP Rulebase, and Exempt Rulebase. In addition, SRX Series uses security zones which are based on technology available with ScreenOS-based security devices, and provides detailed screen protection as an alternative for some basic standalone detection methods/rulebases. Logging Logging on an SRX Series gateway must be configured to send records in response to security events via syslog to a preconfigured syslog server, such as the Juniper Networks STRM Series Security Threat Response Managers. Scope Although an SRX Series IDP policy can be configured entirely from within Juniper Networks J-Web Software, this document focuses primarily on command-line interface (CLI) and Juniper Networks Network and Security Manager configuration steps, with the intention of providing an easy transition and learning path for both system engineers new to the IDP Series and those already familiar with managing standalone IDP Series and ISG Series with IDP solutions. That said, brief J-Web configuration steps are also provided at the end of this document. Copyright 2009, Juniper Networks, Inc. 1
4 Description and Deployment Scenario Security Policy Migration This document assumes that the SRX Series gateway has been configured according to the following network diagram with all the required interfaces, security zones, and other needed configuration settings in place. GUI NSM SYSLOG fxp ge-0/0/7 ge-0/0/2 abc-trust abc-untrust ge-0/0/ SRX Series Here is an example of a basic SRX Series configuration: Figure 1: SRX Series Deployment Example set security log format syslog set security log source-address set security log stream jet severity debug set security log stream jet host set interfaces ge-0/0/2 unit 0 family inet address /24 set interfaces ge-0/0/3 unit 0 family inet address /24 set interfaces ge-0/0/7 unit 0 family inet address /24 set interfaces fxp0 unit 0 family inet address /24 set system services ssh root-login allow set system services outbound-ssh client nsm device-id EEC4B8 set system services outbound-ssh client nsm secret $9$iqfz9CuIhrp0IcrlXxbs24aUF39 set system services outbound-ssh client nsm services netconf set system services outbound-ssh client nsm port 7804 set security policies default-policy deny-all set security idp traceoptions file size 100m set security idp traceoptions flag all set security idp traceoptions level all set security zones security-zone abc-trust interfaces ge-0/0/2.0 set security zones security-zone abc-untrust interfaces ge-0/0/3.0 2 Copyright 2009, Juniper Networks, Inc.
5 Standalone IDP Series to SRX Series Because standalone IDP Series devices are typically deployed in either sniffer or transparent mode, additional considerations with regards to the network design must be made. These involve: Network interfaces configuration Security zones configuration In addition, there are considerations with regards to additional security features, such as: Denial of service (DoS)/flood protection Traffic anomaly detection or screens (as well as some of the detection methods which may have yet to be implemented as part of the current JUNOS release) Finally, security policy settings and, more specifically, configured actions have to be closely analyzed, because a new device has the potential to impact production network traffic flows as a result of its participation in Layer 3 processing. Sensor Settings On both standalone IDP Series and SRX Series devices, there are a number of sensor configuration settings which can be configured to fine-tune IDP Series behavior and can be accessed from CLI and Network and Security Manager. If any of the settings have been changed from the default value or need to be further modified, this would need to be done manually; there are no automated processes to export/import these settings. Note: In order to be able to update sensor configuration settings on the SRX Series from NSM, the SRX Series device needs to be configured in In-Device policy management mode. Copyright 2009, Juniper Networks, Inc. 3
6 Migrating Policy Following is a simple DMZ-based IDP Series security policy as it runs on a standalone IDP device. The task of porting this policy to the SRX Series device involves the following steps: 1. Make sure the SRX Series device is in Central Management Policy Mode. 2. Add and configure firewall rulebase. Configure source and destination zones Configure Install On Enable IDP Rename policy so it reflects new platform for easier management 4 Copyright 2009, Juniper Networks, Inc.
7 3. Change Install On in IDP policy and edit rules if needed. 4. Assign the policy. 5. Update device. Copyright 2009, Juniper Networks, Inc. 5
8 6. If the update fails due to inventory mismatch (between the device and associated information in NSM database such as the following Job Information example):.... then reconcile the Inventory:.... and update again 6 Copyright 2009, Juniper Networks, Inc.
9 7. Device update should resemble the following: show security idp idp-policy SRX_DMZ display set set security idp idp-policy SRX_DMZ rulebase-ips rule 1 match source-address any set security idp idp-policy SRX_DMZ rulebase-ips rule 1 match destination-address any set security idp idp-policy SRX_DMZ rulebase-ips rule 1 match attacks predefined-attack-groups IP - Major set security idp idp-policy SRX_DMZ rulebase-ips rule 1 match attacks predefined-attack-groups IP - Critical set security idp idp-policy SRX_DMZ rulebase-ips rule 1 match attacks predefined-attack-groups TCP - Critical set security idp idp-policy SRX_DMZ rulebase-ips rule 1 match attacks predefined-attack-groups TCP - Major set security idp idp-policy SRX_DMZ rulebase-ips rule 1 then action drop-packet set security idp idp-policy SRX_DMZ rulebase-ips rule 1 then notification log-attacks alert set security idp idp-policy SRX_DMZ rulebase-ips rule 2 match source-address any set security idp idp-policy SRX_DMZ rulebase-ips rule 2 match destination-address any set security idp idp-policy SRX_DMZ rulebase-ips rule 2 match attacks predefined-attack-groups DNS - Critical set security idp idp-policy SRX_DMZ rulebase-ips rule 2 match attacks predefined-attack-groups DNS - Major Copyright 2009, Juniper Networks, Inc. 7
10 set security idp idp-policy SRX_DMZ rulebase-ips rule 2 then action drop-connection set security idp idp-policy SRX_DMZ rulebase-ips rule 2 then notification log-attacks alert set security idp idp-policy SRX_DMZ rulebase-ips rule 3 match source-address any set security idp idp-policy SRX_DMZ rulebase-ips rule 3 match destination-address any FINGER - Minor FTP - Minor GOPHER - Minor HTTP - Minor IMAP - Minor NNTP - Minor POP3 - Minor SHELLCODE - Minor SMTP - Minor SSH - Minor set security idp idp-policy SRX_DMZ rulebase-ips rule 3 then action no-action set security idp idp-policy SRX_DMZ rulebase-ips rule 3 then notification log-attacks ISG Series to SRX Series If the ISG Series with IDP is not configured in transparent (L2) mode and the network design is not to change, then the migration process becomes very straightforward. All considerations described in previous sections have already been addressed with the ISG Series and have been used for some length of time, providing greater confidence that the security policy will not impact production. The steps involved in migrating policy do not vary from the process involved in standalone IDP Series migration except that there is no need to additionally create firewall policy, and probably no need to redesign surrounding network and addressing, as well as required DoS and flood protection Even in the most demanding migration scenario, ISG Series migration involves only a subset of standalone IDP Series migration steps. A more demanding scenario would be if the ISG Series has been configured in Transparent (L2) mode. This process becomes more involved than in L3 mode, because breaking the broadcast domains can cause some concerns and would warrant additional care when configuring policy and its appropriate responses. However, just like in case of standalone IDP Series provided that networking configuration is done properly security policy rules (responses to specific events) can be enabled/changed selectively. 8 Copyright 2009, Juniper Networks, Inc.
11 About Juniper Networks Juniper Networks, Inc. is the leader in high-performance networking. Juniper offers a high-performance network infrastructure that creates a responsive and trusted environment for accelerating the deployment of services and applications over a single network. This fuels high-performance businesses. Additional information can be found at Corporate And Sales Headquarters Juniper Networks, Inc North Mathilda Avenue Sunnyvale, CA USA Phone: 888.JUNIPER ( ) or Fax: APAC Headquarters Juniper Networks (Hong Kong) 26/F, Cityplaza One 1111 King s Road Taikoo Shing, Hong Kong Phone: Fax: To purchase Juniper Networks solutions, please contact your Juniper Networks representative at or authorized reseller. EMEA Headquarters Juniper Networks Ireland Airside Business Park Swords, County Dublin, Ireland Phone: Fax: Copyright 2009 Juniper Networks, Inc. All rights reserved. Juniper Networks, the Juniper Networks logo, JUNOS, NetScreen, and ScreenOS are registered trademarks of Juniper Networks, Inc. in the United States and other countries. JUNOSe is a trademark of Juniper Networks, Inc. All other trademarks, service marks, registered marks, or registered service marks are the property of their respective owners. Juniper Networks assumes no responsibility for any inaccuracies in this document. Juniper Networks reserves the right to change, modify, transfer, or otherwise revise this publication without notice EN Mar 2009 Printed on recycled paper. 9
IF-MAP FEDERATION WITH JUNIPER NETWORKS UNIFIED ACCESS CONTROL
IF-MAP FEDERATION WITH JUNIPER NETWORKS UNIFIED ACCESS CONTROL An illustrated Guide to Configuring a Simple IF-MAP Federated Network Juniper Networks, Inc. 1 Table of Contents Introduction...3 Scope...3
More informationPERFORMANCE VALIDATION OF JUNIPER NETWORKS SRX5800 SERVICES GATEWAY
APPLICATION NOTE PERFORMANCE VALIDATION OF JUNIPER NETWORKS SRX5800 SERVICES GATEWAY Copyright 2010, Juniper Networks, Inc. Table of Contents Introduction........................................................................................
More informationCOORDINATED THREAT CONTROL
APPLICATION NOTE COORDINATED THREAT CONTROL Interoperability of Juniper Networks IDP Series Intrusion Detection and Prevention Appliances and SA Series SSL VPN Appliances Copyright 2010, Juniper Networks,
More informationNetwork and Security. Product Description. Product Overview. Architecture and Key Components DATASHEET
DATASHEET Network and Security Manager Product Overview Network and Security Manager provides unparalleled capability for device and security policy configuration, comprehensive monitoring, reporting tools,
More informationMonitoring Network Traffic Using sflow Technology on EX Series Ethernet Switches
APPLICATION NOTE Monitoring Network Traffic Using sflow Technology on EX Series Ethernet Switches Exporting sflow to Collectors Through a Separate Virtual Routing Instance Copyright 2009, Juniper Networks,
More informationMONITORING NETWORK TRAFFIC USING sflow TECHNOLOGY ON EX SERIES ETHERNET SWITCHES
APPLICATION NOTE MONITORING NETWORK TRAFFIC USING sflow TECHNOLOGY ON EX SERIES ETHERNET SWITCHES Exporting sflow to Collectors Through a Separate Virtual Routing Instance Copyright 2010, Juniper Networks,
More informationIdentity-Based Traffic Logging and Reporting
Application Note Identity-Based Traffic Logging and Reporting Using UAC in Conjunction with NSM and Infranet Enforcers to Give Additional, User-Identified Visibility into Network Traffic Juniper Networks,
More informationJ-Flow on J Series Services Routers and Branch SRX Series Services Gateways
APPLICATION NOTE Juniper Flow Monitoring J-Flow on J Series Services Routers and Branch SRX Series Services Gateways Copyright 2011, Juniper Networks, Inc. 1 APPLICATION NOTE - Juniper Flow Monitoring
More informationWeb Filtering For Branch SRX Series and J Series
APPLICATION NOTE Web Filtering For Branch SRX Series and J Series Configuring Web Filtering on Branch SRX Series Services Gateways and J Series Services Routers Copyright 2009, Juniper Networks, Inc. Table
More informationRemote Access Protection
IMPLEMENTATION GUIDE Remote Access Protection Best Practices for Implementing Remote Access Protection Using Juniper Networks SA Series SSL VPN Appliances, IDP Series Intrusion Detection and Prevention
More informationConfiguring and Implementing A10
IMPLEMENTATION GUIDE Configuring and Implementing A10 Networks Load Balancing Solution with Juniper s SSL VPN Appliances Although Juniper Networks has attempted to provide accurate information in this
More informationIdentity-Based Application and Network Profiling
Application Note Identity-Based Application and Network Profiling Using UAC in Conjunction with NSM, IDP and Infranet Enforcers Permits User-Identified Application and Network Profiling Juniper Networks,
More informationNETWORK AND SECURITY MANAGER
DATASHEET NETWORK AND SECURITY MANAGER Product Overview Juniper Networks Network and Security Manager (NSM) is a unified device management solution for Juniper s network infrastructure of routing, switching
More informationCONFIGURATION OPTIONS FOR HARDWARE RULE SEARCH (RMS) AND SOFTWARE RULE SEARCH (SWRS)
APPLICATION NOTE CONFIGURATION OPTIONS FOR HARDWARE RULE SEARCH (RMS) AND SOFTWARE RULE SEARCH (SWRS) Discover Which Juniper Networks ScreenOS Rule Search Works for Your Network Copyright 2010, Juniper
More informationPRODUCT CATEGORY BROCHURE
IDP Series Intrusion Detection and Prevention Appliances PRODUCT CATEGORY BROCHURE Staying One Step Ahead With the accelerating number of applications allowed in from the Internet and the higher frequency
More informationSecure, Mobile Access to Corporate Email, Applications, and Intranet Resources
APPLICATION NOTE Juniper NETWORKS SSL VPN and Windows Mobile Secure, Mobile Access to Corporate Email, Applications, and Intranet Resources Table of Contents Introduction.........................................................................................
More informationWEB FILTERING FOR BRANCH SRX SERIES AND J SERIES
APPLICATION NOTE WEB FILTERING FOR BRANCH SRX SERIES AND J SERIES Configuring Web Filtering on Branch SRX Series Services Gateways and J Series Services Routers Copyright 2010, Juniper Networks, Inc. 1
More informationVMWARE VIEW WITH JUNIPER NETWORKS SA SERIES SSL VPN APPLIANCES
APPLICATION NOTE VMWARE VIEW WITH JUNIPER NETWORKS SA SERIES SSL VPN APPLIANCES Configuring Secure SSL VPN Access in a VMware Virtual Desktop Environment Copyright 2010, Juniper Networks, Inc. 1 Table
More informationPRODUCT CATEGORY BROCHURE. Juniper Networks SA Series
PRODUCT CATEGORY BROCHURE Juniper Networks SA Series SSL VPN Appliances Juniper Networks SA Series SSL VPN Appliances Lead the Market with Secure Remote Access Solutions That Meet the Needs of Organizations
More informationIntroduction...3. Scope...3. Design Considerations...3. Hardware Requirements...3. Software Requirements...3. Description and Deployment Scenario...
APPLICATION NOTE Securing Virtualization in the Cloud-Ready Data Center Integrating vgw Virtual Gateway with SRX Series Services Gateways and STRM Series Security Threat Response Manager for Data Center
More informationIncrease Simplicity and Improve Reliability with VPLS on the MX Series Routers
SOLUTION BRIEF Enterprise Data Center Interconnectivity Increase Simplicity and Improve Reliability with VPLS on the Routers Challenge As enterprises improve business continuity by enabling resource allocation
More informationJuniper Networks Solution Portfolio for Public Sector Network Security
SOLUTION BROCHURE Juniper Networks Solution Portfolio for Public Sector Network Security Protect against Network Downtime, Control Access to Critical Resources, and Provide Information Assurance Juniper
More informationConfiguring and Deploying the Dynamic VPN Feature Using SRX Series Services Gateways
APPLICATION NOTE Dynamic VPN Configuring and Deploying the Dynamic VPN Feature Using SRX Series Services Gateways Copyright 2011, Juniper Networks, Inc. 1 Table of Contents Introduction.....................................................................................................3
More informationSoLuTIoN guide. CLoud CoMPuTINg ANd ThE CLoud-rEAdy data CENTEr NETWork
SoLuTIoN guide CLoud CoMPuTINg ANd ThE CLoud-rEAdy data CENTEr NETWork Contents BENEfITS of ThE CLoud-rEAdy data CENTEr NETWork............................3 getting ready......................................................................3
More informationLimitation of Riverbed s Quality of Service (QoS)
Application Note Limitation of Riverbed s Quality of Service (QoS) Riverbed s Quality of Service (QoS) configuration and limitations Juniper Networks, Inc. 1194 North Mathilda Avenue Sunnyvale, California
More informationNETWORK AND SECURITY MANAGER APPLIANCES (NSMXPRESS AND NSM3000)
DATASHEET NETWORK AND SECURITY MANAGER APPLIANCES ( AND ) Product Overview Now more than ever, network operators need the ability to easily manage security policies and to have visibility into potential
More informationWAN OPTIMIZATION AND IPSEC FOR THE BRANCH OFFICE
IMPLEMENTATION GUIDE WAN OPTIMIZATION AND IPSEC FOR THE BRANCH OFFICE Although Juniper Networks has attempted to provide accurate information in this guide, Juniper Networks does not warrant or guarantee
More informationPRODUCT CATEGORY BROCHURE
PRODUCT CATEGORY BROCHURE SA Series SSL VPN Appliances Juniper Networks SA Series SSL VPN Appliances Lead the Market with Secure Remote Access Solutions That Meet the Needs of Organizations of Every Size
More informationOptimizing VoIP Applications with Juniper Networks EX3200 and EX4200 Line of Ethernet Switches
APPLICATION NOTE Deploying IP Telephony with JUNIPER NETWORKS ETHERNET Switches Optimizing Applications with Juniper Networks EX3200 and EX4200 Line of Ethernet Switches Copyright 2009, Juniper Networks,
More informationMeeting PCI Data Security Standards with
WHITE PAPER Meeting PCI Data Security Standards with Juniper Networks STRM Series Security Threat Response Managers When it Comes to Monitoring and Validation it Takes More Than Just Collecting Logs Copyright
More informationJuniper Networks WX Series Large. Integration on Cisco
APPLICATION NOTE Juniper Networks WX Series Large Deployment with WCCP Off-Path Integration on Cisco Integrating Multiple Juniper Networks WX Series Application Acceleration Platforms into a Cisco Infrastructure
More informationHow To Protect Your Network From Attack From A Malicious Computer (For A Network) With Juniper Networks)
PRODUCT CATEGORY BROCHURE Juniper Networks Integrated Firewall/VPN Platforms Strong Security for Access Control, User Authentication, and Attack Protection at the Network and Application Level As threats
More informationVoice Modules for the CTP Series
DATASHEET Voice Modules for the CTP Series Product Overview Enterprise organizations are leveraging the cost savings associated with IP transport for a variety of new packet based multimedia services.
More informationProduct Description. Product Overview
DATASHEET vgw Gateway Product Overview The vgw Gateway provides a best-in-class virtual firewall to meet the unique security challenges of virtual data centers and clouds. IT teams can now secure their
More informationPRODUCT CATEGORY BROCHURE. Juniper Networks Integrated
PRODUCT CATEGORY BROCHURE Juniper Networks Integrated Firewall/VPN Platforms Strong Security for Access Control, User Authentication, and Attack Protection at the Network and Application Level As threats
More informationSecurity Portfolio. Juniper Networks Integrated Firewall/VPN Platforms. Product Brochure. Internet SRX 5600. Fixed Telecommuter or Small Medium Office
Fixed Telecommuter or Small Medium Office NSM NSM Regional Office SSG 550M Product Brochure Security Portfolio Juniper Networks Integrated Firewall/VPN Platforms SSG 140 Branch Office... SSG 320M... SSG
More informationService Description Overview
Service Description Overview Firewall Configuration Migration Service Service Description Overview...1 Firewall Configuration Migration Service...1 1. Introduction...2 2. Service Features...2 3. Service
More informationThe dramatic growth in mobile device malware. continues to escalate at an ever-accelerating. pace. These threats continue to become more
The dramatic growth in mobile device malware continues to escalate at an ever-accelerating pace. These threats continue to become more sophisticated while the barrier to entry remains low. As specific
More informationDeploying IP Telephony with EX-Series Switches
Application Note Deploying IP Telephony with EX-Series Switches Optimizing VoIP Applications with EX 3200 and EX 4200 Series Ethernet Switches Juniper Networks, Inc. 1194 North Mathilda Avenue Sunnyvale,
More informationPRODUCT CATEGORY BROCHURE INTEGRATED FIREWALL/ VPN PLATFORMS
PRODUCT CATEGORY BROCHURE INTEGRATED FIREWALL/ VPN PLATFORMS Strong Security for Access Control, User Authentication, and Attack Protection at the Network and Application Level As threats to the network
More informationApplication Note: Junos NAT Configuration Examples
: Junos NAT Configuration Examples January 2010 Juniper Networks, Inc. 1 Table of Contents Junos NAT Configuration Examples...1 Introduction...3 Requirements...3 Configuration Examples...3 Source NAT...3
More informationSOLUTION BROCHURE. Lifecycle Wireless Infrastructure, Security and Services Management
SOLUTION BROCHURE Wireless LAN Management Solution Overview Lifecycle Wireless Infrastructure, Security and Services Management Wireless LAN Management Solution Overview A successful wireless LAN (WLAN)
More informationProteusElite:HowTo. 2011 Proteus Networks Proteus Elite:HowTo Page 1
Setting up an Out of Band Management Network on an SRX In this guide I describe one of the many methods of creating an out-of-band management network for the SRX Series Services Gateways. Background In
More informationWhite Paper. Protect Your Virtual. Realizing the Benefits of Virtualization Without Sacrificing Security. Copyright 2012, Juniper Networks, Inc.
White Paper Five Best Practices to Protect Your Virtual Environment Realizing the Benefits of Virtualization Without Sacrificing Security Copyright 2012, Juniper Networks, Inc. 1 Table of Contents Executive
More informationSECURE ACCESS TO THE VIRTUAL DATA CENTER
SOLUTION BRIEF SECURE ACCESS TO THE VIRTUAL DATA CENTER Ensure that Remote Users Can Securely Access the Virtual Data Center s Virtual Desktops and Other Resources Challenge VDI is driving a unique need
More informationDEPLOYING IP TELEPHONY WITH EX SERIES ETHERNET SWITCHES
APPLICATION NOTE DEPLOYING IP TELEPHONY WITH EX SERIES ETHERNET SWITCHES Optimizing Applications with Juniper Networks Access Switches Copyright 2011, Juniper Networks, Inc. 1 Table of Contents Introduction.....................................................................................................3
More informationWhite Paper. Copyright 2012, Juniper Networks, Inc. 1
White Paper SRX Series as Gi/ Firewall for Mobile Network Infrastructure Protection Copyright 2012, Juniper Networks, Inc. 1 Table of Contents Executive Summary...3 Introduction...3 Overview of LTE (4G)
More informationElectronic Fulfillment of Feature, Capacity and Subscription License Activation Keys via the License Management System (LMS)
Electronic Fulfillment of Feature, Capacity and Subscription License Activation Keys via the License Management System (LMS) Table of Contents OVERVIEW... 2 A LICENSE KEY EXPLAINED... 2 LICENSE... 2 LICENSE
More informationIDP SERIES POLICY DESIGN AND OPTIMIZATION
IMPLEMENTATION GUIDE IDP SERIES POLICY DESIGN AND OPTIMIZATION Although Juniper Networks has attempted to provide accurate information in this guide, Juniper Networks does not warrant or guarantee the
More informationSimplifying the Data Center Network to Reduce Complexity and Improve Performance
SOLUTION BRIEF Juniper Networks 3-2-1 Data Center Network Simplifying the Data Center Network to Reduce Complexity and Improve Performance Challenge Escalating traffic levels, increasing numbers of applications,
More informationENTERPRISE SOLUTION FOR DIGITAL AND ANALOG VOICE TRANSPORT ACROSS IP/MPLS
SOLUTION BRIEF ENTERPRISE SOLUTION FOR DIGITAL AND ANALOG VOICE TRANSPORT ACROSS IP/MPLS IT Organizations Can Reduce Costly TDM Leased Line Fees Challenge IP networks were not designed to transport bit-synchronous
More informationTECHNICAL NOTE SETTING UP A STRM UPDATE SERVER. Configuring your Update Server
TECHNICAL NOTE SETTING UP A STRM UPDATE SERVER AUGUST 2012 STRM uses system configuration files to provide useful characterizations of network data flows. Updates to the system configuration files, available
More informationWHITE PAPER. Copyright 2011, Juniper Networks, Inc. 1
WHITE PAPER Network Simplification with Juniper Networks Technology Copyright 2011, Juniper Networks, Inc. 1 WHITE PAPER - Network Simplification with Juniper Networks Technology Table of Contents Executive
More informationStrategic Network Consulting
Strategic Network Consulting Service Description Document November 2009 Contents 1. Introduction... 2 2. Eligibility and Prerequisites... 2 3. Service Features and Deliverables... 2 4. Customer Responsibilities...
More informationImplementing Firewalls inside the Core Data Center Network
IMPLEMENTATION GUIDE Implementing Firewalls inside the Core Data Center Network Best Practices for Implementing Juniper Networks Firewall Devices in the Data Center Core Copyright 2010, Juniper Networks,
More informationAfter you have created your text file, see Adding a Log Source.
TECHNICAL UPLOADING TEXT FILES INTO A REFERENCE SET MAY 2012 This technical note provides information on how to upload a text file into a STRM reference set. You need to be comfortable with writing regular
More informationReasons Enterprises. Prefer Juniper Wireless
Reasons Enterprises Prefer Juniper Wireless Juniper s WLAN solution meets the mobility needs of today s enterprises by delivering the highest levels of reliability, scalability, management, and security.
More informationDeploy secure, corporate access for mobile device users with the Junos Pulse Mobile Security Suite
WHITE PAPER Mobile Device Security in the Enterprise Deploy secure, corporate access for mobile device users with the Junos Pulse Mobile Security Suite Copyright 2010, Juniper Networks, Inc. Table of Contents
More informationUnless otherwise noted, all references to STRM refer to STRM, STRM Log Manager, and STRM Network Anomaly Detection.
TECHNICAL USING NFS FOR STRM BACKUPS SEPTEMBER 2013 This technical note provides guidelines and procedures for using a Network File System (NFS) storage solution in your STRM deployment. Unless otherwise
More informationNetwork Configuration Example
Network Configuration Example Configuring Branch SRX Series for MPLS over IPsec (1500-byte MTU) Published: 2014-12-17 Juniper Networks, Inc. 1194 North Mathilda Avenue Sunnyvale, California 94089 USA 408-745-2000
More informationUnless otherwise noted, all references to STRM refer to STRM, STRM Log Manager, and STRM Network Anomaly Detection.
TECHNICAL NOTE FORWARDING LOGS USING TAIL2SYSLOG MARCH 2013 The Tail2Syslog support script provides a method for monitoring and forwarding events to STRM using syslog for real-time correlation. Tail2Syslog
More informationFeatures and Benefits
DATASHEET Optic Modules Product Description Juniper Networks has platforms ranging from the Juniper Networks CTP Series Circuit to Packet Platforms, BX Series Multi-Access Gateways, E Series Broadband
More informationJ-Care Agility Services
Agility Services Service Description January 2010 Contents 1. Introduction... 2 2. Eligibility and Purchasing... 2 3. Service Features and Deliverable Description... 2 4. Customer Responsibilities... 8
More informationJuniper Networks Solution Portfolio for Public Sector Network Security
Solution Brochure Juniper Networks Solution Portfolio for Public Sector Network Security Protect against Network Downtime, Control Access to Critical Resources, and Provide Information Assurance STRM NS-Security
More informationSecurity That Ensures Tenants Do Not Pose a Risk to One Another In Terms of Data Loss, Misuse, or Privacy Violation
White Paper Securing Multi-Tenancy and Cloud Computing Security That Ensures Tenants Do Not Pose a Risk to One Another In Terms of Data Loss, Misuse, or Privacy Violation Copyright 2012, Juniper Networks,
More informationJunos Pulse Access Control Service 4.4R4-MDM Supported Platforms Document
Junos Pulse Access Control Service 4.4R4-MDM Supported Platforms Document Junos Pulse Access Control Service 4.4R4-MDM Build #22687 OAC Version 5.60.22687 Junos Pulse Client Version 4.0.4.38461 Juniper
More informationJunos Pulse Secure Access Service Enables Service Providers to Deliver Scalable and On-Demand, Cloud-Based Deployments with Simplicity and Agility
White Paper Transitioning Enterprise Customers to the Cloud with Junos Pulse Junos Pulse Secure Access Service Enables Service Providers to Deliver Scalable and On-Demand, Cloud-Based Deployments with
More informationImplementation Consulting
Implementation Consulting Service Description Document August 2009 Table of Contents 1. Introduction...2 2. Eligibility and Prerequisite...2 3. Service Features and Deliverables...2 4. Customer Responsibilities...3
More informationSecurity Services Gateways PRODUCT CATEGORY BROCHURE
Security Services Gateways PRODUCT CATEGORY BROCHURE Integrated Strong Security for Data Center, Campus, Branch and Cloud Deployments As threats to the network grow more prevalent and destructive, securing
More informationSecurity Solutions Portfolio
Fixed Telecommuter or Small Medium Office Regional Office SSG 520M SSG 550M Security Solutions Portfolio Integrated Firewall/VPN Solutions SSG 140 Branch Office... SSG 320M... SSG 350M... SSG 5 SSG 20...
More informationJUNOScope IP Service Manager
Datasheet JUNOScope IP Service Manager Product Description As service providers and enterprises evolve to meet the demands of their customer base, one key to success is the enhancement of operational efficiencies
More informationProtecting Physical and Virtual Workloads
WHITE PAPER An Integrated Security Solution for the Virtual Data Center and Cloud Protecting Physical and Virtual Workloads Copyright 2011, Juniper Networks, Inc. 1 Table of Contents Executive Summary........................................................................................................
More informationKey Strategies for Long-Term Success
WHITE PAPER Security in the Next- Generation Data Center Key Strategies for Long-Term Success Copyright 2011, Juniper Networks, Inc. 1 Table of Contents Executive Summary........................................................................................................
More informationJuniper Networks High-Performance Networking for Branch Offices of Financial Services Institutions
WHITE PAPER Juniper Networks High-Performance Networking for Branch Offices of Financial Services Institutions Building the FSI Thin Branch Copyright 2010, Juniper Networks, Inc. Table of Contents Executive
More informationInteroperability Test Results for Juniper Networks EX Series Ethernet Switches and NetApp Storage Systems
APPLICATION NOTE Network Attached Storage Interoperability Testing Interoperability Test Results for Juniper Networks EX Series Ethernet Switches and Storage Systems Copyright 2012, Juniper Networks, Inc.
More informationMeeting PCI Data Security Standards with Juniper Networks Security Threat Response Manager (STRM)
White Paper Meeting PCI Data Security Standards with Juniper Networks Security Threat Response Manager (STRM) When It Comes To Monitoring and Validation It Takes More Than Just Collecting Logs Juniper
More informationJUNOS Software: The Power
PRODUCT CATEGORY BROCHURE JUNOS Software: The Power of One Operating System Reduce Complexity, Achieve Operational Excellence, and Dynamically Deliver Services with Lower TCO Overview Juniper Networks
More informationDemonstrating the high performance and feature richness of the compact MX Series
WHITE PAPER Midrange MX Series 3D Universal Edge Routers Evaluation Report Demonstrating the high performance and feature richness of the compact MX Series Copyright 2011, Juniper Networks, Inc. 1 Table
More informationSECURING TODAY S MOBILE WORKFORCE
WHITE PAPER SECURING TODAY S MOBILE WORKFORCE Connect, Secure, and Manage Mobile Devices and Users with Junos Pulse and the Junos Pulse Mobile Security Suite Copyright 2011, Juniper Networks, Inc. Table
More informationNetwork Configuration Example
Network Configuration Example Configuring Multiple Port Mirroring Sessions on EX4200 Switches Published: 2014-04-09 Juniper Networks, Inc. 1194 North Mathilda Avenue Sunnyvale, California 94089 USA 408-745-2000
More informationJuniper Networks and IPv6. Tim LeMaster Ipv6.juniper.net www.juniper.net
Juniper Networks and IPv6 Tim LeMaster Ipv6.juniper.net www.juniper.net IPv6 Leadership IPv6 supported in Junos since 2001 IPv6 supported in ScreenOS since 2004 First router to be IPv6 Certified by DoD/
More informationProduct Description. Product Overview. Mobility Services Appliance. Location Appliance. RingMaster Appliance DATASHEET
DATASHEET WLM1200 Wireless LAN Management Appliance Product Overview With mobility on the increase, wireless LAN (WLAN) management is becoming more important, as it allows network administrators to better
More informationSRX SERIES AND J SERIES NETWORK ADDRESS TRANSLATION
APPLICATION NOTE SRX SERIES AND J SERIES NETWORK ADDRESS TRANSLATION Configuring Next-Generation NAT on Juniper Networks SRX Series Services Gateways and J Series Services Routers Copyright 2010, Juniper
More informationImplementing Firewalls inside the Core Data Center Network
Implementation Guide Implementing Firewalls inside the Core Data Center Network Best Practices for Implementing Juniper Networks Firewall Devices in the Data Center Core Juniper Networks, Inc. 1194 North
More informationPharmacy. Regulatory Agency. Medical Equipment. Clinic. Customers Guest Partners Vendors WEB
PORTALS DEVICES Pharmacy Data Center Hospital Field Trial ATM Regulatory Agency Clinic MD Office Medical Equipment Kiosk Clinic Customers Guest Partners Vendors Customers Guest Partners Vendors SOA WEB
More informationImplementation Guide. Juniper Networks SRX Series Services Gateways/ Websense V10000 G2 appliance. v7.6
Juniper Networks SRX Series Services Gateways/ Websense V10000 G2 appliance v7.6 Juniper Networks SRX Series Services Gateways/Websense V10000 G2 appliance Copyright 1996-2011 Websense, Inc. All rights
More informationHow To Secure Your Network With Juniper Networks
SOLUTION BRIEF ADAPTIVE THREAT MANAGEMENT SOLUTIONS PUBLIC SECTOR High-Performance Security Solutions That Work Together Challenge Because the network is critical to achieving mission-critical objectives
More informationPROFESSIONAL SECURITY SYSTEMS
PROFESSIONAL SECURITY SYSTEMS Security policy, active protection against network attacks and management of IDP Introduction Intrusion Detection and Prevention (IDP ) is a new generation of network security
More informationBy default, STRM provides an untrusted SSL certificate. You can replace the untrusted SSL certificate with a self-signed or trusted certificate.
TECHNICAL NOTE REPLACING THE SSL CERTIFICATE AUGUST 2012 By default, STRM provides an untrusted SSL certificate. You can replace the untrusted SSL certificate with a self-signed or trusted certificate.
More informationFirewall Migration. Migrating to Juniper Networks Firewall/VPN Solutions. White Paper
White Paper Firewall Migration Migrating to Juniper Networks Firewall/VPN Solutions Juniper Networks, Inc. 1194 North Mathilda Avenue Sunnyvale, California 94089 USA 408.745.2000 1.888 JUNIPER www.juniper.net
More informationThis technical note provides information on how to customize your email notifications. This section includes the following topics:
TECHNICAL NOTE CONFIGURING CUSTOM EMAIL NOTIFICATIONS AUGUST 2012 When configuring rules in STRM, you can specify that each time the rule generates a response, an email notification is sent to recipients
More informationSOLUTION BROCHURE. Juniper Networks. Intelligent Security and Performance for the Distributed Enterprise
SOLUTION BROCHURE Juniper Networks Adaptive Threat Management Solutions Intelligent Security and Performance for the Distributed Enterprise Juniper Networks Adaptive Threat Management Solutions Overview
More informationINTELLIGENT SECURITY: THE STRATEGIC APPROACH TO HIGH-PERFORMANCE NETWORKS FOR HIGHER EDUCATION
WHITE PAPER INTELLIGENT SECURITY: THE STRATEGIC APPROACH TO HIGH-PERFORMANCE NETWORKS FOR HIGHER EDUCATION Copyright 2010, Juniper Networks, Inc. 1 Table of Contents New Challenges Evolving...................................................................................................
More informationSetting up an icap Server for ISG- 1000/2000 AV Support
Application Note Setting up an icap Server for ISG- 1000/2000 AV Support Version 1.1 Ronald Ng AJTAC Engineer AV/DI/UF Specialist Juniper Networks, Inc. 1194 North Mathilda Avenue Sunnyvale, CA 94089 USA
More informationSecurity Solutions Portfolio
Fixed Telecommuter or Small Medium Office Regional Office SSG 520M SSG 550M Branch Office Security Solutions Portfolio Integrated Firewall/VPN Solutions SSG 140 SSG 350M... SSG 320M... 5GT SSG 5 SSG 20.........
More informationJuniper Networks SRX 5000 Services Gateways
Juniper Networks SRX 5000 Services Gateways Datasheet Product Description Juniper Networks SRX 5600 and SRX 5800 are next-generation services gateways based on a revolutionary new architecture that provides
More informationJuniper Networks Education Services
Datasheet Education Services Deploying networks that can securely and reliably deliver high-speed services is a must for setting your business apart from the competition. But how do you keep pace with
More informationMcAfee Network Security Platform Administration Course
McAfee Network Security Platform Administration Course Intel Security Education Services Administration Course The McAfee Network Security Platform Administration course from McAfee Education Services
More informationThe Global Attacker Security Intelligence Service Explained
White Paper How Junos Spotlight Secure Works The Global Attacker Security Intelligence Service Explained Copyright 2013, Juniper Networks, Inc. 1 Table of Contents Executive Summary...3 Introduction...3
More informationJUNIPER NETWORKS WIRELESS LAN SOLUTION
SOLUTION BROCHURE JUNIPER NETWORKS WIRELESS LAN SOLUTION Deliver Secure, Scalable, and Reliable Campus Mobility While Maximizing Performance and Minimizing Cost of Ownership Wireless LAN Solution Overview
More information