IDP Series

Juniper Networks IDP Series Intrusion Detection and Prevention Appliances offer the latest capabilities in network intrusion detection and prevention to protect the network from a wide range of attacks. Using industry-recognized stateful intrusion detection and prevention techniques, the IDP Series provides zero-day protection against worms, trojans, spyware, keyloggers, and other malware.

ISG

Juniper Networks SRX Series Services Gateways provide the essential capabilities necessary to connect, secure, and manage enterprise and service provider networks, from the smallest sites to the largest headquarters and data centers.

By consolidating switching, routing, security services and unified communications in a single device, organizations can economically deliver new applications and services, secure connectivity, and quality end-user experiences. All SRX Series Services Gateways are powered by Juniper Networks proven Junos software, which provides unmatched availability, performance, and superior infrastructure protection while reducing total cost of ownership.

SRX Series for the branch

The SRX Series for the branch delivers the proven performance and deployment capabilities needed for an enterprise to build a worldwide network of thousands of sites. A wide variety of options allow configuration of performance, functionality, and price scaled to support a range of users, from a handful to thousands.

The SRX Services Gateway for the branch offers:

Network security segmentation: Security zone, virtual LANs (VLANs), IPSec VPNs and virtual routers allow administrators to tailor security and networking policies for various internal, external, and demilitarized zone (DMZ) subgroups.

Fully integrated Unified Threat Management (UTM): Allows enterprises to utilize the appropriate level of security needed at a particular site instead of deploying a multi-device solution. Includes two antivirus options (on-premise or cloud-based), intrusion prevention system (IPS), antispam, and Web filtering.

Unified Communications: The SRX Series with Integrated Convergence Services is a SIP media gateway ideally suited for local SIP Trunking, survivable call serving and providing power over Ethernet to directly attached phones for small to medium distributed enterprise locations.

SRX Series for the infrastructure and datacenter

Based on our revolutionary Dynamic Services Architecture, the SRX Series Services Gateways provide unrivaled performance and scalability, ensuring uninterrupted expansion and growth of your network infrastructure without sacrificing security.

The SRX Series is designed to meet the network and security requirements for data center consolidation, rapid services deployment, and aggregation of security services.

Scalable performance: Dynamic Services Architecture means that the SRX Series can take advantage of new services with appropriate processing capabilities without sacrificing overall system performance.

Interface flexibility: Flexible I/O configuration and independent I/O scalability to meet the needs of virtually any network environment.

Network segmentation: Security zone, virtual LANs (VLANs), and virtual routers allow administrators to tailor security and networking policies for various internal, external, and demilitarized zone (DMZ) subgroups.

Robust routing engine: Carrier-class routing engine provides physical and logical separation of data and control planes to allow deployment of consolidated routing and security devices and ensure the security of routing infrastructures.

Comprehensive threat protection: Integrated security features and services include a multigigabit firewall, intrusion detection and prevention, denial of service, network address translation, and quality of service.

J Series

The J Series routers provide:

• Unmatched performance with services enabled (Firewall, NAT, IPSec, etc.)
• Four on-board GigE ports and expandable WAN and LAN interfaces via modules (including GigE) on J2320, J2350, J4350 and J6350
• Comprehensive range of interfaces supporting Serial, T1/E1, FE, DS3/E3, ISDN, ADSL2/2+, G.SHDSL and Gigabit Ethernet
• A full, rich set of IPv4/IPv6 features and routing protocols combined with the broadest MPLS features available
• J2320, J2350, J4350, and J6350 are Avaya voice ready
• Wide array of Layer 2 access protocols including Frame Relay, Ethernet, and PPP/HDLC
• Rich and granular QoS and instrumentation for prioritizing mission-critical traffic such as voice transmission
• Network Address Translation (NAT), Stateful firewall, IPsec, and J-Flow accounting
• Reduced operational cost and complexity due to use of a single Junos image regardless of features activated

Key benefits:

• Security – Juniper Networks delivers the most advanced set of mechanisms for fully protecting enterprise routers from outside threats. The J Series routers give network staff complete control even while under attack. The console port can always be used to add new filters and policies in just a few fast and simple steps.
• High uptime – The modular and fault-protected Junos delivers high levels of resiliency and stability in the J Series. In traditional enterprise routers, any small bug can quickly turn into a larger problem. In Junos, each software module runs independently and is unable to impact other areas. Other features include next-generation CLI for accurate configuration, as well as a rescue button for fast system recovery.
• Predictable performance – The J Series maintains high levels of QoS control and throughput during the most demanding periods of network congestion. Modular software architectures are key in the sorting and scheduling of traffic, ensuring that the most important applications take priority with networking resources.
• Unmatched value – No licensing fees are required for advanced services such as IPv6, MPLS, IPsec, and stateful firewall. No port licenses are required to operate onboard or modular interfaces.

M Series

Juniper Networks M Series Multiservice Edge Routers are deployed in the world's largest networks. The M Series routers support multiple services without compromise on a single platform — maximizing revenue and minimizing operational and capital costs. Services supported include a broad array of VPNs, network-based security, real-time voice and video, bandwidth on demand, rich multicast of premium content, IPv6 services, granular accounting and much more.

• Expanded edge capabilities: The M Series platforms can be deployed at the edge of provider networks, in small and medium-sized cores, and in peering, route reflector, and data-center applications. M Series routers are now deployed and scaling services at the edge of some of the world's largest production networks.
• Consistent service to all customers: The same scalable and production-proven JUNOS Software runs on all M Series platforms, providing a consistent set of capabilities at all network locations — regardless of customer connection or serving-area density.
• Access independence with leading density: An M Series platform can provide a single point of edge aggregation for thousands of customers over any access type—including ATM, Frame Relay, Ethernet and TDM and at speeds from DS0 up to OC-192/STM-64 and 10 Gigabit Ethernet.
• Comprehensive VPN portfolio: The M Series platforms support the industry's most comprehensive VPN portfolio with the ability to simultaneously run and scale a broad set of VPNs with no performance compromise while meeting the needs of a wide set of customers — maximizing the service provider's revenue and minimizing required infrastructure.
• Granular QoS and statistics: The M Series platforms support multiple levels of granular QoS per port, per logical circuit, and per channel (to DS0) for prioritizing traffic. Extensive statistics and diagnostics enable flexible billing, traffic planning, and rapid troubleshooting.
• Increased revenue possibilities: Additional revenue generation is possible with edge routing services, including premium services for end users requiring high levels of security. In addition, M Series platforms efficient deploy scalable multimedia services, reducing both capital and operating expenses and offering better visibility to traffic flows.
• High reliability: Redundant architecture, redundant power and cooling, fault-protected JUNOS Software, and rigorous system testing ensure that all M Series platforms are highly reliable.
• Robust security: Routing reliability, DoS attack protection, and secure service delivery at the edge of provider networks are ensured by a number of features, including J-Protect filtering capabilities, high-performance rate limiting, JUNOS Software, and industry-leading ASIC technology.

MAG

Today’s agile business must deploy an infrastructure that enables fast and secure access to the corporate network and resources, as well as to cloud applications for all authorized users — telecommuters, mobile workers, branch office employees, headquarters-based employees, contractors, guests, partners, and so on—while minimizing costs.

The Juniper Networks MAG Series Junos Pulse Gateways deliver secure, remote and mobile SSL VPN connectivity, network access control, and application acceleration for authorized users through a single converged gateway, with a single enabling client. The MAG Series Junos Pulse Gateways address the needs and answer the challenges of today’s business user, regardless if they are mobile, remote or local, delivering performance and security while keeping costs low.

The MAG Series Junos Pulse Gateways work in concert with Juniper Networks Junos Pulse, Juniper's enabling interface, and its services to address secure remote and LAN access and application acceleration for businesses of all sizes, from small- and medium-sized businesses (SMBs), to government agencies and large, multinational enterprises. The MAG Series gateways deliver a significant reduction in OpEx and CapEx costs, increased deployment density, extensive scalability, and easily reconfigurable "personality" changes, between secure mobile and remote access control, and network access control (NAC). The combination of extensible, purpose-built gateways working hand-in-hand with Junos Pulse and its associated services—including the Junos Pulse Secure Access Service (SSL VPN), Junos Pulse Access Control Service (Unified Access Control) and Junos Pulse Application Acceleration Service—deliver accelerated, secure mobile, remote and LAN-based access control for users of mobile devices, laptops and desktops specifically designed to change the economics of enterprise security and access infrastructure.

The MAG Series Junos Pulse Gateways are offered in five models to meet the access and acceleration needs of enterprises and organizations of all types and size.

MX Series

Mykonos

The innovative Mykonos Web Security is the first Web Intrusion Deception System that detects, tracks, profiles and prevents hackers in real-time.

Traditional web application firewalls are seriously flawed because their reliance on a library of signatures to detect attacks and makes them susceptible to unknown (zero day) web attacks.

Intrusion Deception
Mykonos Software technology uses Intrusion Deception to address this problem. Unlike signature-based approaches Mykonos Web Security inserts random, variable detection points, or tar traps, into the code of outbound Web application traffic to proactively identify attackers before they can do damage - without false positives.

Detect using deception
Mykonos Web Security inserts detection points into web application code including urls, forms and server files to create a variable minefield. These traps detect hackers when they manipulate the detection points during the reconnaissance phase of the attack, before they can establish an attack vector. And because hackers are manipulating code that has nothing to do with the website or web application, the malicious action is certain.

Track attackers beyond the IP address
Mykonos captures an attacker’s IP address as one data point for tracking. But many legitimate users could also be accessing the site from the same IP address—for this reason, Mykonos Web Security goes beyond the IP address and tracks attackers more granularly. Attackers using a browser are tracked by injecting a persistent token into their client. Attackers using scripts and tools are tracked using a fingerprinting technique to identify the machine delivering the script.

Understand attackers and record their attack
The tracking techniques allow us to profile the attacker and record the attack. Every attacker is assigned a name and each incident is recorded along with a threat level based on their intent and skill.

Respond to attackers
Once an attack has been detected, an appropriate response—from a warning, to requiring a CAPTCHA, to blocking a user or forcing them to logout, can be deployed manually or automatically in real-time.

Easy Deployment
Mykonos Web Security is a software and hardware product that sits logically inline and functions as a reverse proxy. Deployment is easy and protects web applications located in internal datacenters, virtualized environments and hosted in the cloud.

Netscreen

The NetScreen Series Security Systems are purpose-built firewall/VPN security systems designed for large enterprise, carrier and data center networks.The 2-slot NetScreen-5200 and the 4-slot NetScreen-5400 integrate firewall, VPN, DoS and DDoS protection, and traffic-management functionality in a low-profile modular chassis. Built around our third-generation security ASIC and distributed system architecture, these systems offer excellent scalability and flexibility, while providing a higher level security system through the NetScreen ScreenOS custom operating system.

The NetScreen Series Security Systems offer:

NSM

Network and Security Manager (NSM) is highly scalable and flexible. Enterprise customers can leverage NSM globally to scale from branch to data center, and service providers can use this network security management solution for carrier-class deployments. NSM can be deployed as software on a server or as dedicated appliances to scale large enterprise and service provider environments.

Network and Security Manager (NSM) is:

• Network and Security Manager (NSM) software solution — which provides complete management of network and security devices.
• NSMXpress — A Web UI-based appliance version of Network and Security Manager (NSM) that is simple to install, maintain, and support. Includes full functionality of the NSM with hardened OS optimized for security and performance.
• NSM Central Manager — A Web UI-based appliance that enables large-scale Network and Security Manager (NSM) deployments and global policy enforcement. The NSM Central Manager allows administrators to create a centralized network security posture that can propagate mandatory corporate and IT policies across the entire network, simplifying the management of worldwide network security policies.

Juniper Networks Network and Security Manager (NSM) offers enterprises:

• Network configuration management solution
• Network policy and security management solution
• Log and report management solution
• Real-time monitoring solution
• Topology management solution
• Application-level policy enforcement deployment solution

For service providers, Network and Security Manager (NSM) offers:

• Scalability via consolidated managed server view and automatic administrator log-in
• Network-wide global policy enforcement solution
• Appliance form factor for rapid deployment

QFabric

The Juniper Networks QFabric family of products offers a revolutionary approach that delivers dramatic improvements in data center performance, operating costs, and business agility for enterprises, high-performance computing systems, and cloud providers. The QFabric family implements a single-tier network in the data center, enabling improvements in speed, scale and efficiency by removing legacy barriers and improving business agility.

The QFabric family includes three members:
•    QFabric System: Composed of three separate components—the QFabric Node, QFabric Interconnect and QFabric Director—the QFabric System creates a high-performance, low-latency fabric that unleashes the full power of the data center with the simplicity of a single switch.

o    QFabric Node acts as the entry and exit into the fabric
o    QFabric Interconnect is the high-speed transport device for interconnecting QFabric Nodes
o    QFabric Director provides control and management services to deliver a common window for managing all devices as a single device.

•    QFX3500 Switch: The QFX3500 is a standalone 48-port 10GbE top-of-rack switch with four 40GbE uplink ports and Fibre Channel over Ethernet (FCoE) and FC gateway functionality. With a simple software and configuration change, the QFX3500 can also provide the QFabric Node functionality in a QFabric System.

•    QFX3600 Switch: The QFX3600 offers 16 QFSP+ ports, delivering a high-performance, feature-rich 40GbE/10GbE top-of-rack switch with iSCSI and FCoE functionality for highly demanding data center environments (available 2H12). The QFX3600 also provides QFabric Node functionality in a QFabric System.

SRX

Juniper Networks SRX Series Services Gateways provide the essential capabilities necessary to connect, secure, and manage enterprise and service provider networks, from the smallest sites to the largest headquarters and data centers.

By consolidating switching, routing, security services and unified communications in a single device, organizations can economically deliver new applications and services, secure connectivity, and quality end-user experiences. All SRX Series Services Gateways are powered by Juniper Networks proven Junos software, which provides unmatched availability, performance, and superior infrastructure protection while reducing total cost of ownership.

SRX Series for the branch

The SRX Series for the branch delivers the proven performance and deployment capabilities needed for an enterprise to build a worldwide network of thousands of sites. A wide variety of options allow configuration of performance, functionality, and price scaled to support a range of users, from a handful to thousands.

The SRX Services Gateway for the branch offers:

• Network security segmentation: Security zone, virtual LANs (VLANs), IPSec VPNs and virtual routers allow administrators to tailor security and networking policies for various internal, external, and demilitarized zone (DMZ) subgroups.
• Fully integrated Unified Threat Management (UTM): Allows enterprises to utilize the appropriate level of security needed at a particular site instead of deploying a multi-device solution. Includes two antivirus options (on-premise or cloud-based), intrusion prevention system (IPS), antispam, and Web filtering.
• Unified Communications: The SRX Series  with Integrated Convergence Services is a SIP media gateway ideally suited for local SIP Trunking, survivable call serving  and providing power over Ethernet to directly attached phones for small to medium distributed enterprise locations.

SRX Series for the infrastructure and datacenter

Based on our revolutionary Dynamic Services Architecture, the SRX Series Services Gateways provide unrivaled performance and scalability, ensuring uninterrupted expansion and growth of your network infrastructure without sacrificing security.
The SRX Series is designed to meet the network and security requirements for data center consolidation, rapid services deployment, and aggregation of security services.

• Scalable performance: Dynamic Services Architecture means that the SRX Series can take advantage of new services with appropriate processing capabilities without sacrificing overall system performance.
• System and network resiliency: Carrier-class reliability based on features ranging from redundant hardware and components to Junos software.
• Interface flexibility: Flexible I/O configuration and independent I/O scalability to meet the needs of virtually any network environment.
• Network segmentation: Security zone, virtual LANs (VLANs), and virtual routers allow administrators to tailor security and networking policies for various internal, external, and demilitarized zone (DMZ) subgroups.
• Robust routing engine: Carrier-class routing engine provides physical and logical separation of data and control planes to allow deployment of consolidated routing and security devices and ensure the security of routing infrastructures.
• Comprehensive threat protection: Integrated security features and services include a multigigabit firewall, intrusion detection and prevention, denial of service, network address translation, and quality of service.

SSG

• The SSG Series is a purpose-built, high performance platforms deliver WAN connectivity and security, plus the muscle to protect the high-speed LAN against internal network and application-level attacks while simultaneously stopping content-based attacks.
• The SSG Series provides a comprehensive set of Unified Threat Management (UTM) security features including stateful firewall, IPSec VPN, IPS, antivirus (anti-spyware, anti-phishing, anti-adware), anti-spam, and Web filtering.
• Proven security with integrated routing and a variety of LAN/WAN interface options provide the ability to consolidate devices and reduce IT expenditures.
• The SSG Series provides rapid deployment to quickly streamline widely distributed deployments while controlling OPEX.
• Management through graphical Web UI, CLI, or NSM central management system.
• Policy-based management to allow centralized, end-to-end life-cycle management.

Juniper Networks ISG Series Integrated Security Gateways are purpose-built, security solutions that are ideally suited for securing enterprise, carrier, and data center environments where consistent, scalable performance is required.

The ISG Series offers:

• Predictable performance: ASIC-based architecture provides linear performance for all packet sizes at multi-gigabit speeds.
• System and network resiliency: Hardware component redundancy, multiple high availability options and route based VPNs offer reliability and resiliency.
• Network security:: The ISG Series provides embedded Web filtering, anti-spam, IPS, ICAP antivirus redirect, and optionally integrated IDP.
• Network segmentation: Security zones, virtual systems, virtual LANS and virtual routers allow administrators to deploy security policies to isolate guests and regional servers or databases.
• Certifications: The ISG Series fulfills the requirement for FIPS, common criteria, ICSA, and others.
• Robust IPv6  

Optional Integrated IDP

The ISG Series firewall/VPN with IDP uses the same award-winning software found on Juniper Networks IDP Series appliances. The IDP security module combines eight detection mechanisms, including stateful signatures and protocol anomaly detection. The ISG with IDP defends against security threats such as worms, trojans, malware, spyware, and hackers and can provide information on rogue servers and data on applications and operating systems that were inadvertently added to the network. Application signatures enable administrators to maintain compliance and enforce corporate business policies with accurate detection of application traffic.

SSL-VPN (SA)

SA Series Secure Access Appliances offer:

STRM

STRM Series Security Threat Response Managers offer:

Trapeze

WLA Series Wireless LAN Access Points provide indoor or outdoor 802.11a/b/g/n connectivity for a variety of situations and installation sizes. All WLA Series products provide the bandwidth controls and performance to service demanding mobility applications, such as voice and video over wireless.

Features:

• Encryption and access security
• Intelligent switching
• Band steering
• Client load balancing
• Dynamic authorization
• QoS and bandwidth management
• Spectrum and location scanning
• Wireless intrusion prevention

Configured and controlled by Juniper WLC Wireless LAN controllers, all WLA Series access points can offload the controllers by inspecting and forwarding traffic, performing encryption and enforcing security locally at the access point. This results in optimized traffic flows, radically reduced latency, and massive scalability.

WLA Series Wireless Access points can be managed collectively by a cluster of controllers, an approach that allows for hitless failover with zero downtime, providing unmatched session availability

WLC Series Wireless LAN Controllers enable seamless integration of scalable, secure and reliable wireless LANs within enterprise wired infrastructures. Choose from a broad range of controllers for WLAN deployments of any size — from the smallest branch office or retail outlet to the largest business or university campus. Clusters of wireless LAN controllers and thousands of indoor and outdoor access points are treated as a single, unified network.

Features:

• Seamless, identity-based roaming across the network
• User-centric security with application-specific QoS profiles
• Single-console management for all controllers
• Advanced VOIP provisioning and management
• Nonstop wireless availability for sessions

The WLC2800 scales to bring wired network reliability to wireless networks deployed in medium- to large-size enterprises, and scales to support up to 512 802.11n access points.

Features:

• 28 Gbps of switching throughput
• Up to 512 802.11n access points
• Intelligent switching that combines applications-based centralized and distributed data forwarding
• Offloads policy enforcement and data forwarding to the access points for optimized traffic flow, reduced latency, and massive scalability
• Combines L2 Ethernet switching, stateful per-user and per-service firewalls, wireless intrusion protection, 802.1Q trunking, and per-VLAN spanning tree (PVST+)
• Complete wired to wireless quality of service (QoS)
• Automated RF management

Clusters of WLC2800 Wireless LAN Controllers form a mobility domain, which provides seamless roaming, intrusion protection, and RF management over large, single-site wireless LAN deployments. A network domain interconnects mobility domains to support multiple sites and span wide geographic regions with secure, seamless mobility applications and smart mobile services.

Unified Access Control (IC)

Unified Access Control (UAC) is a standards-based, scalable network access control solution that reduces network threat exposure and mitigates risks. UAC protects your network by guarding mission-critical applications and sensitive data, identity-enabling your network security, and providing comprehensive control, visibility, and monitoring.

Unified Access Control reduces the cost and complexity of delivering and deploying granular, identity-enabled network access control from the branch to the corporate data center. UAC addresses most network access challenges, including insider threats, guest access control, outsourcing, and off-shoring, and regulatory compliance.

Unified Access Control is composed of:

• IC Series Unified Access Control Appliances, hardened, centralized network access policy management servers.
• The dynamically downloadable UAC Agent, Juniper's dynamic, multi-service network client Junos Pulse, or UAC's agent-less mode, each of which collect user credentials and assess device security state
• UAC enforcement points, including any vendor-agnostic 802.1X-enabled wireless access point or switch, including Juniper Networks EX Series Ethernet Switches; any Juniper Networks firewall platform, including the SRX Series Services Gateways, SSG Series Secure Services Gateways and ISG Series Integrated Services Gateways; and standalone Juniper Networks IDP Series Intrusion Detection and Prevention Appliances or SRX Series Services Gateways for the Data Center, providing unparalleled visibility into application traffic at Layer 7.

Unified Access Control is based on industry standards (802.1X, RADIUS, and IPSec) and open standards (Trusted Network Connect standards), including the TNC's open standard IF-MAP, which empowers UAC to integrate with third-party network and security devices.

WX/WXC

Traffic services — IP payload compression, protocol acceleration, QoS, traffic visibility, application identification, route optimization, IPSec encryption, packet aggregation

Protocols supported — Any IP-based traffic (TCP, UDP, GRE, etc.)