Professional Documents
Culture Documents
Juniper 技术和产品介绍
Juniper 技术和产品介绍
A DECADE OF INNOVATION
2008
#78 9
2007
UAC
Incorporated Acorn
T1600 T-Series
SSG
Revenue Employees
$500M 1000
$2B 3500
$2.3B 4800
$2.8B 5300+
$2.8B 6100+
FW/VPN
SSL VPN
WAN Optimization
IPS
IPSec
JUNIPER Juniper 2006 Infonetics Reserch Juniper Report Juniper SSL VPN infonetics Juniper IDP Sullivan Juniper 2006-2008 Sullivan)
4
Infranet Controller
J Series SSG
EX4200
EX2200
WA N
M Series M Series ISG/IDP
WX/WXC
BRANCH OFFICES
MSeries
Internet
WX/WXC WX/WXC
MSeries
EX8200 EX8200
ISG/IDP
EX8200
EX4200
BUILDING CAMPUS
5
DATA CENTER
JUNIPER
Infrastructure Products Group (IPG)
J/M/E/T Series Router
Juniper
6
AGENDA
SLT Overview AT Overview
UTM
AT Overview
JUNIPER
'26
VPN
Internet
PC Appliances/Pseudo Appliances
Applications OS CPU RAM VPN Co-Processor
CPU
In Out
I/O RAM
GigaScreen ASIC
In Out
I/O
Bus
API
10
SW1
SW1
:
:
Remote Office
OSPF/BGP/RIP VLAN
Tunnel B
(Secondary)
Tunnel A
(Primary)
:
VPNs
Network
12
VoIP
Multicast
H.323 SIP
VoIP DoS
H.323 and SIP source limiting H.323 and SIP flood threshold
VPN
VPN
QoS
6
QoS QoS
Dynamic DNS
(DiffServ)
13
CLI
CLI Telnet or SSH v2
Console, telnet
SSH
WebUI HTTP, HTTPS SSH v2 NetWork-Security Manager Secure TCP TFTP, SCP SNMPv2 Firmware, Config Uploads
TFTP
SCP
WebUI(HTTP HTTPS)
NetWork-Security Manager
NSM
1.Configure Design and Deploy
Syslog
(tcp/udp)
WebTrends Server
IDP :
HA
15
NetScreen-5200
Performance & Capacity Up to 10 Gbps FW
4G for 64 byte packets 2Gbps for 64 byte packets
NetScreen-5400
30Gbps FW 15Gbps VPN
30Gbps
Up to 5 Gbps 3DES & AES VPN 1 million concurrent sessions 25,000 IPSec VPN tunnels 6 million pps FW/3 million pps VPN Up to 8 physical interfaces Up to 500 VSYS / Virtual Routers Up to 400 VLANs
ISG 2000 w/IDP
4Gbps FW 1Gbps VPN
NetScreen-5200
10Gbps FW 5Gbps VPN
NetScreen-5400
Performance & Capacity Up to 30 Gbps FW
10Gbps
Up to 15 Gbps 3DES and AES VPN 1 million concurrent sessions 25,000 IPSec VPN tunnels 18 million pps FW/9 million pps VPN Up to 24 physical interfaces Up to 500 VSYS / Virtual Routers Up to 400 VLANs
4 Gbps 2 Gbps
16
SSG
UTM
UTM
17
SSG
UTM
UTM
18
JUNIPER
150 Gbps
/
SRX5600 SRX3600
SRX5800
30 Gbps
SRX3400
NS5200 NS5400
10 Gbps
SRX650
ISG2000
300Mbps /
/
19
/
/
JUNIPER
1 SSG UTM
2 ISG
IDP
3 SRX
20
JUNIPER
1 SSG UTM
2 ISG
IDP
3 NS
Netscreen
21
SSG 520M
UTM
SSG 550M
22
ISG
ISG1000 ISG2000 IDP
23
SRX100
On-board Ethernet Mini-PIM slots Optional 3G wireless* USB ports (Flash) Power over Ethernet Optional WAN models Optional WLAN models Voice Ports Routing Performance Firewall Performance VPN Performance IDP Performance High Availability 8 x FE No PC Express Card 1 No VDSL2 802.11n No 60 Kpps 175 Mbps (IMIX) 75 Mbps 80 Mbps A/A or A/P
24
FRS August
Ideal for micro-branch, managed telecommuters, SOHO Fixed I/O 8 x 10/100 Ethernet ports Routing, NG NAT Full UTM features Firewall/VPN, IPS (IDP), anti-virus, anti-spam, web filtering, content-filtering, UAC Enforcement
UTM requires High Memory model (Software UTM, no CSA)
SRX210
On-board Ethernet Mini-PIM slots 3G wireless slot USB ports (Flash) Power over Ethernet Optional Voice Ports AV & IDP HW Acceleration: CSA Routing Performance Firewall Performance VPN Performance IDP Performance High Availability 2 x GE + 6 x FE 1 PC Express Card 2 4 ports (50 W total) 2xFXS, 2xFXO & mini-PIM Std in High Mem 80Kpps 200 Mbps (IMIX) 85 Mbps 100 Mbps A/A or A/P
25
FRS 5/15/09
Ideal for small branches Modular WAN (list on next page) Routing, NG NAT Full UTM features Firewall/VPN, IPS (IDP), anti-virus, anti-spam, web filtering, content-filtering, UAC Enforcement
UTM requires High Memory model
SRX240
On-board Ethernet Mini-PIM slots 3G wireless option USB ports (flash) Power over Ethernet Optional PSTN voice ports AV & IDP HW Acceleration: CSA Routing Performance Firewall performance VPN Performance IDP Performance High Availability 16 x GE 4 Mini-PIM 2 16 ports (150 W) 2xFXS, 2xFXO & mini-PIM Std in High Mem 200Kpps 400 Mbps (IMIX) 200 Mbps 200 Mbps A/A or A/P
26
FRS 5/15/09
Ideal for small-medium branches Routing Modular WAN Full UTM features Firewall/VPN, IPS (IDP), anti-virus, anti-spam, web filtering, content-filtering, UAC Enforcement
UTM requires High memory
SRX650
On-board Ethernet GPIM slots USB ports (flash) Power over Ethernet PSTN voice ports 4xGE (routing only) 8 2 per processor Up to 48 ports (250 W or 500 W) Up to 8 Analog, 2xT1/E1, per GPIM
Standard
850Kpps 2 Gbps (IMIX) 1 Gbps 800 Mbps A/A or A/P, Hot swap GPIMs, Dual processors, Dual power
27
Ideal for regional sites, large branches Modular LAN switching Modular power supplies with optional redundancy Modular voice configs (field upgradable via PIMs in 2010) Full Routing, UTM features Firewall/VPN, IPS (IDP), anti-virus, anti-spam, web filtering, contentfiltering, UAC Enforcement Application Co-processor Engine (Future) Max GigE 52 ports (2x24GigE PIM + 4 integrated ports)
SRX 3400
Hardware Modular chassis
7 slots (4 front, 3 rear) MGT module dual, hot swap 3U chassis height 12 built-in (8-10/100/1000 + 4-SFP) 2 Ethernet Management Ports
Fixed Interfaces
Modular Interfaces
16-10/100/1000 16-SFP 2-XFP
Front
Rear
SRX 3600
Hardware Modular chassis
12 slots (6 front, 6 rear) MGT module dual, hot swap 5U chassis height
Fixed Interfaces
12 built-in (8-10/100/1000 + 4-SFP) 2 Ethernet Management Ports
Modular Interfaces
16-10/100/1000 16-SFP 2-XFP
Front
VPN 10 Gbps
Rear
SRX5800
SRX5600
30
Dependable hardware
Passive back-plane Redundant switching fabric (1+1) Redundant fans & power supplies
System capacity
8 slots - 2 for Fabric Cards / REs Up to 240Gbps (full-duplex) capacity
31
Dependable hardware
Passive back-plane Redundant fans & power supplies
push-pull fans Holds up to 2 fan trays (1+1 redundancy) Holds up to 4 power supplies (2+2 DC, 3+1 AC) 5100 watt capacity
System capacity
14 slots - 2 for Fabric Cards Up to 480Gbps (full-duplex) capacity
32
AGENDA
33
QoS IT
34
1G, 1.
10G 2.
20G
10G 3.
TODAY 35
Time
FUTURE
1.
2.
TODAY 36
Time
FUTURE
ISSU JUNOS 10
37
QOS
IDP 1 3
38
IT
10 Gbps FW 3U High 800 Watts 80W/Gbps SRX5800 150Gbps FW 16U High 5000 Watts 33W/Gbps
67%
SPACE SAVINGS
62%
POWER SAVINGS
39
NS
NS5200/5400 NS500 NS204/208 NS25/50 NS5GT
40
AGENDA
SLT Overview
Firewall SSL VPN
AT Overview
41
ERP
42
SSL VPN
:
NAT
Millions of USD$
600 500 400 300 200 100 0 CY '03 CY '04 Est. CY Est. CY Est. CY Est. CY '05 '06 '07 '08
43
Corporate LAN
Mobile Employees
Directory Store
Partner A
Extranet Partners
Partner B
E-mail Unix/NFS
= Encrypted External Session = Standard Internal Session
44
Server Farms
MRP/ERP
Core Access
Network Access
Core Access
Network Access
Core Access
45
Network Access
PDA C/S
Web Server
SAM,
C/S
Pocket Outlook
46
C/S
PASS PASS FAIL CHECKING CHECKING
Cache
E-mail
Server Farms
MRP/ERP MRP/ERP
Unix/NFS
DLL
47
role)
Airport Kiosk
48
XML
/
49
JUNIPER
SA Signal IDP SA
LAN
IDP :
2 7
50
PC
down
51
SSL VPN
100
1000
30000
10000
52
:
Options/upgrades: 50-1000 conc. users Secure Meeting Options/upgrades: 100-10000 conc. users Secure Meeting
SAMNC
Secure Meeting
Advanced w/ CM
Cluster Pairs
Breadth of Functionality
Secure Access 4500 Secure Access 2500 Secure Access 700 Designed for: Designed for: Designed for: Includes: Network Connect Includes: Core Clientless Access Includes: Core Clientless Access
Designed for:
Enterprise Size
53
54
55
AGENDA
SLT Overview AT Overview
IDP
56
Known Host and Application Vulnerabilities
. IT
Buffer Overflows
Port Scans
Trojan Horses
IP Fragmentation Attack IP
IP
57
Worms
IDP
00000000000000000000000 0000 00000000000000000000000 0000 00000000000000000000000 0000 000000000000000000000000000 00000000000000000000000000000000000000000000000000000000000000000000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 00000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 0000 000000000000000000000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 00000000000000000000000000000 000000000000000000000000000 000000000000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
58 NetScreen-IDP
IDP
?
Repeat Reconnaissance & Exploit
Network and Application Access
100
Access - Interact
5500
Interact
59
NETSCREEN-IDP
P2P
BT QQ,MSN
Spyware IDS
60
NETSCREEN IDP
1st 1st 1st 1st 1st 1st
P2P
61
IDP
NSM
62
IDP
IDP 8200
80 Gbit
10 Gbps
IPS
10G
16
1G
500
I/O
1G
IDP
65
Copyright 2007 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net
65