Juniper 技术和产品介绍

JUNIPER
A DECADE OF INNOVATION
2008
#78 9
2007
M-Series 2006 2005 2004 2002 1996 1998 1999 2000
UAC
Incorporated Acorn
T1600 T-Series
SSG
JUNOS w/Integrated Security
Revenue Employees
$500M 1000
$1.3B 1500 2500

2
$2B 3500
$2.3B 4800
$2.8B 5300+
$2.8B 6100+
GARTNER MAGIC QUADRANTS

JUNIPER, A PROVEN LEADER IN ALL CATEGORIES
FW/VPN
SSL VPN
WAN Optimization
IPS
IPSec
JUNIPER Juniper 2006 Infonetics Reserch Juniper Report Juniper SSL VPN infonetics Juniper IDP Sullivan Juniper 2006-2008 Sullivan)
4
2002-2007 Gartner 2003-2007 2004-2007 Frost & (Frost &
THE EX SERIES PORTFOLIO

Juniper Network & Policy Mgmt
Infranet Controller
SA Series EX4200 EX4200 EX3200
J Series SSG
EX4200
EX2200
WA N
M Series M Series ISG/IDP
WX/WXC
BRANCH OFFICES
MSeries
Internet
WX/WXC WX/WXC
MSeries
EX8200 EX8200
EX8200 EX4200 EX3200 EX4200 EX8200 SRX
ISG/IDP
EX8200
EX4200
BUILDING CAMPUS
5
DATA CENTER
JUNIPER
Infrastructure Products Group (IPG)
J/M/E/T Series Router
Service Layer Technologies Group (SLT)

Firewall SSL VPN
Advanced Technology (AT)

IDP UAC WX
Juniper
6
AGENDA
SLT Overview AT Overview
AGENDA SLT Overview

Firewall SSL VPN
UTM
AT Overview
JUNIPER
'26
VPN
Internet
International Data Corp.

9
NetScreen Advanced Architecture

Integrated Security Applications Security-Specific, Real-Time OS
High Speed Backplane
PC Appliances/Pseudo Appliances
Applications OS CPU RAM VPN Co-Processor
CPU
In Out
I/O RAM
GigaScreen ASIC
In Out
I/O
Bus
API
10
SW1
SW1
VPN NAT VPN VPN NAT VPN

11
VPN NAT VPN
:
:

Remote Office
OSPF/BGP/RIP VLAN
Tunnel B
(Secondary)
Tunnel A
(Primary)
:

VPNs
Network
12
VoIP

Multicast
H.323 SIP

VoIP DoS
H.323 and SIP source limiting H.323 and SIP flood threshold

join multicast groups multicast

MIP VIP DIP
VPN

VPN
QoS
6

Point-to-multi-point OSPF BGP RIPv1 ( IP RIPv2
QoS QoS
Dynamic DNS
(DiffServ)
13
CLI
CLI Telnet or SSH v2
Console, telnet
SSH
WebUI HTTP, HTTPS SSH v2 NetWork-Security Manager Secure TCP TFTP, SCP SNMPv2 Firmware, Config Uploads
TFTP
SCP
WebUI(HTTP HTTPS)

NetWork-Security Manager

NSM
1.Configure Design and Deploy
Syslog
(tcp/udp)
3rd Party HP OpenVIew, MTRG, etc. Syslog Server

14
Networking The Device Monitor, Lifecycle Maintain Policies
WebTrends Server
NSM(NETWORK SECURITY MANAGER)

/ / /
IDP :

HA
15
NetScreen-5200
Performance & Capacity Up to 10 Gbps FW
4G for 64 byte packets 2Gbps for 64 byte packets
NetScreen-5400
30Gbps FW 15Gbps VPN
30Gbps
Up to 5 Gbps 3DES & AES VPN 1 million concurrent sessions 25,000 IPSec VPN tunnels 6 million pps FW/3 million pps VPN Up to 8 physical interfaces Up to 500 VSYS / Virtual Routers Up to 400 VLANs
ISG 2000 w/IDP
4Gbps FW 1Gbps VPN
NetScreen-5200
10Gbps FW 5Gbps VPN
NetScreen-5400
Performance & Capacity Up to 30 Gbps FW
10Gbps
12G for 64 byte packets 6Gbps for 64 byte packets
Up to 15 Gbps 3DES and AES VPN 1 million concurrent sessions 25,000 IPSec VPN tunnels 18 million pps FW/9 million pps VPN Up to 24 physical interfaces Up to 500 VSYS / Virtual Routers Up to 400 VLANs
ISG 1000 w/IDP

2Gbps FW 1Gbps VPN
4 Gbps 2 Gbps
16
SSG
UTM
UTM
1 2 3 4 5 6 3 CLI WEB UI UTM
17
SSG
UTM
UTM
18
JUNIPER
150 Gbps
/
SRX5600 SRX3600
SRX5800
30 Gbps
SRX3400
NS5200 NS5400
10 Gbps
SRX650
SSG550 SSG520 ISG1000
ISG2000
4 Gbps 1 Gbps 600Mbps

SRX210
SRX240 SSG350 SSG320 SRX100 SSG140 SSG20 SSG5
300Mbps /
/
19
/
/
JUNIPER
1 SSG UTM
2 ISG
IDP
3 SRX
20
JUNIPER
1 SSG UTM
2 ISG
IDP
3 NS
Netscreen
21
SECURE SERVICE GATEWAY FAMILY

SSG 5
SSG 5 - Six fixed form factor models 160 Mbps FW / 40 Mbps VPN SSG 20 2 modular models 160 Mbps FW / 40 Mbps VPN SSG 140 950M+ Mbps FW / 100 Mbps VPN SSG 320M 1.2G+ Mbps FW / 175 Mbps VPN SSG 350M 1.2G+ Mbps FW / 225 Mbps VPN SSG 520M 2G+ Mbps FW / 300 Mbps VPN SSG 550M 4G+ Gbps FW / 500 Mbps VPN
SSG 20 SSG 140 SSG 320M SSG 350M
SSG 520M
UTM
SSG 550M
22
ISG
ISG1000 ISG2000 IDP
23
SRX100
On-board Ethernet Mini-PIM slots Optional 3G wireless* USB ports (Flash) Power over Ethernet Optional WAN models Optional WLAN models Voice Ports Routing Performance Firewall Performance VPN Performance IDP Performance High Availability 8 x FE No PC Express Card 1 No VDSL2 802.11n No 60 Kpps 175 Mbps (IMIX) 75 Mbps 80 Mbps A/A or A/P
24
FRS August
Ideal for micro-branch, managed telecommuters, SOHO Fixed I/O 8 x 10/100 Ethernet ports Routing, NG NAT Full UTM features Firewall/VPN, IPS (IDP), anti-virus, anti-spam, web filtering, content-filtering, UAC Enforcement
UTM requires High Memory model (Software UTM, no CSA)
ExpressCard slot on VDSL & 802.11n platforms
SRX210
On-board Ethernet Mini-PIM slots 3G wireless slot USB ports (Flash) Power over Ethernet Optional Voice Ports AV & IDP HW Acceleration: CSA Routing Performance Firewall Performance VPN Performance IDP Performance High Availability 2 x GE + 6 x FE 1 PC Express Card 2 4 ports (50 W total) 2xFXS, 2xFXO & mini-PIM Std in High Mem 80Kpps 200 Mbps (IMIX) 85 Mbps 100 Mbps A/A or A/P
25
FRS 5/15/09

Ideal for small branches Modular WAN (list on next page) Routing, NG NAT Full UTM features Firewall/VPN, IPS (IDP), anti-virus, anti-spam, web filtering, content-filtering, UAC Enforcement
UTM requires High Memory model
Available Voice version with miniPIM options - (Q3 09)

Factory-configured voice model (Q309)
SRX240
On-board Ethernet Mini-PIM slots 3G wireless option USB ports (flash) Power over Ethernet Optional PSTN voice ports AV & IDP HW Acceleration: CSA Routing Performance Firewall performance VPN Performance IDP Performance High Availability 16 x GE 4 Mini-PIM 2 16 ports (150 W) 2xFXS, 2xFXO & mini-PIM Std in High Mem 200Kpps 400 Mbps (IMIX) 200 Mbps 200 Mbps A/A or A/P
26
FRS 5/15/09

Ideal for small-medium branches Routing Modular WAN Full UTM features Firewall/VPN, IPS (IDP), anti-virus, anti-spam, web filtering, content-filtering, UAC Enforcement
UTM requires High memory
Available voice version with miniPIM options - (Q409)

Factory-configured voice model (Q409)
SRX650
On-board Ethernet GPIM slots USB ports (flash) Power over Ethernet PSTN voice ports 4xGE (routing only) 8 2 per processor Up to 48 ports (250 W or 500 W) Up to 8 Analog, 2xT1/E1, per GPIM
AV & IDP HW CSA

Routing Performance Firewall performance VPN Performance IDP performance High Availability
Standard
850Kpps 2 Gbps (IMIX) 1 Gbps 800 Mbps A/A or A/P, Hot swap GPIMs, Dual processors, Dual power
27
Ideal for regional sites, large branches Modular LAN switching Modular power supplies with optional redundancy Modular voice configs (field upgradable via PIMs in 2010) Full Routing, UTM features Firewall/VPN, IPS (IDP), anti-virus, anti-spam, web filtering, contentfiltering, UAC Enforcement Application Co-processor Engine (Future) Max GigE 52 ports (2x24GigE PIM + 4 integrated ports)
SRX 3400
Hardware Modular chassis
7 slots (4 front, 3 rear) MGT module dual, hot swap 3U chassis height 12 built-in (8-10/100/1000 + 4-SFP) 2 Ethernet Management Ports
Fixed Interfaces
Modular Interfaces
16-10/100/1000 16-SFP 2-XFP
Front
Performance & Capacities

FW 10 - 20 Gbps VPN 6 Gbps IDP 6 Gbps Concurrent sessions 2.25M New and sustained CPS 175k Concurrent IPSec VPN tunnels 10k
28
Rear
SRX 3600
Hardware Modular chassis
12 slots (6 front, 6 rear) MGT module dual, hot swap 5U chassis height
Fixed Interfaces
12 built-in (8-10/100/1000 + 4-SFP) 2 Ethernet Management Ports
Modular Interfaces
16-10/100/1000 16-SFP 2-XFP
Front

FW 10 - 30 Gbps IDP 10 Gbps Concurrent sessions 2.25M New and sustained CPS 175k Concurrent IPSec VPN tunnels 20k
29
VPN 10 Gbps
Rear
SRX5800
SRX SRX5000 SRX5800 SRX5600

SRX5800
SRX5600
30
SRX5600: PRODUCT OVERVIEW

8 Slot Chassis Physical size
Height: 8RU

FW 60 Gbps IDP 15 Gbps Concurrent sessions 9 M* Connections/sec 350k
Dependable hardware
Passive back-plane Redundant switching fabric (1+1) Redundant fans & power supplies
Power and cooling

Side-to-side cooling Holds 1 fan tray Holds up to 4 power supplies 2+2 DC, 2+2 AC Rear-side power cabling 2800 watt capacity
System capacity
8 slots - 2 for Fabric Cards / REs Up to 240Gbps (full-duplex) capacity
31
* 8M session support planned for JUNOS 9.4
SRX5800: PRODUCT OVERVIEW

14 Slot Chassis Physical size
Height: 16RU

FW 120 Gbps IDP 30 Gbps Concurrent sessions 10M* Connections/sec 350k
Dependable hardware
Passive back-plane Redundant fans & power supplies
Power and cooling

Front-to-back cooling with separate
push-pull fans Holds up to 2 fan trays (1+1 redundancy) Holds up to 4 power supplies (2+2 DC, 3+1 AC) 5100 watt capacity
System capacity
14 slots - 2 for Fabric Cards Up to 480Gbps (full-duplex) capacity
32
* 8M session support planned for JUNOS 9.4
AGENDA
33
33 | Copyright 2009 Juniper Networks, Inc. | www.juniper.net
QoS IT
34

1G, 1.
10G 2.
20G
10G 3.
10 Security Requirements FW, IPS & VPN (Gbps) 5

Other firewall
TODAY 35
Time
FUTURE

1.
2.
10 Security Requirements FW, IPS & VPN (Gbps) 5
TODAY 36
Time
FUTURE
ISSU JUNOS 10
37
QOS

100G QoS VPN VPN
SRX3K/5K License License
IDP 1 3
38
IT
10 Gbps FW 3U High 800 Watts 80W/Gbps SRX5800 150Gbps FW 16U High 5000 Watts 33W/Gbps
67%
SPACE SAVINGS
62%
POWER SAVINGS
39
NS
NS5200/5400 NS500 NS204/208 NS25/50 NS5GT
40
AGENDA
SLT Overview
Firewall SSL VPN
AT Overview
41

ERP
42
SSL VPN
:
NAT
Millions of USD$
600 500 400 300 200 100 0 CY '03 CY '04 Est. CY Est. CY Est. CY Est. CY '05 '06 '07 '08
5-Year CAGR 83% 50% 65% CALA 32%

Asia Pacific EMEA North America
Source: Infonetics Research Q4 2004
43
Telecommuters Sales & Service
Corporate LAN
Mobile Employees
Directory Store
Partner A
Extranet Partners
Partner B
E-mail Unix/NFS
= Encrypted External Session = Standard Internal Session
44
Intranet / Web Server
Server Farms
MRP/ERP
Core Access
Client/Server Application Access
Network Access
Core Access
Client/Server Application Access
Network Access
Core Access
45
Client/Server Client/Server Application Application Access Access
Network Access
PDA C/S
Web Server
PDA and PDA Wireless
Web Server Exchange Server
SAM,
C/S
Pocket Outlook
46
C/S

PASS PASS FAIL CHECKING CHECKING
Cache
E-mail
Server Farms
MRP/ERP MRP/ERP
Unix/NFS
DLL
Intranet / Web Server
47
role)
IVE : Who, What, When, Where, and How.

Hotel On the LAN
Airport Kiosk
48
XML
/
49

JUNIPER
SA Signal IDP SA
LAN

IDP :
2 7
50
JUNIPER NETWORKS SSL

PC
down
51
SSL VPN
Secure Access 2500
100
Secure Access 4500
1000
Secure Access 6500
30000
10000
52
JUNIPER SSL VPN

Options/upgrades: 10-25 conc. users Options/upgrades: 25-100 conc. users
:
Options/upgrades: 50-1000 conc. users Secure Meeting Options/upgrades: 100-10000 conc. users Secure Meeting
Core Clientless Access
SAMNC
Secure Meeting
Advanced w/ CM
Cluster Pairs
Instant Virtual System SSL Acceleration

Cluster Pairs
Instant Virtual System GBIC

Multi-Unit Clusters 3
Breadth of Functionality
Secure Access 4500 Secure Access 2500 Secure Access 700 Designed for: Designed for: Designed for: Includes: Network Connect Includes: Core Clientless Access Includes: Core Clientless Access
Secure Access 6500
Designed for:
Includes: Core Clientless Access SSL acceleration
Enterprise Size
53
54
55
AGENDA
SLT Overview AT Overview
IDP
56

Known Host and Application Vulnerabilities
. IT
Buffer Overflows
Port Scans
Trojan Horses
IP Fragmentation Attack IP
IP
57
Worms
IDP
00000000000000000000000 0000 00000000000000000000000 0000 00000000000000000000000 0000 000000000000000000000000000 00000000000000000000000000000000000000000000000000000000000000000000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 00000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 0000 000000000000000000000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 00000000000000000000000000000 000000000000000000000000000 000000000000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
58 NetScreen-IDP
IDP
Probe, Attempt Network Access
?
Repeat Reconnaissance & Exploit

Network and Application Access
100
Access - Interact
5500
Probe, Attempt, Attack, Propagate
Network and Application Access
Interact
Probe, Attempt, Attack, Propagate
Probe, Attempt, Attack, Propagate Probe, Attempt, Attack, Propagate
59
NETSCREEN-IDP
P2P
BT QQ,MSN
Spyware IDS
60
NETSCREEN IDP
1st 1st 1st 1st 1st 1st
P2P
61
IDP
NSM
62
IDP
IDP 8200

80 Gbit
10 Gbps
IPS
10G
16
1G

500

I/O
IDP 75, 250, 800

63
1G
IDP
IDP8200 IDP800 Performance
IDP250 IDP1100 IDP75 IDP600 IDP200 IDP50 Price

64
65
Copyright 2007 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net
65

Juniper 技术和产品介绍

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Juniper 技术和产品介绍

Uploaded by

Copyright:

Available Formats

JUNIPER

M-Series 2006 2005 2004 2002 1996 1998 1999 2000

JUNOS w/Integrated Security

$1.3B 1500 2500

GARTNER MAGIC QUADRANTS

2002-2007 Gartner 2003-2007 2004-2007 Frost & (Frost &

THE EX SERIES PORTFOLIO

SA Series EX4200 EX4200 EX3200

EX8200 EX4200 EX3200 EX4200 EX8200 SRX

Service Layer Technologies Group (SLT)

Advanced Technology (AT)

AGENDA SLT Overview

International Data Corp.

NetScreen Advanced Architecture

VPN NAT VPN VPN NAT VPN

VPN NAT VPN

join multicast groups multicast

MIP VIP DIP

Point-to-multi-point OSPF BGP RIPv1 ( IP RIPv2

3rd Party HP OpenVIew, MTRG, etc. Syslog Server

Networking The Device Monitor, Lifecycle Maintain Policies

NSM(NETWORK SECURITY MANAGER)

12G for 64 byte packets 6Gbps for 64 byte packets

ISG 1000 w/IDP

1 2 3 4 5 6 3 CLI WEB UI UTM

SSG550 SSG520 ISG1000

4 Gbps 1 Gbps 600Mbps

SRX240 SSG350 SSG320 SRX100 SSG140 SSG20 SSG5

SECURE SERVICE GATEWAY FAMILY

SSG 20 SSG 140 SSG 320M SSG 350M

 ExpressCard slot on VDSL & 802.11n platforms

 Available Voice version with miniPIM options - (Q3 09)

 Available voice version with miniPIM options - (Q409)

AV & IDP HW CSA

Performance & Capacities

Performance & Capacities

SRX SRX5000 SRX5800 SRX5600

SRX5600: PRODUCT OVERVIEW

Performance & Capacities

Power and cooling

* 8M session support planned for JUNOS 9.4

SRX5800: PRODUCT OVERVIEW

Performance & Capacities

Power and cooling

* 8M session support planned for JUNOS 9.4

33 | Copyright 2009 Juniper Networks, Inc. | www.juniper.net

10 Security Requirements FW, IPS & VPN (Gbps) 5

10 Security Requirements FW, IPS & VPN (Gbps) 5

100G QoS VPN VPN

SRX3K/5K License License

5-Year CAGR 83% 50% 65% CALA 32%

Source: Infonetics Research Q4 2004

Telecommuters Sales & Service

Intranet / Web Server

Client/Server Application Access

Client/Server Application Access

Client/Server Client/Server Application Application Access Access

PDA and PDA Wireless

Web Server Exchange Server

Intranet / Web Server

IVE : Who, What, When, Where, and How.

JUNIPER NETWORKS SSL

ExpressCard slot on VDSL & 802.11n platforms

Available Voice version with miniPIM options - (Q3 09)

Available voice version with miniPIM options - (Q409)