版權(quán)說明:本文檔由用戶提供并上傳,收益歸屬內(nèi)容提供方,若內(nèi)容存在侵權(quán),請(qǐng)進(jìn)行舉報(bào)或認(rèn)領(lǐng)
文檔簡介
1、低端SRX防火墻,議程,,分布式的企業(yè),,低端SRX功能,,,低端SRX硬件型號(hào),競(jìng)爭比較,,,傳統(tǒng)的企業(yè)分支機(jī)構(gòu)的網(wǎng)絡(luò)部署,傳統(tǒng)企業(yè)的分支機(jī)構(gòu)的部署方式是:路由器+防火墻+交換機(jī) 的模式路由器:各種廣域網(wǎng)接口、路由協(xié)議、MPLS防火墻:安全區(qū)隔離、UTM、流量日志交換機(jī):接入用戶,隔離各個(gè)Vlan廣播域,,,,,,……….,分支1,分支n,企業(yè)專網(wǎng)(MPLS或者non-MPLS),路由,安全,交換,,,,,,,,,,分支機(jī)構(gòu)的
2、路由和安全設(shè)備存在很多的共同點(diǎn),,,,,,……….,分支1,分支n,分支路由,分支安全,分支交換,,,,企業(yè)專網(wǎng)(MPLS或者non-MPLS),2臺(tái)高成本、具備復(fù)雜運(yùn)算能力的智能設(shè)備每端口的價(jià)格高,低成本ASIC交換設(shè)備,每端口的價(jià)格非常低,,,,,,,,,,,低端SRX防火墻,隨著多核CPU的架構(gòu)出現(xiàn),分支機(jī)構(gòu)的路由器和防火墻都逐漸采用多核CPU的硬件平臺(tái),Juniper推出了分支機(jī)構(gòu)SRX安全路由器:支持JUNOS的無狀態(tài)的包
3、轉(zhuǎn)發(fā)、廣域網(wǎng)接口、路由協(xié)議、MPLS協(xié)議、QoS,降低硬件成本和管理成本支持ScreenOS防火墻的基于狀態(tài)的流轉(zhuǎn)發(fā)、防火墻、UTM和防攻擊技術(shù),降低硬件成本和管理成本整合了2個(gè)具備復(fù)雜運(yùn)算功能的智能設(shè)備后,可以較大地降低每個(gè)分支機(jī)構(gòu)的硬件采購成本和后期運(yùn)維成本,,二合一,低端SRX防火墻全面的路由功能,低端SRX防火墻可支持虛擬路由器,并且同時(shí)支持基于JUNOS的無狀態(tài)的包轉(zhuǎn)發(fā)和狀態(tài)防火墻廣域網(wǎng)接口:支持串口(SRX240/2
4、10)和E1口(SRX650/240/210)路由協(xié)議:BGP、OSPF、RIP;多個(gè)虛擬路由器;VRRP;BFDMPLS:L3 VPN、L2 VPN、FRR等,全面的UTM安全功能,,,,,,Websense 拒絕對(duì)部分站點(diǎn)的訪問,網(wǎng)頁過濾,卡巴斯基防病毒(支持硬件加速),防病毒,Sophos防垃圾郵件,防垃圾郵件,入侵防御,防火墻、VPN、接入控制,核心安全,SRX 控制文件傳輸,內(nèi)容過濾,,,,,內(nèi)部攻擊,,,,,,外部攻擊,
5、INTERNET,Juniper IDP 識(shí)別/防護(hù) 蠕蟲、木馬、DDoS防護(hù)(4到7層), 掃描(支持硬件加速),Multi-services Gateway,,,,SRX:適合多種客戶需求,,,,Secure Router,,,,UTM,,,,NGFW,Routing and WAN InterfacesFirewall, VPN, NATIn-line IPSHigh availabilityTransparent mod
6、e,Ease of useBest-of-breed Anti-Virus, Anti-Spam, Web filteringNew AV offering - SophosIn-line IPSAppSecure,Next generation firewall (AppSecure)In-line IPSApplication visibility, tracking and enforcementUser-role
7、based policies,,,Branch SRX,,低端SRX防火墻功能,SecurityFirewallVPNIPSAppSecureAntivirusEnhanced Web filteringAntispam,Wireless LAN and 3G/4G WAN802.11n3G/4G WiMax & LTE,,,Routing & SwitchingRIP, OSPF, BGP, Mu
8、lticast, IPv6MPLS; Full BGP tableJ Flow, RPML2 SwitchingPOE Options,Physical InterfacesT1/E1, Serial, DS3/E3VDSL, ADSL, G.SHDSLDOCSIS Cable ModemEthernet 10/100/1000 & 10G, Copper or Fiber,,AppSecure SOFTWA
9、RE SERVICE SUITE,,Understand security risksAddress new user behaviors,,,,Application Intelligence and Security In Branch,Subscription service includes all modules and updatesJuniper Security Lab provides 900+ applicat
10、ion signatures,Block access to risky appsAllows user tailored policies,Prioritize important appsRate limit less important apps,Protect apps from bot attacksAllow legitimate user traffic,Remediate security threats
11、Stay current with daily signatures,,,,Customer Choice for Antivirus,,,On-box option: Kaspersky,Cloud-based option: Sophos,Juniper is the only vendor offering customers a choice between two market proven antivirus sol
12、utions.,High availability,FeaturesStateful fail-overActive/Backup Control PlaneActive/Active Data PlaneSingle System ViewBenefits Maintains connection persistence & improves system resiliency for servicesLoad
13、sharing across systemsOptimized for complex routing environments,,,分支機(jī)構(gòu)SRX(低端系列),,,小型辦公室,,中型辦公室,,大型辦公室,,,,SRX220,+ 2 WAN slots, 8 x GigE, PoE2GB DRAM,SRX240,+ 4 WAN slots, 16 x GigE, PoE1 GB DRAM,SRX650,+ More LAN s
14、lots, Dual P/S, + Hot Swap I/O4 GB DRAM,,SRX110,,SRX100,,SRX210,WAN slot, 2 x GigE, PoE, 1 GB DRAM,硬件型號(hào):700M to 7G 軟件:Junos (安全/路由/交換),1G,7G,Fixed Config8 x FE1 GB DRAM,Fixed Config VDSL2 WAN8 x FE1 GB DRAM,,2
15、mPIM+6GPIM WAN slots, 10 x GigE, PoE, Dual PS2 GB DRAM,SRX550,Announcing SRX550 Services Gateway,“No-Compromise Services” with scale and performance for the medium to large branch,Advanced SecurityFirewall and VPNU
16、TM: IPS, antivirus, enhanced web-filtering, anti-spamApplication visibility, tracking & enforcement High Density Switching10 x GE on board (6 Copper, 4 SFP)Modular switching with POE,Comprehensive RoutingWide ra
17、nge of WAN options: 3G/LTE, T1/E1/DS3/E3, xDSL, Nx1GE, 10 GE L2/L3 VPN, MPLS, VPLS, IPv6, v4Business Continuity, Resiliency HA cluster (A/A or A/P)WAN backup and redundancyControl plane, data plane separationGPIM O
18、nline-Insertion-Removal*Optional redundant power supplies (AC and DC),FRS 12.1,SRX100,,,Ideal for small sites and managed telecommutersFull security featuresFirewall and VPNUTM: IPS, AppSecure, antivirus, web-filteri
19、ng, and anti-spamUTM requires high memory version,,SRX110 – ideal solution for Small Branch,,Additional USB port,Front,Back,Designed for flexibility, investment protection, and lowest total cost of ownership (TCO).,Pri
20、maryWANVDSL,Backup 3G WAN,11.4,Ideal for small branchesFull security featuresFirewall and VPNUTM: IPS, AppSecure, antivirus, web-filtering, and anti-spamUTM requires high memory version,SRX210E,,SRX220,,,Ideal fo
21、r small and medium branchesFull security featuresFirewall and VPNUTM: IPS, AppSecure, antivirus, web-filtering, and anti-spam,SRX240,,,Ideal for small and medium branchesFull security featuresFirewall and VPNUTM: I
22、PS, AppSecure, antivirus, web-filtering, and anti-spamUTM requires high memory version,SRX550,,,Ideal for enterprise medium to large branchIdeal office-in-a-box solution for managed services or commercial businessSRX5
23、50 offers:Comprehensive Routing and Security ServicesHigh density on-board and modular switch ports, Copper and SFPApplication Awareness and ControlBusiness Continuity and Resiliency,12.1,SRX650,,,Ideal for regional
24、sites and large branchesFull security featuresFirewall and VPNUTM: IPS, AppSecure, antivirus, web-filtering, and anti-spamModularLAN switchingServices Routing Processors with optional redundancy Power supplies wit
25、h optional redundancy (at FRS),Branch sRX Series Specification Summary,,,,Flexible Physical interfaces- WAN, LAN, WLAN and 3G/4G,MPIMs,T1/E1Serial1XGE SFPADSLG.SHDSLVDSL2Docsis3.0,,GPIMs,16XGE 16XGE POE24XGE24X
26、GE POE2x10GE SFP+/Copper4XT1E12XT1E11xDS3/E3,場(chǎng)景一(SRX當(dāng)傳統(tǒng)的路由器部署),,,廣域網(wǎng)(或MPLS網(wǎng)絡(luò)),,,,,優(yōu)勢(shì):1、JUNOS的軟件:模塊化、所有型號(hào)共用一個(gè)軟件文件、單一版本鏈;2、無需license即支持MPLS等復(fù)雜功能;3、更高性能,場(chǎng)景二(SRX當(dāng)路由器+交換機(jī)部署),,,,,,,廣域網(wǎng)(或MPLS網(wǎng)絡(luò)),優(yōu)勢(shì):SRX100/210/240缺省支持大量的
27、以太網(wǎng)接口,SRX650可以擴(kuò)展支持高密度的以太網(wǎng)接口卡,這些接口缺省支持路由和交換功能,無需license。為小型辦事處節(jié)省了交換機(jī)成本。,,場(chǎng)景三(SRX當(dāng)VPN/NAT/防火墻/UTM部署),,,,,廣域網(wǎng),優(yōu)勢(shì):1、集成了ScreenOS的防火墻和IPsec功能,無需額外license;2、全面的UTM功能(集成了多個(gè)領(lǐng)先內(nèi)容安全廠家的技術(shù)),包括防病毒(卡巴斯基)、防垃圾郵件(Sophos)、入侵防御(Juniper)、網(wǎng)
28、頁過濾(websense)等;3、具備對(duì)防病毒和防入侵的硬件加速特征匹配芯片。4、對(duì)流量進(jìn)行詳細(xì)的流量日志記錄。,場(chǎng)景四(SRX當(dāng)路由器+狀態(tài)防火墻部署),,,,,,,,,,,廣域網(wǎng),優(yōu)勢(shì):1、單一設(shè)備,可以支持廣域網(wǎng)路由接口(串口、E1);2、將路由器、UTM防火墻合二為一;3、支持部分流量按路由器方式進(jìn)行處理,部分流量按狀態(tài)防火墻進(jìn)行處理。,,場(chǎng)景五(SRX當(dāng)路由器+UTM防火墻部署),,,,,,廣域網(wǎng)(或MPLS網(wǎng)絡(luò)),
29、優(yōu)勢(shì):1、單一設(shè)備,可以支持廣域網(wǎng)路由接口(串口、E1);2、將路由器、UTM防火墻合二為一;3、支持MPLS和UTM防火墻的同時(shí)部署。,Juniper的優(yōu)勢(shì),1、不需要license即可以支持動(dòng)態(tài)路由/MPLS、BFD、交換功能(包括機(jī)箱自帶接口)、虛擬路由器、防火墻NAT、IPsec VPN功能,盡量將這些功能加進(jìn)去;2、Juniper可以同時(shí)支持防病毒和防垃圾郵件,Cisco不支持;3、Juniper支持內(nèi)置內(nèi)容安全的硬
溫馨提示
- 1. 本站所有資源如無特殊說明,都需要本地電腦安裝OFFICE2007和PDF閱讀器。圖紙軟件為CAD,CAXA,PROE,UG,SolidWorks等.壓縮文件請(qǐng)下載最新的WinRAR軟件解壓。
- 2. 本站的文檔不包含任何第三方提供的附件圖紙等,如果需要附件,請(qǐng)聯(lián)系上傳者。文件的所有權(quán)益歸上傳用戶所有。
- 3. 本站RAR壓縮包中若帶圖紙,網(wǎng)頁內(nèi)容里面會(huì)有圖紙預(yù)覽,若沒有圖紙預(yù)覽就沒有圖紙。
- 4. 未經(jīng)權(quán)益所有人同意不得將文件中的內(nèi)容挪作商業(yè)或盈利用途。
- 5. 眾賞文庫僅提供信息存儲(chǔ)空間,僅對(duì)用戶上傳內(nèi)容的表現(xiàn)方式做保護(hù)處理,對(duì)用戶上傳分享的文檔內(nèi)容本身不做任何修改或編輯,并不能對(duì)任何下載內(nèi)容負(fù)責(zé)。
- 6. 下載文件中如有侵權(quán)或不適當(dāng)內(nèi)容,請(qǐng)與我們聯(lián)系,我們立即糾正。
- 7. 本站不保證下載資源的準(zhǔn)確性、安全性和完整性, 同時(shí)也不承擔(dān)用戶因使用這些下載資源對(duì)自己和他人造成任何形式的傷害或損失。
評(píng)論
0/150
提交評(píng)論