Juniper sa-sslvpn
Upcoming SlideShare
Loading in...5
×
 

Juniper sa-sslvpn

on

  • 4,150 views

null Banglore June 2012 Meet

null Banglore June 2012 Meet

Statistics

Views

Total Views
4,150
Views on SlideShare
3,795
Embed Views
355

Actions

Likes
1
Downloads
86
Comments
0

2 Embeds 355

http://null.co.in 354
http://webcache.googleusercontent.com 1

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment
  • Companies today must be able to balance providing ubiquitous access to their users for maximum productivity while enforcing strict security measures to protect their valuable corporate resources.
  • In the early 1990s, there were only limited options to extend the availability of the enterprise's network beyond the boundaries of the corporate central site, comprised mainly of extremely costly and inflexible private networks and leased lines. However, as the Internet grew, it spawned the concept of virtual private networks (VPNs) as an alternative. Most of these VPN solutions leveraged free/public long-haul IP transport services and the IPSec protocol. VPNs effectively addressed the requirements for cost-effective, fixed, site-to-site network connectivity; however, for mobile users, they were, in many ways, still too expensive, while for business partners or customers, they were extremely difficult to deploy. It is in this environment that SSL VPNs were introduced, providing remote/mobile users, business partners and customers an easy, secure manner to access corporate resources through the internet and without the need to pre-install a client. The earlier remote access technology, an IPSec VPN client, has been a weak security link for many corporations because it offers IT administrators little control over infected users entering the network. The original design of the IPSec VPN protocol was to connect one private network to another with the assumption of both networks are secure with the same security policies. However, network viruses and worms can propagate rapidly and widely through a geographically extended VPN. This is especially pertinent when users are partners connecting from their office PCs and remote devices which are not a part of a company’s controlled network. In contrast to IPSec-based methods, SSL VPNs have more sophisticated controls for protecting the network. Unlike IPSec VPNs, SSL VPNs offer control at the user, application, and network level with awareness of the security health status of connecting end nodes. For example, a connecting computer can be scanned to ensure it meets corporate security requirements. Based on the knowledge of who the user is and which computer he/she is using, the SSL VPN can grant appropriate access rights and audit at a granular level, showing the precise resources accessed. With all these benefits, it is small wonder that SSL VPN technology is being seen as the best means to connect remote users, in addition to partners and customers. SSL VPNs provide connectivity via Secure Sockets Layer, which is part of all standard Web browsers. The power of SSL-based solutions meet the need for scalable remote access deployments, with the ability to provide access to all applications such as client/server applications and access to the complete network, as well as clientless connectivity to telnet/SSH hosted servers, complex Web applications, files, and more. SSL VPNS provide a valid means to deliver “whole enterprise access,” regardless of where the user is coming from and whether they have a dedicated laptop or not. In addition, the Juniper Networks Secure Access appliances with the Secure Meeting Option provides secure anytime, anywhere cost effective online Web conferencing and remote control.
  • Juniper leads the SSL VPN market with a complete range of appliances that meet the needs of companies of all sizes (from small and medium businesses granting access to remote/mobile employees, to large, global enterprises providing extranet portals for their partners, and customers, as well as service providers that use SSL VPN as a remote access solution for their own users and/or providing SSL VPN as a managed service offering to their customers). 2) The products use SSL, the security protocol found in all standard Web browsers. SSL eliminates the need to deploy pre-installed client-software on desktops, laptops, or mobile devices. In addition, it requires no changes to internal servers, and dramatically reduces maintenance and support costs compared to other remote access solutions such as IPSec. 3) All remote users need is a valid username and password and a web browser. Juniper’s SSL VPN solution not only verifies the user, but also that the device meets enterprise security requirements. If devices are deemed a risk based on predefined corporate policy, user access can be denied or severely restricted. 4) Once both the user and device pass verification, Juniper’s SSL VPN opens up a secure path that keeps communications and data both private and intact, using the strongest encryption methods available today. 5) Juniper SSL/VPN is a cost-effective and reliable solution for businesses looking for a secure backup in the case of a natural disaster such as a snowstorm or a flu pandemic. If workers cannot get to the office, a special licensing option, that will meet the spike in remote access demand, grants access to stranded employees, making sure they stay connected.
  • Virtualization is a hot topic these days as a way of reducing costs for companies. SA v6.5 interoperates with Virtual Desktop Infrastructure (VDI) products, including VMware's View Manager and Citrix’s XenDesktop. This integration with VDI products enables administrators to deploy virtual desktops alongside the SA Series SSL VPN Appliances. SA v6.5 delivers a centralized point of configuration for administrators to configure remote access policies for virtual desktop access through leading virtualization products from VMware and Citrix. It also provides users with a VDI client with which to access the virtual desktop and provides flexible client fallback options, simplifying deployment and management for administrators.
  • Pre-authentication information Authentication Policy Role Mapping Resource Authorization Policy Browser Type Time Place Digital Certificate Endpoint Security (Host Check) Source IP Address Interface Type Sign-in URL Permit/Deny Authentication Policy Establish authentication level Enforce authentication & password policy Based on Cert Attributes Device Attributes Network Attributes Determine session role(s) Establish session access settings Establish session UI Based on Session Attributes User Attributes Device Attributes Network Attributes Dynamic permit/deny policy Granular resource controls (URL, file, or server) Based on: Role(s) Session Attributes User Attributes Device Attributes Network Attributes
  • In 2008, over 7 million new programs discovered; in 2007, it was over 5 million* *Source: 1985-2008 AV-test.org report 40% more effective at blocking, detecting and removing spyware threats than competitors

Juniper sa-sslvpn Juniper sa-sslvpn Presentation Transcript

  • SA SERIES SSL VPN APPLIANCESPRODUCT LINE PRESENTATIONMay 19, 2010
  • AGENDA1. SSL VPN Market Overview2. SSL VPN Use Cases3. Access Control and AAA4. End-to-End Security5. Secure Meeting6. Hardware, Management and High Availability2 Copyright © 2010 Juniper Networks, Inc. www.juniper.net
  • BUSINESS CHALLENGE: GRANT ACCESS VS. ENFORCE SECURITYMaximize Productivity with Access... …While Enforcing Strict Security Allow partner access to applications  Allow access only to necessary (Extranet portal) applications and resources for certain users Increase employee productivity by providing anytime, anywhere access  Mitigate risks from unmanaged (Intranet, E-mail, terminal services) endpoints Customize experience and access for  Enforce consistent security policy diverse user groups (partners, suppliers, employees) Enable provisional workers (contractors, outsourcing) Support myriad of devices (smartphones, laptops, kiosks) …And the Solution Must Achieve Positive ROI  Minimize initial CAPEX costs  Lower ongoing administrative and support OPEX costs 3 Copyright © 2010 Juniper Networks, Inc. www.juniper.net
  • IPSEC VPN VS. SSL VPN Internet Kiosk Mobile Branch Office Sales Users HR Internet Finance Internet Department DMZ-1 Partners, Servers Customers, Remote Office HQ Telecommuters Contractors IPSec VPN SSL VPN Employee Remote Access Telecommuters Remote/Branch Office Deployments Mobile Users Partner Extranets Fixed Site-to-Site Mobile or Fixed Managed Endpoints Managed or Unmanaged Endpoints Layer 3 Network Access Access Control Per Application IP to IP Control User to Application Control Access allowed from Unmanaged and Untrusted Access from Managed, Trusted Networks networks as well4 Copyright © 2010 Juniper Networks, Inc. www.juniper.net
  • THE SOLUTION:JUNIPER NETWORKS SECURE ACCESS SSL VPN Mobile User – Cafe Secure SSL access to remote users from any device or location VoIP Teleworker Easy access from Web-browsers – no SA6500 client software to manage Dynamic, granular access control to manage users and resources Business Partner or Customer Single comprehensive solution to access various application types from various devices available Wireless/Mobile Device User Airport Kiosk User 5 Copyright © 2010 Juniper Networks, Inc. www.juniper.net
  • JUNIPER NETWORKS SSL VPN MARKET LEADERSHIP Juniper maintains #1 market share position worldwide Leader since SSL VPN product category inception Source: 4Q09 Infonetics Research Network Security Appliances and Software Report6 Copyright © 2010 Juniper Networks, Inc. www.juniper.net
  • ANALYST PRAISE & RECOGNITION 2008 Gartner Magic Quadrant for SSL VPN 2009 Magic Quadrant Key Takeaways: “Juniper has maintained the product vision, execution and overall momentum so effectively that it has held a leadership position continuously…” “…unchallenged disruptive sales advantage” “Juniper is the No. 1 competitive threat…” “Year after year, Junipers products earn a high satisfaction rating…” http://www.gartner.com/technology/media-products/reprints/juniper/vol6/article1/article1.html Source: Gartner (October 2009)7 Copyright © 2010 Juniper Networks, Inc. www.juniper.net
  • JUNIPER SA SSL VPN RECOGNITION & AWARDS AwardWinning3rd PartyCertified MarketLeading Market share leader & proven solution with over 20,000 customers8 Copyright © 2010 Juniper Networks, Inc. www.juniper.net
  • AGENDA1. SSL VPN Market Overview SSL VPN Use Cases3. Access Control and AAA4. End-to-End Security5. Secure Meeting6. Hardware, Management and High Availability9 Copyright © 2010 Juniper Networks, Inc. www.juniper.net
  • #1 - REMOTE ACCESS AT LOWER OPERATING COSTS SA6500 Employees with Employees with Mobile Devices Corporate Laptops Employees Corporate with Home PCs Intranet Email Server Firewall Internet Router Applications ServerIncreased Productivity Increased Security Anytime, anywhere access from any device  Encrypted secure access to corporate resources No endpoint software to install or manage  Granular access control Easy access facilitated from common browsers  Comprehensive endpoint security enforcement 10 Copyright © 2010 Juniper Networks, Inc. www.juniper.net
  • #2 - EXTRANET PORTALS WITH GREATER SECURITY SA6500 Suppliers Customers Corporate Intranet Client/Serer Partners Web Applications Firewall Applications Internet RouterAdministrative ease of use Enforcement of corporate security policies Easier management of authorized users  Granular access to select applications or resources No client software enforced on external users  Endpoint security enforced before granting access Access enabled from any Web-enabled device  No administrative hassle of managing users’ devices 11 Copyright © 2010 Juniper Networks, Inc. www.juniper.net
  • #3 – MOBILE DEVICE ACCESS SA6500 Apple iPhone Corporate Intranet Email Firewall Server Internet Router Applications Server Improved Ease of Use, Higher Productivity  Access from any mobile device  ActiveSync facilitates secure access to Exchange  Enforce mobile device integrity and security12 Copyright © 2010 Juniper Networks, Inc. www.juniper.net
  • AGENDA1. SSL VPN Market Overview2. SSL VPN Use Cases Access Control and AAA4. End-to-End Security5. Secure Meeting6. Hardware, Management and High Availability13 Copyright © 2010 Juniper Networks, Inc. www.juniper.net
  • DYNAMIC ACCESS METHODS BY PURPOSE Three different access methods to control users’ access to resources Dynamic access control based on user, device, network, etc. Network Connect Secure Application Manager Core Access Access to Web-based applications, Layer-3 connectivity to corporate Access to client/server applications File shares, Telnet/SSH hosted apps, network such as Windows & Java applications and Outlook Web Access Supports all applications including One click access to applications Granular access control all the way resource intensive applications like such as Citrix, Microsoft Outlook, and up to the URL or file level VoIP & streaming media Lotus Notes Recommended for remote and Ideal for remote & mobile employees Ideal for remote & mobile employees mobile employees only as full and partners if they have client and partners accessing from network access is granted applications on their PCs unmanaged, untrusted networks Layer-3 access to corporate Granular client/server Granular web application network application access control access control14 Copyright © 2010 Juniper Networks, Inc. www.juniper.net
  • CLIENTLESS ACCESS METHOD: CORE ACCESS Broad set of supported platforms Integrated E-mail Client and browsers Secure Terminal Access Secure, Easy Web Application  Access to Telnet/SSH (VT100, Access VT320…)  Pre-defined resource policies for  Anywhere access with no terminal Sharepoint, Lotus Webmail, etc. emulation client  Support for Flash, Java applets, HTML, Javascript, DHTML, XML, etc.  Support for Hosting & delivering any Java applet Secure File Share Access  Web front-end for Windows and Unix Files (CIFS/NFS)15 Copyright © 2010 Juniper Networks, Inc. www.juniper.net
  • SECURE APPLICATION MANAGER Full cross platform support for both WSAM – secure traffic to specific Windows & Java versions client/server applications  Supports Windows Mobile/PPC, in Granular access control policies for addition to all Windows platforms client/server applications  Granular access and auditing/logging  Access applications without capabilities provisioning full Layer 3 tunnel  Installer Service available for  Eliminates costs, complexity, and constrained user privilege machines security risks of IPSec VPNs  No incremental software/hardware or JSAM – supports static TCP port customization to existing apps client/server applications  Enhanced support for MSFT MAPI, Lotus Notes, Citrix NFuse  Drive mapping through NetBIOS support  Install without advanced user privileges16 Copyright © 2010 Juniper Networks, Inc. www.juniper.net
  • LAYER-3 ACCESS METHOD: NETWORK CONNECT rmance SA Series High Perfo ode M Transport High Availability e Transport Mod Full Layer 3 Access to corporate network Dynamic, Dual Transport Mode  Dynamically tries SSL in case IPSec is blocked in the network Cross Platform Dynamic Download (Active-X or Java delivery) Launching options include – browser-based, standalone EXE, scriptable launcher and Microsoft Gina Client-side Logging, Auditing and Diagnostics available17 Copyright © 2010 Juniper Networks, Inc. www.juniper.net
  • ACCESS METHODSTERMINAL SERVICES Seamlessly and securely access any Citrix or Windows Terminal Services deployment  Intermediate traffic via native TS support, WSAM, JSAM, Network Connect, Hosted Java Applet  Replacement for Web Interface/NfuseNative TS Support  Granular Use Control  Secure Client delivery  Integrated Single Sign-on  Java RDP/JICA Fallback  WTS: Session Directory  Citrix: Auto-client reconnect/ session reliability  Many additional reliability, usability, access control options18 Copyright © 2010 Juniper Networks, Inc. www.juniper.net
  • ACCESS METHODS VIRTUAL DESKTOP INFRASTRUCTURE (VDI) AAA Apps Servers SA Series FinanceRemote/Mobile User VMware VDI Server Citrix XenDesktop  SA interoperates with VMware View Manager and Citrix XenDesktop to enable administrators to consolidate and deploy virtual desktops with SA  Allows IT administrators to configure centralized remote access policies for users who access their virtual desktops  Dynamic delivery of Citrix ICA client or VMware View client to users, including dynamic client fallback options for easy connection to their virtual desktops  Benefits: – Seamless access (single sign-on) for remote users to their virtual desktops hosted on VMware or Citrix servers – Saves users time and improves their experience accessing their virtual desktops 19 Copyright © 2010 Juniper Networks, Inc. www.juniper.net
  • ACCESS PRIVILEGE MANAGEMENT 1 USER / 1 URL / 3 DEVICES & LOCATIONS Pre-Authentication Authentication & Role Assignment Resource Policy Authorization Gathers information Applications available from user, network, Authenticate user Map Assign session to user endpoint user to role properties for user role •Host Check: Pass •Auth: Digital Certificate •Access Method: •Outlook (full version) •AV RTP On Network Connect •CRM Client/Server •Definitions up to date •Role Mapping: Managed •File Access: Enabled •Intranet •Machine Cert: Present •Timeout: 2 hours •Corp File Servers Managed •Device Type: Win XP •Host Check: Recurring •Sharepoint Laptop •Host Check: Fail •Auth: AD Username/ •Access Method: •Outlook Web Access •No AV Installed Password Core (no file up/download) •No Personal FW •SVW Enabled •CRM Web (read-only) •Machine Cert: None •Role Mapping: •File Access: Disabled •Intranet •Device Type: Mac OS Unmanaged •Timeout: 30 mins Unmanaged •Host Check: Recurring(Home PC/Kiosk) •Host Check: N/A •Auth: Digital Certificate •Access Method: •Outlook Mobile WSAM, Core •CRM Web •Machine Cert: None •Role Mapping: Mobile •File Access: Enabled •Intranet •Device Type: Win Mobile •Timeout: 30 mins •Corp File Servers 6.0 Mobile Device 20 Copyright © 2010 Juniper Networks, Inc. www.juniper.net
  • ONE DEVICE FOR MULTIPLE GROUPS CUSTOMIZE POLICIES AND USER EXPERIENCE FOR DIVERSE USERSpartners.company.com “Partner” Role Authentication Username/Password Host Check Enabled – Any AV, PFW Access Core Clientless Applications MRP, Quote Toolemployees.company.com “Employee” Role SA Series Authentication OTP or Certificate Host Check Enabled – Any AV, PFW Access Core + Network Connect Applications L3 Access to Appscustomers.company.com “Customer” Role Authentication Username/Password Host Check Enabled – Any AV, PFW Access Core Clientless Applications Support Portal, Docs21 Copyright © 2010 Juniper Networks, Inc. www.juniper.net
  • SEAMLESS AAA INTEGRATION Full Integration into customer AAA infrastructure  AD, LDAP, RADIUS, RSA SecurID, Certificate, etc.  Use of group membership and attributes for authorization/role mapping Password Management Integration  Users can manage their AD/LDAP passwords through SSL VPN Single Sign-On Capabilities  Seamless user experience for web applications  Forms, Header, SAML, Cookie, Basic Auth, NTLM v1/v2, Kerberos SAML Support – Web single sign-on, integration with I&AM platforms22 Copyright © 2010 Juniper Networks, Inc. www.juniper.net
  • AGENDA1. SSL VPN Market Overview2. SSL VPN Use Cases3. Access Control and AAA4. End-to-End Security5. Secure Meeting6. Hardware, Management and High Availability23 Copyright © 2010 Juniper Networks, Inc. www.juniper.net
  • ENDPOINT SECURITYHost Checker Host Checker  Support for hundreds of leading Third Party applications - Check devices before & during session - Ensure device compliance with corporate policy  AV, Personal Firewall, Anti-Spyware, Anti-Malware, - Remediate devices when needed Windows patch checks, machine certificate checks + Custom policy definition - Cross platform support  Devices automatically learn latest signature versions from AV vendors Home PC User Airport Kiosk User  Check for AV installation, real-time protection status, SA Series definition file age  Varied remediation options to meet customer needsTrusted Network Connect (TNC) architecture forseamless integration with all TNC compliant endpoint - No Anti-Virus Installed - No anti-virus installedsecurity products/vendors - Personal Firewall enabled - No personal firewall  Leverage existing endpoint security application - User remediated  install - User granted minimal anti-virus access deployments - Once installed, user granted access Antispyware Support with Enhanced Endpoint Security (EES) Functionality  Antispyware integrated from Webroot, the market leader in antispyware solutions Corporate PC User Secure Virtual Workspace  Creates protected virtual system for untrusted machine Cache Cleaner - AV Real-Time Protection running  Remove browser contents/history at conclusion of user - Personal Firewall Enabled session - Virus Definitions Up To Date - User granted full access 24 Copyright © 2010 Juniper Networks, Inc. www.juniper.net
  • ANTISPYWARE SUPPORT WITH ENHANCED ENDPOINTSECURITY (EES) FUNCTIONALITYNumber of newly discovered malicious programs are growingCost enterprises time, money, and productivity to quarantine and Antispyware /remediate contaminated endpoints antimalware software dynamicallyAddressing growth in malware, SA and UAC now dynamically provisioned todownload antispyware/antimalware software to endpoints endpoints  Regardless of user or location SA SeriesAntispyware integrated from Webroot, the market leader inantispyware solutions UAC SeriesNumber of simultaneous endpoints that can use the feature willdepend on the optional subscription license orderedCustomer Benefits: Data & Applications Road  Ensure only healthy devices are granted network access Warrior, Malware Partner, or  Protect corporate resources from infected endpoints Employee  Real time shield is always on with memory scan and virus signatures  Save IT time and money from correcting individual endpoints; decrease user downtime that affects productivity 25 Copyright © 2010 Juniper Networks, Inc. www.juniper.net
  • UAC-SA FEDERATION DIAGRAM Campus HQ Wired/ Wireless Data Center IC Series UAC Appliance 2) SSL VPN talks to IC to 3) IC provisions access L2 Switch let IC know of user session control rules on UAC enforcement points Applications and roles provisioned SA Series SSL VPN ISG Series with IDP LAN User 4) User accesses resources 1) Remote user logs into SSL protected by UAC with single VPN login SSL VPN provisions remote access sessions Internet • Consistent policies for remote and LAN access • Policy servers that can share knowledge of users for intelligent Remote User provisioning of access inside network26 Copyright © 2010 Juniper Networks, Inc. www.juniper.net
  • JUNIPER’S COORDINATED THREAT CONTROL 3 - SA identifies user 2 - Signaling protocol 1 - IDP detects & takes action on user to notify SSL VPN of threat and stops session attack traffic Partner Intermediated traffic Internet LAN SA Series IDP Tunneled traffic EmployeeCorrelated Threat Information Comprehensive Threat Detection Coordinated Identity-Based Threat and Prevention• Identity Response• Endpoint •Ability to detect and prevent• Access history • Manual or automatic response malicious traffic • Response options: •Full layer 2-7 visibility into all• Detailed traffic & threat • Terminate session trafficinformation • Disable user account •True end-to-end security • Quarantine user • Supplements IDP threat prevention 27 Copyright © 2010 Juniper Networks, Inc. www.juniper.net
  • JUNOS PULSEDynamically provisioned software client for:  Remote access  Enterprise LAN access control  WAN acceleration  Dynamic VPN (for SRX)Easy-to-use, intuitive user experienceLocation aware with dynamic sessionmigrationIdentity-enabledStandards-basedIntegration platform for select 3rd party Builds on Juniper’sapplications (e.g. Webroot antimalware) market leading SA Series SSL VPN, UAC solution, and WXC technology!28 Copyright © 2010 Juniper Networks, Inc. www.juniper.net
  • JUNIPER NETWORKS ICE FOR BUSINESS CONTINUITY Meeting the peak in demand for remote access in the event of a disaster Juniper Networks ICE delivers  Proven market-leading SSL Peak Demand VPN  Easy deploymentsNumber of Remote Users  Instant activation  Investment protection  Affordable risk protection What will you do Average usage when your non- remote users need access? Unplanned event Time29 Copyright © 2010 Juniper Networks, Inc. www.juniper.net
  • AGENDA1. SSL VPN Market Overview2. SSL VPN Use Cases3. Access Control and AAA4. End-to-End Security5. Secure Meeting6. Hardware, Management and High Availability30 Copyright © 2010 Juniper Networks, Inc. www.juniper.net
  • SECURE MEETINGINSTANT COLLABORATION/REMOTE HELPDESK Easy to Use Web Conferencing  Share desktop/applications Instant or scheduled online  Group and private chat collaboration Easy to Deploy and Maintain  No pre-installed software required  Web-based, cross platform  Personalized meeting URLs for users  https://meeting.company.com/ meeting/johndoe Affordable – No usage/service fees Secure  Fully encrypted/secured traffic using SSL  No peer-to-peer backdoor  User credentials protected Remote Helpdesk Functionality  Automatic desktop sharing/remote control request31 Copyright © 2010 Juniper Networks, Inc. www.juniper.net
  • AGENDA1. SSL VPN Market Overview2. SSL VPN Use Cases3. Access Control and AAA4. End-to-End Security5. Secure Meeting6. Hardware, Management and High Availability32 Copyright © 2010 Juniper Networks, Inc. www.juniper.net
  • JUNIPER SSL VPN PRODUCT FAMILYFUNCTIONALITY AND SCALABILITY TO MEET CUSTOMER NEEDS Options/upgrades: Options/upgrades: Options/upgrades: Options/upgrades: • 10-25 conc. users • 25-100 conc. users • 50-1000 conc. users • Up to 30K conc. users • Core Clientless • Secure Meeting • Secure Meeting • Secure Meeting Access • Cluster Pairs • Instant Virtual System • Instant Virtual System • Network & Security • EES • SSL Acceleration • 4-port SFP card Manager (NSM) • NSM • Cluster Pairs • 2nd power supply or • EES DC power supply • NSM • Multi-Unit Clusters • EES • NSMBreadth of Functionality Secure Access 6500 Secure Access 4500 Secure Access 2500 Designed for: Designed for: Large enterprises & SPs Designed for: Medium to large Secure remote, intranet Secure Access 700 Medium enterprise enterprise and extranet access Secure remote, intranet Secure remote, intranet Includes: and extranet access and extranet access Core Clientless Access Designed for: Includes: Includes: SAMNC SMEs Core Clientless Access Core Clientless Access SSL acceleration Secure remote access SAMNC SAMNC Hot swap drives, fans Includes: Network Connect Enterprise Size All models are now Common Criteria EAL3+ certified: http://www.dsd.gov.au/infosec/evaluation_services/epl/network_security/juniper_networks_SAF.html33 Copyright © 2010 Juniper Networks, Inc. www.juniper.net
  • SECURE ACCESS FEATURES Secure Meeting License High Availability License  Active-Passive or Active-Active support  Stateful session failover Enhanced Endpoint Security (EES) License Advanced troubleshooting tools for quick issue resolution  Policy trace, session recording, system snapshot, etc. Granular Role-based administration Detailed logging and log filtering Config Import/Export  Configuration backup/archiving FIPS Certified Product Available34 Copyright © 2010 Juniper Networks, Inc. www.juniper.net
  • USEFUL LINKS What’s New: New features in respective release. http://www.juniper.net/techpubs/software/ive/releasenotes/6.5-whats_new.p Supported Platforms: http://www.juniper.net/techpubs/software/ive/releasenotes/SA-SupportedPl Client Side Changes: http://www.juniper.net/techpubs/software/ive/admin/6.5-ClientSideChanges35 Copyright © 2010 Juniper Networks, Inc. www.juniper.net
  • WHY JUNIPER FOR SSL VPN? Core Competence in Performance, Scalability & HA SSL-based Access  Differentiated hardware platforms  Proven in tens of thousands of customer  Global & local stateful clustering deployments!  Compression, SSL acceleration, GBIC  Market leadership/industry Awards connectors, dual hot-swappable hard  Product maturity disks, power supplies, and fans Single Platform for All Ease of Administration Enterprise Remote Access Needs  Centralized management  Support for complex Web content, Files,  Granular role-based delegation Telnet/SSH using only a browser  Extensive integration with existing  Client/Server applications directories  Adaptive dual transport method for  Native automatic endpoint remediation network-layer access and password management integration End-to-End Security  Robust host checking capabilities  Dynamic Access Privilege Management  3rd party security audits36 Copyright © 2010 Juniper Networks, Inc. www.juniper.net