Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Juniper Enterprise Guest Access


Published on

Enterprise Guest Access solution from Juniper Networks

Published in: Technology
  • Be the first to comment

Juniper Enterprise Guest Access

  1. 1. DATASHEET ENTERPRISE GUEST ACCESS Product Overview Product Description Juniper Networks® Enterprise Guest Access is a license option for Juniper NetworksWhether large or small, companies MAG Series Junos Pulse Gateways that addresses all of your guest user network accesshave guests. Guests can be virtually requirements. Enterprise Guest Access is based on the award winning Juniper Networksanyone who conducts business with Unified Access Control (UAC) solution. With the Enterprise Guest Access option, you canthe company but is not an employee. easily provision guests and contractors, authenticate them securely, assess the healthMany of these guests require some state of their devices, control their access to your network and its sensitive resources, andform of network access in order to coordinate your network access policies, security, and regulatory compliance across evenbe productive. Providing a guest user the most distributed of network Internet access, let alone Enterprise Guest Access is quick and easy to deploy and use, employing a simplified guestaccess to files on your network or user administration interface that allows even the most nontechnical of users to createextranet, is anything but simple. You guest user access credentials and rights. It takes the burden of setting up guest usercan’t afford to let your guest users network access off the shoulders of your already overburdened IT staff, and it enablesaccess your sensitive corporate your administrative and support teams to take on this somewhat mundane yet cruciallynetwork resources. important task.For companies of all sizes, Juniper For small to medium sized businesses (SMBs) as well as enterprises and agencies withNetworks Enterprise Guest Access many guests or visitors, the Enterprise Guest Access license option delivers wired andsupports secure, authorized network wireless guest network access control (NAC) seamlessly through MAG Series Junos Pulseresource access, manages guest Gateways, without any agents to deploy or usage, and reduces thethreats that come with unauthorized Enterprise Guest Access Architecture andguest users and their compromiseddevices. Key Components All-In-One Functionality Enterprise Guest Access delivers role-based access control for guests, partners, and contractors. Enterprise Guest Access delivers agentless (browser-based) wired and wireless NAC for guest users seamlessly and supports secure, authorized network resource access, manages network use, and reduces the threat of unauthorized users and compromised devices. The Enterprise Guest Access option authenticates guest users and contractors, and assesses the health state of their devices before granting them network access. And, unlike a full blown NAC solution, Enterprise Guest Access does not require a firewall as an enforcement point for a captive portal solution. The Enterprise Guest Access license transforms your MAG Series gateway into an all-in-one appliance delivering two separate functions—guest user provisioning and authentication, and guest user access enforcement. 1
  2. 2. Guest User Authorization Since its operation does not require that an agent be downloadedEnterprise Guest Access also ensures that only authorized guest to the user’s device, Enterprise Guest Access works with devicesusers can log into and access those areas of your network to running most major operating system platforms, includingwhich they are authorized access based on their identity and Microsoft Windows, Apple Mac OS, Linux, Apple iOS and Googledevice integrity. It integrates and leverages Juniper’s Host Checker Android. Being agentless means that Enterprise Guest Accessfunctionality, used in tens of thousands of deployments of Juniper requires no configuration on a guest user’s device, and using aNetworks MAG Series Junos Pulse Gateways, SA Series SSL VPN web-based captive portal means it needs zero configuration to setAppliances and IC Series Unified Access Control Appliances, up, greatly simplifying its deployment and use.enabling you to define policy that scans guest user devices for Guest Administrator Accountsa variety of security applications and states, including custom A limited number of guest administrator accounts may beendpoint checks. It also enables you to create and enforce created. Your IT or technical staff can provision a local user ornetwork access based on time and duration. In this way, Enterprise employee with limited administration rights to provide temporaryGuest Access enables you to deliver differentiated network access accounts for external guest users. Guest user accountaccess for various guest user categories such as one-time guest manager information is stored in a database local to the MAGusers, contractors, vendors, and others. It also enables enterprise Series gateway hosting Enterprise Guest Access. This is usefulselected and approved guest user account managers to provision for administrator tracking and regulatory compliance audits.temporary guest access accounts for corporate guest users, to Provisioning of numerous guest user account managers, typicalcreate bulk accounts for numerous guest users, and to send guest for an office or site which is without reception or administrativeuser credentials via email to an expected guest user, simplifying staff, can be easily undertaken. Authenticated access for guestguest account creation and provisioning. user account managers to the Enterprise Guest Access equippedSecure Network Access MAG Series gateway is accomplished natively, or by interfacingEnterprise Guest Access enables and builds a Layer 2 bridge to with and leveraging existing SMB or enterprise authentication dataensure secure network access. With Layer 2 bridging enabled, your stores, such as Microsoft Active Directory or Lightweight Directoryguest users are provided with an IP address from your corporate Access Protocol (LDAP), and authentication, authorization, andnetwork. Since the MAG Series gateway hosting Enterprise Guest accounting (AAA) capabilities.Access is inline, it is the first place that your guest users will Time-Based Network Access Policiescome to when they attempt to access your network. Enterprise Enterprise Guest Access enables guest user accounts to beGuest Access will first serve the guest user a web-based captive created based on flexible, time-based network access policies.portal page when access is attempted. Users will use their guest Guest user accounts may be created with a specific start andcredentials, which include the user name and password provided end time. For example, guest user network access might start atto them by your guest access administrator. They will log in and 9:00 a.m. and end at 5:00 p.m. Guest user accounts may also bebe provided with a network session. During the deployment of created for a specific hourly duration, such as guest user networkEnterprise Guest Access, you will have created resource access access being allowed for 8 hours. Guest user access can also bepolicies on the MAG Series gateway which direct guest users to limited by the administrator to a specific number of days, in anresources that are provisioned on the network and to which they hours-based format, such as for 24 hours, 48 hours, or up to 72have authorized access (for example, the Internet). User traffic hours. Enterprise Guest Access affords you flexibility and control inhas no other route to the corporate network except through the the management of guest user network access.Layer 2 Enterprise Guest Access bridge. Users and guests areconnected to the external interface, and protected resources are Network Access Controlconnected to the internal interface. Enterprise Guest Access also provides a simple-to-deploy, easy to administer way of addressing NAC, while providing an upgradeProvisioning and Management path to Juniper’s comprehensive network and application accessEnterprise Guest Access also simplifies guest user network access control solution, Junos Pulse Access Control Service, at any timeprovisioning and management. Access is controlled through an by leveraging the access and security policies already createdenterprise customizable web-based captive portal, directing users and instituted by the SMB or enterprise with the Enterprise Guestto input their guest access credentials—created and provided to Access option. This saves the SMB or enterprise both time and cost.the guest user by your receptionist or any approved corporatesponsor—to gain authenticated, authorized access to your networkand resources. Guest user access credentials are as simple asa user name and password. Guest user network access may beprovisioned for up to 200 guest users on a single MAG Seriesgateway or service module with the Enterprise Guest Accesslicense option. And, identity information of guest users is stored in adatabase on the gateway, which is perfect for addressing regulatorycompliance audits. 2
  3. 3. Enterprise Guest Access Network Diagram L2 Wired or Firewalling Wireless and DHCP Environment Services Wireless Guest Guest SSID MAG4610 Junos Pulse Gateway INTERNET External Port Internal Port Wired Guest Internet Firewall Figure 1: Juniper Networks Enterprise Guest AccessFigure 1 provides a high-level view of Juniper Networks Enterprise 2. Guest access administrator provides credentials to the guestGuest Access option. In this diagram, the MAG Series hosting the user, typically via e-mail or hard copy printout.Enterprise Guest Access license is connected inline between thewireless and wired guest users, and the Internet firewall. The MAGSeries gateway running the Enterprise Guest Access license, as theinline enforcement point, blocks guest traffic until users have typedtheir credentials into the captive portal served to them by the MAGSeries gateway and have been authenticated for network access.Enterprise Guest Access Sample Workflow1. Guest access administrator creates a guest user account on the MAG Series gateway hosting Enterprise Guest Access. 3. Guest user attempts to access the network, and access is redirected to the MAG Series hosting Enterprise Guest Access, which serves the guest user a customized web-based captive portal page in which the guest user types in their assigned credentials. MAG2600 Junos Pulse Gateway Redirect MAG2600 Junos Pulse Gateway 4. When authentication is successful and the user’s device meets the organization’s predefined security and access control policies, the guest user is allowed to access the areas of the network to which guest authorization has been granted. INTERNET MAG2600 Junos Pulse Gateway 3
  4. 4. 5. When the guest user’s account expires, the MAG Series hosting Enterprise Guest Access automatically logs the user off of the network and does not allow network access until the guest receives new, updated guest user credentials. MAG6610 Junos Pulse GatewayFeatures and BenefitsThe Enterprise Guest Access option offers a number of important features and benefits. Feature Benefit Available on a wide range of MAG Series Junos The Enterprise Guest Access option can be deployed on a wide range of MAG Series models, Pulse Gateways from the small-footprint MAG2600 to the larger-scale MAG4610, MAG6610 and MAG6611. Agentless No agent to deploy on a guest user’s endpoint device means the Enterprise Guest Access license is simple to deploy and maintain, and for a guest user to operate, minimizing guest- related help desk or support calls. Identity- and role-based guest access Limit guest user access based on the user’s identity or role. Know which guest users are on your network and when. Store guest user data locally for regulatory compliance audits. Comprehensive pre-authentication endpoint The Host Checker in the Enterprise Guest Access option ensures that a guest user’s endpoint integrity checks and posture assessment device meets a previously determined baseline of security and access policy before it can be granted access to the network and its resources. Support for wired and wireless guest access Ensures that a guest users endpoint device meets a baseline security criteria—regardless of the guest user’s access method, whether wired or wireless—and that the guest user will be authenticated before being allowed to access the network and its resources. Consistent endpoint baselining across the network For medium to large enterprises with many guest users, the Enterprise Guest Access license ensures that a minimum baseline of endpoint device security and access policy, and endpoint integrity is met and maintained. Secure network access for up to 200 guest users Designed to address the network access control needs of SMBs and enterprises with many guest users. Simplified guest user creation Enables the administrative and support staff of an SMB or enterprise to create and distribute guest user access rights and credentials, relieving the already overworked IT staff of this task. It also enables creation of bulk accounts for numerous guest users, and sending guest user credentials via e-mail, simplifying guest account creation. Secure Layer 2 bridge The secure Layer 2 bridge of the Enterprise Guest Access option provides guest users with an IP address, ensuring their secure network access. Flexible time-based guest user network access Limits guest user network access based on specific hours, a specific number of hours, or a specific number of days (in hours). Guest administrator user database The list of guest administrators, stored in a database local to the MAG Series gateway hosting Enterprise Guest Access as determined by the organization, can be used to address regulatory compliance requirements. Guest user database The list of guest users passing policy checks and receiving guest access rights and credentials to access the network is stored in a database on the MAG Series gateway hosting Enterprise Guest Access, helping to address regulatory compliance needs. Consistent access control The Enterprise Guest Access license on MAG Series gateways, when deployed in smaller branch offices or sites, can ensure that an enterprise secures its distributed network, whether remote or local, with consistent, identity-enabled access control and shared security policies. Simple upgrade to full, comprehensive Network Delivers a simple upgrade path to Junos Pulse Access Control Service delivering comprehensive Access Control (NAC) network and application access control for small to large enterprises and government agencies while leveraging existing, previously developed policies. 4
  5. 5. Juniper Networks Services and Support About Juniper NetworksJuniper Networks is the leader in performance-enabling services Juniper Networks is in the business of network innovation. Fromthat are designed to accelerate, extend, and optimize your devices to data centers, from consumers to cloud providers,high-performance network. Our services allow you to maximize Juniper Networks delivers the software, silicon and systems thatoperational efficiency while reducing costs and minimizing transform the experience and economics of networking. Therisk, achieving a faster time to value for your network. Juniper company serves customers and partners worldwide. AdditionalNetworks ensures operational excellence by optimizing the information can be found at to maintain required levels of performance, reliability, andavailability. For more details, please visit Information Model Number Description MAG Series Base Systems* MAG2600 Base System MAG2600 Junos Pulse Gateway for SSL VPN users or NAC users MAG4610 Base System MAG4610 fixed configuration Junos Pulse Gateway for SSL VPN users or NAC users MAG6610 Base System MAG6610 Junos Pulse Gateway for SSL VPN or NAC users; includes MAG-PS661 560 W AC power supply. Must order at least one service module (MAG-SM160 or MAG-SM360) MAG6611 Base System MAG6611 Junos Pulse Gateway for SSL VPN or NAC users (includes MAG-PS662 750 W AC power supply); must order at least one service module (MAG-SM160 or MAG-SM360) MAG6610 and MAG6611 Modules MAG-SM160 Service module for MAG6610 or MAG6611 that supports 1,000 SSL VPN or 5,000 NAC users MAG-SM360 Service module for MAG6610 or MAG6611 that supports 10,000 SSL VPN or 15,000 NAC users Endpoint License MAGX600-GUEST-ACCESS Enterprise Guest Access License* A maximum of 200 guests is supported on the MAG Series Junos Pulse Gateways with the Enterprise Guest Access License. 5
  6. 6. Corporate and Sales Headquarters APAC Headquarters EMEA Headquarters Your recommended solutionJuniper Networks, Inc. Juniper Networks (Hong Kong) Juniper Networks Ireland provider:1194 North Mathilda Avenue 26/F, Cityplaza One Airside Business ParkSunnyvale, CA 94089 USA 1111 King’s Road Swords, County Dublin, IrelandPhone: 888.JUNIPER (888.586.4737) Taikoo Shing, Hong Kong Phone: 35.31.8903.600 Altaware, Inc.or 408.745.2000 Phone: 852.2332.3636 EMEA Sales: 00800.4586.4737 http://www.altaware.comFax: 408.745.2100 Fax: 852.2574.7803 Fax: Email: sales@altaware.comCopyright 2012 Juniper Networks, Inc. All rights reserved. Juniper Networks, the Juniper Networks logo, Junos, Phone: 949-484-4125NetScreen, and ScreenOS are registered trademarks of Juniper Networks, Inc. in the United States and othercountries. All other trademarks, service marks, registered marks, or registered service marks are the property oftheir respective owners. Juniper Networks assumes no responsibility for any inaccuracies in this document. JuniperNetworks reserves the right to change, modify, transfer, or otherwise revise this publication without notice.1000354-003-EN Mar 2012 Printed on recycled paper 6