This document provides instructions for using a slideshow presentation about Unified Access Control (UAC). It includes details about three custom slideshows for different audiences, and instructions for modifying the custom shows. The slideshows cover UAC use cases, market leadership, architecture, and case studies.

3. Access Control Solutions Unified Access Control

4. Access Control Solutions Unified Access Control

12. Market Trends and Needs Worldwide economic crisis Layoffs and RIFs abound Financial institutions failing Market values falling Decreased budgets Severe credit crunch Proliferation of network threats Insider threat incidences rise Escalation in outsourcing and off-shoring Build-up of mergers and acquisitions Increased emphasis on regulatory compliance … However, need to do more, but with less Networks now more strategic than ever to corporate growth…

13. Fully Coordinated Security Infrastructure UAC “Nerve Center” Management/ Visibility 802.1X NAC Identity-Aware Security Enterprise-Wide Access Control Device Control Coordinated Threat Control

24. UAC – NAC Market Leader The Forrester Wave™: Network Access Control, Q3 2008

34. Odyssey Access Client (OAC) STRM Series UAC Agent UAC Agent-less Mode Policies NSM Policies Cross-Portfolio, Integrated Access Control EX3200 EX4200 IDP Series Firewall SSG Series ISG Series SRX Series Application Servers IC Series UAC Appliance SBR Series SA Series SA Series

37. Basic NAC Enforcement Local User Patch Remediation SRX Series IDP Series IC Series Corporate Data Center 1 2 EX Series 3 3 4 4 1. “Sales” user logs in from unpatched machine 2. EX quarantines user – access patch server only – automatically remediated 3. Remediation success; full access granted IC-EX establish VLAN, ACLs, and QoS for Session UAC pushes role-based FW policies to SRX UAC pushes application-layer policies to IDP 4. User attempt to access “Finance” data blocked Apps Data Finance Video

38. Enterprise-wide Access Control Internet Mobile User Patch Remediation SRX Series IDP Series IC Series Corporate Data Center 1. “Sales” user logs in from unpatched machine 1 2. Quarantined for automatic patch remediation 2 SA Series 3. Remediation success; full access granted SA Session pushed to IC via IF-MAP UAC pushes role-based FW policies to SRX UAC pushes application-later policies to IDP 3 3 4. User attempt to access “Finance” data blocked 4 4 5. IDP Senses attack, informs IC SA terminates user session IC removes SRX/IDP access 5 Apps Data Finance Video

49. THANK YOU | Copyright © 2009 Juniper Networks, Inc. | www.juniper.net

50. Additional Slides | Copyright © 2009 Juniper Networks, Inc. | www.juniper.net

51. IC/IC + SA/IC Federation (IF-MAP) UAC Enforcer Corporate Data Center Apps Data Finance Video IC/IC Federation IC 1 Local User UAC Enforcer IDP Enforcer IC 2 IF-MAP EMEA HQ US HQ SA/IC Federation Local User SA-Series Internet IC-Series IF-MAP UAC Enforcer

56. UAC and EX Series Features Identity-based QoS Guest User Internet Gateway Router Bandwidth-limit guest traffic; mark with low-priority DSCP ERP Servers QoS policies stored on IC Series appliance and sent to the EX Series switch, implementing dynamic QoS policies per user session Marketing User Place ERP traffic in high-priority queue; mark with high- priority DSCP Place e-mail traffic in best-effort queue; mark with medium-priority DSCP Email Servers Finance User EX Series CORPORATE NETWORK IC Series UAC Appliance INTERNET

59. Windows Statement of Health (SOH) and Embedded NAP Agent Support UAC Agent OR NAP Client 802.1X Switches & Access Points Juniper Firewall Platforms Policy Server Identity Stores Applications and Data UAC Enforcement Points Microsoft NPS 1 Authenticate user, Profile endpoint, Determine location 2 2 Dynamically provision policy enforcement 1 3 External enforcement/ validation of SOH, transmits info back for use in policy decisions 4 Control access to protected resources IF-TNCCS-SOH SRX Series ISG Series ISG Series with IDP SSG Series IC Series EX Series