Firewall / VPN Feature Brief

Network Deployment Options

The last thing an administrator needs to do when deploying a security solution is modify the existing network configuration. The Juniper Networks security solutions have a robust set of flexible network deployment options that allow easy integration of the solutions into new or existing networks. Route and Network Address Translation (NAT) options allow the Juniper Networks integrated firewall/IPSec VPN devices to be deployed with IP addresses assigned to their interfaces. In Route mode there is no IP address translation when traversing the Juniper appliance. In NAT mode, an IP address or a group of IP addresses can automatically be translated to a single IP address to hide private IP addresses from view. These modes are assigned to each interface independently, allowing certain interfaces to be set to route mode, such as those connected to servers in the DMZ, while other interfaces can be set to NAT mode, such as those supporting the internal private LAN. In addition to assigning modes to physical interfaces, the Juniper Networks security appliances support policy-based NAT, which allows administrators to define the NAT parameters they wish to use on a per-policy basis. Policy-based NAT provides the flexibility to define exactly what address-translation will take place on any given traffic. Junipers integrated firewall/VPN devices support Static NAT, Dynamic NAT, Static Port-Address Translation (PAT) or Dynamic Port-Address Translation.

Firewall / VPN Feature Brief To complement the network deployment modes and ease integration efforts, the Juniper Networks security appliances support both static address assignment, as well as dynamic address assignment through DHCP or PPPoE. This broad-support allows the device to operate in any network environment, including Broadband connections that make use of PPPoE.

Transparent mode allows the Juniper Networks security appliances to be deployed as a Layer 2 security device, providing firewall, VPN, and traffic management functionality, without an IP address, making the device invisible to the user. Transparent mode greatly simplifies the deployment process, making it a convenient means for protecting Web servers, or any other kind of server that mainly receives traffic from untrusted sources. In transparent mode, there is no need to reconfigure the IP settings of routers or protected servers, nor is there a need to create Mapped or Virtual IP addresses for incoming traffic to reach protected servers.

Copyright 2006, Juniper Networks, Inc. All rights reserved. Juniper Networks and the Juniper Networks logo are registered trademarks of Juniper Networks, Inc. in the United States and other countries. All other trademarks, service marks, registered trademarks, or registered service marks in this document are the property of Juniper Networks or their respective owners. All specifications are subject to change without notice. Juniper Networks assumes no responsibility for any inaccuracies in this document or for any obligation to update information in this document. Juniper Networks reserves the right to change, modify, transfer, or otherwise revise this publication without notice. June, 2006