02-SSG Featrues

Secure Services Gateway
Family Overview
SSG 5, SSG 20, SSG 140,
SSG 500 Series
Key Security and Routing Features

SSG Family Specifications

Deployment Examples

Agenda
Juniper Networks Firewall/VPN Products
Carrier/Service
Provider
NS-Remote
Large
Enterprise
Medium
Enterprise
Small
Enterprise
NS-5400
NS-5200
NS-500
NS 5GT/HSC
ISG-1000/2000
SSG-20
SSG 520
SSG 550
SSG 5
Wireless
SSG 140
ScreenOS: Proven Enterprise Class Security
SSG Purpose-Built Hardware Platform
LAN &
WAN I/O
Mgmt/
Modem
Rich networking and virtualization
capabilities
Segmentation (Zones, VLANs) to divide
the network into secure segments
Combines ScreenOS deployment modes,
dynamic routing and high availability with
select JUNOS WAN encapsulations
Security Zones
LAN Routing
Deployment Modes
WAN Encapsulations
Networking
Network security features / Access
control
Stateful firewall, IPSec VPN, NAT, DoS
protection, user authentication
FW
IPSec VPN
DoS/DDoS
User auth.
Network Security Features
ScreenOS
UTM Features / Content Security
Antivirus/Anti-
Spyware
Web filtering
Anti-Spam
IPS (Deep
Inspection)
Integrated Unified Threat
Management (UTM) security
features
IPS (Deep Inspection), Antivirus (includes
Anti-Spyware, Anti-Phishing) Anti-Spam,
Web filtering
Secure Service Gateway Family
SSG 5 - Six fixed form factor models
160 Mbps FW / 40 Mbps VPN
SSG 20 2 modular models
160 Mbps FW / 40 Mbps VPN
SSG 140
350+ Mbps FW / 100 Mbps VPN
8 FE + 2 GE Interfaces + 4 WAN PIM slots
SSG 520/SSG 520M
650+ Mbps FW / 300 Mbps VPN
SSG 550/SSG 550M
1+ Gbps FW / 500 Mbps VPN
SSG 550/SSG 550M
SSG 520/SSG 520M
SSG 5
SSG 20
SSG 140
SSG 5 Overview
Performance and physical characteristics
160 Mbps FW (large packets)/ 90
Mbps FW (IMIX) / 40 Mbps VPN
Integrated Fan w/ Temp Sensor
(wireless only)
Reliability and extensibility
External AC power supply
Full Active/Passive (w/ Extended
license)
User upgradeable memory

Flexible connectivity
Fixed form factor w/ 7 Fast Ethernet
+ 1 WAN interface
Factory configured WAN options include
ISDN BRI S/T or V.92 or RS-232 Serial/Aux
Optional factory configured Dual radio
802.11a + 802.11 b/g
Six models to choose from
SSG 20 Overview
Performance and physical characteristics
160 Mbps FW (large packets)/ 90
Mbps FW (IMIX) / 40 Mbps VPN
Integrated Fan w/ Temp Sensor (wireless
only)
Reliability and extensibility
External AC power supply
Full Active/Passive (w/ Extended
license)
User upgradeable memory
Flexible connectivity
5 Fast Ethernet + 2 Mini I/O
slots
Mini PIM options include
ADSL2+, T1, E1, ISDN BRI S/T,
V.92 at FCS
Optional factory configured Dual
radio 802.11a + 802.11 b/g
Two models to choose from

SSG 20 I/O Extensibility
Mini-PIMS are small form factor
Size of a deck of cards
Not compatible with any other SSG or J
series

ADSL 2/2+
TX/RX
SYNC

V.92
CD
TX/RX

E1
CD
LOOP BACK
ALARM

T1
CD
LOOP BACK
ALARM

ISDN (BRI)
Channel B2
Channel B1

ADSL 2+
V.92
E1
T1
ISDN
BRI S/T
(2) I/O expansion slots
Key Differences: SSG 5/SSG 20 v NetScreen-
5GT
No user licensing
Unlimited license included in all versions
Optional Extended license increases VLAN,
Tunnel and Session capacities
Memory options 128MB or 256MB
WAN connectivity support
Security Zones From 4 to 8
VLANs From 0 to 10/50
UTM security features
Antivirus, Anti-Spam, Web filtering and IPS
(DI)
SSG 5
SSG 20
Users Unlimited
VLANs 10/50
Zones 8
Tunnels 25/40
Sessions 4k/8k
SSG 140 Overview
350+ Mbps FW (large packets)/
300 Mbps FW (IMIX) / 100
Mbps VPN
Brings high performance UTM
Security features to the mid-
market
Full Active/Passive HA
Fixed 10/100 and 10/100/1000
interfaces
(4) interface expansion slots
Existing dual Port T1
Existing dual Port E1
Existing Dual Port Serial
New Interfaces at FCS
Single Port ISDN
Front View
Back View
SSG 140 Interface Support
1. Console and RS-232/Aux interfaces
2. (8) 10/100 interfaces
3. (2) 10/100/1000 interfaces
4. (4) interface expansion slots: 2xT1, 2xE1, 2xSerial, 1xISDN BRI S/T
5. Status LEDs for rear installed I/O cards visible from front
1
2
3
Front
View
4
Back
View
5
SSG 500 Series Overview
Juniper Networks SSG
550/SSG 550M
1 Gbps + FW (large packets)/1
Gbps FW (IMIX) / 500 Mbps VPN
600K pps
6 I/O Slots 4 are LAN enabled
Dual power supplies, DC optional,
NEBS optional
128K sessions, 1,000 VPN tunnels
Juniper Networks SSG
520/SSG 520M
650+ Mbps FW (large packets)/
600 Mbps FW (IMIX) / 300 Mbps
VPN
300K pps
6 I/O slots; 2 are LAN enabled
Single power supply, AC or DC
64K sessions, 500 VPN tunnels
Common Hardware Features:
2U form factor with 4 fixed 10/100/1000 Ports
2 serial RJ45 ports for console access and OOB Management
2 USB ports
WAN Connectivity
Serial, T1/E1, DS3

WAN Connectivity
Serial, T1/E1, DS3
WAN Connectivity
Serial, T1/E1, DS3

WAN Connectivity
Serial, T1/E1, DS3

LAN or WAN Connectivity
10/100/1000, SFP, FE
Serial, T1/E1, DS3
10/100/1000, SFP, FE
Serial, T1/E1, DS3
(4) Fixed 10/100/1000 interfaces
RJ45 Console & Aux Interface
WAN Connectivity
Serial, T1/E1, DS3

WAN Connectivity
Serial, T1/E1, DS3
10/100/1000, SFP, FE
Serial, T1/E1, DS3
10/100/1000, SFP, FE
Serial, T1/E1, DS3
10/100/1000, SFP, FE
Serial, T1/E1, DS3
10/100/1000, SFP, FE
Serial, T1/E1, DS3
(4) Fixed 10/100/1000 interfaces
RJ45 Console & Aux Interface
1+ Gbps FW @ 600K pps,
500 Mbps VPN
Dual power supplies, DC optional, NEBS optional
128K sessions, 1,000 VPN tunnels
650+Mbps FW @ 300K pps,
300 Mbps VPN
DC optional
64K sessions, 500 VPN tunnels
SSG 500 Series Interface Support
SSG 550/SSG 550M
SSG 520/SSG 520M
SSG Family Summary
SSG 550/ SSG
550M
SSG 520/
SSG 520M
SSG 140 SSG 20 SSG 5
FW Mbps (Large Packets) 1+ Gbps 650+ Mbps 350+ Mbps 160 Mbps 160
Mbps
FW Mbps (IMIX) 1 Gbps 600 Mbps 300 Mbps 90 Mbps 90 Mbps
FW PPS (64 Byte) 600k 300k 100k 30k 30k
VPN (1400 Byte) 500 Mbps 300 Mbps 100 Mbps 40 Mbps 40 Mbps
IPS (Deep Inspection FW) Yes Yes Yes Yes Yes
Antivirus Yes Yes Yes Yes Yes
Anti-spam Yes Yes Yes Yes Yes
Web Filtering Yes Yes Yes Yes Yes
Modular I/O Yes Yes Yes Yes No
Routing (RIP/OSPF/BGP) Yes Yes Yes Yes Yes
WAN Encapsulations Yes Yes Yes Yes Yes
HA Yes Yes Yes Optional Optional
Upgradeable to JUNOS 8.0 SSG 550M
Only
SSG 520M
Only
No No No
SSG Family Positioning
Availability
Full Mesh /
Active-Active,
Redundant
Power
Capacity, Performance and Features
Active-Passive
Optional
Active-Passive
(w Ext Lic)
>2x FW Perf &
Sessions
>2x VPN Perf &
Tunnels
>2x Zones & VLANs
Stateful HA ( AP )
GigE interfaces
~2x FW Perf &
Sessions
~1.5x VPN Perf &
Tunnels
AA Full Mesh HA
Redundant Power

Modular I/O
2 x Mini-PIMs

~2x FW Perf &
Sessions
>3x VPN Perf &
Tunnels
Modular LAN
(GigE)

10M+ UTM 25M+ UTM 100M+ UTM 200M+ UTM Performance
Recommendations
SSG Family Interface Module Summary
PIM/EPIM/Mini-PIM SSG 20 SSG 140 SSG 550
SSG 550M
SSG 550
SSG 550M
1 x T1 Mini-PIM
-- -- --
1 x E1 Mini-PIM
-- -- --
1 x ADSL 2+ Mini-PIM
-- -- --
1 x V.92 Mini-PIM
-- -- --
1 x ISDN BRI S/T Mini-PIM
-- -- --
2 x T1 PIM*
--
2 x E1 PIM*
--
2 x Serial PIM*
--
1 x ISDN BRI S/T PIM
-- -- --
1 x DS3 PIM*
-- --
4 x FE EPIM
-- --
1 x Gbe EPIM
-- --
1 x SFP EPIM
-- --
* I/O card also compatible with J Series routers
SSG Product Family Fit
Small Branch,
Small Business, Telecommuters
Regional Office,
Medium Enterprise
Performance
Improved performance & processing
Wider range of platforms with UTM
Modular (Expandable) Memory
Improved connectivity
Secure Services Gateway Deployment
Options
As a security device
1. Firewall protecting the network using
ScreenOS stateful FW
2. Site-to-site IPsec VPN using
ScreenOS VPN dynamic, route
based VPN
3. Multifunction security platform using
FW plus best-in-class UTM security
features, proven in NetScreen-5GT
Antivirus, Web filtering, Anti-Spam, IPS
As a security router
Security features = FW, IPSec VPN,
UTM features
Branch office routing: Broad range
of LAN + WAN connectivity
10/100, 10/100/1000, SFP supported by
OSPF, BGP, RIPv1/2
DS3, T1, E1, ADSL 2+, ISDN, V.92
supported by PPP, MLPPP, FR, MLFR, HDLC
HQ
WWW
Small Business Deployment Example
SSG 5
Primary Link = External DSL modem
ISP
Back up options = ISDN S/T or V.92 or
Modem connected to Serial interface
Internet
Wireless Zone
Server
Zone
Small Business
SSG 5
Fixed format appliance: 7x10/100 connected to DSL modem
Factory configured back up I/O options: V.92 or ISDN or Serial
Factory configured Wireless option: 802.11 a/b/g
Small/Medium Office Deployment Example
SSG 20
Internet
Primary Link = ADSL or
T1 I/O module
Backup = ISDN S/T or V.92 I/O
module or externally connected modem
Wireless Zone
Server
Zone
Small Business
SSG 20
Modular appliance: 5x10/100 + 2 I/O slots
ADSL 2+, T1, E1, V.92, ISDN BRI/S/T
Factory configured Wireless option: 802.11 a/b/g
ISP
Branch Office Deployment Example:
SSG 140/SSG 500 Series
Primary Link =
T1, E1 or Serial
ISP
Backup = ISDN S/T
Internet
Central Site
RAS
Primary Link = DS3
Backup = T1 or E1
Branch Office
Server
Zone
Regional Office
Server
Zone
User Zone
DMZ
PSTN
Summary
Key Security and Routing Features

SSG Family Specifications

Deployment Examples

02-SSG Featrues

Hochgeladen von

Dokumentinformationen

Originaltitel

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

02-SSG Featrues

Hochgeladen von

Copyright:

Verfügbare Formate

Secure Services Gateway

Das könnte Ihnen auch gefallen