Juniper SRX240H Data Sheet
Add to my manuals
4 Pages
The Juniper SRX240H is a high-performance security gateway that provides advanced threat protection and secure connectivity for small and medium-sized businesses or branch offices. It offers comprehensive security features like stateful firewall, intrusion prevention system (IPS), application security, and unified threat management (UTM). The SRX240H also supports secure remote access through IPsec VPNs and SSL VPNs, making it an ideal solution for businesses with remote workers or multiple locations.
advertisement
DATASHEET
APPSECURE FOR SRX SERIES
SERVICES GATEWAYS
Product Overview
AppSecure is a suite of nextgeneration security capabilities for Juniper Networks SRX Series
Services Gateways that utilize advanced application identification and classification to deliver greater visibility, enforcement, control, and protection over the network.
Working in conjunction with the other security services of the SRX
Series, AppSecure provides a deep understanding of application behaviors and weaknesses to prevent application borne threats that are difficult to detect and stop.
As an integrated service on the world’s fastest services gateways,
AppSecure provides the scalability to meet the requirements of the most demanding environments.
AppSecure Description
As network infrastructure and the threats targeting that infrastructure continue to evolve, so too must the network security solutions adopted to protect organizations. At the same time, the latest generation of web-based applications and the proliferation of mobile devices provide an increasingly challenging task for network administrators to effectively manage traffic flows and access to data while delivering the right mix of security and network services. In the past, network administrators would simply buy a new appliance to overcome a security or network issue. However, that approach leads to greater network complexity, excessive management overhead, and poor overall performance.
Today’s network security solutions must not only have the right architecture to deliver the appropriate mix of performance and scale in this evolving network environment, but must also deliver the right security services to give administrators visibility and control over the types of applications now traversing their networks. Juniper Networks® AppSecure is a suite of application-aware security services for the Juniper Networks SRX Series
Services Gateways that classify traffic flows, bringing greater visibility, enforcement, control, and protection to network security. AppSecure uses a sophisticated classification engine to accurately identify applications regardless of port or protocol, including nested applications that reside within trusted network services.
The result is a powerful tool that helps bring context and clarity to the setting and enforcement of security policies, provides protection against common evasion techniques, and helps stop modern malware attacks, all while delivering the industry’s highest performance and scale. AppSecure gives security administrators the context to regain control of their network traffic, set and enforce policies based on accurate information, and deliver the performance and scale required to address business needs. The services that are enabled by AppSecure include: AppTrack for detailed visibility of application traffic; AppFW for granular policy enforcement of application traffic; AppQoS to prioritize and meter application traffic; and AppDoS for greater control over the latest breed of botnet attacks targeting applications. AppSecure also works with the SRX Series’ integrated intrusion prevention system (IPS) solution to deliver deeper protection against zero-day attacks.
1
SMTP HTTP UDP HTTPS
AppSecure
TM
AppTrack
Visibility for application usage and bandwidth
AppFW
Enforcement to block/allow applications
AppQoS
Control and prioritization
AppDoS
Protection against botnet attacks
IPS
Threat mitigation
SMTP HTTP UDP HTTPS
Application awareness and classification engine
User context from Junos
Pulse or active directory
AppTrack logs to
STRM Series for reporting
Figure 1: The application awareness and classification engine improves efficiency by inspecting network traffic and publishing the results for use by all of the AppSecure services.
AppSecure Features and Benefits
Feature
Application awareness and classification
Feature Description
Context, protocol information, and signatures used to identify applications on any TCP or UDP port.
Nested application support
User-role based policies
Accurate identification of applications running on top of, or embedded into approved/trusted services and protocols.
Fine-grained policies, including application security, based on user role and identity for all endpoints including mobile devices.
Benefit
Enables all AppSecure capabilities by exposing application information to advanced, next-generation security services for increased visibility, control and protection.
Provides enhanced protection against modern evasion techniques that utilize trusted services.
SSL inspection
Purpose built platform
Junos ® OS service integration on
SRX Series
Inspection of HTTP traffic encrypted in SSL on any
TCP/UDP port.
Built from the ground up on dedicated hardware.
Rich set of native network and security services including: firewall, AppSecure, IPS, IPsec VPN, NAT,
QoS, routing, and switching.
Superior protection and easier policy management as user and user groups reduce the number of policies and rules needed to account for other elements such as location, device, and IP address.
Combined with AppSecure, provides visibility and protection against threats embedded in SSL encrypted traffic.
Delivers unrivaled performance and flexibility to protect service provider, enterprise and data center environments.
Provides consolidation and optimization of application-aware security services for maximum scale.
2
Application Visibility with AppTrack
AppTrack collects byte, packet, session, and time statistics while accurately identifying hundreds of applications, giving network administrators detailed analysis of application data.
AppTrack quickly and easily provides visibility into the types of applications traversing through the SRX Series gateway and allows classification based on risk level, users, groups, zones, source, and destination addresses, as well as volumes. This information can be used to assess adherence to usage policies, help address bandwidth management, or simply report on the most active users and applications. Juniper’s centralized logging and reporting system, STRM Series Security Threat Response
Managers, provides a flexible and extensible way to analyze data from a centralized location and take action. Using a variety of predefined report formats, STRM Series can generate reports based on AppTrack application log data.
Application Enforcement with AppFW
AppFW enables administrators to create fine grained application control policies to allow or deny traffic based on dynamic application name or group names rather than static IP/port information. It is designed to simplify security policies by using application white lists and black lists, as well as to define what actions to perform on matched traffic while taking default action against all other traffic.
Application Control with AppQoS
1
With the increased use of web-based customer relationship management (CRM), enterprise resource planning (ERP), and other business tools, network administrators need a way to prioritize business critical traffic over the network. AppQoS provides the ability to meter and mark traffic based on the application policies set by the administrator. These policies enable lower priority Web traffic to continue when network bandwidth allows, but ensures that mission critical traffic is delivered when usage levels surge.
Application Protection with AppDoS
AppDoS identifies attacking botnet traffic and legitimate client traffic based on application-layer metrics and remediates these botnet attacks. Employing a multi-stage approach that includes server connection monitoring, deep protocol analysis, and botclient classification, AppDoS delivers the ability to detect subtle changes in traffic patterns and client behaviors that could indicate an application-level denial-of-service (DoS) attack. Once suspicious activity is detected, AppDoS can then issue an alert, block offending
IP addresses, or completely drop irregular sessions and packets.
AppDoS is typically deployed with the SRX Series’ integrated IPS service to increase protection against malicious attacks.
Application Protection with IPS
IPS tightly integrates Juniper’s latest and most advanced security features with the network infrastructure for threat mitigation and protection from a wide range of attacks and vulnerabilities.
IPS subscribes to the results of application identification/ contextualization. These results help determine the appropriate protocol decoding and attack objects to use for the permitted incoming traffic that will be processed by the IPS software services module.
Specifications - Branch SRX Series Services Gateways
Maximum AppSecure throughput 2
SRX100/
SRX110
Services
Gateway
90 Mbps
SRX210
Services
Gateway
250 Mbps
SRX220
Services
Gateway
300 Mbps
SRX240
Services
Gateway
750 Mbps
Application identification
Maximum IPS throughput
Maximum connections per second
Maximum sessions
>900 applications
75 Mbps
1,500
12,000
>900 applications
65 Mbps
1,500
24,000
>900 applications
80 Mbps
1,800
32,000
>900 applications
230 Mbps
7,400
48,000
SRX550
Services
Gateway
1.5 Gbps
>900 applications
800 Mbps
27,000
375,000
SRX650
Services
Gateway
1.9 Gbps
>900 applications
1 Gbps
35,000
512,000
Specifications - Data Center SRX Series Services Gateways
SRX1400
Services
Gateway
Maximum AppSecure throughput 2 4 Gbps
SRX3400
Services
Gateway
16 Gbps
SRX3600
Services
Gateway
25 Gbps
Application identification
AppDoS protocols
>900 applications
>60 protocols +
600 contexts
Maximum IPS throughput 2 Gbps
Maximum connections per second 40,000
Maximum sessions 0.5 million
SSL inspection Yes
>900 applications
>60 protocols +
600 contexts
6 Gbps
180,000
2.25 million/
3 million 3
Yes
>900 applications
>60 protocols +
600 contexts
10 Gbps
180,000/300,000 3
2.25 million/
6 million 3
Yes
SRX5600
Services
Gateway
50 Gbps
>900 applications
>60 protocols +
600 contexts
15 Gbps
380,000
9 million
Yes Yes
1 AppQoS is currently supported on SRX Series Services Gateways for the data center. AppQoS support on SRX Series Services Gateways for the branch forthcoming in the near future.
2 Throughput numbers based on HTTP traffic with 44 kilobyte transaction size.
3 Additional Extreme License required for 3 million and 6 million sessions.
4 To achieve more than 12.5M CP sessions on SRX5800, use software knob available from 10.4 or 11.4 and later.
SRX5800
Services
Gateway
100 Gbps
>900 applications
>60 protocols +
600 contexts
30 Gbps
380,000
12.5/20 million 4
3
Juniper Networks Services and Support
Juniper Networks is the leader in performance-enabling services that are designed to accelerate, extend, and optimize your high-performance network. Our services allow you to maximize operational efficiency while reducing costs and minimizing risk, achieving a faster time to value for your network. Juniper
Networks ensures operational excellence by optimizing the network to maintain required levels of performance, reliability, and availability. For more details, please visit www.juniper.net/us/en/ products-services.
Ordering Information
Model Number Description
AppSecure Subscription
SRX1XX-APPSEC-A-1 1-year subscription for AppSecure and IPS updates for SRX100 and SRX110
SRX210-APPSEC-A-1
SRX220-APPSEC-A-1
SRX240-APPSEC-A-1
SRX550-APPSEC-A-1
SRX650-APPSEC-A-1
SRX1400-APPSEC-A-1
SRX3400-APPSEC-A-1
SRX3600-APPSEC-A-1
SRX5600-APPSEC-A-1
SRX5800-APPSEC-A-1
SRX1XX-APPSEC-A-3
SRX210-APPSEC-A-3
SRX220-APPSEC-A-3
SRX240-APPSEC-A-3
SRX550-APPSEC-A-3
1-year subscription for AppSecure and IPS updates for SRX210
1-year subscription for AppSecure and IPS updates for SRX220
1-year subscription for AppSecure and IPS updates for SRX240
1-year subscription for AppSecure and IPS updates for SRX550
1-year subscription for AppSecure and IPS updates for SRX650
1-year subscription for AppSecure and IPS updates for SRX1400
1-year subscription for AppSecure and IPS updates for SRX3400
1-year subscription for AppSecure and IPS updates for SRX3600
1-year subscription for AppSecure and IPS updates for SRX5600
1-year subscription for AppSecure and IPS updates for SRX5800
3-year subscription for AppSecure and IPS updates for SRX100 and SRX110
3-year subscription for AppSecure and IPS updates for SRX210
3-year subscription for AppSecure and IPS updates for SRX220
3-year subscription for AppSecure and IPS updates for SRX240
3-year subscription for AppSecure and IPS updates for SRX550
Model Number
SRX650-APPSEC-A-3
SRX1400-APPSEC-A-3
SRX3400-APPSEC-A-3
SRX3600-APPSEC-A-3
SRX5600-APPSEC-A-3
SRX5800-APPSEC-A-3
SRX1XX-APPSEC-A-5
SRX210-APPSEC-A-5
SRX220-APPSEC-A-5
SRX240-APPSEC-A-5
SRX550-APPSEC-A-5
SRX650-APPSEC-A-5
SRX1400-APPSEC-A-5
SRX3400-APPSEC-A-5
SRX3600-APPSEC-A-5
SRX5600-APPSEC-A-5
SRX5800-APPSEC-A-5
Description
3-year subscription for AppSecure and IPS updates for SRX650
3-year subscription for AppSecure and IPS updates for SRX1400
3-year subscription for AppSecure and IPS updates for SRX3400
3-year subscription for AppSecure and IPS updates for SRX3600
3-year subscription for AppSecure and IPS updates for SRX5600
3-year subscription for AppSecure and IPS updates for SRX5800
5-year subscription for AppSecure and IPS updates for SRX100 and SRX110
5-year subscription for AppSecure and IPS updates for SRX210
5-year subscription for AppSecure and IPS updates for SRX220
5-year subscription for AppSecure and IPS updates for SRX240
5-year subscription for AppSecure and IPS updates for SRX550
5-year subscription for AppSecure and IPS updates for SRX650
5-year subscription for AppSecure and IPS updates for SRX1400
5-year subscription for AppSecure and IPS updates for SRX3400
5-year subscription for AppSecure and IPS updates for SRX3600
5-year subscription for AppSecure and IPS updates for SRX5600
5-year subscription for AppSecure and IPS updates for SRX5800
About Juniper Networks
Juniper Networks is in the business of network innovation. From devices to data centers, from consumers to cloud providers,
Juniper Networks delivers the software, silicon and systems that transform the experience and economics of networking. The company serves customers and partners worldwide. Additional information can be found at www.juniper.net.
Corporate and Sales Headquarters
Juniper Networks, Inc.
1194 North Mathilda Avenue
Sunnyvale, CA 94089 USA
Phone: 888.JUNIPER (888.586.4737) or 408.745.2000
Fax: 408.745.2100 www.juniper.net
APAC Headquarters
Juniper Networks (Hong Kong)
26/F, Cityplaza One
1111 King’s Road
Taikoo Shing, Hong Kong
Phone: 852.2332.3636
Fax: 852.2574.7803
EMEA Headquarters
Juniper Networks Ireland
Airside Business Park
Swords, County Dublin, Ireland
Phone: 35.31.8903.600
EMEA Sales: 00800.4586.4737
Fax: 35.31.8903.601
Copyright 2012 Juniper Networks, Inc. All rights reserved. Juniper Networks, the Juniper Networks logo, Junos,
NetScreen, and ScreenOS are registered trademarks of Juniper Networks, Inc. in the United States and other countries. All other trademarks, service marks, registered marks, or registered service marks are the property of their respective owners. Juniper Networks assumes no responsibility for any inaccuracies in this document. Juniper
Networks reserves the right to change, modify, transfer, or otherwise revise this publication without notice.
1000327-006-EN May 2012 Printed on recycled paper
4
To purchase Juniper Networks solutions, please contact your Juniper Networks representative at 1-866-298-6428 or authorized reseller.
advertisement
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Key Features
- Advanced threat protection
- High-speed performance
- Scalability
- Comprehensive security features
- Easy to manage