Juniper Networks VPN Juniper 2008 789 2007 MSeries

Juniper（瞻博）发展 2008 #789 2007 M-Series 2006 2005 2002 1996 1998 1999 2004 2000 UAC

Juniper网络产品企�安全路由解决方案 Service provider quality routers for the enterprise designed for remote, branch or

性能：先进的硬件设计 ASIC Net. Screen Advanced Architecture PC Appliances/Pseudo Appliances Applications Integrated Security Applications OS

Juniper防火墙产品线 NS series NS-5400 ISG series NS-5200 ISG 2000 ISG 1000 NS-500 NS-208 NS-204

IDP安全模块 IDP Security Module (SM) Board 2 Gig RAM Dual CPU

SSG系列产品家族 • • SSG 5 - Six fixed form factor models – 160 Mbps

I/O扩展插槽的配置选项 SSG 520 WAN�接串行, T 1/E 1, DS 3 LAN 或 WAN �接

SSG系列总结 SSG 550 M SSG 520 M SSG 350 M SSG 320 M SSG

SSG家族对比分析图 SSG 5 SSG 20 SSG 140 SSG 320 M SSG 350 M SSG

Slides: 46

Download presentation

Juniper Networks 防火墙 VPN 产品李铭

Juniper（瞻博）发展 2008 #789 2007 M-Series 2006 2005 2002 1996 1998 1999 2004 2000 UAC T 1600 JUNOS w/Integrated Security $2. 8 B 5300+ $2. 8 B 6100+ Acorn Incorporated T-Series SSG Revenue Employees $500 M 1000 $1. 3 B 1500 2500 $2 B 3500 $2. 3 B 4800

Juniper网络产品企�安全路由解决方案 Service provider quality routers for the enterprise designed for remote, branch or regional offices 整合防火� /IPSec VPN 解决方案 Purpose-built security appliances with WAN & LAN interface flexibility and performance capabilities to protect enterprise and service provider networks SSL VPN 解决方案 Product lines for secure LAN, extranet and intranet access to mobile employees, customers and partners with no client software deployment 入侵防�解决方案 Intrusion prevention appliances that help protect networks and critical resources from attacks 整合接入控制解决方案 Infranet Agent Product line consisting of three components that work together to enable a cost-effective, pragmatic solution solving endpoint security as it effects the LAN 基于策略的集中管理解决方案 3 -tier system providing role-based administration and central control and logging of all FW/VPN solutions

性能：先进的硬件设计 ASIC Net. Screen Advanced Architecture PC Appliances/Pseudo Appliances Applications Integrated Security Applications OS Security-Specific, Real-Time OS High Speed Backplane CPU In Out CPU Giga. Screen ASIC I/O RAM 专用的安全处理 • 基于流的线性的数据包处理 • 每个处理模块被优化 • 优化的应用和硬件用于安全处理和性能 RAM In Out VPN Co-Processor I/O Bus 通用结构的处理 • 数据在几个非优化的接口传送 • 每个“API”引入安全风险 • 处理的延迟导致“无法预测的行为” • 数据通道无法优化

Juniper防火墙产品线 NS series NS-5400 ISG series NS-5200 ISG 2000 ISG 1000 NS-500 NS-208 NS-204 SSG 550 M SSG 520 M SSG 350 SSG 320 SSG 5 SSG 140 NS-25/50 NS-5 GT SSG series NS-HSC

IDP安全模块 IDP Security Module (SM) Board 2 Gig RAM Dual CPU

SSG系列产品家族 • • SSG 5 - Six fixed form factor models – 160 Mbps FW / 40 Mbps VPN SSG 20 – 2 modular models – 160 Mbps FW / 40 Mbps VPN SSG 140 – 350+ Mbps FW / 100 Mbps VPN SSG 320 M – 450+ Mbps FW / 175 Mbps VPN SSG 350 M – 550+ Mbps FW / 225 Mbps VPN SSG 520 M – 2+ Mbps FW / 300 Mbps VPN SSG 550 M – 4+ Gbps FW / 500 Mbps VPN 安全网管SSG系列基于Screen. OS平台 – 集成了UTM(Unified Threat Management) 统一威胁管理 – 接口模块化设计 – 功能可灵活选择 Licensing 选购 SSG 5 SSG 20 SSG 140 SSG 320 M SSG 350 M SSG 520 M SSG 550 M

I/O扩展插槽的配置选项 SSG 520 WAN�接串行, T 1/E 1, DS 3 LAN 或 WAN �接 10/100/1000, SFP, FE串行, T 1/E 1, DS 3 (4)个固定的 10/1000 接口 RJ 45控制台和 Aux接口 SSG 550 WAN�接串行, T 1/E 1, DS 3 LAN 或 WAN �接 10/100/1000, SFP, FE串行, T 1/E 1, DS 3 (4)个固定的 10/1000 接口 RJ 45控制台和 Aux接口

SSG系列总结 SSG 550 M SSG 520 M SSG 350 M SSG 320 M SSG 140 SSG 20 SSG 5 FW Mbps (Large Packets) 1+ Gbps 650+ Mbps 550+ Mbps 450+ Mbps 350+ Mbps 160 Mbps FW Mbps (IMIX) 1 Gbps 600 Mbps 500 Mbps 400 Mbps 300 Mbps 90 Mbps FW PPS (64 Byte) 600 k 300 k 225 k 175 k 100 k 30 k VPN (1400 Byte) 500 Mbps 300 Mbps 225 Mbps 175 Mbps 100 Mbps 40 Mbps IPS (Deep Inspection FW) Yes Yes Antivirus Yes Yes Anti-spam Yes Yes Web Filtering Yes Yes Modular I/O Yes Yes Yes No Routing (RIP/OSPF/BGP) Yes Yes WAN Encapsulations Yes Yes A/A, A/P HA Yes Yes Yes Optiona l Option al Convertible to JUNOS Yes Yes No No No

SSG家族对比分析图 SSG 5 SSG 20 SSG 140 SSG 320 M SSG 350 M SSG 520/520 M SSG 550/550 M Cisco FW ASA 5505 PIX 501/506 ASA 5510 PIX 515/525 ASA 5520 PIX 525 ASA 5540 PIX 535 Cisco Router s (ISR) 871 1841 2801/281 1 2811/2821/285 1 2851 3845 Fortine t FG 50 B FG 60 B FG 100 A FG 224 B FG 200 A FG 224 B FG 300 A FG 400 A FG 500 A FG 800 Check Point VPN 1 Edge Safe@offic e N/A N/A UTM-1 450 UTM-1 1050 Nokia IP 45 IP 260/265 IP 350/355 IP 290/390