Juniper SRX210-RMK Manual de Usario

Lee a continuación 📖 el manual en español para Juniper SRX210-RMK (16 páginas) en la categoría No categorizado. Esta guía fue útil para 2 personas y fue valorada con 4.5 estrellas en promedio por 2 usuarios

Página 1/16
DATASHEET
1
Product Description
The Juniper Networks® SRX Series Services Gateways for the branch joins Juniper
Networks SRX Series for the high end, EX Series Ethernet Switches, M Series Multiservice
Edge Routers, MX Series 3D Universal Edges Routers, and T Series Core Routers to provide
a single Juniper Networks Junos® operating system-based portfolio of unprecedented
scale. With Junos OS, enterprises and service providers can lower deployment and
operational costs across their entire distributed workforce.
SRX Series for the branch runs Junos OS, the proven operating system that is used
by core Internet routers in all of the top 100 service providers around the world. The
rigorously tested carrier class routing features of IPv4/IPv6, OSPF, BGP, and multicast
have been proven in over 10 years of worldwide deployments.
SRX Series Services Gateways for the branch provide perimeter security, content
security, access control, and network-wide threat visibility and control. Best-in-class
firewall and VPN technologies secure the perimeter with minimal configuration and
consistent performance. By using zones and policies, even new network administrators
can configure and deploy an SRX Series for the branch quickly and securely. Policy-
based VPNs support more complex security architectures that require dynamic
addressing and split tunneling. For content security, SRX Series for the branch offers a
complete suite of Unified Threat Management (UTM) services consisting of: intrusion
prevention system (IPS), antivirus, antispam, Web filtering and data loss prevention via
content filtering to protect your network from the latest content borne threats. Select
models feature Content Security Accelerator for high-performance IPS and antivirus
performance. The branch SRX Series integrates with other Juniper security products to
deliver enterprise-wide unified access control and adaptive threat management. These
capabilities give security professionals powerful tools in the fight against cybercrime
and data loss.
SRX Series for the branch are secure routers that bring high-performance and proven
deployment capabilities to enterprises that need to build a worldwide network of
thousands of sites. The wide variety of options allows configuration of performance,
functionality, and price scaled to support from a handful to thousands of users.
Ethernet, serial, T1/E1, xDSL, Metro Ethernet, and third generation (3G) cellular wireless
are all available options for WAN or Internet connectivity to securely link your sites.
Multiple form factors allow you to make cost-effective choices for mission-critical
deployments. Managing the network is easy using the proven Junos OS command-line
interface (CLI) and scripting capabilities, or a simple to use Web-based GUI.
Product Overview
Juniper Networks SRX Series Services
Gateways for the branch are secure
routers that provide essential
capabilities that connect, secure, and
manage work force locations sized
from handfuls to hundreds of users.
By consolidating fast, highly available
switching, routing, security, and
applications capabilities in a single
device, enterprises can economically
deliver new services, safe connectivity,
and a satisfying end user experience. All
SRX Series Services Gateways, including
products scaled for the branch, campus
and data center applications, are
powered by Juniper Networks Junos
OS—the proven operating system that
provides unmatched consistency, better
performance with services, and superior
infrastructure protection at a lower total
cost of ownership.
SRX SERIES SERVICES
GATEWAYS FOR THE
BRANCH
SRX100, SRX210, SRX240 AND
SRX650
2
Architecture and Key Components
Key Hardware Features of the Branch SRX Series Products
PRODUCT DESCRIPTION
SRX100 Services
Gateway
8 10/100 Ethernet LAN ports
Full UTM2,; antivirus2, antispam2, Web filtering2, intrusion prevention system2 (with high memory version)
Unified Access Control (UAC) and content ltering
1 GB8 DRAM, 1 GB flash default (512 MB DRAM accessible in low memory version)
SRX210 Services
Gateway
2 10/100/1000 Ethernet and 6 10/100 Ethernet LAN ports, 1 Mini-PIM slot, 1 ExpressCard slot and 2 USB ports
Factory option of 4 dynamic Power over Ethernet (PoE) ports 802.3af
Support for T1/E1, serial, ADSL/2/2+, Ethernet small form-factor pluggable transceiver (SFP), and Gigabit Ethernet interfaces
Content Security Accelerator hardware for faster performance of IPS and ExpressAV
Full UTM2; antivirus2, antispam2, Web filtering2, intrusion prevention system2 (with high memory version)
Unified Access Control (UAC) and content ltering
512 MB DRAM default, optional factory 1 GB DRAM, 1 GB flash default
SRX240 Services
Gateway
16 10/1000/1000 Ethernet LAN ports, 4 Mini-PIM slots
Factory option of 16 PoE ports; PoE+ 803.3at, backwards compatible with 802.3af
Support for T1/E1, serial, ADSL2/2+, Ethernet SFP, and Gigabit Ethernet interfaces
Content Security Accelerator hardware for faster performance of IPS and ExpressAV
Full UTM2; antivirus2, antispam2, Web filtering2, intrusion prevention system2 (with high memory version)
Unified Access Control and content filtering
512 MB RAM default, optional factory 1 GB DRAM, 1 GB flash default
SRX650 Services
Gateway
4 fixed ports 10/100/1000 Ethernet LAN ports, 8 GPIM slots or multiple GPIM and XPIM combinations
Support for T1, E1, Gigabit Ethernet LAN ports; supports up to 48 ports switching with optional PoE including 802.3at, PoE+,
backwards compatible with 802.3af
Content Security Accelerator hardware for faster performance of IPS and ExpressAV
Full UTM2; antivirus2, antispam2, Web filtering2, and intrusion prevention system2
Unified Access Control and content filtering
Modular Services and Routing Engine; future internal failover and hot-swap
2 GB DRAM default, 2 GB compact flash default, external compact flash slot for additional storage
Optional redundant AC power; standard AC power supply that is PoE-ready; PoE power up to 250 watts redundant, or 500
watts non-redundant
Network Deployments
The SRX Series Services Gateways for the branch are deployed at
remote and branch locations in the network to provide all-in-one
secure WAN connectivity, IP telephony, and connection to local
PCs and servers via integrated Ethernet switching.
Features and Benefits
Secure Routing
Should you use a router and a firewall to secure your network?
By building the branch SRX Series with best in class routing and
firewall capabilities in one product, enterprises don’t have to make
that choice. Why forward traffic if its not legitimate?
SRX Series for the branch checks the traffic to see if it is
legitimate, and only forwards it on when it is. This reduces the load
on the network, allocates bandwidth for all other mission-critical
applications, and secures the network from hacking.
The main purpose of a secure router is to provide firewall
protection and apply policies. The firewall (zone) functionality
inspects traffic flows and state to ensure that originating and
returning information in a session is expected and permitted for
a particular zone. The security policy determines if the session
can originate in one zone and traverse to another zone. This
architectural choice receives packets from a wide variety of clients
and servers and keeps track of every session, of every application,
and of every user. It allows the enterprise to make sure that only
legitimate traffic is on its network and that traffic is flowing in the
expected direction.
Figure 1: Firewalls, zones and policies
“Untrust” Zone
“Trust” Zone
“Guest” Zone
“DMZ” Zone
Intranet
INTERNET
3
Figure 2: High availability
To ease the configuration of a firewall, SRX Series for the branch
uses two features“zonesand policies. While these can be
user defined, the default shipping configuration contains, at a
minimum, a trust and an untrust zone. The trust zone is used for
configuration and attaching the LAN to the branch SRX Series. The
untrust zone is used for the WAN or Internet interface. To simplify
installation and make configuration easier, a default policy is in
place that allows traffic originating from the trust zone to flow to
the untrust zone. This policy blocks ALL traffic originating from
the untrust zone to the trust zone. A traditional router forwards all
traffic without regard to a firewall (session awareness) or policy
(origination and destination of a session).
By using the Web interface or CLI, enterprises can create a series
of security policies that will control the traffic from within and in
between zones by defining policies. At the broadest level, all types
of traffic can be allowed from any source in security zones to any
destination in all other zones without any scheduling restrictions.
At the narrowest level, policies can be created that allow only one
kind of traffic between a specified host in one zone and another
specified host in another zone during a scheduled time period.
High Availability
Junos OS Services Redundancy Protocol (JSRP) is a core feature
of the SRX Series for the branch. JSRP enables a pair of security
systems to be easily integrated into a high availability network
architecture, with redundant physical connections between the
systems and the adjacent network switches. With link redundancy,
Juniper Networks can address many common causes of system
failures, such as a physical port going bad or a cable getting
disconnected, to ensure that a connection is available, without
having to fail over the entire system. This is consistent with a
typical active/standby nature of routing resiliency protocols.
When SRX Series Services Gateways for the branch are configured
as an active/active pair, traffic and configuration will be mirrored
automatically to provide active firewall and VPN session
maintenance in case of a failure. The branch SRX Series will now
synchronize both configuration and runtime information. As a
result, during failover, synchronization of the following information
is shared: connection/session state and flow information, IPsec
security associations, Network Address Translation (NAT) traffic,
address book information, configuration changes, and more. In
Standby
SRX240SRX240
Active
High Availability
Active/Standby
EX Series EX Series
INTERNET
Failure
SRX240SRX240
Active
Active/Standby
EX Series EX Series
INTERNET
SRX240SRX240
Active Active
Active/Active
EX Series EX Series
INTERNET
Failure
SRX240SRX240
Active
Active/Active
EX Series EX Series
INTERNET

Especificaciones del producto

Marca: Juniper
Categoría: No categorizado
Modelo: SRX210-RMK

¿Necesitas ayuda?

Si necesitas ayuda con Juniper SRX210-RMK haz una pregunta a continuación y otros usuarios te responderán




No categorizado Juniper Manuales

No categorizado Manuales

Últimos No categorizado Manuales