Juniper SRX650 SRX650-BASE-SRE6-645AP Fiche De Données
Codes de produits
SRX650-BASE-SRE6-645AP
3
SRX Series for the branch checks the traffic to see if it is legitimate
and permitted, and only forwards it on when it is. This reduces the
load on the network, allocates bandwidth for all other mission-
critical applications, and secures the network from malicious users.
and permitted, and only forwards it on when it is. This reduces the
load on the network, allocates bandwidth for all other mission-
critical applications, and secures the network from malicious users.
The main purpose of a secure router is to provide firewall
protection and apply policies. The firewall (zone) functionality
inspects traffic flows and state to ensure that originating and
returning information in a session is expected and permitted for
a particular zone. The security policy determines if the session
can originate in one zone and traverse to another zone. This
architectural choice receives packets from a wide variety of clients
and servers and keeps track of every session, of every application,
and of every user. It allows the enterprise to make sure that only
legitimate traffic is on its network and that traffic is flowing in the
expected direction.
protection and apply policies. The firewall (zone) functionality
inspects traffic flows and state to ensure that originating and
returning information in a session is expected and permitted for
a particular zone. The security policy determines if the session
can originate in one zone and traverse to another zone. This
architectural choice receives packets from a wide variety of clients
and servers and keeps track of every session, of every application,
and of every user. It allows the enterprise to make sure that only
legitimate traffic is on its network and that traffic is flowing in the
expected direction.
To ease the configuration of a firewall, SRX Series for the branch
uses two features—“zones” and “policies.” While these can be
user-defined, the default shipping configuration contains, at a
minimum, a “trust” and “untrust” zone. The trust zone is used
for configuration and attaching the internal LAN to the branch
SRX Series. The untrust zone is commonly used for the WAN or
untrusted Internet interface. To simplify installation and make
configuration easier, a default policy is in place that allows traffic
originating from the trust zone to flow to the untrust zone. This
policy blocks all traffic originating from the untrust zone to the
trust zone. A traditional router forwards all traffic without regard
to a firewall (session awareness) or policy (origination and
destination of a session).
uses two features—“zones” and “policies.” While these can be
user-defined, the default shipping configuration contains, at a
minimum, a “trust” and “untrust” zone. The trust zone is used
for configuration and attaching the internal LAN to the branch
SRX Series. The untrust zone is commonly used for the WAN or
untrusted Internet interface. To simplify installation and make
configuration easier, a default policy is in place that allows traffic
originating from the trust zone to flow to the untrust zone. This
policy blocks all traffic originating from the untrust zone to the
trust zone. A traditional router forwards all traffic without regard
to a firewall (session awareness) or policy (origination and
destination of a session).
By using the Web interface or CLI, enterprises can create a series
of security policies that will control the traffic from within and in
between zones by defining policies. At the broadest level, all types
of traffic can be allowed from any source in security zones to any
destination in all other zones without any scheduling restrictions.
At the narrowest level, policies can be created that allow only one
kind of traffic between a specified host in one zone and another
specified host in another zone during a scheduled time period.
of security policies that will control the traffic from within and in
between zones by defining policies. At the broadest level, all types
of traffic can be allowed from any source in security zones to any
destination in all other zones without any scheduling restrictions.
At the narrowest level, policies can be created that allow only one
kind of traffic between a specified host in one zone and another
specified host in another zone during a scheduled time period.
High Availability
Junos OS Services Redundancy Protocol (JSRP) is a core feature
of the SRX Series for the branch. JSRP enables a pair of SRX
Series systems to be easily integrated into a high availability
network architecture, with redundant physical connections
between the systems and the adjacent network switches. With
link redundancy, Juniper Networks can address many common
causes of system failures, such as a physical port going bad
or a cable getting disconnected, to ensure that a connection
is available without having to fail over the entire system. This
is consistent with a typical active/standby nature of routing
resiliency protocols.
of the SRX Series for the branch. JSRP enables a pair of SRX
Series systems to be easily integrated into a high availability
network architecture, with redundant physical connections
between the systems and the adjacent network switches. With
link redundancy, Juniper Networks can address many common
causes of system failures, such as a physical port going bad
or a cable getting disconnected, to ensure that a connection
is available without having to fail over the entire system. This
is consistent with a typical active/standby nature of routing
resiliency protocols.
When SRX Series Services Gateways for the branch are
configured as an active/active hA pair, traffic and configuration
is mirrored automatically to provide active firewall and VPN
session maintenance in case of a failure. The branch SRX Series
synchronizes both configuration and runtime information. As a
result, during failover, synchronization of the following information
is shared: connection/session state and flow information, IPSec
security associations, Network Address Translation (NAT) traffic,
address book information, configuration changes, and more. In
configured as an active/active hA pair, traffic and configuration
is mirrored automatically to provide active firewall and VPN
session maintenance in case of a failure. The branch SRX Series
synchronizes both configuration and runtime information. As a
result, during failover, synchronization of the following information
is shared: connection/session state and flow information, IPSec
security associations, Network Address Translation (NAT) traffic,
address book information, configuration changes, and more. In
Standby
SRX240
SRX240
Active
High Availability
Active
/
Standby
EX Series
EX Series
INTERNET
Failure
SRX240
SRX240
Active
Active
/
Standby
EX Series
EX Series
INTERNET
SRX240
SRX240
Active
Active
Active
/
Active
EX Series
EX Series
INTERNET
Failure
SRX240
SRX240
Active
Active
/
Active
EX Series
EX Series
INTERNET
Figure 2: High availability