Juniper SA6500 FIPS SA6500FIPS 데이터 시트
제품 코드
SA6500FIPS
4
Open and Standards-Based
open, standards-based UAC significantly reduces the time to configure and propagate policies across the enterprise, lowering TCo by saving
administrative time and cost, ensuring comprehensive, uniform security and access control, and enabling quicker, simpler deployments.
administrative time and cost, ensuring comprehensive, uniform security and access control, and enabling quicker, simpler deployments.
Table 3: Open and Standards-Based
Feature
Feature Description
Benefit
Dynamic
authentication
policy
authentication
policy
• Leverages existing investments in directories, PKI, and strong
authentication, establishing a dynamic authentication policy for each
user session.
user session.
• Supports 802.1X, RADIUS, LDAP, Microsoft Active Directory, RSA ACE/
Server, Network Information Service (NIS), certificate servers (digital
certificates/PKI), local login/password, Netegrity SiteMinder (Computer
Associates), RSA ClearTrust, oblix (oracle), and RADIUS Proxy.
certificates/PKI), local login/password, Netegrity SiteMinder (Computer
Associates), RSA ClearTrust, oblix (oracle), and RADIUS Proxy.
Saves time and expense by leveraging and
interfacing with existing AAA infrastructures.
interfacing with existing AAA infrastructures.
Industry standards
and best-in-
class products
foundation
and best-in-
class products
foundation
• Leverages industry standards such as 802.1X, RADIUS, IPsec, and
innovative open standards—such as the TCG’s TNC specifications for
network access control and security.
network access control and security.
• Leverages the SA Series policy engine and AAA capabilities, RADIUS
capabilities from SBR Enterprise Series servers, and 802.1X capabilities
from oAC.
from oAC.
• Delivers standards-based, vendor-agnostic
access control and seamless support
for existing, heterogeneous networking
environments.
for existing, heterogeneous networking
environments.
• Facilitates quick, simple, and flexible access
control deployments. No forklift upgrades.
• Delivers investment protection, network future-
proofing, and time and cost savings.
• Alleviates single vendor lock-in, enabling choice.
Enterprise-Wide Access Control
When deployed with Juniper Networks SA Series SSL VPN Appliances, the IC6500 FIPS – and UAC – delivers enterprise-wide access
control, saving time and cost by allowing user session data and policies to be shared for local and remote access.
control, saving time and cost by allowing user session data and policies to be shared for local and remote access.
Table 4: Enterprise-Wide Access Control
Feature
Feature Description
Benefit
Federation –
IC Series –
SA Series and IC
Series – IC Series
IC Series –
SA Series and IC
Series – IC Series
• Federation of user sessions between SA Series and IC Series appliances,
including the IC6500 FIPS, enables seamless provisioning of SSL VPN user
sessions into UAC upon login, or alternatively UAC user sessions into SSL VPN
at login.
sessions into UAC upon login, or alternatively UAC user sessions into SSL VPN
at login.
• Allows authorized and authenticated users to access resources protected by
another IC Series appliance without re-authentication, enabling “follow-me”
policies.
policies.
• Leverages the TNC standard protocol Interface for Metadata Access Point
(IF-MAP) to enable federation.
Provides users—whether remote or
local— with seamless access to corporate
resources protected by uniform access
control policies through a single login,
offering a consistent user access experience.
local— with seamless access to corporate
resources protected by uniform access
control policies through a single login,
offering a consistent user access experience.
Centralized policy
management
management
• Available when IC6500 FIPS is deployed with Juniper Networks Network and
Security Manager (NSM) and SA Series appliances.
• Allows common configuration templates to be created and shared between
SA Series appliances and IC6500 FIPS appliances via NSM.
• NSM also delivers a single management server that can administer and
manage key components of a UAC deployment, including the IC6500 FIPS.
• Saves administration time and cost,
and offers a consistent user and
administrative experience.
administrative experience.
• Enables the simple enterprise-wide
deployment of uniform access control.
IF-MAP support
• Adopts and utilizes the TNC’s open standard IF-MAP.
• Enables integration with third-party network and security devices, including
• Enables integration with third-party network and security devices, including
devices that collect information about the status of a network.
• Allows devices to report back to the IC6500 FIPS UAC Appliance serving as a
MAP (Metadata Access Point) server, enabling the collected data to be used in
formulating policies and appropriate access actions.
formulating policies and appropriate access actions.
• Empowers IC6500 FIPS appliances to serve as standalone MAP servers with
separate IF-MAP licenses available; or as mixed IC Series UAC Appliances and
MAP servers.
MAP servers.
• Supports a MAP server running on a standalone IC6500 FIPS appliance or in
active/passive cluster pairs.
• Leverages and integrates existing, third-
party network and security devices as
part of the access control platform; and
uses the data gathered by these devices
to facilitate the access control decision
process.
part of the access control platform; and
uses the data gathered by these devices
to facilitate the access control decision
process.
• Enhances visibility into the state of and
actions on a network.