Juniper Secure Access 4000 Base SA4000 데이터 시트
제품 코드
SA4000
2
Features and Benefits
High-scalability Support on Secure Access 6000 SSL VPN
The SA 6000 is designed to meet the growing needs of large enterprises and service providers with its ability to support thousands of users
accessing the network remotely. The following shows the number of concurrent users that can be supported on the SA 6000 platform:
• Single SA 6000: Supports up to 5,000 concurrent users
• Two-unit cluster of SA 6000s: Supports up to 8,000 concurrent users
• Three-unit cluster of SA 6000s: Supports up to 12,000 concurrent users
• Four-unit cluster of SA 6000s: Supports up to 15,000 concurrent users
All performance testing is done based on real-world scenarios with simulation of traffic based on observed customer networks. In the case
of Core Access, this means real web applications are being accessed, which entails rigorous HTML rewriting and policy evaluation.
accessing the network remotely. The following shows the number of concurrent users that can be supported on the SA 6000 platform:
• Single SA 6000: Supports up to 5,000 concurrent users
• Two-unit cluster of SA 6000s: Supports up to 8,000 concurrent users
• Three-unit cluster of SA 6000s: Supports up to 12,000 concurrent users
• Four-unit cluster of SA 6000s: Supports up to 15,000 concurrent users
All performance testing is done based on real-world scenarios with simulation of traffic based on observed customer networks. In the case
of Core Access, this means real web applications are being accessed, which entails rigorous HTML rewriting and policy evaluation.
End-to-End Layered Security
The SA 2000, SA 4000, and SA 6000 provide complete end-to-end layered security, including endpoint client, device, data, and server
layered security controls.
layered security controls.
These include:
Feature
Feature Description
Benefit
Host Checker
Client computers can be checked both prior to and during
a session to verify an acceptable device security posture
requiring installed/running endpoint security applications
(antivirus, firewall, etc.) also supports custom built checks
including verifying ports opened/closed, checking files/
processes and validating their authenticity with Message
Digest 5 (MD5) hash checksums, verifying registry settings,
machine certificates, and more
a session to verify an acceptable device security posture
requiring installed/running endpoint security applications
(antivirus, firewall, etc.) also supports custom built checks
including verifying ports opened/closed, checking files/
processes and validating their authenticity with Message
Digest 5 (MD5) hash checksums, verifying registry settings,
machine certificates, and more
Verifies/ensures that endpoint device meets corporate
security policy requirements before granting access,
remediating devices and quarantining users when necessary
security policy requirements before granting access,
remediating devices and quarantining users when necessary
Host Checker Application
Programming Interface (API)
Programming Interface (API)
Created in partnership with best-in-class endpoint security
vendors. Enables enterprises to enforce an endpoint trust
policy for managed PCs that have personal firewall, antivirus
clients, or other installed security clients, and quarantine
non-compliant devices
vendors. Enables enterprises to enforce an endpoint trust
policy for managed PCs that have personal firewall, antivirus
clients, or other installed security clients, and quarantine
non-compliant devices
Utilize current security policies with remote users and
devices; easier management
devices; easier management
Trusted Network Connect (TNC)
Support on Host Checker
Support on Host Checker
Allows interoperability with diverse endpoint security
solutions from antivirus to patch management to
compliance management solutions
solutions from antivirus to patch management to
compliance management solutions
Enables customers to leverage existing investments
endpoint security solutions from third-party vendors
endpoint security solutions from third-party vendors
Policy-based Enforcement
Allows the enterprise to establish trustworthiness of non-API
compliant hosts without writing custom API implementations
or locking out external users, such as customers or partners
that run other security clients
compliant hosts without writing custom API implementations
or locking out external users, such as customers or partners
that run other security clients
Enables access to extranet endpoint devices like PCs from
partners that may run different security clients than that of
the enterprise
partners that may run different security clients than that of
the enterprise
Hardened security appliance and
Web server
Web server
Hardened security infrastructure extensively audited by third-
party security experts including CyberTrust, iSec Partners,
and has also received Common Criteria Certification
party security experts including CyberTrust, iSec Partners,
and has also received Common Criteria Certification
Not designed to run any additional services and is thus less
susceptible to attacks; no backdoors to exploit or hack
susceptible to attacks; no backdoors to exploit or hack
Security Services Employ Kernel-
level Packet Filtering and Safe
Routing
level Packet Filtering and Safe
Routing
Undesirable traffic is dropped before it is processed by the
TCP stack
TCP stack
Ensures that unauthenticated connection attempts, such as
malformed packets or denial of service (DOS) attacks, are
filtered out
malformed packets or denial of service (DOS) attacks, are
filtered out
Secure Virtual Workspace
(Advanced Feature Set)
(Advanced Feature Set)
A secure and separate environment for remote sessions
that encrypts all data and controls I/O access (printers,
drives, etc.)
that encrypts all data and controls I/O access (printers,
drives, etc.)
Ensures that all corporate data is securely deleted from a
kiosk or other unmanaged endpoint after a session
kiosk or other unmanaged endpoint after a session
Cache Cleaner
All proxy downloads and temp files installed during the
session are erased at logout
session are erased at logout
Ensures that no potentially sensitive session data is left
behind on the endpoint machine
behind on the endpoint machine
Data Trap and Cache Controls
Rendering of content in non-cacheable format
Prevents sensitive metadata (cookies, headers, form
entries, etc.) from leaving the network
entries, etc.) from leaving the network
Integrated Malware Protection
Pre-installed checks to protect users & devices from
keyloggers, trojans, and remote control applications
keyloggers, trojans, and remote control applications
Enables customers to provision endpoint containment
capabilities
capabilities
Coordinated Threat Control
Enables Juniper’s SA SSL VPN and Intrusion Detection and
Prevention (IDP) appliances to tie the session identity of the
SSL VPN with the threat detection capabilities of IDP, taking
automatic action on users launching attacks
Prevention (IDP) appliances to tie the session identity of the
SSL VPN with the threat detection capabilities of IDP, taking
automatic action on users launching attacks
Effectively identify, stop, and remediate both network and
application-level threats within remote access traffic
application-level threats within remote access traffic