Juniper SRX240H-TAA 数据表
3
Application Visibility with AppTrack
AppTrack collects byte, packet, session, and time statistics
while accurately identifying hundreds of applications, giving
network administrators detailed analysis of application data.
AppTrack quickly and easily provides visibility into the types of
applications traversing through the SRX Series gateway and
allows classification based on risk level, users, groups, zones,
source, and destination addresses, as well as volumes. This
information can be used to assess adherence to usage policies,
help address bandwidth management, or simply report on the
most active users and applications. Juniper’s centralized logging
and reporting system, STRM Series Security Threat Response
Managers, provides a flexible and extensible way to analyze data
from a centralized location and take action. Using a variety of pre-
defined report formats, STRM Series can generate reports based
on AppTrack application log data.
while accurately identifying hundreds of applications, giving
network administrators detailed analysis of application data.
AppTrack quickly and easily provides visibility into the types of
applications traversing through the SRX Series gateway and
allows classification based on risk level, users, groups, zones,
source, and destination addresses, as well as volumes. This
information can be used to assess adherence to usage policies,
help address bandwidth management, or simply report on the
most active users and applications. Juniper’s centralized logging
and reporting system, STRM Series Security Threat Response
Managers, provides a flexible and extensible way to analyze data
from a centralized location and take action. Using a variety of pre-
defined report formats, STRM Series can generate reports based
on AppTrack application log data.
Application Enforcement with AppFW
AppFW enables administrators to create fine grained application
control policies to allow or deny traffic based on dynamic
application name or group names rather than static IP/port
information. It is designed to simplify security policies by using
application white lists and black lists, as well as to define what
actions to perform on matched traffic while taking default action
against all other traffic.
control policies to allow or deny traffic based on dynamic
application name or group names rather than static IP/port
information. It is designed to simplify security policies by using
application white lists and black lists, as well as to define what
actions to perform on matched traffic while taking default action
against all other traffic.
Application Control with AppQoS
1
With the increased use of web-based customer relationship
management (CRM), enterprise resource planning (ERP), and
other business tools, network administrators need a way to
management (CRM), enterprise resource planning (ERP), and
other business tools, network administrators need a way to
prioritize business critical traffic over the network. AppQoS
provides the ability to meter and mark traffic based on the
application policies set by the administrator. These policies enable
lower priority Web traffic to continue when network bandwidth
allows, but ensures that mission critical traffic is delivered when
usage levels surge.
provides the ability to meter and mark traffic based on the
application policies set by the administrator. These policies enable
lower priority Web traffic to continue when network bandwidth
allows, but ensures that mission critical traffic is delivered when
usage levels surge.
Application Protection with AppDoS
AppDoS identifies attacking botnet traffic and legitimate client
traffic based on application-layer metrics and remediates these
botnet attacks. Employing a multi-stage approach that includes
server connection monitoring, deep protocol analysis, and bot-
client classification, AppDoS delivers the ability to detect subtle
changes in traffic patterns and client behaviors that could indicate
an application-level denial-of-service (DoS) attack. Once suspicious
activity is detected, AppDoS can then issue an alert, block offending
IP addresses, or completely drop irregular sessions and packets.
AppDoS is typically deployed with the SRX Series’ integrated IPS
service to increase protection against malicious attacks.
traffic based on application-layer metrics and remediates these
botnet attacks. Employing a multi-stage approach that includes
server connection monitoring, deep protocol analysis, and bot-
client classification, AppDoS delivers the ability to detect subtle
changes in traffic patterns and client behaviors that could indicate
an application-level denial-of-service (DoS) attack. Once suspicious
activity is detected, AppDoS can then issue an alert, block offending
IP addresses, or completely drop irregular sessions and packets.
AppDoS is typically deployed with the SRX Series’ integrated IPS
service to increase protection against malicious attacks.
Application Protection with IPS
IPS tightly integrates Juniper’s latest and most advanced security
features with the network infrastructure for threat mitigation
and protection from a wide range of attacks and vulnerabilities.
IPS subscribes to the results of application identification/
contextualization. These results help determine the appropriate
protocol decoding and attack objects to use for the permitted
incoming traffic that will be processed by the IPS software
services module.
features with the network infrastructure for threat mitigation
and protection from a wide range of attacks and vulnerabilities.
IPS subscribes to the results of application identification/
contextualization. These results help determine the appropriate
protocol decoding and attack objects to use for the permitted
incoming traffic that will be processed by the IPS software
services module.
Specifications - Branch SRX Series Services Gateways
SRX100/
SRX110
Services
Gateway
SRX210
Services
Gateway
SRX220
Services
Gateway
SRX240
Services
Gateway
SRX550
Services
Gateway
SRX650
Services
Gateway
Maximum AppSecure
throughput
2
90 Mbps
250 Mbps
300 Mbps
750 Mbps
1.5 Gbps
1.9 Gbps
Application identification
>900
applications
>900
applications
>900
applications
>900
applications
>900
applications
>900
applications
Maximum IPS throughput
75 Mbps
65 Mbps
80 Mbps
230 Mbps
800 Mbps
1 Gbps
Maximum connections per
second
1,500
1,500
1,800
7,400
27,000
35,000
Maximum sessions
12,000
24,000
32,000
48,000
375,000
512,000
Specifications - Data Center SRX Series Services Gateways
SRX1400
Services
Gateway
SRX3400
Services
Gateway
SRX3600
Services
Gateway
SRX5600
Services
Gateway
SRX5800
Services
Gateway
Maximum AppSecure throughput
2
4 Gbps
16 Gbps
25 Gbps
50 Gbps
100 Gbps
Application identification
>900 applications
>900 applications
>900 applications
>900 applications
>900 applications
AppDoS protocols
>60 protocols +
600 contexts
600 contexts
>60 protocols +
600 contexts
600 contexts
>60 protocols +
600 contexts
600 contexts
>60 protocols +
600 contexts
600 contexts
>60 protocols +
600 contexts
600 contexts
Maximum IPS throughput
2 Gbps
6 Gbps
10 Gbps
15 Gbps
30 Gbps
Maximum connections per second
40,000
180,000
180,000/300,000
3
380,000
380,000
Maximum sessions
0.5 million
2.25 million/
3 million
3
2.25 million/
6 million
3
9 million
12.5/20 million
4
SSL inspection
Yes
Yes
Yes
Yes
Yes
1
AppQoS is currently supported on SRX Series Services Gateways for the data center. AppQoS support on SRX Series Services Gateways for the branch forthcoming in the near future.
2
Throughput numbers based on HTTP traffic with 44 kilobyte transaction size.
3
Additional Extreme License required for 3 million and 6 million sessions.
4
To achieve more than 12.5M CP sessions on SRX5800, use software knob available from 10.4 or 11.4 and later.