Toggle Nav

Juniper NGFW - Next Generation Firewall Services Pricing and more

In stock
SKU:
Juniper Next Generation Firewall Services
  • 24×7 remote and on-site support
  • Multi-vendor solutions & services
  • Local billing in 33+ countries
  • Competitive Price

Constant shifts in application use, user behavior, and network infrastructure have created a threat landscape that continues to expose organizations to an increasing attack surface. Users need access to a growing number of applications hosted in the cloud and that operate across different devices. While seamless access to these applications is critical for the end user, security must also be taken into account. Access should not increase the organization’s risk.

Additional security is needed to combat these threats while maintaining user access to new applications on different devices. Juniper Networks® SRX Series Services Gateways deliver integrated next-generation firewall (NGFW) protection services with application awareness, user identity, and content inspection. In addition to NGFW capabilities, the SRX Series devices also offer intrusion prevention, SSL inspection, URL filtering, and unknown threat detection, providing a single security platform that addresses a wide range of security requirements from a common architecture.

Architecture and Key Components

  • User Identification and Access Control: User Firewall

User identity is a core requirement of next-generation firewalls that enables administrators to create security policies that reflect business needs rather than network requirements. This flexibility creates a powerful mechanism for defining, managing, and refining security policies by creating firewall rules based on user identity rather than IP address. Through Juniper’s User Firewall feature, an SRX Series device can associate network traffic with a specific user through integration with directory services such as Active Directory. Policies can be defined to allow application use based on individual users or user groups, enabling more powerful but much simpler security controls. Through User Firewall, security policies can be expressed in terms of groups, allowing security policies to continue functioning as users are added or deleted from groups. In addition, User Firewall provides visibility into application usage at the user level rather than IP address, providing powerful insights into application traffic traversing the network. Security administrators can reduce the threat footprint by adjusting security policies to align application usage with security and business practices.

  • Application Identification and Control: AppSecure

Applications are no longer tied to traditional port-based communications. New applications are designed to dynamically change ports and protocols. Some are designed to tunnel through commonly used services, such as HTTP web traffic. For the user, this means applications can be used from anywhere, at any time. For the enterprise, it means defending against a constantly changing threat landscape that directly targets applications and passes through traditional network-layer protections.

Juniper NGFW services offer a powerful security platform that is well equipped to meet this challenge. At the core lies AppSecure, which offers robust visibility and control over applications on the network.

AppSecure instantly recognizes applications and surfaces the application name, description of the service, and inherent level of risk, regardless of port, protocol, or encryption method.

Offering deep application visibility and control, AppSecure provides the context that links application use to a user, regardless of location and device. Furthermore, AppSecure understands application behaviors and identifies vulnerabilities, enabling administrators to block risky applications before they can do any damage. AppSecure helps reduce an application’s threat footprint by allowing the definition of granular security policies, such as the level of deep packet inspection required and which users or groups are allowed access.

  • Exploit Protection: Intrusion Detection and Prevention (IDP)

Juniper’s intrusion prevention system (IPS) is tightly integrated with Juniper SRX to mitigate network and application exploits and protect against a wide range of attacks. Juniper IDP constantly monitors for new exploits against recently discovered vulnerabilities, keeping network protection up to date against the latest cyber attacks, and stopping them at the exploit stage before they gain a foothold inside the network. IDP signatures can be enabled in detection-only mode or inline to directly block malicious traffic.

  • Real-Time Protection: SecIntel

SecIntel provides verified threat intelligence to all points of connection across the network to block malicious traffic, enabling a threat-aware network. To help reduce risk, SecIntel can be deployed on the SRX to block malicious traffic originating from malicious IP addresses and domains, without the need for deep packet inspection. SecIntel’s threat feeds are automated and constantly updated. Additionally, these feeds are scrubbed and verified by Juniper Threat Labs to maintain high detection efficacy and reduce false positives. SecIntel can help reduce the load on the network while making it more intelligent.

  • Block Known Threats: Network Anti-Malware

Malicious files, including ransomware and adware, continue to proliferate from multiple attack vectors. These threats compromise network endpoints and make them vulnerable to data theft, including credentials and personally identifiable information (PII). Detecting and blocking malware and unwanted files at the network level before they make it onto an endpoint is critical to safeguarding users, applications, and infrastructure against attacks. Anti-malware protection combines cloud-based file reputation intelligence and malware signature with the SRX Series NGFW to deliver lightweight and fast security. The result is a highly effective perimeter defense against a multitude of known threats, which doesn’t slow down your users or your business.

  • Browsing Defense: Enhanced Web Filtering (EWF)

Users spend more than half of their time browsing the Internet and using web-based tools. It’s important that web traffic is both legitimate and safe. At the same time, certain web applications, such as online banking or healthcare, must remain private. EWF allows administrators to block unwanted URL categories, such as gambling and malware sites, and it enables selective decryption to keep business traffic safe from threats while users’ personal traffic can remain private. To reduce attacks, EWF contains more than 180 URL categories that can be used within security policies on the SRX.

  • Encrypted Protection: SSL Proxy

SSL has become the universal method for authenticating websites and encrypting traffic between Web clients and Web servers. However, because SSL content is encrypted, users can directly download malware on to their end clients. Since organizations have no visibility into SSL connections, they are blind to any threats that are transmitted over HTTPS into their corporate enterprise.

Juniper offers a powerful application-level SSL proxy that sits between client and server, intercepting encrypted traffic, terminating the session, and re-initiating the connection towards the end destination. It can be used as an SSL “forward” proxy that sits between users on the corporate LAN and their access to the Internet, protecting the end client. It also intercepts HTTPS traffic by acting as a gateway at the enterprise perimeter, where it terminates encrypted traffic before it enters the enterprise. At that point, unencrypted traffic is immediately inspected to determine compliance with security policy, as set by the security team. Traffic is then handled by proactive malware engines that will immediately block malware, thwarting any security breach.

For user privacy protection, the SSL Proxy can be configured with exemptions that prevent traffic between certain URLs from being decrypted. The exemptions can be set up based on user groups, URL categories, or custom categories.

  • Unknown Threats: Juniper Advanced Threat Prevention (ATP)

Juniper Advanced Threat Prevention (ATP) is Juniper’s threat intelligence hub and uses machine learning algorithms to provide complete advanced malware detection and prevention. ATP supports threat detection without breaking decryption and surfacing compromised devices. When integrated with SRX Series Services Gateways, Juniper ATP leverages a global threat database to deliver threat intelligence, dynamic malware analysis, encrypted traffic insights, and adaptive threat profiling. Juniper ATP is offered as a cloud-based service or as an on-prem appliance.

Juniper ATP protects against trojans, worms, ransomware, botnets, and IoT threats.

  • Identify and take action on high-risk applications
  • Protect against network-level exploits
  • Block known malware
  • Control web browsing through robust URL filtering categories, and block malicious web sites
  • Prevent unauthorized use with user-based security policies and segmentation
  • Extend security policies to remote users with Secure Edge Firewall-as-a-Service or Secure Connect VPN
 Junos OS Version RequiredDescriptionBenefits
Application identification15.1X49-D200 or higherProvides a sophisticated classification engine that accurately identifies applications regardless of port or protocol, including applications known for using evasive techniques to avoid identification.Provides more granular control by identifying unique applications rather than IP addresses to enforce corporate security policies to match your specific business requirements.
Application analysis15.1X49-D100 or higherProvides detailed analysis of application volume and usage throughout the network based on bytes, packets, and sessions.Enables tracking of application usage to identify high-risk applications and analyze traffic patterns to improve network management and control.
AppFirewall18.2R1 or higher for Unified Policy usageEnables tracking of application usage to identify high-risk applications and analyze traffic patterns to improve network management and control.Enhances security policy creation and enforcement based on applications and user roles rather than traditional port and protocol analysis.
AppQoS18.2R1 or higher for use within Unified PolicyLeverages Juniper’s rich QoS capabilities to prioritize applications based on customers’ business and bandwidth needs.Allows users to prioritize traffic as well as limit and shape bandwidth based on application information and contexts for improved application and overall network performance.
Advanced Policy-Based Routing (APBR)15.1X49-D60 or higherClassifies sessions based on applications and applies the configured rules to reroute the traffic.Provides the ability to route traffic over different WAN links and assign higher priority to business-critical applications.
User Firewall12.1X47-D10 or higherIntegrates with directory services such as Active Directory to create firewall policies that are associated with specific users or groups to enforce security protection.Enables more accurate and granular security policies through powerful but simplified security controls.
SSL Proxy15.1X49-D30 or higherSits between client and server, intercepting encrypted traffic, terminating the session, and re-initiating the connection towards the end destination, and can be used as an SSL “forward” proxy to protect the end-client.Prevents users from directly downloading malware hidden within encrypted traffic on to their end clients.
Intrusion Prevention System (IPS)15.1X49-D10 or higherOffers comprehensive protection against a broad range of known security exploits in applications, databases, and operating systems.Constantly monitors for new exploits against newly discovered vulnerabilities to ensure that network protection is up-to-date against the latest attack cyber methods.
Juniper Advanced Threat Prevention15.1X49-D80 or higherProvides cloud-based service that performs sophisticated advanced malware detection through powerful machine learning algorithms to identify previously unseen security threats.Accurately identifies unknown and never-before-seen malware that eludes conventional methods, ensuring complete protection.
Security Intelligence (SecIntel)15.1X49-D80 or higherGenerates threat feeds that include attacker IPs, C&C, GeoIP, infected hosts, and dynamic address groups.Reduces risk by enabling Juniper switches, routers, and firewalls to identify and block potential threats.
Encrypted Traffic Insights20.2R1 or higherEnables SRX Series firewalls to collect relevant SSL/TLS connection data, including certificates used, cipher suites negotiated, and connection behavior. This information is processed by Juniper ATP, which uses network behavioral analysis and machine learning to determine whether the connection is benign or malicious. Policies on SRX Series firewalls can be used to block encrypted traffic identified as malicious.Restores visibility that was lost due to encryption without the heavy burden of full TLS/SSL decryption.
Adaptive Threat Profiling20.2R1 or higherAllows organizations to leverage their existing infrastructure to create security intelligence feeds based on real-time events occurring on their network. These feeds, unique to each organization, can be configured based on security policies and utilized by other enforcement points on the network to detect threats and update their infrastructure in real-time, blocking potential attacks.Improves threat response times by taking real-time threat information and pushing it out to all points across the network.
Network Anti-Malware15.1X49-D100 or higher (cloud-based)

18.4R1 or higher (on-box)
Protects against malware, viruses, phishing attacks, intrusions, spam, and other threats through antivirus, antispam, and Web and content filteringImplements real-time security defense that ensures businesses have up-to-date signatures that provide visibility into threats from all over the world.
URL Filtering15.1X49-D40 or higherProvides web traffic categorizations that can be incorporated into application and security policy.Prevents web-borne threats and unwanted browsing activity.
Security Director15.1X49-D60 or higherStreamlines operations by centrally managing all NGFWs from a single pane of glass.Simplifies complex security policy management and implementation through easy-to-use GUI, saving time and increasing productivity.
Custom Solutions
Competative Prices
Global Logistics
24*7*365 Support