Juniper Networks Secure Services Gateway ... - West Coast Labs
Juniper Networks Secure Services Gateway ... - West Coast Labs
Juniper Networks Secure Services Gateway ... - West Coast Labs
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Test Report April 2008<br />
<strong>Juniper</strong> <strong>Networks</strong> <strong>Secure</strong><br />
<strong>Services</strong> <strong>Gateway</strong> (SSG)<br />
Product Family
<strong>Juniper</strong> <strong>Networks</strong> <strong>Secure</strong> <strong>Services</strong><br />
<strong>Gateway</strong> (SSG) Product Family<br />
Vendor Details<br />
Name: <strong>Juniper</strong> <strong>Networks</strong>, Inc.<br />
Address: 1194 North Mathilda Ave<br />
Sunnyvale, CA 94089<br />
Telephone: Main: +1 (408) 745-2000<br />
Sales: +1 (866) 298-6428<br />
Fax: +1 (408) 745-2100<br />
Website: www.juniper.net<br />
Product: <strong>Juniper</strong> <strong>Networks</strong> <strong>Secure</strong> <strong>Services</strong> <strong>Gateway</strong> (SSG) Product<br />
Family: includes the SSG 5, SSG 20, SSG 140, SSG 300 Series and SSG 500<br />
Series.<br />
Test Laboratory Details<br />
Name: <strong>West</strong> <strong>Coast</strong> <strong>Labs</strong>, Unit 9 Oak Tree Court, Mulberry Drive<br />
Cardiff Gate Business Park, Cardiff, CF23 8RS, UK<br />
Telephone: +44 (0) 29 2054 8400<br />
Date: April 2008<br />
Issue: 1.0<br />
Authors: Richard Thomas, Michael Parsons, Rob Tanner<br />
Contact Point<br />
Contact name: Richard Thomas<br />
Contact telephone number: +44 (0) 29 2054 8400<br />
www.westcoastlabs.com<br />
2
<strong>Juniper</strong> <strong>Networks</strong> <strong>Secure</strong> <strong>Services</strong><br />
<strong>Gateway</strong> (SSG) Product Family<br />
Contents<br />
Product Information 4<br />
Test Report Executive Summary 6<br />
<strong>West</strong> <strong>Coast</strong> <strong>Labs</strong> Conclusion and Certification Information 8<br />
The Latest Enhancements to <strong>Juniper</strong> <strong>Networks</strong> <strong>Secure</strong> <strong>Services</strong><br />
<strong>Gateway</strong> (SSG) Product Family 9<br />
Noteworthy Product Features 10<br />
www.westcoastlabs.com<br />
3
<strong>Juniper</strong> <strong>Networks</strong> <strong>Secure</strong> <strong>Services</strong><br />
<strong>Gateway</strong> (SSG) Product Family<br />
Product Information<br />
Development Statement<br />
The <strong>Secure</strong> <strong>Services</strong> <strong>Gateway</strong> Family delivers an ideal blend of<br />
performance and UTM security with LAN and WAN connectivity for remote<br />
branch and regional offices and small to large-sized enterprises.<br />
SSG 5 and SSG 20:<br />
http://www.juniper.net/products_and_services/firewall_slash_ipsec_vpn/<br />
ssg_5_slash_ssg_20/<br />
SSG 140:<br />
http://www.juniper.net/products_and_services/firewall_slash_ipsec_vpn/<br />
ssg_140/index.html<br />
SSG 320M and SSG 350M:<br />
http://www.juniper.net/products_and_services/firewall_slash_ipsec_vpn/<br />
ssg_300_series/index.html<br />
SSG 520M and SSG 550M:<br />
http://www.juniper.net/products_and_services/firewall_slash_ipsec_vpn/<br />
ssg_500_series/index.html<br />
www.westcoastlabs.com<br />
4
<strong>Juniper</strong> <strong>Networks</strong> <strong>Secure</strong> <strong>Services</strong><br />
<strong>Gateway</strong> (SSG) Product Family<br />
Business/Technical Benefits<br />
The SSG family is a best-in-class routing and security platform based on<br />
the same powerful ScreenOS software powering all NetScreen firewalls. It<br />
delivers wire-speed multi-layered security enforcement, protecting missioncritical<br />
applications and corporate networks from internal and external<br />
attacks such as worms, viruses, Trojans, and spyware. Modular flexibility and<br />
integrated security reduce the cost and complexity of security services.<br />
A SSG may be deployed as a stand-alone network protection device or a<br />
secure router. This helps reduce IT capital and operational expenditures for<br />
installation, management, maintenance, etc.<br />
The SSG platforms deliver comprehensive and high-performance security<br />
with resilient high-availability capabilities.<br />
www.westcoastlabs.com<br />
5
<strong>Juniper</strong> <strong>Networks</strong> <strong>Secure</strong> <strong>Services</strong><br />
<strong>Gateway</strong> (SSG) Product Family<br />
Test Report Executive Summary<br />
For a product with so much security<br />
functionality, configuration is a simple<br />
process, completed in just a few<br />
minutes. From that point onward, all<br />
device configuration actions can be<br />
performed using the inbuilt, intuitive<br />
web interface.<br />
Once authenticated and logged<br />
in, the default web page provides a<br />
helpful, at-a-glance summary showing<br />
the present condition of the device.<br />
This page can be set to refresh at predefined intervals, providing<br />
a constantly updating on-screen status summary.<br />
Basic essential configuration tasks are carried out with minimum effort.<br />
Report and logging settings are fast and simple to configure, with<br />
an extensive variety of options available.<br />
For certification testing, the unit was deployed with a trusted interface<br />
connected to the internal network, an untrusted interface connected<br />
to the external network, a DMZ configured interface connected<br />
to the DMZ network and a VPN gateway linking the internal<br />
and remote networks. Setting up the required network interfaces and<br />
the VPN was fast and the simple processes were aided by the comprehensive<br />
online help system and the included documentation.<br />
Fine-grained control over zones, policies, objects, users, groups, protocols,<br />
services, and source and destination IP addresses combine with<br />
the advanced screening, profile, and filtering options to help ensure<br />
the security of both the device and the trusted network it protects.<br />
www.westcoastlabs.com<br />
6
<strong>Juniper</strong> <strong>Networks</strong> <strong>Secure</strong> <strong>Services</strong><br />
<strong>Gateway</strong> (SSG) Product Family<br />
It was simple to setup and activate a profile that successfully screens<br />
and filters out malicious web and email traffic using the internal antivirus/anti-spyware<br />
engine. A new feature of the product is the customized<br />
HTTP trickling for malware scanning. Setting up the anti-spam<br />
profile proved equally easy. It proved to be effective and detailed,<br />
with the ability to configure custom white and black list entries.<br />
By default, firewall settings were configured to allow certain outbound<br />
services through the device. This ensures that increasingly essential<br />
business tasks, such as web browsing from the trusted network,<br />
are available out-of-the-box.<br />
The SSG 520 showed its mettle in firewall, VPN & IPS testing, which<br />
used a variety of real-world port probes and attacks. The unit continued<br />
to allow legitimate traffic flow, while blocking every attempted<br />
incursion across a broad range of demanding tests.<br />
Web content filtering was setup by simply selecting the appropriate<br />
filtering technology from the management interface. The filtering<br />
technology proved extremely effective, successfully blocking all inappropriate<br />
web traffic during the test.<br />
www.westcoastlabs.com<br />
7
<strong>Juniper</strong> <strong>Networks</strong> <strong>Secure</strong> <strong>Services</strong><br />
<strong>Gateway</strong> (SSG) Product Family<br />
<strong>West</strong> <strong>Coast</strong> <strong>Labs</strong> Conclusion and Certification<br />
Information<br />
Conclusion<br />
An extremely robust, easy to administer device, with advanced<br />
protection and security functionality, the SSG product family delivers<br />
comprehensive security with the ability to consolidate, deliver and<br />
reduce IT costs.<br />
Certification<br />
The <strong>Juniper</strong> <strong>Networks</strong> SSG product family is tested and<br />
accredited to the UTM Checkmark Level 5 certification,<br />
which includes Anti-Virus, Anti-Spyware, Firewall, VPN,<br />
IPS, Anti-Spam and URL Filtering.<br />
wwww.check-mark.com<br />
www.westcoastlabs.com<br />
8
<strong>Juniper</strong> <strong>Networks</strong> <strong>Secure</strong> <strong>Services</strong><br />
<strong>Gateway</strong> (SSG) Product Family<br />
The Latest Enhancements to <strong>Juniper</strong> <strong>Networks</strong> <strong>Secure</strong><br />
<strong>Services</strong> <strong>Gateway</strong> (SSG) Product Family<br />
• Expanded the UTM product portfolio to include the SSG 300 Series for<br />
medium-sized branch/ regional offices and enterprises.<br />
• Added antivirus scanning for IM applications (AOL, Yahoo, MSN, ICQ)<br />
• Enhanced logging for web filtering feature<br />
• Customized HTTP trickling for AV scan: This feature provides the<br />
device administrator with the ability to configure a threshold for data<br />
sent through the device. The threshold prevents browser timeouts on<br />
slow-speed links while the data is being scanned by the internal AV<br />
engine.<br />
www.westcoastlabs.com<br />
9
<strong>Juniper</strong> <strong>Networks</strong> <strong>Secure</strong> <strong>Services</strong><br />
<strong>Gateway</strong> (SSG) Product Family<br />
Noteworthy Product Features<br />
• Proven security and LAN/WAN routing functionality that provides the<br />
ability to consolidate devices and reduce IT expenditures<br />
• Comprehensive set of Unified Threat Management (UTM) security<br />
features to protect against network and application-level attacks<br />
while simultaneously stopping content-based attacks. UTM security<br />
features include:<br />
• Stateful inspection firewall to perform access control and stop<br />
network-level attacks<br />
• IPS (Deep Inspection firewall) to stop application-level attacks<br />
• Best-in-class anti-virus based on the Kaspersky Lab scanning<br />
engine that includes anti-phishing, anti-spyware and anti-adware<br />
protection to stop viruses, Trojans and other malware before they<br />
damage the network<br />
• Anti-Spam via a partnership with Symantec to block known<br />
spammers and phishers<br />
• Web Filtering using SurfControl to block access to known malicious<br />
websites or inappropriate web content<br />
• Site-to-Site IPSec VPN to establish secure communications between<br />
offices<br />
• Denial of Service (DoS) mitigation capabilities<br />
• Application Layer <strong>Gateway</strong>s for H.323, SIP, SCCP and MGCP to<br />
inspect and protect VoIP traffic<br />
• Variety of LAN and WAN interface options<br />
• Auto-Configure VPN (AC VPN) allows for automatic set-up and takedown<br />
of VPN tunnels between remote offices in hub-and-spoke<br />
topologies<br />
• IPv6 support<br />
• Multiple high-availability options with sub-second failover between<br />
interfaces or devices<br />
• Network segmentation, dynamic routing and multiple deployment<br />
modes simplify network integration and deployment of internal<br />
www.westcoastlabs.com<br />
10
<strong>Juniper</strong> <strong>Networks</strong> <strong>Secure</strong> <strong>Services</strong><br />
<strong>Gateway</strong> (SSG) Product Family<br />
security<br />
• Customizable security zones to increase interface density without<br />
additional hardware expenditures, lower policy creation costs,<br />
contain unauthorized users and attacks, and simplify management<br />
of firewall/VPNs<br />
• Management through graphical Web UI, CLI, or the NetScreen<br />
Security Manager central management system<br />
• Policy-based management to allow centralized, end-to-end lifecycle<br />
management<br />
www.westcoastlabs.com<br />
2
US SALES<br />
T +1 717 243 5575<br />
EUROPE SALES<br />
T +44 (0) 29 2054 8400<br />
GLOBAL HEADQUARTERS<br />
<strong>West</strong> <strong>Coast</strong> <strong>Labs</strong><br />
Unit 9 Oak Tree Court<br />
Mulberry Drive<br />
Cardiff Gate Business Park<br />
Cardiff CF23 8RS, UK<br />
T +44 (0) 29 2054 8400<br />
F +44 (0) 29 2054 8401<br />
E info@westcoast.com<br />
W www.westcoastlabs.com