RealTime IT News

Juniper Screens New ScreenOS

Though it may seem transparent to some, sitting underneath networking hardware appliances such as firewalls and VPNs, there actually is an operating system.

For Juniper Networks , that OS in many cases is its own ScreenOS, which is getting a dramatic overhaul in its latest release.

ScreenOS 5.4 offers new Unified Threat Management (UTM), Unified Access Control (UAC) and policy-based routing enhancements.

UTM is not a new thing for Juniper and has been on its lower end NetScreen-5GT Series for some time.

It is, however, something new for Juniper's SSG 500 series, which the company launched earlier this year.

Juniper has partnered with Kaspersky for the embedded antivirus features, SurfControl for the embedded Web filtering and with Symantec for the embedded anti-spam capabilities.

Intrusion Prevention is provided via Juniper's technology providing protection against more than 4,000 different attack objects.

Access control, which some (notably Cisco) refer to as Network Access Control (NAC) but which Juniper calls Unified Access Control, also gets a boost in the new ScreenOS.

SSG appliances running ScreenOS 5.4 can now act as enforcers for access control. The solution also performs "captive redirect," which will automatically redirect all unauthenticated endpoint traffic to a location where users are able to input their credentials.

"Primarily this eases the administration of getting agents onto endpoints," Stephen Philip, director of product marketing for Juniper Networks told internetnews.com.

"One of the challenges with the initial capability we've had with UAC is, while it was relatively simple in terms of getting agents onto the endpoint, it wasn't as easy as it probably needed to be.

"Captive redirect allows users for first-time connection onto the network to get redirected to controller and then the agent will get downloaded and they'll go though the authentication process."

Juniper UAC technology doesn't utilize 802.1x . 802.1x is an IEEE standard that provides for port-based security.

"What we did is we leveraged the technology from our SSL-VPN platforms," Philip explained. "The capabilities that we have with UAC 1.2 is really a Layer 3 access control so it works in overlay across the switching infrastructure and in environments where you don't have 802.1x-capable switches."

That said, 802.1x is soon to be integrated by way of Juniper's acquisition of Funk Software so that UAC users can get both Layer 2 and Layer 3 enforcement.

Policy-based routing in ScreenOS 5.4 enables administrators to route traffic through specific tunnels based on policy.

Such policies can help to ensure that latency-sensitive applications, such as VoIP, are routed appropriately in order to ensure quality of service.

"What it does is it uses information gathered from the source destination port to be able to make a next hop routing decision," Philip explained.

"It's just a very flexible way of providing redirection of traffic based on particular policies."

While ScreenOS is an important part of Juniper's offerings, it isn't the only operating system that is used or could potentially be used by Juniper.

Open source start up Vyatta has been pushing Linux as a viable alternative for routers.

"There are many operating systems and there are parts of our organization where Linux may make sense for us," Philip said.

"We'll look at the appropriate technology for the appropriate task. It's not a complete black-and-white equation for us."