Though it may seem transparent to some, sitting underneath networking
hardware appliances such as firewalls and VPNs, there actually is an operating
For Juniper Networks It is, however, something new for Juniper has partnered with Kaspersky for the embedded Intrusion Prevention is SSG appliances running ScreenOS 5.4 can now act as “One of the challenges with the initial capability Such policies can help to ensure that “It’s just a very flexible way of providing redirection of traffic based on Open “We’ll look at the
, that OS in many
cases is its own ScreenOS, which is getting a dramatic overhaul in its
ScreenOS 5.4 offers new Unified Threat Management (UTM), Unified Access
Control (UAC) and policy-based routing enhancements.
UTM is not a new thing for Juniper and has been on its lower end
NetScreen-5GT Series for some time.
Juniper’s SSG 500 series, which the company launched
earlier this year.
antivirus features, SurfControl for the embedded Web filtering and with
Symantec for the embedded anti-spam capabilities.
provided via Juniper’s technology providing protection against more than 4,000
different attack objects.
Access control, which some (notably Cisco) refer to as Network Access
Control (NAC) but which Juniper calls Unified Access Control, also gets a boost in
the new ScreenOS.
enforcers for access control. The solution also performs “captive redirect,”
which will automatically redirect all unauthenticated endpoint traffic to a
location where users are able to input their credentials.
“Primarily this eases the administration of getting agents onto endpoints,”
Stephen Philip, director of product marketing for Juniper Networks told
we’ve had with UAC is, while it was relatively simple in terms of getting
agents onto the endpoint, it wasn’t as easy as it probably needed to be.
“Captive redirect allows users for first-time connection onto the network
to get redirected to controller and then the agent will get
downloaded and they’ll go though the authentication process.”
Juniper UAC technology doesn’t utilize 802.1x
“What we did is we leveraged the technology from our SSL-VPN platforms,”
Philip explained. “The capabilities that we have with UAC 1.2 is really a
Layer 3 access control so it works in overlay across the switching
infrastructure and in environments where you don’t have 802.1x-capable
That said, 802.1x is soon to be integrated by way of Juniper’s
acquisition of Funk Software so that UAC users can get
both Layer 2 and Layer 3 enforcement.
Policy-based routing in ScreenOS 5.4 enables administrators to route traffic
through specific tunnels based on policy.
latency-sensitive applications, such as VoIP, are routed appropriately in
order to ensure quality of service.
“What it does is it uses information gathered from the source destination
port to be able to make a next hop routing decision,” Philip explained.
While ScreenOS is an important part of Juniper’s offerings, it isn’t the only
operating system that is used or could potentially be used by Juniper.
source start up Vyatta has been pushing Linux as a viable alternative for routers.
“There are many operating systems and there are parts of our organization
where Linux may make sense for us,” Philip said.
appropriate technology for the appropriate task. It’s not a complete black-and-white equation for us.”
It is, however, something new for
Juniper has partnered with Kaspersky for the embedded
Intrusion Prevention is
SSG appliances running ScreenOS 5.4 can now act as
“One of the challenges with the initial capability
Such policies can help to ensure that
“It’s just a very flexible way of providing redirection of traffic based on
“We’ll look at the