Juniper Screens New ScreenOS


Though it may seem transparent to some, sitting underneath networking
hardware appliances such as firewalls and VPNs, there actually is an operating
system.

For Juniper Networks , that OS in many
cases is its own ScreenOS, which is getting a dramatic overhaul in its
latest release.


ScreenOS 5.4 offers new Unified Threat Management (UTM), Unified Access
Control (UAC) and policy-based routing enhancements.


UTM is not a new thing for Juniper and has been on its lower end
NetScreen-5GT Series for some time.

It is, however, something new for
Juniper’s SSG 500 series, which the company launched
earlier this year.

Juniper has partnered with Kaspersky for the embedded
antivirus features, SurfControl for the embedded Web filtering and with
Symantec for the embedded anti-spam capabilities.

Intrusion Prevention is
provided via Juniper’s technology providing protection against more than 4,000
different attack objects.


Access control, which some (notably Cisco) refer to as Network Access
Control (NAC) but which Juniper calls Unified Access Control, also gets a boost in
the new ScreenOS.

SSG appliances running ScreenOS 5.4 can now act as
enforcers for access control. The solution also performs “captive redirect,”
which will automatically redirect all unauthenticated endpoint traffic to a
location where users are able to input their credentials.


“Primarily this eases the administration of getting agents onto endpoints,”
Stephen Philip, director of product marketing for Juniper Networks told
internetnews.com.

“One of the challenges with the initial capability
we’ve had with UAC is, while it was relatively simple in terms of getting
agents onto the endpoint, it wasn’t as easy as it probably needed to be.


“Captive redirect allows users for first-time connection onto the network
to get redirected to controller and then the agent will get
downloaded and they’ll go though the authentication process.”


Juniper UAC technology doesn’t utilize 802.1x . 802.1x is an IEEE standard that provides for port-based security.


“What we did is we leveraged the technology from our SSL-VPN platforms,”
Philip explained. “The capabilities that we have with UAC 1.2 is really a
Layer 3 access control so it works in overlay across the switching
infrastructure and in environments where you don’t have 802.1x-capable
switches.”


That said, 802.1x is soon to be integrated by way of Juniper’s
acquisition of Funk Software
so that UAC users can get
both Layer 2 and Layer 3 enforcement.


Policy-based routing in ScreenOS 5.4 enables administrators to route traffic
through specific tunnels based on policy.

Such policies can help to ensure that
latency-sensitive applications, such as VoIP, are routed appropriately in
order to ensure quality of service.


“What it does is it uses information gathered from the source destination
port to be able to make a next hop routing decision,” Philip explained.

“It’s just a very flexible way of providing redirection of traffic based on
particular policies.”


While ScreenOS is an important part of Juniper’s offerings, it isn’t the only
operating system that is used or could potentially be used by Juniper.

Open
source start up Vyatta has been pushing Linux as a viable alternative for routers.


“There are many operating systems and there are parts of our organization
where Linux may make sense for us,” Philip said.

“We’ll look at the
appropriate technology for the appropriate task. It’s not a complete black-and-white equation for us.”

News Around the Web