VSRX Services Gateway: Product Description
VSRX Services Gateway: Product Description
VSRX Services Gateway: Product Description
Juniper addresses these challenges head-on by extending the capabilities of the award-
winning Juniper Networks® SRX Series Services Gateways to the virtual world with the
vSRX Services Gateway. Powered by Juniper Networks Junos® operating system, the vSRX
delivers a complete and integrated virtual security solution, including L4-L7 advanced
security services, robust networking, and automated life cycle management capabilities for
service providers and enterprises alike.
The vSRX’s automated provisioning capabilities, enabled through Junos Space Virtual
Director, allow network and security administrators to quickly and efficiently provision and
scale firewall protection to meet the dynamic needs of virtualized and cloud environments.
By combining the vSRX’s provisioning application with the power of Junos Space Security
Director, administrators can significantly improve policy configuration, management, and
visibility into both physical and virtual assets from a common, centralized platform.
1
vSRX Services Gateway Data Sheet
Implementing nonintegrated, legacy systems built around traditional advanced security services, including unified threat management
firewalls and individual standalone appliances and software is no (UTM), intrusion detection and prevention (IDP), and application
longer adequate to protect against today’s sophisticated attacks. control and visibility services through AppSecure.
2
vSRX Services Gateway Data Sheet
Application Visibility and Control with AppSecure This efficient algorithm improves throughput and lowers latency
AppSecure is a next-generation application security suite for for session traffic when compared with a classic router that
vSRX and SRX Series Services Gateways that delivers threat performs multiple table lookups to verify session information
visibility, protection, enforcement, and control. and then find a next-hop route. Subsequent packets for the
established session require a single table lookup in the session
Whether needing to understand how many users are accessing and forwarding table, and are forwarded to the egress interface.
cloud-based applications like Facebook every day, or needing
to know what applications are using the most bandwidth, Security policies determine if a session can originate in one zone
AppSecure delivers powerful visibility and ongoing application and be forwarded to another zone. The vSRX receives packets
tracking. With open signatures, unique application sets can and keeps track of every session, every application, and every
be monitored, measured, and controlled to tie closely to the user. As a VM moves within a virtualized or cloud environment, it
organization’s business priorities. will still send packets to the vSRX for processing, continuously
communicating in a secure mode.
Table 3: AppSecure for vSRX Features and Benefits
Session Initial Security Policy Evaluation
Feature Description Benefit Packet Processing and Next-Hop Lookup
The vSRX uses two basic features—zones and policies. The IPsec security associations, Network Address Translation (NAT)
default configuration contains, at a minimum, a “trust” and traffic, address book information, configuration changes, and
an “untrust” zone. The trust zone is used for configuration and more. As a result, not only is the session preserved during failover,
attaching the internal network to vSRX. The untrust zone is but security is also kept intact. In an unstable network, vSRX also
commonly used for untrusted networks. To streamline installation mitigates link flapping.
3
vSRX Services Gateway Data Sheet
Table 5: vSRX System Requirements4 benefit from rapid service rollouts and error-free deployments by
using the Virtual Director’s predefined configuration templates,
CPU Cores 2
automation tools, workflow-based tasks, and intuitive GUI.
Memory 4 GB
Disk Space 16 GB Virtual Director’s open set of RESTful APIs provides a single
Network Drivers - VMware ESXi VMXNET3, SR-IOV5 supported interface to all third-party orchestration tools and custom
on Intel 82599 based NIC applications for end-to-end configuration and management.
Network Drivers KVM Virtio, SR-IOV5 supported on
Intel 82599 based NIC Junos Space Security Director
4
System requirements for vSRX Junos 15.1X49-D15 release
Junos Space Security Director provides security policy
5
Please see vSRX 15.1X49-D15 release notes for the limitations.
management through an intuitive and centralized web-based
Multi-Core vSRX interface that offers enforcement across emerging and traditional
Leveraging the scale-up model, the multi-core vSRX can satisfy risk vectors. As an application on the Junos Space platform,
the ever-growing demand for throughput performance without Security Director provides extensive security scale, granular
adding complexity to the network infrastructure. The multi-core policy control, and policy breadth across the network. It helps
version of the vSRX provides a linear scale of performance for each administrators quickly manage all phases of security policy life
additional core added beyond the minimum two vCPUs, achieving cycle for stateful firewall, UTM, IPS, AppFW, VPN, and NAT.
100 Gbps performance by using 12 vCPUs from a single socket.
Unified Management
Table 6: Multi-Core vSRX Services Gateway Key Performance
By combining the power of Junos Space Security Director with
Metrics
the Junos Space Virtual Director, administrators can significantly
Performance and Capacity6 KVM SRIOV improve policy configuration, management, and visibility into both
Firewall throughput, large packet (1514B) 100 Gbps physical and virtual assets from one common, centralized platform.
Firewall throughput, IMIX 25 Gbps
6
Performance based on Intel Xeon CPU E5-2670 @ 2.3 GHz. KVM is based on Ubuntu-14.04. Key Features and Benefits
• Secures multitenant private and public cloud environments
Table 7: Multi-Core vSRX System Requirements
by delivering a complete firewall with stateful packet
CPU Cores 12
processing and application-layer gateway features in a virtual
Memory 12 GB
machine format
Disk Space 16 GB
Network Drivers KVM SR-IOV supported on • Leverages the same, consistent, advanced security and
Intel 82599-based NIC networking features (IPsec VPN, NAT, QoS, and full routing
capabilities) of the SRX Series Services Gateways
Junos Space Virtual Director
• Defends against an increasingly sophisticated threat
As a full life cycle management application for vSRX, Junos
landscape by integrating powerful UTM, IPS, and application
Space Virtual Director enables organizations to automate
visibility and control capabilities for a comprehensive threat
provisioning and resource allocation of vSRX Services Gateway
management framework
VMs. The application runs on top of Juniper’s well-established
Junos Space Network Management Platform and supports • Simplifies administrative functions with Junos Space Virtual
the design, deployment, monitoring, grouping, and reporting of Director, an intelligent, automated life cycle management
vSRX VM instances. Network and security administrators will application at no additional cost
4
vSRX Services Gateway Data Sheet
• Improves management flexibility with open RESTful APIs to Juniper Networks Services and Support
support integration with third-party management and cloud
Juniper Networks is the leader in performance-enabling services
orchestration tools
that are designed to accelerate, extend, and optimize your
• Expands visibility into and control over firewall security policy high-performance network. Our services allow you to maximize
configuration and management across virtual and non- operational efficiency while reducing costs and minimizing
virtual environments with Junos Space Security Director risk, achieving a faster time to value for your network. Juniper
• Supports SDN and NFV via integration with Contrail, Networks ensures operational excellence by optimizing the
OpenContrail, and other third-party solutions network to maintain required levels of performance, reliability,
and availability. For more details, please visit www.juniper.net/us/
en/products-services.
Specifications
The following table highlights high-level specifications. Please see the product documentation for a complete list.
5
vSRX Services Gateway Data Sheet
Copyright 2016 Juniper Networks, Inc. All rights reserved. Juniper Networks, the Juniper Networks logo, Junos
and QFabric are registered trademarks of Juniper Networks, Inc. in the United States and other countries.
All other trademarks, service marks, registered marks, or registered service marks are the property of their
respective owners. Juniper Networks assumes no responsibility for any inaccuracies in this document. Juniper
Networks reserves the right to change, modify, transfer, or otherwise revise this publication without notice.