JuniperSRX系列_新一代业务网关

,Click to edit Master title style,| Copyright, 2009 Juniper Networks, Inc. |,*,Click to edit Master text styles,Second level,Third level,Fourth level,Fifth level,Click to edit Master title style,| Copyright, 2009 Juniper Networks, Inc. |,*,Click to edit Master text styles,Second level,Third level,Fourth level,Fifth level,Click to edit Master title style,| Copyright, 2009 Juniper Networks, Inc. |,*,Click to edit Master text styles,Second level,Third level,Fourth level,Fifth level,| Copyright, 2009 Juniper Networks, Inc.,|,*,谢谢,| Copyright, 2009 Juniper Networks, Inc. |,*,Click to edit Master text styles,Second level,Third level,Fourth level,Fifth level,Click to edit Master title style,|,Copyright 2009 Juniper Networks, Inc. |,*,Click to edit Master title style,| Copyright, 2009 Juniper Networks, Inc. |,*,Click to edit Master text styles,Second level,Third level,Fourth level,Fifth level,Click to edit Master title style,| Copyright, 2009 Juniper Networks, Inc. |,*,Click to edit Master text styles,Second level,Third level,Fourth level,Fifth level,Click to edit Master title style,|,Copyright 2009 Juniper Networks, Inc. |,*,Click to edit Master text styles,Second level,Third level,Fourth level,Fifth level,Click to edit Master title style,| Copyright, 2009 Juniper Networks, Inc. |,*,Click to edit Master text styles,Second level,Third level,Fourth level,Fifth level,Click to edit Master title style,| Copyright, 2009 Juniper Networks, Inc. |,*,Click to edit Master text styles,Second level,Third level,Fourth level,Fifth level,Click to edit Master title style,| Copyright, 2009 Juniper Networks, Inc. |,*,Click to edit Master text styles,Second level,Third level,Fourth level,Fifth level,Click to edit Master title style,| Copyright, 2009 Juniper Networks, Inc. |,*,Click to edit Master text styles,Second level,Third level,Fourth level,Fifth level,Click to edit Master title style,| Copyright, 2009 Juniper Networks, Inc. |,*,Click to edit Master text styles,Second level,Third level,Fourth level,Fifth level,Click to edit Master title style,|,Copyright, 2009 Juniper Networks, Inc. |,*,Click to edit Master text styles,Second level,Third level,Fourth level,Fifth level,Click to edit Master title style,| Copyright, 2009 Juniper Networks, Inc. |,*,Click to edit Master text styles,Second level,Third level,Fourth level,Fifth level,| Copyright, 2009 Juniper Networks, Inc. |,*,THANK,YOU,| Copyright, 2009 Juniper Networks, Inc. |,*,Click to edit Master title style,|,Copyright 2009 Juniper Networks, Inc. |,*,Click to edit Master title style,Click to edit Master text styles,Second level,Third level,Fourth level,Fifth level,*,Copyright, 2009 Juniper Networks, Inc.,|,Copyright, 2009 Juniper Networks, Inc. |,*,Click to edit Master title style,Click to edit Master text styles,Second level,Third level,Fourth level,Fifth level,*,Copyright, 2009 Juniper Networks, Inc.,|,Copyright, 2009 Juniper Networks, Inc. |,*,Click to edit Master title style,Click to edit Master text styles,Second level,Third level,Fourth level,Fifth level,49,Copyright, 2009 Juniper Networks, Inc.,|,Copyright, 2009 Juniper Networks, Inc. |,49,|,Copyright 2009 Juniper Networks, Inc. |,*,Click to edit Master text styles,Second level,Third level,Fourth level,Fifth level,Click to edit Master title style,Click to edit Master title style,Click to edit Master text styles,Second level,Third level,Fourth level,Fifth level,Click to edit Master title style,Click to edit Master text styles,Second level,Third level,Fourth level,Fifth level,Click to edit Master title style,Click to edit Master text styles,Second level,Third level,Fourth level,Fifth level,Juniper,新一代安全业务网关,SRX,Juniper,下一代安全业务网关,下一代安全业务网关,可升级的性能,丰富的服务功能,防火墙,/UAC,执行点,IDP,IPSEC VPN,Routing / QoS,3U, 4+3 CFMs, 8+4 GE, 2 RE*, 1+1 PS, 20/6/6 Gbps, 1M sessions, 175kcps, 10k IPSEC tunnels,5U, 6+6 CFMs, 8+4 GE, 2 RE*, 2+2 PS, 30/10/10 Gbps, 2M sessions, 175kcps, 20k IPSEC tunnels,8U, 6 slots, 2 RE*, 1+1 SCB, 2+2 PS, 60/15/15Gbps, 8M sessions, 350kcps, 30k IPSEC tunnels,16U, 12 slots, 2 RE*, 2+1 SCB, 3+1 AC, 2+2 DC, 120/30/30 Gbps, 8M sessions, 350kcps, 60k IPSEC tunnels,SRX210,SRX650,SRX3600,SRX3400,SRX5600,SRX5800,SRX100,SRX240,SRX,系列,基于,JUNOS,的业务安全网关,Dynamic Services,Consolidate Management Framework,App LayerForwarding,ThreatPrevention,Access Control,SRX Dynamic Services Gateway,Routing,Firewall,IPS,IPSec,VPN,NAT,UAC,？,电信级路由操作系统,JUNOS,和安全操作系统,ScreenOS,的完美融合,来自,JUNOS,的,MPLS/NSF/NSR,等高级功能,来自,JUNOS,的层次化,CLI,配置风格,来自,ScreenOS,的安全特性,:,安全域,/NAT/IPsec VPN/Screen/,深度检测,/UTM,Commit/JUNOS Scripts,等高级管理特性,模块化设计,故障和内存保护,独立进程，独立重启,10+,年研发，,TL-9000,认证,M40e,MX960,M7i,M10i,T320,T640,M320,M120,JUNOS,M20,kernel,协议,接口管理,机箱管理,SNMP,安全性,J2300/,J4350/,J6350,SRX,软件：新一代安全操作系统,JUNOS,集成的业界最好的解决方案,JUNOS,高性能网络操作系统,10,多年的创新以及开发,服务于有最多需求的客户,ScreenOS,Juniper,安全设备的基础,市场领先的创新以及特性,#1,高端防火墙市场份额第一,Infonetics 06/09,满足服务提供商需求的性能以及可靠性，还有企业的安全特性,在单一的,OS,中，提供简化的操作，可靠的,/,性能以及增强的功能,*,Infonetics Network Security Appliances and Software - Quarterly Worldwide Market Share and Forecasts for 3Q07,高端安全产品,可伸缩的性能,丰富的特性,防火墙,IDP,IPSEC VPN,路由,QoS,可扩展的安全服务,集成的网络服务,统一管理,(NSM),10 Gbps,30 Gbps,50 Gbps,150 Gbps,健壮的防火墙,/,高端安全产品,适用于,IPv6,获得以下的认证,CC EAL3/4,FIPS 140-2,ScreenOS,JUNOS,SRX5800,ISG2000,ISG1000,NS-5200,NS-5400,SRX3400,SRX3600,SRX5600,SRX,高端平台硬件设计,中央服务平面,在高速交换背板基础上建立,带有独立的控制和数据平面,适应性平台,可扩展的，处理能力,提供性能以及容量上的扩展性,可用性,所有部件均采用冗余备份,Service Processing Cards,Fabric,Input/Output Cards,RE,SRX,软件能力,高度集成的服务,高级服务以及特性的可见性,在同一张卡上提供新增服务,高密度，可编程的处理能力,智能化的任务分担,将计算分布到整个系统中,优异的分布式模型用于会话的建立以及服务的提供,可扩展的服务,在网络各“层”上的服务,丰富的第三层特性,路由,/QoS/NAT,完整的,L4-7,支持, FW, VPN, IDP, UTM,Services Processing Card,Fabric,QoS,DoS,NAT,VPN,FW,IDP,SRX 5000,系列动态服务网关,SRX 5000,系列服务网关,2008,年,9,月发布,革命性的架构,集成的服务,可伸缩的性能,简化的操作,世界上最高速的安全解决方案,ScreenOS,的历史，在,JUNOS,里面延续,基于动态服务的架构，加速了新服务的部署,SRX5000,世界最快的安全解决方案,世界最大容量的防火墙,集成式的服务,可扩展的性能,简化的操作,以,JUNOS,和,Juniper,动态服务架构,(DSA),驱动,SRX5800,竖插机箱,2,个专用交换矩阵模块（缺省）,12,个插槽（,SPC/IOC,）,接口,IOC,模块（内置,NP,模块）,40-SFP,4-10Gig,FlexIO 2 slot FPC,16xGE, 4x10G modules,SPC,模块,尺寸,16U,性能,FW 150 Gbps,VPN 30 Gbps,IDP 30 Gbps,并发会话数, 8M,新建会话, 350K,并发,VPN,隧道数, 100k,SRX5600,横插机箱,1,个交换矩阵模块,6,个插槽（,SPC/IOC,）,接口模块,40-SFP,4-10Gig,FlexIO 2 slot FPC,16xGE, 4x10G modules,SPC,模块,尺寸, 8U,性能,FW 60 Gbps,VPN 15 Gbps,IDP 15 Gbps,并发会话数, 8M,新建会话数, 350k,并发,VPN,隧道数, 100k,FlexIOC,低成本，模块化的,I/O,卡,全宽度,支持两种插拔模块,16xSFP, 16xCopper & 4xXFP,基于现有的架构,可以与当前,40xSFP/4xXFP IOC,卡互操作,20Gbps,最大吞吐,Vs. 40Gbps for 4x10G or 40x1G IOCs,16x10/100/1000,4x10Gig XFP,NEW!,服务处理卡,Fabric,输入,/,输出卡,流查找,分类,DoS/DDoS,限速,入流包,出流包,服务处理,FW/IPSec VPN/IDP,NAT/,路由,路由,/,设备管理,QoS/Shaping,SRX 5K,包流,完全集成式,RE,SRX3000,最具效益的网络安全解决方案,在不影响安全下最大化了灵活性,不可超越的性价比,由,JUNOS,以及,Juniper,动态服务架构,(DSA),驱动,SRX3400,:,产品简介,硬件,模块化的机箱,7,槽,(4,槽在前面, 3,槽在后面,),3U,机箱高度,双,RE ready,1+1,电源,固定接口,12 built-in (8-10/100/1000 + 4-SFP),2 Ethernet Management Ports,模块化接口,16-10/100/1000,16-SFP,2-XFP,性能,&,处理能力,FW 10 / 20 Gbps,VPN 6 Gbps,IDP 6 Gbps,并发会话数, 2.25M,每秒新建会话数, 175k,Front,Rear,SRX3600,:,产品简介,硬件,模块化的机箱,12,槽,(6,在前面, 6,槽在后面,),5U,机箱高度,双,RE ready,2+2,电源,固定接口,12 built-in (8-10/100/1000 + 4-SFP),2 Ethernet Management Ports,模块化接口,16-10/100/1000,16-SFP,2-XFP,性能,&,处理能力,FW 10 / 20 / 30 Gbps,VPN 10 Gbps,IDP 10 Gbps,并发会话数, 2.25M,每秒新建会话数, 175k,Front,Rear,1.5,服务处理卡,流查找,分类,DoS/DDoS,限速,入流包,出流包,服务,FW/VPN/IDP,NAT/,路由,RE,路由,/,设备管理,QoS/Shaping,Fabric,Fabric,网络处理卡,超卖控制,输入输出卡,SRX 3K,包流,完全集成式,Juniper,完整的中低端,UTM,产品系列,Centrally managed by NSM,Telecommuter/Small Office,Small to Medium Branch,Large Branch/Regional Office,SRX 100,SRX 210,防火墙性能（最大）,750 Mbps,IPS,性能,80 Mbps,VPN,性能,75 Mbps,最大的并发会话数量,64 K,SRX 240,防火墙性能（最大）,1.5 Gbps,IPS,性能,250 Mbps,VPN,性能,250 Mbps,最大的并发会话数量,128 K,SRX 650,防火墙性能（最大）,7 Gbps,IPS,性能,900 Mbps,VPN,性能,1.5 Gbps,最大的并发会话数,512 k,SRX650,固定接口,4xGE (routing only),GPIM,插槽数量,8,USB,接口,(flash),2 per processor,PoE,以太网供电,Up to 48 ports (250 W or 500 W),PSTN voice ports,Up to 8 Analog, 2xT1/E1, per GPIM,（,2010,年）,AV & IDP HW CSA,Standard,防火墙包转发能力（,64,字节）,900Kpps,防火墙吞吐量,7Gbps,2,.5,Gbps (IMIX),VPN,吞吐量,1 .5Gbps,IDP,吞吐量,900 Mbps,最大并发连接,512,000,每秒新建连接,30,000,高可用性支持,A/A or A/P, Hot s, Dual processors, Dual power,定位在企业核心或大型分支机构,模块化可扩展的接口,最大支持,52,个千兆,可选的冗余电源,可扩展语音功能,(field upgradable via PIMs in 2010),路由和,UTM,功能的完美融合, Firewall/VPN, IPS (IDP), anti-virus, anti-spam, web filtering, content-filtering, UAC Enforcement,SRX240,固定接口,16 x GE,Mini-PIM,插槽,4,3G wireless option,Mini-PIM,USB ports (flash),2,PoE,以太网供电,16 ports (150 W),可选,PSTN,语音接口,2xFXS, 2xFXO & mini-PIM,（,09,年底）,AV & IDP,硬件加速,: CSA,高内存版本支持,防火墙包转发能力（,64,字节）,200Kpps,防火墙吞吐量,1.5Gbps,5,00 Mbps (IMIX),VPN Performance,2,5,0 Mbps,IDP Performance,2,5,0 Mbps,最大并发连接,64k/128k,每秒新建连接,9000,High Availability,A/A or A/P,面向中小型分支机构,广域网模块支持,路由功能（,JUNOS,）,UTM,功能, Firewall/VPN, IPS (IDP), anti-virus, anti-spam, web filtering, content-filtering, UAC Enforcement,UTM requires High memory,mini-PIM,语音卡,- (Q409),出厂内置语音模块,(Q409),SRX210,固定接口,2 x GE + 6 x FE,Mini-PIM,插槽,1,3G wireless slot,PC Express Card,USB ports (Flash),2,以太网供电,PoE,4 ports (50 W total),可选的语音接口,2xFXS, 2xFXO & mini-PIM,AV & IDP,硬件加速,: CSA,高内存版本支持,防火墙包转发能力（,64,字节）,80Kpps,防火墙吞吐量,750Mbps,2,5,0 Mbps (IMIX),VPN,吞吐量,7,5 Mbps,IDP,吞吐量,80,Mbps,最大并发连接,32k/64k,每秒新建连接,2000,High Availability,A/A or A/P,面向小型企业与分支机构,可支持广域网接口,路由、,NAT,完整的,UTM,功能, Firewall/VPN, IPS (IDP), anti-virus, anti-spam, web filtering, content-filtering, UAC Enforcement,UTM,需要高内存版本支持,Available Voice version with mini-PIM options - (Q3 09),Factory-configured voice model (Q309),SRX100,固定接口,8 x FE,Mini-PIM,插槽,No,Optional 3G wireless*,PC Express Card,USB ports (Flash),1,PoE,不支持,Optional WAN models,VDSL2,Optional WLAN models,802.11n,Voice Ports,No,防火墙包转发能力（,64,字节）,60 Kpps,防火墙吞吐量,175 Mbps (IMIX),VPN Performance,75 Mbps,IDP Performance,80 Mbps,High Availability,A/A or A/P,Ideal for micro-branch, managed telecommuters, SOHO,Fixed I/O 8 x 10/100 Ethernet ports,Routing, NG NAT,Full UTM features Firewall/VPN, IPS (IDP), anti-virus, anti-spam, web filtering, content-filtering, UAC Enforcement,UTM requires High Memory model (Software UTM, no CSA),ExpressCard slot on VDSL & 802.11n platforms,SRX,分支机构产品特色,性能,“,内容安全硬件加速,” IDP & Antivirus,硬件加速功能,“Express AV” Antivirus stream matching,集成的多业务安全平台,路由（广域网模块支持）、交换、防火墙、,VPN,动态,VPN,客户端（类似于,NC,，仅,SRX200,系列支持）,入侵防御功能,(,完整,IDP,功能）,防病毒、防垃圾邮件与网页过滤,语音功能、无线、应用加速功能（未来）,3G,模块支持,PoE,、,PoE+,可靠性设计,基于多核处理器转发与控制分离架构,JSRP,高可用性支持（,A/A,、,A/P,）,基于,JUNOS,的多业务安全平台,SRX210,3G,无线广域网,Deployments-,Primary connection where wired broadband is not available,Back up connectivity with wired primary.,Out of band management, remote deployment.,Available on SRX210,HQ,Datacenter,3G Wireless,Dynamic VPN Services,INTERNET,Retail,Branch,Regional,分支机构无线,AP,解决方案,Juniper 802.11n,室内解决方案,Backwards compatible to .11a/b/g,Dual mode radio support 300Mbps (Aggregate),Single radio 200Mbps (160Mbps typical),Spatial Streams: 2x2:2, 2x3:2, 3x3:2,UL2043 Plenum rated for over ceiling mounting.,50 Meter range (indoor),Unit can be mounted on ceiling or wall,Virtual AP technology Support of up to 16 simultaneous SSIDs,802.11e WMM capable,1 Gigabit Ethernet POE support,Optional External Power Supply,Serial Consol Support,L2 Managed by SRX Branch Products,Additional licensing cost for Branch SRX to manage multiple access points Clusters of 4,8,16 APs.,软件特性,802.1Q VLAN support,Up to 4,096 VLAN support (platform dependent),Routed VLAN Interface (RVI),GARP VLAN Registration Protocol (GVRP),QOS on VLAN interface,L3 Strict priority queuing (LLQ),L3 Smoothed Deficit Weighted Round Robin (SDWRR),L3 Weighted Random Early Discard (WRED),L3 Per port and per queue shaping,802.1x Port based Authentication,802.3ad (AX) link aggregation*,STP, Spanning Tree Protocol,802.1D Spanning Tree Protocol,802.1S Multiple STP,802.1w Rapid STP,Jumbo Frame Support (9,216 Byte)*,以太网交换,SRX210,SRX240,SRX650,硬件,(,主机板上的以太网,),SRX100,8 Fixed 10/100 (Switched or Routed),SRX210,Fixed 2 10/100/1000 + 6 10/100 (Switched or Routed),802.3af optional POE (2FE + 2GE),SRX240,Fixed 16 Ports 10/100/1000 (Switched or Routed),Power over Ethernet (optional all ports),802.3af, 802.3at,SRX650,Fixed 4 ports 10/100/1000 (Routed),硬件（,Ethernet,模块）,SRX Mini-PIM (SRX210/SRX240),1 Port SFP,16 port GigE XPIM for SRX650,Double-high,Full-duplex 20 Gbps backplane,16 port GE and optional PoE,24 port GigE including 4 SFP slots XPIM for SRX650,Double-high - double-wide,Optional POE - 24 port GE with PoE incl 4 SFP slots,Full-duplex 20 Gbps backplane,Optics,SRX GE SFP LH | SRX GE SFP LX | SRX GE SFP SX |SRX GE SFP 1000 Base-T | SRX FE FX SFP,SRX100,*,Not supported on SRX100,Unified Threat Management (UTM) Features,Websense to block to unapproved site access,Web Filtering,Kaspersky Lab AV stops Viruses, Trojans, Spyware, Adware, Keyloggers,Kaspersky Lab AV stops viruses, trojans or spread of spyware, adware, keyloggers,Antivirus,Symantec stops Spam / Phishing,Antispam,Juniper IDP detects/stops Worms, Trojans, DoS (L4 & L7), Scans,IPS,Firewall, VPN, Unified Access Control,Core Security,Firewall, VPN, Unified Access Control,SRX Series blocks transmission of files for Data Loss Prevention,Content Filtering,Internal Threats,External Threats,INTERNET,Juniper IDP detects/stops Worms, Trojans, DoS (L4 & L7), Scans,Juniper Networks Unified Access Control (UAC),UAC Agent,EX Series,L2 Switch,802.1X Switches & Access Points,APPLICATIONS,Juniper Firewall Platforms,POLICY SERVER,Identity Stores,IC Series,1,UAC Enforcement Points,Data,App,Internet,NS,SSG,ISG,2,2,3,Control Access to Protected Resources,Dynamically Provision Policy Enforcement,Authenticate User,Pro, Determine Location,Comprehensive, vendor-agnostic, standards-based access control across heterogeneous environments delivering investment protection,1,SRX,SRX210,Remote Access,Dynamic VPN Service Access Manager Client,A dynamic IPSEC Client that is automatically downloaded,5-user, 10-user, 25-user, 50-user (SRX240) license option with simultaneous tunnel enforcement,Supported on the SRX100*, SRX210, and SRX240,Not supported on SRX650,Automatic client upgrade capabilities,Self-provisioning from SRX210, SRX240,IPSec with TCP-based fallback for NAT traversal,Initial release to support Windows platformsXP, Vista, Win 2000,Wired,Wireless,3G Wireless,Dynamic VPN Services,INTERNET,*,Supported in JUNOS 10.0,Juniper Unified Management,Unified management across Junipers network infrastructure,Network lifecycle managementProvision, Monitor, and Troubleshoot,Consistent and Open standards NBI for easy integration with 3rd party NMS,EMS,NMS,Visibility,Diagnostics,SNMP, Syslog, XML,SNMP, Syslog,NetConf, DMI, Syslog, Sflow,Security Threat Response Manager,Network & Security Manager (NSM),JUNOScope,Advanced Insight Manager,NETWORK MANAGEMENT,ONE,JUNOS,CLI, JUNOScript,ONE,J-Web,Web UI,HTTP / HTTPS XML,Telnet, SSH, XML,Switching,Security,Routing,MX Series,M Series,ISG/IDP,SSL VPN,Infranet Controller,SRX5600,Network and Security Manager,Along with SRX, NSM Manages Junipers entire enterprise portfolio*,NSM is a great way to port ScreenOS customers over to a JUNOS solution and to help manage a mixed environment,Common Management also offers huge up-sell opportunity,Security Threat Response Manager,STRM supports SRX Series,Intrusion Prevention System (IPS),220+ out-of-the box report templates,Fully customizable reporting engine: creating, branding and scheduling delivery of reports,Compliance reporting packages for PCI, SOX, FISMA, GLBA, and HIPAA,Reports based on control frameworks: NIST, ISO and CoBIT,Rapid Deployment,Simplified deployment-,Eliminate need for-,Pre-staging device,IT at point of installation,Reduce -,Provisioning time,Installation cost,No “truck roll”,A Unique ID for tracking purposes,Untrust Interface configuration,Configuration parameters to enable “registration” of device to management server,User/Password,Management Server IP Address/Domain Name,One time password,1. Generate and export startup config to USB,Network and Security Manager,USB Loads startup config,Validation of start up config,Secure communication to NSM,SRX 210,5. Download Running Config,6. SRX In Service,Juniper Branch Products,SSG, SRX, and J Series Products,SSG Family,FW, VPN, NAT, UAC,IPv6 Security,Wireless (WLAN),Unified Threat Management,Intrusion Prevention: DI,AntivirusKaspersky,Web filteringWebsense,AntispamSymantec,J Series,FW, VPN, NAT, UAC,Routing, Switching, QOS, MPLS,WXISM 200 Application Acceleration,VoIPAvaya Integ. Gway,Unified Threat Management,Full IDPJuniper,AntivirusKaspersky,Web filteringWebsense,AntispamSymantec,SRX,Unified Threat Management,Full IDPJuniper,AntivirusKaspersky,Web filteringWebsense,AntispamSymantec,VoIP,Juniper OpenCommunications,Power over Ethernet,FW, VPN, NAT, UAC,SSG320M,SSG5 Wireless,SSG20 Wireless,J2320,J2350,SSG140,SSG350M,SSG520,SSG520M,J6350,SSG550,SSG550M,J4350,ScreenOS,SRX 100,SRX 210,SRX 240,SRX 650,Juniper,防火墙产品市场定位,Juniper,防火墙有着非常完整的产品线，能够覆盖从,soho,级到运营商核心级所有用户的需求。,SSG,系列中低端防火墙针对中小型企业,购买成本及维护成本是首要的需求,路由、安全功能,All in one,统一的配置界面,Juniper SSG,系列,产品具备无可比拟的优势,购买成本较低,无需管理多台设备,性能可接受,高端防火墙针对运营商及大型企业,性能与稳定性是用户首要的需求,防火墙不能因为开启新业务成为网络处理能力的瓶颈,防火墙需具备高稳定性，不能影响业务的正常开展,Juniper ISG/SRX3000/SRX5000,的目标客户,SRX,产品系列的定位,对当前,SSG/ISG,产品线的补充完善,SRX,当前主推的型号,SRX650,、,SRX3400,、,SRX3600,、,SRX5800,SRX,高端产品的竞争优势,性能,SRX5000,系列无与伦比的性能,单体吞吐量,120Gbps,灵活的配置,根据客户需求灵活选择,SPC,的数量，达到所需的性能,硬件,转发与控制分离（路由引擎、,SPC,、,NPC,由独立硬件处理，并可按需配置）,交换矩阵，彻底摆脱现有防火墙通过总线进行内部数据交换的现状，提供高性能的交换矩阵，真正无阻塞交换（,SRX5000,采用,MX,系列的交换矩阵；,SRX3000,系列采用,SF16,矩阵）,接口数量总数多（,SRX5800,最大可支持,240,个,GE,，,24,个万兆；,SRX3600,缺省有,12,个千兆口，总千兆接口,100+,，总万兆口,12,个）,功能,JUNOS,的优势,路由,QoS,配置回退,完整的,IDP,功能（独立硬件处理，多核处理器中独立的,core,）,基于硬件的,DoS,攻击防护功能（,Screen,功能）,基于策略的流量统计、基于策略的新建会话统计等,为什么要卖,SRX5800,？,实现竞争对手无法做到容量和性能， 满足未来业务流量快速增长,SRX,高端特有的技术优势，技术特色明显,如果能卖,SRX5000,，一般就卖,SRX5800,，不卖,SRX5600,，因为价格成本基本一样,SRX5800,SRX5600,为什么要卖,SRX3400/3600,？,解决,ISG2000,和,NS5200,竞争力不够的问题，性价比好，技术特色明显,SRX3400,价格与,ISG2000,相当，接口配置相同时比,ISG2000,稍便宜。,性能容量远在,ISG2000,之上，各项性能提高,28,倍,SRX,高端特有的技术优势，容易在竞争中胜出,SRX3400,SRX3600,为什么要卖,SRX650,？,价格弥补了,ISG1000,与,SSG550,之间的空档,性能弥补了原来,4G10G,之间的空挡,很高的性价比，性能指标远在,ISG1000,之上,在接口密度高时，有更高的性价比,可配置双电源，竞争有力武器,外表好，个头大，有面子,SRX650,ISG1000,SSG550,推荐,SRX,高端产品时与客户的话题,防火墙的发展趋势,可按需扩展的动态可适应型体系架构,高可靠性,安全性与,QoS,42,Software based firewall,(1994 CheckPoint Firewall-1),Software based router,(1987 Cisco AGS),ASIC based firewall,(1999 Netscreen NS-1000),Workstation +routing daemon,Workstation + software,(1991 DEC SEAL),ASIC based router,(1998 Juniper M40),“,就像广泛应用于企业和服务提供商骨干网上的基于,ASIC,结构的路由器,/,交换机竞争一样，安全领域同样存在软件和硬件产品之间的竞争。任何关注高性能网络安全的经理们都应当备加关注于此。”,By Kevin Tolly Tolly Research/The Tolly Group,总裁,防火墙架构演进路线,NOW:,ASIC + MultiCore router Matrix,NOW:,MultiCore + NPSwitch Fabric based,43,路由器集成包过滤功能,1989,1994,第一台商用软件防火墙,DEC SEAL,发布,防火墙上集成用户认证功能,防火墙集成,NAT,功能,防火墙集成,IPsec VPN,防火墙集成虚拟系统,1991,1993,1999,2002,防火墙功能演进路线,防火墙集成,IPS,功能,2002,七层线速级能力,2004,UTM,功能防火墙,2006,防火墙集成,MPLS,2008,44,Gartner Next Generation FireWall (NGFW),As a mininum, an NGFW will have the following attributes:,Support in-line bump-in-the-wire configuration without disrupting network operations.,Act as a platform for network traffic inspection and network security enforcement, with the following minimum features:,Standar