Juniper ACCESS-EES-100U-3YR
Contents
1. User Licenses SA6500 ADD 100U SA6500 ADD 250U SA6500 ADD 500U SA6500 ADD 1000U SA6500 ADD 2500U SA6500 ADD 5000U SA6500 ADD 7500U SA6500 ADD 10000U Add 100 simultaneous users to SA6500 FIPS Add 250 simultaneous users to SA6500 FIPS Add 500 simultaneous users to SA6500 FIPS Add 1 000 simultaneous users to SA6500 FIPS Add 2 500 simultaneous users to SA6500 FIPS Add 5 000 simultaneous users to SA6500 FIPS Add 7 500 simultaneous users to SA6500 FIPS Add 10 000 simultaneous users to SA6500 FIPS Multiple SA6500 s required Feature Licenses SA4500 FIPS SA6500 MTG Secure Application Manager and Network Connect Clustering Licenses for SA6500 FIPS SA4500 CL 50U Clustering Allow 50 users to be shared from SA6500 IVS Advanced for SA6500 FIPS See eee SA6500 ICE Secure Meeting for SA6500 FIPS SA4500 CL 100U SA4500 CL 250U SA4500 CL 500U SA4500 CL 1000U Accessories UNIV MRIU RAILKIT Clustering Allow 100 users to be shared from another SA4500 FIPS Clustering Allow 250 users to be shared from another SA4500 FIPS Clustering Allow 500 users to be shared from another SA4500 FIPS Clustering Allow 1000 users to be shared from another SA4500 FIPS Rack mount kit for SA2500 or SA4500 FIPS SA6500 ICE CL Clustering Licenses SA6500 CL 100U SA6500 CL 250U SA6500 CL 500U SA6500 CL 1000U SA6500 CL 2500U SA6500 CL 5000U SA6500 CL 7500U SA6500 CL 10000U In Case of Emergency clust2. Safety certifications Emissions certifications Warranty 90 days Can be extended with support contract Juniper Networks Services and Support Juniper Networks is the leader in performance enabling services and support which are designed to accelerate extend and optimize your high performance network Our services allow you to bring revenue generating capabilities online faster so you can realize bigger productivity gains and faster rollouts of new business models and ventures At the same time Juniper Networks ensures operational excellence by optimizing your network to maintain required levels of performance reliability and availability For more details please visit www juniper net us en products services Ordering Information MODEL NUMBER DESCRIPTION MODEL NUMBER DESCRIPTION SA4500 FIPS SA6500 FIPS BN O E E Base System SA4500FIPS 5A4500 FIPS Base System SA6500FIPS SA6500 FIPS Base System User Licenses SA4500 ADD 50U SA4500 ADD 100U SA4500 ADD 250U SA4500 ADD 500U SA4500 ADD 1000U Feature Licenses SA4500 MTG SA4500 IVS SA4500 ICE SA4500 ICE CL Add 50 simultaneous users to SA4500 FIPS Add 100 simultaneous users to SA4500 FIPS Add 250 simultaneous users to SA4500 FIPS Add 500 simultaneous users to SA5000 FIPS Add 1 000 simultaneous users to SA4500 FIPS Secure Meeting for SA4500 FIPS Instant Virtual System for SA4500 FIPS In Case of Emergency License for SA4500 FIPS In Case of Emergency Clustering License for
3. provisioning of UAC sessions into the SA Series Users need to authenticate only one time to get access in these types of environments Dynamically download Webroot s market leading anti malware software to enforce endpoint security on devices which may not be corporate assigned computers being used for network access Automatically remediate non compliant endpoints by updating software applications that do not comply to corporate security policies Dynamically initiates an update of these software applications on the endpoint using the Microsoft SMS protocol Client computers can be checked both prior to and during a session to verify an acceptable security posture requiring installed running endpoint security applications antivirus firewall other Also supports custom built checks including verifying ports opened closed checking files process and validating their authenticity with Message Digest 5 MD5 hash checksums verifying registry settings machine certifications and more Created in partnership with best of breed endpoint security vendors Enables enterprises to enforce an endpoint trust policy for managed PCs that have personal firewall antivirus clients or other installed security clients and quarantine non compliant endpoints Allows interoperability with diverse endpoint security solutions from antivirus to patch management to compliance management solutions Allows the enterprise to establish trustworthine
4. access privilege management capabilities without infrastructure changes custom development or software deployment maintenance This facilitates the easy deployment and maintenance of secure remote access as well as secure extranets and intranets When a user logs into an SA4500 FIPS or SA6500 FIPS appliance they pass througha pre authentication assessment and are then dynamically mapped to the session role that combines established network device identity and session policy settings Granular resource authorization policies further ensure exact compliance to security strictures Table 3 SA4500 FIPS and SA6500 FIPS Access Privilege Management Capabilities FEATURE FEATURE DESCRIPTION BENEFIT User Record Synchronization VDI Virtual Desktop Infrastructure Support ActiveSync Feature Hybrid role resource based policy model Pre authentication assessment Dynamic authentication policy Dynamic role mapping Resource authorization Granular auditing and logging Custom expressions Supports synchronization of user records such as user bookmarks across different non clustered SA Series appliances Allows interoperability with VMware View Manager and Citrix XenDesktop to enable administrators to deploy virtual desktops with the SA Series appliances Provides secure access connectivity from mobile devices such as Symbian Windows Mobile or iPhone to the Exchange server with no client software installation Enab
5. for accelerating the deployment of services and applications over a single network This fuels high performance businesses Additional information can be found at www juniper net Notes Corporate and Sales Headquarters APAC Headquarters EMEA Headquarters Juniper Networks Inc Juniper Networks Hong Kong Juniper Networks Ireland 1194 North Mathilda Avenue 26 F Cityplaza One Airside Business Park Sunnyvale CA 94089 USA 1111 King s Road Swords County Dublin Ireland Phone 888 JUNIPER 888 586 4737 Taikoo Shing Hong Kong Phone 35 31 8903 600 or 408 745 2000 Phone 852 2332 3636 EMEA Sales 00800 4586 4737 Fax 408 745 2100 Fax 852 2574 7803 Fax 35 31 8903 601 www juniper net Copyright 2010 Juniper Networks Inc All rights reserved Juniper Networks the Juniper Networks logo Junos NetScreen and ScreenOS are registered trademarks of Juniper Networks Inc in the United States and other countries All other trademarks service marks registered marks or registered service marks are the property of their respective owners Juniper Networks assumes no responsibility for any inaccuracies in this document Juniper Networks reserves the right to change modify transfer or otherwise revise this publication without notice 1000264 008 EN May 2010 To purchase Juniper Networks solutions please contact your Juniper Networks representative at 1 866 298 6428 or authorized reseller Printed on recycled paper
6. CCESS EES 2500U 1YR ACCESS EES 5000U 1YR ACCESS EES 7500U 1YR ACCESS EES 10U 2YR ACCESS EES 25U 2YR Enhanced Endpoint Security subscription 10 concurrent users 1 year Enhanced Endpoint Security subscription 25 concurrent users 1 year Enhanced Endpoint Security subscription 50 concurrent users l year Enhanced Endpoint Security subscription 100 concurrent users 1 year Enhanced Endpoint Security subscription 250 concurrent users l year Enhanced Endpoint Security subscription 500 concurrent users l year Enhanced Endpoint Security subscription 1 000 concurrent users l year Enhanced Endpoint Security subscription 2 500 concurrent users l year Enhanced Endpoint Security subscription 5 000 concurrent users 1 year Enhanced Endpoint Security subscription 7 500 concurrent users l year Enhanced Endpoint Security subscription 10 concurrent users 2 year Enhanced Endpoint Security subscription 25 concurrent users 2 year SA6500 FIPS coninued ACCESS EES 50U 2YR ACCESS EES 100U 2YR ACCESS EES 250U 2YR ACCESS EES 500U 2YR ACCESS EES 1000U 2YR ACCESS EES 2500U 2YR ACCESS EES 5000U 2YR ACCESS EES 7500U 2YR ACCESS EES 10U 3YR ACCESS EES 25U 3YR ACCESS EES 50U 3YR ACCESS EES 100U 3YR ACCESS EES 250U 3YR ACCESS EES 500U 3YR ACCESS EES 1000U 3YR ACCESS EES 2500U 3YR ACCESS EES 5000U 3YR ACCESS EES 7500U 3YR Enhanced Endpoint Security subscription 50 concu
7. FIPS and SA6500 FIPS Provision by Purpose FEATURE FEATURE DESCRIPTION BENEFIT Clientless core Web access emulation Sharepoint and others Access to web based applications including complex JavaScript XML or Flash based apps and Java applets that require a socket connection as well as standards based email like Outlook Web Access OWA Windows and UNIX file share telnet SSH hosted applications terminal Provides the most easily accessible form of application and resource access and enables extremely granular security control options completely clientless approach using only a Web browser Core Web access also enables the delivery of Java applets directly from the SA4500 FIPS or SA6500 FIPS appliance Secure Application Manager SAM A lightweight Java or Windows based download enables access to client server applications Also provides native Enables access to client server applications using just a Web browser no client software is necessary access to terminal server applications without the need for a preinstalled client Network Connect Users need only a Web browser Provides complete network layer connectivity via an automatically provisioned cross platform download On the FIPS models Network Connect provides SSL VPN based transport mode for layer 3 connectivity to the corporate network Access Privilege Management Capabilities The SA4500 FIPS and SA6500 FIPS appliances provide dynamic
8. JUNIP EL NETWORKS Product Overview Government agencies and their IT staff are chartered with reconciling seemingly opposing goals provide reliable and timely information access to government employees and citizens while protecting sensitive resources Federal agencies are further directed to procure only those IT technologies that meet the rigors of government communication standards and have been certified to that effect While these strictures are actually required for some government agencies they also provide useful guidelines to private sector businesses that require stringent security Juniper Networks uniquely delivers on these needs with proven solutions that provide the most flexible secure access available among U S government certified solutions DATASHEET SA4500 FIPS ANB SA6500 FIPS SSL VPN APPLIANCES Product Description Juniper Networks is the market leader in SSL based remote access that is easy to deploy and easy to maintain All Juniper Networks SA Series SSL VPN Appliances have met or exceeded the stringent security standards of independent Internet security auditing agencies Juniper extends this leadership with a FIPS certified hardware security module that is Federal Information Processing Standards FIPS compliant Like all SA Series appliances the Juniper Networks SA4500 FIPS and SA6500 FIPS SSL VPN Appliances provide a hardened security gateway that uses the standards based SSL protocol
9. ances user productivity and provides a customized experience Associates real time control with business geographic and functional needs Simplifies the process of setting up complex multi variable polices or administration for multiple types of groups roles Lower TCO In addition to enterprise class security benefits the SA4500 FIPS and SA6500 FIPS appliances have many features that enable low total cost of ownership Table 8 SA4500 FIPS and SA6500 FIPS Lower TCO FEATURE FEATURE DESCRIPTION BENEFIT WX Client Integration Based on industry standard protocols and security methods Extensive directory integration and broad interoperability Integration with strong authentication and identity and access management platforms Cross platform support When deployed in conjunction with the Juniper Networks WX Client the SA Series can dynamically provision secure accelerated remote access for employees partners and contractors For more details on WX Client please visit www juniper net application acceleration No installation or deployment of proprietary protocols is required Existing directories can be leveraged for authentication and authorization enabling granular secure access without recreating those policies Ability to support SecurlID Security Assertion Markup Language SAML and PKI digital certificates Ability for any platform to gain access to resources such as Windows Mac Linux or mobile de
10. ecurity The SA4500 FIPS and SA6500 FIPS appliances incorporate a FIPS certified HSM The HSM handles cryptographic processing as well as key and certificate management in a hardened tamper proof hardware module The HSM provides the additional benefit of offloading cryptographic processing from the host CPU thus optimizing overall system performance while adding a physical layer of security The SA4500 FIPS and SA6500 FIPS appliances also have a tamper evident label that deters physical security breaches and provides visual indication of appliance integrity FEATURE FEATURE DESCRIPTION BENEFIT FIPS140 2 Level 3 Certified for the Hardware Security Module amp Network Connect Client Complies with the latest U S Government best practices FIPS140 2 is recognized by CESG as meeting security criteria for use in data traffic categorized as Private CESG Advanced protection to provide the most stringent security is the UK Government s National Technical Authority for Information Assurance responsible for enabling secure and trusted knowledge Provision by Purpose The SA4500 FIPS and SA6500 FIPS appliances include three different access methods These different methods are selected as part of the user s role allowing the administrator to enable the appropriate access on a per session basis taking into account user device and network attributes in combination with enterprise security policies Table 2 SA4500
11. en necessary Uses current security policies with remote users and devices easier management Enables customers to leverage existing investments in endpoint security solutions from third party vendors Enables access to extranet endpoint devices like PCs from partners that may run security clients different from that of the enterprise Not designed to run any additional services and is thus less susceptible to attacks no back doors to exploit or hack Ensures that unauthenticated connection attempts such as malformed packets or denial of service DoS attacks are filtered out Ensures that all corporate data is securely deleted froma kiosk or other Unmanaged endpoint after a session Ensures that no potentially sensitive session data is left behind on the endpoint machine Prevents sensitive metadata like cookies headers and form entries from leaving the network Effectively identifies stops and remediates both network and application level threats within remote access traffic Performance Scalability with the SA6500 FIPS The SA6500 FIPS is specifically designed to accommodate large numbers of users with complex application needs and provides application performance optimization via compression algorithms and hardware based SSL acceleration These features allow the appliance to process large simultaneous transaction loads while minimizing perceptible latency to users Table 5 SA6500 FIPS Performance Scalabilit
12. ering license for SA6500 FIPS Clustering Allow 50 users to be shared from another SA6500 FIPS Clustering Allow 100 users to be shared from another SA6500 FIPS Clustering Allow 250 users to be shared from another SA6500 FIPS Clustering Allow 1000 users to be shared from another SA6500 FIPS Clustering Allow 2500 users to be shared from another SA6500 FIPS Clustering Allow 5000 users to be shared from another SA6500 FIPS Clustering Allow 7500 users to be shared from another SA6500 FIPS Clustering Allow 10000 users to be shared from another SA6500 FIPS Ordering Information continued MODEL NUMBER DESCRIPTION Accessories MODEL NUMBER DESCRIPTION Enhanced Endpoint Security Licenses for SA4500 FIPS and UNIV PS 400W AC UNIV 80G HDD UNIV MR2U FAN UNIV MR2U RAILKIT UNIV SFP FSX UNIV SFP FLX UNIV SFP COP SA6500 IOC Field upgradeable secondary 400 W power supply for SA6500 FIPS Field replaceable 80 gigabyte hard disk for SA6500 FIPS Field replaceable fan for SA6500 FIPS Rack mount kit for SA6500 FIPS Mini GBIC transceiver fiber SX for SA6500 FIPS Mini GBIC transceiver fiber LX for SA6500 FIPS Mini GBIC transceiver copper for SA6500 FIPS GBIC I O card Enhanced Endpoint Security Licenses for SA4500 FIPS and SA6500 FIPS ACCESS EES 10U 1YR ACCESS EES 25U lYR ACCESS EES 50U 1YR ACCESS EES 100U 1YR ACCESS EES 250U 1YR ACCESS EES 500U 1YR ACCESS EES 1O00U 1YR A
13. f configuring Optimized uptime operational convenience high availability Seamless failover with minimal user downtime and loss of productivity Superlative scalability with a large number of user licenses that scale access as the user base grows updating and monitoring SA Series appliances whether within a single device local cluster or across a global cluster deployment Table 7 SA4500 FIPS and SA6500 FIPS Streamlined Management and Administration FEATURE FEATURE DESCRIPTION BENEFIT Constrained delegation Advanced SSO enhancements Juniper Networks Network and Security Manager NSM Password management integration Web based Single Sign On SSO BASIC Auth and NTLM Web based SSO forms based header variable based SAML based Role based delegation Easy to edit role mapping and resource authorization policies When a user logs into the SA Series with a credential that cannot be proxied through to the backend server the SA Series will retrieve a Kerberos ticket on behalf of the user from the Active Directory infrastructure The ticket will be cached on the SA Series throughout the session When the user accesses Kerberos protected applications the SA Series will use the cached Kerberos credentials to log the user into the application without prompting for a password SA Series will automatically authenticate remote users via Kerberos or NTLMv2 using user credentials Intuitive centralized user i
14. hes SFP module optional Fast Ethernet IEEE 802 3u compliant Gigabit Ethernet IEEE 802 3z or IEEE 802 3ab compliant One RJ 45 serial console port AC Power Wattage AC Power Voltage System Battery Efficiency Mean time between failures MTBF Environment Max 300 Watts 100 240 VAC 50 60 Hz 2 5 A CR2032 3V lithium coin cell 80 minimum at full load 72 000 hours Max 400 Watts 100 240 VAC 50 60 Hz 2 5 A CR2032 3V lithium coin cell 80 minimum at full load 98 000 hours Operating temp Storage temp Relative humidity operating Relative humidity storage Altitude operating Altitude storage 41 to 104 F 5 to 40 C 40 to 158 F 40 to 70 C 8 to 90 noncondensing 5 to 90 noncondensing 10 000 ft 3 048 m maximum 40 000 ft 12 192 m maximum 41 to 104 F 5 to 40 C 40 to 158 F 40 to 70 C 8 to 90 noncondensing 5 to 90 noncondensing 10 000 ft 3 048 m maximum 40 000 ft 12 192 m maximum Specifications continued Certifications Common Criteria EAL3 certification Yes Yes EN60950 1 2001 A11 UL60950 1 2003 CAN CSA EN60950 1 2001 All UL60950 1 2003 CAN CSA C22 2 No 60950 1 03 IEC 60950 1 2001 C22 2 No 60950 1 03 IEC 60950 1 2001 FCC Class A EN 55022 Class A EN 55024 Immunity EN FCC Class A EN 55022 Class A EN 55024 Immunity EN 61000 3 2 VCCI Class A 61000 3 2 VCCI Class A 90 days Can be extended with support contract
15. les up to 5000 simultaneous sessions on the SA6500 Administrators can tailor access Network and device attributes including presence of Host Checker Cache Cleaner results of endpoint security scans source IP browser type and digital certificates can be examined even before login is allowed Enables administrators to establish a dynamic authentication policy for each unique session Combines network device and session attributes to determine which of three different types of access is allowed Provides extremely granular access control to the URL server or file level Can be configured at the per user per resource and per event level for security purposes as well as capacity planning Enables the dynamic combination of attributes on a per session basis at the role definition mapping rules and the resource authorization policy level Ensures ease of experience for users who often travel from one region to another and therefore need to connect to different SA Series appliances Provides seamless access to remote users to their virtual desktops hosted on VMware or Citrix servers Provides dynamic delivery of the Citrix ICA client or the VMware View client including dynamic client fallback options to allow users to easily connect to their virtual desktops Simplifies the end user experience when they are using a mobile device to get network access Ensures that security policies reflect changing business requi
16. nterface for configuring updating and monitoring SA Series appliances within a single device cluster or across a global cluster deployment Standards based interface for extensive integration with password policies in directory stores LDAP Microsoft Active Directory NT and others Allows users to access other applications or resources that are protected by another access management system without re entering login credentials Ability to pass user name credentials and other customer defined attributes to the authentication forms of other products and as header variables Granular role based delegation lessens IT bottlenecks by allowing administrators to delegate control of diverse internal and external user populations to the appropriate parties Administrators can copy and reuse existing policies Eliminates the need for companies to manage static passwords resulting in reduced administration time and costs Simplifies user experience by avoiding having users enter credentials multiple times to access different applications Enables companies to conveniently manage configure and maintain SA Series appliances and other Juniper devices from one central location Leverage existing servers to authenticate users users can manage their passwords directly through the SA Series interface Alleviates the need for end users to enter and maintain multiple sets of credentials for web based and Microsoft applications Enh
17. on Field upgradeable secondary 400 W power supply Field replaceable 80 gigabyte hot swappable hard disk Field replaceable hot swappable fan 4 port small form factor pluggable SFP GBIC transceiver 1 OOOBASE T RJ45 copper 1000BASE SX fiber 1 OOOBASE LX fiber Dimensions W x H x D Weight Material Fans Rack mountable Panel Display PS fail HDD activity and RAID status LEDs 17 26 x 1 75 x 14 5 in 43 8 x 4 4 x 36 8 cm 15 6 lb 7 1 kg typical unboxed 18 gauge 048 in cold rolled steel Three 40 mm ball bearing fans One 40 mm ball bearing fan in power supply 19 inches 1U Power LED HD Activity HW Alert FIPS Status LED HSM Status LED 7 26 X 3 5 x 17 72 in 43 8 x 8 8 x 45 cm 26 4 lb 12 kg typical unboxed 8 gauge 048 in cold rolled steel Two 80 mm hot swap One 40 mm ball bearing fan in power supply 9 inches 1U Power LED HD Activity HW Alert HD Activity and Fail LED on Drive Tray FIPS Status LED HSM Status LED Network Console Two RJ 45 Ethernet 10 100 1000 full or half duplex auto negotiation Fast Ethernet IEEE 802 3u compliant Gigabit Ethernet IEEE 802 3z or IEEE 802 3ab compliant One RJ 45 serial console port Management One RJ 45 Ethernet 10 100 1000 full or half duplex auto negotiation Traffic Four RJ 45 Ethernet full or half duplex auto negotiation for link redundancy to internal switc
18. ource intensive application use Clusters can be deployed in either active passive or active active modes across the LAN or across the WAN Seamless failover with minimal user downtime and loss of productivity Superlative scalability with a large number of user licenses that scale access as the user base grows Dual mirrored hot swappable Serial Advanced Technology Attachment SATA hard drives and dual hot swappable fans hot swappable power supplies second power supply optional DC power supplies available Stateful peering Clustering Ensures continuous operation in the rare event of a failure of a component Units that are part of a cluster pair synchronize system state user profile state and session state data among a group of appliances in the cluster Cluster pairs multiply aggregate throughput to handle unexpected burst traffic as well as resource intensive application use Clusters can be deployed in either active passive or active active modes across the LAN or across the WAN Streamlined Management and Administration The SA4500 FIPS and SA6500 FIPS appliances include a variety of features available from a central management console at the click of a button These benefits are extended across clustered devices with the addition of Juniper Networks NSM Central Manager part of the advanced feature set NSM Central Manager is a robust product with an intuitive web based UI designed to facilitate the task o
19. rements Results can be used in dynamic policy enforcement decisions Leverages the enterprise s existing investment in directories public key infrastructure PKI and strong authentication Enables the administrator to provision by purpose for each Unique session Allows administrators to tailor security policies to specific groups providing access only to essential data Provides fine grained auditing and logging capabilities in a clear easy to understand format Enables finer granularity and customization of policy roles End to End Layered Security The SA4500 FIPS and SA6500 FIPS appliances provide complete end to end layered security including endpoint client device data and server layered security controls These include Table 4 SA4500 FIPS and SA6500 FIPS End to End Layered Security FEATURE FEATURE DESCRIPTION BENEFIT UAC SA Federation Antispyware support with Enhanced Endpoint Security SMS Auto remediation Host Checker Host Checker Application Programming Interface API Trusted Network Connect TNC support on Host Checker Policy based enforcement Hardened security appliance Security services employ kernel level packet filtering and safe routing Secure virtual workspace Cache cleaner Data trap and cache controls Coordinated threat control Seamlessly provision SA Series user sessions into Juniper Networks Unified Access Control UAC upon login or the alternative
20. rrent users 2 year Enhanced Endpoint Security subscription 100 concurrent users 2 year Enhanced Endpoint Security subscription 250 concurrent users 2 year Enhanced Endpoint Security subscription 500 concurrent users 2 year Enhanced Endpoint Security subscription 1 000 concurrent users 2 year Enhanced Endpoint Security subscription 2 500 concurrent users 2 year Enhanced Endpoint Security subscription 5 000 concurrent users 2 year Enhanced Endpoint Security subscription 7 500 concurrent users 2 year Enhanced Endpoint Security subscription 10 concurrent users 3 year Enhanced Endpoint Security subscription 25 concurrent users 3 year Enhanced Endpoint Security subscription 50 concurrent users 3 year Enhanced Endpoint Security subscription 100 concurrent users 3 year Enhanced Endpoint Security subscription 250 concurrent users 3 year Enhanced Endpoint Security subscription 500 concurrent users 3 year Enhanced Endpoint Security subscription 1 000 concurrent users 3 year Enhanced Endpoint Security subscription 2 500 concurrent users 3 year Enhanced Endpoint Security subscription 5 000 concurrent users 3 year Enhanced Endpoint Security subscription 7 500 concurrent users 3 year About Juniper Networks Juniper Networks Inc is the leader in high performance networking Juniper offers a high performance network infrastructure that creates a responsive and trusted environment
21. ss of non APIl compliant hosts without writing custom API implementations or locking out external Users such as customers or partners that run other security clients Designed on a purpose built operating system Undesirable traffic is dropped before it is processed by the TCP stack A secure and separate environment for remote sessions that encrypts all data and controls I O access printers drives All proxy downloads and temp files installed during the session are erased at logout Rendering of content in non cacheable format Enables SA Series and IDP Series appliances to tie the session identity of the SSL VPN with the threat detection capabilities of IDP Series taking automatic action on users launching attacks Provides users whether remote or local seamless access with a single login to corporate resources which are protected by access control policies from UAC or the SA Series Simplifies end user experience Protects endpoints from infection in real time from spyware and thereby protects corporate resources from harm during network access Improves productivity of remote users who will gain immediate access to the corporate network without having to wait for periodic updates of software applications and ensures compliance with corporate security policies Verifies ensures that each endpoint device meets corporate security policy requirements before granting access remediating devices and quarantining users wh
22. the cost of incremental servers eases management overhead and provides a transparent user experience with differentiated entry URLs Provides an individualized look for specified roles streamlining the user experience Quickly schedule online meetings without any training or special deployments needed Help desk staff or customer service reps can provide remote assistance to users by remotely controlling their PC without requiring users to install any software Enables a company to continue business operations by maintaining productivity sustaining partnerships and delivering continued services to customers when the unexpected happens Enables service providers SPs to offer network based SSL VPN managed services to multiple customers from a single device or cluster as well as enabling enterprises to completely segment SSL VPN traffic between multiple groups SA4500 FIPS SA6500 FIPS Specifications Upgrade Options Software Hardware Technical Specifications Secure Meeting Upgrade Option Instant Virtual Systems IVS Upgrade Option In Case of Emergency ICE Upgrade Option Additional Users Upgrade Option Clustering Upgrade Option Enhanced Endpoint Security Option None Secure Meeting Upgrade Option Instant Virtual Systems IVS Upgrade Option In Case of Emergency ICE Upgrade Option Additional Users Upgrade Option Clustering Upgrade Option Enhanced Endpoint Security Opti
23. to provide remote access via a Web browser There are no hardware or software clients to deploy configure or install no changes required for internal servers no Network Address Translation NAT or firewall traversal issues to manage and virtually no ongoing maintenance SSL itself is the most widely deployed security protocol in the world securing billions of dollars in online banking and e commerce transactions The combination of these features adds up to a solution with unbeatable security radically lower total cost of ownership TCO when compared to traditional VPNs or custom extranets and a highly scalable implementation Please note that the FIPS models will not support Junos Pulse Architecture and Key Components FIPS Security Stringent security with FIPS certified Hardware Security Module HSM and FIPS certified Layer 3 connectivity using Network Connect client on Windows platforms Rich Access Privilege Management Capabilities Dynamic controlled access at the URL file application and server level based ona variety of session specific variables including identity device security control and network trust level Provision by Purpose Three different access methods that allow administrators to balance security and access on a per user per session basis End to End Layered Security Numerous security options from the end user device to the application data and servers including coordinated threat control with Juniper Net
24. vices Improves end user productivity by providing LAN like performance for accessing applications and files via Network Connect regardless of where the end user is located Investment in the SA4500 FIPS AND SA6500 FIPS can be leveraged across many applications and resources over time Existing directory investments can be leveraged with no infrastructure changes no API s for directory integration are needed as functionality is all native built in Leverages existing corporate authentication methods to simplify administration Provides flexibility in allowing Users to access corporate resources from any type of device using any type of operating system Table 8 SA4500 FIPS and SA6500 FIPS Lower TCO continued FEATURE FEATURE DESCRIPTION BENEFIT Multiple hostname support Customizable user Interface Secure Meeting In Case of Emergency ICE Instant Virtual Systems IVS Provides the ability to host different virtual extranet websites from a single SA4500 FIPS or SA6500 FIPS SSL VPN Appliance Creation of completely customized sign in pages Secure any time anywhere cost effective online Web conferencing and remote control PC access Provides licenses for a large number of additional users on an SA Series SSL VPN Appliance for a limited time when a disaster or epidemic occurs Allows IT administrators to provision logically independent SSL VPN gateways within a single appliance cluster Saves
25. works IDP Series Intrusion Detection and Prevention Appliances Native functionality client and server side APIs and advanced malware protection capabilities for effective enforcement and unified administration of best of breed endpoint security Performance Scalability with SA6500 FIPS A variety of performance enhancing features including a hardware based SSL acceleration module and clustering to provide optimal scalability Up to 3 500 concurrent users supported on a single unit up to 10 000 concurrent users supported on a four unit cluster Dual hot swappable hard drives and dual hot swappable fans Hot swappable power supplies second power supply optional DC power supplies available 4 gigabyte SDRAM 4 port copper 10 100 1000 interface card and l port copper 10 100 1000 management interface High Availability HA Cluster pair deployment option for HA across the LAN and the WAN Table 1 SA4500 FIPS and SA6500 FIPS Security Streamlined Manageability Central management option for unified administration User self service features that enhance productivity while lowering administrative overhead Lower Total Cost of Ownership TCO Secure remote access with no client software deployments or changes to servers and virtually no ongoing maintenance Secure extranet access with no demilitarized zone DMZ buildout server hardening resource duplication or incremental deployments to add applications or users Features and Benefits FIPS S
26. y FEATURE Built in hardware based SSL acceleration Optional 4 port Small Form factor Pluggable SFP interface card with flexibility to select SX LX and copper based Gigabit Interface Connector GBIC interfaces 4 port copper 10 100 1000 interface card Clustering High Availability Offloads compute intensive encrypt decrypt process from the CPU Fully redundant meshed configuration of SSL VPN appliances with multiple load balancers Provides high speed Gigabit Ethernet connections to internal switches Cluster pairs or multi unit clusters can be deployed across the LAN or across the WAN for superlative scalability with a large number of user licenses FEATURE DESCRIPTION BENEFIT Enhanced performance Optimized uptime Enables link redundancy to the LAN Access scales as the user base grows The SA4500 FIPS and SA6500 FIPS appliances include a variety of unique first in industry capabilities for the availability and redundancy required for mission critical access in demanding enterprise environments Table 6 SA4500 FIPS and SA6500 FIPS High Availability FEATURE FEATURE DESCRIPTION BENEFIT SA4500 FIPS Stateful peering Clustering SA6500 FIPS Units that are part of a cluster pair synchronize system state user profile state and session state data among a group of appliances in the cluster Cluster pairs multiply aggregate throughput to handle unexpected burst traffic as well as res
Download Pdf Manuals
Related Search