Implementation Tasks

IMPLEMENTATION GUIDE -Juniper Networks SRX Series Services Gateways/Websense V10000

The SRX Series administrator needs to perform the following configuration steps that are specific to creating an end- to-end solution with the Websense V10000 appliance.

1.Create the web-redirect security zone that provides access to the V10000 P1 port.

2.Create a FBF that is used to redirect specific traffic from the User LAN to the V10000 P1 port.

3.Add a security policy from user-lan to web-redirect. This step is necessary to allow any traffic to be redirected to the V10000. A separate access control filter list is used to explicitly specify which traffic is actually redirected.

4.Create an access control filter (called a “firewall filter” in Junos OS) to selectively identify the traffic to be redirected to the V10000. For the purpose of this implementation guide example, this is HTTP and HTTPS traffic only.

5.Attach the redirecting firewall-filter to the physical interface attached to the User LAN network segment.

6.Add a security policy from user-lan to public-inet. This step is necessary to allow traffic to the Internet that does not need to be processed by the Websense V10000.

7.Add the V10000 “C” port to the management security zone address book. This step is necessary so that the V10000 can redirect the user Web browser to the “C” port for blocked sites or Web protocols.

8.Create a Websense-specific security application definition for the Websense redirect protocol—TCP/15871.

9.Add a security policy from user-lan to management only to the V10000 “C” port and only for the TCP/15871 traffic. This step is necessary so that the user Web browser can be redirected to the V10000 “Block Page.” Normally User LAN traffic should not be allowed to access the management security zone.

10.Add any Network Address Translation (NAT) necessary to support both web-redirect traffic as well as user-lan traffic out toward the public Internet.

There are two general approaches for configuring Junos OS devices for solution integration with partner products. The first, and most common, is manually provisioning these steps. This implementation guide presents this detailed information in a step-by-step fashion. The second approach, which is significantly easier to deploy, is using Junos OS self- provisioning for Websense. This implementation guide presents an example of such self-provisioning in the next section.

SRX Series Configuration Using Junos Automation

Junos OS natively supports the ability to extend and customize the configuration and operational elements of the SRX Series using Junos automation capabilities. The key benefit of using Junos automation is that the network administrator is not required to manually provision the SRX Series with the specific Junos OS commands. Instead, the administrator needs only to provision the relevant V10000 information, and the SRX Series automatically creates the required configuration. By using this technique, the administrator can be assured that all required configurations steps are properly completed, thereby reducing errors and enabling a faster installation.

For example, in the reference network the following is known:

•The management security zone is attached to SRX Series interface ge-1/0/1.

•The web-redirect security zone is attached to SRX Series interface ge-2/0/1.

•The V10000 appliance:

-- The C port inet address is 172.25.44.19 -- The P1 port inet address is 192.168.10.12

•The User LAN:

-- The SRX Series inet address is 192.168.5.1. -- The User LAN network is 192.168.5.0 / 24.

-- The attached SRX Series interface is ge-0/0/1.

-- HTTP/HTTPStraffic should be redirected to V10000.

6	Copyright © 2010, Juniper Networks, Inc.

V10000 specifications

Juniper Networks V10000 is a high-performance virtualized router designed to meet the demands of modern network environments. As enterprises and service providers increasingly adopt cloud-based infrastructures, the V10000 stands out as a robust solution that combines agility, scalability, and resilience.

One of the primary features of the V10000 is its ability to deliver high throughput while maintaining low latency. This is essential for organizations that require seamless data transmission for various applications, including video conferencing, cloud services, and mission-critical operations. The V10000 achieves this through its advanced packet processing technology, which optimizes traffic handling and ensures efficient data flow.

Another significant characteristic of the V10000 is its virtualization capabilities. Built on the principles of network function virtualization (NFV), the V10000 enables organizations to deploy and manage multiple virtual routers within a single physical device. This not only reduces hardware costs but also allows for easier scaling and management of network resources. By leveraging virtualization, organizations can dynamically allocate bandwidth and resources based on real-time demand, enhancing overall operational efficiency.

The V10000 also incorporates cutting-edge security features. With integrated firewall capabilities and support for various security protocols, it helps organizations protect their data from potential threats. Additionally, the V10000 enables deep packet inspection, allowing for granular visibility and control over network traffic, which is crucial for maintaining robust security postures.

Another notable technology integrated into the V10000 is its support for Software-Defined Networking (SDN). This allows organizations to programmatically manage their network resources, automate configurations, and optimize performance based on specific application requirements. SDN integration results in improved flexibility and reduced operational complexity, enabling IT teams to respond swiftly to changing business needs.

In terms of management and monitoring, the V10000 features advanced analytics tools that provide real-time insights into network performance. These tools help identify bottlenecks, track resource utilization, and ensure that the network operates at optimal levels. Furthermore, with cloud-based management options, administrators can manage the V10000 from anywhere, simplifying operations and allowing for speedy troubleshooting.

In summary, Juniper Networks V10000 is a powerful virtualized routing solution that combines high performance, robust security, and advanced management capabilities. Its virtualization features and support for SDN make it an ideal choice for organizations looking to enhance their network infrastructure while maintaining responsiveness and flexibility. As organizations continue to navigate increasingly complex network landscapes, the V10000 stands ready to support their evolving needs.