IMPLEMENTATION GUIDE - Juniper Networks SRX Series Services Gateways/Websense V10000

Introduction

A powerful new paradigm of Internet-enabled relationships is transforming businesses across the globe. Companies that embrace “Web 2.0” technologies empower effective and lasting connections with employees, customers,

and partners. These are powerful tools that can create and sustain competitive advantage—but the underlying technologies can also expose the business to complex and dynamic new risks. Juniper Networks® SRX Series Services Gateways, combined with Websense’s V10000 Web Security Gateways, help companies enjoy the benefits of Web 2.0 solutions while mitigating the associated security challenges with power, speed, and flexibility.

Scope

This document is targeted at system engineers, network administrators, and other technical audiences interested in designing and implementing Juniper Networks SRX Series Services Gateways with Websense TRITON V10000 Web Security Gateway appliances.

Design Considerations

Figure 1 illustrates a common network design solution using the SRX Series and V10000 appliances. The SRX Series is responsible for redirecting specific traffic from the User LAN --for example, HTTP/HTTPS --to the V10000 appliances. The network administrator configures the TRITON V10000 appliances to provide multi-vector inbound and outbound real-time content inspection to protect against malware and sensitive data loss. The policy-based user interface increases user productivity by basing privileges on user or group identity in your corporate user directory. The V10000 proxies user traffic to the Internet. When the user traffic is unauthorized based on protocol or dynamic website policy, the user’s browser is redirected to the “Block Page” served by the V10000.

The enterprise network includes the SRX Series and the Websense TRITON V10000 appliances in the “management” segment of the network, and the enterprise users are identified in the “User LAN” segment of the network. This deployment architecture leverages the flexibility of the SRX Series to securely separate the user traffic from the network administration of the SRX Series and the Websense security appliances.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

For the one V10000 appliance solution, three physical

 

INTERNET

 

 

 

 

 

ports are utilized: “C”, “P1,” and “N.” The “C” port of the

 

 

 

 

 

 

appliance is the management port through which the

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

administrator manages the appliance. The “C” port is also

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

the destination for the “Block Page” redirection. The “P1”

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

port is the proxy port of the V10000 that provides the

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Websense

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

real-time malware and dynamic website classification. The

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

V10000

SRX Series connects the V10000 to both the user LAN and

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

SRX

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

the Internet. The “N” port is used to provide application

 

 

 

 

 

 

 

 

 

Series

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

and Web protocol-specific blocking and bandwidth

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

V10000

 

 

 

 

 

 

 

L2 Switch

 

 

 

 

throttling. Over 120 Web protocols are recognized by

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

protocol “fingerprint” (this permits the identification

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

of applications such as Skype, BitTorrent, and Yahoo

 

 

 

 

 

 

 

 

 

 

 

 

USER LAN

 

 

 

 

 

Chat.) Malware “phone-home” communications are

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

also recognized and denied access to the Internet. To

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

implement this capability, a layer 2 switch is needed to

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

L2 Switch

 

 

 

 

 

 

 

 

 

 

 

 

 

 

mirror user traffic. When the P1 port allows user traffic,

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

the V10000 establishes a new traffic flow (proxy) via

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Figure 1: Reference network

the same P1 port. When traffic is not permitted, the

 

 

 

 

V10000 issues a redirect message via the P1 port to the

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

user browser. The user browser is redirected to a “Block Page” that is served by the V10000 at the C port. These two scenarios are illustrated in the following ladder diagrams.

Copyright © 2010, Juniper Networks, Inc.

3

Page 2 Page 4
Page 3
Image 3
Juniper Networks V10000 warranty Introduction, Scope, Design Considerations
Page 2 Page 4

V10000 specifications

Juniper Networks V10000 is a high-performance virtualized router designed to meet the demands of modern network environments. As enterprises and service providers increasingly adopt cloud-based infrastructures, the V10000 stands out as a robust solution that combines agility, scalability, and resilience.

One of the primary features of the V10000 is its ability to deliver high throughput while maintaining low latency. This is essential for organizations that require seamless data transmission for various applications, including video conferencing, cloud services, and mission-critical operations. The V10000 achieves this through its advanced packet processing technology, which optimizes traffic handling and ensures efficient data flow.

Another significant characteristic of the V10000 is its virtualization capabilities. Built on the principles of network function virtualization (NFV), the V10000 enables organizations to deploy and manage multiple virtual routers within a single physical device. This not only reduces hardware costs but also allows for easier scaling and management of network resources. By leveraging virtualization, organizations can dynamically allocate bandwidth and resources based on real-time demand, enhancing overall operational efficiency.

The V10000 also incorporates cutting-edge security features. With integrated firewall capabilities and support for various security protocols, it helps organizations protect their data from potential threats. Additionally, the V10000 enables deep packet inspection, allowing for granular visibility and control over network traffic, which is crucial for maintaining robust security postures.

Another notable technology integrated into the V10000 is its support for Software-Defined Networking (SDN). This allows organizations to programmatically manage their network resources, automate configurations, and optimize performance based on specific application requirements. SDN integration results in improved flexibility and reduced operational complexity, enabling IT teams to respond swiftly to changing business needs.

In terms of management and monitoring, the V10000 features advanced analytics tools that provide real-time insights into network performance. These tools help identify bottlenecks, track resource utilization, and ensure that the network operates at optimal levels. Furthermore, with cloud-based management options, administrators can manage the V10000 from anywhere, simplifying operations and allowing for speedy troubleshooting.

In summary, Juniper Networks V10000 is a powerful virtualized routing solution that combines high performance, robust security, and advanced management capabilities. Its virtualization features and support for SDN make it an ideal choice for organizations looking to enhance their network infrastructure while maintaining responsiveness and flexibility. As organizations continue to navigate increasingly complex network landscapes, the V10000 stands ready to support their evolving needs.
Top Page Image Contents