Juniper Networks Secure Services Gateway ... - West Coast Labs

Test Report April 2008 

Juniper Networks Secure 

Services Gateway (SSG) 

Product Family

Juniper Networks Secure Services 

Gateway (SSG) Product Family 

Vendor Details 

Name: Juniper Networks, Inc. 

Address: 1194 North Mathilda Ave 

Sunnyvale, CA 94089 

Telephone: Main: +1 (408) 745-2000 

Sales: +1 (866) 298-6428 

Fax: +1 (408) 745-2100 

Website: www.juniper.net 

Product: Juniper Networks Secure Services Gateway (SSG) Product 

Family: includes the SSG 5, SSG 20, SSG 140, SSG 300 Series and SSG 500 

Series. 

Test Laboratory Details 

Name: West Coast Labs, Unit 9 Oak Tree Court, Mulberry Drive 

Cardiff Gate Business Park, Cardiff, CF23 8RS, UK 

Telephone: +44 (0) 29 2054 8400 

Date: April 2008 

Issue: 1.0 

Authors: Richard Thomas, Michael Parsons, Rob Tanner 

Contact Point 

Contact name: Richard Thomas 

Contact telephone number: +44 (0) 29 2054 8400 

www.westcoastlabs.com 

2



Contents 

Product Information 4 

Test Report Executive Summary 6 

West Coast Labs Conclusion and Certification Information 8 

The Latest Enhancements to Juniper Networks Secure Services 

Gateway (SSG) Product Family 9 

Noteworthy Product Features 10 


3



Product Information 

Development Statement 

The Secure Services Gateway Family delivers an ideal blend of 

performance and UTM security with LAN and WAN connectivity for remote 

branch and regional offices and small to large-sized enterprises. 

SSG 5 and SSG 20: 

http://www.juniper.net/products_and_services/firewall_slash_ipsec_vpn/ 

ssg_5_slash_ssg_20/ 

SSG 140: 


ssg_140/index.html 

SSG 320M and SSG 350M: 


ssg_300_series/index.html 

SSG 520M and SSG 550M: 


ssg_500_series/index.html 


4



Business/Technical Benefits 

The SSG family is a best-in-class routing and security platform based on 

the same powerful ScreenOS software powering all NetScreen firewalls. It 

delivers wire-speed multi-layered security enforcement, protecting missioncritical 

applications and corporate networks from internal and external 

attacks such as worms, viruses, Trojans, and spyware. Modular flexibility and 

integrated security reduce the cost and complexity of security services. 

A SSG may be deployed as a stand-alone network protection device or a 

secure router. This helps reduce IT capital and operational expenditures for 

installation, management, maintenance, etc. 

The SSG platforms deliver comprehensive and high-performance security 

with resilient high-availability capabilities. 


5



Test Report Executive Summary 

For a product with so much security 

functionality, configuration is a simple 

process, completed in just a few 

minutes. From that point onward, all 

device configuration actions can be 

performed using the inbuilt, intuitive 

web interface. 

Once authenticated and logged 

in, the default web page provides a 

helpful, at-a-glance summary showing 

the present condition of the device. 

This page can be set to refresh at predefined intervals, providing 

a constantly updating on-screen status summary. 

Basic essential configuration tasks are carried out with minimum effort. 

Report and logging settings are fast and simple to configure, with 

an extensive variety of options available. 

For certification testing, the unit was deployed with a trusted interface 

connected to the internal network, an untrusted interface connected 

to the external network, a DMZ configured interface connected 

to the DMZ network and a VPN gateway linking the internal 

and remote networks. Setting up the required network interfaces and 

the VPN was fast and the simple processes were aided by the comprehensive 

online help system and the included documentation. 

Fine-grained control over zones, policies, objects, users, groups, protocols, 

services, and source and destination IP addresses combine with 

the advanced screening, profile, and filtering options to help ensure 

the security of both the device and the trusted network it protects. 


6



It was simple to setup and activate a profile that successfully screens 

and filters out malicious web and email traffic using the internal antivirus/anti-spyware 

engine. A new feature of the product is the customized 

HTTP trickling for malware scanning. Setting up the anti-spam 

profile proved equally easy. It proved to be effective and detailed, 

with the ability to configure custom white and black list entries. 

By default, firewall settings were configured to allow certain outbound 

services through the device. This ensures that increasingly essential 

business tasks, such as web browsing from the trusted network, 

are available out-of-the-box. 

The SSG 520 showed its mettle in firewall, VPN & IPS testing, which 

used a variety of real-world port probes and attacks. The unit continued 

to allow legitimate traffic flow, while blocking every attempted 

incursion across a broad range of demanding tests. 

Web content filtering was setup by simply selecting the appropriate 

filtering technology from the management interface. The filtering 

technology proved extremely effective, successfully blocking all inappropriate 

web traffic during the test. 


7



West Coast Labs Conclusion and Certification 

Information 

Conclusion 

An extremely robust, easy to administer device, with advanced 

protection and security functionality, the SSG product family delivers 

comprehensive security with the ability to consolidate, deliver and 

reduce IT costs. 

Certification 

The Juniper Networks SSG product family is tested and 

accredited to the UTM Checkmark Level 5 certification, 

which includes Anti-Virus, Anti-Spyware, Firewall, VPN, 

IPS, Anti-Spam and URL Filtering. 

wwww.check-mark.com 


8



The Latest Enhancements to Juniper Networks Secure 

Services Gateway (SSG) Product Family 

• Expanded the UTM product portfolio to include the SSG 300 Series for 

medium-sized branch/ regional offices and enterprises. 

• Added antivirus scanning for IM applications (AOL, Yahoo, MSN, ICQ) 

• Enhanced logging for web filtering feature 

• Customized HTTP trickling for AV scan: This feature provides the 

device administrator with the ability to configure a threshold for data 

sent through the device. The threshold prevents browser timeouts on 

slow-speed links while the data is being scanned by the internal AV 

engine. 


9



Noteworthy Product Features 

• Proven security and LAN/WAN routing functionality that provides the 

ability to consolidate devices and reduce IT expenditures 

• Comprehensive set of Unified Threat Management (UTM) security 

features to protect against network and application-level attacks 

while simultaneously stopping content-based attacks. UTM security 

features include: 

• Stateful inspection firewall to perform access control and stop 

network-level attacks 

• IPS (Deep Inspection firewall) to stop application-level attacks 

• Best-in-class anti-virus based on the Kaspersky Lab scanning 

engine that includes anti-phishing, anti-spyware and anti-adware 

protection to stop viruses, Trojans and other malware before they 

damage the network 

• Anti-Spam via a partnership with Symantec to block known 

spammers and phishers 

• Web Filtering using SurfControl to block access to known malicious 

websites or inappropriate web content 

• Site-to-Site IPSec VPN to establish secure communications between 

offices 

• Denial of Service (DoS) mitigation capabilities 

• Application Layer Gateways for H.323, SIP, SCCP and MGCP to 

inspect and protect VoIP traffic 

• Variety of LAN and WAN interface options 

• Auto-Configure VPN (AC VPN) allows for automatic set-up and takedown 

of VPN tunnels between remote offices in hub-and-spoke 

topologies 

• IPv6 support 

• Multiple high-availability options with sub-second failover between 

interfaces or devices 

• Network segmentation, dynamic routing and multiple deployment 

modes simplify network integration and deployment of internal 


10



security 

• Customizable security zones to increase interface density without 

additional hardware expenditures, lower policy creation costs, 

contain unauthorized users and attacks, and simplify management 

of firewall/VPNs 

• Management through graphical Web UI, CLI, or the NetScreen 

Security Manager central management system 

• Policy-based management to allow centralized, end-to-end lifecycle 

management 


2

US SALES 

T +1 717 243 5575 

EUROPE SALES 

T +44 (0) 29 2054 8400 

GLOBAL HEADQUARTERS 

West Coast Labs 

Unit 9 Oak Tree Court 

Mulberry Drive 

Cardiff Gate Business Park 

Cardiff CF23 8RS, UK 

T +44 (0) 29 2054 8400 

F +44 (0) 29 2054 8401 

E info@westcoast.com 

W www.westcoastlabs.com

Juniper Networks Secure Services Gateway ... - West Coast Labs

Create successful ePaper yourself

Delete template?

Save as template?