Next-Generation Firewall Services

Next-generation firewalls (NGFWs) go beyond the traditional firewall, perform full-packet inspection, and apply application-specific and user-specific security policies. A traditional firewall regulates traffic based on source, destination, port, and protocol. NGFWs allow you to create security policies based on the applications observed in your network and the user receiving or sending traffic to examine the content traversing your network. They offer application visibility and control, provide exploit or vulnerability protection with an intrusion prevention system (IPS), and block known and unknown threats using antimalware and URL filtering capabilities to secure web access.

Juniper Networks SRX Series NGFWs offer a wide range of high-performance and high-efficacy models with flexible deployment options for enterprises of all sizes.

Juniper Networks SRX Series Firewalls deliver integrated next-generation firewall (NGFW) protection services with application awareness, user identity, and content inspection for all deployments—physical, virtual, containerized, and as a Service. Below are some of the benefits of leveraging advanced security services in the firewall:

• Comprehensive security delivered from the firewall
• Protection from network exploits and vulnerabilities, known threats and malware, advanced threats, and web-based threats 
• Centralized management and visibility of network traffic
• Lower total cost of ownership (TCO) by consolidating network protection 

Next-generation firewalls provide robust security services for protecting your critical networks and cloud-based infrastructures from malicious actors.

NGFWs are well suited for enterprises looking for granular control and visibility from client to workload. These organizations want to enable additional security services to combat known and unknown threats, including application identification, user identification, protection from network and application exploits, malware detection and prevention, and URL filtering, including blocking malicious websites.

SRX Series Next Generation Firewalls can be deployed at the data center, campus, or edge with appropriate policies configured to inspect traffic. Models vary based on traffic, application mix, features required, and performance needs. These firewalls can be deployed inline or in TAP mode.

You can also leverage Juniper Secure Edge, a Firewall as a Service (FWaaS) that provides all NGFW features as a service, delivered via Juniper’s managed cloud.

In addition, you can easily manage and deploy security policies from a single UI across all your environments using Juniper Security Director Cloud.

A next-generation firewall can be deployed for multiple use cases based on your organization's needs. Some possible use cases are:

• Network access control (NAC): Control who has access to the network and what they can access
• Application visibility and control: Provide visibility and control over the types of applications traversing the network
• Intrusion prevention (IPS): Protect from network exploits and vulnerabilities
• Malware protection: Protect the network from malware attacks such as viruses, worms, and trojans
• Content filtering: Filter content based on predetermined criteria
• Web filtering: Inspect Web requests for suspicious activity and blocking malicious requests
• Advanced Threat Prevention (ATP): Protect against zero-day threats

Juniper offers a three-tiered licensing subscription model, so you can choose the tier that best suits your needs and unlocks the greatest value for your investment.

The three primary software bundle subscriptions are:

1. Standard: Includes routing, firewall, switching, NAT, VPN, and MPLS
2. Advanced:  
   1. Advanced 1 – Includes IPS, Application Security, and Security Intelligence (SecIntel)
   2. Advanced 2 – Includes IPS, Application Security, Security Intelligence (SecIntel), URL filtering, Cloud Antivirus and Antispam
   3. Advanced 3 – Includes IPS, Application Security, Security Intelligence (SecIntel), URL filtering, On-box Antivirus and Antispam
3. Premium: Augments the protection offered by the corresponding advanced tier with cloud-delivered security services from Advanced Threat Prevention Cloud (ATP Cloud)

Contact your Juniper sales representative to discuss the appropriate license tier for your network.

NGFW features depend on the Junos® OS version, so keep your SRX Series Firewall updated with the latest OS and signatures for the best threat protection. Make sure that the device has valid security subscription licenses for the feature. SRX Series Firewalls comes pre-bundled with perpetual software but requires security subscription licenses for advanced security services.

You can refer to Juniper's quick start and deployment guides to deploy your NGFW. This guide shows how to configure a Next-Generation Firewall on SRX Series devices. You can also refer to our Day One guide for configuring advanced security services on SRX Series.

Additional quick start and deployment guides for your specific Juniper SRX model can be found using our Quick Start search tool.

Additionally, Juniper has a full slate of training and professional services to meet your needs. Consult your Juniper sales representative for more information.

We highly recommend upgrading your SRX Series Firewall to the latest release of OS to use the latest features, vulnerability support, and threat intelligence. For Junos OS, refer to our Junos OS Software Installation and Upgrade Guide documentation in the TechLibrary.

For Junos OS Evolved (EVO), refer to our Junos OS Evolved Software Installation and Upgrade Guide documentation in the TechLibrary.