Session Smart Router Branch Security Pack Overview
In this overview we will discuss the features of the Session Smart Router Enhanced Branch Security Pack and show a demo of how it works.
Session Smart Routing Security Features without the Enhanced Branch Security Pack (00:12)
Security Features of the Enhanced Branch Security Pack (00:41)
Demo of the SSR Branch Security Pack (1:50)
Setting up IDP (2:21)
Setting up URL Filtering (3:41)
You’ll learn
Features that are included in the enhanced security pack of the Session Smart Router
How the enhanced security pack can help you with your SASE journey
Who is this for?
Transcript
0:00 hi everyone today I am going to discuss
0:03 with you the features that come in the
0:04 enhanced security pack for the session
0:06 smart router
0:08 without the enhanced security pack the
0:10 session smart router will still come
0:11 with powerful security features such as
0:14 its deny by default multi-hop
0:16 authentication approach for xero trust
0:18 security baked into the sd-wan fabric
0:21 the Adaptive encryption feature that
0:23 ensures your user experience is not
0:25 sacrificed as a result of needless
0:27 double encryption and overhead and the
0:29 ability to enforce directionality and
0:31 segmentation policy with a session aware
0:34 fabric that integrates secure Vector
0:36 routing or svr with zero trust access
0:38 control the enhanced security pack adds
0:41 more security features to your session
0:42 smart router such as URL filtering to
0:45 prevent access to and from specific
0:47 sites and IDP to protect against
0:49 Advanced malicious attacks these
0:52 features Leverage The Juniper IDP
0:53 signature database providing
0:55 state-of-the-art protection against the
0:57 most up-to-date vulnerabilities the
0:59 database contains definitions of attack
1:00 objects and application signatures
1:02 defined in the form of an IDP policy
1:05 rule set that is updated regularly
1:07 by automatically downloading the latest
1:09 definitions and application signatures
1:11 the SSR is able to provide cutting-edge
1:14 security solutions for your network when
1:16 discovered you can either have your
1:17 router alerted to the vulnerability or
1:19 block the traffic giving you the network
1:21 protection that you need without the
1:22 need to purchase additional Hardware
1:24 Juniper Networks wants to meet you where
1:26 you are when it comes to your network
1:27 security so the enhanced security pack
1:29 for the SSR can be deployed Standalone
1:31 or alongside an SRX series NG firewall
1:34 at your branch or data center offering
1:37 multiple layers of protection the
1:38 enhanced security pack can also be used
1:40 to help you with your sassy Journey
1:42 giving you protection in the branch or
1:43 data center before easily offloading
1:45 that traffic to an SSE such as the
1:47 Juniper secure Edge
1:49 in this video I want to show you a demo
1:52 of how the enhanced security pack for
1:53 the session smart router works
1:56 what you see here is the topology we are
1:58 going to use for our demo we have two
2:00 different axis groups or tenants
2:01 accessing our Ubuntu server in the data
2:04 center the group on the top is our Corp
2:06 tenant it does have IDP turned on and it
2:09 is not allowed to access any social
2:10 media
2:12 the group on the bottom is our guest
2:13 Wi-Fi tenant it does not have IDP
2:16 enabled and is allowed to access social
2:18 media
2:21 the first thing I am doing here is
2:22 creating an application called internet
2:24 IDP I am using
2:26 0.0.0.0 so that this application will be
2:30 a catch-all application if traffic hits
2:32 a such a smart router and it is not
2:34 headed to an application I have to find
2:36 then it will match this application
2:39 I am now going to my templates where I
2:41 will set up my routing policy
2:49 here are the two axis groups I mentioned
2:51 Corp and guest Wi-Fi
2:52 under application policies I am setting
2:55 up my routing rules here I am saying
2:57 that the Corp is allowed to access the
2:59 internet IDP application but it has to
3:01 go through the ssr's IDP to get to the
3:03 internet and we are doing strict
3:05 enforcement of our IDP rules for Corp
3:07 [Music]
3:10 now I'm going to jump into the CLI and
3:12 confirm that the IDP has been enabled on
3:14 my SSR
3:15 everything looks good here
3:17 okay now I'm going to send some nasty
3:19 traffic and jump into the Miss Cloud to
3:20 see if my SSR is a learning and blocking
3:22 that traffic
3:30 we can see here that it is doing exactly
3:32 that and if I click on the vulnerability
3:34 I go to a juniper threat Labs page with
3:36 more information about this particular
3:38 vulnerability
3:41 all right now let's look at the URL
3:43 filtering I'm going to create an
3:45 application to catch all social media
3:46 traffic as you can see here with the
3:49 session smart routers URL filtering all
3:51 I have to do is go to app category and
3:53 select social media you'll see that the
3:55 session smart router has a ton of apps
3:57 and app categories already defined for
3:59 you that you can just select from a list
4:03 next I go to my Global application
4:05 policy section and create a rule that
4:07 says that Corp is not allowed to access
4:08 social media
4:12 I just want to show you how this will
4:14 already get applied to my template and
4:15 since I made it a global rule
4:19 now we test it out on the right side I'm
4:22 using my guest Wi-Fi which as we saw at
4:24 the beginning is allowed to access
4:26 social media it has no problem getting
4:28 to Facebook
4:30 on the left side we see my Corp Network
4:32 which is blocked from accessing Facebook
4:34 so there you have it that is the
4:36 enhanced security pack which takes your
4:38 session smart router and adds NG
4:39 firewall features to it as we mentioned
4:42 this can easily be added to existing
4:43 deployments with or without SRX series
4:45 NG firewalls or sses like the Juniper
4:48 secure Edge
4:49 thank you for watching
