Security Features on SRX 210/240 Services Gateways

[ Contents] [ Prev] [ Next] [ Index] [ Report an Error]

The following tables list security features that are supported on SRX 210 and SRX 240 services gateways.

Table 4: Zones

Feature	More Information
Security zone	Security Zone
Functional zone	Functional Zone
For information about the interfaces that are supported on your device, see the JUNOS Software Interfaces and Routing Configuration Guide.

Table 5: Flow

Feature	More Information
Flow-based processing	SRX 3400 and SRX 3600 Services Gateways Overview

Table 6: Security Policy

Feature	More Information
Address books	Configuring Address Books
Policy application sets	Policy Application Sets Overview
Schedulers	Configuring Schedulers
Policy applications	Understanding Internet-Related Predefined Policy Applications
Internet Control Message Protocol (ICMP) predefined policy application	Understanding the ICMP Predefined Policy Application
Internet-related predefined policy applications	Understanding Internet-Related Predefined Policy Applications
Microsoft predefined policy applications	Understanding Microsoft Predefined Policy Applications
Dynamic routing protocols predefined policy applications	Understanding Dynamic Routing Protocols Predefined Policy Applications
Streaming video predefined policy applications	Understanding Streaming Video Predefined Policy Applications
Sun remote procedure protocol (RPC) predefined policy applications	Understanding Sun RPC Predefined Policy Applications
Security and tunnel predefined policy applications	Understanding Security and Tunnel Predefined Policy Applications
IP-related predefined policy applications	Understanding IP-Related Predefined Policy Applications
Instant messaging predefined policy applications	Understanding Instant Messaging Predefined Policy Applications
Management predefined policy applications	Understanding Management Predefined Policy Applications
Mail predefined policy applications	Understanding Mail Predefined Policy Applications
UNIX predefined policy applications	Understanding UNIX Predefined Policy Applications
Miscellaneous predefined policy applications	Understanding Miscellaneous Predefined Policy Applications
Custom policy applications	Understanding Custom Policy Applications
Policy application timeouts	Understanding Policy Application Timeouts

Table 7: Firewall Authentication

Feature	More Information
Web authentication	Web Authentication
Pass-through authentication	Pass-Through Authentication
Local authentication server	Firewall User Authentication Overview
RADIUS authentication server	Firewall User Authentication Overview
LDAP authentication server	Firewall User Authentication Overview
SecurID authentication server	Understanding SecurID User Authentication

Table 8: Attack Detection and Prevention

Feature	More Information
Bad IP option	Understanding Bad IP Option Protection
Block fragment traffic	Blocking Fragmented ICMP Packets
FIN flag without ACK flag set protection	Blocking Packets with FIN Flag/No ACK Flag Set
ICMP flood protection	Understanding ICMP Flood Attacks
ICMP fragment protection	Understanding ICMP Fragment Protection
Large size ICMP packet protection	Understanding Large ICMP Packet Protection
Loose source route option	Blocking Packets with Either a Loose or Strict Source Route Option Set
IP record route option	Screen Options for Detecting IP Options Used For Reconnaissance
IP security option	Screen Options for Detecting IP Options Used For Reconnaissance
IP address spoof	Blocking IP Spoofing
IP stream option	Screen Options for Detecting IP Options Used For Reconnaissance
IP strict source route option	Blocking Packets with Either a Loose or Strict Source Route Option Set
IP address sweep	Understanding IP Address Sweeps
IP timestamp option	Screen Options for Detecting IP Options Used For Reconnaissance
Land attack protection	Understanding Land Attacks
Ping of death attack protection	Understanding Ping of Death Attacks
Port scan	Understanding Port Scanning
Source IP based session limit	Understanding Session Table Flood Attacks
SYN-ACK-ACK proxy protection	Understanding SYN-ACK-ACK Proxy Flood Attacks
SYN and FIN flags set protection	Blocking Packets with SYN and FIN Flags Set
SYN flood protection	Understanding SYN Flood Attacks
SYN fragment protection	Understanding SYN Fragment Protection
Teardrop attack protection	Understanding Teardrop Attacks
TCP packet without flag set protection	Blocking Packets with No Flags Set
Unknown protocol protection	Understanding Unknown Protocol Protection
UDP flood protection	Understanding UDP Flood Attacks
WinNuke attack protection	Understanding WinNuke Attacks

Table 9: Network Address Translation

Feature	More Information
Destination IP address translation	Destination IP Address Translation Overview
Static Network Address Translation (NAT)	Understanding Static NAT
Rule-based NAT	Understanding Rule-Based Destination NAT
Source IP address translation	Source IP Address Translation Overview
NAT interface source pools	Understanding NAT Interface Source Pools
Configuring proxy Address Resolution Protocol (ARP)	Configuring Proxy ARP

The following table applies only to the SRX 210 services gateway.

Table 10: Chassis Cluster

Feature	More Information
Chassis cluster formation	Understanding Chassis Cluster Formation
Active/active chassis cluster (that is, cross-box data forwarding over the fabric interface)	Understanding Chassis Cluster
Redundancy group 0 (backup for Routing Engine)	Redundancy Group 0: Routing Engines
Redundancy groups 1 through 128	Redundancy Groups 1 Through 128
Redundant Ethernet interfaces	Understanding Redundant Ethernet Interfaces
Control plane failover	Understanding the Control Plane
Data plane failover	Understanding the Data Plane
All JUNOS flow-based routing functionality	JUNOS Software Interfaces and Routing Configuration Guide

The following table applies only to the SRX 210 services gateway.

Table 11: ALGs

Feature	More Information
FTP Application Layer Gateway (ALG)	Configuring Application Layer Gateways—Quick Configuration
Trivial File Transfer Protocol (TFTP) ALG	Configuring Application Layer Gateways—Quick Configuration

The following table applies only to the SRX 210 services gateway.

Table 12: IPsec

Feature	More Information
Policy-based and route-based VPNs	Virtual Private Networks (VPNs) Overview
Tunnel mode	Packet Processing in Tunnel Mode
Authentication Header (AH) protocol	IPsec Security Protocols
Encapsulating Security Payload (ESP) protocol	IPsec Security Protocols
IKE phase 1	IPsec Tunnel Negotiation
IKE phase 2	IPsec Tunnel Negotiation
Manual key management	IPsec Key Management
Autokey management	IPsec Key Management
Antireplay (packet replay attack prevention)	Replay Protection
Dead peer detection (DPD)	Configuring an IKE Gateway (Standard and Dynamic VPNs)
Dynamic IPsec VPNs	Dynamic VPN Overview

The following table applies only to the SRX 210 services gateway.

Table 13: PKI

Feature	More Information
Internet Key Exchange (IKE) support	Internet Key Exchange
Entrust, Microsoft, and Verisign certificate authorities (CAs)	Understanding Certificates
Automatic generation of self-signed certificates	Understanding Self-Signed Certificates
Distinguished Encoding Rules (DER), Privacy-Enhanced Mail (PEM), Public-Key Cryptography Standard 7 (PKCS7), and X509 certificate encoding	Manually Loading a CRL onto the Device
Manual installation of DER-encoded and PEM-encoded CRLs	Manually Loading a CRL onto the Device
Online certificate revocation list (CRL) retrieval through LDAP and HTTP	PKI Management and Implementation
CRL update at user-specified interval	Understanding Certificate Revocation Lists

[ Contents] [ Prev] [ Next] [ Index] [ Report an Error]