Security Features on SRX3400, SRX3600, SRX5600, and SRX5800 Services Gateways

[ Contents] [ Prev] [ Next] [ Index] [ Report an Error]

The following tables list security features that are supported on SRX3400, SRX3600, SRX5600, and SRX5800 Services Gateways.

Table 32: ALGs

Feature	More Information
FTP Application Layer Gateway (ALG)	Configuring Application Layer Gateways—Quick Configuration
Trivial File Transfer Protocol (TFTP) ALG	Configuring Application Layer Gateways—Quick Configuration

Table 33: Attack Detection and Prevention

Feature	More Information
Bad IP option	Understanding Bad IP Option Protection
Block fragment traffic	Blocking Fragmented ICMP Packets
FIN flag without ACK flag set protection	Blocking Packets with FIN Flag/No ACK Flag Set
ICMP flood protection	Understanding ICMP Flood Attacks
ICMP fragment protection	Understanding ICMP Fragment Protection
Large size ICMP packet protection	Understanding Large ICMP Packet Protection
Loose source route option	Blocking Packets with Either a Loose or Strict Source Route Option Set
IP record route option	Screen Options for Detecting IP Options Used For Reconnaissance
IP security option	Screen Options for Detecting IP Options Used For Reconnaissance
IP address spoof	Blocking IP Spoofing
IP stream option	Screen Options for Detecting IP Options Used For Reconnaissance
IP strict source route option	Blocking Packets with Either a Loose or Strict Source Route Option Set
IP address sweep	Understanding IP Address Sweeps
IP timestamp option	Screen Options for Detecting IP Options Used For Reconnaissance
Land attack protection	Understanding Land Attacks
Ping of death attack protection	Understanding Ping of Death Attacks
Port scan	Understanding Port Scanning
Source IP based session limit	Understanding Session Table Flood Attacks
SYN-ACK-ACK proxy protection	Understanding SYN-ACK-ACK Proxy Flood Attacks
SYN and FIN flags set protection	Blocking Packets with SYN and FIN Flags Set
SYN flood protection	Understanding SYN Flood Attacks
SYN fragment protection	Understanding SYN Fragment Protection
Teardrop attack protection	Understanding Teardrop Attacks
TCP packet without flag set protection	Blocking Packets with No Flags Set
Unknown protocol protection	Understanding Unknown Protocol Protection
UDP flood protection	Understanding UDP Flood Attacks
WinNuke attack protection	Understanding WinNuke Attacks

Table 34: Chassis Cluster

Feature	More Information
Chassis cluster formation	Understanding Chassis Cluster Formation
Active/active chassis cluster (that is, cross-box data forwarding over the fabric interface)	Understanding Chassis Cluster
Redundancy group 0 (backup for Routing Engine)	Redundancy Group 0: Routing Engines
Redundancy groups 1 through 128	Redundancy Groups 1 Through 128
Redundant Ethernet interfaces	Understanding Redundant Ethernet Interfaces
Control plane failover	Understanding the Control Plane
Data plane failover	Understanding the Data Plane
All JUNOS flow-based routing functionality	JUNOS Software Interfaces and Routing Configuration Guide
ISSU Upgrading for Devices in a Chassis Cluster	Low-Impact ISSU Chassis Cluster Upgrades
Upstream Device IP Address Monitoring	Redundancy Group IP Address Monitoring

Table 35: Firewall Authentication

Feature	More Information
Web authentication	Web Authentication
Pass-through authentication	Pass-Through Authentication
Local authentication server	Firewall User Authentication Overview
RADIUS authentication server	Firewall User Authentication Overview
LDAP authentication server	Firewall User Authentication Overview
SecurID authentication server	Understanding SecurID User Authentication

Table 36: Flow-based and Packet-based Procesing

Feature	More Information
Combo-mode support (on SRX5600 and SRX5800—single SPC only)	SRX3400 and SRX3600 Services Gateways Overview
Flow-based processing	Flow-Based Processing
Packet-based processing	Packet-Based Processing
Datapath Debugging (SRX5600 and SRX5800 only)	Datapath Debugging

Table 37: Infranet Authentication

Feature	More Information
JUNOS Enforcers in Unified Access Control (UAC) deployments	Infranet Authentication

Table 38: Intrusion Detection and Prevention (IDP)

Feature	More Information
IDP Policy	IDP Policies Overview
Intrusion prevention system (IPS) rulebase	Defining Rules for an IPS Rulebase
Differentiated Services code point (DSCP) marking	Configuring DSCP in an IDP Policy
IDP signature database	Understanding the IDP Signature Database
Application identification	Understanding Application Identification
IDP logging	Understanding IDP Logging JUNOS Software Administration Guide
IDP monitoring and debugging	JUNOS Software CLI Reference
IDP SSL Inspection	IDP SSL Inspection
Performance and Capacity Tuning for IDP	Performance and Capacity Tuning for IDP Overview
Understanding Protocol Decoders	Understanding Protocol Decoders
Multiple IDP Detector Support	Multiple IDP Detector Support

Table 39: IPsec

Feature	More Information
Policy-based and route-based VPNs	Virtual Private Networks (VPNs) Overview
Tunnel mode	Packet Processing in Tunnel Mode
Authentication Header (AH) protocol	IPsec Security Protocols
Encapsulating Security Payload (ESP) protocol	IPsec Security Protocols
IKE phase 1	IPsec Tunnel Negotiation
IKE phase 2	IPsec Tunnel Negotiation
Manual key management	IPsec Key Management
Autokey management	IPsec Key Management
Antireplay (packet replay attack prevention)	Replay Protection
Dead peer detection (DPD)	Configuring an IKE Gateway (Standard and Dynamic VPNs)
XAuth extended authentication for remote access connections (SRX5600 and SRX5800 only)	Configuring an Access Profile for XAuth
VPN monitoring (SRX5600 and SRX5800 only)	Configuring VPN Global Settings (Standard VPNs)
VPN hub and spoke	Configuring Hub-and-Spoke VPNs

Table 40: Network Address Translation (NAT)

Feature	More Information
Destination IP address translation	Understanding Destination NAT
Static NAT	Understanding Static NAT
Rule-based NAT	Understanding NAT Rule Sets and Rules
Source IP address translation	Understanding Source NAT
Configuring proxy Address Resolution Protocol (ARP)	Configuring Proxy ARP
Disable source NAT port randomization	Disabling Port Randomization for Source NAT

Table 41: PKI

Feature	More Information
Internet Key Exchange (IKE) support	Internet Key Exchange
Entrust, Microsoft, and Verisign certificate authorities (CAs)	Understanding Certificates
Automated certificate enrollment using Simple Certificate Enrollment Protocol (SCEP)	Using Digital Certificates
Automatic generation of self-signed certificates	Understanding Self-Signed Certificates
Distinguished Encoding Rules (DER), Privacy-Enhanced Mail (PEM), Public-Key Cryptography Standard 7 (PKCS7), and X509 certificate encoding	Manually Loading a CRL onto the Device
Manual installation of DER-encoded and PEM-encoded CRLs	Manually Loading a CRL onto the Device
Online certificate revocation list (CRL) retrieval through LDAP and HTTP	PKI Management and Implementation
CRL update at user-specified interval	Understanding Certificate Revocation Lists

Table 42: Security Policy

Feature	More Information
Address books	Configuring Address Books
Policy application sets	Policy Application Sets Overview
Schedulers	Configuring Schedulers
Policy applications	Understanding Internet-Related Predefined Policy Applications
Internet Control Message Protocol (ICMP) predefined policy application	Understanding the ICMP Predefined Policy Application
Internet-related predefined policy applications	Understanding Internet-Related Predefined Policy Applications
Microsoft predefined policy applications	Understanding Microsoft Predefined Policy Applications
Dynamic routing protocols predefined policy applications	Understanding Dynamic Routing Protocols Predefined Policy Applications
Streaming video predefined policy applications	Understanding Streaming Video Predefined Policy Applications
Sun remote procedure protocol (RPC) predefined policy applications	Understanding Sun RPC Predefined Policy Applications
Security and tunnel predefined policy applications	Understanding Security and Tunnel Predefined Policy Applications
IP-related predefined policy applications	Understanding IP-Related Predefined Policy Applications
Instant messaging predefined policy applications	Understanding Instant Messaging Predefined Policy Applications
Management predefined policy applications	Understanding Management Predefined Policy Applications
Mail predefined policy applications	Understanding Mail Predefined Policy Applications
UNIX predefined policy applications	Understanding UNIX Predefined Policy Applications
Miscellaneous predefined policy applications	Understanding Miscellaneous Predefined Policy Applications
Custom policy Applications	Understanding Custom Policy Applications
Policy application timeouts	Understanding Policy Application Timeouts
Policy verification (SRX5600 and SRX5800 only)	Understanding Policy Ordering

Table 43: Session Logging

Feature	More Information
Getting information about sessions	Obtaining Information About Sessions
Session logging with NAT information	Information Provided in Session Log Entries

Table 44: Zones

Feature	More Information
Security zone	Security Zone
Functional zone	Functional Zone
For information about the interfaces that are supported on your device, see the JUNOS Software Interfaces and Routing Configuration Guide.

[ Contents] [ Prev] [ Next] [ Index] [ Report an Error]