Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

TechLibrary
Navigation  Back up to About Overview 

Download This Guide

New and Changed Features

This section describes the new features and enhancements to existing features in Junos Space Security Director Release 17.1.

  • VMWare NSX Integration—VMware NSX is network virtualization product by VMware. It integrates with vCenter and provides users the ability to create and manage logical networks without modifying the underlying physical network. NSX supports Distributed Firewall architecture. The VMWare distributed firewall currently supports only the basic firewall features such as Layer 2, Layer 3, and Layer 4. It does not provide advanced Layer 4 to Layer 7 security services which are critical to provide complete protection in a Software Defined Data Center (SDDC) environment.

    You can now add the vSRX Virtual Services Gateway as a partner security service in the VMware NSX environment. The vSRX works in conjunction with Junos Space Security Director and VMware NSX Manager to deliver a complete and integrated virtual security solution for your SDDC environment. The vSRX provides advanced security services, including IPS and application control and visibility services through AppSecure.

  • Custom Application Signatures—Application Identification supports defining your own custom application signatures and signature groups. Custom application signatures are unique to your environment and are not part of the predefined application package when you install them into the device. The custom application signatures are pushed to the device when you publish or update and subsequently, you can use them in the application firewall policy rules only.

    You can import the custom application signatures from a device and also push the created custom application signatures to a device, by using the publish and update workflow. The custom application signatures are supported in Junos OS Release 15.1X49.D40 and later.

  • Packet Capture—You can now use the Packet Capture tool to download the packets captured by the SRX Series devices corresponding to attacks and analyze these packets externally using tools such as Wireshark, tcpdump, tshark, and so on. The Packet Capture tool captures the data packet and helps you analyze the network traffic and troubleshoot network problems. The packet capture tool captures real-time data packets traveling over the network for monitoring and logging purposes. You must configure the SRX Series device to send the attack packets to the Junos Space Network Management Platform.

    Based on the pre-configured set of rules, SRX Series devices classify the packets as normal or an attack. When there is an attack, SRX Series device sends the attack packets to the Junos Space Network Management Platform which runs a load balancer bound with a virtual IP. You must configure the SRX Series devices with the virtual IP as the destination for forwarding captured packets. Junos Space Network Management Platform receives those packets and stores them. You can view the attack information and download packets that constitute the attack from the Security Director application.

    Note: Packet Capture is applicable only for IPS packets.

  • Captive Portal Support for Unauthenticated Browser Users—The SRX Series device now presents the user with a captive portal interface to allow the user to authenticate, when a user requests access to an SRX Series protected resource, using an HTTP or HTTPS browser.

    Junos Space Security Director supports Auth Only Browser and Auth User Agent parameters to give you high control over how HTTP or HTTPS traffic is handled.

  • IKE Path Fragmentation—IKEv2 message fragmentation now allows IKEv2 to operate in environments where IP fragments might be blocked and peers would not be able to establish an IPsec security association (SA). The IKEv2 fragmentation splits a large IKEv2 message into a set of smaller ones so that there is no fragmentation at the IP level.
  • Advanced User Identities Query Support—You can query for an advanced user identities from Juniper Identity Management Service (JIMS). JIMS provides a robust and scalable user identification and IP address mapping implementation that includes endpoint context and machine ID. JIMS collects advanced user identities from different authentication sources for SRX Series devices.

    Junos Space Security Director is used to push the JIMS configuration to SRX Series devices to help them query JIMS to obtain IP address or user mapping and device information. SRX Series devices generate the authentication entries for user firewall. However, SRX firewall authentication can also push the authentication entries to JIMS.

  • SSL Forward Proxy-New Cipher Support—The Elliptic Curve DHE (ECDHE) cipher suits are supported to enable the perfect forward secrecy on SSL forward proxy. The SSL forward proxy still uses RSA for authentication. However, it uses EC Diffie-Hellman ephemeral key exchange to agree on a shared secret.

    Supported ECDHE Cipher Suits are:

    • ECDHE-RSA-WITH-AES-256-GCM-SHA384
    • ECDHE-RSA-WITH-AES-256-CBC-SHA384
    • ECDHE-RSA-WITH-AES-256-CBC-SHA
    • ECDHE-RSA-WITH-AES-3DES-EDE-CBC-SHA
    • ECDHE-RSA-WITH-AES-128-GCM-SHA256
    • ECDHE-RSA-WITH-AES-128-CBC-SHA256
    • ECDHE-RSA-WITH-AES-128-CBC-SHA
  • Change Control Workflow—The Change Control workflow allows you to request an approval for a change to a firewall or a NAT policy. The system tracks dependencies across change requests and makes these dependencies and change requests visible to the firewall administrator.
    • Provides a direct correlation between a change ticket ID and its details and the associated firewall or NAT policy.
    • The policies that are modified within an activity (or configuration session) are locked from being modified within other activities. This prevents conflicting changes that could make a policy unstable. In addition, the changes you make within an activity are visible only within the activity. Other users see only the last approved committed configurations, unless they view your activity before you close it.
    • All the activities are tracked within the workflow. You can use this information to determine what changes were made and who made the changes.
    • Allows you to approve and deploy the change requests to the network irrespective of the order in which they are created.
  • Reporting Enhancements—The following predefined reports are added:
    • Antivirus—Displays a consolidated report on all antivirus events statistics.
    • URL Report—Displays a consolidated report on all the URL events statistics.
    • Application and User Usage—Displays a report on the bandwidth usage statistics by applications and users.
    • Threat Report—Displays the statistics related to top threats identified through IDP, Antivirus, Antispam, Screen, and Device Authentication failure events.
  • Additional Dashboard Widgets—The following new dashboard widgets are available:
    • Application Top Application by Volume—Displays top applications based on volume or bandwidth.
    • IP Top Source IPs by Volume—Displays top source IP addresses of the network traffic by volume or bandwidth.
    • IP Top Spams By Source IPs—Displays top source IP addresses for spams.
    • Web Filtering Top Blocked Websites—Displays blocked websites, sorted by count.
    • Virus Top Blocked—Displays blocked viruses, sorted by count.
    • IP Top Source IPs by Sessions—Displays top source IP addresses of the network traffic by sessions.

Modified: 2017-07-19

Previous Page Next Page