Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Understanding the Three-Tiered User Firewall Features

    Juniper Networks offers three tiers of user firewall. The three features have different characteristics that are appropriate in different environments. Figure 1 illustrates the relative security level of the three tiers. Table 1 compares them to help you decide which best suits your implementation.

    Figure 1: Three-Tiered User Firewall Features

    Three-Tiered User Firewall Features

    Table 1 describes the basic differences among the three features.

    Table 1: Comparison of User Firewall Features

    Integrated User FirewallUser Role FirewallUnified Access Control (UAC) Network Access Control (NAC)

    Passive authentication–Does not interact with client directly; polls the Active Directory for login information.

    Active authentication–Queries the client.

    End-to-end–Authenticates the user down to the access level where user connects, whether wired or wireless.

    Extent of Authentication

    Best effort.

    Deterministic–User is identified.

    Deterministic–User is identified.

    Where Enforced

    Enforced at firewall.

    Enforced at firewall.

    Enforced at access (switch or WiFi) and firewall.

    Devices Needed

    SRX Series

    SRX Series and MAG Series

    SRX Series and MAG Series

    Ideal Environments
    • Needs visibility into who is accessing the SRX Series
    • Small-to-medium business
    • Low-scale deployment
    • Security-conscious environments
    • Scales up to 50,000 users
    • Large-scale deployment
    • Interface for Metadata Access Points (IF-MAP) federation
    • You can upgrade to a higher tier if you choose. From integrated user firewall, simply add the MAG Series to get user role firewall. From there, add licenses to get full UAC NAC.
    • The three offerings provide maximum flexibility; they are supported on all SRX Series hardware platforms.

    Modified: 2016-09-21