Support for Security Features on SRX 5600 and SRX 5800 Services Gateways

[Contents] [Prev] [Next] [Index] [Report an Error]

The following tables list security features that are supported on SRX 5600 and SRX 5800 services gateways.

Table 4: Support Information: Zones

Feature	More Information
Security zone	Security Zone
Functional zone	Functional Zone
For information about the interfaces that are supported on your device, see the JUNOS Software Interfaces and Routing Configuration Guide.

Table 5: Support Information: Security Policy

Feature	More Information
Address books	Configuring Address Books
Policy application sets	Policy Application Sets Overview
Schedulers	Configuring Schedulers
Policy applications	Understanding Internet-Related Predefined Policy Applications
Internet Control Message Protocol (ICMP) predefined policy application	Understanding the ICMP Predefined Policy Application
Internet-related predefined policy applications	Understanding Internet-Related Predefined Policy Applications
Microsoft predefined policy applications	Understanding Microsoft Predefined Policy Applications
Dynamic routing protocols predefined policy applications	Understanding Dynamic Routing Protocols Predefined Policy Applications
Streaming video predefined policy applications	Understanding Streaming Video Predefined Policy Applications
Sun remote procedure protocol (RPC) predefined policy applications	Understanding Sun RPC Predefined Policy Applications
Security and tunnel predefined policy applications	Understanding Security and Tunnel Predefined Policy Applications
IP-related predefined policy applications	Understanding IP-Related Predefined Policy Applications
Instant messaging predefined policy applications	Understanding Instant Messaging Predefined Policy Applications
Management predefined policy applications	Understanding Management Predefined Policy Applications
Mail predefined policy applications	Understanding Mail Predefined Policy Applications
UNIX predefined policy applications	Understanding UNIX Predefined Policy Applications
Miscellaneous predefined policy applications	Understanding Miscellaneous Predefined Policy Applications
Custom policy Applications	Understanding Custom Policy Applications
Policy application timeouts	Understanding Policy Application Timeouts
Policy verification	Understanding Policy Ordering

Table 6: Support Information: Firewall Authentication

Feature	More Information
Web authentication	Web Authentication
Pass-through authentication	Pass-Through Authentication
Local authentication server	Firewall User Authentication Overview
RADIUS authentication server	Firewall User Authentication Overview
LDAP authentication server	Firewall User Authentication Overview
SecurID authentication server	Understanding SecurID User Authentication

Table 7: Support Information: Attack Detection and Prevention

Feature	More Information
Bad IP option	Understanding Bad IP Option Protection
Block fragment traffic	Blocking Fragmented ICMP Packets
FIN flag without ACK flag set protection	Blocking Packets with FIN Flag/No ACK Flag Set
ICMP flood protection	Understanding ICMP Flood Attacks
ICMP fragment protection	Understanding ICMP Fragment Protection
Large size ICMP packet protection	Understanding Large ICMP Packet Protection
Loose source route option	Blocking Packets with Either a Loose or Strict Source Route Option Set
IP record route option	SCREEN Options for Detecting IP Options Used For Reconnaissance
IP security option	SCREEN Options for Detecting IP Options Used For Reconnaissance
IP address spoof	Blocking IP Spoofing
IP stream option	SCREEN Options for Detecting IP Options Used For Reconnaissance
IP strict source route option	Blocking Packets with Either a Loose or Strict Source Route Option Set
IP address sweep	Understanding IP Address Sweeps
IP timestamp option	SCREEN Options for Detecting IP Options Used For Reconnaissance
Land attack protection	Understanding Land Attacks
Ping of death attack protection	Understanding Ping of Death Attacks
Port scan	Understanding Port Scanning
Source IP based session limit	Understanding Session Table Flood Attacks
SYN-ACK-ACK proxy protection	Understanding SYN-ACK-ACK Proxy Flood Attacks
SYN and FIN flags set protection	Blocking Packets with SYN and FIN Flags Set
SYN flood protection	Understanding SYN Flood Attacks
SYN fragment protection	Understanding SYN Fragment Protection
Teardrop attack protection	Understanding Teardrop Attacks
TCP packet without flag set protection	Blocking Packets with No Flags Set
Unknown protocol protection	Understanding Unknown Protocol Protection
UDP flood protection	Understanding UDP Flood Attacks
WinNuke attack protection	Understanding WinNuke Attacks

Table 8: Support Information: Network Address Translation

Feature	More Information
Destination IP address translation	Destination IP Address Translation Overview
Static Network Address Translation (NAT)	Understanding Static NAT on SRX-series Services Gateways
Rule-based NAT	Understanding Rule-Based Destination NAT on SRX-series Services Gateways
Source IP address translation	Source IP Address Translation Overview
NAT interface source pools	Understanding NAT Interface Source Pools
Configuring proxy Address Resolution Protocol (ARP)	Configuring Proxy ARP on SRX-series Services Gateways

Table 9: Support Information: Chassis Cluster

Feature	More Information
Chassis cluster formation	Understanding Chassis Cluster Formation
Active/passive chassis cluster (that is, no cross-box data forwarding over the fabric interface)	Understanding Chassis Cluster Formation
Redundancy group 0 (backup for Routing Engine)	Redundancy Group 0: Routing Engines
Redundancy groups 1	Redundancy Groups 1 Through 255
Redundant Ethernet interfaces	Understanding Redundant Ethernet Interfaces
Control plane failover	Understanding the Control Plane
Data plane failover	Understanding the Data Plane
All JUNOS flow-based routing functionality (except for IPsec VPN)	JUNOS Software Interfaces and Routing Configuration Guide

Table 10: Support Information: IPsec

Feature	More Information
Policy-based and route-based VPNs	Virtual Private Networks (VPNs)
Tunnel mode	Understanding IPsec Operational Modes
Authentication Header (AH) protocol	Understanding IPsec Security Protocols
Encapsulating Security Payload (ESP) protocol	Understanding IPsec Security Protocols
IKE phase 1	Understanding IPsec Tunnel Negotiation
IKE phase 2	Understanding IPsec Tunnel Negotiation
Manual key management	Understanding IPsec Key Management
Autokey management	Understanding IPsec Key Management
Antireplay (packet replay attack prevention)	Replay Protection
Dead peer detection (DPD)	Configuring an IKE Gateway and Peer Authentication
XAuth extended authentication for remote access connections	Configuring an Access Profile for XAuth
VPN monitoring	Configuring VPN Global Settings

Table 11: Support Information: PKI

Feature	More Information
Internet Key Exchange (IKE) support	Internet Key Exchange
Entrust, Microsoft, and Verisign certificate authorities (CAs)	Understanding Certificates
Automated certificate enrollment using Simple Certificate Enrollment Protocol (SCEP)	Using Digital Certificates
Automatic generation of self-signed certificates	Understanding Self-Signed Certificates
Distinguished Encoding Rules (DER), Privacy-Enhanced Mail (PEM), Public-Key Cryptography Standard 7 (PKCS7), and X509 certificate encoding	Manually Loading a CRL onto the Device
Manual installation of DER-encoded and PEM-encoded CRLs	Manually Loading a CRL onto the Device
Online certificate revocation list (CRL) retrieval through LDAP and HTTP	PKI Management and Implementation
CRL update at user-specified interval	Understanding Certificate Revocation Lists

Table 12: Support Information: ALGs

Feature	More Information
FTP Application Layer Gateway (ALG)	Configuring Application Layer Gateways—Quick Configuration
Trivial File Transfer Protocol (TFTP) ALG	Configuring Application Layer Gateways—Quick Configuration
H.323 ALG	Understanding the H.323 ALG
Media Gateway Control Protocol (MGCP) ALG	Understanding the MGCP ALG
Point-to-Point Tunneling Protocol (PPTP) ALG	Configuring Application Layer Gateways—Quick Configuration
REAL ALG	Table 72
Remote procedure call (RPC) ALG	Understanding the RPC ALG
Remote shell (RSH) ALG	Configuring Application Layer Gateways—Quick Configuration
Real-Time Streaming Protocol (RTSP) ALG	Configuring Application Layer Gateways—Quick Configuration
Skinny Call Control Protocol (SCCP) ALG	Understanding the SCCP ALG
Session Initiation Protocol (SIP) ALG	Understanding the SIP ALG
Structured Query Language (SQL) ALG	Configuring Application Layer Gateways—Quick Configuration
TALK ALG	Configuring Application Layer Gateways—Quick Configuration

Table 13: Support Information: IDP Policy

Feature	More Information
Intrusion Detection and Prevention (IDP) Policy	IDP Policies Overview
Intrusion prevention system (IPS) rulebase	Defining Rules for an IPS Rulebase
Exempt rulebase	Defining Rules for an Exempt Rulebase
Custom attacks	Understanding Custom Attack Objects
Differentiated Services code point (DSCP) marking	Configuring DSCP in an IDP Policy

Table 14: Support Information: IDP Signature Database

Feature	More Information
IDP signature database	Understanding the IDP Signature Database
Predefined policy templates	Using Predefined Policy Templates
Signature database—manual download	Updating the Signature Database Manually
Signature database—automatic download	Updating the Signature Database Automatically
Signature database version	Understanding the Signature Database Version

Table 15: Support Information: IDP Application Identification

Feature	More Information
Application identification	Understanding Application Identification
Service and application bindings	Understanding Service and Application Bindings
Application system cache	Understanding Application System Cache

Table 16: Support Information: IDP Logging

Feature	More Information
IDP logging	Understanding IDP Logging JUNOS Software Administration Guide

Table 17: Support Information: IDP SSL Inspectioon

Feature	More Information
IDP SSL Inspection	IDP SSL Inspection

[Contents] [Prev] [Next] [Index] [Report an Error]