Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


Next-Generation Security Features


SRX Series Services Gateways support next-generation firewall protection with application-aware security services, intrusion detection and prevention (IDP), a role-based user firewall, and unified threat management (UTM) to achieve end-to-end security.

Table 1 describes the security features and their intended uses.

Table 1: Next-Generation Security Features

Security Feature

Intended Use

Firewall User Authentication

Firewall user authentication provides another layer of protection in the network by restricting or permitting users individually or in groups.

Firewall user authentication protects the network by controlling who and what can access to the network. It minimizes policy management complexity with user-based and role-based firewall controls.

For details, see the Junos OS User Authentication Guide for Security Devices.

Intrusion Prevention

Intrusion detection and prevention (IDP) features enable you to selectively enforce various attack detection and prevention techniques on network traffic passing through an IDP-enabled device.

IDP provides protection against network-based exploit attacks aimed at application vulnerabilities.

For details, see the Junos OS Intrusion Detection and Prevention (IDP) Feature Guide for Security Devices.


AppSecure is a suite of application security capabilities that identifies applications for greater visibility. It utilizes advanced application identification and classification to deliver greater visibility, enforcement, control, and protection over the network.

AppSecure detects application behaviors and weaknesses that prevent application-borne security threats that are difficult to detect and stop.

The following AppSecure service modules can be configured to monitor and control traffic for tracking, prioritization, access control, detection, and prevention based on the application ID of the traffic:

  • AppID–Provides application visibility and control over each application that is allowed to communicate on the network.

  • AppTrack–Simplifies application visibility and control.

  • AppFW–Stops users from visiting inappropriate web sites or inadvertently downloading spyware and other malicious applications from known sites.

  • AppQoS–Prioritizes traffic based on application type and limits the amount of bandwidth an application can consume.

  • SSL Proxy- SSL proxies provide encryption and decryption by residing between the server and the client. With the implementation of SSL proxy, AppID can identify applications encrypted in SSL. SSL proxy can be enabled as an application service in a regular firewall policy rule. IDP, application firewall, and application tracking services can use the decrypted content from SSL proxy.

For details, see the Junos OS AppSecure Services Feature Guide for Security Devices.


UTM enables a business to protect itself from spam, viruses, worms, spyware, trojans, and malware. With UTM, you can implement a comprehensive set of security features that include:

  • Antispam–This protects against malware at the desktop, gateway, and server levels.

  • Web filtering–Web filtering stop users from visiting inappropriate websites or inadvertently downloading spyware and other malicious applications from known sites and ensures productivity and policy compliance.

  • Antivirus–This prevents spam messages and malicious content.

  • Content filtering–Content filtering provides basic data loss prevention functionality.

For details, see the Junos OS UTM Feature Guide for Security Devices.