Supported Features in CSDS

Stateful Firewall Services

The solution offers stateful firewall services offering an extra layer of security. It uses state information derived from past communications and other applications to make dynamic control decisions for new communication attempts. The firewall identifies the stateful firewall service flow using source address, source port, destination address, destination port, and protocol. The SRX Series Firewall enforces security policies to control transit traffic. The firewall determines which traffic can pass through the firewall and the necessary actions on the traffic as it passes through the firewall.

See Security Policies User Guide for Security Devices for more details.

IPsec VPN

The SRX Series Firewalls offer high-performance network security gateway solutions such as IPsec VPN with CSDS Architecture. As part of the IPsec VPN service, the solution offers encrypted tunnels for secure communications with IKE gateways. The solution supports the following features:

• Route-based VPNs
• Network Address Translation-Traversal (NAT-T)
• AutoVPN
• Remote Access VPN using Juniper Secure Connect
• Dead peer detection (DPD)
• PowerMode IPsec VPN
• Initiator mode VPN without load balancing or scale-out support. Ensure that the initiator and the responder do not coexist on the same group of SRX Series Firewalls.

See IPsec VPN User Guide for more details.

Carrier-Grade NAT

The CSDS Architecture provides carrier-grade NAT and Network Address Port Translation (NAPT) functionalities for translating IP and port addresses. The solution supports the following features:

• NAPT44
• NAPT44 with persistent-NAT
• NAPT44 with address-persistent
• Deterministic Network Address Translation (NAT) 44 (NAT44)
• NAT with policy
• NAT with port-vverloading
• NAT with hairpinning
• NAT with Application Layer Gateways (ALGs)

See Network Address Translation User Guide for more details.