Solution Benefits

Juniper Scale-Out Security Services Solution is based on a scalable, distributed security architecture and design that fully decouples the forwarding and security services layers. This approach enables existing Juniper MX Series Router to act as an intelligent forwarding engine and load balancer with path redundancy capability. It leverages existing and future SRX Series Firewalls in standalone or high availability pairs to extend more capacity and resiliency.

Figure 1 shows automation and management for the provisioning and configuration of each element. However, the management framework is not described in this JVD. Junos OS configuration for MX Series Routers and SRX Series Firewalls is well known for its automation possibilities, and numerous methods that exist (from simple copy/paste to ansible with Jinja2 templates, etc.) and none is exposed here as each administrator may prefer their own method. Instead, Junos OS configuration is shared to explain their usage.

Also, central management with Security Director Cloud or Security Director on premise is proposed for managing the common security policies or objects on all the SRX/vSRX Series Firewalls. However, they are not required for using such Scale-Out solution. This simplifies the use of common security configurations for the security service layer.