Use Case

Enterprise networks are exposed to many security risks. IT teams need to act rapidly to ensure that their networks have a sufficient level of security to protect the integrity and confidentiality of their organization’s data. In addition, there is a necessity for a cost-efficient, reliable, and resilient solution.

The implementation of SD-WAN is gaining momentum and some organizations are opting for a multi-vendor solution, where a number of networking devices are service-chained to provide the desired services. This comes at the cost of increased power consumption as well as an increase in the number of networking devices collocated on site. In addition to these challenges, the increase in expenses to operate and maintain multiple hardware and software platforms also becomes a challenge.

The NFX350 NextGen uCPEs enables IT teams to run cost-efficient, reliable, resilient, secure, and SD-WAN-enabled branch locations. NFX350 devices leverage virtualization as a vehicle to host services that have typically been provided by an on-site stand alone server. An example of such services is the network visibility and performance monitoring of the corporate users on-site. Network visibility and performance monitoring provides system administrators with valuable insights about the networks in branch locations to proactively mitigate the risks and cost associated with network down time. NFX350 service gateway also limits the power consumption to a single device.

NFX350 uCPE is a rack mountable 1U device, which ensures minimal real-estate occupation in branch offices. In addition to these advantages the NFX350 offers the well-adopted and widely-recognized SD-WAN features of Juniper Networks’ SRX series portfolio of products. The NFX350 uCPE provides an easy and convenient single point of management and supports both in-band and out-of-band management interfaces. The NFX350 also supports a variety of WAN technologies that includes LTE.

Figure 1: Typical Branch Office with Internet Connectivity

Figure 1 shows a typical branch office that has a connection to the Internet, either wired or wireless-over-cellular networks such as LTE. The Internet connection terminates at the NFX350 NextGen device.

The NFX350 uCPE provides next-generation firewall (NGFW) capability along with support for wired and wireless infrastructure to provide services to employees at the remote branch location that include:

• SD-WAN driven access to the Internet

• Next-generation firewall that offers:

  • Antivirus protection

  • Enhanced web filtering

  • Intrusion prevention system

  • Advanced application visibility and control

The network visibility and performance monitoring is typically provided by a Nagios XI server, which is run as a virtual machine on the NFX350 device. Nagios offers a number of architectures for large enterprises. In this particular case we deploy the federated monitoring model, whereby each branch location has one Nagios XI instance that does the monitoring of the devices in the LAN network. Furthermore, it sends alarms, notifications, and generated reports back to the Nagios XI instance in the central network operations center. This model ensures managing of secured networks, which do not allow for remote monitoring. Moreover, in case of a failure of the main Nagios instance in the NOC, the monitoring of the devices in the branch locations is not interrupted. Additionally, the majority of the network management traffic is terminated locally so that the monitoring of the LAN network does not occupy significant bandwidth on the WAN link. Figure 2 depicts the model of federated monitoring.

Figure 2: Federated Monitoring