[ Contents] [ Prev] [ Next] [ Index] [ Report an Error]

Security Features on SRX 210/240 Services Gateways

The following tables list security features that are supported on SRX 210 and SRX 240 services gateways.

Table 4: Zones

Feature

More Information

Security zone

Security Zone

Functional zone

Functional Zone

For information about the interfaces that are supported on your device, see the JUNOS Software Interfaces and Routing Configuration Guide.

Table 5: Flow

Feature

More Information

Flow-based processing

SRX 3400 and SRX 3600 Services Gateways Overview

Table 6: Security Policy

Feature

More Information

Address books

Configuring Address Books

Policy application sets

Policy Application Sets Overview

Schedulers

Configuring Schedulers

Policy applications

Understanding Internet-Related Predefined Policy Applications

Internet Control Message Protocol (ICMP) predefined policy application

Understanding the ICMP Predefined Policy Application

Internet-related predefined policy applications

Understanding Internet-Related Predefined Policy Applications

Microsoft predefined policy applications

Understanding Microsoft Predefined Policy Applications

Dynamic routing protocols predefined policy applications

Understanding Dynamic Routing Protocols Predefined Policy Applications

Streaming video predefined policy applications

Understanding Streaming Video Predefined Policy Applications

Sun remote procedure protocol (RPC) predefined policy applications

Understanding Sun RPC Predefined Policy Applications

Security and tunnel predefined policy applications

Understanding Security and Tunnel Predefined Policy Applications

IP-related predefined policy applications

Understanding IP-Related Predefined Policy Applications

Instant messaging predefined policy applications

Understanding Instant Messaging Predefined Policy Applications

Management predefined policy applications

Understanding Management Predefined Policy Applications

Mail predefined policy applications

Understanding Mail Predefined Policy Applications

UNIX predefined policy applications

Understanding UNIX Predefined Policy Applications

Miscellaneous predefined policy applications

Understanding Miscellaneous Predefined Policy Applications

Custom policy applications

Understanding Custom Policy Applications

Policy application timeouts

Understanding Policy Application Timeouts

Table 7: Firewall Authentication

Feature

More Information

Web authentication

Web Authentication

Pass-through authentication

Pass-Through Authentication

Local authentication server

Firewall User Authentication Overview

RADIUS authentication server

Firewall User Authentication Overview

LDAP authentication server

Firewall User Authentication Overview

SecurID authentication server

Understanding SecurID User Authentication

Table 8: Attack Detection and Prevention

Feature

More Information

Bad IP option

Understanding Bad IP Option Protection

Block fragment traffic

Blocking Fragmented ICMP Packets

FIN flag without ACK flag set protection

Blocking Packets with FIN Flag/No ACK Flag Set

ICMP flood protection

Understanding ICMP Flood Attacks

ICMP fragment protection

Understanding ICMP Fragment Protection

Large size ICMP packet protection

Understanding Large ICMP Packet Protection

Loose source route option

Blocking Packets with Either a Loose or Strict Source Route Option Set

IP record route option

Screen Options for Detecting IP Options Used For Reconnaissance

IP security option

Screen Options for Detecting IP Options Used For Reconnaissance

IP address spoof

Blocking IP Spoofing

IP stream option

Screen Options for Detecting IP Options Used For Reconnaissance

IP strict source route option

Blocking Packets with Either a Loose or Strict Source Route Option Set

IP address sweep

Understanding IP Address Sweeps

IP timestamp option

Screen Options for Detecting IP Options Used For Reconnaissance

Land attack protection

Understanding Land Attacks

Ping of death attack protection

Understanding Ping of Death Attacks

Port scan

Understanding Port Scanning

Source IP based session limit

Understanding Session Table Flood Attacks

SYN-ACK-ACK proxy protection

Understanding SYN-ACK-ACK Proxy Flood Attacks

SYN and FIN flags set protection

Blocking Packets with SYN and FIN Flags Set

SYN flood protection

Understanding SYN Flood Attacks

SYN fragment protection

Understanding SYN Fragment Protection

Teardrop attack protection

Understanding Teardrop Attacks

TCP packet without flag set protection

Blocking Packets with No Flags Set

Unknown protocol protection

Understanding Unknown Protocol Protection

UDP flood protection

Understanding UDP Flood Attacks

WinNuke attack protection

Understanding WinNuke Attacks

Table 9: Network Address Translation

Feature

More Information

Destination IP address translation

Destination IP Address Translation Overview

Static Network Address Translation (NAT)

Understanding Static NAT

Rule-based NAT

Understanding Rule-Based Destination NAT

Source IP address translation

Source IP Address Translation Overview

NAT interface source pools

Understanding NAT Interface Source Pools

Configuring proxy Address Resolution Protocol (ARP)

Configuring Proxy ARP

The following table applies only to the SRX 210 services gateway.

Table 10: Chassis Cluster

Feature

More Information

Chassis cluster formation

Understanding Chassis Cluster Formation

Active/active chassis cluster (that is, cross-box data forwarding over the fabric interface)

Understanding Chassis Cluster

Redundancy group 0 (backup for Routing Engine)

Redundancy Group 0: Routing Engines

Redundancy groups 1 through 128

Redundancy Groups 1 Through 128

Redundant Ethernet interfaces

Understanding Redundant Ethernet Interfaces

Control plane failover

Understanding the Control Plane

Data plane failover

Understanding the Data Plane

All JUNOS flow-based routing functionality

JUNOS Software Interfaces and Routing Configuration Guide

The following table applies only to the SRX 210 services gateway.

Table 11: ALGs

Feature

More Information

FTP Application Layer Gateway (ALG)

Configuring Application Layer Gateways—Quick Configuration

Trivial File Transfer Protocol (TFTP) ALG

Configuring Application Layer Gateways—Quick Configuration

The following table applies only to the SRX 210 services gateway.

Table 12: IPsec

Feature

More Information

Policy-based and route-based VPNs

Virtual Private Networks (VPNs) Overview

Tunnel mode

Packet Processing in Tunnel Mode

Authentication Header (AH) protocol

IPsec Security Protocols

Encapsulating Security Payload (ESP) protocol

IPsec Security Protocols

IKE phase 1

IPsec Tunnel Negotiation

IKE phase 2

IPsec Tunnel Negotiation

Manual key management

IPsec Key Management

Autokey management

IPsec Key Management

Antireplay (packet replay attack prevention)

Replay Protection

Dead peer detection (DPD)

Configuring an IKE Gateway (Standard and Dynamic VPNs)

Dynamic IPsec VPNs

Dynamic VPN Overview

The following table applies only to the SRX 210 services gateway.

Table 13: PKI

Feature

More Information

Internet Key Exchange (IKE) support

Internet Key Exchange

Entrust, Microsoft, and Verisign certificate authorities (CAs)

Understanding Certificates

Automatic generation of self-signed certificates

Understanding Self-Signed Certificates

Distinguished Encoding Rules (DER), Privacy-Enhanced Mail (PEM), Public-Key Cryptography Standard 7 (PKCS7), and X509 certificate encoding

Manually Loading a CRL onto the Device

Manual installation of DER-encoded and PEM-encoded CRLs

Manually Loading a CRL onto the Device

Online certificate revocation list (CRL) retrieval through LDAP and HTTP

PKI Management and Implementation

CRL update at user-specified interval

Understanding Certificate Revocation Lists


[ Contents] [ Prev] [ Next] [ Index] [ Report an Error]