vSRX Virtual Firewall for Azure Datasheet

In addition to public cloud and traditional virtualization use cases, the vSRX allows service providers and enterprises to deploy a secure SD-WAN fabric with edge defenses that are adaptable to any site’s individual needs, while also providing the flexibility to defend virtualized and service-oriented applications wherever they exist throughout the network.

Security Director can manage up to 25,000 SRX Series firewalls—whether physical, virtual, or containerized—from a single management instance. This allows organizations to use a single platform to manage, automate, and orchestrate network security, virtualization, and interconnectivity, from endpoint to edge and every cloud in between.

The vSRX on Azure can secure communications between workloads running in different virtual networks and/or an on-premises data center. The vSRX VPN capability allows for secure connectivity between virtual network peering in the same Azure region and global virtual network peering across Azure regions. This allows the vSRX to offer secure connectivity between Azure virtual networks without having to send data flows over the Internet, which minimizes cost, latency, and availability concerns.

vSRX Virtual Firewall can make use of multiple connectivity options to securely connect sites—whether virtual or physical—to the enterprise WAN fabric. Secure connectivity can be extended to include other data centers (such as collocation of third-party cloud deployments) that may need to securely communicate with the cloud workloads.

To access applications hosted in the Azure cloud, branch offices traditionally leverage connections back through corporate campus locations and then access the applications in Azure. In this situation, secure SD-WAN can be deployed at the branch and use vSRX on Azure to activate a more optimized solution for connectivity that goes directly to Azure, bypassing the need to access cloud applications through the campus network.

A vSRX deployed in Azure can act as an SD-WAN spoke or hub, offering secure access between campus and branch locations and Azure directly as part of a larger SD-WAN deployment. It can also act as the SD-WAN hub where it provides secure access to cloud resources hosted in Azure, becoming the central point for regionally based Internet breakouts. This allows vSRX on Azure to not only secure workloads, but also provide secure SD-WAN connectivity that fits changing business needs.

Firewalls protect workloads, but not all firewalls are created equal. With vSRX on Azure, customers can ensure policies are consistently deployed across their entire network, whether those workloads operate on premises, in the public cloud, or at the edge. Customers already using SRX Series firewalls in their networks can easily extend those policies to vSRX Virtual Firewall operating in the public cloud or elsewhere.

vSRX supports the creation and deployment of firewall policies using metadata tags, which facilitates security automation and reduces the number of rules required during initial implementation or ongoing maintenance. This metadata gives security administrators greater visibility by providing a full network view based on the metadata tags, meaning they are no longer limited to IP address-based rule management and filtering.

In addition to policy enforcement, the vSRX provides advanced security services, including IPS, antivirus, and anti-malware, to identify and block advanced threats targeting workloads hosted in the Azure cloud.

To secure communication and ensure workload segmentation on Azure, the vSRX can be deployed to enforce policies regarding which communications should be allowed between workload segments. The vSRX facilitates granular network segmentation and control by applying security policies at the virtualized workload level. From a security perspective, the more granular level at which a threat can be blocked, the more effective it will be containing the threat’s propagation.

Implementing nonintegrated legacy systems built around traditional firewalls and individual standalone appliances and software is no longer enough to protect against today’s sophisticated attacks. Juniper’s advanced security suite enables users to deploy multiple technologies to meet the unique and evolving needs of modern organizations and the constantly changing threat landscape. Real-time updates ensure that technologies, policies, and other security measures are always current.

The vSRX for Azure delivers a versatile and powerful set of advanced security services, including IPS, malware protection, app control, and content security.

IPS for vSRX for Azure controls access to IT networks, protecting systems from attack by inspecting data and taking actions such as blocking attacks as they are developing or creating a series of rules in the firewall. IPS tightly integrates Juniper’s applications security features with the network infrastructure to further mitigate threats and defend against a wide range of attacks and vulnerabilities.

Juniper Advanced Threat Prevention integrates with the vSRX for Azure to provide dynamic, automated protection against known malware and advanced zero-day threats, resulting in nearly instantaneous responses.

Juniper Networks AppSecure is a next-generation application security suite, delivering threat visibility, protection, enforcement, and control. This optional feature delivers powerful visibility and ongoing application tracking. With open signatures, unique application sets can be monitored, measured, and controlled to closely align with the organization’s business priorities.

The vSRX for Azure includes comprehensive content security against malware, viruses, phishing attacks, spam, and other threats with best-in-class antivirus, antispam, Web filtering, and content filtering features.

Juniper Secure Connect is a highly flexible SSL VPN application which provides secure access to corporate and cloud resources for employees working away from protected resources. This SSL VPN app is available for the most common operating systems and offers adaptable connectivity to any device anywhere, reducing risk by extending visibility and enforcement from users to the cloud.

For more information about Juniper Networks vSRX Virtual Firewall Bring-Your-Own-License (BYOL) for Azure, please visit https://www.juniper.net/us/en/products/security/srx-series/vsrx-virtual-firewall.html or contact your Juniper Networks sales representative. To activate a trial version of the vSRX for Azure, visit the Azure Marketplace at https://azuremarketplace.microsoft.com/en-us/marketplace/apps/juniper-networks.vsrx-next-generation-firewall-payg?tab=PlansAndPrice.

Customers who wish to purchase directly through the Azure Marketplace have two options to deploy vSRX pay-as-you-go (PAYG) for Azure, either as one-hour or one-year subscriptions.

At Juniper Networks, we are dedicated to dramatically simplifying network operations and driving superior experiences for end users. Our solutions deliver industry-leading insight, automation, security and AI to drive real business results. We believe that powering connections will bring us closer together while empowering us all to solve the world’s greatest challenges of well-being, sustainability and equality.

1000679 - 002 - EN SEPT 2022