Service Provider Security

Protect users, applications, and infrastructure by extending security to all points of connection across your network

With the acceleration of 5G, Internet of Things (IoT), and multicloud adoption, the security landscape is only growing more complex. Service providers need a strategy and toolset that aligns with impending or in-progress architectural transformation to stay ahead of the continual stream of new threats, without sacrificing network performance or diminishing the customer experience.

security service provider

99.9% Security Effectiveness

Juniper received an “AAA” rating in CyberRatings’ 2023 Enterprise Network Firewall Report, demonstrating a 99.9% exploit block rate with zero false positives.

Read report

How Juniper can help

Juniper Connected Security safeguards users, data, and infrastructure by extending threat intelligence to all connection points across your network. Leverage the network itself—including switches, routers, and access points; public and private cloud platforms; and third-party devices—to take an active role in protecting data across every point of connection—turning them into enforcement points and creating a threat-aware network.

Network professionals working on a mobile laptop standing workstation in a server / data center

Scale out like never before

Scale horizontally and elastically, regardless of form factor, and manage all firewalls as one logical unit for near-infinite scale without complexity. With Juniper's Connected Security Distributed Services Architecture, you can remove single points of failure and limitations associated with chassis size and form factor.

Network professional working in a dark office monitoring multiple monitor screens

Secure 5G cloud transformation

Juniper Networks® SRX Series Firewalls have a proven track record of delivering carrier-grade performance for next-gen firewalls and CGNAT for top global operators. With unified policy management across our physical, virtual, and container firewalls, wherever you are in your 5G cloud transformation journey, we guarantee that it’s always secure.

IT professional holding a mobile table in a server room

Inline DDoS protection

The Juniper and Corero joint distributed denial-of-service (DDoS) defense solution combines Juniper Networks MX Series and PTX Series Routers and software intelligence. It inspects traffic at the packet level while supporting infrastructure-based enforcement for real-time, automated DDoS mitigation with tens of terabits of throughput.

Two IT professionals working a dark office monitoring multiple monitor screens

AI-predictive threat prevention and integrated intelligence

Accurately predict threats, stop known and zero-day threats at line rate before they stop your business, and enable real-time threat intelligence for automatic, responsive traffic filtering anywhere in the network. Juniper SecIntel security intelligence extends to MX Series Routers to detect, block, and stop command-and-control (C&C) traffic discovered by the Juniper Advanced Threat Prevention (ATP) solution, Juniper Threat Labs, and custom blocklists, all at wire speed.

Random blue numbers and letters on a screen and padlock

Encrypted traffic insights

This feature of Juniper ATP Cloud uses SRX Series Firewalls to detect malicious botnet traffic that’s “going dark” via encryption, without decrypting it. You gain greater visibility and policy control over encrypted traffic without resource-intensive SSL decryption. No additional hardware or network changes to Juniper SRX Firewalls are required to use the feature.

User logging into VPN on a mobile tablet

Juniper Secure Connect

This client-based SSL VPN application allows you to securely access protected resources on the network. When combined with SRX Series Firewalls, Secure Connect helps organizations quickly establish dynamic, adaptable connectivity from devices anywhere across the globe. The application extends visibility and enforcement from client to cloud over VPN connections.

Related Solutions

5G Networks

Juniper’s open ecosystem approach to 5G unlocks the full power and potential of your network. We can help you reimagine your architecture, operations, and service experience to create new business value and compete in the coming decade.

Public Cloud Security

Accelerate public cloud adoption securely with simple deployment, consistent security, and unified management experience at every level: within workloads, between applications and instances, and across environments.

Resource Center

Learn More

Securing 4G to 5G Evolution with Juniper Connected Security

Service Provider Security FAQs

What is Juniper Connected Security?

Juniper Connected Security safeguards users, applications, and infrastructure by extending security to every point of connection, from client to cloud, across the entire network. It helps organizations build threat-aware networks to keep attackers at bay and keep the network clear for business-critical traffic.

What use cases does Juniper Service Provider Security support?

Juniper Service Provider Security supports seven use cases:

  1. Mobile security gateway (SEG)
  2. SGi/N6 firewall
  3. Carrier-grade NAT (CGNAT)
  4. Roaming firewall
  5. Distributed denial-of-service (DDoS) detection and mitigation
  6. Data center firewall
  7. Intra-data center/East-West traffic protection

What is a mobile security gateway?

A security gateway (SEG) is a high-performance IPsec tunneling gateway that connects the service provider’s Evolved Packet Core (EPC) to base stations (eNodeBs and gNodeBs) on the S1/NG interface and handles connections between base stations on the X2/Xn interface.

Security gateway IPsec functionality can protect traffic as it traverses mobile backhaul by establishing an encrypted, protected connection between the service provider’s base station and EPC network. The security gateway simplifies the provisioning burden for S1-MME and S1-U (NG-C and NG-U for 5G) traffic by being a central point of IPsec concentration. (See 5G Security Strategy Considerations to learn why a security gateway is important in 5G network deployments.)

What is an SGi/N6 firewall?

An SGi/N6 firewall is a firewall connected to the Evolved Packet Core (EPC)/5G Core (5GC) on a Gi LAN/N6 interface. It protects the packet core and user equipment (UE) endpoints against a variety of outside-in attacks, such as snooping and theft of information.

What is CGNAT?

Carrier-Grade Network Address Translation (CGNAT) performs address translation for many purposes, including:

  • Hiding topology so attackers cannot directly attack resources within the service provider’s network
  • Preventing IPv4 address exhaustion by mapping a large number of private IP addresses within a service provider’s network to a small number of public IP addresses
  • Connecting IPv6 endpoints within a service provider’s network to legacy IPv4 addresses on the public Internet

How does CGNAT protect your networks?

CGNAT provides address obfuscation and prevents bad actors from communicating with internal resources, such as customer devices and provider host servers, by hiding the source IP addresses of these devices from the outside world.

Watch “High-Performance CGNAT Solution with MX-SPC3” to learn how the Juniper MX-SPC3 advanced services card transforms the CGNAT infrastructure to deliver industry-leading performance, scale, and agility.

What is a roaming firewall?

A roaming firewall is a roaming gateway connecting the Evolved Packet Core (EPC) of the home network to the EPC of the visited network to handle roaming handover.

With a roaming firewall, networks are protected through a combination of security capabilities, including:

  • Encryption of GTP-C and GTP-U traffic with IPsec
  • Rate limiting of GTP-C traffic
  • Prevention of GTP-C-specific attacks
  • Signaling normalization and modification of GTP-C traffic, including 3GPP release interoperability

What is DDoS detection and mitigation?

A distributed denial-of-service (DDoS) attack is a malicious attempt to disrupt the normal traffic of a targeted server, service, or network by overwhelming the target or its surrounding infrastructure with a flood of Internet traffic.

Juniper’s DDoS detection and mitigation is an industry-leading volumetric DDoS firewall that provides real-time DDoS filtering capability at the industry’s fastest rate to prevent DDoS attacks within 5–10 seconds. (See Juniper and Corero Joint DDoS Protection Solution to learn more.)

What is Juniper Zero Trust Data Center Security?

Juniper Zero Trust Data Center Security protects hybrid data centers by operationalizing security and extending zero trust across networks to prevent threats with proven efficacy. It checks all incoming and outgoing traffic, so customers can validate and grant data center access to the right users and devices.

What are the features and benefits of Juniper Zero Trust Data Center Security?

Juniper Zero Trust Data Center Security solution helps with the following:

  • Centralized visibility and analytics for all applications and data, including encrypted data and infrastructure 
  • Consistent policies across firewalls (all form factors, from managing via a single UI to reducing operational complexity to allowing scalability)
  • Shared automation and intelligence at every point of connection across the entire infrastructure, making automated threat response a click away
  • Macro- and micro-segmentation to control who and what can access the network resources and reduce the attack surface while preventing lateral threat propagation
  • Advanced threat services that use the power of AI/ML to detect sophisticated threats and block them

 

(See the Juniper Zero Trust Data Center product portfolio to learn more.)

What is Juniper Intra-DC/East-West Traffic Protection?

Juniper Intra-DC/East-West Traffic Protection is security enforcement that prevents attackers from moving laterally inside on-premises or cloud data centers by creating microsegments that limit the impact of a successful attack.

Where can I get more technical information?

For security technical content and resources for service providers, visit the TechLibrary Connected Security page.

Demand more from your network
See what industry-leading AI and ML can do for you.

Gartner Magic Quadrant for Network Firewalls, by Rajpreet Kaur, Adam Hils, Thomas Lintemuth, 19, December, 2022.

Gartner Critical Capabilities for Network Firewalls, by Rajpreet Kaur, Adam Hils, 17 January 2022.

Gartner and Magic Quadrant are registered trademarks of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.

Gartner®, Magic Quadrant and Peer Insights™ are trademarks of Gartner, Inc. and/or its affiliates. All rights reserved. Gartner Peer Insights content consists of the opinions of individual end users based on their own experiences, and should not be construed as statements of fact, nor do they represent the views of Gartner or its affiliates. Gartner does not endorse any vendor, product or service depicted in this content nor makes any warranties, expressed or implied, with respect to this content, about its accuracy or completeness, including any warranties of merchantability or fitness for a particular purpose.

Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.