Session Smart Router Branch Security Pack Overview

Demo Drop SD-WANAI & ML
Still image shows a presentation with the words Enhanced Security Pack for SSR on the top with an image of a sky scrapper with a green and blue circle around it in the middle.

In this overview we will discuss the features of the Session Smart Router Enhanced Branch Security Pack and show a demo of how it works.

Session Smart Routing Security Features without the Enhanced Branch Security Pack (00:12)
Security Features of the Enhanced Branch Security Pack (00:41)
Demo of the SSR Branch Security Pack (1:50)
Setting up IDP (2:21)
Setting up URL Filtering (3:41)

Show more

You’ll learn

  • Features that are included in the enhanced security pack of the Session Smart Router

  • How the enhanced security pack can help you with your SASE journey

Who is this for?

Security Professionals Network Professionals


0:00 hi everyone today I am going to discuss

0:03 with you the features that come in the

0:04 enhanced security pack for the session

0:06 smart router

0:08 without the enhanced security pack the

0:10 session smart router will still come

0:11 with powerful security features such as

0:14 its deny by default multi-hop

0:16 authentication approach for xero trust

0:18 security baked into the sd-wan fabric

0:21 the Adaptive encryption feature that

0:23 ensures your user experience is not

0:25 sacrificed as a result of needless

0:27 double encryption and overhead and the

0:29 ability to enforce directionality and

0:31 segmentation policy with a session aware

0:34 fabric that integrates secure Vector

0:36 routing or svr with zero trust access

0:38 control the enhanced security pack adds

0:41 more security features to your session

0:42 smart router such as URL filtering to

0:45 prevent access to and from specific

0:47 sites and IDP to protect against

0:49 Advanced malicious attacks these

0:52 features Leverage The Juniper IDP

0:53 signature database providing

0:55 state-of-the-art protection against the

0:57 most up-to-date vulnerabilities the

0:59 database contains definitions of attack

1:00 objects and application signatures

1:02 defined in the form of an IDP policy

1:05 rule set that is updated regularly

1:07 by automatically downloading the latest

1:09 definitions and application signatures

1:11 the SSR is able to provide cutting-edge

1:14 security solutions for your network when

1:16 discovered you can either have your

1:17 router alerted to the vulnerability or

1:19 block the traffic giving you the network

1:21 protection that you need without the

1:22 need to purchase additional Hardware

1:24 Juniper Networks wants to meet you where

1:26 you are when it comes to your network

1:27 security so the enhanced security pack

1:29 for the SSR can be deployed Standalone

1:31 or alongside an SRX series NG firewall

1:34 at your branch or data center offering

1:37 multiple layers of protection the

1:38 enhanced security pack can also be used

1:40 to help you with your sassy Journey

1:42 giving you protection in the branch or

1:43 data center before easily offloading

1:45 that traffic to an SSE such as the

1:47 Juniper secure Edge

1:49 in this video I want to show you a demo

1:52 of how the enhanced security pack for

1:53 the session smart router works

1:56 what you see here is the topology we are

1:58 going to use for our demo we have two

2:00 different axis groups or tenants

2:01 accessing our Ubuntu server in the data

2:04 center the group on the top is our Corp

2:06 tenant it does have IDP turned on and it

2:09 is not allowed to access any social

2:10 media

2:12 the group on the bottom is our guest

2:13 Wi-Fi tenant it does not have IDP

2:16 enabled and is allowed to access social

2:18 media

2:21 the first thing I am doing here is

2:22 creating an application called internet

2:24 IDP I am using

2:26 so that this application will be

2:30 a catch-all application if traffic hits

2:32 a such a smart router and it is not

2:34 headed to an application I have to find

2:36 then it will match this application

2:39 I am now going to my templates where I

2:41 will set up my routing policy

2:49 here are the two axis groups I mentioned

2:51 Corp and guest Wi-Fi

2:52 under application policies I am setting

2:55 up my routing rules here I am saying

2:57 that the Corp is allowed to access the

2:59 internet IDP application but it has to

3:01 go through the ssr's IDP to get to the

3:03 internet and we are doing strict

3:05 enforcement of our IDP rules for Corp

3:07 [Music]

3:10 now I'm going to jump into the CLI and

3:12 confirm that the IDP has been enabled on

3:14 my SSR

3:15 everything looks good here

3:17 okay now I'm going to send some nasty

3:19 traffic and jump into the Miss Cloud to

3:20 see if my SSR is a learning and blocking

3:22 that traffic

3:30 we can see here that it is doing exactly

3:32 that and if I click on the vulnerability

3:34 I go to a juniper threat Labs page with

3:36 more information about this particular

3:38 vulnerability

3:41 all right now let's look at the URL

3:43 filtering I'm going to create an

3:45 application to catch all social media

3:46 traffic as you can see here with the

3:49 session smart routers URL filtering all

3:51 I have to do is go to app category and

3:53 select social media you'll see that the

3:55 session smart router has a ton of apps

3:57 and app categories already defined for

3:59 you that you can just select from a list

4:03 next I go to my Global application

4:05 policy section and create a rule that

4:07 says that Corp is not allowed to access

4:08 social media

4:12 I just want to show you how this will

4:14 already get applied to my template and

4:15 since I made it a global rule

4:19 now we test it out on the right side I'm

4:22 using my guest Wi-Fi which as we saw at

4:24 the beginning is allowed to access

4:26 social media it has no problem getting

4:28 to Facebook

4:30 on the left side we see my Corp Network

4:32 which is blocked from accessing Facebook

4:34 so there you have it that is the

4:36 enhanced security pack which takes your

4:38 session smart router and adds NG

4:39 firewall features to it as we mentioned

4:42 this can easily be added to existing

4:43 deployments with or without SRX series

4:45 NG firewalls or sses like the Juniper

4:48 secure Edge

4:49 thank you for watching

Show more