Boost security in the cloud using Juniper vSRX

Juniper vSRX виртуальный фаервол для клиентов SIM-Cloud


One of the updates to the SIM-Cloud this summer is that you can install and use for 60 days a new trial version of a virtual vSRX firewall by Juniper, an enterprise-level solution designed to protect private, public and hybrid cloud infrastructures.


Juniper vSRX is a comprehensive enterprise-level solution with a virtual network firewall. Being the fastest virtual security platform these days, vSRX has a bandwidth of up to 100 Gbps, which facilitates scalable and reliable protection for high-performance applications.


Juniper vSRX is a network firewall specifically designed to be used in a cloud environment. It has a wide range of features and frames designed to protect a network infrastructure from penetration and various attacks: a hardware/firmware firewall that also has a fully-fledged IDP, an antivirus, a unified protection from UTM threats, special IPS tools, an antispam, AppSecure content and service filter (application visibility and control). vSRX can be managed both via a web interface and a router’s command line; besides, you can use Junos Space Virtual Director for automated initialization and life cycle management. It is possible to connect to virtual private networks and a routing feature in the form of an adaptive virtual machine running on Junos OS. Another helpful feature is Full HA – sessions are saved when you switch to a standby device.


In other words, Juniper vSRX has all the functionality available in the series of hardware firewalls, Juniper SRX. At the same time, due to its virtual nature, vSRX facilitates a perfect setup of IT security services with the flexibility and scalability necessary for cloud solutions.


We recommend Juniper vSRX to our clients whenever the needs of their infrastructure hosted in our SIM-Cloud pre-suppose huge enterprise-level loads, capacity and scalability. As of now, the Juniper vSRX solutions are the ones catering for the highest possible firewall performance per core – 17 Gbps and 4 Gbps for IMIX traffic for large packages. The performance can be scaled up to 100 Gbps, for IMIX traffic with 12 virtual central processors – 12 Gbps.


Starting July 2017, SIM-Networks’ customers can deploy a trial version of Juniper vSRX 15.1X59-D100.6 in the cloud for 60 days.


The new KVM version supports up to 17 vCPu and 32GB vRAM as well as PCI passthrough. There is a couple of advantages: virtualized input-output enables to pass-through devices on the PCI bus and similar buses into the guest OS in such a way that an operating system can work with them using its in-built tools. To do that, the logic gates of the system board utilize a special input-output memory management unit (IOMMU) that works like the MMU of the central processor using page tables and a special DMA remapping table (DMAR), which the hypervisor receives from BIOS via ACPI. A hypervisor needs to have DMA displayed to be able to create mapping tables using DMAR in such a way that a guest OS driver can see virtual IOMMU addresses just the same way as if it would see physical addresses without it and without a hypervisor.

Juniper vSRX - ISO-images

What’s new in the JUNIPER VSRX 15.1X59-D100.6 release:

  • vSRX OpenStack Cloud-Init Support
  • PPPoE Support
  • SSL Proxy Cipher Support Enhancements
  • FIPS for vSRX
  • IPv6 address validation is supported
  • On-Box Reporting for Traffic Logs

 

Key features:

  • Chassis Cluster/High Availability
  • Juniper NSM system is supported to track the statistics
  • Tier-3 routing functions are supported (OSPF, BGP (RR if there is a license)
  • Multicast traffic transfer, including but not limited to those within IPsec tunnels. PIM, IGMP
  • QoS Support


For more details of the release, visit the company’s website.


Another useful source is the list of features that are not yet supported.


Good news for SIM-Cloud IaaS users: starting July 2017, you can deploy an image of Juniper vSRX 15.1X59-D100.6 in your instance all by yourself and use it for 60 days as a trial version – that is, free of charge.


To deploy an instance with vSRX, your project should have at least 16 GB RAM, 4 vCPU and 16GB of disk space.


Please note that not all features are available in the trial version of the Juniper vSRX network firewall; besides, there is a number of limitations in the way the router operates. When the trial version expires in 60 days, you will have to buy a license; otherwise, the router will stop working. Besides, you will also require a license in case you’d like to have access to all features of vSRX.


The Juniper vSRX solution has various licenses catering for different features. The cost of a solution includes the cost of cloud resources and the license cost. You can obtain the necessary license in one of the following ways:

  • Directly from the vendor’s website (you will have to sign up);
  • By contacting SIM-Networks Customer Care – and one of our experts will help you.

Share this: