Juniper SRX Next-Generation Firewall Services

Protect against cyber attacks with comprehensive security

Organizations are in an arms race with cyber criminals, who constantly develop new exploits that evade detection and compromise defenses. These cyber attacks are highly effective and have enabled a multi-billion-dollar industry in which criminals sell a company’s intellectual property to the highest bidder. Security solutions that stay ahead of this continual escalation are crucial to protecting your business’s people, data, and infrastructure.

Juniper SRX Next-Generation Firewall Services

Juniper Next-Generation Firewall (NGFW) Services provide an array of cyber defenses to reduce your attack surface in this challenging environment. With the SRX Firewall at their foundation, NGFW Services safely allow the operation of critical applications and block advanced malware from entering your network. Available on all SRX platforms, Juniper SRX security services reduce the attack surface in real-time and stop cyber criminals before they can breach your organization’s defenses.

Identifying Application Risks

Juniper AppSecure, an NFGW Services component, is a suite of services that provides deep application visibility and control in your network:

  • AppTrack identifies applications on the network to assess their security risk and address user behavior. Contextual information helps you gain insight into which applications are permitted and the risk they may pose.
  • AppFW provides policy-based enforcement and control, blocking access to high-risk applications and enforcing user-defined policies. Reports on application bandwidth usage deliver further insight, and you can throttle any application traffic not sanctioned by the enterprise.

Protection from Network Borne Attacks

Juniper Intrusion Prevention System (IPS) and Sky Advanced Threat Prevention (ATP) work together to provide comprehensive threat detection and protection against known and unknown threats that use the network as an attack vector. The capabilities provide immediate protection from malicious malware. Continual monitoring for new exploits and vulnerabilities keeps protection up to date. The system immediately blocks threats on client and server systems inline before damage can take place.

Safeguards Against Malware

Although modern cyber criminals favor today’s sophisticated, turnkey techniques, they have not abandoned the tried and true approach of tucking malware into signature-based viruses and volume-based email. Integrated with Juniper SRX platforms, Sophos Live Protection combines cloud-based reputation intelligence with on-box horsepower to deliver lightweight and fast security.

Web Browsing Defense

The Web is full of deception designed to get unsuspecting users to click on malicious links that might install advanced malware. Attackers regularly compromise websites by tricking users into providing their user credentials. Juniper has partnered with Forcepoint to provide URL filtering that fights such attacks. The service is constantly and globally updated in real time to provide an always-current worldwide database of malicious URLs that protect against user compromise.

Avoiding Unauthorized Access and Use

Every user in an enterprise must be able to access certain applications to perform specific tasks. But allowing users unlimited access to corporate resources outside their sphere of responsibility can enable the proliferation of insider threats.

Juniper SRX User Firewall service restricts application usage on a per-user basis by tightly integrating with Microsoft Active Directory (AD) and the Lightweight Directory Access Protocol (LDAP). As a result, you gain visibility and control of application and network use segmented by user-defined roles, enabling secure access to authorized applications.


  • Advanced Application Visibility and Control - You can identify applications running on your network regardless of port, protocol, and encryption. This visibility lets you immediately block evasive applications inline at the SRX firewall.
  • Nested Application Support - You can accurately identify applications embedded in common network protocols such as HTTP or HTTPS traffic. This capability also provides visibility into and granular control over applications hidden inside encrypted SSL traffic.
  • User and Role-Based Policies - Tight integration with Microsoft AD and LDAP allow you to set and enforce user- and role-based security policies. Policy setting becomes simpler and more secure, because you reduce the number of policies needed to account for user location, IP address, and so on.
  • SSL Inspection - Inline decryption and inspection of inbound and outbound Secure Sockets Layer (SSL) connections at the SRX firewall provide visibility and protection against threats embedded in SSL encrypted traffic.
  • Junos OS Integration - Integration with Juniper’s operating system consolidates and optimizes services on SRX devices for maximum scale.