Juniper refreshes gateway range

Juniper has upgraded its range of gateways, offering routing, security and NAC with a single OS.

In what executives call its second most important technology release of the year behind Ethernet switches, Juniper Networks unveiled a series of gateways Monday that house high-performance network routing, multiple security functions and network access control (NAC), all running on a single operating system.

Most networking companies layer in separate boxes for various security functions and routing throughout the network. Others cram them all into one chassis with each running on a different operating system, causing latency, Juniper execs said.

"The conundrum in the industry has been, 'Do I want security or speed?' But it's imperative to have both," said Mark Bauhaus, Juniper's executive vice president of service layer technologies. "We're taking unnecessary layers out of the network."

The SRX 5600 and 5800 Dynamic Gateways -- which use the new Dynamic Services Architecture -- have a group of I/O cards and a pool of services cards that enable routing, firewall, intrusion prevention, virtual private network and NAC. Each card can be customized with services requested by the user. The architecture has a dedicated management engine and a terabit speed fabric.

Juniper says the firewall in the 5800 gateway is the fastest in the industry, scaling up to more than 120 Gbps, while the 5600 firewall scales to 60 Gbps. The SRX 5800 can also be configured to support more than 400 Gbps interfaces with choices of Gigabit Ethernet or 10 Gigabit Ethernet ports.

"This is an architecture that allows users to scale up and add services over time," said Michael Frendo, senior vice president of high-end security systems.

With this release, Juniper is aiming to address the strain on security architecture that has emerged since users have become increasingly distributed, applications more centralized and data centers more consolidated.

"Many have reacted by saying we should do away with the firewall, but this is flawed thinking. The firewall is not the problem, but rather how the firewalls are deployed and scaled," said Forrester Research analyst Robert Whiteley. "That's where I think Juniper is doing well. [With SRX] companies can migrate the firewalling function away from the perimeter -- which is not protecting applications anyway -- and push it back into the data center where the applications and data reside."

The SRX release is also Juniper's attempt to unify its disparate portfolio sets -- the core carrier and enterprise routing/switching lines and the security products that came though the 2004 acquisition of NetScreen. The SRX could additionally unify the Juniper channel, bringing security-focused partners into the high-performance networking portfolio fold, Bauhaus said.

Basing the SRX series on the JUNOS operating system is part of an overall strategy to move all Juniper equipment to one system. The NetScreen products run on a separate operating system. Juniper is using the unified operating system approach to attack competitors like Cisco Systems that employ multiple systems.

"We've seen customers with hundreds of operating systems in the same network," Frendo said.

For the channel, the SRX leaves room for adding services and capacity over time, as well as customization for vertical markets when it comes to compliance and security. But even from the initial sale, partners can provide customized design for each box depending on the user's need.

"There is a separate [pool of] I/O and service processing. So you can have a lot of I/O or a lot of services," Frendo said. "You can start with 10 [Gbps] and over time grow to over 100 either in I/O or services."

This yarn first appeared at

Read more on Network routing and switching