Welcome to World of MSPL!!!

Today, the most challenging part is not good product but to get good Partner who can give good technical support, design good solution can help to develop total IT Solution. Most of the customers are dependent on Vendor, getting good product but are not able to utilize the investment, not getting technological updates on regular basis. When a problem with IT infrastructure occurs, nothing is more frustrating than having to deal with someone who does not understand your problem, or who does not have the relevant information to hand to resolve the issue – especially in an emergency situation

Products: Information Security » NAC Solution » Juniper » Juniper Unified Access Control

Juniper

Juniper ISG Series

Unified Access Control (UAC) is a standards-based, scalable network access control solution that reduces network threat exposure and mitigates risks. This network access control solution protects your network by guarding mission-critical applications and sensitive data, identity-enabling your network security, and providing comprehensive network access control, visibility, and monitoring.

Unified Access Control reduces the cost and complexity of delivering and deploying granular, identity-enabled network access control from the branch to the corporate data center. This network access control solution addresses most network access control challenges, including insider threats, guest access control, outsourcing, and off-shoring, and regulatory compliance.

Unified Access Control is based on industry standards (802.1X, RADIUS, and IPSec) and open standards (Trusted Network Connect standards), including the TNC's open standard IF-MAP, which empowers Unified Access Control to integrate with third-party network and security devices.

  • Delivers a platform that intelligently quarantines non-compliant users and devices and extends automatic remediation capabilities
  • Maps devices dynamically to an access role upon remediation
  • Enables the automatic quarantine and remediation of devices that do not meet policy prior to allowing them onto the network and during their network session
  • Integrated, multi-service network client that enables anytime, anywhere connectivity, security and acceleration with a simplified user experience
  • When deployed as the client for UAC, delivers dynamic, granular identity- and role-based local access control
  • Leverages existing 802.1X client/supplicant native to Microsoft Windows to deliver Layer 2 access control
  • Delivers Layer 3 authentication and IPsec tunneling with Juniper firewalls and SRX Series Services Gateways
  • Supports Microsoft Windows XP, Vista (32- and 64-bit) and Windows 7 (32- and 64-bit)
  • Agent-less deployment with cross-platform support
  • Agent-less mode web landing page may be customized
  • Delivers industry-leading, dynamic antispyware/ antimalware protection from market-leader Webroot which, before authentication, scans the memory, registry & load points of an endpoint device for spyware, keyloggers & other malware
  • Provides device patch assessment checks through OEM integration of Shavlik Technologies' Shavlik NetChk® Protect predefined patch assessment technologies, including endpoint inspection for targeted operating system or application hot fixes
  • Spyware signatures automatically downloaded and updated
  • Works with all Windows-based UAC Agents and Junos Pulse, as well as in UAC's agent-less mode
  • Antispyware download capability is also available in SA Series SSL VPN Appliances
  • Ties into UAC's existing granular policy management framework to allow administrators to quarantine or restrict network access of infected devices
  • Leverages standalone IDP Series appliances as enforcement points
  • Enables application-specific policy rules to be enforced via any level of policy granularity
  • Can tie access directly to the presence or absence of specific hot fixes for defined operating systems and applications, and performs role-based, predefined patch management checks according to vulnerability severity level
  • Installed Systems Management Server (SMS) can be leveraged to automatically check for patch updates, quarantining, remediating, and providing authorized network access once a device has been remediated
  • Policies can also be defined to control time of day and bandwidth restrictions per application or per role
  • Leverages existing 802.1X-enabled switches and access points
  • Leverages robust features and capabilities of Juniper's standalone IDP Series appliances and SRX3400, SRX3600, SRX5600 and SRX5800 gateways to deliver broad Layer 2 - Layer 7 visibility into application traffic
  • Isolates a threat down to the user or device level—in conjunction with the IDP Series appliances and SRX3400, SRX3600, SRX5600 and SRX5800 gateways—and employs a specific, configurable policy action against the offending user or device
  • If a user attempts unauthorized network access via a web browser, administrators have the option to redirect the user to an IC Series appliance for authentication
  • Once user logs in to the IC Series appliance with appropriate credentials, the IC Series will redirect the web browser back to the original resource from which it had been redirected
  • Leverages industry-standards such as 802.1X, RADIUS, IPsec, and innovative open standards—such as TNC—to deliver a standards-based access control solution
  • Leverages the SA Series policy engine and AAA capabilities, RADIUS capabilities from SBR Enterprise Series servers, and 802.1X capabilities from OAC (for UAC Agent) and Microsoft Windows native 802.1X client/supplicant (for Junos Pulse 1.0)
  • Adopts and provides strong support for the TCG's TNC open standards for access control and security
  • Enables integration with third-party network and security devices, including devices that collect and through IF-MAP, share information on the state and status of a network, user or device
  • Allows devices to report back to the IC Series appliances serving as MAP (Metadata Access Point) servers, enabling the collected data to be used in formulating policies and appropriate access actions
  • Enables IC Series appliances to serve as standalone MAP servers (through a separate, dedicated IF-MAP license), or as mixed IC Series appliances and MAP servers (with at least a 50 concurrent user license)
  • Supports a MAP server running on standalone IC Series or in active/passive cluster pairs
  • Allows organizations— through the TNC SOH standard—to leverage their pre-installed Microsoft Windows 7, Windows Vista and XP SP3 clients with UAC for access control
  • Allows the use of the Windows Security Center (WSC) SOH in access control decisions
  • Can pass the SOH to a Microsoft NPS server for external enforcement and validation of the SOH and transmit the information back to the IC Series for use in access control decisions
  • Combines UAC's identity-aware capabilities with robust networking and security services of the SRX Series
  • Allows SRX Series platforms to be employed as UAC enforcement points
  • EX2200, EX3200, EX4200 and EX8200 interoperate with and serve as enforcement points within UAC—using standards-based 802.1X port-level access control and Layer 2-4 policy enforcement
  • When deployed with UAC, EX Series are enabled to enforce user-based QoS policies, or mirror user traffic to a central location for logging, monitoring, or threat detection
  • One-time use accounts available
  • Guest user accounts may also be provisioned with a predefined timeout period
  • Administrators control the maximum time duration allowed
  • Allows reception and other non-technical enterprise employees to host/provision secure guest user accounts dynamically through an easy-to-use guest user account management page
  • Centralized policy management is delivered when UAC is deployed with Network and Security Manager (NSM) and SA Series
  • Common configuration templates can be shared between SA Series (remote access control) and UAC (LAN access control) deployments using NSM
  • Audit mode enables organizations to track user and device policy compliance without enforcing policies
  • Leverages an organization's existing investments in directories, PKI, and strong authentication
  • Supports 802.1X, RADIUS, LDAP, Microsoft Active Directory, RSA ACE/Server, Network Information Service (NIS), certificate servers (digital certificates/PKI), local login/password, Netegrity SiteMinder (Computer Associates), RSA ClearTrust, Oblix (Oracle), and RADIUS Proxy
  • Employs media access control (MAC) address authentication via RADIUS, in combination with MAC address white listing and blacklisting; or, leverages existing policy and profile stores (through LDAP interfaces) or asset discovery or profiling solutions for role- and resource-based access control of unmanageable devices—such as networked printers, cash registers, bar code scanners, VoIP handsets, etc
  • Provides fine-grained auditing and logging capabilities, including access to the IC Series RADIUS diagnostic log files—delivered in a clear, easy-to-understand format
  • Captures detailed logging by roles that users belong to, resources that they are trying to access, and the state of compliance of the endpoint and user to the security policies of the network
  • Checklist Attribute Processing enables authentication requests to be processed based on information in the RADIUS packet before a connection is authenticated
  • Allows mapping to realms based on RADIUS request attributes
  • Dual, mirrored hot swappable SATA hard drives
  • Optional dual, hot swappable power supplies
  • IC6500 FIPS – Second power supply optional, DC power supplies available
  • Dual, hot swappable fans
  • Four-port 10/100/1000 copper interface card (standard)