- Subscription license (1st year)
- 1 device
To help stop application level attacks from penetrating and proliferating across the network, Juniper Networks firewalls integrate intrusion prevention technology in the form of a Deep Inspection firewall. Leveraging the efficiencies of both Stateful inspection and IPS technologies, Juniper Networks Deep Inspection firewall can efficiently perform network security functions as well as analysis on the application message to determine whether to accept or deny traffic. Juniper Networks IPS technology applies a deeper level of application understanding to the traffic to make access control decisions based on the intent of that traffic. Deployed at the perimeter, a Juniper Networks Deep Inspection firewall focuses on preventing application-level attacks aimed at commonly used protocols. As a true IPS, Deep Inspection eliminates application-level ambiguities, performing de-fragmentation, reassembly, scrubbing and normalization, to convert network packets to the application-level message being transferred between the client and the server. It then looks for protocol conformance and extracts data from identified application "service fields" where attacks are perpetrated and applies attack pattern matches. It then decides to accept or deny the traffic based on high impact protocol anomalies or any given attack pattern in one of these application service fields. Unlike some IDS offerings masquerading as an IPS, Deep Inspection can take any one of seven different decisive actions against an attack to stop application-level attacks at the Internet gateway so they never reach their destination.