Seventh heaven: How vSRX and Layer 7 firewall services can help you sleep better at night

By Elevate posted 03-11-2015 10:00


AppSecure_2 0_for_vSRX.jpgLife used to be easier for IT security professionals. (Not easy, I said easier). Take application security. A web application was either good or bad for the corporate network. You made a quick decision, and either allowed an application or blocked it. Salesforce allowed. Facebook blocked. There. Done. End of story.

But now things are grey—and not just 50 shades. More like 50 million, given all the applications that flow through the network these days. Today’s threats can run over any port, using any protocol. They’re evasive. They encrypt and they tunnel in exceedingly sophisticated ways. Today you need visibility into the applications—and the ability to granularly control access based on what you see, and the policies you set. Small wonder that 45 percent of attendees at the 2014 RSA conference said that installing application-aware firewalls in the next 12 months was a priority.

The fact that the world has gone cloudy—seemingly overnight—only complicates the picture. Virtualization and cloud technologies bring up unique security risks of their own. For example, whenever a virtualization layer is compromised, you have to suddenly worry about all hosted workloads, since a compromised host can expose guest virtual machines (VMs) or enable an intruder to intercept communications between guest VMs. And virtual networks introduce new layers of complexity due to the different workload interactions, scattered user access points, and the distributed nature of data. Visibility thus becomes simultaneously much more important—and much more difficult. With today’s cloud and hybrid data centers, this is a real problem.

Enter the latest evolution in Juniper’s SRX family of firewalls. vSRX (formerly Firefly Perimeter) is the virtual version of Juniper’s award-winning SRX. Today we’re also announcing the fact that vSRX supports key AppSecure 2.0 capabilities: AppSecure understands application behaviors and weaknesses, and can prevent application-borne security threats that used to be difficult to identify and block. Couple the protection that vSRX brings to your virtualized and cloud environments with the application visibility of AppSecure and you get something approaching confidence in your ability to mitigate all the dangers that are out there.

In this blog, I’d like to focus on three features of AppSecure 2.0 in particular that are available with vSRX: AppTrack, AppFW, and AppQoS.

First, AppTrack. AppTrack analyzes the data in each application knocking on your firewall, and classifies it based on such things as risk level, user ID, source, and destination addresses. It then enforces any application usage policies you’ve set—say, no chatting on Facebook—allows you to manage bandwidth, or reports on what particular users and applications are doing.

Next, AppFW. This capability allows you to create application-control policies based on dynamic application name or group names. You can thus block, for example, low-level administrators from shopping at Zappos during business hours.


Finally, AppQoS prioritizes traffic and shapes bandwidth based on application information and context to improve organizational agility. This happens to be the capability I’m the most personally excited about, as security and agility used to be considered mutually exclusive things. Now you can have both.


Of course, I’m just thrilled in general about our vSRX announcement. Our ability to better protect both cloud and hybrid data centers, especially with these Layer 7 services, promises to help our customers who are turning to the cloud in increasing numbers. With vSRX, we’re there for you.


Want more info on vSRX? Visit us here. For more on today’s security announcement visit:




03-13-2015 12:39

Just confirmed -- IPS, AppSecure (including appid, app track, appfw, appqos), UTM are all working in d20 posted on

03-13-2015 11:55

The vSRX does support all those services and the trial edition should have full functionality.  There might have been a short delay in updating the evaluation site, I will look into this ASAP.


Thank you for letting me know.


03-13-2015 11:34

I though the vSRX doesn't support IPS/AppID and UTM. Is it that the trial edition has limited functionality?

03-13-2015 06:41

I use vSRX for testng purposes but I like it a lot. Thanks guys keep up the good work.