News Stay informed about the latest enterprise technology news and product updates.

Juniper Firefly Perimeter: A virtual firewall based on SRX gateways

Based on the SRX security gateway series, Juniper Firefly Perimeter is a software-based security gateway for multi-tenant environments.

Juniper Networks launched Firefly Perimeter, a virtual version of its SRX security gateway appliance. Because Juniper is positioning Firefly as its new virtual security services brand, it also renamed its vGW hypervisor-layer security gateway as Firefly Host.

Juniper Firefly Perimeter is a virtual appliance that will offer all of the security and routing services of a Juniper SRX appliance. It is designed to provide network layer security for north-south traffic in a data center. The newly renamed Firefly Host is a stateful firewall that integrates with a hypervisor at the kernel and inspects and secures traffic at the virtual layer, between virtual machines on a single host.

To ensure resource allocation, Juniper modified its virtualization management software, Junos Space Virtual Director, to automatically provision and manage resources for virtual machines (VMs) associated with Firefly Perimeter. Junos Space Virtual Director has a "provisioning component of VM elements specifically for Firefly Perimeter. It acts as a bridge from standard security policy management in Junos Space Security Director," said Tamir Hardof, senior director of product marketing for Juniper's security business unit.

The primary use case for Firefly Perimeter will be securing multi-tenant data centers, whether they are private or public clouds, according to Jon Oltsik, senior principal analyst at Milford, Mass.-based Enterprise Strategy Group. "I think people will start using virtual firewalls in lieu of physical firewalls in real multi-tenancy data centers, and also for smaller data centers and remote sites. Think of it as a layer of defense behind the SRX," he said.

Juniper Firefly Perimeter: All the services of an SRX in software

Firefly Perimeter is a 4 Gbps stateful firewall that also offers IPsec VPN termination, intrusion detection, network address translation and routing -- essentially all the services that an SRX gateway offers, Hardof said. "We are also looking at adding content-inspection services," he said.

Juniper doesn't anticipate Firefly Perimeter will replace SRX hardware in most customers' networks, Hardof said. Instead, the company believes the software will give network engineers the flexibility to deploy security in more places and at more layers of the network.

At the same time, Juniper plans to give customers some unusual licensing flexibility with Firefly Perimeter. Later this year, as part of the Juniper Software Advantage enterprise software licensing program, network engineers will be able to transfer software licenses from SRX hardware to Firefly Perimeter and back again. "Once you own that license, it's no longer tied to hardware," Hardof said.

Firefly Perimeter will be generally available this quarter. It will run on VMware vSphere and KVM hypervisors. Juniper did not disclose prices for the software.

Juniper Firefly security product suite: Reference design needed

With the SRX line, the Firefly product suite and Junos Space management software, Juniper now gives network engineers a lot of flexibility with how they secure their networks in hardware and software, Oltsik said.

"The challenge is, people don't know what to do with all the piece parts," he said. "When would I use physical controls and when would I use virtual controls? How do I control VLANs? How do I control policy between virtual systems? All this is new. Before people start buying these things and managing them, Juniper and everyone else in the market needs to offer professional services on when to [use virtual controls] and when to implement physical versus virtual. If I were Juniper, I would build a reference architecture and work with partners to help them explain how to deploy which pieces and where."

Let us know what you think about the story; email: Shamus McGillicuddy, news director, or follow him on Twitter @ShamusTT

Dig Deeper on Network Security Best Practices and Products

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.