7Gbpd Firewall and 900Mbpd IPS !!! how test that ? you can take a look at a test that compare your Netsreen firewall VS Cisco ASA and see that your sec appliance fail to reach 2Gps firewall !! now you claim your router do that faster while your dedicated , purpose-build appliance can't even reach 2Gps firewall throughput.

Ali, thanks for the comment. Our Netscreen product line is a few years older than our new SRX Series Services Gateways. With recent advancements in hardware speeds (and with the help of my very talented engineering team) we’ve been able to deliver exceptional performance in a product that has more features (notably routing and switching) than traditional firewalls. JUNOS (our operating system) supports symmetrical multi processing (SMP), which allows us to take full advantage of multi-core processors for straightforward scalability (more cores = more performance) and segmentation of functionality. This is something our competitors can’t do (see http://news.techworld.com/networking/3204483/cisco-reinvents-best-selling-isr-router/).

We test using the standard firewall, IPS, and VPN test suites on BreakingPoint test gear. You can read a bit more about the tests we do here (http://www.juniper.net/us/en/company/press-center/press-release /2009/pr_2009_03_05-08_00.html). The press release highlights our data center security products but we use the same testing approach with our branch products as well

This is an interesting article. Could you please share a little bit more broadly what _dynamic_ service can be turned on in the "Dynamic Services Architecture" of the SRX? It would also be instructive to know how many of the SRX customers use it as a router. Oh wait, that the J-series. Never mind.

Cisco's has execution muscle behind the industry talk of using the cloud to to deliver these so called UTM services. With the Scansafe acquisition, a user/device can be anywhere - inside a managed network, out at an airport, at a customer site ...wherever else and will still have consistent policy enforcement. And in the highly innovative 7Gbps strong SRX, enterprises will need at a minimum SRX and an Neoteris SSL VPN device, and a swtich and if they needed wireless another "partner" device and... Last time I checked AdTM had more than a dozen components, just for a managed network. 

For a security product it would be useful to talk about the efficacy of the security. 7Gbps/900Mbps/... - what do they protect against? Does it protect against any server-to-client attacks - umm... no; does it protect against botnet infections - again - no; does it protect against any file format issues - you guessed it - no.

Anyhoo AlexJGray...

Cisco is the internet leader(internet plumber?), ISR G2 with video capabilities, right decision.

The networking will change with ISR G2, the digital breadth between Cisco and the others will be more deep. The UCS its another advantage of Cisco, who cant stop that leadership?.

The users dont say switching they say Cisco, the users dont say routers they say cisco, the users dont say networking they say Cisco, in a fast survey : 10 of 10 people recognize Cisco, 9 recognize 3com, 1 recognize Juniper Networks. The same test was in a fast survey of enterprise administrators and the result was near the same percentages.

The last UTM and the final FW-Router NG its near, Cisco and Fortinet are near, very close to.  Video, voice, storage, wan acceleration, SSL inspection, AV, AS, IPS, WF, Wifi lan controller, P2P/IM controller, app firewall, DLP. 

7GBps its good, ok, 20Gbps its better at lower price.

The new networking era is borning and Cisco  is moving away much of the second and third, I still remember when Nortel said it was several times larger than Cisco and was not worried about the challenge.

please JuniperNetworks resume the leadership you had with Netscreen, do not leave it late.

Anon, sure, I’m happy to give you an outline of the Dynamic Services Architecture (DSA). This is the foundation for our SRX Series Services Gateways for branch and data center applications. We use the DSA to deliver networking and security services like advanced routing, switching, flow-based security, and zone-based management. The term “dynamic” captures two powerful and unique product capabilities. First, the services themselves are dynamic – they can be enabled from one universal software image and one consistent operating system (Junos) that runs across the entire SRX product portfolio. The ISR G2 family can do this as well, although the “single image” benefit doesn’t extend beyond the handful of products in the G2 line. Second, the word “dynamic” captures the ability to divide and allocate processing resources depending on the demands of the traffic and services in use. In our data center SRX products, we scale processing using high power Service Processing Cards. Our fixed configuration branch SRX products accomplish essentially the same thing using multiple cores on a single CPU.

We can do this because Junos is modular and multi-processor capable. If your network operating system isn’t modular and can’t leverage modern multi-core architectures you’ll soon be out of gas. You can learn more about the Dynamic Services Architecture here (http://www.juniper.net/us/en/local/pdf/whitepapers/2000288-en.pdf).

When you say “so-called UTM services,” you seem to imply the category is somehow not legitimate. To the contrary, it’s one of the hottest security segments out there – which is usually an indicator that many Enterprises (and SMB customers for that matter) see value in the technology. Whether you choose to deploy it on premise (which gives you the option to protect not just traffic from the WAN but local traffic as well) or in the cloud (likely via a managed service from a service provider) is really a matter of determining what your specific security architecture should be. Again, if you need to protect traffic on the network, you probably don’t want to send local traffic to the “cloud” and back again just for security operations.

The cloud’s impact on security architectures will take some time to play out. Our decision to limit SSL VPN termination to our SSL appliances (and not on the branch products) reflects our belief that some services – like mobile user support – will usually terminate in the data center (or the cloud) and not in the branch. So yes, if you need to terminate SSL VPNs at each branch you’ll need one of our SA Series SSL VPN appliances there. Or you can use our branch product’s dynamic VPN client capability instead. Regardless, we believe there will be a need for security services on site for the foreseeable future. Clouds are beautiful but security professionals will likely keep their feet more firmly planted in terra firma.

Finally, for the record, I’d like to correct a couple of inaccuracies in your post. Our Adaptive Threat Management Solution is a cross-portfolio approach to unified, network-aware security. As such, I’m sure you could count up all the products it works on and come up with a high number of “components.” We think being able to provide consistent protection across our portfolio is a strength, not a weakness. You can find more information about AdTM here (http://www.juniper.net/us/en/local/pdf/brochures/1600033-en.pdf). Finally, your assertions about attacks we don’t cover are just false. We’re firmly in the Gartner “leader’s” quadrant for intrusion prevention and we’ve taken full implementation of that leading technology into our branch solutions.