3
Figure 4: Creating a policy using security whiteboard
IPsec VPN is the last of the Security Whiteboard functions
enabling configuration of thousands of VPNs in hub spoke, full
mesh, or site-site, and the monitoring and troubleshooting of
these tunnels:
A sophisticated VPN configuration wizard simplifies an otherwise
complex VPN setup, reducing it to a few simple steps.
1. Define VPN properties as name, VPN type, profile, and the
tunnel IP subnet.
2. Specify the endpoints of the tunnel on the topology diagram.
3. Provision the VPN configuration to the network resources.
Object Builder
object builder is a multi-tenant workspace that contains standard
network objects and enables the addition of new devices. Similar
to the security whiteboard workspace, network resources as
applications, security domains, and addresses are displayed
graphically. A set of predefined, common applications such as
FTP, telnet, SSH, SMTP, netbios-session, and many others are
shipped with Security Design. If a new application is needed, the
user can conveniently provide the details using object builder, and
it will simply add the application to the Junos Space database.
Figure 5: Adding devices using object builder
Rapid Deployment
Junos Space provides a rapid deployment workflow that is common
to all Junos Space applications. Similar to the other workspaces
in Security Design, rapid deployment follows a familiar convention
to present an overview of the devices that are maintained in Junos
Space, available to deploy, and can be added to the topology as
required. Introduction of new devices to the network infrastructure,
including the required security policy configuration, is as simple as
creating a configuration file, known as configlet, and applying it to the
network device in the branch location.
Central management and simple provisioning capabilities of rapid
deployment enable network operators to deploy and provision
new devices with minimal manual intervention.
Features and Benefits
Table 1: Junos Space Security Design features and benefits
FeAtuRe
BeneFit
Web-based Interface
• Junos Space applications are web-based and provide a simple to use but sophisticated browser interface with
familiar design tools.
• users can focus on their task, better apply their knowledge, interact within a familiar environment, and challenge
their creativity as they design. The consistent interface among applications, whether it is a Juniper or a third-party
application, lets users accomplish tasks with greater productivity.
Application within the Junos
Space family
• As a member of the Junos Space family, Security Design provides the user with a common Web interface
thataccesses an expanded Junos Space feature set.
• rapid deployment is an example of a feature shared among all Junos Space applications.
Granular device configuration
• Anywhere in the workflow, each object provides a rich set of property information that is either gathered from the
Junos Platform or created as a part of the design process.
• In-depth property information helps the architect make accurate design decisions.
Policy life cycle management
• Provides orchestration of policy design, configuration, and granular visibility of policies.
• Benefiting from the policy abstraction layer handling thousands of devices provides the operator with efficient ways
to optimize policies, clean up unused rules, and design and enforce policy compliance mandates.
• Eliminates rule-by-rule policy definitions benefiting from the abstraction layer and promotes accuracy, simpicity and
faster time to deployment.
IPsec VPN configuration wizard
• IPsec VPN wizard as a component of whiteboard helps the user design and provision, otherwise complex VPN
configurations easily.
• Enables configuration of thousands of VPNs in hub spoke, full mesh, or site-site topologies.
• Provides monitoring and troubleshooting of these VPN tunnels.
