Академический Документы
Профессиональный Документы
Культура Документы
Table of Contents
Executive Summary ..........................................................................................................................2
Target Customers .............................................................................................................................2
Insertion points .................................................................................................................................2
Promotional offers.............................................................................................................................2
Professional Services Enablement & Support ..................................................................................2
Messaging ........................................................................................................................................3
Differentiation: Features Available in SRX and not in ScreenOS firewalls .......................................3
High level guidance on ScreenOS to SRX device migration ............................................................5
SRX collateral and sales tools ..........................................................................................................5
Qualifying Questions.........................................................................................................................5
Competitive Positioning ....................................................................................................................6
Sample Call Script/Guidance ..........................................................................................................10
Executive Summary
The intent of this Playbook is to help Juniper sales and partner teams capitalize on the massive opportunity
around ScreenOS firewall customers upgrading to the next generation firewall platforms, Junos SRX. In this guide
you will find information on where to hunt, how to position, and supporting resources across the different stages of
the sales cycle.
Target Customers
All ScreenOS customers
Insertion points
Customers targeted with this initiative have typically deployed High-end firewalls within corporate headquarters
and data center locations and/or lower end firewalls at small/remote/branch locations. The following are sample
use cases for customers who may be great candidates for the upgrade, especially as they are approaching a
hardware refresh cycle:
Use Case #1 Firewall refresh need With added users, devices, and rich application usage, the legacy
ScreenOS platform is reaching (and perhaps exceeding) capacity for the network becoming too resource
intensive for firewall, VPN, and IPS functionality. As a result, customers may be experiencing slow application
response, etc. Now is the time to take advantage of the incentives/promotions for an upgrade to SRX to
experience the scalability and performance benefits.
Use Case #2 Firewall modernization: Advanced threat protection With the evolving risks and threats
associated with use of web and other applications, organizations required an array of network to application layer
controls. As a Next-gen Firewall, SRX features AppSecure to deliver the visibility, control, enforcement, and
protection needed for todays applications. AppSecure identifies applications and enables customers to enforce
granular policies on the SRX firewall. Furthermore, SRX firewalls, through the new dynamic threat intelligence
framework leveraging cloud-based services, offer highly effective dynamic protection by detecting and blocking
communications to command and control (C&C) servers, identifying and preventing botnet infections and
preventing serial attackers on the Web. The list of C&C, malicious sites, and known attackers are updated
regularly in order to keep data timely and relevant.
Use Case #3 Virtualization Security With so many organizations turning to virtualized environments for
time, power, space, and consolidation savings, businesses require security for network traffic at the Edge of
virtual data centers and also cloud environments. Junipers Firefly is a virtual version of the SRX Series, providing
perimeter security.
Promotional offers
ScreenOS to Junos Configuration Translation Tool - Provides translation of common ScreenOS commands
into Junos
Juniper PS Offerings Juniper Partners can supplement their services capabilities by reselling Junipers
professional service offerings.
o Firewall Conversion Service
o
o
o
Self-Study The Junos for Security Fast Track Enablement program, provides online access to the study
materials for the JNCIA-JUNOS, JNCIS-SEC and JNCIE-SEC certifications. See link below for access:
https://learningportal.juniper.net/juniper/user_fasttrack_home.aspx
On-demand E-learning
o Networking Fundamentals - http://www.juniper.net/us/en/training/elearning/net_fun.html
o Junos as Second Language - http://www.juniper.net/us/en/training/elearning/jsl.html
o Junos as a Security Language http://www.juniper.net/us/en/training/elearning/junos_security.html
In-Person Hands-On Training Customers or Partners can attend in-person training courses provided by
registered Juniper training partners to prepare for the JNCIA-JUNOS, JNCIS-SEC and JNCIE-SEC
certifications
o Junos for Security Learning & Certification Track http://www.juniper.net/us/en/training/certification/es_track.html
o Junos for Security Instructor Lead Class Schedule https://learningportal.juniper.net/juniper/user_activity_info.aspx?id=702#schedule
o Condensed 2-Day Pre-sales Technical Course to teach ScreenOS Engineers how to configure a
Junos based SRX: https://learningportal.juniper.net/juniper/user_activity_info.aspx?id=2728
Juniper Virtual Lab Practice Junos configs in Junipers Virtual Lab (See Module 3 of JNSS):
https://jpartnertraining.juniper.net/course/view/id/13/
Messaging
Upgrading to SRX Series gives customers network security at the performance and scale needed in todays
enterprise, and enables them to leverage a wide range of advanced protection features to help defend against
modern threats.
Separation of control and data plane provides enhanced network and security performance while
maintaining management control even when under attack (DoS)
Broad routing protocol support and MPLS (Note: MPLS is supported on branch SRX series only)
ensures investment protection when the network requires changes to accommodate growth
Flexible forwarding (flow, packet, mixed) allows businesses maximum flexibility in configuring their networks
Customer empowered automation with JUNOScript delivers ease and time savings for configuration
Junos CLI philosophy (Commit, Rollback, etc.) reduces the likelihood of administrator error and allows for
easy recovery and management when issues arise
Service Now streamlines fault management and trouble ticket creation to automatically detect, diagnose, and
log device faults
SRX:
High performance platforms deliver performance scalable to customer needs via a single modular platform
(up to 300 Gbps FW performance and up to 450K new connections/second)
Higher session capacity supports requirement to enable multiple sessions for each user/device connecting
to the data center and/or mobile network
AppSecure, including advanced AppID features, delivers application-level visibility, enforcement, control,
and protection
Integrated IPS with hardware-based Content Security Acceleration Engine (Regex ASIC) provides high
performing IPS protection
Direct integration with Active Directory provides per-user firewall capabilities, without additional hardware
or agents
Auto VPN (hub/spoke and spoke/spoke) large-scale, zero-touch VPN to support large distributed
implementations
Class of Service support to specify categories of traffic used by QoS
Switching (Trunking, STP, 802.3ad, 802.1x, etc.) is a vital networking element along with security and routing
to deliver an all-in-one SRX solution
Dynamic VPN enables configuring multiple remote VPN clients to save time and effort
Key Message
Value Proposition
Proof Points
Upgrade to SRX
SSG 5/ NS 5GT
SSG 20
SRX 210
SSG 140
SRX 220
SRX 240
SRX 550/650
SRX 1400
SRX 3400/3600
NS 5000 Series
SRX 5400/5600/5800
Qualifying Questions
Scalable networking needs:
How has the number of users and devices grown in your network the last few years?
Is your ScreenOS deployment able to keep up with the growth?
Would you like to increase the performance of your firewall/IPsec VPN device?
Are in-service upgrades important to your organization?
Do you have a variety of Next Gen firewall use cases (such as branch, edge, data center) that should be
centrally managed and controlled?
How are you detecting any C&C communications from your network? Can you block these in near real
time?
How are you tracking internal user activity and access?
Competitive Positioning
The most frequent High-end SRX Series competitors in the marketplace include Cisco, Check Point, Palo Alto
Networks and Fortinet. These competitors are addressed below:
Cisco
What To Lead with
System simplicity and
uniformity
Application visibility
Management capabilities
Cisco Weakness
Juniper Strength
Juniper Strength
Application visibility
High availability
Security integration
w/Data Center networking
and switching
Juniper Strength
Full enterprise-level
breadth of product line
Application visibility
Troubleshooting and
tracing
Routing capabilities
Juniper Strength
Investment protection
Fortinet
What To Lead with
Performance and Scale
Fortinet Weakness
Juniper Strength
Fortinet Weakness
And, ASIC architecture takes a major
performance hit when security
services are tied in. The firewall
exhibits extremely poor performance
as soon as the services other than
firewall is turned on.
Comprehensive security
Application visibility
Resiliency
Juniper Strength
when positioned as a full-integrated
firewall.
We truly scale at firewalling and with
services like IPS and firewall w/UTM.
For example, we provide the best SSL
decryption engine with minimal impact
to the performance for 2048b ciphers
according to NSS Labs testing.
We protect against all modern and
diverse attack types, such as DDoS,
and DoS. We utilize stateless, stateful
filters, screens, policies, advance
session control to protect against
various attack types.
Juniper offers excellent application
protection without compromising
performance and is only one element of
the SRX Series (e.g. SIEM, mobile
device connectivity and protection, web
application hacking and DDoS
protection). This is independently
validated by recent NSS Labs tests.
10
[Note: If at any time in the conversation that clearly the customer has replaced ISG, SSG and/or NS with
a competitive product, find out why the customer made the switch and note it.]
2. Whom may I speak with regarding ScreenOS and network security? May I have the phone number,
please? Would you please transfer my call? Thank you for your time and information.
3. [Qualify Prospect is a DM, IN or EV.]
Hi _____, (first name) Im ______ _____ (your name) with Juniper Networks. ____ ____ (person who
referred you) suggested I call you regarding the Juniper Networks ScreenOS and network security. Are
you involved with these aspects for IT?
[If yes, go directly to #4. Otherwise, go back to #2 and identify the right contact responsible for ScreenOS
and/or network security within IT].
4. Wonderfulwe have found that our customers, when refreshing their networks security systems such as
ISG, and NS, appreciate the Junos and SRX platforms for three key reasons:
a. Simplicity all security functions and integrated services for current and future products are managed
via the same OS
b. Security layered security approach is necessary to protect against evolving threats using
AppSecure and threat intelligence
c. Consolidation cost savings resulting from reduced CAPEX from fewer appliance investments and
lower OPEX from reduced management complexity.
Just to check, have you upgraded to Junos operating system and SRX Series Services Gateways?
[If no (i.e. still using ScreenOS, ISG, SSG, and/or NS), then go directly to #5. Otherwise continue here.]
What benefits have you experienced since migrating to Junos operating system? What time savings have
you experienced using Junos? What cost savings have you experienced with our single operating system
platform?
[Note all the benefits information the customer provides and encourage the customer to be a customer
reference.]
Would you be willing to be a customer reference?
[If no, go directly to #8]
[If yes]
Thank you. I will have someone from the Customer Reference team contact you.
[Note the customer contact information and send to the Customer Reference team. Go directly to #8]
5. [Probe for upgrade opportunities to determine if the customer is experiencing any of the below
challenges:]
Need for a refresh of network security devices
Which Juniper Network products do you currently use for network security? How long have they been
deployed?
[Note: Check to see if customer products are End of Life. If they are, then the customer can benefit from
upgrading to Junos/SRX for the latest in security and networking technology. If the customers solution
has been deployed for 2+ years, they may be ready for a hardware refresh. Explore this opportunity as
use cases for ScreenOS closely map to SRX feature set.]
Addressing the growing number and sophistication of attacks
In the latest Verizon 2013 Data Breach Investigations Report, it was reported that in 2012, 92% of data
breaches were perpetrated by outsiders. 52% used some form of hacking.
What are your top security concerns for your business? How are you addressing them?
11
[Note: Chances are the concerns are not fully addressed by their deployed security solutions. Upgrading
to Junos/SRX can meet security needs. Please see the Messaging section for details.]
Many of our customers are worried about application-based threats. How is your company addressing
these threats?
[Note: Junos/SRX has the most up-to-date protections to meet security needs including AppSecure for
application-based security, visibility, and control.]
Many of our customers are concerned about securing the traffic at the edge of their virtual data centers
and in the cloud. How is your company addressing these threats?
[Note: Junipers Firefly offerings provides most security capabilities of Junos based SRX for protecting the
edge of a virtual data center or cloud.]
How valuable would you consider a solution that offers comprehensive security with fewer performance
compromises?
[Note: SRX technology features the most up-to-date security; all with non-compromising, network
performance.]
Lack of IT staff resources and IT budget
How limited are your IT resources?
[Note: Nearly all IT teams are in need for more resources and more time in a day to get through the IT
responsibilities. Empathize with the customer as SRX has all the most up-to-date security they need to
address evolving threats; all using a single management OS for current and future Juniper products.]
How many separate security and networking solutions do you have deployed?
[Note: Help the customer realize that there is opportunity to consolidate the networking with security so
that they can use one UI, deal with just one vendor, manage only a single device and save lots of time.]
How much time and effort is spent managing multiple network and security devices?
[Note: As an all-in-one networking and security device, the customer can save money by consolidating
routing, switching, and security. By using a single device, on a single OS platform, the customer can save
time and money. No more trying to learn multiple products, managing different consoles, and speaking
with multiple vendors.]
[Gauge customer interest and speak to the most relevant promos. Please see the Promotions section.]
For a limited time, Juniper Networks is offering [Insert the most relevant promo here]Would you like
to take advantage of the promo?
[If the customer chooses to buy or take advantage these offers, then close the deal and go directly to #8.]
[If the customer is not interested in Junos/SRX, then go directly to #6.]
6. Before we finish our call, let me once again encourage you, when ready, to consider the upgrade to
Junos/SRX platform for simplicity, security, and consolidation. May I help you with any other security,
routing, or switching requirements?
[If no, then go directly to #8]
[If yes,]
What current Juniper products or technologies would you like to discuss?
[Assist the customer, confirm contact information, and determine next steps as needed. Go directly to #8]
12
7. Are there others in IT involved with network security that I can offer sales assistance?
[If you do not get a referral, then go directly to #8.]
[If you do get a referral, then ask for the contact information.]
May I have the phone number, please? Would you transfer my call? Thank you for your time and
information.
[Go directly to #3.]
8. Thank you for your time.
*** End Call Script ***
13