Juniper ENTERPRISE GUEST ACCESS, MAG2600 Overview
ENTERPRISE GUEST ACCESS
DATASHEET
Product Overview
Whether large or small, companies
have guests. Guests can be virtually
anyone who conducts business with
the company but is not an employee.
Many of these guests require some
form of network access in order to
be productive. Providing a guest user
secure Internet access, let alone access
to files on your network or extranet, is
anything but simple. You can’t aord
to let your guest users access your
sensitive corporate network resources.
For companies of all sizes, Juniper
Networks Enterprise Guest Access
supports secure, authorized network
resource access, manages guest
network usage, and reduces the threats
that come with unauthorized guest
users and their compromised devices.
Product Description
Juniper Networks® Enterprise Guest Access is a comprehensive appliance that addresses
all of your guest user network access requirements. Enterprise Guest Access is based on
the award winning Juniper Networks Unified Access Control solution. With the Enterprise
Guest Access appliance, you can easily authenticate guest users and contractors,
assess the health state of their devices, control their access to your network and its
sensitive resources, and coordinate your network access policies, security, and regulatory
compliance across even the most distributed of network environments.
Enterprise Guest Access is quick and easy to deploy and use, employing a simplified guest
user administration interface that allows even the most nontechnical of users to create
guest user access credentials and rights. It takes the burden of setting up guest user
network access off the shoulders of your already overburdened IT staff, and it enables
your administrative and support teams to take on this somewhat mundane yet crucially
important task.
Purpose-built for small to medium sized businesses (SMBs) as well as enterprises and
agencies with many guests or visitors, the Enterprise Guest Access appliance delivers
wired and wireless guest network access control (NAC) seamlessly through a single,
small, inline network appliance and license, without any agents to deploy or maintain.
The Enterprise Guest Access appliance delivers two separate functions—guest user
provisioning and authentication, and guest user access enforcement.
Enterprise Guest Access Architecture and Key Components
All-In-One Appliance
Enterprise Guest Access is an all-in-one, inline appliance that delivers role-based access
control for guests, partners, and contractors. The Enterprise Guest Access appliance
delivers agentless (browser-based) wired and wireless NAC for guest users seamlessly
from a single appliance. The slim, sleek, small form-factor Enterprise Guest Access
appliance supports secure, authorized network resource access, manages network use,
and reduces the threat of unauthorized users and compromised devices. The Enterprise
Guest Access appliance authenticates guest users and contractors, and assesses the
health state of their devices before granting them network access.
1
Guest User Authorization
The Enterprise Guest Access appliance also ensures that only
authorized guest users can log into and access those areas of
your network to which they are authorized access based on their
identity and device integrity. It integrates and leverages Juniper’s
Host Checker functionality, used in tens of thousands of Juniper
Networks SA Series SSL VPN Appliances and IC Series Unified
Access Control Appliances, enabling you to define policy that
scans guest user devices attempting to connect to your network
for a variety of security applications and states, including custom
endpoint checks. It also enables you to create and enforce
network access based on time and duration. In this way, Enterprise
Guest Access enables you to deliver differentiated network access
for various guest user categories such as one-time guest users,
contractors, vendors, and others.
Secure Network Access
The Enterprise Guest Access appliance enables and builds a
Layer 2 bridge to ensure secure network access. With Layer 2
bridging enabled, your guest users are provided with an IP address
from your corporate network. Since the Enterprise Guest Access
appliance is inline, it is the first place that your guest users
will come to when they attempt to access your network. The
Enterprise Guest Access appliance will first serve the guest user a
web-based captive portal page when access is attempted. Users
will use their guest credentials, which include the user name and
password provided to them by your guest access administrator.
They will log in and be provided with a network session. During
the deployment of Enterprise Guest Access, you will have created
resource access policies on the appliance which direct guest users
to resources that are provisioned on the network and to which
they have authorized access (for example, the Internet). User
traffic has no other route to the corporate network except through
the Layer 2 Enterprise Guest Access appliance bridge. Users and
guests are connected to the external interface, and protected
resources are connected to the internal interface.
Provisioning and Management
The Enterprise Guest Access appliance also simplifies guest
user network access provisioning and management. Access is
controlled through an enterprise customizable web-based captive
portal, directing users to input their guest access credentials—
created and provided to the guest user by your receptionist or
any corporate sponsor—to gain authenticated, authorized access
to your network and resources. Guest user access credentials
are as simple as a user name and password. Guest user network
access may be provisioned for up to 200 guest users on a single
Enterprise Guest Access appliance. And, identity information of
guest users is stored in a database on the appliance, which is
perfect for addressing regulatory compliance audits.
Since its operation does not require that an agent be downloaded
to the user’s device, Enterprise Guest Access works with devices
running most major operating system platforms, including
Microsoft Windows, Apple Mac OS, and Linux. Being agentless
means that Enterprise Guest Access requires no configuration
on a guest user’s device, and using a web-based captive portal
means it needs zero configuration to set up, greatly simplifying its
deployment and use.
Guest Administrator Accounts
A limited number of guest administrator accounts may be created.
Your IT or technical staff can provision a local user or employee
with limited administration rights to provide temporary access
accounts for external guest users. Guest user account manager
information is stored in a database local to the enterprise guest
access appliance. This is useful for administrator tracking and
regulatory compliance audits. Provisioning of numerous guest user
account managers, typical for an office or site which is without
reception or administrative staff, can be easily undertaken.
Authenticated access for guest user account managers to the
enterprise guest access appliance is accomplished natively or
by interfacing with and leveraging existing SMB or enterprise
authentication data stores, such as Microsoft Active Directory or
Lightweight Directory Access Protocol (LDAP), and authentication,
authorization, and accounting (AAA) capabilities.
Time-Based Network Access Policies
The Enterprise Guest Access appliance enables guest user
accounts to be created based on flexible, time-based network
access policies. Guest user accounts may be created with a specific
start and end time. For example, guest user network access might
start at 9:00 a.m. and end at 5:00 p.m. Guest user accounts may
also be created for a specific hourly duration, such as guest user
network access being allowed for 8 hours. Guest user access can
also be limited by the administrator to a specific number of days, in
an hours-based format, such as for 24 hours, 48 hours, or up to 72
hours. Enterprise Guest Access affords you flexibility and control in
the management of guest user network access.
Network Access Control
The Enterprise Guest Access appliance also provides a simple to
deploy, easy to administer way of addressing NAC, while providing
an upgrade path to Juniper’s comprehensive network and
application access control solution, Unified Access Control, at any
time by leveraging the access and security policies already created
and instituted by the SMB or enterprise with the Enterprise Guest
Access appliance. This saves both time and cost.
2
Loading...