IC6500 FIPS Unified Access Control Appliance - Juniper


Data SheetIC6500 FIPS Unified AccessControl ApplianceProduct OverviewProduct DescriptionDaily, government agenciesA market leader and pioneer in standards-based network access control (NAC), Juniperand secure enterprises aroundNetworks delivers comprehensive, adaptable network and application access control withthe world perform a tenuousJuniper Networks Unified Access Control (UAC). By combining user identity, device securitybalancing act: They muststate, and network location information, UAC empowers organizations to create andensure the security of theirnetworks, critical resources,and sensitive—sometimestop secret—information, whileenforce unique, dynamic access control policy—per user and per session. UAC offers bestin-class performance, scalability, and centralized policy management to ease deployment,administration, and management.delivering timely and pervasiveAt the heart of UAC are the Juniper Networks IC Series Unified Access Control Appliances—network and data access forhardened policy management servers that centralize pre-authentication assessment,employees, contractors, andauthentication, role-mapping, and resource controls in one location. Access control can beother authorized users. Manyof these organizations arerequired to deploy networksecurity and access controlofferings certified compliant withdeployed and implemented quickly and simply within any existing heterogeneous networkusing a single IC Series UAC Appliance with existing vendor-agnostic 802.1X access pointsor switches—including the Juniper Networks EX Series Ethernet Switches, as well as anyJuniper Networks firewall platform, J Series Services Routers, or standalone IDP Seriesrigorous, government-approvedIntrusion Detection and Prevention Appliances. No forklift upgrade or rip-and-replace ofstandards, but are bound byyour existing infrastructure is required.budget cuts. Uniquely positionedto address these needs, JuniperNetworks delivers a standardsbased access control applianceIC Series appliances are available in several different form factors, including the JuniperNetworks IC6500 FIPS Unified Access Control Appliance. The IC6500 FIPS UAC Applianceis built to meet the needs of the most demanding and complex government agencieswith a government-certifiedand secure enterprise environments. It delivers the same functionality available on thesecurity module. It’s the heartJuniper Networks IC6500 UAC Appliance, which includes scaling to support up to tens ofof a comprehensive, flexible,thousands of simultaneous endpoint devices. The IC6500 FIPS, though, adds a dedicatedand dependable commerciallyFIPS 140-2 Level 3 certified hardware security module to handle all cryptographicavailable network access controloperations. The IC6500 FIPS also includes tamper evident labels that deter physical(NAC) solution, Unified Accesssecurity breaches and provide a visual indication of device integrity. It can be deployedControl that leverages thestandalone or in three-unit clusters to increase performance and provide additionalnetwork you have in place today.scalability. The IC6500 FIPS appliance, like the IC6500, also offers a number of redundant,field-upgradable high-availability (HA) features—including dual, hot-swappable, mirroredSATA hard drives; dual, hot-swappable fans; and optional hot-swappable power supplies.Your ideas. Connected. 1

IC6500 FIPS Unified Access Control ApplianceArchitecture and Key ComponentsJuniper Networks UAC is composed of the following:Data SheetThe UAC Agent and UAC’s agent-less mode integrate HostChecker functionality, ensuring the enforcement of consistentnetwork security and access policies across all platforms andIC Series Unified Access Control Appliancesenvironments. Host Checker allows you to define network accessThe Juniper Networks IC Series Unified Access Controlpolicy, scans endpoints for various security applications—includingAppliances, such as the IC6500 FIPS, are the hardened,antivirus, antimalware, and personal firewalls—and ensurescentralized policy management servers at the heart of Juniperselected applications are installed, running, and up-to-dateNetworks UAC. They can push the UAC Agent to the user’sbefore granting network access. It also enables custom checks ofendpoint to obtain user authentication, endpoint securityelements and checks of third-party applications, files, processes,state, and device location data. (This same information can beports, registry keys, and custom DLLs, denying or granting networkgathered through UAC’s agent-less mode, useful in situationsand application access based on results. With integrated Hostwhere the download of software is not feasible, such as guestChecker, UAC protects your network and endpoint devices fromaccess). The IC6500 FIPS appliance uses this information tounhealthy, non-compliant, and malicious devices, while allowingcreate dynamic policies that are propagated to UAC enforcementyou to maintain consistent access control and network security.points across the distributed network. Network and applicationUAC also checks for specific, defined operating system andaccess control is managed by the IC6500 FIPS appliance beforeapplication patches. UAC includes industry-tested, dynamicsession login and throughout the user’s network session.antispyware and antimalware protection for Microsoft WindowsThe IC6500 FIPS appliance enables easy setup andadministration of network resource policy rules. It also enablesdynamic policy changes as the endpoint state or networkendpoint devices, scanning a device’s memory registry and loadpoints, pre-authentication, for spyware and keyloggers, andproviding automatic remediation, if necessary.environment changes. With UAC’s adoption of the TrustedUAC Enforcement PointsComputing Group’s (TCG) Trusted Network Connect (TNC) IF-UAC enforcement points enforce dynamic, identity-basedMAP open, standard specification, the IC6500 FIPS can serve asnetwork access and security policies defined in and distributeda mixed IC Series appliance and Metadata Access Point (MAP)by, the IC6500 FIPS appliance. UAC supports enforcement pointsserver, or as a standalone MAP server. When integrated with IF-to meet every networking need, including:MAP compliant third-party devices, the IC6500 FIPS can collectdata from those devices about the user and device, or the statusof the network and leverage that information when formulatingpolicies and appropriate access actions.UAC Agent and UAC Agent-less Mode Any vendor-agnostic 802.1X-compatible switch, includingJuniper Networks EX Series switches, and any vendoragnostic 802.1X-enabled wireless access point for Layer 2port-based enforcement. Any Juniper Networks firewall platform, including the SRXDynamically downloadable, the UAC Agent collects user andSeries Services Gateways as Layer 3 overlay enforcementdevice credentials and assesses the endpoint’s security state,points. The Juniper Networks J Series Services Routersreporting this information back to the IC6500 FIPS appliance.also serve as Layer 3 UAC enforcers, delivering Source IPIt can be provisioned using a variety of automated and offlineenforcement.delivery mechanisms to meet any organizations softwaredistribution needs. A single UAC Agent can be used in wired,wireless, or combined deployments. The UAC Agent providesboth Layer 2 (via 802.1X) and Layer 3 (via firewall enforcementand dynamic IPsec) secure, identity-aware network access.It also includes an integrated, stateful personal firewall thatdelivers endpoint access control capabilities. The UAC Agent also Juniper Networks IDP Series appliances serving as rolebased, application-level policy enforcement points deliveringunparalleled visibility into application traffic at Layer 7.UAC ushers in a new era of granularity and control as the firstaccess control solution to support Layer 2 – Layer 7 policyenforcement.provides additional functionality for Microsoft Windows devices—UAC supports the unified threat management (UTM) capabilitiessuch as IPsec VPN as an optional secure transport and singlefeatured in many Juniper Networks firewall platforms—includingsign-on (SSO) to Microsoft Active Directory. The UAC AgentIPS functionality, network-based antivirus, antispam, antiadware,extends its cross-platform support to include Apple Mac OSantiphishing, and Web filtering—dynamically leveraging andoperating system software, delivering wired and wireless Layerapplying these capabilities on a per role basis. UAC enforcement2 and Layer 3 authentication and endpoint integrity for Applepoints can be implemented in transparent mode, requiring noMacintosh users.rework of routing or policies, or changes to network infrastructure.UAC agent-less mode is designed for situations where softwaredownloads are not feasible, such as in guest access. UAC agentless mode provides the same functionality as the UAC Agent—UAC enforcement points can also be deployed in audit modeto determine policy compliance without enforcement, enablingorganizations and their users to ease into access control.collecting user and device credentials, assessing endpoint securitystate, and reporting gathered data to the IC6500 FIPS appliance.2

IC6500 FIPS Unified Access Control ApplianceData SheetFeatures and BenefitsWorldwide Government-Certified SecurityThe IC6500 FIPS UAC Appliance is a proven, commercial off-the-shelf (COTS) access control appliance that provides security via adedicated FIPS 140-2 Level 3 certified hardware security module (HSM), compliant with robust U.S. government security standardsalso recognized by other nations around the world.Table 1: Government-Certified SecurityFeatureFeature DescriptionBenefitFIPS 140-2 Level 3certified hardwaresecurity module(HSM) Handles all cryptographic processing as well as key andcertificate management. Complies with the latest best security practices and mandatesof the U.S. government. Recognized by CESG, the U.K. government’s National TechnicalAuthority for Information Assurance (IA), as meeting securitycriteria for use in data traffic categorized as “Private.” Relieves the appliance CPU of the rigors ofcryptographic processing, increasing overallappliance performance while simultaneouslydelivering a powerful layer of security. Enables government agencies worldwide todeploy comprehensive, secure, scalable networkaccess control.Tamper-evidentlabelsProvides a visual alert to and assurance of the appliance’s integrity.Helps to deter and alleviate physical securitybreaches.Identity-Aware SecurityUAC delivers identity-aware, granular network and application access control and security, ensuring that only the “right” people canaccess the network, vital applications, and sensitive data.Table 2: Identity-Aware SecurityFeatureFeature es user identity and role information to network andapplication usage. More effectively track and audit network andapplication access. Know who is accessing your network andapplications, when they are accessing them, andwhat they are accessing. Directly addresses regulatory compliance andauditing.Coordinated ThreatControlLeverages the robust features and capabilities of the IDP SeriesIntrusion Detection and Prevention Appliances to deliver broadLayer 2–7 visibility into application traffic, providing the ability toisolate a network threat to the user or device level and then—viaUAC and the IC6500 FIPS—employ a specific, configurable policyaction against the offending user or device. Addresses and mitigates network insider threatsquickly. Minimizes network and user downtime.Role-based,application-levelenforcement Leverages deep packet, application-level threat intelligence ofstandalone IDP Series appliances as enforcement points. Enables application-specific policy rules to be enforced basedon auser’s role. Policies can also be defined to control time of day andbandwidth restrictions per application or per role. First access control solution to support full Layer2 - 7 enforcement. Enables access control and security policies tobe applied to the application-level granularly,protecting your network, applications, and data Ensures that users adhere to application usagepolicies.Identity-enabledfirewalling The identity-aware capabilities of UAC are combined with therobust networking and security services of SRX Series ServicesGateways, employed as UAC enforcement points. Available on all SRX Series Services Gateways running Junos OS9.4 software.Drastically increases scale for data centerenvironments, allowing government agenciesand organizations to leverage enforcement in theworld’s most demanding and high-performancedata centers.EX SeriesEthernet Switchinteroperability The EX3200 Series and EX4200 Series Ethernet switchesinteroperate with and serve as enforcement points for UACusing standards-based 802.1X port-level access control andLayer 2-4 policy enforcement. When deployed with UAC, EX Series switches can enforce userbased QoS policies or mirror user traffic to a central location forlogging, monitoring, or threat detection. Delivers a complete, standards-based, best-inclass NAC solution. Allows government agencies and organizationsto enjoy value-added features and economies ofscale for support and service.3

IC6500 FIPS Unified Access Control ApplianceData SheetOpen and Standards-BasedOpen, standards-based UAC significantly reduces the time to configure and propagate policies across the enterprise, lowering TCOby saving administrative time and cost, ensuring comprehensive, uniform security and access control, and enabling quicker, simplerdeployments.Table 3: Open and Standards-BasedFeatureFeature DescriptionBenefitDynamicauthenticationpolicy Leverages existing investments in directories, PKI, and strongauthentication, establishing a dynamic authentication policy foreach user session. Supports 802.1X, RADIUS, LDAP, Microsoft Active Directory,RSA ACE/Server, Network Information Service (NIS), certificateservers (digital certificates/PKI), local login/password, NetegritySiteMinder (Computer Associates), RSA ClearTrust, Oblix(Oracle), and RADIUS Proxy.Saves time and expense by leveraging andinterfacing with existing AAA infrastructures.Industry standardsand best-inclass productsfoundation Leverages industry standards such as 802.1X, RADIUS, IPsec,and innovative open standards—such as the TCG’s TNCspecifications for network access control and security. Leverages the SA Series policy engine and AAA capabilities,RADIUS capabilities from SBR Enterprise Series servers, and802.1X capabilities from OAC. Delivers standards-based, vendor-agnosticaccess control and seamless support for existing,heterogeneous networking environments. Facilitates quick, simple, and flexible accesscontrol deployments. No forklift upgrades. Delivers investment protection, network futureproofing, and time and cost savings. Alleviates single vendor lock-in, enabling choice.Enterprise-Wide Access ControlWhen deployed with Juniper Networks SA Series SSL VPN Appliances, the IC6500 FIPS – and UAC – delivers enterprise-wide accesscontrol, saving time and cost by allowing user session data and policies to be shared for local and remote access.Table 4: Enterprise-Wide Access ControlFeatureFeature DescriptionBenefitFederation –IC Series –SA Series and ICSeries – IC Series Federation of user sessions between SA Series and IC Seriesappliances, including the IC6500 FIPS, enables seamless provisioningof SSL VPN user sessions into UAC upon login, or alternatively UAC usersessions into SSL VPN at login. Allows authorized and authenticated users to access resourcesprotected by another IC Series appliance without re-authentication,enabling “follow-me” policies. Leverages the TNC standard protocol Interface for Metadata AccessPoint(IF-MAP) to enable federation.Provides users—whether remote or local—with seamless access to corporate resourcesprotected by uniform access control policiesthrough a single login, offering a consistentuser access experience.Centralized policymanagement Available when IC6500 FIPS is deployed with Juniper NetworksNetwork and Security Manager (NSM) and SA Series appliances. Allows common configuration templates to be created and sharedbetweenSA Series appliances and IC6500 FIPS appliances via NSM. NSM also delivers a single management server that can administer andmanage key components of a UAC deployment, including the IC6500FIPS. Saves administration time and cost, andoffers a consistent user and administrativeexperience. Enables the simple enterprise-widedeployment of uniform access control.IF-MAP support Adopts and utilizes the TNC’s open standard IF-MAP. Enables integration with third-party network and security devices,including devices that collect information about the status of anetwork. Allows devices to report back to the IC6500 FIPS UAC Applianceserving as a MAP (Metadata Access Point) server, enabling thecollected data to be used in formulating policies and appropriateaccess actions. Empowers IC6500 FIPS appliances to serve as standalone MAPservers with separate IF-MAP licenses available; or as mixed IC SeriesUAC Appliances and MAP servers. Supports a MAP server running on a standalone IC6500 FIPSappliance or in active/passive cluster pairs. Leverages and integrates existing, thirdparty network and security devices aspart of the access control platform; anduses the data gathered by these devicesto facilitate the access control decisionprocess. Enhances visibility into the state of andactions on a network.4

IC6500 FIPS Unified Access Control ApplianceData SheetProven Endpoint ControlUAC delivers a cross-platform solution that intelligently quarantines and automatically remediates endpoint devices that do not meetpolicy prior to network access and during their network session, protecting your network, resources, and users.Table 5: Proven Endpoint ControlFeatureFeature ware/antimalwareprotection Provides industry-leading, dynamic spyware protection that,before authentication, scans the memory, registry, and loadpoints of endpoint devices for spyware and keyloggers. Includes automatic remediation for noncompliant devices.Spyware signatures automatically downloaded and updated. Works with all Windows-based UAC Agents, including MicrosoftWindows Vista, as well as in UAC’s agent-less mode. Ensures unmanaged and managed Windowsdevices are not running spyware or malwarebefore authentication. Quarantine or restrict device access throughUAC’s existing granular policy managementframework.Pre-defined patchassessment checks Device patch assessment checks available through OEMintegration of Shavlik Technologies’ Shavlik NetChk Protectpredefined patch assessment technologies, including endpointinspection for targeted operating system or application hot fixes. Policies are directly linked to the presence or absence of specifichot fixes for defined operating systems and applications,performing pre-defined patch management checks accordingto vulnerability severity level to enforce or deny access to certainroles. Installed Systems Management Server (SMS) is leveragedto automatically check for patch updates, quarantining,remediating, and providing authorized network access onceremediated. Provides enhanced, granular endpoint devicehealth and security state assessments. Minimizes user interaction, thereby reducing thepossibility of help desk calls.WindowsStatement ofHealth (SOH) andembedded NetworkAccess Protection(NAP) AgentsupportThrough the TNC’s SOH standard, organizations can leverage preinstalled Microsoft Windows Vista and XP (Service Pack 3) clientswith UAC for access control. Streamlines client deployment. Simplifies access control rollout andimplementation.Simple, Flexible Management and DeploymentWhile network access control can be complex to deploy, UAC simplifies access control management and deployment through itsadaptive flexibility, delivering faster ROI.Table 6: Simple, Flexible Management and DeploymentFeatureFeature DescriptionBenefitPhased accesscontrol Innovative design allows organizations to start controllingaccess virtually anywhere on their network. Audit mode enables organizations to track user and devicepolicy compliance without enforcing policies. Saves access control deployment time and cost. Enables users and administrators to becomefamiliar with policies and necessary complianceand allows organizations to phase in policycompliance enforcement.Enhanced guestaccess support Dynamically identifies guest users, assigns them roles, andgrants them appropriate, differentiated network access. Enables the creation of one-time use guest accounts on theIC6500 FIPS. Allows guest accounts to be provisioned with a pre-definedtimeout period. Gives administrators control over all guest access settings,including the maximum time duration a guest is allowed toaccess the network.Allows an organization or agency to provide secure,differentiated guest access to its network andresources.UAC Agentlocalization Provides fully localized UI, online help, installer, anddocumentation for the UAC Agent, supporting the followinglanguages:- Chinese (Simplified)- Chinese (Traditional)- French- German- Japanese- Korean- SpanishEnables organizations with users for whom Englishis not their native language to effectively deploy andemploy UAC across their distributed enterprise.5

IC6500 FIPS Unified Access Control ApplianceData SheetTable 6: Simple, Flexible Management and Deployment (continued)FeatureFeature DescriptionBenefitGranular auditingand logging Offers fine-grained auditing and logging capabilities, delivered ina clear, easy-to-understand format. Captures detailed logs by roles that users belong to, resourcesthat they try to access, and the state of compliance of theendpoint and user to the security policies of the network. Enhances the diagnosis and repair of networkissues that arise. Addresses industry and government regulatorycompliance and audits.Enhanced RADIUSservices Checklist Attribute Processing enables authentication requeststo be processed based on information in the RADIUS packetbefore a connection is authenticated. Also allows mapping to realms based on RADIUS requestattributes. Increases the accuracy and speed ofauthentication.Product OptionsThe IC6500 FIPS has several hardware and software options available:Table 7: IC6500 FIPS Product OptionsProduct OptionOption DescriptionMicrosoft SOH licensesAddresses the licensing of the System Health Agent (SHA)/System Health Verifiers (SHV) and SOHprotocols from Microsoft—key components that enable UAC to support the Microsoft Windows SOH andembedded NAP Agent through the TNC SOH open and standardized protocol, IF-TNCCS-SOH.IC Series UAC AppliancesDisaster Recovery licensesDisaster Recovery licenses address disaster situations without requiring a permanent purchase of userlicenses. The licenses enable periodic testing of disaster recovery deployment while still providing usagewhen needed. Also available for clusters.Coordinated Threat ControlLeverages additional access control and security capabilities through communications with JuniperNetworks IDP Series appliances for coordinated threat control.UAC MAP Server licensesLeveraging the TNC’s IF-MAP specification, the IC6500 FIPS appliance may operate solely as a MAP serverwith no additional simultaneous endpoint licenses or OAC-ADD-UAC licenses. In this mode, the IC6500FIPS appliance (or clustered IC6500 FIPS appliances) as a standalone MAP server must have an IF-MAPlicense installed. Mixed IC Series appliance and MAP server mode is defined as any IC6500 FIPS appliancethat simultaneously acts as both an IC Series appliance and as a MAP server, where either a simultaneousendpoint license or an OAC-ADD-UAC license has been installed. In this case, the IF-MAP license is notrequired on that IC6500 FIPS appliance (or IC6500 FIPS appliance cluster).Enhanced Endpoint Security(EES) subscription licensesUAC offers antispyware/antimalware functionality to ensure that unmanaged and managed MicrosoftWindows endpoint devices are not running spyware or other malware. Spyware contaminated devices maybe quarantined or have restricted end user access based on policy enforcement. EES scans an endpoint’smemory, registry and load points for spyware. A base UAC license includes a free EES user license for two(2) simultaneous users, allowing users to “try before they buy.” Subscription licenses for additional EESusers are available.Hot-swappable hard disk drivesDual, mirrored hot-swappable SATA hard drives.Hot-swappable power suppliesOptional dual, hot-swappable power supplies. (Second power supply optional; DC power suppliesavailable).Dual, hot-swappable fansDual, hot-swappable fans.6

IC6500 FIPS Unified Access Control ApplianceData SheetJuniper Networks Services and SupportJuniper Networks is the leader in performance-enabling servicesthat are designed to accelerate, extend, and optimize yourhigh-performance network. Our services allow you to maximizeoperational efficiency while reducing costs and minimizingrisk, achieving a faster time to value for your network. JuniperIC6500 FIPSNetworks ensures operational excellence by optimizing thenetwork to maintain required levels of performance, reliability,SpecificationsDimensions and Power Dimensions (W x H x D): 17.26 x 3.5 x 17.72 in(43.8 x 8.8 x 45 cm) Weight: 26.9 lb (12.2 kg) typical (unboxed) Rack Mountable: Yes, 2U, 19 in AC Power Supply: 100-240 VAC, 60-50 Hz, 2.5 A Max(6 – 2 A), 400 Wattsand availability. For more details, please visit www.juniper.net/us/en/products-services.Ordering InformationModel NumberDescriptionIC6500 FIPS Base SystemIC6500 FIPSIC6500 FIPS Base SystemEndpoint LicensesIC6500 -ADD-100EAdd 100 simultaneous endpoints toIC6500/IC6500 FIPSIC6500-ADD-250EAdd 250 simultaneous endpoints toIC6500/IC6500 FIPSIC6500-ADD-500EAdd 500 simultaneous endpoints toIC6500/IC6500 FIPSIC6500-ADD-1000EAdd 1,000 simultaneous endpoints toIC6500/IC6500 FIPS Power LED, HD Activity, HW Alert: YesIC6500-ADD-2000E PS Fail: Yes (audible alarm, blink on HW alert LED, powerLED)Add 2,000 simultaneous endpoints toIC6500/IC6500 FIPSIC6500-ADD-3000EAdd 3,000 simultaneous endpoints toIC6500/IC6500 FIPS HDD Activity and RAID Status LEDs: YesIC6500-ADD-5000EAdd 5,000 simultaneous endpoints toIC6500/IC6500 FIPSIC6500-ADD-10000EAdd 10,000 simultaneous endpoints toIC6500/IC6500 FIPSIC6500-ADD-15000EAdd 15,000 simultaneous endpoints toIC6500/IC6500 FIPSIC6500-ADD-20000EAdd 20,000 simultaneous endpoints toIC6500/IC6500 FIPSIC6500-ADD-25000EAdd 25,000 simultaneous endpoints toIC6500/IC6500 FIPSIC6500-ADD-30000EAdd 30,000 simultaneous endpoints toIC6500/IC6500 FIPS System Battery: CR2032 3V lithium coin cell Efficiency: 80% minimum, at full load Material: 18 gauge (.048 in) cold-rolled steel Fans: Two 80 mm hot swap, One 40 mm ball-bearing fan inpower supplyPanel DisplayPorts Traffic: Four-port 10/100/1000 copper interface card;four ports in total Fast Ethernet: IEEE 802.3u compliant Gigabit Ethernet: IEEE 802.3z or IEEE 802.3ab compliant Console: One RJ-45 serial console portEnvironment Operating Temp: 41 to 104 F (5 to 40 C) Storage Temp: -40 to 158 F (-40 to 70 C)Feature Licenses Relative Humidity (Operating): 8% to 90% noncondensingIC6500-OAC-ADD-UAC Relative Humidity (Storage): 5% to 95% noncondensing Altitude (Operating): 10,000 ft (3,048 m) maximum Altitude (Storage): 40,000 ft (12,192 m) maximumCertifications Safety Certifications: EN60950-1:2001 A11, UL609501:2003, CAN/CSA C22.2 No. 60950-1-03, IEC 60950-1:2001 Emissions Certifications: FCC Class A, EN 55022 Class A,EN 55024 Immunity, EN 61000-3-2, VCCI Class A Warranty: 90 days; Can be extended with support contractAdd UAC support to Odyssey AccessClients on IC6500/IC6500 FIPSClustering LicensesIC6500-CL-500EEnables clustering for up to 500simultaneous endpoints on IC6500/IC6500 FIPSIC6500-CLAdd clustering on IC6500/IC6500 FIPSCoordinated Threat Control LicensesIC6500-ADD-TCTRLAdd Coordinated Threat Control withIC6500/IC6500 FIPS and Juniper NetworksIDP SeriesDisaster Recovery LicensesIC6500-DRDisaster Recovery license forIC6500/IC6500 FIPSIC6500-DR-CLDisaster Recovery license forIC6500/IC6500 FIPS cluster7

IC6500 FIPS Unified Access Control ApplianceModel NumberData SheetAbout Juniper NetworksDescriptionMicrosoft SOH LicenseJuniper Networks is in the business of network innovation. FromIC6500-SOHdevices to data centers, from consumers to cloud providers,Microsoft SOH license for IC6500/IC6500FIPSIF-MAP LicensesJuniper Networks delivers the software, silicon and systems thattransform the experience and economics of networking. TheIC6500-IFMAPIF-MAP license for IC6500/IC6500 FIPScompany serves customers and partners worldwide. AdditionalIC6500-IFMAP-CLIF-MAP license for IC6500/IC6500 FIPSclusterinformation can be found at www.juniper.net.Enhanced Endpoint Security (EES) SubscriptionLicensesPlease refer to the Unified Access Control datasheet – at -en.pdf - fora complete list of Enhanced Endpoint Security (EES) SubscriptionLicenses.AccessoriesUNIV-80G-HDDField upgradeable secondary 80G hard diskfor IC6500 and IC6500 FIPSUNIV-MR2U-FANField upgradeable fan for IC6500 andIC6500 FIPSUNIV-PS-400W-AC400W AC power supply for IC6500 andIC6500 FIPSUNIV-PS-710W-DC710W DC power supply for IC6500 andIC6500 FIPSSA-ACC-RCKMT-KIT-2USA Series and IC Series rack mount kit - 2USA-ACC-PWR-AC-UKSA Series and IC Series AC power cord UKSA-ACC-PWR-AC-EURSA Series and IC Series AC power cord EURSA-ACC-PWR-AC-JPNSA Series and IC Series AC power cord JPNCorporate and Sales HeadquartersAPAC and EMEA HeadquartersJuniper Networks, Inc.Juniper Networks International B.V.1133 Innovation WayBoeing Avenue 240Sunnyvale, CA 94089 USA1119 PZ Schiphol-RijkPhone: 888.JUNIPER (888.586.4737)Amste

The IC6500 FIPS appliance uses this information to create dynamic policies that are propagated to UAC enforcement points across the distributed network. Network and application access control is managed by the IC6500 FIPS appliance before session login and throughout the user's network session. The IC6500 FIPS appliance enables easy setup and