The SSG range currently consists of two devices, the 520 and 550, with two and four WAN interfaces respectively. BiaB devices combine security functions such as firewall/VPN and IDS/IPS with a router, offering all-in-one functionality for corporate branches, with the promise too of central management from HQ.

The main competitor to the range is Cisco’s Integrated Services Router family, which also has firewall/VPN and IDS/IPS. However, when it comes to anti-X capabilities (anti-virus, anti-spam, content-filtering, etc.), in February this year Cisco added them not to the ISR, but to its Adaptive Security Appliance.

At Juniper, the same set of functionalities will be included in the SSG later this year when the ScreenOS operating system on which it runs moves from the current v5.1 to v5.4, said Anton Grashion, EMEA security strategist for Sunnyvale, California-based Juniper. Cisco says you need to take the ASA as well as the ISR for that level of security, he said, whereas Juniper will have a single-box offering to compete with them.

While firewall/VPN and IDS/IPS are in-house capabilities for Juniper from its acquisition of security-appliance vendor NetScreen in 2004, anti-X functionality will come from partners. SurfControl’s web-filtering technology will be integrated into ScreenOS for an in-the-box product, while if customers prefer to redirect traffic to a dedicated filtering appliance, both SurfControl and Websense technology will be supported.

Grashion said that for anti-spyware, anti-adware, and protection from key loggers, Juniper is using Russian developer Kaspersky Labs, with the options of running a wild list for protection from known threats in circulation, or an extended mode, which is more granular for greater protection, but with a corresponding slowdown in throughput. Anti-spam will be provided by Symantec’s Brightmail technology.

In terms of competitive positioning against the other main BiaB device in the market, Juniper describes Cisco’s ISR as first-generation technology in this space that is subject to a considerably larger performance hit when the basic security functions of firewall/VPN and IDS/IPS are turned on. On the 3845 [ISR], throughput drops from 1Gbps to around 45Mbps, with processor utilization reaching around 80%, whereas on the [SSG] 550, the drop is from 1Gbps to 350Mbps, while processor utilization goes up to only 45%, said Grashion.

Beyond the anti-X enhancements coming later this year, Richard Brandon, Juniper’s VP of worldwide field marketing, acknowledged that there would be more branch device consolidation to come. While he would not be drawn on details, he mentioned both voice and optimization/acceleration as potential apps for integration into the SSG.

On the optimization/acceleration side, Juniper has the technology in-house as a result of its acquisitions of both Peribit (L2/L4 WAN optimization with some L7 acceleration) and Redline (data center-based acceleration) last year. The WX series of devices from the Peribit business would be suitable candidates for integration into the SSG, and even though they run on a different operating system (WXOS, which is based on Wind River’s VXWorks), it would be a relatively simple port, according to Juniper sources.

As for VoIP, Grashion said Juniper will support any voice vendor whereas Cisco has a VoIP offering in its own right. That said, there may be an argument for tighter integration of the SSG with a voice offering from one of Cisco’s competitors in VoIP, with the most likely suspect being Avaya, which is already a very important partner, said Gert-Jan Schenk, Juniper’s VP of its operations in EMEA. The reason for this is obvious: not only do both face Cisco as a major competitor, but also there is no direct competition between Juniper and Avaya, whereas there would be with other VoIP players like Alcatel or Nortel.

Further out, and a potentially larger challenge, would be the application of the WX technology itself to the wireless and mobile device paradigm. Jef Graham, the former CEO of Peribit who ran the optimization/acceleration business for Juniper for a few months after the acquisition, told Computer Business Review last year that this would be part of the company’s longer-term plans. He has since left Juniper, but Hitesh Sheth, its VP of security products, said the idea is still directionally correct.

The challenge is that the WX technology is a symmetrical one. It requires a box at both ends of the WAN, and while that is no problem in fixed environments such as data centers and branch offices, it would mean the development of a client to sit on the mobile/wireless endpoint in order for Juniper to optimize and accelerate over-the-air transmissions, said Brandon. It will need smart compression, which means having decompression at the device in a lightweight client, he said.

Despite the potential obstacle represented by such miniaturization, the path is a logical one, not least because the enterprise customers that today represent about a third of Juniper’s $2bn annual revenue, and whose contribution it wants to grow as a percentage of the overall top line, are increasingly mobilizing key business apps in areas such as sales and field force automation. Furthermore, a number of companies from different sides of the networking industry such as content delivery, wireless and mobile infrastructure, and data connectivity, have begun to talk about the need to optimize data and/or content to the screen size, and adapt the processing and storage capabilities of the device to which they are being transmitted.