Juniper Networks SRX650 Services Gateway for the Branch
Uses Dynamic Services Architecture provided by Junos to scale integrated security and network capabilities
| Juniper Networks Products | ||
|---|---|---|
| SRX Series Services Gateways | ||
| SRX650 System (2 RU Height) with SRE 6, 645W AC POE PSU. - Includes 4 onboard 10/100/1000Base-T ports, 2GB DRAM, 2GB CF, 247W POE power, Fan Tray with Fans and Power Cord. - Includes Front+Mid-Mount Rackmount Kit, Console Cable, Getting Std & Hw Safety Guide |
#SRX650-BASE-SRE6-645AP List Price: $16,000.00 |
|
| SRX650 System (2 RU Height) with SRE 6, 645W DC POE PSU - Includes 4 onboard 10/100/1000Base-T ports, 2GB RAM, 2GB CF, 247W POE power, Fan Tray with Fans. - Includes Front+Mid-Mount Rackmount Kit, Console Cable, Getting Std & Hw Safety Guides. No power cord |
#SRX650-BASE-SRE6-645DP List Price: $17,200.00 |
|
More pricing below, click here
SRX650 Overview:
The SRX650 Services Gateway is a secure router that supports up to 7.0 Gbps firewall, 1.5 Gbps IPSec VPN, and 900 Mbps IPS. Additional security features include Unified Threat Management (UTM), which consists of: IPS, antispam, antivirus, and Web filtering. The SRX650 Services Gateway is ideally suited for securing regional distributed enterprise location and won Best of Interop in the Infrastructure category at the Las Vegas show in 2009.
Key Hardware Features:
- 4 fixed ports 10/100/1000 Ethernet LAN ports, 8 GPIM slots or multiple GPIM and XPIM combinations
- Support for T1, E1, Ethernet ports; supports up to 48 ports switching with optional PoE including 802.3at, PoE+, backwards compatible with 802.3af
- Content Security Accelerator hardware for faster performance of IPS and ExpressAV
- Full UTM1; antivirus1, antispam1, Web filtering1, intrusion prevention system1 (with high memory version)
- Unified Access Control and content filtering
- Modular Services and Routing Engine; future internal failover and hot-swap
- 2 GB DRAM default, 2 GB compact flash default, external compact flash slot for additional storage
- Optional redundant AC power; standard AC power supply that is PoE-ready; PoE power up to 250 watts redundant, or 500 watts non-redundant
Juniper Networks SRX Series Services Gateways for the branch are secure routers that provide essential capabilities that connect, secure, and manage workforce locations sized from handfuls to hundreds of users. By consolidating fast, highly available switching, routing, security, and applications capabilities in a single device, enterprises can economically deliver new services, safe connectivity, and a satisfying end user experience. All SRX Series Services Gateways, including products scaled for the branch, campus, and data center applications, are powered by Juniper Networks Junos OS—the proven operating system that provides unmatched consistency, better performance with services, and superior infrastructure protection at a lower total cost of ownership.
The Juniper Networks® SRX Series Services Gateways for the branch joins Juniper Networks SRX Series for the high end, EX Series Ethernet Switches, M Series Multiservice Edge Routers, MX Series 3D Universal Edge Routers, and T Series Core Routers. This provides a single Juniper Networks Junos® operating system-based portfolio of unprecedented scale. With Junos OS, enterprises and service providers can lower deployment and operational costs across their entire distributed workforce.
- SRX Series for the branch runs Junos OS, the proven operating system that is used
by core Internet routers in all of the top 100 service providers around the world. The
rigorously tested carrier-class routing features of IPv4/IPv6, OSPF, BGP, and multicast
have been proven in over 15 years of worldwide deployments.
- SRX Series Services Gateways for the branch provide perimeter security, content
security, access control, and network-wide threat visibility and control. By using zones
and policies, even new network administrators can configure and deploy an SRX Series
gateway for the branch quickly and securely. In addition, the SRX Series now includes
wizards for firewall, IPsec VPN, NAT, and initial setup to help get your SRX Series
gateway configured, secure, and running right out of the box.
- Policy-based VPNs support more complex security architectures that require dynamic
addressing and split tunneling. For content security, SRX Series for the branch offers a
complete suite of Unified Threat Management (UTM) services consisting of: intrusion
prevention system (IPS), antivirus, antispam, Web filtering, and data loss prevention via
content filtering to protect your network from the latest content-borne threats. Select
models feature Content Security Accelerator for high-performance IPS and antivirus
performance. The branch SRX Series integrates with other Juniper security products to
deliver enterprise-wide unified access control (UAC) and adaptive threat management.
These capabilities give security professionals powerful tools in the fight against
cybercrime and data loss.
- SRX Series for the branch are secure routers that bring high performance and proven deployment capabilities to enterprises that need to build a worldwide network of thousands of sites. The wide variety of options allows configuration of performance, functionality, and price scaled to support from a handful to thousands of users. Ethernet, serial, T1/E1, DS3/E3, xDSL, DOCSIS3, Wi-Fi, and 3G/4G wireless are all available options for WAN or Internet connectivity to securely link your sites. Multiple form factors allow you to make cost-effective choices for mission-critical deployments. Managing the network is easy using the proven Junos OS command-line interface (CLI), Space, scripting capabilities, a simple-to-use Web-based GUI, or NSM.
1. Unified Threat Management—antivirus, antispam, Web filtering, and IPS require a subscription license and the high memory system option to use the feature. UTM is not supported on the low memory version. Please see the ordering section for options. Content Filtering and UAC are part of the base software with no additional license.
Features & Benefits:
Secure Routing
Should you use a router and a firewall to secure your network? By building the branch SRX Series with best-in-class routing and firewall capabilities in one product, enterprises don’t have to make that choice. Why forward traffic if it’s not legitimate?
SRX Series for the branch checks the traffic to see if it is legitimate, and only forwards it on when it is. This reduces the load on the network, allocates bandwidth for all other mission-critical applications, and secures the network from hacking.
The main purpose of a secure router is to provide firewall protection and apply policies. The firewall (zone) functionality inspects traffic flows and state to ensure that originating and returning information in a session is expected and permitted for a particular zone. The security policy determines if the session can originate in one zone and traverse to another zone. This architectural choice receives packets from a wide variety of clients and servers and keeps track of every session, of every application, and of every user. It allows the enterprise to make sure that only legitimate traffic is on its network and that traffic is flowing in the expected direction.
To ease the configuration of a firewall, SRX Series for the branch uses two features—“zones” and “policies.” While these can be user-defined, the default shipping configuration contains, at a minimum, a trust and untrust zone. The trust zone is used for configuration and attaching the internal LAN to the branch SRX Series. The untrust zone is used for the WAN or untrusted Internet interface. To simplify installation and make configuration easier, a default policy is in place that allows traffic originating from the trust zone to flow to the untrust zone. This policy blocks all traffic originating from the untrust zone to the trust zone. A traditional router forwards all traffic without regard to a firewall (session awareness) or policy (origination and destination of a session).
By using the Web interface or CLI, enterprises can create a series of security policies that will control the traffic from within and in between zones by defining policies. At the broadest level, all types of traffic can be allowed from any source in security zones to any destination in all other zones without any scheduling restrictions. At the narrowest level, policies can be created that allow only one kind of traffic between a specified host in one zone and another specified host in another zone during a scheduled time period.
High Availability
High Availability
Junos OS Services Redundancy Protocol (JSRP) is a core feature of the SRX Series for the branch. JSRP enables a pair of SRX Series systems to be easily integrated into a high availability network architecture, with redundant physical connections between the systems and the adjacent network switches. With link redundancy, Juniper Networks can address many common causes of system failures, such as a physical port going bad or a cable getting disconnected, to ensure that a connection is available without having to fail over the entire system. This is consistent with a typical active/standby nature of routing resiliency protocols.
When SRX Series Services Gateways for the branch are configured as an active/active HA pair, traffic and configuration will be mirrored automatically to provide active firewall and VPN session maintenance in case of a failure. The branch SRX Series will now synchronize both configuration and runtime information. As a result, during failover, synchronization of the following information is shared: connection/session state and flow information, IPsec security associations, Network Address Translation (NAT) traffic,
address book information, configuration changes, and more. In contrast to the typical router active/standby resiliency protocols such as Virtual Router Redundancy Protocol (VRRP), all dynamic flow and session information is lost and must be reestablished in the event of a failover. Some or all network sessions will have to restart depending on the convergence time of the links or nodes. By maintaining state, not only is the session preserved, but security is intact. In an unstable network, this active/active configuration also mitigates link flapping affecting session performance.
Session-Based Forwarding Without the Performance Hit
In order to optimize the throughput and latency of the combined router and firewall, Junos OS implements session-based forwarding, an innovation that combines the session state information of a traditional firewall and the next-hop forwarding of a classic router into a single operation. With Junos OS, a session that is permitted by the forwarding policy is added to the forwarding table along with a pointer to the next-hop route. Established sessions have a single table lookup to verify that the session has been permitted and to find the next hop. This efficient algorithm improves throughput and lowers latency for session traffic when compared with a classic router that performs multiple table lookups to verify session information and then to find a next-hop route.
Session-based forwarding algorithm shows the session-based forwarding algorithm. When a new session is established, the session-based architecture within Junos OS verifies that the session is allowed by the forwarding policies. If the session is allowed, Junos OS will look up the nexthop route in the routing table. It then inserts the session and the next-hop route into the session and forwarding table and forwards the packet. Subsequent packets for the established session require a single table lookup in the session and forwarding table, and are forwarded to the egress interface.
Session-based forwarding algorithm
Network Deployments:
The SRX Series Services Gateways for the branch are deployed at remote and branch locations in the network to provide all-in-one secure WAN connectivity, IP telephony, and connection to local PCs and servers via integrated Ethernet switching.
Distributed Enterprise Deloyments
Technical Specifications:
Front View
Rear View
| Model: | SRX100 | SRX210 | SRX220 | SRX240 | SRX650 |
|---|---|---|---|---|---|
 |
 |
 |
 |
 |
|
| Maximum Layer 3 Performance and Capacity | |||||
| Junos OS version tested | Junos OS 10.4 | Junos OS 10.4 | Junos OS 10.4 | Junos OS 10.4 | Junos OS 10.4 |
| Firewall performance (large packets) | 700 Mbps | 750 Mbps | 950 Mbps | 1.5 Gbps | 7 Gbps |
| Firewall performance (IMIX) | 200 Mbps | 250 Mbps | 300 Mbps | 500 Mbps | 2.5 Gbps |
| Firewall + routing PPS (64 Byte) | 70 Kpps | 70 Kpps | 125 Kpps | 200 Kpps | 850 Kpps |
| AES256+SHA-1/3DES+SHA-1 VPN performance |
65 Mbps | 65 Mbps | 100 Mbps | 300 Mbps | 1.5 Gbps |
| IPsec VPN Tunnels | 128 | 256 | 512 | 1,000 | 3,000 |
| IPS (intrusion prevention system) | 60 Mbps | 60 Mbps | 100 Mbps | 230 Mbps | 1 Gbps |
| Antivirus | 25 Mbps | 30 Mbps | 34 Mbps | 85 Mbps | 350 Mbps |
| Connections per second | 1,800 | 1,800 | 2,800 | 9,000 | 35,000 |
| Maximum concurrent sessions DRAM options |
16 K/32 K7 512 MB2/1 GB DRAM |
32 K/64 K7 512 MB/1 GB DRAM |
96 K 1 GB DRAM |
64 K/128 K7 512 MB/1 GB DRAM |
512 K8 2 GB DRAM |
| Maximum security policies | 384 | 512 | 2,048 | 4,096 | 8,192 |
| Maximum users supported | Unrestricted | Unrestricted | Unrestricted | Unrestricted | Unrestricted |
| Network Connectivity | SRX100 | SRX210 | SRX220 | SRX240 | SRX650 |
| Fixed I/O | 8 x 10/100 | 2 x 10/100/1000BASE-T + 6 x 10/100 |
8 x 10/100/1000BASE-T |
16 x 10/100/1000BASE-T |
4 x 10/100/1000BASE-T |
| I/O slots | N/A | 1 x SRX Series Mini-PIM | 2 x SRX Series Mini-PIM | 4 x SRX Series Mini-PIM | 8 x GPIM or multiple GPIM and XPIM combinations |
| Services and Routing Engine slots | No | No | No | No | 29 |
| ExpressCard slot (3G WAN) | No | Yes | No | No | No |
| WAN/LAN interface options | N/A | See ordering information | See ordering information | See ordering information | See ordering information |
| Optional maximum number of PoE ports | N/A | Up to 4 ports of 802.3af with maximum 50 W | Up to 8 ports of 802.3af/at with maximum 120 W | Up to 16 ports of 802.3af/at with maximum 150 W | Up to 48 ports of 802.3af/at with maximum 247 W |
| USB | 1 | 2 | 2 | 2 | 2 per SRE |
| Flash/Memory | SRX100 | SRX210 | SRX220 | SRX240 | SRX650 |
| Memory min and max(DRAM) | 512 MB (Accessible), 1 GB2 | 512 MB, 1 GB | 1 GB | 512 MB, 1 GB | 2 GB |
| Memory slots | Fixed memory | Fixed memory | Fixed memory | Fixed memory | 4 DIMM |
| Flash memory | 1 GB | 1 GB | 1 GB | 1 GB | 2 GB CF internal on SRE, External slot empty, up to 2 GB CF supported |
| USB port for external storage | Yes | Yes | Yes | Yes | Yes |
| Dimensions | SRX100 | SRX210 | SRX220 | SRX240 | SRX650 |
| Dimensions (W x H x D) | 8.5 x 1.4 x 5.8 in (21.6 x 3.6 x 14.7 cm) |
11.02 x 1.73 x 7.12 in (28.0 x 4.4 x 18.1 cm) |
14.31 x 1.73 x 7.11 in (36.3 x 4.4 x 18.1 cm) |
17.5 x 1.75 x 15.1 in (44.4 x 4.4 x 38.5 cm) |
17.5 x 3.5 x 18.2 in (44.4 x 8.8 x 46.2 cm) |
| Weight (device and power supply) | 2.5 lb (1.1 kg) | 3.3 lb (1.5 kg) non-PoE / 4.4 lb (2 kg) PoE No interface modules | 3.43 lb (1.56 kg) non-PoE No interface modules | 11.2 lb (5.1 kg) non-PoE / 12.3 lb (5.6 kg) PoE No interface modules | 24.9 lb (11.3 kg) No interface modules 1 power supply |
| Rack mountable | Yes, 1 RU | Yes, 1 RU | Yes, 1 RU | Yes, 1 RU | Yes, 2 RU |
| Power | SRX100 | SRX210 | SRX220 | SRX240 | SRX650 |
| Power supply (AC) | 100-240 VAC, 30 W | 100–240 VAC, 60 W Non-PoE/ 150 W PoE | 100–240 VAC, 60 W Non-PoE/ 200 W PoE | 100–240 VAC, 150 W Non- PoE/ 350 W PoE | 100–240 VAC, single 645 W or dual 645 W |
| Maximum PoE power | N/A | 50 W | 120 W | 150 W | 247 W redundant, or 494 W nonredundant |
| Average power consumption | 10 W | 27 W (LM), 28 W (HM), 84 W (PoE) | 28 W (LM) | 61 W (LM), 65 W (HM), 179 W (PoE) | 122 W |
| Input frequency | 50-60 Hz | 50-60 Hz | 50-60 Hz | 50-60 Hz | 50-60 Hz |
| Maximum current consumption | 0.25 A @ 100 VAC | 0.41 A @ 100 VAC (LM), 0.44 A @ 100 VAC (HM), 1.13 A @ 100 VAC (PoE) | 0.44 A @ 100 VAC (HM) | 1.0 A @ 100 VAC (LM), 1.1 A @ 100 VAC (HM), 3.0 A @ 100 VAC (PoE) | 5.3 A @ 100 VAC with single PSU with PoE, 8.3 A @ 100 VAC with dual PSU with PoE |
| Maximum inrush current | 60 A | 80 A for LM/HM, 60 A for PoE | 80 A for HM | 40 A for LM/HM, 45 A for PoE | 45 A for ½ cycle |
| Average heat dissipation | 35 BTU/hr | 92 BTU/hr (SRX210B), 95 BTU/hr (SRX210H), 116 BTU/hr (SRX210H-PoE) | 126 BTU/hour (SRX220H) | 208 BTU/Hr (SRX240B), 222 BTU/Hr (SRX240H), 249 BTU/Hr (SRX240H-PoE) | 319 BTU/Hr |
| Maximum heat dissipation | 80 BTU/hr | 120 BTU/hr (SRX210B), 126 BTU/hr (SRX210H), 157 BTU/hr (SRX210H-PoE) | 126 BTU/hour (SRX220H) | 344 BTU/Hr (SRX240B), 369 BTU/Hr (SRX240H), 413 BTU/Hr (SRX240H-PoE) | 699 BTU/Hr |
| Redundant power supply (hot swappable) | No | No | No | No | Yes (up to maximum capacity of single PSU) |
| Acoustic noise level (Per ISO 7779 Standard) |
0 dB (fanless) | 29.1 dB | 51.1 dB | 54.1 dB | 60.9 dB |
| Environment | SRX100 | SRX210 | SRX220 | SRX240 | SRX650 |
| Operational temperature | 32° to 104° F (0° to 40° C) |
32° to 104° F (0° to 40° C) |
32° to 104° F (0° to 40° C) |
32° to 104° F (0° to 40° C) |
32° to 104° F (0° to 40° C) |
| Nonoperational temperature | 4° to 158° F, (-20° to 70° C) |
4° to 158° F, (-20° to 70° C) |
4° to 158° F, (-20° to 70° C) |
4° to 158° F, (-20° to 70° C) |
4° to 158° F, (-20° to 70° C) |
| Humidity | 10% to 90% noncondensing | 10% to 90% noncondensing | 10% to 90% noncondensing | 10% to 90% noncondensing | 10% to 90% noncondensing |
| Mean time between failures (Telcordia model) |
24.8 years
(SRX100B) 24.8 years (SRX100H) |
15.2 years (SRX210B) 14.3 years (SRX210H) 10.4 years (SRX210H-PoE) |
14.3 years
(SRX220H) 10.4 years (SRX220H-PoE) |
15.2 years
(SRX240B) 14.3 years (SRX240H) 10.4 years (SRX240H-PoE) |
9.6 years with redundant power |
Additional Specification Features:
Protocols
Routing and Multicast
IP Address Management
Encapsulations
Traffic Management
Security
VPN
|
Voice Transport
IPv65
Wireless
SLA and Measurement
Logging and Monitoring
Administration
Certifications
|
1. Unified Threat Management—antivirus, antispam, Web filtering, and IPS require a subscription license and the high memory system option to use the feature. UTM is not supported on the low memory version. Please see the ordering section for options. Content Filtering and UAC are part of the base software with no additional license.
2. SRX100B installed with 1 GB DRAM, with 512 MB accessible. Optional upgrade to 1 GB DRAM is available with purchase of memory software license key.
3. BGP Route Reflector supported on SRX650. See ordering section for more information.
4. Multicast features in SRX240 and SRX650 are supported as of the 9.6 release.
5. Supported in 9.5 in packet mode without services.
6. SRX100 and SRX220 supports AX411 in 1H 2011.
7. When UTM is enabled capacities supported are low memory specifications, on high memory system options.
8. When UTM is enabled concurrent sessions supported is 50% 0f value shown.
9. SRX650 supports a single Services and Routing Engine (SRE).
10. SRX210H-POE is Class A.
Additional Features and Comparison:
| Model: | SRX100 | SRX210 | SRX220 | SRX240 | SRX650 |
|---|---|---|---|---|---|
|
|
|
|
|
|
| Routing | |||||
| BGP instances | 5 | 10 | 16 | 20 | 64 |
| BGP peers | 8 | 16 | 16 | 32 | 256 |
| BGP routes | 4 K/8 K | 8 K/16 K | 32 K | 32 K/64 K | 800 K |
| OSPF instances | 4 | 10 | 16 | 20 | 64 |
| OSPF routes | 4 K/8 K | 8 K/16 K | 32 K | 32 K/64 K | 800 K |
| RIP v1 / v2 instances | 4 | 10 | 16 | 20 | 64 |
| RIP v2 routes | 4 K/8 K | 8 K/16 K | 32 K | 32 K/64 K | 800 K |
| Source-based routing | 4 K/8 K | 8 K/16 K | 32 K | 32 K/64 K | 800 K |
| Policy-based routing | Yes | Yes | Yes | Yes | Yes |
| Equal-cost multipath (ECMP) | Yes | Yes | Yes | Yes | Yes |
| Reverse path forwarding (RPF) | Yes | Yes | Yes | Yes | Yes |
| RIP v1 / v2 instances | Yes | Yes | Yes | Yes | Yes |
| MPLS5 | SRX100 | SRX210 | SRX220 | SRX240 | SRX650 |
| Layer 2 VPN (VPLS) | Yes | Yes | Yes | Yes | Yes |
| Layer 3 VPN | Yes | Yes | Yes | Yes | Yes |
| LDP | Yes | Yes | Yes | Yes | Yes |
| RSVP | Yes | Yes | Yes | Yes | Yes |
| Circuit Cross-connect (CCC) | Yes | Yes | Yes | Yes | Yes |
| Translational Cross-connect (TCC) | Yes | Yes | Yes | Yes | Yes |
| Multicast4 | SRX100 | SRX210 | SRX220 | SRX240 | SRX650 |
| IGMP (v1, v2, v3) | Yes | Yes | Yes | Yes | Yes |
| PIM sparse mode (SM) | Yes | Yes | Yes | Yes | Yes |
| PIM dense mode (DM) | Yes | Yes | Yes | Yes | Yes |
| PIM source-specific multicast (SSM) | Yes | Yes | Yes | Yes | Yes |
| Multicast inside IPsec tunnel | Yes | Yes | Yes | Yes | Yes |
| IPsec VPN | SRX100 | SRX210 | SRX220 | SRX240 | SRX650 |
| Concurrent VPN tunnels | 128 | 256 | 512 | 1,000 | 3,000 |
| Tunnel interfaces | 10 | 64 | 64 | 125 | 512 |
| DES (56-bit), 3DES (168-bit) and AES (256-bit) |
Yes | Yes | Yes | Yes | Yes |
| MD-5 and SHA-1 authentication | Yes | Yes | Yes | Yes | Yes |
| Manual key, IKE, PKI (X.509) |
Yes | Yes | Yes | Yes | Yes |
| Perfect forward secrecy (DH Groups) | 1, 2, 5 | 1, 2, 5 | 1, 2, 5 | 1, 2, 5 | 1, 2, 5 |
| Prevent replay attack | Yes | Yes | Yes | Yes | Yes |
| Dynamic remote access VPN | Yes | Yes | Yes | Yes | Yes |
| IPsec NAT traversal | Yes | Yes | Yes | Yes | Yes |
| Redundant VPN gateways | Yes | Yes | Yes | Yes | Yes |
| User Authentication and Access Control | |||||
| Third-party user authentication | RADIUS, RSA SecureID, LDAP | RADIUS, RSA SecureID, LDAP | RADIUS, RSA SecureID, LDAP | RADIUS, RSA SecureID, LDAP | RADIUS, RSA SecureID, LDAP |
| RADIUS accounting | Yes | Yes | Yes | Yes | Yes |
| XAUTH VPN, Web-based, 802.X authentication |
Yes | Yes | Yes | Yes | Yes |
| PKI certificate requests (PKCS 7 and PKCS 10) |
Yes | Yes | Yes | Yes | Yes |
| Certificate Authorities supported | VeriSign, Entrust, Microsoft, RSA Keon, iPLanet, (Netscape), Baltimore, DoD PKI | VeriSign, Entrust, Microsoft, RSA Keon, iPLanet, (Netscape), Baltimore, DoD PKI | VeriSign, Entrust, Microsoft, RSA Keon, iPLanet, (Netscape), Baltimore, DoD PKI | VeriSign, Entrust, Microsoft, RSA Keon, iPLanet, (Netscape), Baltimore, DoD PKI | VeriSign, Entrust, Microsoft, RSA Keon, iPLanet, (Netscape), Baltimore, DoD PKI |
| Virtualization | SRX100 | SRX210 | SRX220 | SRX240 | SRX650 |
| Maximum number of security zones | 10 | 12 | 24 | 32 | 128 |
| Maximum number of virtual routers | 3 | 10 | 15 | 20 | 60 |
| Maximum number of VLANs | 16 | 64 | 128 | 512 | 4,096 |
| Encapsulations | SRX100 | SRX210 | SRX220 | SRX240 | SRX650 |
| PPP/MLPPP | N/A | Yes | Yes | Yes | Yes |
| MLPPP maximum physical interfaces | N/A | 1 | 2 | 4 | 12 |
| Frame Relay | N/A | Yes | Yes | Yes | Yes |
| MLFR (FRF .15, FRF .16) | N/A | Yes | Yes | Yes | Yes |
| MLFR maximum physical interfaces | N/A | 1 | 2 | 4 | 12 |
| HDLC | N/A | Yes | Yes | Yes | Yes |
| Address Translation | SRX100 | SRX210 | SRX220 | SRX240 | SRX650 |
| Source NAT with Port Address Translation (PAT) |
Yes | Yes | Yes | Yes | Yes |
| Static NAT | Yes | Yes | Yes | Yes | Yes |
| Destination NAT with PAT | Yes | Yes | Yes | Yes | Yes |
| IP Address Assignment | SRX100 | SRX210 | SRX220 | SRX240 | SRX650 |
| Static | Yes | Yes | Yes | Yes | Yes |
| DHCP, PPPoE client | Yes | Yes | Yes | Yes | Yes |
| Internal DHCP servers (PPP) | Yes | Yes | Yes | Yes | Yes |
| DHCP relay | Yes | Yes | Yes | Yes | Yes |
| L2 Switching | SRX100 | SRX210 | SRX220 | SRX240 | SRX650 |
| VLAN 802.1Q | Yes | Yes | Yes | Yes | Yes |
| Link Aggregation 802.3ad/LACP | Yes | Yes | Yes | Yes | Yes |
| Jumbo Frame (9216 Byte) | No | Yes | Yes | Yes | Yes |
| Spanning Tree Protocol (STP) 802.1D, RSTP 802.1w, MSTP 802.1s |
Yes | Yes | Yes | Yes | Yes |
| Authentication 802.1x Port-based and multiple supplicant |
Yes | Yes | Yes | Yes | Yes |
| Traffic Management Quality of Service (QoS) | |||||
| Guaranteed bandwidth | Yes | Yes | Yes | Yes | Yes |
| Maximum bandwidth | Yes | Yes | Yes | Yes | Yes |
| Ingress traffic policing | Yes | Yes | Yes | Yes | Yes |
| Priority-bandwidth utilization | Yes | Yes | Yes | Yes | Yes |
| DiffServ marking | Yes | Yes | Yes | Yes | Yes |
| High Availability | SRX100 | SRX210 | SRX220 | SRX240 | SRX650 |
| Active/active—L3 mode | Yes | Yes | Yes | Yes9 | Yes3 |
| Active/passive—L3 mode | Yes | Yes | Yes | Yes9 | Yes3 |
| Configuration synchronization | Yes | Yes | Yes | Yes9 | Yes3 |
| VRRP | Yes | Yes | Yes | Yes | Yes |
| Session synchronization for firewall and VPN | Yes | Yes | Yes | Yes9 | Yes3 |
| Session failover for routing change | Yes | Yes | Yes | Yes9 | Yes3 |
| Device failure detection | Yes | Yes | Yes | Yes9 | Yes3 |
| Link failure detection | Yes | Yes | Yes | Yes9 | Yes3 |
| Firewall | SRX100 | SRX210 | SRX220 | SRX240 | SRX650 |
| Network attack detection | Yes | Yes | Yes | Yes | Yes |
| DoS and DDos protection | Yes | Yes | Yes | Yes | Yes |
| TCP reassembly for fragmented packet protection |
Yes | Yes | Yes | Yes | Yes |
| Brute force attack mitigation | Yes | Yes | Yes | Yes | Yes |
| SYN cookie protection | Yes | Yes | Yes | Yes | Yes |
| Zone-based IP spoofing | Yes | Yes | Yes | Yes | Yes |
| Malformed packet protection | Yes | Yes | Yes | Yes | Yes |
| Unified Threat Management1 | SRX100 | SRX210 | SRX220 | SRX240 | SRX650 |
| Intrusion Prevention System (IPS) | Yes10 | Yes | Yes | Yes | Yes |
| Protocol anomaly detection | Yes10 | Yes | Yes | Yes | Yes |
| Stateful protocol signatures | Yes10 | Yes | Yes | Yes | Yes |
| Intrusion prevention system (IPS) attack pattern obfuscation | Yes10 | Yes | Yes | Yes | Yes |
| Customer signatures creation | Yes10 | Yes | Yes | Yes | Yes |
| Frequency of updates | Daily and emergency10 | Daily and emergency | Daily and emergency | Daily and emergency | Daily and emergency |
| Antivirus | SRX100 | SRX210 | SRX220 | SRX240 | SRX650 |
| Express AV (packet-based AV) | No | Yes | Yes | Yes | Yes |
| File-based antivirus | Yes | Yes | Yes | Yes | Yes |
| Signature database | Yes | Yes | Yes | Yes | Yes |
| Protocols scanned | POP3, HTTP, SMTP, IMAP, FTP | POP3, HTTP, SMTP, IMAP, FTP | POP3, HTTP, SMTP, IMAP, FTP | POP3, HTTP, SMTP, IMAP, FTP | POP3, HTTP, SMTP, IMAP, FTP |
| Antispyware | Yes | Yes | Yes | Yes | Yes |
| Anti-adware | Yes | Yes | Yes | Yes | Yes |
| Antikeylogger | Yes | Yes | Yes | Yes | Yes |
| Antispam | Yes | Yes | Yes | Yes | Yes |
| Integrated Web filtering | Yes | Yes | Yes | Yes | Yes |
| Redirect Web filtering | Yes | Yes | Yes | Yes | Yes |
| Content filtering | Yes | Yes | Yes | Yes | Yes |
| Based on MIME type, file extension, and protocol commands | Yes | Yes | Yes | Yes | Yes |
| System Management | SRX100 | SRX210 | SRX220 | SRX240 | SRX650 |
| Web UI | Yes | Yes | Yes | Yes | Yes |
| Command-line interface | Yes | Yes | Yes | Yes | Yes |
| Network and Security Manager (NSM) | Yes | Yes | Yes | Yes | Yes |
| STRM Series | Yes | Yes | Yes | Yes | Yes |
| Wireless | SRX100 | SRX210 | SRX220 | SRX240 | SRX650 |
| CX111 3G Bridge support | Yes | Yes | Yes | Yes | Yes |
| Internal 3G ExpressCard slot support | No | Yes | Yes | No | Yes |
| Max WLAN access points supported | 4 | 4 | 4 | 4 | 4 |
| Certifications | SRX100 | SRX210 | SRX220 | SRX240 | SRX650 |
| USA | |||||
| Safety certifications | UL 60950-1 | UL 60950-1 | UL 60950-1 | UL 60950-1 | UL 60950-1 |
| EMC certifications | FCC Class B | FCC Class B10 | FCC Class A | FCC Class A | FCC Class A |
| Network homologation | TIA-968 | TIA-968 | TIA-968 | TIA-968 | TIA-966 |
| Canada | |||||
| Safety certifications | CSA 60950-1 | CSA 60950-1 | CSA 60950-1 | CSA 60950-1 | CSA 60950-1 |
| EMC certifications | ICES class B | ICES Class B10 | ICES Class A | ICES Class A | ICES Class A |
| Network homologation | CS-03 | CS-03 | CS-03 | CS-03 | CS-03 |
| European Union | |||||
| Safety certifications | EN 60950-1 | EN 60950-1 | EN 60950-1 | EN 60950-1 | EN 60950-1 |
| EMC certifications | EN 55022 Class B, EN 300 386 | EN 55022 Class B10, EN 300 386 | EN 55022 Class A, EN 300 386 | EN 55022 Class A, EN 300 386 | EN 55022 Class A, EN 300 386 |
| Network homologation | CTR 12/13, CTR 21, DoC | CTR 12/13, CTR 21, DoC | CTR 12/13, CTR 21, DoC | CTR 12/13, CTR 21, DoC | CTR 12/13, DoC |
| Japan | |||||
| Safety certifications | CB Scheme | CB Scheme | CB Scheme | CB Scheme | CB Scheme |
| EMC certifications | VCCI Class B | VCCI Class B10 | VCCI Class A | VCCI Class A | VCCI Class A |
| Network homologation | Certificate for Technical Conditions | Certificate for Technical Conditions | Certificate for Technical Conditions | Certificate for Technical Conditions | Certificate for Technical Conditions |
| Australia | |||||
| Safety certifications | AS/NZS 60950-1 | AS/NZS 60950-1 | AS/NZS 60950-1 | AS/NZS 60950-1 | AS/NZS 60950-1 |
| EMC certifications | AS/NZS CISPR22 Class B | AS/NZS CISPR22 Class B10 | AS/NZS CISPR22 Class A | AS/NZS CISPR22 Class A | AS/NZS CISPR22 Class A |
| Network homologation | AS/ACIF S 002, S 016, S 043.1, S043.2 | AS/ACIF S 002, S 016, S 043.1, S043.2 | AS/ACIF S 002, S 016, S 043.1, S043.2 | AS/ACIF S 002, S 016, S 043.1, S043.2 | AS/ACIF S 016 |
| New Zealand | |||||
| Safety certifications | AS/NZS 60950-1 | AS/NZS 60950-1 | AS/NZS 60950-1 | AS/NZS 60950-1 | AS/NZS 60950-1 |
| EMC certifications | AS/NZS CISPR22 Class B | AS/NZS CISPR22 Class B10 | AS/NZS CISPR22 Class A | AS/NZS CISPR22 Class A | AS/NZS CISPR22 Class A |
| Network homologation | PTC 217, PTC 273 | PTC 217, PTC 273 | PTC 217, PTC 273 | PTC 217, PTC 273 | PTC 217 |
1. Unified Threat Management—antivirus, antispam, Web filtering, and IPS require a subscription license and the high memory system option to use the feature. UTM is not supported on the low memory version. Please see the ordering section for options. Content Filtering and UAC are part of the base software with no additional license.
2. SRX100B installed with 1 GB DRAM, with 512 MB accessible. Optional upgrade to 1 GB DRAM is available with purchase of memory software license key.
3. BGP Route Reflector supported on SRX650. See ordering section for more information.
4. Multicast features in SRX240 and SRX650 are supported as of the 9.6 release.
5. Supported in 9.5 in packet mode without services.
6. SRX100 and SRX220 supports AX411 in 1H 2011.
7. When UTM is enabled capacities supported are low memory specifications, on high memory system options.
8. When UTM is enabled concurrent sessions supported is 50% 0f value shown.
9. SRX650 supports a single Services and Routing Engine (SRE).
10. SRX210H-POE is Class A.
Documentation:
Download the Juniper Networks SRX Series Services Gateways for the Branch Datasheet (PDF).
| Juniper Networks Products | ||
|---|---|---|
| SRX Series Services Gateways | ||
| SRX650 System (2 RU Height) with SRE 6, 645W AC POE PSU. - Includes 4 onboard 10/100/1000Base-T ports, 2GB DRAM, 2GB CF, 247W POE power, Fan Tray with Fans and Power Cord. - Includes Front+Mid-Mount Rackmount Kit, Console Cable, Getting Std & Hw Safety Guide |
#SRX650-BASE-SRE6-645AP List Price: $16,000.00 |
|
| SRX650 System (2 RU Height) with SRE 6, 645W DC POE PSU - Includes 4 onboard 10/100/1000Base-T ports, 2GB RAM, 2GB CF, 247W POE power, Fan Tray with Fans. - Includes Front+Mid-Mount Rackmount Kit, Console Cable, Getting Std & Hw Safety Guides. No power cord |
#SRX650-BASE-SRE6-645DP List Price: $17,200.00 |
|
| Juniper Networks Licenses | ||
| Dynamic VPN Client | ||
| Dynamic VPN Service: 5 Simultaneous Users | #SRX-RAC-5-LTU List Price: $200.00 |
|
| Dynamic VPN Service: 10 Simultaneous Users | #SRX-RAC-10-LTU List Price: $400.00 |
|
| Dynamic VPN Service: 25 Simultaneous Users | #SRX-RAC-25-LTU List Price: $1,000.00 |
|
| Dynamic VPN Service: 50 Simultaneous Users | #SRX-RAC-50-LTU List Price: $2,000.00 |
|
| Dynamic VPN Service: 100 Simultaneous Users | #SRX-RAC-100-LTU List Price: $4,000.00 |
|
| Dynamic VPN Service: 150 Simultaneous Users | #SRX-RAC-150-LTU List Price: $6,000.00 |
|
| Advanced BGP License for SRX 650 only | #SRX-BGP-ADV-LTU List Price: $3,000.00 |
|
| Juniper Networks Accessories | ||
| Interface Modules | ||
| Ethernet Switch 16-port 10/100/1000Base-T XPIM - Takes 2 slots, Spare |
#SRX-GP-16GE List Price: $2,800.00 |
|
| POE Ethernet Switch 16-port 10/100/1000Base-T XPIM - Supports up to 16 ports POE, Takes 2 slots, Spare |
#SRX-GP-16GE-POE List Price: $3,500.00 |
|
| 1-port clear channel DS3/E3 GPIM for SRX - Single GPIM slot |
#SRX-GP-1DS3-E3 List Price: $8,500.00 |
|
| Ethernet Switch 24-port 10/100/1000Base-T XPIM - Includes 4 SFP slots, Supports 24 ports GigE, Takes 4 slots, Spare |
#SRX-GP-24GE List Price: $3,500.00 |
|
| POE Ethernet Switch 24-port 10/100/1000Base-T XPIM - Includes 4 SFP slots, Supports up to 24 ports POE, Takes 4 slots, Spare |
#SRX-GP-24GE-POE List Price: $4,300.00 |
|
| 2-port 10GbE SFP+ / 10G Base-T Copper XPIM for SRX Platforms | #SRX-GP-2XE-SFPP-TX List Price: $12,000.00 |
|
| Dual T1/E1, 2-ports with integrated CSU/DSU - GPIM for SRX650 - Single GPIM Slot, Spare |
#SRX-GP-DUAL-T1-E1 List Price: $1,600.00 |
|
| Quad T1/E1, 4-ports with integrated CSU/DSU - GPIM PIM for SRX650 - Single GPIM Slot, Spare |
#SRX-GP-QUAD-T1-E1 List Price: $2,800.00 |
|
| Accessories | ||
| 2GB Compact Flash module for SRX650 SRE, Spare | #SRX600-2GB-CF List Price: $300.00 |
|
| 2GB DRAM DIMM module for SRX650 SRE, Spare | #SRX600-2GBDRAM-D List Price: $600.00 |
|
| Blank Cover - Spare - GPIM Slot for SRX650.chassis | #SRX600-BLNK-01 List Price: $65.00 |
|
| Blank Cover - Spare - SRE & Multi-Use Processor Slot for SRX650 chassis | #SRX600-BLNK-02 List Price: $65.00 |
|
| Blank Cover - Spare - Power-Supply Slot for SRX650 chassis | #SRX600-BLNK-03 List Price: $65.00 |
|
| SPARE: 645W AC-source Power Supply Unit for SRX650 - Provides 397W System Power @ 12V and 247W POE Power @ 50VDC. - Works with 90-250VAC input. Excludes Power Cord . |
#SRX600-PWR-645AC-POE List Price: $900.00 |
|
| 645W DC-source power supply for SRX 650 - Provides 397W System Power @ 12V and 248W POE Power @ 50VDC. Works with 43-56 VDC input. No Power Cord. |
#SRX600-PWR-645DC-POE List Price: $2,100.00 |
|
| SPARE: Services & Routing Engine 6 (SRE 6) supports Advanced Services & High Memory - Main system board for SRX650 series. Includes 2GB Flash and 2GB DRAM memory. Includes Content Security Accelerator. Max 1 in SRX650 Chassis. |
#SRX600-SRE6H List Price: $9,500.00 |
|
| SRX 650 EMPTY Spare Chassis; 2 RU Height; 8 GPIM Slots; 1 SRE slot & 1 multi-use processing slot, and 2 power-supply slots - Includes 4 onboard 10/100/1000Base-T ports. Order SRX650-BASE for an operable Base System. |
#SRX650-CHAS List Price: $6,300.00 |
|
| SPARE: SRX650 Fan Tray | #SRX650-FAN-01 List Price: $750.00 |
|
| Rackmount Kit - Spare - Front or Mid Mount Ears for SRX650 | #SRX650-RMK-01 List Price: $125.00 |
|
| Interface Accessories | ||
| SFP 100Base-BX Fast Ethernet Optics, Tx 1550nm/Rx 1310nm for 20km transmission on single strand of SMF | #JX-SFP-FE20-BX-D List Price: $550.00 |
|
| SFP 100Base-BX Fast Ethernet Optics, Tx 1310nm/Rx 1550nm for 20km transmission on single strand of SMF | #JX-SFP-FE20-BX-U List Price: $550.00 |
|
| SFP 1000Base-BX Gigabit Ethernet Optics, Tx 1490nm/Rx 1310nm for 10km transmission on single strand of SMF | #JX-SFP-GE10-BX-D14 List Price: $2,100.00 |
|
| SFP 1000Base-BX Gigabit Ethernet Optics, Tx 1550nm/Rx 1310nm for 10km transmission on single strand of SMF | #JX-SFP-GE10-BX-D15 List Price: $2,500.00 |
|
| SFP 1000Base-BX Gigabit Ethernet Optics, Tx 1310nm/Rx 1490nm for 10km transmission on single strand of SMF | #JX-SFP-GE10-BX-U14 List Price: $1,800.00 |
|
| SFP 1000Base-BX Gigabit Ethernet Optics, Tx 1310nm/Rx 1550nm for 10km transmission on single strand of SMF | #JX-SFP-GE10-BX-U15 List Price: $1,500.00 |
|
| SFP 1000Base-BX Gigabit Ethernet Optics, Tx 1550nm/Rx 1310nm for 40km transmission on single strand of SMF | #JX-SFP-GE40-BX-D List Price: $3,000.00 |
|
| SFP 1000Base-BX Gigabit Ethernet Optics, Tx 1310nm/Rx 1550nm for 40km transmission on single strand of SMF | #JX-SFP-GE40-BX-U List Price: $2,600.00 |
|
| SFP+ 10 Gigabit Ethernet Direct Attach Copper (twinax copper cable) 1m | #SRX-SFP-10GE-DAC-1M List Price: $150.00 |
|
| SFP+ 10 Gigabit Ethernet Direct Attach Copper (twinax copper cable) 3m | #SRX-SFP-10GE-DAC-3M List Price: $210.00 |
|
| Small Form Factor Pluggable 10 Gigabit Ethernet ER Optics, 1550nm for 40km transmission | #SRX-SFP-10GE-ER List Price: $10,000.00 |
|
| Small Form Factor Pluggable 10 Gigabit Ethernet LR Optics, 1310nm for 10km transmission | #SRX-SFP-10GE-LR List Price: $4,000.00 |
|
| Small Form Factor Pluggable 10 Gigabit Ethernet LRM Optics, 1310nm for 220m transmission | #SRX-SFP-10GE-LRM List Price: $1,750.00 |
|
| Small Form Factor Pluggable 10 Gigabit Ethernet SR Optics, 850nm for up to 300m transmission | #SRX-SFP-10GE-SR List Price: $1,500.00 |
|
| Small Form Factor Pluggable 1000Base-LH Gigabit Ethernet Optic Module Note: Substitute with JX-SFP-1GE-LH if necessary. |
#SRX-SFP-1GE-LH List Price: $6,000.00 |
|
| Small Form Factor Pluggable 1000Base-LX Gigabit Ethernet Optic Module Note: Substitute with JX-SFP-1GE-LX if necessary. |
#SRX-SFP-1GE-LX List Price: $1,000.00 |
|
| Small Form Factor Pluggable 1000Base-SX Gigabit Ethernet Optic Module Note: Substitute with JX-SFP-1GE-SX if necessary. |
#SRX-SFP-1GE-SX List Price: $500.00 |
|
| Small Form Factor Pluggable 1000Base-T Gigabit Ethernet Module (uses Cat 5 cable) Note: Substitute with JX-SFP-1GE-T if necessary. |
#SRX-SFP-1GE-T List Price: $400.00 |
|
| SFP 100BASE-FX Optical Transceiver, LC connector Note: Substitute with JX-SFP-1FE-FX if necessary. |
#SRX-SFP-FE-FX List Price: $250.00 |
|