Juniper Dynamic VPN Service SRX
Contents
1. Yes 125 Yes Yes Yes Yes 250 users RADIUS RSA SecurelD LDAP Yes Yes Yes VeriSign Entrust Microsoft RSA Keon iPLanet Netscape Baltimore DoD PKI Yes Yes T25 Yes Yes Yes Yes 500 users RADIUS RSA SecurelD LDAP Yes Yes Yes VeriSign Entrust Microsoft RSA Keon iPLanet Netscape Baltimore DoD PKI Yes Yes LAS Yes Yes Yes Yes 500 users RADIUS RSA SecurelD LDAP Yes Yes Yes VeriSign Entrust Microsoft RSA Keon iPLanet Netscape Baltimore DoD PKI Maximum number of security zones Maximum number of virtual routers Maximum number of VLANs 16 64 128 64 2 000 128 3 967 128 3 967 There are several models available for the SRX210 and SRX240 including the enhanced version Please contact your Juniper or partner account representative for more information Low memory high memory Product Comparison continued WR SRXI00 SRX110 SRX210 SRX220 SRX240 SRX550 SRX650 Encapsulations PPP MLPPP N A N A Yes Yes Yes Yes Yes PPPoE Yes Yes Yes Yes Yes Yes Yes PPPoA N A Yes Yes Yes Yes Yes Yes MLPPP maximum physical N A N A 1 2 4 12 12 interfaces Frame Relay N A N A Yes Yes Yes Yes Yes MLFR FRF 15 FRF 16 N A N A Yes Yes Yes Yes Yes MLFR maximum physical N A N A 1 2 4 12 12 interfaces HDLC N A N A Yes Yes Yes Yes Yes Wireless CX1113G 4G LTE Bridge support Yes Yes Yes Yes Yes Yes Yes Jun2. PoE with dual PSU with dual PSU with PoE with PoE Maximum inrush current 60A 70A 80 A for LM 80 A for HM 40 A for 45 A for V2 45 A for 2 HM 60 A for LM HM cycle cycle PoE 45 A for PoE Average heat dissipation 35 BTU hr 81 BTU hr 92 BTU hr 126 BTU hour 242 BTU hr 238 BTU hr 319 BTU hr SRX210BE SRX220H SRX240B 95 BTU hr 253 BTU hr SRX210HE SRX240H 116 BTU hr 246 BTU hr SRX210HE SRX240H PoE DC 294 BTU hr SRX40H PoE Maximum heat dissipation 80 BTU hr 99 BTU hr 1120 BTU hr 126BTU hour 396 BTU hr 1 449 BTU hr 699 BTU hr SRX210BE SRX220H SRX240B 126 BTU hr 427 BTU hr SRX210HE SRX240H 157 BTU hr 409 BTU hr SRX210HE SRX240H PoE DC 560 BTU hr SRX240H PoE Redundant power supply hot No No No No No Yes up to Yes up to swappable maximum maximum capacity of capacity of single PSU single PSU Acoustic noise level O dB fanless OdB fanless 29 1 dB 51 1 dB 70 0 dB 51 8 dB 60 9 dB Per ISO 7779 Standard Environment Operational temperature 329tol049F 32 tol04 F 32 tol04 F 32 to104 F 329tol049F 32 tol04 F 329 to104 0 F O to40 C O to40 C 09to409C 0 to40 C 09to409C 0 to 40 C 0 to 40 C Nonoperational temperature 4 to 158 F 4 to 158 F 4 to 158 F 4 to 158 F 40 to158 F 4 to158 F 4 to 158 F 20 to 20 to 20 to 20 to 40 to 20 to 20 to TOUS ZOE 709C 70 C 70 C 70 C 70 C Humidity operating 10 to 90 10 to 90 10
3. with high memory version Unified Access Control UAC and content filtering 1 GB DRAM 1 GB flash default 512 MB DRAM accessible in low memory version VDSL ADSL2 and Ethernet WAN interfaces Eight 10 100 Ethernet LAN ports and two USB port support for 3G USB Full UTM antivirus antispam enhanced Web filtering intrusion prevention system AppSecure Unified Access Control UAC and content filtering 1 GB DRAM 1 GB flash default Two 10 100 1000 Ethernet and 6 10 100 Ethernet LAN ports 1 Mini PlM slot and 2 USB ports support for 3G USB Factory option of 4 dynamic Power over Ethernet PoE ports 802 3af Support for T1 E1 serial ADSL 2 2 VDSL G SHDSL and Ethernet small form factor pluggable transceiver SFP Content Security Accelerator hardware for faster performance of IPS and ExpressAV with high memory version Full UTM antivirus antispam enhanced Web filtering intrusion prevention system AppSecure with high memory version Unified Access Control UAC and content filtering 1 GB DRAM 1 GB flash default 512 MB DRAM accessible in low memory version Eight 10 100 1000 Ethernet LAN ports 2 Mini PIM slots Factory option of 8 PoE ports PoE 802 3at backwards compatible with 802 3af Support for T1 E1 serial ADSL2 2 VDSL G SHDSL and Ethernet SFP Content Security Accelerator hardware for faster performance of IPS and ExpressAV Full UTM antivirus antispam enhanced Web filtering
4. For more details please visit www juniper net us en products services There are several models available for the SRX210 and SRX240 including the enhanced version Please contact your Juniper or partner account representative for more information 1 SRX210H POE is class A Interface Modules Compatibility Matrix SRX GP 16GE SRX GP 16GE POE SRX GP 2XE SFPPTX SRX GP 24GE SRX GP 24GE POE SRX GP DUAL MISEN SRX GP QUAD TI1 El SRX GP 1DS3 E3 SRX GP 8SERIAL SRX MP ISERIAL SRX MP IADSL2 A SRX MP 1ADSL2 B SRX MP 1VDSL2 A SRX MP 8GSHDSL SRX MP 1SFP GE SRX MP 1T1E1 16 port 10 100 1000BASE T XPIM 16 port 10 100 1000BASE T PoE XPIM 2 port 10GbE SFP 10GbE BASE T Copper XPIM 24 port 10 100 1000BASE T XPIM includes 4 SFP slots 24 port 10 100 1000BASE T PoE XPIM includes 4 SFP slots Dual T1 E1 GPIM Quad T1 E GPIM l port clear channel DS3 E3 GPIM single GPIM slot Eight port Sync Serial GPIM l port Sync Serial Mini PIM l port ADSL2 Mini PIM supporting ADSL ADSL2 ADSL2 Annex A l port ADSL2 Mini PIM supporting ADSL ADSL2 ADSL2 Annex B T port VDSL2 Mini PIM supporting Annex A with fallback to ADSL2 ADSL2 8 wire 4 pair G SHDSL Mini PIM 1 port SFP Mini PIM l port T1 or El Mini PIM SRX100 SRX110 SRX210 SRX220 SRX240 SRX550 SRX650 X X X X X v v X X X X X v v X X X X X v v X X X X X v v X X X X X v v X X X X X v y X X X X X v v X X X X X v v X X
5. Managers support Juniper Networks Advanced Insight Solutions support External administrator database RADIUS LDAP SecurelD Auto configuration Configuration rollback Rescue configuration with button Commit confirm for changes Auto record for diagnostics Software upgrades USB upgrade option Juniper Networks Junos Web Command line interface Smart image download Certifications Common Criteria CC EAL4 Common Criteria CC EAL3 FIPS 140 Level 2 ICSA Corporate Firewall and ICSA IPSec 1 3 USGv6 lt Firewall Profile Unified Threat Management antivirus antispam Web filtering AppSecure and IPS require individual subscription license and is only supported on high memory versions of the SRX Series UTM is not supported on the low memory version Please see the ordering section for options 2 SRX100B installed with 1 GB DRAM with 512 MB accessible Optional upgrade to 1 GB DRAM is available with purchase of memory software license key 3 Coming soon for SRX110 4 Certified on Junos FIPS 10 4R4 on all versions of SRX100 SRX210 SRX220 SRX240 and SRX650 Specifications continued Gertlieations continued Supported hardware versions of the FIPS 140 2 gateways SRX100B SRX210BE SRX240B and SRX650 BASE SRE6 645AP with JNPR FIPS TAMPER LBLS Roles Services and Authentication Level 3 EMI EMC Level 3 Design Assurance Level 3 RNG RSA Product Comparison SSS SRX100 SRX110 SRX210 S
6. 3 Session based forwarding algorithm Bl Hi SF com Facebook Skype Google Internet SIP UC Server Server App Server Private Data Center Private WAN 4G LTE TI El VDSL TI El en mn SRX240 SRX210 E i aaa AX411 Diz a ie AX411 E ng a vm Ga Small Branch with Cellular Backup Figure 4 The distributed enterprise QeJuniper JUNIPer SRX550 Specifications Protocols IPv4 IPv6 ISO Connectionless Network Service CLNS HOOHnE and Multicast Static routes RIPv2 vl OSPF OSPFv3 BGP BGP Router Reflector IS IS Multicast Internet Group Management Protocol IGMPv1 2 3 PIM SM DM SSM Session Description Protocol SDP Distance Vector Multicast Routing Protocol DVMRP source specific Multicast inside IPsec tunnel MSDP MPLS RSVP LDP Circuit Cross connect CCC Translational Cross connect TCC Layer 2 VPN VPLS Layer 3 VPN VPLS NGMVPN IP Address Management Static DHCP PPPoE client Internal DHCP server DHCP Relay Address Translation Source NAT with Port Address Translation PAT Static NAT Destination NAT with PAT Persistent NAT NAT64 Encapsulations Ethernet MAC and VLAN tagged Point to Point Protocol PPP synchronous Multilink Point to Point Protocol MLPPP Frame Relay Multilink Frame Relay MLFR FRF 15 FRF 16 FRF 12 LFI High Level Data Link Control HDLC Serial RS 232 RS 449 X 21 V 35 EIA 530 802 1g VLAN su
7. CHAS SRX550 FILT O1 Spare 645 W AC PoE power supply unit for SRX550 and SRX650 systems one is included in SRX550 and SRX650 base systems SRX650 BASE SRE6 645AP SRX550 645AC 645 W DC source power supply for SRX550 SRX650 provides 397 W system power 12 V and 248 W PoE power 50 VDC works with 43 56 VDC input no power cord SRX550 Services Gateway 2 RU height 6 GPIM slots 2 Mini PIM slots 6 10 100 1O00BASE T ports 4 GbE SFP ports dual PS slots fans power supply not included Not included in SRX550 systems optional as this is not required for normal operations but recommended for dusty environments SRX550 Additional Software Feature Licenses SRX550 K AV SRX550 S AV SRX550 IDP SRX550 S2 AS SRX550 W WF SRX550 SMB4 CS SRX550 S SMB4 CS SRX550 K AV 3 SRX550 S AV 3 SRX550 IDP 3 SRX550 S2 AS 3 SRX550 W WF 3 SRX550 SMB4 CS 3 SRX550 S SMB4 CIS 3 One year subscription for Juniper Kaspersky antivirus updates on SRX550 One year subscription for Juniper Sophos antivirus updates on SRX550 One year subscription for IDP updates on SRX550 One year subscription for Juniper Sophos antispam updates on SRX550 One year subscription for Juniper Websense Web filtering updates on SRX550 One year security subscription for enterprise includes Kaspersky AV enhanced WF Sophos AS AppSecure and IDP on SRX550 One year security subscription for enterprise includes Sophos AV
8. IGE SX SRX SFP 1GE T SRX SFP FE FX SFP 1000BASE LH Optical Transceiver SFP 1000BASE LX Optical Transceiver SFP 1000BASE SX Optical Transceiver SFP 1000BASE T Copper Transceiver SFP 100BASE FX Optical Transceiver SRX110 Base System SRXIIOH VA SRXIIOH VB SRX110 Services Gateway with 8xFE ports 1GB RAM and Flash l port VDSL2 ADSL2 over POTS USB port for cellular modem connectivity and external PS and cord included SRX110 Services Gateway with 8xFE ports 1GB RAM and Flash l port VDSL2 ADSL2 over ISDN BRI USB port for cellular modem connectivity and external PS and cord included SRX110 Additional Hardware 1I0 WALL KIT 110 DESK STAND _ SRX110 desktop stand holds one unit 110 RMK SRX110 rack mount kit holds one unit SRX110 wall mount kit holds one unit SRX100 Base System SRXI OOH SRX100 Services Gateway with 8xFE ports and base memory On board 1 GB RAM w 512 MB accessible I GB Flash SRX100 Services Gateway with 8xFE ports and high memory 1 GB RAM 1 GB Flash SRX100 Additional Hardware 100 PWR 30W SRX 100 RMK SRXI SRXI OO WALL KIT O0 DESK STAND SRX100 SRX110 Dynamic VPN Client SRX SRX SRX RAC 5 LTU RAC 10 LTU RAC 25 LTU Spare SRX100 switching power supply 30 W non PoE SRX100 19 rack mount kit holds two units SRX100 wall mount kit holds one unit SRX100 desk stand holds one unit 5 simultaneous users for SRX100 SRX110 SRX210 SR
9. Junos OS 11 4R5 950 Mbps 300 Mbps 125 Kpps 350 Mbps 100 Mbps 512 300 Mbps 80 Mbps 35 Mbps Sophos AV 2 800 96K 1GB DRAM 2 048 Unrestricted Junos OS 11 4R5 1 8 Gbps 600 Mbps 200 Kpps 830 Mbps 300 Mbps 1 000 750 Mbps 230 Mbps 85 Mbps Sophos AV 8 500 128 K 256 K 1GB 2 GB DRAM 1 024 4 096 Unrestricted Junos OS 121 5 5 Gbps 1 7 Gbps 700 Kpps 1 5 Gbps 1 0 Gbps 2 000 1 5 Gbps 800 Mbps 300 Mbps Sophos AV 27 000 SAK 2 GB DRAM 7 256 Unrestricted Junos OS 1L 4R5 7Gbps 2 5 Gbps 850 Kpps 2 Gbps 1 5 Gbps 3 000 1 9 Gbps 1 Gbps 350 Mbps Sophos AV 35 000 52K 2 GB DRAM 8 192 Unrestricted Fixed I O I O slots Services and Routing Engine slots ExpressCard slot 3G WAN WAN LAN interface options Maximum number of PoE ports PoE optional on some SRX Series models USB 8 x 10 100 N A No No N A N A 1 VDSL ADSL2 8 x 10 100 N A No No N A N A 2 2 10 100 1000 BASE T 6x 10 100 1x SRX Series Mini PIM No Yes See ordering information Up to 4 ports of 802 3af with maximum 50 W 2 8x 10 100 1000 BASE T 2 x SRX Series Mini PIM No No See ordering information Up to 8 ports of 802 3af at with maximum 120 W 2 16x 10 100 1000 BASE T 4 x SRX Series Mini PIM No No See ordering information Up to 16 ports of 802 3af at with maximum 15
10. X X X v y X X v v v v Xx X X v v v v X X X v v v v X X X v v v v X X X v v v v Xx X X v v v v X X X v v v v X Ordering Information SRX650 Base System SRX650 BASE SRE6 645AP SRX650 BASE SRE6 645DP SRX650B SRE6 645AP TAA SRX650 Services Gateway with SRE 6 645 W AC PoE PSU includes 4 onboard 10 100 1000BASE T ports 2 GB DRAM 2 GB CF 247 W PoE power fan tray power cord and rack mount kit SRX650 Services Gateway with SRE 6 645 W DC PoE PSU includes 4 onboard 10 100 1000BASE T ports 2 GB DRAM 2 GB CF 247 W PoE power fan tray power cord and rack mount kit Trade Agreement Act compliant SRX650 Services Gateway with SRE 6 645 W AC PoE PSU includes 4 onboard 10 100 1000BASE T ports 2 GB DRAM 2 GB CF 247 W PoE power fan tray power cord and rack mount kit SRX650 Power Supplies and Accessories SRX600 PWR 645AC POE SRX600 PWR 645DC POE SRX600 SRE6H SRX650 CHAS SRX650 FAN O1 SRX650 FILT O1 Spare 645 W AC PoE power supply unit for SRX650 SRX550 systems one is included in SRX650 SRX550 base system SRX650 BASE SRE6 645AP SRX550 645AP 45 W DC source power supply for SRX550 and RX650 provides 397 W system power O 12 V nd 248 W PoE power 50 VDC works with 3 56 VDC input no power cord 6 S al 4 Spare SRE6 H for SRX650 one is included in SRX650 base system SRX650 BASE SRE6 645AP S p S RX650 chassis including fan tray no system rocessor SRE and no pow
11. and Support UL 60950 1 FCC Class B TIA 968 CSA 60950 1 ICES class B e5503 AS NZS 60950 1 AS NZS CISPR22 Class B AS ACIFS 002 S 016 S 043 1 5043 2 AS NZS 60950 1 AS NZS CISPR22 Class B PKC ANZ BIC 273 CB Scheme VCCI Class B Certificate for Technical Conditions EN 60950 1 EN 55022 Class B EN 300 386 GTRI2 13 CTR 21 DoC UL 60950 1 FCC Class B TIA 968 CSA 60950 1 ICES class B CS 03 AS NZS 60950 1 AS NZS CISPR22 Class B AS ACIFS 002 S 016 S 043 1 5043 2 AS NZS 60950 1 AS NZS CISPR22 Class B PTG 217 PTC 273 CB Scheme VCCI Class B Certificate for Technical Conditions EN 60950 1 EN 55022 Class B EN 300 386 CTR 12 13 CTR 21 DoC UL 60950 1 FCC Class B TIA 068 CSA 60950 1 ICES class B S 03 AS NZS 60950 1 AS NZS CISPR22 Class B AS ACIFS 002 S 016 S 043 1 5043 2 AS NZS 60950 1 AS NZS CISPR22 Class B PTC UF MRC 273 CB Scheme VCCI Class B Certificate for Technical Conditions EN 60950 1 EN 55022 Class B EN 300 386 CTR 12 13 CTR 21 DoC UL 60950 1 FCC Class A TIA 968 CSA 60950 1 ICES Class A CS 03 AS NZS 60950 1 AS NZS CISPR22 Class A AS ACIFS 002 S 016 S 043 1 S043 2 AS NZS 60950 1 AS NZS CISPR22 Class A PTC Al IPMS 273 CB Scheme VCCI Class A Certificate for Technical Conditions EN 60950 1 EN 55022 Class A EN 300 386 CTR 12 13 C
12. and high memory 1 GB RAM 1 GB Flash Trade Agreement Act compliant SRX240 Services Gateway with 16 GbE ports 4 Mini PIM slots and high memory 1 GB RAM 1 GB Flash with 16 ports PoE 150 W SRX240 Services Gateway with 16 GbE ports 4 Mini PIM slots and high memory 1 GB RAM 1GB Flash One year subscription for Juniper Kaspersky antivirus updates on SRX240 One year subscription for Juniper Sophos antivirus updates on SRX240 One year subscription for IDP updates on SRX240 One year subscription for Juniper Sophos antispam updates on SRX240 One year subscription for Juniper Websense Web filtering updates on SRX240 One year security subscription for enterprise includes Kaspersky AV enhanced WF Sophos AS AppSecure and IDP on SRX240 One year security subscription for enterprise includes Sophos AV enhanced WF Sophos AS AppSecure and IDP on SRX240 Three year subscription for Juniper Kaspersky antivirus updates on SRX240 Three year subscription for Juniper Sophos antivirus updates on SRX240 Three year subscription for IDP updates on SRX240 Three year subscription for Juniper Sophos antispam updates on SRX240 Three year subscription for Juniper Websense Web filtering updates on SRX240 Three year security subscription for enterprise includes Kaspersky AV enhanced WF Sophos AS AppSecure and IDP on SRX240 Three year security subscription for enterprise includes Sophos AV enhanced WF So
13. includes Sophos AV enhanced WF Sophos AS AppSecure and IDP on SRX550 Dynamic VPN Client 5 simultaneous users for SRX100 SRX110 SRX210 SRX220 SRX240 SRX550 and SRX650 Dynamic VPN Client 10 simultaneous users for SRX100 SRX110 SRX210 SRX220 SRX240 SRX550 and SRX650 Dynamic VPN Client 25 simultaneous users for SRX100 SRX110 SRX210 SRX220 SRX240 SRX550 and SRX650 Dynamic VPN Client 50 simultaneous users for SRX210 SRX220 SRX240 SRX550 and SRX650 only Dynamic VPN Client 100 simultaneous users for SRX220 SRX240 SRX550 and SRX650 only Dynamic VPN Client 150 simultaneous users for SRX220 SRX240 SRX550 and SRX650 only Dynamic VPN Client 250 simultaneous users for SRX240 SRX550 and SRX650 only Dynamic VPN Client 500 simultaneous users for SRX550 and SRX650 only One year subscription for Application Security and IPS updates for SRX550 Three year subscription for Application Security and IPS updates for SRX550 Five year subscription for Application Security and IPS updates for SRX550 SRX240 Base System SRX240B2 SRX240H2 SRX240H2 POE SRX240H2 DC SRX240 Services Gateway with 16 x GbE ports 4x mini PlM slots and base memory 1 GB DRAM 2 GB Flash integrated power supply with power cord and 19 rack mount kit included No UTM AppSecure or IDP support SRX240 Services Gateway with 16 x GbE ports 4x mini PlM slots and high memory 2 GB DRAM 2 GB Flash integ
14. intrusion prevention system AppSecure Unified Access Control and content filtering 1 GB DRAM 1 GB flash default 16 10 100 1000 Ethernet LAN ports 4 Mini PlM slots Factory option of 16 PoE ports PoE 802 3at backwards compatible with 802 3af Support for T1 El serial ADSL2 2 VDSL G SHDSL and Ethernet SFP Content Security Accelerator hardware for faster performance of IPS and ExpressAV Full UTM antivirus antispam enhanced Web filtering intrusion prevention system AppSecure with high memory version Unified Access Control and content filtering 1 GB 2 GB DRAM 2 GB compact flash default Ten fixed Ethernet ports 6 10 100 1000 Copper 4 SFP 2 Mini PlM slots 6 GPIM slots or multiple GPIM and XPIM combinations Support for T1 E serial ADSL2 2 VDSL G SHDSL DS3 E3 Gigabit Ethernet ports supports up to 52 Ethernet ports including SFP 40 switch ports with optional PoE including 802 3at PoE backwards compatible with 802 3af or 50 non PoE 10 100 1000 Copper ports IOGbE Content Security Accelerator hardware for faster performance of IPS and ExpressAV Full UTM antivirus antispam enhanced Web filtering and intrusion prevention system AppSecure Unified Access Control and content filtering 2 GB DRAM default 2 GB compact flash default Optional redundant AC power standard AC power supply that is PoE ready PoE power up to 250 watts single power supply or 500 watts dual power supply Four fi
15. modules Rack mountable Yes 1 RU Yes 1 RU Yes I RU Yes 1 RU Yes 1 RU Yes 2 RU Yes 2 RU Power supply AC 100 240 VAC 100 240 VAC 100 240 VAC 100 240 VAC 150 W forLM 100 240 VAC 100 240 VAC 30 W 60 W 60 W non 60 W non and HM single 645 single 645 PoE PoE 190WforHM Wor Wor 150 W PoE 200 W PoE with DC dual 645 W dual 645 W 360 W for PoE Maximum PoE power N A N A 50W 120 W 150 W 247 W 247W redundant or redundant or 494 W non 494 W non redundant redundant There are several models available for the SRX210 and SRX240 including the enhanced version Please contact your Juniper or partner account representative for more information 1 SRXI00B installed with 1 GB DRAM with 512 MB accessible Optional upgrade to 1 GB DRAM is available with purchase of memory software license key Product Comparison continued SSS ae SRX100 SRX110 SRX210 SRX220 SRX240 SRX550 SRX650 Dimensions and Power continued Average power consumption 10 W 24W 27 W LM 28 W LM SRX240B 85W 122 W 28 W HM 71W 84 W PoE SRX240H 74W SRX240H DC 72W SRX240H PoE 86 W Input frequency 50 60 Hz 50 60 Hz 50 60 Hz 50 60 Hz 50 60 Hz 50 60 Hz 50 60 Hz Maximum current consumption O25A 0100 175A 100 0 41 A 100 0 44A 100 1 0A 100 7 5 A 100 5 3A 100 VAC VAC VAC LM VAC HM VAC LM 11 VAC with VAC with 0 44 A 100 A 100VAC single PSU single PSU VAC HM 1 13 HM 3 0 A with PoE 10 5 with PoE 8 3 A 100 VAC 100 VAC A 100VAC A 100 VAC PoE
16. year subscription for Juniper Sophos antispam updates One year subscription for Juniper Websense enhanced Web filtering updates Three year subscription for Juniper Websense enhanced Web filtering updates Five year subscription for Juniper Websense enhanced Web filtering updates One year security subscription for enterprise includes Kaspersky AV enhanced WF Sophos AS AppSecure and IDP Three year security subscription for Kaspersky AV enhanced WF Sophos AS AppSecure and IDP Five year security subscription for enterprise includes Kaspersky AV enhanced WF Sophos AS AppSecure and IDP One year security subscription for enterprise includes Sophos AV enhanced WF Sophos AS AppSecure AppSecure and IDP Three year security subscription for enterprise includes Sophos AV enhanced WF Sophos AS AppSecure and IDP Five year security subscription for enterprise includes Sophos AV enhanced WF Sophos AS AppSecure and IDP One year license for IDP updates Three year license for IDP updates Five year license for IDP updates Three year renewal subscription for Juniper Kaspersky AV updates Five year renewal subscription for Juniper Kaspersky AV updates One year renewal subscription for Juniper Kaspersky AV updates Three year renewal subscription for Juniper Sophos AV updates Five year renewal subscription for Juniper Sophos AV updates One year renewal subscription for Juniper Soph
17. 0 SRX550 and SRX650 Dynamic VPN Client 25 simultaneous users for SRX100 SRX110 SRX210 SRX220 SRX240 SRX550 and SRX650 Dynamic VPN Client 50 simultaneous users for SRX210 SRX220 SRX240 SRX550 and SRX650 only Dynamic VPN Client 100 simultaneous users for SRX220 SRX240 SRX550 and SRX650 only Dynamic VPN Client 150 simultaneous users for SRX220 SRX240 SRX550 and SRX650 only Dynamic VPN Client 250 simultaneous users for SRX240 SRX550 and SRX650 only Dynamic VPN Client 500 simultaneous users for SRX550 and SRX650 only One year subscription for Application Security and IPS updates for SRX650 Three year subscription for Application Security and IPS updates for SRX650 Five year subscription for Application Security and IPS updates for SRX650 Ordering Information continued SRX550 Base System SRX550 645AP SRX550 645DP SRX550 Services Gateway 2 RU height 6 GPIM slots 2 Mini PIM slots 6 10 100 1000BASE T ports 4 GbE SFP ports dual PS slots fans ships with one 645 watt AC power supply with 247 W PoE power power cord and rack mount kit included SRX550 Services Gateway 2 RU height 6 GPIM slots 2 Mini PIM slots 6 10 100 1000BASE T ports 4 GbE SFP ports dual PS slots fans ships with one 645 watt DC power supply with 247 W PoE power no power cord and rack mount kit Included SRX550 Power Supplies and Accessories SRX600 PWR 645AC POE SRX600 PWR 645DC POE SRX550
18. 0 SRX240 SRX550 and SRX650 Dynamic VPN Client 10 simultaneous users for SRX100 SRX110 SRX210 SRX220 SRX240 SRX550 and SRX650 Dynamic VPN Client 25 simultaneous users for SRX100 SRX110 SRX210 SRX220 SRX240 SRX550 and SRX650 Dynamic VPN Client 50 simultaneous users for SRX210 SRX22 SRX240 SRX550 and SRX650 only Dynamic VPN Client 100 simultaneous users for SRX220 SRX240 SRX550 and SRX650 only Dynamic VPN Client 150 simultaneous users for SRX220 SRX240 SRX550 and SRX650 only Dynamic VPN Client 250 simultaneous users for SRX240 SRX550 and SRX650 only One year subscription for Application Security and IPS updates for SRX240 Three year subscription for Application Security and IPS updates for SRX240 Five year subscription for Application Security and IPS updates for SRX240 SRX220 Base System SRX220H SRX220H POE SRX220 RMK SRX220 WALL KIT SRX220 PWR 60W SRX220 Services Gateway with 8 GbE ports 2 Mini PlM slots and high memory 1 GB RAM 1 GB Flash external power supply and cord included SRX220 Services Gateway with 8 GbE ports 2 Mini PIM slots and high memory 1 GB RAM 1 GB Flash with 8 ports PoE 120 W SRX220 rack mount kit for 19 in rack holds one unit SRX220 wall mount kit holds one unit Spare SRX220 switching power supply 60 W non POE See price list for country specific power cord model numbers Ordering Information continued Model Nu
19. 0 K AV 5 SRX650 S AV 5 SRX650 IDP 5 SRX650 W WF 5 SRX650 SMB4 CS 5 SRX650 S SMB4 CS 5 SRX RAC 5 LTU SRX RAC 10 LTU SRX RAC 25 LTU SRX RAC 50 LTU SRX RAC 100 LTU SRX RAC 150 LTU SRX RAC 250 LTU SRX RAC 500 LTU SRX650 APPSEC A 1 SRX650 APPSEC A 3 SRX650 APPSEC A 5 Three year subscription for Juniper Sophos antispam updates on SRX650 Three year subscription for Juniper Websense Web filtering updates on SRX650 Three year security subscription for enterprise includes Kaspersky AV enhanced WF Sophos AS AppSecure and IDP on SRX650 Three year security subscription for enterprise includes Sophos AV enhanced WF Sophos AS AppSecure and IDP on SRX650 Advanced BGP License for SRX550 and SRX650 only Five year subscription for Juniper Kaspersky AV updates on SRX650 Five year subscription for Juniper Sophos AV updates on SRX650 Five year license for IDP updates for SRX650 Five year subscription for Juniper Websense Web filtering updates on SRX650 Five year security subscription for enterprise includes Kaspersky AV enhanced WF Sophos AS AppSecure and IDP on SRX650 Five year security subscription for enterprise includes Sophos AV enhanced WF Sophos AS AppSecure and IDP on SRX650 Dynamic VPN Client 5 simultaneous users for SRX100 SRX110 SRX210 SRX220 SRX240 SRX550 and SRX650 Dynamic VPN Client 10 simultaneous users for SRX100 SRX110 SRX210 SRX220 SRX24
20. 0 W 2 6x 10 100 1000 BASE T 4 SFP 2 x SRX Series Mini PIM 6 x GPIM or multiple GPIM and XPIM combinations No No See ordering information Up to 40 ports of 802 3af at with maximum 247 W 2 4x 10 100 1000 BASE T 8 x GPIM or multiple GPIM and XPIM combinations 24 No See ordering information Up to 48 ports of 802 3af at with maximum 247 W 2 per SRE There are several models available for the SRX210 and SRX240 including the enhanced version Please contact your Juniper or partner account representative for more information 1 When UTM is enabled capacities supported are low memory specifications 2 When UTM is enabled concurrent sessions supported is 50 Of value shown 3 SRXI00B installed with 1GB DRAM with 512 MB accessible Optional upgrade to 1 GB DRAM is available with purchase of memory software license key 4 SRX650 supports a single Services and Routing Engine SRE as of software release 11 4 5 Throughput numbers based on HTTP traffic with 44 kilobyte transaction size Product Comparison continued SSS SRX100 SRX110 SRX210 SRX220 SRX240 SRX550 SRX650 Routing BGP instances BGP peers BGP routes OSPF instances OSPF routes RIP vl v2 instances RIP v2 routes Static routes Source based routing Policy based routing Equal cost multipath ECMP Reverse path forwarding RPF IPsec VPN 8 K 16 K 10 8 K 16 K 10 8 K 16 K 8 K 16 K6 Yes Y
21. 00 or 408 745 2000 Phone 852 2332 3636 EMEA Sales 00800 4586 4737 Fax 408 745 2100 Fax 852 2574 7803 Fax 35 31 8903 601 www juniper net Copyright 2012 Juniper Networks Inc All rights reserved Juniper Networks the Juniper Networks logo Junos NetScreen and ScreenOS are registered trademarks of Juniper Networks Inc in the United States and other countries All other trademarks service marks registered marks or registered service marks are the property of their respective owners Juniper Networks assumes no responsibility for any inaccuracies in this document Juniper Networks reserves the right to change modify transfer or otherwise revise this publication without notice 1000281 019 EN Oct 2012 Printed on recycled paper
22. JUNIP EL NETWORKS Product Overview Juniper Networks SRX Series Services Gateways for the branch are secure routers that provide essential capabilities that connect secure and manage workforce locations sized from handfuls to hundreds of users By consolidating fast highly available switching routing security and applications capabilities in a single device enterprises can economically deliver new services safe connectivity and a satisfying end user experience All SRX Series Services Gateways including products scaled for the branch campus and data center applications are powered by Juniper Networks Junos OS the proven operating system that provides unmatched consistency better performance with services and superior infrastructure protection at a lower total cost of ownership DATASHEET SRX SERIES SERVICES GATEWAYS FOR THE BRANCH SRXI00 SRXI10 SRX210 SRX220 SRX240 SRX550 and SRX650 Product Description The Juniper Networks SRX Series Services Gateways for the branch joins Juniper Networks SRX Series for the data center EX Series Ethernet Switches M Series Multiservice Edge Routers MX Series 3D Universal Edge Routers and T Series Core Routers This provides a single Juniper Networks Junos operating system based portfolio of unprecedented scale With Junos OS enterprises and service providers can lower deployment and operational costs across their entire distributed workforce SRX Ser
23. RX220 SRX240 SRX550 SRX650 Maximum Performance and Capacity Junos OS version tested Firewall performance large packets Firewall performance IMIX Firewall routing PPS 64 Byte Firewall performance HTTP IPsec VPN throughput large packets IPsec VPN tunnels AppSecure firewall throughput IPS intrusion prevention system Antivirus Connections per second Maximum concurrent sessions DRAM options Maximum security policies Maximum users supported Network Connectivity Junos OS 11 4R5 700 Mbps 200 Mbps 70 Kpps 100 Mbps 65 Mbps 128 90 Mbps 75 Mbps 25 Mbps Sophos AV 1 800 16K 32K 512 MB 1 GB DRAM 384 Unrestricted FIPS approved algorithms Triple DES AES DSA SHS Junos OS 11 4R5 700 Mbps 200 Mbps 70 Kpps 100 Mbps 65 Mbps 128 90 Mbps 75 Mbps 25 Mbps Sophos AV 1 800 32K 1GB DRAM 384 Unrestricted NEBS Compliance for SRX240 SRX650 Department of Defense DoD Certification for SRX Series Services Gateways including testing and certification by the Department of Defense Joint Interoperability Test Command JITC for interoperability with DoD networks and addition of the SRX Series Services Gateways to the Unified Capabilities Approved Product List UC APL Junos OS 11 4R5 850 Mbps 250 Mbps 95 Kpps 290 Mbps 85 Mbps 256 250 Mbps 65 Mbps 30 Mbps Sophos AV 2 200 32K 64K 512 MB 1 GB DRAM 512 Unrestricted
24. SRX220 Three year security subscription for enterprise includes Kaspersky AV enhanced WF Sophos AS AppSecure and IDP on SRX220 Three year security subscription for enterprise includes Sophos AV enhanced WF Sophos AS AppSecure and IDP on SRX220 Five year subscription for Juniper Kaspersky antivirus updates on SRX220 Five year subscription for Juniper Sophos antivirus updates on SRX220 Five year subscription for IDP updates on SRX220 Five year subscription for Juniper Websense Web filtering updates on SRX220 Five year security subscription for enterprise includes Kaspersky AV enhanced WF Sophos AS AppSecure and IDP on SRX220 Five year security subscription for enterprise includes Sophos AV enhanced WF Sophos AS AppSecure and IDP on SRX220 Dynamic VPN Client 5 simultaneous users for RX100 SRX110 SRX210 SRX220 SRX240 RX550 and SRX650 S Dynamic VPN Client 10 simultaneous users for S S nm RX100 SRX110 SRX210 SRX220 SRX240 RX550 and SRX650 Dynamic VPN Client 25 simultaneous users for SRX100 SRX110 SRX210 SRX220 SRX240 SRX550 and SRX650 Dynamic VPN Client 50 simultaneous users for SRX210 SRX220 SRX240 SRX550 and SRX650 Model Number SRX RAC 100 LTU SRX RAC 150 LTU SRX220 APPSEC A 1 SRX220 APPSEC A 3 SRX220 APPSEC A 5 Description Dynamic VPN Client 100 simultaneous users for SRX220 SRX240 SRX550 and SRX650 Dynamic VPN Client 150 simulta
25. TR 21 DoC UL 60950 1 FCC Class A TIA 968 CSA 60950 1 ICES class A ES 03 AS NZS 60950 1 AS NZS CISPR22 Class A AS ACIFS OO2 S 016 S 043 1 S043 2 AS NZS 60950 1 AS NZS CISPR22 Class A PTC 217 PTC 273 CB Scheme VCCI Class A Certificate for Technical Conditions EN 60950 1 EN 55022 Class A EN 300 386 CTR 12 13 CTR 21 DoC UL 60950 1 FCC Class A TIA 966 CSA 60950 1 ICES class A CS O3 AS NZS 60950 1 AS NZS CISPR22 Class A AS ACIFS 016 AS NZS 60950 1 AS NZS CISPR22 Class A PTC 217 CB Scheme VCCI Class A Certificate for Technical Conditions EN 60950 1 EN 55022 Class A EN 300 386 CTR 12 13 DoC UL 60950 1 FCC Class A TIA 966 CSA 60950 1 ICES class A CS 03 AS NZS 60950 1 AS NZS CISPR22 Class A AS ACIFS 016 AS NZS 60950 1 AS NZS CISPR22 Class A PUG A CB Scheme VCCI Class A Certificate for Technical Conditions EN 60950 1 EN 55022 Class A EN 300 386 CTR 12 13 DoC Juniper Networks is the leader in performance enabling services that are designed to accelerate extend and optimize your high performance network Our services allow you to maximize operational efficiency while reducing costs and minimizing risk achieving a faster time to value for your network Juniper Networks ensures operational excellence by optimizing the network to maintain required levels of performance reliability and availability
26. X220 SRX240 SRX550 and SRX650 10 simultaneous users for SRX100 SRX110 SRX210 SRX220 SRX240 SRX550 and SRX650 25 simultaneous users for SRX100 SRX110 SRX210 SRX220 SRX240 SRX550 and SRX650 SRX100 SRX110 Additional Software Feature Licenses SRXI SRXI SRXI SRXI SRXI SRXI XX S AV 5 XX S2 AS XX S2 AS 3 One year subscription for Juniper Kaspersky AV updates Three year subscription for Juniper Kaspersky AV updates Five year subscription for Juniper Kaspersky AV updates One year subscription for Juniper Sophos AV updates Three year subscription for Juniper Sophos AV updates Five year subscription for Juniper Sophos AV updates One year subscription for Juniper Sophos antispam updates Three year subscription for Juniper Sophos antispam updates See price list for country specific power cord model numbers The additional software feature licenses apply to both the SRX100 and the SRXIIO Model Number Description SRX100 SRX110 Additional Software Feature Licenses continued SRXIXX S2 AS 5 SRXIXX W EWF SRXIXX W EWF 3 SRXIXX W EWF 5 SRXIXX SMB4 CS SRXIXX SMB4 CS 3 SRXIXX SMB4 CS 5 SRXIXX S SMB4 CS SRXIXX S SMB4 CS 3 SRXIXX S SMB4 GS 55 SRX1XX IDP SRX1XX IDP 3 SRXIXX IDP 5 SRXIXX K AV 3 R SRXIXX K AV 5 R SRXIXX K AV R SRXIXX S AV 3 R SRXIXX S AV 5 R SRXIXX S AV R SRXIXX S2 AS 3 R SRXIXX S2 AS 5 R SRXIXX S2 AS R Five
27. e year security subscription for enterprise includes Sophos AV enhanced WF Sophos AS AppSecure and IDP on SRX210 Five year subscription for Juniper Kaspersky antivirus updates on SRX210 Five year subscription for Juniper Sophos antivirus updates on SRX210 Five year subscription for IDP updates on SRX210 Five year subscription for Juniper Sophos antispam updates on SRX210 Five year subscription for Juniper Websense Web filtering updates on SRX210 Five year security subscription for enterprise includes Kaspersky AV enhanced WF Sophos AS AppSecure and IDP on SRX210 Five year security subscription for enterprise includes Sophos AV enhanced WF Sophos AS AppSecure and IDP on SRX210 Dynamic VPN Client 5 simultaneous users for SRX100 SRX110 SRX210 SRX220 SRX240 SRX550 and SRX650 Dynamic VPN Client 10 simultaneous users for SRX100 SRX110 SRX210 SRX220 SRX240 SRX550 and SRX650 Dynamic VPN Client 25 simultaneous users for SRX100 SRX110 SRX210 SRX220 SRX240 SRX550 and SRX650 Dynamic VPN Client 50 simultaneous users for SRX210 SRX220 SRX240 SRX550 and SRX650 only One year subscription for Application Security and IPS updates for SRX210 Three year subscription for Application Security and IPS updates for SRX210 Five year subscription for Application Security and IPS updates for SRX210 Small Form Factor Pluggable SFP Transceivers SRX SFP 1GE LH SRX SFP 1GE LX SRX SFP
28. enhanced WF Sophos AS AppSecure and IDP on SRX550 Three year subscription for Juniper Kaspersky AV updates on SRX550 Three year subscription for Juniper Sophos AV updates on SRX550 Three year subscription for IDP updates on SRX550 Three year subscription for Juniper Sophos antispam updates on SRX550 Three year subscription for Juniper Websense Web filtering updates on SRX550 Three year security subscription for enterprise includes Kaspersky AV enhanced WF Sophos AS AppSecure and IDP on SRX550 Three year security subscription for enterprise includes Sophos AV enhanced WF Sophos AS AppSecure and IDP on SRX550 SRX BGP ADV LTU SRX550 K AV 5 SRX550 S AV 5 SRX550 IDP 5 SRX550 W WF 5 SRX550 SMB4 CS 5 SRX550 S SMB4 CS 5 SRX RAC 5 LTU SRX RAC 10 LTU SRX RAC 25 LTU SRX RAC 50 LTU SRX RAC 100 LTU SRX RAC 150 LTU SRX RAC 250 LTU SRX RAC 500 LTU SRX550 APPSEC A 1 SRX550 APPSEC A 3 SRX550 APPSEC A 5 Advanced BGP License for SRX550 and SRX650 only Five year subscription for Juniper Kaspersky AV updates on SRX550 Five year subscription for Juniper Sophos AV updates on SRX550 Five year license for IDP updates for SRX550 Five year subscription for Juniper Websense Web filtering updates on SRX550 Five year security subscription for enterprise includes Kaspersky AV enhanced WF Sophos AS AppSecure and IDP on SRX550 Five year security subscription for enterprise
29. er supply unit pare SRX650 fan tray one is included in SRX650 chassis spare SRX650 CHAS and included in SRX650 base system SRX650 BASE SRE6 645AP Not included in SRX650 chassis spare SRX650 CHAS and not included in SRX650 base system SRX650 BASE SRE6 645AP optional as this is not reguired for normal operations but recommended for dusty environments SRX650 Additional Software Feature Licenses SRX650 K AV SRX650 S AV SRX650 IDP SRX650 S2 AS SRX650 W WF SRX650 SMB4 CS SRX650 S SMB4 CS SRX650 K AV 3 SRX650 S AV 3 SRX650 IDP 3 One year subscription for Juniper Kaspersky antivirus updates on SRX650 One year subscription for Juniper Sophos antivirus updates on SRX650 One year subscription for IDP updates on SRX650 One year subscription for Juniper Sophos antispam updates on SRX650 One year subscription for Juniper Websense Web filtering updates on SRX650 One year security subscription for enterprise includes Kaspersky AV enhanced WF Sophos AS AppSecure and IDP on SRX650 One year security subscription for enterprise includes Sophos AV enhanced WF Sophos AS AppSecure and IDP on SRX650 Three year subscription for Juniper Kaspersky AV updates on SRX650 Three year subscription for Juniper Sophos AV updates on SRX650 Three year subscription for IDP updates on SRX650 SRX650 S2 AS 3 SRX650 W WF 3 SRX650 SMB4 CS 3 SRX650 S SMB4 CS3 SRX BGP ADV LTU SRX65
30. es Yes Yes 600 K 192 712K 256 800K Concurrent VPN tunnels Tunnel interfaces DES 56 bit 3DES 168 bit and AES 256 bit MD 5 SHA 1 and SHA 2 authentication Manual key Internet Key Exchange IKE vl v2 public key infrastructure PKI X 509 Perfect forward secrecy DH Groups Prevent replay attack Dynamic remote access VPN IPsec NAT traversal Redundant VPN gateways Number of remote access users Yes Yes hea Yes Yes Yes Yes 25 users Yes Yes 125 Yes Yes Yes Yes 25 users User Authentication and Access Control Third party user authentication RADIUS accounting XAUTH VPN Web based 802 X authentication PKI certificate requests PKCS 7 and PKCS 10 Certificate Authorities supported Virtualization RADIUS RSA SecurelD LDAP Yes Yes Yes VeriSign Entrust Microsoft RSA Keon iPLanet Netscape Baltimore DoD PKI RADIUS RSA SecurelD LDAP Yes Yes Yes VeriSign Entrust Microsoft RSA Keon iPLanet Netscape Baltimore DoD PKI Yes Yes hea Yes Yes Yes Yes 50 users RADIUS RSA SecurelD LDAP Yes Yes Yes VeriSign Entrust Microsoft RSA Keon iPLanet Netscape Baltimore DoD PKI Yes Yes 1255 Yes Yes Yes Yes 150 users RADIUS RSA SecurelD LDAP Yes Yes Yes VeriSign Entrust Microsoft RSA Keon iPLanet Netscape Baltimore DoD PKI Yes
31. ies for the branch runs Junos OS the proven operating system that is used by core Internet routers in all of the top 100 service providers around the world The rigorously tested carrier class routing features of IPv4 IPv6 OSPF BGP and multicast have been proven in over 15 years of worldwide deployments SRX Series for the branch provides perimeter security content security application visibility tracking and policy enforcement role based access control and network wide threat visibility and control Using zones and policies network administrators can configure and deploy branch SRX Series gateways quickly and securely The SRX Series also includes wizards for firewall IPsec VPN NAT and initial setup to simplify configurations out of the box Policy based VPNs support more complex security architectures that require dynamic addressing and split tunneling For content security SRX Series for the branch offers a complete suite of Unified Threat Management UTM services consisting of intrusion prevention system IPS application security AppSecure on box and cloud based antivirus antispam enhanced Web filtering and data loss prevention to protect your network from the latest content borne threats Select SRX Series models feature Content Security Accelerator for high performance IPS and antivirus scanning The branch SRX Series integrates with other Juniper security products to deliver enterprise wide unified access control UAC and adap
32. ility Junos OS Services Redundancy Protocol JSRP is a core feature of the SRX Series for the branch JSRP enables a pair of SRX Series systems to be easily integrated into a high availability network architecture with redundant physical connections between the systems and the adjacent network switches With link redundancy Juniper Networks can address many common causes of system failures such as a physical port going bad or a cable getting disconnected to ensure that a connection is available without having to fail over the entire system This is consistent with a typical active standby nature of routing resiliency protocols When SRX Series Services Gateways for the branch are configured as an active active HA pair traffic and configuration is mirrored automatically to provide active firewall and VPN session maintenance in case of a failure The branch SRX Series synchronizes both configuration and runtime information As a result during failover synchronization of the following information is shared connection session state and flow information IPSec security associations Network Address Translation NAT traffic address book information configuration changes and more In contrast to the typical router active standby resiliency protocols such as Virtual Router Redundancy Protocol VRRP all dynamic flow and session information is lost and must be reestablished in the event of a failover Some or all network sessions will have
33. itted and to find the next hop This efficient algorithm improves throughput and lowers latency for session traffic when compared with a classic router that performs multiple table lookups to verify session information and then to find a next hop route Figure 3 shows the session based forwarding algorithm When a new session is established the session based architecture within Junos OS verifies that the session is allowed by the forwarding policies If E 3G SRX110 gt c onnectivity mm A aa Small Office VDSL Ex4zco a E Hosted Web Server Server WLC800 Large HA Office SFP DS3 E3 Fo SRX550 xX SRX550 ee eee WLC200 EX3300 T EX3300 oll WLA532 Mid sized HA Branch CI Small Link HA Branch the session is allowed Junos OS will look up the next hop route in the routing table It then inserts the session and the next hop route into the session and forwarding table and forwards the packet Subsequent packets for the established session require a single table lookup in the session and forwarding table and are forwarded to the egress interface Security Policy Evaluation Session Initial hn and Next Hop Lookup Packet Processing Session and Forwarding Table Ingress Interface Forwarding for ___ gt o Permitted Traffic Disallowed by Policy Dropped _ Egress Interface Figure
34. mber Description SRX220 Additional Software Feature Licenses continued SRX220 K AV SRX220 S AV SRX220 IDP SRX220 S2 AS SRX220 W WF SRX220 SMB4 CS SRX220 S SMB4 CS mn RX220 K AV 3 nm RX220 S AV 3 SRX220 IDP 3 nm RX220 S2 AS 3 SRX220 W WF 3 nm RX220 SMB4 CS 3 SRX220 S SMB4 Go SRX220 K AV 5 SRX220 S AV 5 nm RX220 IDP 5 SRX220 W WF 5 nm RX220 SMB4 CS 5 SRX220 S SMB4 Go SRX RAC 5 LTU SRX RAC 10 LTU SRX RAC 25 LTU SRX RAC 50 LTU One year subscription for Juniper Kaspersky antivirus updates on SRX220 One year subscription for Juniper Sophos antivirus updates on SRX220 One year subscription for IDP updates on SRX220 One year subscription for Juniper Sophos antispam updates on SRX220 One year subscription for Juniper Websense Web filtering updates on SRX220 One year security subscription for enterprise includes Kaspersky AV enhanced WF Sophos AS AppSecure and IDP on SRX220 One year security subscription for enterprise includes Sophos AV enhanced WF Sophos AS AppSecure and IDP on SRX220 Three year subscription for Juniper Kaspersky antivirus updates on SRX220 Three year subscription for Juniper Sophos antivirus updates on SRX220 Three year subscription for IDP updates on SRX220 Three year subscription for Juniper Sophos antispam updates on SRX220 Three year subscription for Juniper Websense Web filtering updates on
35. nal license 2 SRX100B installed with 1 GB DRAM with 512 MB accessible Optional upgrade to 1GB DRAM is available with purchase of memory software license key Features and Benefits Secure Routing Should you use a router and a firewall to secure your network By building the branch SRX Series with best in class routing switching and firewall capabilities in one product enterprises don t have to make that choice Why forward traffic if it s not legitimate SRX Series for the branch checks the traffic to see if it is a legitimate and permitted and only forwards it on when it is This reduces the load on the network allocates bandwidth for all other mission critical applications and secures the network from malicious users Untrust Zone INTERNET Trust Zone The main purpose of a secure router is to provide firewall protection and apply policies The firewall zone functionality inspects traffic flows and state to ensure that originating and returning information in a session is expected and permitted for a particular zone The security policy determines if the session can originate in one zone and traverse to another zone This architectural choice receives packets from a wide variety of clients and servers and keeps track of every session of every application and of every user It allows the enterprise to make sure that only legitimate traffic is on its network and that traffic is flowing in the e
36. nd is only supported on high memory versions of the SRX Series UTM is not supported on the low memory version Please see the ordering section for options 2 BGP Route Reflector supported on SRX550 and SRX650 See ordering section for more information Specifications continued UTM continued Customer signatures creation Daily and emergency updates AppSecure AppTrack application visibility and tracking AppFW policy enforcement by application name Custom signatures Dynamic signature updates User based application policy enforcement Antivirus Express AV stream based AV not available on SRX100 and SRX110 File based antivirus gt Signature database Protocols scanned POP3 HTTP SMTP IMAP FTP Antispyware gt Anti adware gt Antikeylogger Cloud based antivirus Antispam Integrated enhanced Web filtering Category granularity 90 categories Real time threat score Redirect Web filtering Content Security Accelerator in SRX210 high memory SRX220 SRX240 SRX550 and SRX650 ExpressAV option in SRX210 high memory SRX220 high memory SRX240 SRX550 and SRX650 Content filtering Based on MIME type file extension and protocol commands VPN Tunnels GRE IP IP IPsec IPsec Data Encryption Standard DES 56 bit triple Data Encryption Standard 3DES 168 bit Advanced Encryption Standard AES 128 bit encryption Message Digest 5 MD5 SHA 1 SHA 128 SHA 256 authenticati
37. neous users for SRX220 SRX240 SRX550 and SRX650 One year subscription for Application Security and IPS updates for SRX220 Three year subscription for Application Security and IPS updates for SRX220 Five year subscription for Application Security and IPS updates for SRX220 SRX210 Base System SRX210BE SRX210HE SRX210HE POE SRX210 Services Gateway with 2 GbE 6 Fast Ethernet ports 1 Mini PlM slot 1 ExpressCard slot and base memory 512 MB RAM 1 GB Flash SRX210 Services Gateway with 2 GbE 6 Fast Ethernet ports 1 Mini PlM slot 1 ExpressCard slot and high memory 1 GB RAM 1GB Flash SRX210 Services Gateway with 2 GbE 6 Fast Ethernet ports 1 Mini PlM slot 1 ExpressCard slot and high memory 1 GB RAM 1 GB Flash with 4 ports PoE 50 W SRX210 Additional Hardware SRX210 DESK STAND SRX210 RMK SRX210 WALL KIT SRX210 PWR 6OW SRX210 PWR 150W SRX210 desk top stand holds one unit SRX210 rack mount kit for 19 in rack holds one unit SRX210 wall mount kit holds one unit Spare SRX210 switching power supply 60 W non PoE Spare SRX210 switching power supply 150 W PoE SRX210 Additional Software Feature Licenses SRX210 K AV SRX210 S AV SRX210 IDP SRX210 S2 AS SRX210 W WF SRX210 SMB4 CS SRX210 S SMB4 CS SRX210 K AV 3 SRX210 S AV 3 SRX210 IDP 3 SRX210 S2 AS 3 One year subscription for Juniper Kaspersky antivirus updates on SRX210 One year subscrip
38. on Junos Pulse Dynamic VPN client browser based remote access feature requiring a license Multimedia Transport Compressed Real Time Transport Protocol CRTP High Availability VRRP JSRP Stateful failover and dual box clustering SRX550 SRX650 Redundant power optional GPIM hot swap Future internal failover and SRE hot swap OIR on SRX650 Backup link via 3G 4G LTE wireless or other WAN Active active L3 mode Active passive L3 mode Configuration synchronization Session synchronization for firewall and VPN Session failover for routing change Device failure detection Link failure detection IP Monitoring with route and interface failover IPv6 OSPFv3 RIPng IPv6 Multicast Listener Discovery MLD BGP ISIS Wireless CX111 Cellular 3G 4G LTE Broadband Data Bridge supported on all branch SRX Series devices 3G USB modem support for SRX100 SRX110 and SRX210 AX411 Wireless LAN Wi Fi 802 11 a b g n Access Point supported on all branch SRX Series devices SLA Measurement and Monitoring Real time performance monitoring RPM Sessions packets and bandwidth usage Juniper J Flow monitoring and accounting services IP Monitoring Logging Syslog Traceroute Extensive control and data plane structured and unstructured syslog Administration Juniper Networks Network and Security Manager support NSM Juniper Networks Junos Space Security Design support Juniper Networks STRM Series Security Threat Response
39. os AV updates Three year renewal subscription for Juniper Sophos antispam updates Five year renewal subscription for Juniper Sophos antispam updates One year renewal subscription for Juniper Sophos antispam updates SRX1XX W EWF 3 R SRX1XX W EWF 5 R SRX1XX W EWF R SRX1XX SMB4 CS R SRX1XX SMB4 CS 3 R SRX1XX SMB4 CS 5 R SRX1XX S SMB4 CS R SRX1XX S SMB4 SESE SRXIXX S SMB4 CS 5 R SRXIXX IDP R SRXIXX IDP 3 R SRXIXX IDP 5 R SRX100 APPSEC A 1 SRX100 APPSEC A 3 SRX100 APPSEC A 5 Three year renewal subscription for Juniper enhanced Websense enhanced Web filtering updates Five year renewal subscription for Juniper enhanced Websense enhanced Web filtering updates One year renewal subscription for Juniper enhanced Websense enhanced Web filtering updates One year renewal security subscription for enterprise includes Kaspersky AV enhanced WF Sophos AS AppSecure and IDP Three year renewal security subscription for enterprise includes Kaspersky AV enhanced WF Sophos AS AppSecure and IDP Five year renewal security subscription for enterprise includes Kaspersky AV enhanced WF Sophos AS AppSecure and IDP One year renewal security subscription for enterprise includes Sophos AV enhanced WF Sophos AS AppSecure and IDP Three year renewal security subscription for enterprise includes Sophos AV enhanced WF Sophos AS AppSecure and IDP Five year renewal security s
40. os SRX Series management Yes Yes Wes Ys Wes Wes NES of CX111 Internal 3G ExpressCard slot support No No Yes No No No No USB 3G support Yes Yes Yes No No No No Max WLAN access points supported with AX411 2 2 a 4 7 WLA Series access points and WLC Series controllers supported U an oe gt a ae gt a za Flash and Memory Memory minimum and 512 MB 1GB 512 MB 1 GB 1GB 1GB 2 GB 2 GB 2 GB maximum DRAM accessible 1GB Memory slots Fixed memory Fixed memory Fixedmemory Fixed memory Fixed memory 2DIMM 4 DIMM Flash memory 1GB 1GB 1GB 1GB 1GB 2 GB 2 GB CF 2 GB CF externally externally internal internal on accessible accessible SRE external slot empty up to 2 GB CF supported USB port for external storage Yes Yes Yes Yes Yes Yes Yes Dimensions and Power Dimensions W x H x D 8 5 x 1 4 x 5 8 11 02 x 1 72 x 11 02 x 1 73 x 11 02 x 1 73 x 17 5 x 1 75 x 5x 18 2 4 2 in 21 6 x3 6x 8 385in 712 in 7 04 in 28 x 15 1 in in 44 4x8 8x in 44 4 x 8 8 x 14 7 cm 28 x 4 37 x 28 0 x 4 4 X 4 4 x 17 9 cm 44 4 X 4 4 X 46 2 cm 46 2 cm 21 3 cm 18 1cm 38 5 cm Weight device and power 2 5 lb 1 1 kg 6 7 lb 3 3 lb 1 5 kg 3 43 lb For LM and 21 96 lb 24 9 lb supply 3 06 kg non PoE 1 56 kg HM AC 11 2lb 9 96 kg 11 3 kg 4 4 lb non PoE 51kg No interface No interface 2 kg PoE No interface For HM DC modules modules No interface modules 12 56 lb 5 7 1power supply 1 power supply modules kg 12 3 lb 5 6 kg PoE No interface
41. phos AS AppSecure and IDP on SRX240 Five year subscription for Juniper Kaspersky antivirus updates on SRX240 Five year subscription for Juniper Sophos antivirus updates on SRX240 Five year subscription for IDP updates on SRX240 SRX240 S2 AS 5 SRX240 W WF 5 SRX240 SMB4 CS 5 SRX240 S SMB4 Cs 5 SRX240 S2 AS 5 SRX240 W WF 5 SRX240 SMB2 CS 5 SRX240 S SMB CS 5 SRX RAC 5 LTU SRX RAC 10 LTU SRX RAC 25 LTU SRX RAC 50 LTU SRX RAC 100 LTU SRX RAC 150 LTU SRX RAC 250 LTU SRX240 APPSEC A 1 SRX240 APPSEC A 3 SRX240 APPSEC A 5 Five year subscription for Juniper Sophos antispam updates on SRX240 Five year subscription for Juniper Websense Web filtering updates on SRX240 Five year security subscription for enterprise includes Kaspersky AV enhanced WF Sophos AS AppSecure and IDP on SRX240 Five year security subscription for enterprise includes Sophos AV enhanced WF Sophos AS AppSecure and IDP on SRX240 Five year subscription for Juniper Sophos antispam updates on SRX240 Five year subscription for Juniper Websense Web filtering updates on SRX240 Five year security subscription for enterprise includes Kaspersky antivirus Web filtering Sophos antispam and IDP on SRX240 Five year security subscription for enterprise includes Sophos antivirus Web filtering Sophos antispam and IPS on SRX240 Dynamic VPN Client 5 simultaneous users for SRX100 SRX110 SRX210 SRX22
42. pport Point to Point Protocol over Ethernet PPPoE SRX110 pc n fe Juniper SRX650 SRX650 L2 Switching 802 1D RSTP MSTP 802 3ad LACP 802 1x LLDP 802 lad O in O IGMP Snooping Layer 2 switching with high availability Traffic Management Ouality of Service OoS 802 1p DSCP EXP Marking policing and shaping Class based queuing with prioritization Weighted random early detection WRED Queuing based on VLAN data link connection identifier DLCI interface bundles or multi field MF filters Guaranteed bandwidth Maximum bandwidth Ingress traffic policing Priority bandwidth utilization DiffServ marking Virtual channels Security Firewall Firewall zones screens policies Stateful firewall stateless filters Network attack detection Screens denial of service DoS and provides distributed denial of service DDoS protection anomaly based Prevent replay attack Anti Replay Unified Access Control TCP reassembly for fragmented packet protection Brute force attack mitigation SYN cookie protection Zone based IP spoofing Malformed packet protection UTM Intrusion Prevention System IPS Protocol anomaly detection Stateful protocol signatures Intrusion prevention system IPS attack pattern obfuscation User role based policies 1 Unified Threat Management antivirus antispam Web filtering AppSecure and IPS require individual subscription license a
43. rated power supply with power cord and 19 rack mount kit included SRX240 Services Gateway with 16 x GbE ports 4x mini PIM slots and high memory 2 GB RAM 2 GB Flash with 16 ports PoE 150 W integrated power supply with power cord and 19 rack mount kit included SRX240 Services Gateway with 16 x GbE ports 4x mini PIM slots and high memory 2 GB RAM 2 GB Flash integrated 48 V DC power supply with 19 rack mount kit included Ordering Information continued Model Number Description SRX240 Base Systems continued SRX240B SRX240H SRX240H POE SRX240 RMK SRX240H TAA SRX240H POE TAA SRX240H DC SRX240 Additional Software Feature Licenses SRX240 K AV SRX240 S AV SRX240 IDP SRX240 S2 AS SRX240 W WF SRX240 SMB4 CS SRX240 S SMB4 CS SRX240 K AV 3 SRX240 S AV 3 SRX240 IDP 3 SRX240 S2 AS 3 SRX240 W WF 3 SRX240 SMB4 CS 3 SRX240 S SMB4 CS 3 SRX240 K AV 5 SRX240 S AV 5 SRX240 IDP 5 SRX240 Services Gateway with 16 GbE ports 4 Mini PlM slots and base memory 512 MB RAM 1 GB Flash S RX240 Services Gateway with 16 GbE ports 4 Mini PIM slots and high memory 1 GB RAM 1GB Flash SRX240 Services Gateway with 16 GbE ports 4 Mini PIM slots and high memory 1 GB RAM 1 GB Flash with 16 ports PoE 150 W SRX240 rack mount kit for 19 in rack holds one unit Trade Agreement Act compliant SRX240 Services Gateway with 16 GbE ports 4 Mini PIM slots
44. tion for Juniper Sophos antivirus updates on SRX210 One year subscription for IDP updates on SRX210 One year subscription for Juniper Sophos antispam updates on SRX210 One year subscription for Juniper Websense Web filtering updates on SRX210 One year security subscription for enterprise includes Kaspersky AV enhanced WF Sophos AS AppSecure and IDP on SRX210 One year security subscription for enterprise includes Sophos AV enhanced WF Sophos AS AppSecure and IDP on SRX210 Three year subscription for Juniper Kaspersky antivirus updates on SRX210 Three year subscription for Juniper Sophos antivirus updates on SRX210 Three year subscription for IDP updates on SRX210 Three year subscription for Juniper Sophos antispam updates on SRX210 See price list for country specific power cord model numbers Ordering Information continued SRX210 Additional Software Feature Licenses continued SRX210 W WF 3 SRX210 SMB4 CS 3 SRX210 S SMB4 CS 3 SRX210 K AV 5 SRX210 S AV 5 SRX210 IDP 5 SRX210 S2 AS 5 SRX210 W WF 5 SRX210 SMB4 CS 5 SRX210 S SMB4 CS 5 SRX RAC 5 LTU SRX RAC 10 LTU SRX RAC 25 LTU SRX RAC 50 LTU SRX210 APPSEC A 1 SRX210 APPSEC A 3 SRX210 APPSEC A 5 Three year subscription for Juniper Websense Web filtering updates on SRX210 Three year security subscription for enterprise includes Kaspersky AV enhanced WF Sophos AS AppSecure and IDP on SRX210 Thre
45. tive threat management These capabilities give security professionals powerful tools in the fight against cybercrime and data loss SRX Series for the branch are secure routers that bring high performance and proven deployment capabilities to enterprises that need to build a worldwide network of thousands of sites The wide variety of options allow configuration of performance functionality and price scaled to support from a handful to thousands of users Ethernet serial Tl El DS3 E3 xDSL Wi Fi and 3G 4G LTE wireless are all available options for WAN or Internet connectivity to securely link your sites Multiple form factors allow you to make cost effective choices for mission critical deployments Managing the network is easy using the proven Junos OS command line interface CLI scripting capabilities a simple to use Web based GUI Juniper Networks Network and Security Manager NSM for large scale deployments or Juniper Networks Junos Space Security Design for centralized management Architecture and Key Components Key Hardware Features of the Branch SRX Series Products SRX100 Services Gateway SRX110 Services Gateway SRX210 Services Gateway SRX220 Services Gateway SRX240 Services Gateway SRX550 Services Gateway SRX650 Services Gateway Eight 10 100 Ethernet LAN ports and 1 USB port support for 3G USB Full UTM antivirus antispam enhanced Web filtering intrusion prevention system AppSecure
46. to restart depending on the convergence time of the links or nodes By maintaining state not only is the session preserved but security is kept intact In an unstable network this active active configuration also mitigates link flapping affecting session performance High Availability Active Standby Active Standby k a i Y INTERNET INTERNET nof ce eT ex Active mEl m Standby Failure EN Active EX Series B p Series EX Series as EX Senes Ee I Hoe Bo Active Active PENN EIRENE TNTEBNCT y INTERNET Active M aal Active Failure Active EX Series a EX Series EX Series p gt ae EX Series num fc llin Mini llin Bu Bu Bl Mi l m Eu Em mi Figure 2 High availability Session Based Forwarding Without the Performance Hit In order to optimize the throughput and latency of the combined router and firewall Junos OS implements session based forwarding an innovation that combines the session state information of a traditional firewall and the next hop forwarding of a classic router into a single operation With Junos OS a session that is permitted by the forwarding policy is added to the forwarding table along with a pointer to the next hop route Established sessions have a single table lookup to verify that the session has been perm
47. to 90 10 to 90 10 to 90 10 to 90 10 to 90 noncondesing noncondesing _ noncondesing noncondesing noncondesing noncondesing noncondesing Humidity nonoperating 5 to 95 5 to 95 5 to 95 5 to 95 5 to 95 5 to 95 5 to 95 noncondesing noncondesing noncondesing noncondesing noncondesing noncondesing _ noncondesing Mean time between failures 24 8 years 24 8 years 14 03 years 13 46 years 11 97 years 9 6 years 9 6 years Telcordia model SRX100B SRX210HE SRX220H SRX240B with with 24 8 years 10 26 years 11 06 years 11 63 years redundant redundant SRX100H SRX210HE SRX220H SRX240H power power PoE PoE 9 92 years SRX240H PoE There are several models available for the SRX210 and SRX240 including the enhanced version Please contact your Juniper or partner account representative for more information Product Comparison continued ur o I SRX100 SRXIIO SRX210 SRX220 SRX240 SRX550 SRX650 Certifications and Network Homologation Safety certifications EMC certifications Network homologation Canada Safety certifications EMC certifications Network homologation Australia Safety certifications EMC certifications Network homologation New Zealand Safety certifications EMC certifications Network homologation Japan Safety certifications EMC certifications Network homologation European Union Safety certifications EMC certifications Network homologation Juniper Networks Services
48. ubscription for enterprise includes Sophos AV enhanced WF Sophos AS AppSecure and IDP One year renewal subscription for IDP Signature service Three year renewal subscription for IDP Signature service Five year renewal subscription for IDP Signature service One year subscription for Application Security and IPS updates for SRX100 Three year subscription for Application Security and IPS updates for SRX100 Five year subscription for Application Security and IPS updates for SRX100 The additional software feature licenses apply to both the SRX100 and the SRXIIO About Juniper Networks Juniper Networks is in the business of network innovation From devices to data centers from consumers to cloud providers Juniper Networks delivers the software silicon and systems that transform the experience and economics of networking The company serves customers and partners worldwide Additional information can be found at www juniper net Corporate and Sales Headguarters APAC Headquarters EMEA Headquarters To purchase Juniper Networks solutions Juniper Networks Inc Juniper Networks Hong Kong Juniper Networks Ireland please contact your Juniper Networks 1194 North Mathilda Avenue 26 F Cityplaza One Airside Business Park representative at 1 866 298 6428 or Sunnyvale CA 94089 USA T11 King s Road Swords County Dublin Ireland authorized reseller Phone 888 JUNIPER 888 586 4737 Taikoo Shing Hong Kong Phone 35 31 8903 6
49. xed ports 10 100 1000 Ethernet LAN ports 8 GPIM slots or multiple GPIM and XPIM combinations Support for T1 E1 DS3 E3 Ethernet ports supports up to 52 Ethernet ports including SFP 48 switch ports with optional PoE including 802 3at PoE backwards compatible with 802 3af or 52 non PoE 10 100 1000 Copper ports I0GbE Content Security Accelerator hardware for faster performance of IPS and ExpressAV Full UTM antivirus antispam enhanced Web filtering and intrusion prevention system AppSecure Unified Access Control and content filtering Modular Services and Routing Engine future internal failover and hot swap 2 GB DRAM default 2 GB compact flash default external compact flash slot for additional storage Optional redundant AC power standard AC power supply that is PoE ready PoE power up to 250 watts single power supply or 500 watts dual power supply Network Deployments The SRX Series Services Gateways for the branch are deployed at remote and branch locations in the network to provide all in one secure WAN connectivity and connection to local PCs and servers via integrated Ethernet switching 1 Unified Threat Management antivirus antispam Web filtering AppSecure and IPS require a subscription license and the high memory system option to use the feature UTM is not supported on the low memory version Please see the ordering section for options Content Filtering and UAC are part of the base software with no additio
50. xpected direction Intranet Guest Zone Figure 1 Firewalls zones and policies To ease the configuration of a firewall SRX Series for the branch uses two features zones and policies While these can be user defined the default shipping configuration contains at a minimum a trust and untrust zone The trust zone is used for configuration and attaching the internal LAN to the branch SRX Series The untrust zone is commonly used for the WAN or untrusted Internet interface To simplify installation and make configuration easier a default policy is in place that allows traffic originating from the trust zone to flow to the untrust zone This policy blocks all traffic originating from the untrust zone to the trust zone A traditional router forwards all traffic without regard to a firewall session awareness or policy origination and destination of a session By using the Web interface or CLl enterprises can create a series of security policies that will control the traffic from within and in between zones by defining policies At the broadest level all types of traffic can be allowed from any source in security zones to any destination in all other zones without any scheduling restrictions At the narrowest level policies can be created that allow only one kind of traffic between a specified host in one zone and another specified host in another zone during a scheduled time period High Availab
Download Pdf Manuals
Related Search