Juniper SRX210-RMK rack accessory
Contents
1. SRX100 DESK STAND SRX100 Services Gateway with 8xFE ports and base memory On board 1 GB RAM w 512 MB accessible 1 GB flash SRX100 Services Gateway with 8xFE ports and high memory 1 GB RAM 1 GB flash Spare SRX100 switching power supply 30 W non POE SRX100 19 rack mount kit holds two units SRX100 wall mount kit holds one unit SRX100 desk stand holds one unit See price list for country specific power cord model numbers Ordering Information continued MODEL NUMBER DESCRIPTION Additional Software Feature Licenses SRX100 MEM LIC UPG SRX100 K AV SRX100 W WF SRX100 IDP SRX100 K AV 3 SRX100 SMB2 CS SRX100 W WF 3 SRX100 IDP 3 SRX100 S2 AS SRX100 S2 AS 3 SRX100 SMB2 CS 3 SRX100 K AV 5 SRX100 IDP 5 SRX100 S2 AS 5 SRX100 W WF 5 SRX100 SMB2 CSS Dynamic VPN Client SRX RAC 5 LTU SRX RAC 10 LTU SRX RAC 25 LTU SRX100 memory software license upgrades SRX100B model from 512 MB RAM to 1GB RAM One year subscription for Juniper Kaspersky antivirus updates on SRX100 One year subscription for Juniper Websense Web filtering updates on SRX100 One year subscription for IDP updates on SRX100 Three year subscription for Juniper Kaspersky antivirus updates on SRX100 One year security subscription for enterprise includes Kaspersky antivirus Web filtering Sophos antispam and IDP on SRX100 Three year subscription for Juniper Websense Web filtering updates on SRX12. 179 W PoE 50 60 Hz 1 0 A 100 VAC for LM 1 1A 100 VAC for HM 3 0 A 100 VAC for PoE 4O A for LM HM 45 A for PoE 208 BTU Hr SRX240B 222 BTU Hr SRX240H 249 BTU Hr SRX240H PoE 344 BTU Hr SRX210B 369 BTU Hr SRX210H 413 BTU Hr SRX210H PoE No 54 1 dB SRX650 4 DIMM 2 GB CF internal on SRE External slot empty up to 2 GB CF supported Yes 17 5 x 3 5 x 18 2 in 44 4 x 8 8 x 46 2 cm 24 9 lb 11 3 kg No interface modules 1 power supply Yes 2 RU 100 240 VAC Single 645 W or Dual 645 W 247 W redundant or 494 W non redundant 122 W 50 60 Hz 5 3 A at 100 VAC with single PSU with PoE 8 3 A at 100 VAC with dual PSU with PoE 45 A for 2 cycle 319 BTU Hr 699 BTU Hr Yes up to maximum capacity of single PSU 60 9 dB Environment Operational temperature 32 to 104 F 32 to 104 F 32 to 104 F 32 to 104 F 0 to 40 C 0 to 40 C 0 to 40 C 0 to 40 C Nonoperational temperature 4 to 158 F 4 to 158 F 4 to 158 F 4 to 158 F 20 to 70 C 20 to 70 C 20 to 70 C 20 to 70 C Humidity 10 90 noncondensing 10 90 noncondensing 10 90 noncondensing 10 90 noncondensing Mean time between failures Telcordia model 24 8 years SRX100B 15 2 years SRX210B 15 2 years SRX240B 9 6 years 24 8 years SRX100H 14 3 years SRX210H 14 3 years SRX240H with redundant power 10 4 years SRX210H 10 4 years SRX240H PoE
3. ExpressCard slot AX411 Wireless LAN WLAN Access Point supported on all branch SRX Series devices SLA and Measurement Real time performance monitoring RPM Top talkers sessions packets bandwidth usage Logging and Monitoring Syslog Traceroute Administration Juniper Networks Network and Security Manager support Juniper Networks STRM Series Security Threat Response Managers support Juniper Networks Advanced Insight Solutions support External administrator database RADIUS LDAP SecurelD Auto configuration Configuration rollback Rescue configuration with button Commit confirm for changes Auto record for diagnostics Software upgrades J Flow flow monitoring and accounting services Product Comparison J Web Maximum Performance and Capacity Junos OS 10 0 Junos OS 10 0 Junos OS 10 0 750 Mbps 1 5 Gbps 7Gbps 250 Mbps 500 Mbps 2 5 Gbps 80 Kpps 200 Kpps 900 Kpps 75 Mbps 250 Mbps 1 5 Gbps 256 1 000 3 000 80 Mbps 250 Mbps 900 Mbps 30 Mbps 85 Mbps 350 Mbps 2 000 9 000 30 000 32K 64 K 64 K 128 K 5IZKS 512 MB 1 GB DRAM 512 MB 1GB DRAM 2GBDRAM 512 4096 8192 Unrestricted Unrestricted Unrestricted 2 x 10 100 1000BASE T 6x 10 100 1x SRX Mini PIM 16 x 10 100 1000BASE T 4 x SRX Mini PIM 4 x 10 100 1000BASE T 8x GPIM or multiple GPIM and XPIM combinations N A N A 23 Yes No No See ordering information See ordering information See ordering information Junos OS version tested
4. PoE Certifications and Network Homologation USA Safety certifications UL 60950 1 UL 60950 1 UL 60950 1 UL 60950 1 EMC certifications FCC Class B FCC Class B FCC Class A FCC Class A Network homologation TIA 968 TIA 968 TIA 968 TIA 966 Canada Safety certifications CSA 60950 1 CSA 60950 1 CSA 60950 1 CSA 60950 1 EMC certifications ICES class B ICES class B ICES class A ICES class A Network homologation cs 03 CS 03 CS 03 CS 03 Australia Safety certifications AS NZS 60950 1 AS NZS 60950 1 AS NZS 60950 1 AS NZS 60950 1 EMC certifications AS NZS CISPR22 AS NZS CISPR22 AS NZS CISPR22 AS NZS CISPR22 Class B Class B Class A Class A Network homologation ASWAEIES 0027SI0lE AS AAC ESOS AS AGIBSIOO2Z7S Ol6me AS ZAGIES Ole S 043 1 S043 2 S 043 1 S043 2 S 043 1 S043 2 New Zealand Safety certifications AS NZS 60950 1 AS NZS 60950 1 AS NZS 60950 1 AS NZS 60950 1 EMC certifications AS NZS CISPR22 AS NZS CISPR22 AS NZS CISPR22 AS NZS CISPR22 Class B Class B Class A Class A Network homologation PTC 217 PTC 273 PTC 217 PTC 273 PIEPIABIEZIS PTC 217 Japan Safety certifications CB Scheme CB Scheme CB Scheme CB Scheme EMC certifications VCCI Class B VCCI Class B VCCI Class A VCCI Class A Network homologation Certificate for Technical Certificate for Technical Certificate for Technical Certificate for Technical Conditions Conditions Conditions Conditions European Union Safety certifications EN 60950 1 EN 60950 1 EN 60950 1 EN 60
5. Junos OS 10 0 Firewall performance large packets 650 Mbps Firewall performance IMIX 200 Mbps Firewall routing PPS 64 Byte 75 Kpps AES256 SHA 1 3DES SHA 1 VPN performance 65 Mbps IPsec VPN Tunnels 128 IPS intrusion prevention system 60 Mbps Antivirus 25 Mbps Connections per second 2 000 Maximum concurrent sessions 16 K 32 K DRAM options 512 MB8 1 GB DRAM Maximum security policies 384 Maximum users supported Unrestricted Network Connectivity Fixed I O 8x 10 100 1 O slots N A Services and Routing Engine slots N A ExpressCard slot 3G WAN No WAN LAN interface options N A Optional maximum number of PoE ports N A USB 1 Routing BGP instances 5 BGP peers 8 BGP routes 4K 8K OSPF instances 4 OSPF routes 4K 8K RIP v1 v2 instances 4 RIP v2 routes 4AK 8K Static routes 4K 8K Up to 4 ports of Up to 16 ports of Up to 48 ports of 802 3af with 802 3af at with 802 3af at with maximum 50 W maximum 150 W maximum 247 W 2 2 2 per SRE 10 20 64 16 32 256 8K 16 K 32 K 64 K 1M 10 20 64 8K 16K 32 K 64K 1M 10 20 64 8K 16K 32 K 64K 1M 8K 16 Kk 32 K 64K 1M8 Routing continued Source based routing Policy based routing Equal cost multipath ECMP Reverse path forwarding RPF Layer 2 VPN VPLS Layer 3 VPN LDP RSVP Circuit Cross connect CCC Translational Cross connect TCC Multicast IGMP v1 v2 v3 Protocol independent multicast PIM sparse mode SM PIM dense mode DM
6. PIM source specific multicast SSM Multicast inside IPsec tunnel IPsec VPN Concurrent VPN tunnels Tunnel interfaces DES 56 bit 3DES 168 bit and AES 256 bit MD 5 and SHA authentication Manual key Internet Key Exchange IKE public key infrastructure PKI X 509 Perfect forward secrecy DH Groups Prevent replay attack Dynamic remote access VPN IPsec NAT traversal Redundant VPN gateways User Authentication and Access Control 2S Yes Yes Yes Yes 12 5 Yes Yes Yes Yes 125 Yes Yes Yes Yes 125 Yes Yes Yes Third party user authentication RADIUS accounting XAUTH VPN Web based 802 X authentication PKI certificate requests PKCS 7 and PKCS 10 Certificate Authorities supported Virtualization RADIUS RSA SecurelD LDAP Yes Yes Yes VeriSign Entrust Microsoft RSA Keon iPLanet Netscape Baltimore DoD PKI RADIUS RSA SecurelD LDAP Yes Yes Yes VeriSign Entrust Microsoft RSA Keon iPLanet Netscape Baltimore DoD PKI RADIUS RSA SecurelD LDAP Yes Yes Yes VeriSign Entrust Microsoft RSA Keon iPLanet Netscape Baltimore DoD PKI RADIUS RSA SecurelD LDAP Yes Yes Yes VeriSign Entrust Microsoft RSA Keon iPLanet Netscape Baltimore DoD PKI Maximum number of security zones Maximum number of virtual routers Maximum number of VLANs Encapsulations 512 PPP MLPPP MLPPP maximum physical interfaces
7. on SRX210 Three year subscription for IDP updates on SRX210 Three year subscription for Juniper Sophos antispam updates on SRX210 Three year subscription for Juniper Websense Web filtering updates on SRX210 Three year security subscription for enterprise includes Kaspersky antivirus Web filtering Sophos antispam and IDP on SRX210 Five year subscription for Juniper Kaspersky antivirus updates on SRX210 Five year subscription for IDP updates on SRX210 Five year subscription for Juniper Sophos antispam updates on SRX210 Five year subscription for Juniper Websense Web filtering updates on SRX210 Five year security subscription for enterprise includes Kaspersky antivirus Web Filtering Sophos antispam and IDP on SRX210 Dynamic VPN Client 5 simultaneous users for SRX100 SRX210 and SRX240 only Dynamic VPN Client 10 simultaneous users for SRX100 SRX210 and SRX240 only Dynamic VPN Client 25 simultaneous users for SRX100 SRX210 and SRX240 only Dynamic VPN Client 50 simultaneous users for SRX240 only Small Form Factor Pluggable SFP Transceivers SRX SFP 1GE LH SRX SFP IGE LX SRX SFP 1GE SX SRX SFP 1GE T SRX SFP FE FX SFP 1000BASE LH Optical Transceiver SFP 1000BASE LX Optical Transceiver SFP 1000BASE SX Optical Transceiver SFP 1000BASE T Copper Transceiver SFP 100BASE FX Optical Transceiver SRX100 Base System SRX100B SRX100H Additional Hardware SRX100 PWR 30W SRX 100 RMK SRX100 WALL KIT
8. 00 Three year subscription for IDP updates on SRX100 One year subscription for Juniper Sophos antispam updates on SRX100 Three year subscription for Juniper Sophos antispam updates on SRX100 Three year security subscription for enterprise includes Kaspersky antivirus Web filtering Sophos antispam and IDP on SRX100 Five year subscription for Juniper Kaspersky antivirus updates on SRX100 Five year subscription for IDP updates on SRX100 Five year subscription for Juniper Sophos antispam updates on SRX100 Five year subscription for Juniper Websense Web filtering updates on SRX100 Five year security subscription for enterprise includes Kaspersky antivirus Web Filtering Sophos antispam and IDP on SRX100 5 simultaneous users for SRX100 SRX210 and SRX240 only 10 simultaneous users for SRX100 SRX210 and SRX240 only 25 simultaneous users for SRX100 SRX210 and SRX240 only Notes Notes About Juniper Networks Juniper Networks Inc is the leader in high performance networking Juniper offers a high performance network infrastructure that creates a responsive and trusted environment for accelerating the deployment of services and applications over a single network This fuels high performance businesses Additional information can be found at www juniper net Corporate and Sales Headquarters Juniper Networks Inc 1194 North Mathilda Avenue Sunnyvale CA 94089 USA Phone 888 JUNIPER 888 586 473
9. 7 or 408 745 2000 Fax 408 745 2100 www juniper net APAC Headquarters Juniper Networks Hong Kong 26 F Cityplaza One 1111 King s Road Taikoo Shing Hong Kong Phone 852 2332 3636 Fax 852 2574 7803 EMEA Headquarters Juniper Networks Ireland Airside Business Park Swords County Dublin Ireland Phone 35 31 8903 600 EMEA Sales 00800 4586 4737 Fax 35 31 8903 601 Copyright 2009 Juniper Networks Inc All rights reserved Juniper Networks the Juniper Networks logo Junos NetScreen and ScreenOS are registered trademarks of Juniper Networks Inc in the United States and other countries All other trademarks service marks registered marks or registered service marks are the property of their respective owners Juniper Networks assumes no responsibility for any inaccuracies in this document Juniper Networks reserves the right to change modify transfer or otherwise revise this publication without notice 1000281 005 EN Nov2009 To purchase Juniper Networks solutions please contact your Juniper Networks representative at 1 866 298 6428 or authorized reseller Printed onrecycled paper
10. 950 1 EMC certifications EN 55022 Class B EN 55022 Class B9 EN 55022 Class A EN 55022 Class A EN 300386 EN 300386 EN 300386 EN 300386 Network homologation CMRiZ ECR Al CHRIZ EL CUR Zl MRE Cir Al EIRI2723ID0 Doc Doc Doc 1 BGP Route Reflector supported on SRX650 See ordering section for more information 2 Unified Threat Management antivirus antispam Web filtering and IPS require a subscription license and the high memory system option to use the feature UTM is not supported on the low memory version Please see the ordering section for options Content Filtering and UAC are part of the base software with no additional license 3 High availability VRRP supported on all SRX Series products SRX240 and SRX650 will support high availability features in Junos 9 6 4 Supported in 9 5 in packet mode without services 5 When UTM is enabled capacities supported are low memory specifications on high memory system options 6 When UTM is enabled concurrent sessions supported is 50 Of value shown 7 Multicast features in SRX240 and SRX650 are supported as of the 9 6 release 8 SRX100B installed with 1 GB DRAM with 512 MB accessible Optional upgrade to 1 GB DRAM is available with purchase of memory software license key 9 SRX210H POE is Class A 10 Available Q1 2010 Juniper Networks Services and Support Juniper Networks is the leader in performance enabling services and support which are designed to accelerate extend and op
11. Feature Licenses continued SRX650 SMB2 CS 3 SRX BGP ADV LTU SRX650 K AV 5 SRX650 IDP 5 SRX650 S2 AS 5 SRX650 W WF 5 SRX650 SMB2 CS 5 SRX240 Base System SRX240B SRX240H SRX240H POE SRX240 RMK Interface Modules SRX MP 1SERIAL SRX MP 1ADSL2 A SRX MP 1ADSL2 B SRX MP 1SFP SRX MP ITIEI Additional Software Featu SRX240 IDP SRX240 S2 AS SRX240 W WF SRX240 SMB2 CS SRX240 K AV 3 SRX240 IDP 3 SRX240 S2 AS 3 SRX240 W WF 3 Three year security subscription for enterprise includes Kaspersky antivirus Web filtering Sophos antispam and IDP on SRX650 Advanced BGP on SRX650 Route Reflector Five year subscription for Juniper Kaspersky antivirus updates on SRX650 Five year subscription for IDP updates on SRX650 Five year subscription for Juniper Sophos antispam updates on SRX650 Five year subscription for Juniper Websense Web filtering updates on SRX650 Five year security subscription for enterprise includes Kaspersky antivirus Web Filtering Sophos antispam and IDP on SRX650 SRX240 Services Gateway with 16 Gigabit Ethernet ports 4 Mini PIM slots and base memory 512 MB RAM 1 GB Flash SRX240 Services Gateway with 16 Gigabit Ethernet ports 4 Mini PIM slots and high memory 1 GB RAM 1 GB Flash SRX240 Services Gateway with 16 Gigabit Ethernet ports 4 Mini PIM slots and high memory 1 GB RAM 1 GB Flash with 16 ports PoE 150 W SRX240 Rack mount kit f
12. Frame Relay MLFR FRF 15 FRF 16 MLFR maximum physical interfaces HDLC Address Translation Source NAT with Port Address Translation PAT Static NAT Destination NAT with PAT IP Address Assignment ri es RA a Ca MA AMERO ESOS Tania ia aa ss PEIE LE EEEE Aaa DHCP PPPoE client Yes Yes Yes Yes Internal DHCP server Yes Yes Yes Yes DHCP relay Yes Yes Yes Yes L2 Switching i a road aretes E Prieta Air Aa ae INEA E Link Aggregation 802 3ad LACP Yes Yes Yes Yes Jumbo Frame 9216 Byte No Yes Yes Yes Spanning Tree Protocol STP 802 1D RSTP Yes Yes Yes Yes 802 1w MSTP 802 1s Authentication 802 1x Port based and multiple Yes Yes Yes Yes supplicant Traffic Management Quality of Service QoS ES a ae 3 A ER ee ee Un AAN EE ET Maximum bandwidth Yes Yes Yes Yes Ingress traffic policing Yes Yes Yes Yes Priority bandwidth utilization Yes Yes Yes Yes DiffServ marking Yes Yes Yes Yes High Availability an de a IE EINEN DREI IE EEE NE EEEE m VOEE iodo oi DI me TEE 23 retenido Active passive L3 mode Yes Yes Yes Yes Configuration synchronization Yes Yes Yes Yes VRRP Yes Yes Nes Yes Session synchronization for firewall and VPN Yes Yes Yes Yes Session failover for routing change Yes Yes Yes Yes Device failure detection Yes Yes Yes Yes Link failure detection Yes Yes Yes Yes Firewall E a ene es E Ca riadas R E lt tod E E EE a E E EEEN o EE E EEE DoS and DDos protection Yes Yes Yes Yes TCP reassembly for fragmen
13. IM for branch SRX Series 1 port ADSL2 Mini PIM supporting ADSL ADSL2 ADSL2 Annex A 1 port ADSL2 Mini PIM supporting ADSL ADSL2 ADSL2 Annex B 1 port SFP Mini Physical Interface Module Mini PIM for branch SRX Series l port T1 or El Mini Physical Interface Module Mini PIM for branch SRX Series SRX210 desk top stand Holds one unit SRX210 Rack mount kit for 19 in rack Holds one unit SRX210 Wall mount kit Holds one unit Spare SRX210 switching power supply 60 W non PoE Spare SRX210 switching power supply 150 W PoE See price list for country specific power cord model numbers MODEL NUMBER DESCRIPTION Additional Software Feature Licenses SRX210 K AV SRX210 IDP SRX210 S2 AS SRX210 W WF SRX210 SMB2 CS SRX210 K AV 3 SRX210 IDP 3 SRX210 S2 AS 3 SRX210 W WF 3 SRX210 SMB2 cS SRX210 K AV 5 SRX210 IDP 5 SRX210 S2 AS 5 SRX210 W WF 5 SRX210 SMB2 CS 3 SRX RAC 5 LTU SRX RAC 10 LTU SRX RAC 25 LTU SRX RAC 50 LTU One year subscription for Juniper Kaspersky antivirus updates on SRX210 One year subscription for IDP updates on SRX210 One year subscription for Juniper Sophos antispam updates on SRX210 One year subscription for Juniper Websense Web filtering updates on SRX210 One year security subscription for enterprise includes Kaspersky antivirus Web filtering Sophos antispam and IDP on SRX210 Three year subscription for Juniper Kaspersky antivirus updates
14. JUNIP EL o NETWORKS SRX SERIES SERVICES GATEWAYS FOR THE BRANCH SRX100 SRX210 SRX240 AND SRX650 E Product Description Product Overview The Juniper Networks SRX Series Services Gateways for the branch joins Juniper Networks SRX Series for the high end EX Series Ethernet Switches M Series Multiservice Edge Routers MX Series 3D Universal Edges Routers and T Series Core Routers to provide a single Juniper Networks Junos operating system based portfolio of unprecedented Juniper Networks SRX Series Services Gateways for the branch are secure routers that provide essential scale With Junos OS enterprises and service providers can lower deployment and capabilities that connect secure and operational costs across their entire distributed workforce manage work force locations sized SRX Series for the branch runs Junos OS the proven operating system that is used from handfuls to hundreds of users by core Internet routers in all of the top 100 service providers around the world The By consolidating fast highly available rigorously tested carrier class routing features of IPv4 IPv6 OSPF BGP and multicast switching routing security and have been proven in over 10 years of worldwide deployments applications capabilities in a single SRX Series Services Gateways for the branch provide perimeter security content device enterprises can economically security access control and network wide threat visibility and contro
15. SRE6 645AP Spare SRE6 H for SRX650 One is included in SRX650 Base System SRX650 BASE SRE6 645AP SRX650 chassis including fan tray No system processor SRE and no power supply unit Spare SRX650 fan tray One is included in SRX650 Chassis Spare SRX650 CHAS and included in SRX650 Base System SRX650 BASE SRE6 645AP Not included in SRX650 Chassis Spare SRX650 CHAS and not included in SRX650 Base System SRX650 BASE SRE6 645AP Optional as this is not required for normal operations but recommended for dusty environments Additional Software Feature Licenses SRX650 K AV SRX650 IDP SRX650 S2 AS SRX650 W WF SRX650 SMB2 CS SRX650 K AV 3 SRX650 IDP 3 SRX650 S2 AS 3 SRX650 W WF 3 One year subscription for Juniper Kaspersky antivirus updates on SRX650 One year subscription for IDP updates on SRX650 One year subscription for Juniper Sophos antispam updates on SRX650 One year subscription for Juniper Websense Web filtering updates on SRX650 One year security subscription for enterprise includes Kaspersky antivirus Web filtering Sophos antispam and IDP on SRX650 Three year subscription for Juniper Kaspersky antivirus updates on SRX650 Three year subscription for IDP updates on SRX650 Three year subscription for Juniper Sophos antispam updates on SRX650 Three year subscription for Juniper Websense Web filtering updates on SRX650 MODEL NUMBER DESCRIPTION Additional Software
16. at choice Why forward traffic if it s not legitimate SRX Series for the branch checks the traffic to see if it is legitimate and only forwards it on when it is This reduces the load on the network allocates bandwidth for all other mission critical applications and secures the network from hacking The main purpose of a secure router is to provide firewall protection and apply policies The firewall zone functionality inspects traffic flows and state to ensure that originating and returning information in a session is expected and permitted for a particular zone The security policy determines if the session 8 10 100 Ethernet LAN ports Full UTM2 antivirus antispam Web filtering intrusion prevention system with high memory version Unified Access Control UAC and content filtering 1 GB DRAM 1 GB flash default 512 MB DRAM accessible in low memory version 210 100 1000 Ethernet and 6 10 100 Ethernet LAN ports 1 Mini PIM slot 1 ExpressCard slot and 2 USB ports Factory option of 4 dynamic Power over Ethernet PoE ports 802 3af Support for T1 El serial ADSL 2 2 Ethernet small form factor pluggable transceiver SFP and Gigabit Ethernet interfaces Content Security Accelerator hardware for faster performance of IPS and ExpressAV Full UTM antivirus antispam Web filtering intrusion prevention system with high memory version Unified Access Control UAC and content filtering 512 MB DRAM default optional factor
17. ceives packets from a wide variety of clients and servers and keeps track of every session of every application and of every user It allows the enterprise to make sure that only legitimate traffic is on its network and that traffic is flowing in the expected direction Figure 1 Firewalls zones and policies High Availability Active Standby SRX240 Active Standby EX Series EX Series PEE E E EHE SRX240 Active Mt EX Series EX Series common HE EHE Active Standby SRX240 A Active EX Series EX Series EX Series BCE Figure 2 High availability To ease the configuration of a firewall SRX Series for the branch uses two features zones and policies While these can be user defined the default shipping configuration contains at a minimum a trust and an untrust zone The trust zone is used for configuration and attaching the LAN to the branch SRX Series The untrust zone is used for the WAN or Internet interface To simplify installation and make configuration easier a default policy is in place that allows traffic originating from the trust zone to flow to the untrust zone This policy blocks ALL traffic originating from the untrust zone to the trust zone A traditional router forwards all traffic without regard to a firewall session awareness
18. e branch SRX Series will now synchronize both configuration and runtime information As a result during failover synchronization of the following information is shared connection session state and flow information IPsec security associations Network Address Translation NAT traffic address book information configuration changes and more In contrast to the typical router active standby resiliency protocols such as Virtual Router Redundancy Protocol VRRP all dynamic flow and session information is lost and must be reestablished in the event of a failover Some or all applications sessions will have to restart depending on the convergence time of the links or nodes By maintaining state not only is the session preserved but security is intact In an unstable network this active active configuration also mitigates link flapping affecting session performance Session Based Forwarding Without the Performance Hit In order to optimize the throughput and latency of the combined router and firewall Junos OS implements session based forwarding an innovation that combines the session state information of a traditional firewall and the next hop forwarding of a classic router into a single operation With Junos OS a session that is permitted by the forwarding policy is added to the forwarding table along with a pointer to the next hop route Established sessions have a single table lookup to verify that the session has been permitted and to f
19. ervice DoS and distributed denial of service DDoS protection anomaly based Prevent replay attack Anti Replay Unified Access Control UTM SRX650 and high memory versions of SRX240 SRX210 and SRX100 only Antivirus antispam Web filtering IPS Content Security Accelerator in SRX210 high memory SRX240 high memory and SRX650 ExpressAV option in SRX210 high memory SRX240 high memory and SRX650 Content filtering VPN Tunnels generic routing encapsulation IP in IP IPsec IPsec Data Encryption Standard DES 56 bit triple Data Encryption Standard 3DES 168 bit Advanced Encryption Standard AES 256 bit encryption Message Digest 5 MD5 and SHA 1 authentication Access Manager Dynamic VPN Client Browser based remote access feature requiring a license Voice Transport FRF 12 Link fragmentation and interleaving LFI Compressed Real Time Transport Protocol CRTP High Availability VRRP Stateful failover and dual box clustering via JSRP3 SRX650 Redundant power optional Future GPIM hot swap online insertion and removal OIR Future internal failover and SRE hot swap OIR Backup link via 3G wireless or other WAN Specifications continued IPv6 OSPFv3 IPv6 Multicast Listener Discovery MLD BGP Quality of service QoS Wireless CX111 Cellular Broadband Data Bridge supported on all branch SRX Series devices 3G ExpressCards supported on SRX210 with built in
20. for the branch are secure routers that bring high performance and proven deployment capabilities to enterprises that need to build a worldwide network of thousands of sites The wide variety of options allows configuration of performance functionality and price scaled to support from a handful to thousands of users Ethernet serial T1 El xDSL Metro Ethernet and third generation 3G cellular wireless are all available options for WAN or Internet connectivity to securely link your sites Multiple form factors allow you to make cost effective choices for mission critical deployments Managing the network is easy using the proven Junos OS command line interface CLI and scripting capabilities or a simple to use Web based GUI Architecture and Key Components Key Hardware Features of the Branch SRX Series Products PRODUCT DESCRIPTION SRX100 Services Gateway SRX210 Services Gateway SRX240 Services Gateway SRX650 Services Gateway Network Deployments The SRX Series Services Gateways for the branch are deployed at remote and branch locations in the network to provide all in one secure WAN connectivity IP telephony and connection to local PCs and servers via integrated Ethernet switching Features and Benefits Secure Routing Should you use a router and a firewall to secure your network By building the branch SRX Series with best in class routing and firewall capabilities in one product enterprises don t have to make th
21. ind the next hop This efficient algorithm improves throughput and lowers latency for session traffic when compared with a classic router that performs multiple table lookups to verify session information and then to find a next hop route SMALL OFFICE Figure 3 shows the session based forwarding algorithm Whena new session is established the session based architecture within Junos OS verifies that the session is allowed by the forwarding policies If the session is allowed Junos OS will look up the next hop route in the routing table It then inserts the session and the next hop route into the session and forwarding table and forwards the packet Subsequent packets for the established session require a single table lookup in the session and forwarding table and are forwarded to the egress interface Security Policy Evaluation Session Initial ession Initia and Next Hop Lookup Packet Processing Session and Forwarding Table Ingress Interface Forwarding for _ ar Permitted Traffic Disallowed by Policy Dropped p Egress Interface Figure 3 Session based forwarding algorithm FIXED MOBILE SITE Mobile 3G a m Er SRX210 LJ Sa SRX210 Wireless EC Mobile Service Provider SIP Softswitch Service Provider SIP Softswitch EX4200 EX3200 mm fm CCC T se m COO a m p 77 mern zen Me ie Mel Mi Ja ia Jan ja LARGE OFFICE EX4200 24T q q q CCC m
22. l Best in class deliver new services safe connectivity firewall and VPN technologies secure the perimeter with minimal configuration and and a satisfying end user experience All consistent performance By using zones and policies even new network administrators can configure and deploy an SRX Series for the branch quickly and securely Policy based VPNs support more complex security architectures that require dynamic addressing and split tunneling For content security SRX Series for the branch offers a complete suite of Unified Threat Management UTM services consisting of intrusion prevention system IPS antivirus antispam Web filtering and data loss prevention via content filtering to protect your network from the latest content borne threats Select models feature Content Security Accelerator for high performance IPS and antivirus SRX Series Services Gateways including products scaled for the branch campus and data center applications are powered by Juniper Networks Junos OS the proven operating system that provides unmatched consistency better performance with services and superior performance The branch SRX Series integrates with other Juniper security products to infrastructure protection at a lower total deliver enterprise wide unified access control and adaptive threat management These cost of ownership capabilities give security professionals powerful tools in the fight against cybercrime and data loss SRX Series
23. m Clear channel T 1 Data B8ZS Channelized Voice AMI EX3200 24P J2350 HEAD QUARTERS BRANCH Figure 4 The distributed enterprise Juniper SRX100 Juniper e Be SRX240 Specifications Protocols IPv4 IPv6 ISO Connectionless Network Service CLNS Routing and Multicast Static routes RIPv2 OSPF BGP BGP Router Reflector S IS Multicast Internet Group Management Protocol IGMPv3 PIM Session Description Protocol SDP Distance Vector Multicast Routing Protocol DVMRP source specific MPLS IP Address Management Static Dynamic Host Configuration Protocol DHCP client and server DHCP relay Encapsulations Ethernet MAC and tagged Point to Point Protocol PPP synchronous Multilink Point to Point Protocol MLPPP Frame Relay Multilink Frame Relay MLFR FRF 15 FRF 16 High Level Data Link Control HDLC Serial RS 232 RS 449 X 21 V 35 EIA 530 802 1q VLAN support Point to Point Protocol over Ethernet PPPoE Traffic Management Marking policing and shaping Class based queuing with prioritization Weighted random early detection WRED Queuing based on VLAN data link connection identifier DLCI interface bundles or filters Juniper SRX650 SRX650 Security Firewall zones screens policies Stateful firewall ACL filters Denial of s
24. or 19 in rack Holds one unit 1 port Sync Serial Mini Physical Interface Module Mini PIM for branch SRX Series 1 port ADSL2 Mini PIM supporting ADSL ADSL2 ADSL2 Annex A 1 port ADSL2 Mini PIM supporting ADSL ADSL2 ADSL2 Annex B 1 port SFP Mini PIM for branch SRX Series l port T1 or El Mini PIM for branch SRX Series One year subscription for Juniper antivirus updates on SRX240 One year subscription for IDP updates on SRX240 One year subscription for Juniper Sophos antispam updates on SRX240 One year subscription for Juniper Websense Web filtering updates on SRX240 One year security subscription for enterprise includes Kaspersky antivirus Web filtering Sophos antispam and IDP on SRX240 Three year subscription for Juniper Kaspersky antivirus updates on SRX240 Three year subscription for IDP updates on SRX240 Three year subscription for Juniper Sophos antispam updates on SRX240 Three year subscription for Juniper Websense Web filtering updates on SRX240 Ordering Information continued MODEL NUMBER DESCRIPTION Additional Software Feature Licenses continued SRX240 SMB2 CS 3 n RX240 K AV 5 n RX240 IDP 5 RX240 S2 AS 5 n SRX240 W WF 5 un RX240 SMB2 GS 5 uw RX RAC 5 LTU SRX RAC 10 LTU SRX RAC 25 LTU SRX RAC 50 LTU Three year security subscription for enterprise includes Kaspersky antivirus Web filtering Sophos antispam and IDP on SRX240 Fi
25. or policy origination and destination of a session By using the Web interface or CLI enterprises can create a series of security policies that will control the traffic from within and in between zones by defining policies At the broadest level all types of traffic can be allowed from any source in security zones to any destination in all other zones without any scheduling restrictions At the narrowest level policies can be created that allow only one kind of traffic between a specified host in one zone and another specified host in another zone during a scheduled time period High Availability Junos OS Services Redundancy Protocol JSRP is a core feature of the SRX Series for the branch JSRP enables a pair of security systems to be easily integrated into a high availability network architecture with redundant physical connections between the systems and the adjacent network switches With link redundancy Juniper Networks can address many common causes of system failures such as a physical port going bad or a cable getting disconnected to ensure that a connection is available without having to fail over the entire system This is consistent with a typical active standby nature of routing resiliency protocols When SRX Series Services Gateways for the branch are configured as an active active pair traffic and configuration will be mirrored automatically to provide active firewall and VPN session maintenance in case of a failure Th
26. ry minimum and maximum DRAM 1GB Memory slots Fixed memory Flash memory 1GB USB port for external storage Yes Dimensions and Power 8 5x14x5 8in 21 6 x 3 6 x 14 7 cm 2 5 lb 1 1 kg Dimensions W x H x D Weight Device and Power supply Rack mountable Yes 1 RU Power supply AC 100 240 VAC 30 W Maximum PoE power N A Average power consumption 10 W Input frequency 50 60 Hz Maximum current consumption 0 25 A 100 VAC Maximum inrush current 60A Average heat dissipation 35 BTU hr Maximum heat dissipation 80 BTU hr Redundant power supply hot swappable No Acoustic noise level O dB fanless Per ISO 7779 Standard SRX210 512 MB 1 GB Fixed memory 1GB 111x175 x 7 1 in 27 9 x 4 1x 18 0 cm 3 3 lb 1 5 kg Non POE 4 4 lb 2 kg POE No interface modules Yes 1 RU 100 240 VAC 60 W Non PoE 150 W PoE 50 W 27 W Low Memory LM 28 W High Memory HM 84 W PoE 50 60 Hz 0 41 A 100 VAC LM 0 44 A 100 VAC HM 113 A 100 VAC PoE 80 A for LM HM 60 A for PoE 92 BTU hr SRX210B 95 BTU hr SRX210H 116 BTU hr SRX210H PoE 120 BTU hr SRX210B 126 BTU hr SRX210H 157 BTU hr SRX210H PoE No 29 1 dB SRX240 512 MB 1GB Fixed memory 1GB 17 5 x 1 75 x 15 1 in 44 4 x 4 4 x 38 5 cm 11 2 lb 5 1 kg Non POE 12 3 lb 5 6 kg POE No interface modules Yes 1 RU 100 240 VAC 150 W Non PoE 350 W PoE 150 W 61 W LM 65 W HM
27. ted packet protection Yes Yes Yes Yes Brute force attack mitigation Yes Yes Yes Yes SYN cookie protection Yes Yes Yes Yes Zone based IP spoofing Yes Yes Yes Yes Malformed packet protection Yes Yes Yes Yes Unified Threat Management de TE o ita a Fondue sone RER EEE ee EEE EN ser END REES ed De dencia idad Protocol anomaly detection Yes Yes Yes Yes Stateful protocol signatures Yes Yes Yes Yes Intrusion prevention system IPS attack Yes Yes Yes Yes pattern obfuscation Customer signatures creation Yes Yes Yes Yes Frequency of updates Daily and emergency Daily and emergency Daily and emergency Daily and emergency Antivirus Express AV packet based AV No Yes Yes Yes File based antivirus Yes Yes Yes Yes Signature database Yes Yes Yes Yes Protocols scanned POP3 HTTP SMTP POP3 HTTP SMTP POP3 HTTP SMTP POP3 HTTP SMTP IMAP FTP IMAP FTP IMAP FTP IMAP FTP Antispyware Yes Yes Yes Yes Antiadware Yes Yes Yes Yes Antikeylogger Yes Yes Yes Yes Antispam Yes Yes Yes Yes SRX100 Unified Threat Management continued Integrated Web filtering Yes Redirect Web filtering Yes Content filtering Yes Based on MIME type file extension and protocol Yes commands System Management Web UI Yes Command line interface Yes Network and Security Manager Yes STRM Series Yes Wireless CX111 3G Bridge support Yes Internal 3G ExpressCard slot support No Max WLAN access point supported 20 Flash and Memory 512 MB Accessible Memo
28. timize your high performance network Our services allow you to bring revenue generating capabilities online faster so you can realize bigger productivity gains and faster rollouts of new business models and ventures At the same time Juniper Networks ensures operational excellence by optimizing your network to maintain required levels of performance reliability and availability For more details please visit www juniper net us en products services Ordering Information MODEL NUMBER DESCRIPTION SRX650 Base System SRX650 BASE SRE6 645AP SRX650 Options Interface Modules SRX GP 16GE SRX GP 16GE POE SRX GP 24GE SRX GP 24GE POE SRX GP DUAL TI EI SRX GP QUAD Hal SRX650 Services Gateway with 1 Services Routing Engine SRE 4 x 10 100 1000BASE T ports 2 GB DRAM 2 GB CF fan tray 645 W AC PoE power supply unit for SRX650 Provides 397 W system power 12 V and 247 W POE power 50 VDC Works with 90 250 VAC input Includes power cord and rack mount kit 16 port 10 100 1000BASE T XPIM 16 port 10 100 1000BASE T PoE XPIM 24 port 10 100 1000BASE T XPIM includes 4 SFP slots 24 port 10 100 1000BASE T PoE XPIM includes 4 SFP slots Dual T1 El GPIM QUAD T1 El GPIM Power Supplies and Accessories SRX600 PWR 645AC POE SRX600 SRE6H SPARE SRX650 CHAS SRX650 FAN 01 SRX650 FILT O1 OPTIONAL Spare 645 W AC PoE power supply unit for SRX650 systems One is included in SRX650 Base System SRX650 BASE
29. ve year subscription for Juniper Kaspersky antivirus updates on SRX240 Five year subscription for IDP updates on SRX240 Five year subscription for Juniper Sophos antispam updates on SRX240 Five year subscription for Juniper Websense Web filtering updates on SRX240 Five year security subscription for enterprise includes Kaspersky antivirus Web filtering Sophos antispam and IDP on SRX240 Dynamic VPN Client 5 simultaneous users for SRX100 SRX210 and SRX240 only Dynamic VPN Client 10 simultaneous users for SRX100 SRX210 and SRX240 only Dynamic VPN Client 25 simultaneous users for SRX100 SRX210 and SRX240 only Dynamic VPN Client 50 simultaneous users for SRX240 only SRX210 Base System SRX210B SRX210H n RX210H POE Interface Modules SRX MP ISERIAL SRX MP 1ADSL2 A SRX MP 1ADSL2 B un RX MP ISFP n RX MP ITIEI Additional Hardware RX210 WALL KIT RX210 PWR OW SRX210 PWR 150W on n SRX210 Services Gateway with 2 GbE 6 Fast Ethernet ports 1 Mini PIM slot 1 ExpressCard slot and base memory 512 MB RAM 1 GB Flash SRX210 Services Gateway with 2 GbE 6 Fast Ethernet ports 1 Mini PIM slot 1 ExpressCard slot and high memory 1 GB RAM 1 GB Flash SRX210 Services Gateway with 2 GbE 6 Fast Ethernet ports 1 Mini PIM slot 1 ExpressCard slot and high memory 1 GB RAM 1 GB Flash with 4 ports PoE 50 W 1 port Sync Serial Mini Physical Interface Module Mini P
30. y 1GB DRAM 1 GB flash default 16 10 1000 1000 Ethernet LAN ports 4 Mini PIM slots Factory option of 16 PoE ports PoE 803 3at backwards compatible with 802 3af Support for T1 El serial ADSL2 2 Ethernet SFP and Gigabit Ethernet interfaces Content Security Accelerator hardware for faster performance of IPS and ExpressAV Full UTM antivirus antispam Web filtering intrusion prevention system with high memory version Unified Access Control and content filtering 512 MB RAM default optional factory 1GB DRAM 1 GB flash default 4 fixed ports 10 100 1000 Ethernet LAN ports 8 GPIM slots or multiple GPIM and XPIM combinations Support for TI El Gigabit Ethernet LAN ports supports up to 48 ports switching with optional PoE including 802 3at PoE backwards compatible with 802 3af Content Security Accelerator hardware for faster performance of IPS and ExpressAV Full UTM antivirus antispam Web filtering and intrusion prevention system Unified Access Control and content filtering Modular Services and Routing Engine future internal failover and hot swap 2 GB DRAM default 2 GB compact flash default external compact flash slot for additional storage Optional redundant AC power standard AC power supply that is PoE ready PoE power up to 250 watts redundant or 500 watts non redundant Trust Zone Intranet can originate in one zone and traverse to another zone This Guest Zone architectural choice re
Download Pdf Manuals
Related Search