• Juniper MPC4E-3D-32XGE-SFPP

    ASK FOR PRICE
    Add to cart Details

  • Juniper SRX1500 Firewall

    ASK FOR PRICE

    Product Overview

    The SRX1500 is a next-generation firewall and security services gateway offering outstanding protection, performance, scalability, availability, and security service integration. Designed for port density, a high-performance security services architecture, and seamless integration of networking and security in a single platform, the SRX1500 is best suited for client protection in enterprise campus, regional headquarters, or cloud-based security solutions with a focus on application visibility and control, intrusion prevention, and advanced threat protection. The SRX1500 is powered by Junos OS, the industry-leading operating system that keeps the world’s largest and most mission-critical enterprise networks secure.
    srx1500 Front with top

    Product Description

    The Juniper Networks® SRX1500 is a high-peformance next-generation firewall and security services gateway that protects mission-critical networks at campuses and regional headquarters. The SRX1500 provides best-in-class security and threat detection and mitigation capabilities, integrating carrier-class routing and feature-rich switching in a single platform. The SRX1500 delivers a next-generation security solution that supports the changing needs of cloud-enabled enterprise networks. Whether rolling out new services in an enterprise campus, connecting to the cloud, complying with industry standards, or achieving operational efficiency, the SRX1500 helps organizations realize their business objectives while providing scalable, easy-to-manage, secure connectivity and advanced threat detection and mitigation capabilities. The SRX1500 protects critical corporate assets as a next-generation firewall, acts as an enforcement point for cloud-based security solutions, and provides application visibility and control to improve the user and application experience. A combination of hardware and software architectures on the SRX1500 add significant performance improvements to a small 1 U form factor. The key to the SRX1500 hardware is the security flow accelerator, a programmable high-speed Layer 4 firewall chip, and a robust x86-based security compute engine for advanced security services like application visibility, intrusion prevention, and threat mitigation capabilities. The SRX1500 software architecture leverages these programmable hardware components and virtualization to deliver high-speed firewall performance, application visibility, and intrusion prevention while lowering total cost of ownership (TCO). The SRX1500 is purpose-built to protect 10GbE network environments, consolidating multiple security services and networking functions in a highly available appliance. It supports up to 9.2 Gbps of firewall performance, 3.3 Gbps of intrusion prevention, and 4.5 Gbps of IPsec VPN in enterprise campus, regional headquarters, and data center deployments.  

    SRX1500 Highlights

    The SRX1500 delivers a full complement of next-generation firewall capabilities that use advanced application identification and classification to enable greater visibility, enforcement, control, and protection over the network. It provides a detailed analysis of application volume and usage, fine-grained application control policies to allow or deny traffic based on dynamic application name or group names, and prioritization of traffic based on application information and context. The SRX1500 recognizes more than 4,275 applications and nested applications in plain-text or SSL encrypted transactions. The SRX1500 also integrates with Microsoft Active Directory and combines user information with application data to provide network-wide application and user visibility and control.
    For the perimeter, the SRX1500 Firewall offers a comprehensive suite of application security services, threat defenses, and intelligence services to protect networks from the latest content-borne threats. Integrated threat intelligence via Juniper Networks ATP Cloud offers adaptive threat protection against command and control (C&C)-related botnets and policy enforcement based on GeoIP. Integrating the Juniper Networks Advanced Threat Prevention Cloud solution, or working with the Juniper Networks ATP Appliance, the SRX1500 detects and enforces automated protection against known malware and zero-day threats with an extremely high degree of accuracy. The SRX1500 enables agile SecOps through automation capabilities that support Zero Touch Deployment, Python scripts for orchestration, and event scripting for operational management. The SRX1500 delivers fully automated SD-WAN to both enterprises and service providers. A Zero-Touch Provisioning (ZTP) capability simplifies branch network connectivity for initial deployment and ongoing management. Due to its high performance and scale, the SRX1500 acts as a VPN hub and terminates VPN/secure overlay connections in the various SD-WAN topologies. The SRX1500 Firewall runs Juniper Networks Junos® operating system, a proven, carrier-hardened network OS that powers the top 100 service provider networks worldwide. These rigorously tested carrier-class routing features of IPv4/IPv6, OSPF, BGP, and multicast have been proven in over 15 years of worldwide deployments.  

    Features and Benefits

    Business Requirement Feature/Solution SRX1500 Advantages
    High performance Up to 9 Gbps of firewall performance
    • Best suited for enterprise campus and data center edge deployments
    • Addresses future needs for scale and feature capacity
    High quality end-user experience Application visibility and control
    • Detects 4,275 Layer 3-7 applications, including Web 2.0
    • Controls and prioritizes traffic based on application and user role
    • Inspects and detects applications inside the SSL encrypted traffic
    Threat protection IPS, antivirus, anti-spam, enhanced web filtering, Juniper Advanced Threat Prevention Cloud, Encrypted Traffic Insights, Threat Intelligence Feeds, and Juniper ATP Appliance
    • Provides real-time updates to IPS signatures and protects against exploits
    • Implements industry-leading antivirus and URL filtering
    • Delivers open threat intelligence platform that integrates with third-party feeds
    • Protects against zero-day attacks
    • Restores visibility lost due to encryption, without the heavy burden of full TLS/SSL decryption
    Professional-grade networking services Routing, switching, and secure wire
    • Supports carrier-class advanced routing, quality of service (QoS), and services
    • Offers flexible deployment modes (L1/L2/L3)
    Highly secure IPsec VPN, remote access/SSL VPN, secure boot
    • Provides high-performance IPsec VPN with dedicated crypto engine
    • Simplifies large VPN deployments with auto VPN and group VPN
    • Offers secure and flexible remote access SSL VPN with Juniper Secure Connect
    • Verifies binaries that execute on the hardware with secure boot
    High reliability Chassis cluster, redundant power supply
    • Provides stateful configuration and session synchronization
    • Supports active/active and active/backup deployment scenarios
    • Offers highly available hardware with dual PSU, redundant fans
    Easy to manage and scale On-box GUI, Security Director
    • Enables centralized management for auto-provisioning, firewall policy management, Network Address Translation (NAT), and IPsec VPN deployments
    • Includes simple easy-to-use on-box GUI for local management
    Lower TCO Junos OS
    • Integrates routing, switching, and security in a single device
    • Reduces OpEx with Junos OS automation capabilities
    SRX1500 image

    SRX1500 Firewall Specifications

    Software Specifications

    Firewall Services

    • Stateful and stateless firewall
    • Zone-based firewall
    • Screens and distributed denial of service (DDoS) protection
    • Protection from protocol and traffic anomalies
    • Integration with Pulse Unified Access Control (UAC)
    • Integration with Aruba Clear Pass Policy Manager
    • User role-based firewall
    • SSL Inspection
     

    Network Address Translation (NAT)

    • Source NAT with Port Address Translation (PAT)
    • Bidirectional 1:1 static NAT
    • Destination NAT with PAT
    • Persistent NAT
    • IPv6 address translation
     

    VPN Features

    • Tunnels: Site-to-Site, Hub and Spoke, Dynamic Endpoint, AutoVPN, ADVPN, Group VPN (IPv4/IPv6/Dual Stack)
    • Juniper Secure Connect: Remote access/SSL VPN
    • Configuration payload: Yes
    • IKE Encryption algorithms: Prime, DES-CBC, 3DES-CBC, AEC-CBC, AES-GCM, SuiteB
    • IKE authentication algorithms: MD5, SHA-1, SHA-128, SHA-256, SHA-384
    • Authentication: Pre-shared key and public key infrastructure (PKI) (X.509)
    • IPsec (Internet Protocol Security): Authentication Header (AH)/Encapsulating Security Payload (ESP) protocol
    • IPsec Authentication Algorithms: hmac-md5, hmac-sha-196
    • IPsec Encryption Algorithms: Prime, DES-CBC, 3DES-CBC, AEC-CBC, AES-GCM, SuiteB
    • Perfect forward secrecy, anti-reply
    • Internet Key Exchange: IKEv1, IKEv2
    • Monitoring: Standard-based dead peer detection (DPD) support, VPN monitoring
    • VPNs GRE, IP-in-IP, and MPLS
     

    High Availability Features

    • Virtual Router Redundancy Protocol (VRRP)
    • Stateful high availability
      • Dual box clustering
      • Active/passive
      • Active/active
      • Configuration synchronization
      • Firewall session synchronization
      • Device/link detection
      • In-Service Software Upgrade (ISSU)
    • IP monitoring with route and interface failover
     

    Application Security Services1

    • Application visibility and control
    • Application-based firewall
    • Application QoS
    • Advanced/application policy-based routing (APBR)
    • Application Quality of Experience (AppQoE)
    • Application-based multipath routing
     

    Threat Defense and Intelligence Services1

    • Intrusion prevention
    • Antivirus
    • Antispam
    • Category/reputation-based URL filtering
    • Protection from botnets (command and control)
    • Adaptive enforcement based on GeoIP
    • Juniper Advanced Threat Prevention, a cloud-based SaaS offering, to detect and block zero-day attacks
    • Juniper ATP Appliance, a distributed, on-premises advanced threat prevention solution to detect and block zero-day attacks
    • Adaptive Threat Profiling
    • Encrypted Traffic Insights
    • SecIntel to provide threat intelligence
     
    1Offered as advanced security subscription license  

    Routing Protocols

    • IPv4, IPv6
    • Static routes
    • RIP v1/v2
    • OSPF/OSPF v3
    • BGP with Route Reflector
    • IS-IS
    • Multicast: Internet Group Management Protocol (IGMP) v1/v2; Protocol Independent Multicast (PIM) sparse mode (SM)/dense mode (DM)/source-specific multicast (SSM); Session Description Protocol (SDP); Distance Vector Multicast Routing Protocol (DVMRP); Multicast Source Discovery Protocol (MSDP); Reverse Path Forwarding (RPF)
    • Encapsulation: VLAN, Point-to-Point Protocol over Ethernet (PPPoE)
    • Virtual routers
    • Policy-based routing, source-based routing
    • Equal-cost multipath (ECMP)
     

    QoS Features

    • Support for 802.1p, DiffServ code point (DSCP), EXP
    • Classification based on VLAN, data-link connection identifier (DLCI), interface, bundles, or multifield filters
    • Marking, policing, and shaping
    • Classification and scheduling
    • Weighted random early detection (WRED)
    • Guaranteed and maximum bandwidth
    • Ingress traffic policing
    • Virtual channels
    • Hierarchical shaping and policing
     

    Switching Features

    • ASIC-based Layer 2 forwarding
    • MAC address learning
    • VLAN addressing and integrated routing and bridging (IRB) support
    • Link aggregation and LACP
    • LLDP and LLDP-MED
    • STP, RSTP, MSTP
    • MVRP
    • 802.1X authentication
     

    Network Services

    • Dynamic Host Configuration Protocol (DHCP) client/server/relay
    • Domain Name System (DNS) proxy, dynamic DNS (DDNS)
    • Juniper real-time performance monitoring (RPM) and IP monitoring
    • Juniper flow monitoring (J-Flow)
    • Bidirectional Forwarding Detection (BFD)
    • Two-Way Active Measurement Protocol (TWAMP)
    • IEEE 802.3ah Link Fault Management (LFM)
    • IEEE 802.1ag Connectivity Fault Management (CFM)
     

    Advanced Routing Services

    • Packet mode
    • MPLS (RSVP, LDP)
    • Circuit cross-connect (CCC), translational cross-connect (TCC)
    • L2/L2 MPLS VPN, pseudo-wires
    • Virtual private LAN service (VPLS), next-generation multicast VPN (NG-MVPN)
    • MPLS traffic engineering and MPLS fast reroute
     

    Management, Automation, Logging, and Reporting

    • SSH, Telnet, SNMP
    • Smart image download
    • Juniper CLI and Web UI
    • Juniper Networks Junos Space and Security Director
    • Python
    • Junos OS event, commit and OP scripts
    • Application and bandwidth usage reporting
    • Auto installation
    • Debug and troubleshooting tools
     

    Hardware Specifications

    2Performance numbers based on UDP packets and RFC2544 test methodology.
    3Performance numbers based on HTTP traffic with 44 KB transaction size.
    4Next-Generation firewall performance is measured with Firewall, Application Security and IPS enabled using 64KB transactions
    5Secure Web Access firewall performance is measured with Firewall, Application Security, IPS, SecIntel, and URL Filtering enabled using 64KB transactions
    Add to cart Details

  • Juniper SRX300 Firewall

    ASK FOR PRICE

    Product Overview

    The SRX300 line of firewalls combines securitySD-WANroutingswitching, and WAN interfaces with next-generation firewall and advanced threat mitigation capabilities for cost-effective, secure connectivity across distributed enterprise locations. By consolidating fast, highly available switching, routing, security, and next-generation firewall capabilities in a single device, enterprises can remove network complexity, protect and prioritize their resources, and improve user and application experience while lowering total cost of ownership (TCO).  
    SRX300 front with top low view

    Product Description

    Juniper Networks® SRX300 line of firewalls delivers a next-generation secure SD-WAN and security solution that supports the changing needs of cloud-enabled enterprise networks. Whether rolling out new services and applications across locations, connecting to the cloud, or trying to achieve operational efficiency, the SRX300 line helps organizations realize their business objectives while providing scalable, easy to manage, secure connectivity and advanced threat mitigation capabilities. Next-generation firewall and unified threat management (UTM) capabilities also make it easier to detect and proactively mitigate threats to improve the user and application experience. The SRX300 line consists of five models:
    • SRX300: Securing small branch or retail offices, the SRX300 Firewall consolidates security, routing, switching, and WAN connectivity in a small desktop device. The SRX300 supports up to 1.9 Gbps firewall and 336 Mbps IPsec VPN in a single, cost-effective networking and security platform.
    • SRX320: Securely connecting small distributed enterprise branch offices, the SRX320 Firewall consolidates security, routing, switching, and WAN connectivity in a small desktop device. The SRX320 supports up to 1.9 Gbps firewall and 336 Mbps IPsec VPN in a single, consolidated, cost-effective networking and security platform.
    • SRX340: Securely connecting midsize distributed enterprise branch offices, the SRX340 Firewall consolidates security, routing, switching, and WAN connectivity in a 1 U form factor. The SRX340 supports up to 4.7 Gbps firewall and 733 Mbps IPsec VPN in a single, cost-effective networking and security platform.
    • SRX345: Best suited for midsize to large distributed enterprise branch offices, the SRX345 Firewall consolidates security, routing, switching, and WAN connectivity in a 1 U form factor. The SRX345 supports up to 5 Gbps firewall and 977 Mbps IPsec VPN in a single, consolidated, cost-effective networking and security platform.
    • SRX380: A high-performance and secure SD-WAN gateway, the SRX380 offers superior and reliable WAN connectivity while consolidating security, routing, and switching for distributed enterprise offices. The SRX380 features greater port density than other SRX300 models, with 16x1GbE PoE+ and 4x10GbE ports, and includes redundant dual power supplies, all in a 1 U form factor. The SRX380 supports up to 20Gbps firewall and 4.4 Gbps IPSec VPN in a single, consolidated, cost-effective networking and security platform.
     

    SRX300 Highlights

    The SRX300 line of firewalls consists of secure SD-WAN routers that bring high performance and proven deployment capabilities to enterprises that need to build a worldwide network of thousands of remote sites. WAN or Internet connectivity and Wi-Fi module options include:
    • Ethernet, T1/E1, ADSL2/2+, and VDSL
    • 3G/4G LTE wireless
    • 802.11ac Wave 2 Wi-Fi
     

    Mist AI

    WAN Assurance

    Mist WAN Assurance is a cloud service that brings AI-powered automation and service levels to Juniper SRX Series Firewalls, complementing the Juniper Secure SD-WAN solution. Mist WAN Assurance transforms IT operations from reactive troubleshooting to proactive remediation, turning insights into actions and delivering operational simplicity with seamless integration into existing deployments.
    • SRX Series firewalls, deployed as secure SD-WAN edge devices, deliver the rich Junos streaming telemetry that provides the insights needed for WAN health metrics and anomaly detection. This data is leveraged within the Mist Cloud and AI engine, driving simpler operations, reducing mean time to repair (MTTR) and providing greater visibility into end-user experiences.
    • Insights derived from SRX Series SD-WAN gateway telemetry data allows WAN Assurance to compute unique “User Minutes” that indicate whether users are having a good experience.
    • The Marvis assistant for WAN allows you to ask direct questions like “Why is my Zoom call bad?” and provides complete insights, correlation, and actions.
    • Marvis Actions identifies and summarizes issues such as application latency conditions, congested WAN circuits, or negotiation mismatches.
     

    Simplifying Branch Deployments (Secure Connectivity/SD-WAN)

    The SRX300 line delivers fully automated SD-WAN to both enterprises and service providers.
    • A Zero-Touch Provisioning (ZTP) feature simplifies branch network connectivity for initial deployment and ongoing management.
    • SRX300 firewalls offer best-in-class secure connectivity.
    • The SRX300 firewalls efficiently utilize multiple links and load balance traffic across the enterprise WAN, blending traditional MPLS with other connectivity options such as broadband internet, leased lines, 4G/LTE, and more.
    • Policy- and application-based forwarding capabilities enforce business rules created by the enterprise to steer application traffic towards a preferred path.
     

    Comprehensive Security Suite

    The SRX300 line offers a comprehensive suite of application security services, threat defenses, and intelligence services. The services consist of intrusion prevention system (IPS), application security user role-based firewall controls and cloud-based antivirus, anti-spam, and enhanced Web filtering, protecting networks from the latest content-borne threats. Integrated threat intelligence via Juniper Networks SecIntel offers adaptive threat protection against Command and Control (C&C)-related botnets and policy enforcement based on GeoIP. Customers can also leverage their own custom and third-party feeds for protection from advanced malware and other threats. Integrating the Juniper Networks Advanced Threat Protection solution, the SRX300 line detects and enforces automated protection against known malware and zero-day threats with a very high degree of accuracy.  

    Industry-Certified Junos Operating System

    SRX300 Firewalls run the Junos operating system, a proven, carrier-hardened OS that powers the top 100 service provider networks in the world. The rigorously tested, carrier-class, rich routing features such as IPv4/IPv6, OSPF, BGP, and multicast have been proven over 15 years of worldwide deployments. The SRX300 line also enables agile SecOps through automation capabilities that support Zero Touch Deployment, Python scripts for orchestration, and event scripting for operational management.  

    Features and Benefits

    Business Requirement Feature/Solution SRX300 Advantages
    High performance Up to 20 Gbps of routing and firewall performance
    • Best suited for small, medium and large branch office deployments
    • Addresses future needs for scale and feature capacity
    Business continuity Stateful high availability (HA), IP monitoring
    • Uses stateful HA to synchronize configuration and firewall sessions
    • Supports multiple WAN interface with dial-on-demand backup
    • Route/link failover based on real-time link performance
    SD-WAN Better end-user application and cloud experience and lower operational costs
    • ZTP simplifies remote device provisioning
    • Advanced Policy-Based Routing (APBR) orchestrates business intent policies across the enterprise WAN
    • Application quality of experience (AppQoE) measures application SLAs and improves end-user experience
    • Controls and prioritizes traffic based on application and user role
    End-user experience WAN assurance
    • Complements the Juniper Secure SD-WAN solution with AI-powered automation and service levels
    • Provides visibility and insights into users, applications, WAN links, control and data plane, and CPU for proactive remediation
    Highly secure IPsec VPN, Remote Access/SSL VPN, Media Access Control Security (MACsec)
    • Creates secure, reliable, and fast overlay link over public internet
    • Employs anti-counterfeit features to protect from unauthorized hardware spares
    • Includes high-performance CPU with built-in hardware to assist IPsec acceleration
    • Provides TPM-based protection of device secrets such as passwords and certificates
    • Offers secure and flexible remote access SSL VPN with Juniper Secure Connect
    Threat protection IPS, antivirus, anti-spam, enhanced web filtering, Juniper Advanced Threat Prevention Cloud, Encrypted Traffic Insights, and Threat Intelligence Feeds
    • Provides real-time updates to IPS signatures and protects against exploits
    • Protects from zero-day attacks
    • Implements industry-leading antivirus and URL filtering
    • Integrates open threat intelligence platform with third-party feeds
    • Restores visibility that was lost due to encryption without the heavy burden of full TLS/SSL decryption
    Application visibility On-box GUI, Security Director
    • Detects 4,275 Layer 3-7 applications, including Web 2.0
    • Inspects and detects applications inside the SSL encrypted traffic
    Easy to manage and scale On-box GUI, Security Director
    • Includes centralized management for auto-provisioning, firewall policy management, Network Address Translation (NAT), and IPsec VPN deployments, or simple, easy-to-use on-box GUI for local management
    Minimize TCO Junos OS
    • Integrates routing, switching, and security in a single device
    • Reduces operation expense with Junos automation capabilities
     
    SRX300, SRX320, SRX340, SRX345, SRX380 Image

    SRX300 Specifications

    Software Specifications

    Routing Protocols

    • IPv4, IPv6, ISO, Connectionless Network Service (CLNS)
    • Static routes
    • RIP v1/v2
    • OSPF/OSPF v3
    • BGP with Route Reflector
    • IS-IS
    • Multicast: Internet Group Management Protocol (IGMP) v1/v2, Protocol Independent Multicast (PIM) sparse mode (SM)/dense mode (DM)/source-specific multicast (SSM), Session Description Protocol (SDP), Distance Vector Multicast Routing Protocol (DVMRP), Multicast Source Discovery Protocol (MSDP), Reverse Path Forwarding (RPF)
    • Encapsulation: VLAN, Point-to-Point Protocol (PPP), Frame Relay, High-Level Data Link Control (HDLC), serial, Multilink Point-to-Point Protocol (MLPPP), Multilink Frame Relay (MLFR), and Point-to-Point Protocol over Ethernet (PPPoE)
    • Virtual routers
    • Policy-based routing, source-based routing
    • Equal-cost multipath (ECMP)
     

    QoS Features

    • Support for 802.1p, DiffServ code point (DSCP), EXP
    • Classification based on VLAN, data-link connection identifier (DLCI), interface, bundles, or multifield filters
    • Marking, policing, and shaping
    • Classification and scheduling
    • Weighted random early detection (WRED)
    • Guaranteed and maximum bandwidth
    • Ingress traffic policing
    • Virtual channels
    • Hierarchical shaping and policing
     

    Switching Features

    • ASIC-based Layer 2 Forwarding
    • MAC address learning
    • VLAN addressing and integrated routing and bridging (IRB) support
    • Link aggregation and LACP
    • LLDP and LLDP-MED
    • STP, RSTP, MSTP
    • MVRP
    • 802.1X authentication
     

    Firewall Services

    • Stateful and stateless firewall
    • Zone-based firewall
    • Screens and distributed denial of service (DDoS) protection
    • Protection from protocol and traffic anomaly
    • Integration with Pulse Unified Access Control (UAC)
    • Integration with Aruba Clear Pass Policy Manager
    • User role-based firewall
    • SSL Inspection (Forward-proxy)
     

    Network Address Translation (NAT)

    • Source NAT with Port Address Translation (PAT)
    • Bidirectional 1:1 static NAT
    • Destination NAT with PAT
    • Persistent NAT
    • IPv6 address translation
     

    VPN Features

    • Tunnels: Site-to-Site, Hub and Spoke, Dynamic Endpoint, AutoVPN, ADVPN, Group VPN (IPv4/ IPv6/ Dual Stack)
    • Juniper Secure Connect: Remote access / SSL VPN
    • Configuration payload: Yes
    • IKE Encryption algorithms: Prime, DES-CBC, 3DES-CBC, AEC-CBC, AES-GCM, SuiteB
    • IKE authentication algorithms: MD5, SHA-1, SHA-128, SHA-256, SHA-384
    • Authentication: Pre-shared key and public key infrastructure (PKI) (X.509)
    • IPsec (Internet Protocol Security): Authentication Header (AH) / Encapsulating Security Payload (ESP) protocol
    • IPsec Authentication Algorithms: hmac-md5, hmac-sha-196, hmac-sha-256
    • IPsec Encryption Algorithms: Prime, DES-CBC, 3DES-CBC, AEC-CBC, AES-GCM, SuiteB
    • Perfect forward secrecy, anti-reply
    • Internet Key Exchange: IKEv1, IKEv2
    • Monitoring: Standard-based dead peer detection (DPD) support, VPN monitoring
    • VPNs GRE, IP-in-IP, and MPLS
     

    Network Services

    • Dynamic Host Configuration Protocol (DHCP) client/server/relay
    • Domain Name System (DNS) proxy, dynamic DNS (DDNS)
    • Juniper real-time performance monitoring (RPM) and IP-monitoring
    • Juniper flow monitoring (J-Flow)1
    • Bidirectional Forwarding Detection (BFD)
    • Two-Way Active Measurement Protocol (TWAMP)
    • IEEE 802.3ah Link Fault Management (LFM)
    • IEEE 802.1ag Connectivity Fault Management (CFM)
     

    High Availability Features

    • Virtual Router Redundancy Protocol (VRRP)
    • Stateful high availability
    • Dual box clustering
    • Active/passive
    • Active/active
    • Configuration synchronization
    • Firewall session synchronization
    • Device/link detection
    • In-Band Cluster Upgrade (ICU)
    • Dial on-demand backup interfaces
    • IP monitoring with route and interface failover
     

    Management, Automation, Logging, and Reporting

    • SSH, Telnet, SNMP
    • Smart image download
    • Juniper CLI and Web UI
    • Mist AI
      • Simplified management
      • WAN Assurance
    • Junos Space and Security Director
    • Python
    • Junos OS event, commit, and OP script
    • Application and bandwidth usage reporting
    • Auto installation
    • Debug and troubleshooting tools
    • Zero-Touch Provisioning with Contrail Service Orchestration

    Advanced Routing Services

    • Packet mode
    • MPLS (RSVP, LDP)
    • Circuit cross-connect (CCC), translational cross-connect (TCC)
    • L2/L3 MPLS VPN, pseudowires
    • Virtual private LAN service (VPLS), next-generation multicast VPN (NG-MVPN)
    • MPLS traffic engineering and MPLS fast reroute
     

    Application Security Services1

    • Application visibility and control
    • Application-based firewall
    • Application QoS
    • Application-based advanced policy-based routing
    • Application quality of experience (AppQoE)
     

    Enhanced SD-WAN Services

    • Application-based advanced policy-based routing (APBR)
    • Application-based link monitoring and switchover with Application quality of experience (AppQoE)
     

    Threat Defense and Intelligence Services1

    • Intrusion prevention
    • Antivirus
    • Antispam
    • Category/reputation-based URL filtering
    • Protection from botnets (command and control)
    • Adaptive enforcement based on GeoIP
    • Juniper Advanced Threat Prevention to detect and block zero-day attacks
    • Adaptive Threat Profiling
    • Encrypted Traffic Insights
    • SecIntel to provide threat intelligence
     
    1Offered as advanced security services subscription licenses.  

    Hardware Specifications

    2SRX320 with PoE+ ports available as a separate SKU: SRX320-POE.
    3SRX345 with dual AC PSU model.
    4SRX320 non PoE model.
    5SRX320-POE with 6 ports PoE+ model.
    6SRX345 with DC power supply (operating temperature as per GR-63 Issue 4 2012 test criteria).
    7As per GR63 Issue 4 (2012) test criteria.
    Specification SRX300 SRX320 SRX340 SRX345 SRX380
    Connectivity
    Total onboard ports 8x1GbE 8x1GbE 16x1GbE 16x1GbE 20 (16x1GbE, 4x10GbE)
    Onboard RJ-45 ports 6x1GbE 6x1GbE 8x1GbE 8x1GbE 16x1GbE
    Onboard small form-factor pluggable (SFP) transceiver ports 2x1GbE 2x1GbE 8x1GbE 8x1GbE 4x10GbE SFP+
    MACsec-capable ports 2x1GbE 2x1GbE 16x1GbE 16x1GbE 16x1GbE 4x10GbE
    Out-of-band (OOB) management ports 0 0 1x1GbE 1x1GbE 1x1GbE
    Mini PIM (WAN) slots 0 2 4 4 4
    Console (RJ-45 + miniUSB) 1 1 1 1 1
    USB 3.0 ports (type A) 1 1 1 1 1
    PoE+ ports N/A 62 0 0 16
    Memory and Storage
    System memory (RAM) 4 GB 4 GB 4 GB 4 GB 4GB
    Storage 8 GB 8 GB 8 GB 8 GB 100GB SSD
    SSD slots 0 0 1 1 1
    Dimensions and Power
    Form factor Desktop Desktop 1 U 1 U 1U
    Size (WxHxD) 12.63 x 1.37 x 7.52 in. (32.08 x 3.47 x 19.10 cm) 11.81 x 1.73 x 7.52 in. (29.99 x 4.39 x 19.10 cm) 17.36 x 1.72 x 14.57 in. (44.09 x 4.36 x 37.01 cm) 17.36 x 1.72 x 14.57 in. (44.09 x 4.36 x 37.01 cm) / 17.36 x 1.72 x 18.7 in. (44.09 x 4.36 x 47.5 cm)3 17.36 x 1.72 x 18.7 in. (44.09 x 4.37 x 47.5 cm) / 17.36 x 1.72 x 20.47 in. (44.09 x 4.37 x 52 cm)
    Weight (device and PSU) 4.38 lb (1.98 kg) 3.28 lb (1.51 kg)4 / 3.4 lb (1.55 kb)5 10.80 lb (4.90 kg) 10.80 lb (4.90 kg) / 11.02 lb (5 kg)6 15 lb (6.8 kg) with 1xPSU / 16.76 lb (7.6 kg) with 2xPSU
    Redundant PSU No No No No Yes
    Power supply AC (external) AC (external) AC (internal) AC (internal) / DC (internal)6 1+1 hot-swappable AC PSU
    Rated DC voltage range N/A N/A N/A -48 to -60 VDC (with -15% and +20% tolerance) NA
    Rated DC operating voltage range N/A N/A N/A -40.8 VDC to -72 VDC6 N/A
    Maximum PoE power N/A 180 W5 N/A N/A 480W
    Average power consumption 24.9 W 46 W4/221 W5 122 W 122 W 150 W (without PoE) 510 W (with PoE)
    Average heat dissipation 85 BTU/h 157 BTU/h4/755 BTU/h5 420 BTU/h 420 BTU/h 511.5 BTU/hr (without PoE)
    Maximum current consumption 0.346 A 0.634 A4/2.755 A5 1.496 A 1.496 A / 6A @ -48 VDC6 1.79A/7.32A
    Acoustic noise level 0dB (fanless) 37 dBA4/40 dBA5 45.5 dBA 45.5 dBA < 50dBA @ room temperature 27C
    Airflow/cooling Fanless Front to back Front to back Front to back Front to back
    Environmental, Compliance, and Safety Certification
    Operational temperature -4° to 140° F (-20° to 60° C)7 32° to 104° F (0° to 40° C) 32° to 104° F (0° to 40° C) 32° to 104° F (0° to 40° C) -22° to 131° F (-30° to 55° C) for SRX345-DC 32° to 104° F (0° to 40° C) with MPIMs32° to 122° F (0° to 50° C) without MPIMs
    Nonoperational temperature -4° to 158° F (-20° to 70° C) -4° to 158° F (-20° to 70° C) -4° to 158° F (-20° to 70° C) -4° to 158° F (-20° to 70° C) -22° to 158° F (-30° to 70° C) for SRX345-DC -4° to 158° F (-20° to 70° C)
    Operating humidity 10% to 90% noncondensing 10% to 90% noncondensing 10% to 90% noncondensing 10% to 90% noncondensing 10% to 90% noncondensing
    Nonoperating humidity 5% to 95% noncondensing 5% to 95% noncondensing 5% to 95% noncondensing 5% to 95% noncondensing 5% to 95% noncondensing
    Meantime between failures (MTBF) 44.5 years 32.5 years4/ 26 years5 27 years 27.4 years 28.1 years
    FCC classification Class A Class A Class A Class A Class A
    RoHS compliance RoHS 2 RoHS 2 RoHS 2 RoHS 2 RoHS 2
    FIPS 140-2 Level 2 (Junos 15.1X49-D60) Level 1 (Junos 15.1X49-D60) Level 2 (Junos 15.1X49-D60) Level 2 (Junos 15.1X49-D60) N/A
    Common Criteria certification NDPP, VPNEP, FWEP, IPSEP (based on Junos 15.1X49-D60) NDPP, VPNEP, FWEP, IPSEP (based on Junos 15.1X49-D60) NDPP, VPNEP, FWEP, IPSEP (based on Junos 15.1X49-D60) NDPP, VPNEP, FWEP, IPSEP (based on Junos 15.1X49-D60) N/A
     

    Performance and Scale

    8Throughput numbers based on UDP packets and RFC2544 test methodology.
    9Throughput numbers based on HTTP traffic with 44 KB transaction size.
    10Route scaling numbers are with enhanced route-scale features turned on.
    11Next-Generation firewall performance is measured with Firewall, Application Security and IPS enabled using 64KB transactions
    12Secure Web Access firewall performance is measured with Firewall, Application Security, IPS, SecIntel, and URL Filtering enabled using 64KB transactions
    Add to cart Details

  • Juniper SRX320 Firewall

    ASK FOR PRICE

    Product Overview

    The SRX300 line of firewalls combines securitySD-WANroutingswitching, and WAN interfaces with next-generation firewall and advanced threat mitigation capabilities for cost-effective, secure connectivity across distributed enterprise locations. By consolidating fast, highly available switching, routing, security, and next-generation firewall capabilities in a single device, enterprises can remove network complexity, protect and prioritize their resources, and improve user and application experience while lowering total cost of ownership (TCO).  
    SRX300 front with top low view

    Product Description

    Juniper Networks® SRX300 line of firewalls delivers a next-generation secure SD-WAN and security solution that supports the changing needs of cloud-enabled enterprise networks. Whether rolling out new services and applications across locations, connecting to the cloud, or trying to achieve operational efficiency, the SRX300 line helps organizations realize their business objectives while providing scalable, easy to manage, secure connectivity and advanced threat mitigation capabilities. Next-generation firewall and unified threat management (UTM) capabilities also make it easier to detect and proactively mitigate threats to improve the user and application experience. The SRX300 line consists of five models:
    • SRX300: Securing small branch or retail offices, the SRX300 Firewall consolidates security, routing, switching, and WAN connectivity in a small desktop device. The SRX300 supports up to 1.9 Gbps firewall and 336 Mbps IPsec VPN in a single, cost-effective networking and security platform.
    • SRX320: Securely connecting small distributed enterprise branch offices, the SRX320 Firewall consolidates security, routing, switching, and WAN connectivity in a small desktop device. The SRX320 supports up to 1.9 Gbps firewall and 336 Mbps IPsec VPN in a single, consolidated, cost-effective networking and security platform.
    • SRX340: Securely connecting midsize distributed enterprise branch offices, the SRX340 Firewall consolidates security, routing, switching, and WAN connectivity in a 1 U form factor. The SRX340 supports up to 4.7 Gbps firewall and 733 Mbps IPsec VPN in a single, cost-effective networking and security platform.
    • SRX345: Best suited for midsize to large distributed enterprise branch offices, the SRX345 Firewall consolidates security, routing, switching, and WAN connectivity in a 1 U form factor. The SRX345 supports up to 5 Gbps firewall and 977 Mbps IPsec VPN in a single, consolidated, cost-effective networking and security platform.
    • SRX380: A high-performance and secure SD-WAN gateway, the SRX380 offers superior and reliable WAN connectivity while consolidating security, routing, and switching for distributed enterprise offices. The SRX380 features greater port density than other SRX300 models, with 16x1GbE PoE+ and 4x10GbE ports, and includes redundant dual power supplies, all in a 1 U form factor. The SRX380 supports up to 20Gbps firewall and 4.4 Gbps IPSec VPN in a single, consolidated, cost-effective networking and security platform.
     

    SRX300 Highlights

    The SRX300 line of firewalls consists of secure SD-WAN routers that bring high performance and proven deployment capabilities to enterprises that need to build a worldwide network of thousands of remote sites. WAN or Internet connectivity and Wi-Fi module options include:
    • Ethernet, T1/E1, ADSL2/2+, and VDSL
    • 3G/4G LTE wireless
    • 802.11ac Wave 2 Wi-Fi
     

    Mist AI

    WAN Assurance

    Mist WAN Assurance is a cloud service that brings AI-powered automation and service levels to Juniper SRX Series Firewalls, complementing the Juniper Secure SD-WAN solution. Mist WAN Assurance transforms IT operations from reactive troubleshooting to proactive remediation, turning insights into actions and delivering operational simplicity with seamless integration into existing deployments.
    • SRX Series firewalls, deployed as secure SD-WAN edge devices, deliver the rich Junos streaming telemetry that provides the insights needed for WAN health metrics and anomaly detection. This data is leveraged within the Mist Cloud and AI engine, driving simpler operations, reducing mean time to repair (MTTR) and providing greater visibility into end-user experiences.
    • Insights derived from SRX Series SD-WAN gateway telemetry data allows WAN Assurance to compute unique “User Minutes” that indicate whether users are having a good experience.
    • The Marvis assistant for WAN allows you to ask direct questions like “Why is my Zoom call bad?” and provides complete insights, correlation, and actions.
    • Marvis Actions identifies and summarizes issues such as application latency conditions, congested WAN circuits, or negotiation mismatches.
     

    Simplifying Branch Deployments (Secure Connectivity/SD-WAN)

    The SRX300 line delivers fully automated SD-WAN to both enterprises and service providers.
    • A Zero-Touch Provisioning (ZTP) feature simplifies branch network connectivity for initial deployment and ongoing management.
    • SRX300 firewalls offer best-in-class secure connectivity.
    • The SRX300 firewalls efficiently utilize multiple links and load balance traffic across the enterprise WAN, blending traditional MPLS with other connectivity options such as broadband internet, leased lines, 4G/LTE, and more.
    • Policy- and application-based forwarding capabilities enforce business rules created by the enterprise to steer application traffic towards a preferred path.
     

    Comprehensive Security Suite

    The SRX300 line offers a comprehensive suite of application security services, threat defenses, and intelligence services. The services consist of intrusion prevention system (IPS), application security user role-based firewall controls and cloud-based antivirus, anti-spam, and enhanced Web filtering, protecting networks from the latest content-borne threats. Integrated threat intelligence via Juniper Networks SecIntel offers adaptive threat protection against Command and Control (C&C)-related botnets and policy enforcement based on GeoIP. Customers can also leverage their own custom and third-party feeds for protection from advanced malware and other threats. Integrating the Juniper Networks Advanced Threat Protection solution, the SRX300 line detects and enforces automated protection against known malware and zero-day threats with a very high degree of accuracy.  

    Industry-Certified Junos Operating System

    SRX300 Firewalls run the Junos operating system, a proven, carrier-hardened OS that powers the top 100 service provider networks in the world. The rigorously tested, carrier-class, rich routing features such as IPv4/IPv6, OSPF, BGP, and multicast have been proven over 15 years of worldwide deployments. The SRX300 line also enables agile SecOps through automation capabilities that support Zero Touch Deployment, Python scripts for orchestration, and event scripting for operational management.  

    Features and Benefits

    Business Requirement Feature/Solution SRX300 Advantages
    High performance Up to 20 Gbps of routing and firewall performance
    • Best suited for small, medium and large branch office deployments
    • Addresses future needs for scale and feature capacity
    Business continuity Stateful high availability (HA), IP monitoring
    • Uses stateful HA to synchronize configuration and firewall sessions
    • Supports multiple WAN interface with dial-on-demand backup
    • Route/link failover based on real-time link performance
    SD-WAN Better end-user application and cloud experience and lower operational costs
    • ZTP simplifies remote device provisioning
    • Advanced Policy-Based Routing (APBR) orchestrates business intent policies across the enterprise WAN
    • Application quality of experience (AppQoE) measures application SLAs and improves end-user experience
    • Controls and prioritizes traffic based on application and user role
    End-user experience WAN assurance
    • Complements the Juniper Secure SD-WAN solution with AI-powered automation and service levels
    • Provides visibility and insights into users, applications, WAN links, control and data plane, and CPU for proactive remediation
    Highly secure IPsec VPN, Remote Access/SSL VPN, Media Access Control Security (MACsec)
    • Creates secure, reliable, and fast overlay link over public internet
    • Employs anti-counterfeit features to protect from unauthorized hardware spares
    • Includes high-performance CPU with built-in hardware to assist IPsec acceleration
    • Provides TPM-based protection of device secrets such as passwords and certificates
    • Offers secure and flexible remote access SSL VPN with Juniper Secure Connect
    Threat protection IPS, antivirus, anti-spam, enhanced web filtering, Juniper Advanced Threat Prevention Cloud, Encrypted Traffic Insights, and Threat Intelligence Feeds
    • Provides real-time updates to IPS signatures and protects against exploits
    • Protects from zero-day attacks
    • Implements industry-leading antivirus and URL filtering
    • Integrates open threat intelligence platform with third-party feeds
    • Restores visibility that was lost due to encryption without the heavy burden of full TLS/SSL decryption
    Application visibility On-box GUI, Security Director
    • Detects 4,275 Layer 3-7 applications, including Web 2.0
    • Inspects and detects applications inside the SSL encrypted traffic
    Easy to manage and scale On-box GUI, Security Director
    • Includes centralized management for auto-provisioning, firewall policy management, Network Address Translation (NAT), and IPsec VPN deployments, or simple, easy-to-use on-box GUI for local management
    Minimize TCO Junos OS
    • Integrates routing, switching, and security in a single device
    • Reduces operation expense with Junos automation capabilities
     
    SRX300, SRX320, SRX340, SRX345, SRX380 Image

    SRX300 Specifications

    Software Specifications

    Routing Protocols

    • IPv4, IPv6, ISO, Connectionless Network Service (CLNS)
    • Static routes
    • RIP v1/v2
    • OSPF/OSPF v3
    • BGP with Route Reflector
    • IS-IS
    • Multicast: Internet Group Management Protocol (IGMP) v1/v2, Protocol Independent Multicast (PIM) sparse mode (SM)/dense mode (DM)/source-specific multicast (SSM), Session Description Protocol (SDP), Distance Vector Multicast Routing Protocol (DVMRP), Multicast Source Discovery Protocol (MSDP), Reverse Path Forwarding (RPF)
    • Encapsulation: VLAN, Point-to-Point Protocol (PPP), Frame Relay, High-Level Data Link Control (HDLC), serial, Multilink Point-to-Point Protocol (MLPPP), Multilink Frame Relay (MLFR), and Point-to-Point Protocol over Ethernet (PPPoE)
    • Virtual routers
    • Policy-based routing, source-based routing
    • Equal-cost multipath (ECMP)
     

    QoS Features

    • Support for 802.1p, DiffServ code point (DSCP), EXP
    • Classification based on VLAN, data-link connection identifier (DLCI), interface, bundles, or multifield filters
    • Marking, policing, and shaping
    • Classification and scheduling
    • Weighted random early detection (WRED)
    • Guaranteed and maximum bandwidth
    • Ingress traffic policing
    • Virtual channels
    • Hierarchical shaping and policing
     

    Switching Features

    • ASIC-based Layer 2 Forwarding
    • MAC address learning
    • VLAN addressing and integrated routing and bridging (IRB) support
    • Link aggregation and LACP
    • LLDP and LLDP-MED
    • STP, RSTP, MSTP
    • MVRP
    • 802.1X authentication
     

    Firewall Services

    • Stateful and stateless firewall
    • Zone-based firewall
    • Screens and distributed denial of service (DDoS) protection
    • Protection from protocol and traffic anomaly
    • Integration with Pulse Unified Access Control (UAC)
    • Integration with Aruba Clear Pass Policy Manager
    • User role-based firewall
    • SSL Inspection (Forward-proxy)
     

    Network Address Translation (NAT)

    • Source NAT with Port Address Translation (PAT)
    • Bidirectional 1:1 static NAT
    • Destination NAT with PAT
    • Persistent NAT
    • IPv6 address translation
     

    VPN Features

    • Tunnels: Site-to-Site, Hub and Spoke, Dynamic Endpoint, AutoVPN, ADVPN, Group VPN (IPv4/ IPv6/ Dual Stack)
    • Juniper Secure Connect: Remote access / SSL VPN
    • Configuration payload: Yes
    • IKE Encryption algorithms: Prime, DES-CBC, 3DES-CBC, AEC-CBC, AES-GCM, SuiteB
    • IKE authentication algorithms: MD5, SHA-1, SHA-128, SHA-256, SHA-384
    • Authentication: Pre-shared key and public key infrastructure (PKI) (X.509)
    • IPsec (Internet Protocol Security): Authentication Header (AH) / Encapsulating Security Payload (ESP) protocol
    • IPsec Authentication Algorithms: hmac-md5, hmac-sha-196, hmac-sha-256
    • IPsec Encryption Algorithms: Prime, DES-CBC, 3DES-CBC, AEC-CBC, AES-GCM, SuiteB
    • Perfect forward secrecy, anti-reply
    • Internet Key Exchange: IKEv1, IKEv2
    • Monitoring: Standard-based dead peer detection (DPD) support, VPN monitoring
    • VPNs GRE, IP-in-IP, and MPLS
     

    Network Services

    • Dynamic Host Configuration Protocol (DHCP) client/server/relay
    • Domain Name System (DNS) proxy, dynamic DNS (DDNS)
    • Juniper real-time performance monitoring (RPM) and IP-monitoring
    • Juniper flow monitoring (J-Flow)1
    • Bidirectional Forwarding Detection (BFD)
    • Two-Way Active Measurement Protocol (TWAMP)
    • IEEE 802.3ah Link Fault Management (LFM)
    • IEEE 802.1ag Connectivity Fault Management (CFM)
     

    High Availability Features

    • Virtual Router Redundancy Protocol (VRRP)
    • Stateful high availability
    • Dual box clustering
    • Active/passive
    • Active/active
    • Configuration synchronization
    • Firewall session synchronization
    • Device/link detection
    • In-Band Cluster Upgrade (ICU)
    • Dial on-demand backup interfaces
    • IP monitoring with route and interface failover
     

    Management, Automation, Logging, and Reporting

    • SSH, Telnet, SNMP
    • Smart image download
    • Juniper CLI and Web UI
    • Mist AI
      • Simplified management
      • WAN Assurance
    • Junos Space and Security Director
    • Python
    • Junos OS event, commit, and OP script
    • Application and bandwidth usage reporting
    • Auto installation
    • Debug and troubleshooting tools
    • Zero-Touch Provisioning with Contrail Service Orchestration

    Advanced Routing Services

    • Packet mode
    • MPLS (RSVP, LDP)
    • Circuit cross-connect (CCC), translational cross-connect (TCC)
    • L2/L3 MPLS VPN, pseudowires
    • Virtual private LAN service (VPLS), next-generation multicast VPN (NG-MVPN)
    • MPLS traffic engineering and MPLS fast reroute
     

    Application Security Services1

    • Application visibility and control
    • Application-based firewall
    • Application QoS
    • Application-based advanced policy-based routing
    • Application quality of experience (AppQoE)
     

    Enhanced SD-WAN Services

    • Application-based advanced policy-based routing (APBR)
    • Application-based link monitoring and switchover with Application quality of experience (AppQoE)
     

    Threat Defense and Intelligence Services1

    • Intrusion prevention
    • Antivirus
    • Antispam
    • Category/reputation-based URL filtering
    • Protection from botnets (command and control)
    • Adaptive enforcement based on GeoIP
    • Juniper Advanced Threat Prevention to detect and block zero-day attacks
    • Adaptive Threat Profiling
    • Encrypted Traffic Insights
    • SecIntel to provide threat intelligence
     
    1Offered as advanced security services subscription licenses.  

    Hardware Specifications

    2SRX320 with PoE+ ports available as a separate SKU: SRX320-POE.
    3SRX345 with dual AC PSU model.
    4SRX320 non PoE model.
    5SRX320-POE with 6 ports PoE+ model.
    6SRX345 with DC power supply (operating temperature as per GR-63 Issue 4 2012 test criteria).
    7As per GR63 Issue 4 (2012) test criteria.
    Specification SRX300 SRX320 SRX340 SRX345 SRX380
    Connectivity
    Total onboard ports 8x1GbE 8x1GbE 16x1GbE 16x1GbE 20 (16x1GbE, 4x10GbE)
    Onboard RJ-45 ports 6x1GbE 6x1GbE 8x1GbE 8x1GbE 16x1GbE
    Onboard small form-factor pluggable (SFP) transceiver ports 2x1GbE 2x1GbE 8x1GbE 8x1GbE 4x10GbE SFP+
    MACsec-capable ports 2x1GbE 2x1GbE 16x1GbE 16x1GbE 16x1GbE 4x10GbE
    Out-of-band (OOB) management ports 0 0 1x1GbE 1x1GbE 1x1GbE
    Mini PIM (WAN) slots 0 2 4 4 4
    Console (RJ-45 + miniUSB) 1 1 1 1 1
    USB 3.0 ports (type A) 1 1 1 1 1
    PoE+ ports N/A 62 0 0 16
    Memory and Storage
    System memory (RAM) 4 GB 4 GB 4 GB 4 GB 4GB
    Storage 8 GB 8 GB 8 GB 8 GB 100GB SSD
    SSD slots 0 0 1 1 1
    Dimensions and Power
    Form factor Desktop Desktop 1 U 1 U 1U
    Size (WxHxD) 12.63 x 1.37 x 7.52 in. (32.08 x 3.47 x 19.10 cm) 11.81 x 1.73 x 7.52 in. (29.99 x 4.39 x 19.10 cm) 17.36 x 1.72 x 14.57 in. (44.09 x 4.36 x 37.01 cm) 17.36 x 1.72 x 14.57 in. (44.09 x 4.36 x 37.01 cm) / 17.36 x 1.72 x 18.7 in. (44.09 x 4.36 x 47.5 cm)3 17.36 x 1.72 x 18.7 in. (44.09 x 4.37 x 47.5 cm) / 17.36 x 1.72 x 20.47 in. (44.09 x 4.37 x 52 cm)
    Weight (device and PSU) 4.38 lb (1.98 kg) 3.28 lb (1.51 kg)4 / 3.4 lb (1.55 kb)5 10.80 lb (4.90 kg) 10.80 lb (4.90 kg) / 11.02 lb (5 kg)6 15 lb (6.8 kg) with 1xPSU / 16.76 lb (7.6 kg) with 2xPSU
    Redundant PSU No No No No Yes
    Power supply AC (external) AC (external) AC (internal) AC (internal) / DC (internal)6 1+1 hot-swappable AC PSU
    Rated DC voltage range N/A N/A N/A -48 to -60 VDC (with -15% and +20% tolerance) NA
    Rated DC operating voltage range N/A N/A N/A -40.8 VDC to -72 VDC6 N/A
    Maximum PoE power N/A 180 W5 N/A N/A 480W
    Average power consumption 24.9 W 46 W4/221 W5 122 W 122 W 150 W (without PoE) 510 W (with PoE)
    Average heat dissipation 85 BTU/h 157 BTU/h4/755 BTU/h5 420 BTU/h 420 BTU/h 511.5 BTU/hr (without PoE)
    Maximum current consumption 0.346 A 0.634 A4/2.755 A5 1.496 A 1.496 A / 6A @ -48 VDC6 1.79A/7.32A
    Acoustic noise level 0dB (fanless) 37 dBA4/40 dBA5 45.5 dBA 45.5 dBA < 50dBA @ room temperature 27C
    Airflow/cooling Fanless Front to back Front to back Front to back Front to back
    Environmental, Compliance, and Safety Certification
    Operational temperature -4° to 140° F (-20° to 60° C)7 32° to 104° F (0° to 40° C) 32° to 104° F (0° to 40° C) 32° to 104° F (0° to 40° C) -22° to 131° F (-30° to 55° C) for SRX345-DC 32° to 104° F (0° to 40° C) with MPIMs32° to 122° F (0° to 50° C) without MPIMs
    Nonoperational temperature -4° to 158° F (-20° to 70° C) -4° to 158° F (-20° to 70° C) -4° to 158° F (-20° to 70° C) -4° to 158° F (-20° to 70° C) -22° to 158° F (-30° to 70° C) for SRX345-DC -4° to 158° F (-20° to 70° C)
    Operating humidity 10% to 90% noncondensing 10% to 90% noncondensing 10% to 90% noncondensing 10% to 90% noncondensing 10% to 90% noncondensing
    Nonoperating humidity 5% to 95% noncondensing 5% to 95% noncondensing 5% to 95% noncondensing 5% to 95% noncondensing 5% to 95% noncondensing
    Meantime between failures (MTBF) 44.5 years 32.5 years4/ 26 years5 27 years 27.4 years 28.1 years
    FCC classification Class A Class A Class A Class A Class A
    RoHS compliance RoHS 2 RoHS 2 RoHS 2 RoHS 2 RoHS 2
    FIPS 140-2 Level 2 (Junos 15.1X49-D60) Level 1 (Junos 15.1X49-D60) Level 2 (Junos 15.1X49-D60) Level 2 (Junos 15.1X49-D60) N/A
    Common Criteria certification NDPP, VPNEP, FWEP, IPSEP (based on Junos 15.1X49-D60) NDPP, VPNEP, FWEP, IPSEP (based on Junos 15.1X49-D60) NDPP, VPNEP, FWEP, IPSEP (based on Junos 15.1X49-D60) NDPP, VPNEP, FWEP, IPSEP (based on Junos 15.1X49-D60) N/A
     

    Performance and Scale

    8Throughput numbers based on UDP packets and RFC2544 test methodology.
    9Throughput numbers based on HTTP traffic with 44 KB transaction size.
    10Route scaling numbers are with enhanced route-scale features turned on.
    11Next-Generation firewall performance is measured with Firewall, Application Security and IPS enabled using 64KB transactions
    12Secure Web Access firewall performance is measured with Firewall, Application Security, IPS, SecIntel, and URL Filtering enabled using 64KB transactions
    Parameter SRX300 SRX320 SRX340 SRX345 SRX380
    Routing with packet mode (64 B packet size) in Kpps8 300 300 550 750 1700
    Routing with packet mode (IMIX packet size) in Mbps8 800 800 1,600 2,300 5000
    Routing with packet mode (1,518 B packet size in Mbps8 1,500 1,500 3,000 5,500 10,000
    Stateful firewall (64 B packet size) in Kpps8 200 200 350 550 1700
    Stateful firewall (IMIX packet size) in Mbps8 600 600 1,100 1,500 6,500
    Stateful firewall (1,518 B packet size) in Mbps8 1,900 1,900 4,700 5,000 20,000
    IPsec VPN (IMIX packet size) in Mbps8 116 116 239 325 1400
    IPsec VPN (1,400 B packet size) in Mbps8 336 336 733 977 4,400
    Application visibility and control in Mbps9 500 500 1,000 1,700 6,000
    Recommended IPS in Mbps9 200 200 400 600 2,000
    Next-generation firewall in Mbps11 226 226 420 430 2,500
    Secure Web Access firewall in Mbps12 171 171 280 295 1,800
    Route table size (RIB/FIB) (IPv4 or IPv6) 256,000/256,000 256,000/256,000 1 million/600,00010 1 million/600,00010 1 million/600,00010
    Maximum concurrent sessions (IPv4 or IPv6) 64,000 64,000 256,000 375,000 380,000
    Maximum security policies 1,000 1,000 2,000 4,000 4,000
    Connections per second 5,000 5,000 10,000 15,000 50,000
    NAT rules 1,000 1,000 2,000 2,000 3,000
    MAC table size 15,000 15,000 15,000 15,000 16,000
    IPsec VPN tunnels 256 256 1,024 2,048 2,048
    Number of remote access/SSL VPN (concurrent) users 25 50 150 250 500
    GRE tunnels 256 256 512 1,024 2,048
    Maximum number of security zones 16 16 64 64 128
    Maximum number of virtual routers 32 32 64 128 128
    Maximum number of VLANs 1,000 1,000 2,000 3,000 3,000
    AppID sessions 16,000 16,000 64,000 64,000 64,000
    IPS sessions 16,000 16,000 64,000 64,000 64,000
    URLF sessions 16,000 16,000 64,000 64,000 64,000
     

    WAN and Wi-Fi Interface Support Matrix

    WAN and Wi-Fi Interface SRX300 SRX320 SRX340 SRX345 SRX380
    1 port T1/E1 MPIM (SRX-MP-1T1E1-R) No Yes Yes Yes Yes
    1 port VDSL2 Annex A/M MPIM (SRX-MP-1VDSL2-R) No Yes Yes Yes Yes
    4G / LTE MPIM (SRX-MP-LTE-AA and SRX-MP-LTE-AE) No Yes Yes Yes Yes
    802.11ac Wave 2 Wi-Fi MPIM No Yes Yes Yes Yes
     

    WAN and Wi-Fi Interface Module Performance Data

    Interface Module Description Performance
    4G/LTE Dual SIM 4G/LTE-A CAT 6 Up to 300 Mbps download and 50 Mbps upload
    Wi-Fi MPIM Dual band 802.11 a/b/g/n/ac Wave 2 (2x2 MIMO) Up to 866 Mbps at 5GHz / 300 Mbps at 2.4GHz
     

    Juniper Networks Services and Support

    Juniper Networks is the leader in performance-enabling services that are designed to accelerate, extend, and optimize your high-performance network. Our services allow you to maximize operational efficiency while reducing costs and minimizing risk, achieving a faster time to value for your network. Juniper Networks ensures operational excellence by optimizing the network to maintain required levels of performance, reliability, and availability. For more details, please visit https://www.juniper.net/us/en/products.html.  

    Ordering Information

    To order Juniper Networks SRX Series Firewalls, and to access software licensing information, please visit the How to Buy page at https://www.juniper.net/us/en/how-to-buy/form.html
    11 Based on concurrent users; two free licenses included
    SRXnnn-SYS-JB
    Hardware Included
    Management (CLI, JWEB, SNMP, Telnet, SSH) Included
    Ethernet switching (L2 Forwarding, IRB, LACP etc) Included
    L2 Transparent, Secure Wire Included
    Routing (RIP, OSPF, BGP, Virtual router) Included
    Multicast (IGMP, PIM, SSDP, DMVRP) Included
    Packet Mode Included
    Overlay (GRE, IP-IP) Included
    Network Services (J-Flow, DHCP, QOS, BFD) Included
    Stateful Firewall, Screens, ALGs Included
    NAT (static, SNAT, DNAT) Included
    IPSec VPN (Site-to-Site VPN, Auto VPN, Group VPN) Included
    Firewall policy enforcement (UAC, Aruba CPPM) Included
    Remote Access/SSL VPN (concurrent users)11 Optional
    Chassis Cluster, VRRP, ISSU/ICU Included
    Automation (Junos scripting, auto-installation) Included
    MPLS, LDP, RSVP, L3 VPN, pseudo-wires, VPLS Included
     

    Base System Model Numbers

    Product Number Description
    SRX300-SYS-JB SRX300 Firewalls includes hardware (8GbE, 4G RAM, 8G Flash, power adapter and cable) and Junos Software Base (firewall, NAT, IPSec, routing, MPLS and switching). RMK not included.
    SRX320-SYS-JB SRX320 Firewalls includes hardware (8GbE, 2x MPIM slots, 4G RAM, 8G Flash, power adapter and cable) and Junos Software Base (firewall, NAT, IPSec, routing, MPLS and switching). RMK not included.
    SRX320-SYS-JB-P SRX320 Firewalls includes hardware (8GbE, 6-port POE+, 2x MPIM slots, 4G RAM, 8G Flash, power adapter and cable) and Junos Software Base (firewall, NAT, IPSec, routing, MPLS and switching). RMK not included.
    SRX340-SYS-JB SRX340 Firewalls includes hardware (16GbE, 4x MPIM slots, 4G RAM, 8G Flash, power supply, cable and RMK) and Junos Software Base (firewall, NAT, IPSec, routing, MPLS and switching)
    SRX345-SYS-JB SRX345 Firewalls includes hardware (16GbE, 4x MPIM slots, 4G RAM, 8G Flash, power supply, cable and RMK) and Junos Software Base (firewall, NAT, IPSec, routing, MPLS and switching)
    SRX345-SYS-JB-2AC SRX345 Firewalls includes hardware (16GbE, 4x MPIM slots, 4G RAM, 8G Flash, dual AC power supply, cable and RMK) and Junos Software Base (firewall, NAT, IPSec, routing, MPLS and switching)
    SRX345-SYS-JB-DC SRX345 Firewalls includes hardware (16GbE, 4x MPIM slots, 4G RAM, 8G Flash, single DC power supply, cable and RMK) and Junos Software Base (firewall, NAT, IPSec, routing, MPLS and switching)
    SRX380-P-SYS-JB-AC SRX380 Firewalls includes hardware (16GbE PoE+, 4x10GbE, 4x MPIM slots, 4GB RAM, 100GB SSD, single AC power supply, cable and RMK) and Junos Software Base (firewall, NAT, IPSec, routing, MPLS and switching)
     

    Software Licenses

    12The S-SRXnnn-P2-1/3/5 year SKUs are only available for the SRX340, SRX345, and SRX380 models.
    Product Number Description
    S-SRXnnn-A1-1 SRXnnn Advanced 1 - JSE/SD-WAN, includes SD-WAN features App+ (AppID, AppFW, AppQoS, AppRoute, AppQoE, AppTrack) and IPS; 1-year subscription (example: S-SRX380-A1-1)
    S-SRXnnn-A1-3 SRXnnn Advanced 1 - JSE/SD-WAN, includes SD-WAN features App+ (AppID, AppFW, AppQoS, AppRoute, AppQoE, AppTrack) and IPS; 3-year subscription (example: S-SRX380-A1-3)
    S-SRXnnn-A1-5 SRXnnn Advanced 1 - JSE/SD-WAN, includes SD-WAN features App+ (AppID, AppFW, AppQoS, AppRoute, AppQoE, AppTrack) and IPS; 5-year subscription (example: S-SRX380-A1-5]
    S-SRXnnn-P1-1 SRXnnn Premium 1, includes App+ (AppID, AppFW, AppQoS, AppRoute, AppQoE, AppTrack), IPS and Juniper ATP; 1-year subscription (example: S-SRX380-P1-1)
    S-SRXnnn-P1-3 SRXnnn Premium 1, includes App+ (AppID, AppFW, AppQoS, AppRoute, AppQoE, AppTrack), IPS and Juniper ATP; 3-year subscription (example: S-SRX380-P1-3)
    S-SRXnnn-P1-5 SRXnnn Premium 1, includes App+ (AppID, AppFW, AppQoS, AppRoute, AppQoE, AppTrack), IPS and Juniper ATP; 5-year subscription (example: S-SRX380-P1-5)
    S-SRXnnn-A2-1 SRXnnn Advanced 2, includes App+ (AppID, AppFW, AppQoS, AppRoute, AppQoE, AppTrack), IPS and Content Security (UTM, Cloud AV, URLF and AS); 1-year subscription (example: S-SRX380-A2-1)
    S-SRXnnn-A2-3 SRXnnn Advanced 2, includes App+ (AppID, AppFW, AppQoS, AppRoute, AppQoE, AppTrack), IPS and Content Security (UTM, Cloud AV, URLF and AS); 3-year subscription (example: S-SRX380-A2-3)
    S-SRXnnn-A2-5 SRXnnn Advanced 2, includes App+ (AppID, AppFW, AppQoS, AppRoute, AppQoE, AppTrack), IPS and Content Security (UTM, Cloud AV, URLF and AS); 5-year subscription (example: S-SRX380-A2-5)
    S-SRXnnn-P2-112 SRXnnn Premium 2, includes App+ (AppID, AppFW, AppQoS, AppRoute, AppQoE, AppTrack), IPS, Content Security (UTM, Cloud AV, URLF and AS) and Juniper Sky ATP; 1-year subscription (example: S-SRX380-P2-1)
    S-SRXnnn-P2-312 SRXnnn Premium 2, includes App+ (AppID, AppFW, AppQoS, AppRoute, AppQoE, AppTrack), IPS, Content Security (UTM, Cloud AV, URLF and AS) and Juniper Sky ATP; 3-year subscription (example: S-SRX380-P2-3)
    S-SRXnnn-P2-512 SRXnnn Premium 2, includes App+ (AppID, AppFW, AppQoS, AppRoute, AppQoE, AppTrack), IPS, Content Security (UTM, Cloud AV, URLF and AS) and Juniper Sky ATP; 5-year subscription (example: S-SRX380-P2-5)
     

    Remote Access/Juniper Secure Connect VPN Licenses

    Product Number Description
    S-RA3-SRX300-S-1 SW, Remote Access VPN - Juniper, 25 Concurrent Users, Standard, with SW support, 1 Year
    S-RA3-SRX320-S-1 SW, Remote Access VPN - Juniper, 50 Concurrent Users, Standard, with SW support, 1 Year
    S-RA3-SRX340-S-1 SW, Remote Access VPN - Juniper, 150 Concurrent Users, Standard, with SW support, 1 Year
    S-RA3-SRX345-S-1 SW, Remote Access VPN - Juniper, 250 Concurrent Users, Standard, with SW support, 1 Year
    S-RA3-SRX380-S-1 SW, Remote Access VPN - Juniper, 500 Concurrent Users, Standard, with SW support, 1 Year
     S-RA3-5CCU-S-1 SW, Remote Access VPN - Juniper, 5 Concurrent Users, Standard, with SW support, 1 Year
     S-RA3-25CCU-S-1 SW, Remote Access VPN - Juniper, 25 Concurrent Users, Standard, with SW support, 1 Year
     S-RA3-50CCU-S-1 SW, Remote Access VPN - Juniper, 50 Concurrent Users, Standard, with SW support, 1 Year
     S-RA3-100CCU-S-1 SW, Remote Access VPN - Juniper, 100 Concurrent Users, Standard, with SW support, 1 Year
     S-RA3-250CCU-S-1 SW, Remote Access VPN - Juniper, 250 Concurrent Users, Standard, with SW support, 1 Year
     S-RA3-500CCU-S-1 SW, Remote Access VPN - Juniper, 500 Concurrent Users, Standard, with SW support, 1 Year
     S-RA3-SRX300-S-3 SW, Remote Access VPN - Juniper, 25 Concurrent Users, Standard, with SW support, 3 Year
     S-RA3-SRX320-S-3 SW, Remote Access VPN - Juniper, 50 Concurrent Users, Standard, with SW support, 3 Year
     S-RA3-SRX340-S-3 SW, Remote Access VPN - Juniper, 150 Concurrent Users, Standard, with SW support, 3 Year
     S-RA3-SRX345-S-3 SW, Remote Access VPN - Juniper, 250 Concurrent Users, Standard, with SW support, 3 Year
     S-RA3-SRX380-S-3 SW, Remote Access VPN - Juniper, 500 Concurrent Users, Standard, with SW support, 3 Year
     S-RA3-5CCU-S-3 SW, Remote Access VPN - Juniper, 5 Concurrent Users, Standard, with SW support, 3 Year
     S-RA3-25CCU-S-3 SW, Remote Access VPN - Juniper, 25 Concurrent Users, Standard, with SW support, 3 Year
     S-RA3-50CCU-S-3 SW, Remote Access VPN - Juniper, 50 Concurrent Users, Standard, with SW support, 3 Year
     S-RA3-100CCU-S-3 SW, Remote Access VPN - Juniper, 100 Concurrent Users, Standard, with SW support, 3 Year
     S-RA3-250CCU-S-3 SW, Remote Access VPN - Juniper, 250 Concurrent Users, Standard, with SW support, 3 Year
     S-RA3-500CCU-S-3 SW, Remote Access VPN - Juniper, 500 Concurrent Users, Standard, with SW support, 3 Year
     

    Interface Modules

    Product Number Description
    SRX-MP-1T1E1-R 1 port T1E1, MPIM form factor supported on SRX320, SRX340, SRX345, SRX380, and SRX550M. ROHS complaint
    SRX-MP-1VDSL2-R 1 port VDSL2 (backward compatible with ADSL / ADSL2+), MPIM form factor supported on SRX320, SRX340, SRX345, SRX380, and SRX550M. ROHS complaint
    SRX-MP-LTE-AA 4G / LTE MPIM support 1, 3, 5, 7-8, 18-19, 21, 28, 38-41 LTE bands (for Asia and Australia). Supported on SRX320, SRX340, SRX345, SRX380, and SRX550M
    SRX-MP-LTE-AE 4G / LTE MPIM support 1-5, 7-8, 12-13, 30, 25-26, 29-30, 41 LTE bands (for Americas and EMEA). Supported on SRX320, SRX340, SRX345, SRX380, and SRX550M
    SRX-MP-WLAN-US Wireless access point (Wi-Fi) MPIM for SRX320, SRX34x, SRX380, and SRX550M. Supported for U.S. regulatory bands only.
    SRX-MP-WLAN-WW Wireless access point (Wi-Fi) MPIM for SRX320, SRX34x, SRX380, and SRX550M. Supported for worldwide regulatory bands (excluding U.S. and Israel).
    SRX-MP-WLAN-IL Wireless access point (Wi-Fi) MPIM for SRX320, SRX34x, SRX380, and SRX550M. Supported for Israel regulatory bands only.
    SRX-MP-ANT-EXT Antenna extension cable for WLAN MPIM on SRX Series platforms
     

    Accessories

    Product Number Description
    SRX300-RMK0 SRX300 rack mount kit with adaptor tray
    SRX300-RMK1 SRX300 rack mount kit without adaptor tray
    SRX300-WALL-KIT0 SRX300 wall mount kit with brackets
    SRX320-P-RMK0 SRX320-POE rack mount kit with adaptor tray
    SRX320-P-RMK1 SRX300-POE rack mount kit without adaptor tray
    SRX320-RMK0 SRX320 rack mount kit with adaptor tray
    SRX320-RMK1 SRX320 rack mount kit without adaptor tray
    SRX320-WALL-KIT0 SRX320 wall mount kit with brackets
    SRX34X-RMK SRX340 and SRX345 rack mount kit
    EX-4PST-RMK SRX380 rack mount kit
    JSU-SSD-MLC-100 Juniper Storage Unit, SSD, MLC, 100GB
    JPSU-600-AC-AFO SRX380 600W AC PSU, front-to-back
    Add to cart Details

  • Juniper SRX340 Firewall

    ASK FOR PRICE

    Product Overview

    The SRX300 line of firewalls combines securitySD-WANroutingswitching, and WAN interfaces with next-generation firewall and advanced threat mitigation capabilities for cost-effective, secure connectivity across distributed enterprise locations. By consolidating fast, highly available switching, routing, security, and next-generation firewall capabilities in a single device, enterprises can remove network complexity, protect and prioritize their resources, and improve user and application experience while lowering total cost of ownership (TCO).  
    SRX300 front with top low view

    Product Description

    Juniper Networks® SRX300 line of firewalls delivers a next-generation secure SD-WAN and security solution that supports the changing needs of cloud-enabled enterprise networks. Whether rolling out new services and applications across locations, connecting to the cloud, or trying to achieve operational efficiency, the SRX300 line helps organizations realize their business objectives while providing scalable, easy to manage, secure connectivity and advanced threat mitigation capabilities. Next-generation firewall and unified threat management (UTM) capabilities also make it easier to detect and proactively mitigate threats to improve the user and application experience. The SRX300 line consists of five models:
    • SRX300: Securing small branch or retail offices, the SRX300 Firewall consolidates security, routing, switching, and WAN connectivity in a small desktop device. The SRX300 supports up to 1.9 Gbps firewall and 336 Mbps IPsec VPN in a single, cost-effective networking and security platform.
    • SRX320: Securely connecting small distributed enterprise branch offices, the SRX320 Firewall consolidates security, routing, switching, and WAN connectivity in a small desktop device. The SRX320 supports up to 1.9 Gbps firewall and 336 Mbps IPsec VPN in a single, consolidated, cost-effective networking and security platform.
    • SRX340: Securely connecting midsize distributed enterprise branch offices, the SRX340 Firewall consolidates security, routing, switching, and WAN connectivity in a 1 U form factor. The SRX340 supports up to 4.7 Gbps firewall and 733 Mbps IPsec VPN in a single, cost-effective networking and security platform.
    • SRX345: Best suited for midsize to large distributed enterprise branch offices, the SRX345 Firewall consolidates security, routing, switching, and WAN connectivity in a 1 U form factor. The SRX345 supports up to 5 Gbps firewall and 977 Mbps IPsec VPN in a single, consolidated, cost-effective networking and security platform.
    • SRX380: A high-performance and secure SD-WAN gateway, the SRX380 offers superior and reliable WAN connectivity while consolidating security, routing, and switching for distributed enterprise offices. The SRX380 features greater port density than other SRX300 models, with 16x1GbE PoE+ and 4x10GbE ports, and includes redundant dual power supplies, all in a 1 U form factor. The SRX380 supports up to 20Gbps firewall and 4.4 Gbps IPSec VPN in a single, consolidated, cost-effective networking and security platform.
     

    SRX300 Highlights

    The SRX300 line of firewalls consists of secure SD-WAN routers that bring high performance and proven deployment capabilities to enterprises that need to build a worldwide network of thousands of remote sites. WAN or Internet connectivity and Wi-Fi module options include:
    • Ethernet, T1/E1, ADSL2/2+, and VDSL
    • 3G/4G LTE wireless
    • 802.11ac Wave 2 Wi-Fi
     

    Mist AI

    WAN Assurance

    Mist WAN Assurance is a cloud service that brings AI-powered automation and service levels to Juniper SRX Series Firewalls, complementing the Juniper Secure SD-WAN solution. Mist WAN Assurance transforms IT operations from reactive troubleshooting to proactive remediation, turning insights into actions and delivering operational simplicity with seamless integration into existing deployments.
    • SRX Series firewalls, deployed as secure SD-WAN edge devices, deliver the rich Junos streaming telemetry that provides the insights needed for WAN health metrics and anomaly detection. This data is leveraged within the Mist Cloud and AI engine, driving simpler operations, reducing mean time to repair (MTTR) and providing greater visibility into end-user experiences.
    • Insights derived from SRX Series SD-WAN gateway telemetry data allows WAN Assurance to compute unique “User Minutes” that indicate whether users are having a good experience.
    • The Marvis assistant for WAN allows you to ask direct questions like “Why is my Zoom call bad?” and provides complete insights, correlation, and actions.
    • Marvis Actions identifies and summarizes issues such as application latency conditions, congested WAN circuits, or negotiation mismatches.
     

    Simplifying Branch Deployments (Secure Connectivity/SD-WAN)

    The SRX300 line delivers fully automated SD-WAN to both enterprises and service providers.
    • A Zero-Touch Provisioning (ZTP) feature simplifies branch network connectivity for initial deployment and ongoing management.
    • SRX300 firewalls offer best-in-class secure connectivity.
    • The SRX300 firewalls efficiently utilize multiple links and load balance traffic across the enterprise WAN, blending traditional MPLS with other connectivity options such as broadband internet, leased lines, 4G/LTE, and more.
    • Policy- and application-based forwarding capabilities enforce business rules created by the enterprise to steer application traffic towards a preferred path.
     

    Comprehensive Security Suite

    The SRX300 line offers a comprehensive suite of application security services, threat defenses, and intelligence services. The services consist of intrusion prevention system (IPS), application security user role-based firewall controls and cloud-based antivirus, anti-spam, and enhanced Web filtering, protecting networks from the latest content-borne threats. Integrated threat intelligence via Juniper Networks SecIntel offers adaptive threat protection against Command and Control (C&C)-related botnets and policy enforcement based on GeoIP. Customers can also leverage their own custom and third-party feeds for protection from advanced malware and other threats. Integrating the Juniper Networks Advanced Threat Protection solution, the SRX300 line detects and enforces automated protection against known malware and zero-day threats with a very high degree of accuracy.  

    Industry-Certified Junos Operating System

    SRX300 Firewalls run the Junos operating system, a proven, carrier-hardened OS that powers the top 100 service provider networks in the world. The rigorously tested, carrier-class, rich routing features such as IPv4/IPv6, OSPF, BGP, and multicast have been proven over 15 years of worldwide deployments. The SRX300 line also enables agile SecOps through automation capabilities that support Zero Touch Deployment, Python scripts for orchestration, and event scripting for operational management.  

    Features and Benefits

    Business Requirement Feature/Solution SRX300 Advantages
    High performance Up to 20 Gbps of routing and firewall performance
    • Best suited for small, medium and large branch office deployments
    • Addresses future needs for scale and feature capacity
    Business continuity Stateful high availability (HA), IP monitoring
    • Uses stateful HA to synchronize configuration and firewall sessions
    • Supports multiple WAN interface with dial-on-demand backup
    • Route/link failover based on real-time link performance
    SD-WAN Better end-user application and cloud experience and lower operational costs
    • ZTP simplifies remote device provisioning
    • Advanced Policy-Based Routing (APBR) orchestrates business intent policies across the enterprise WAN
    • Application quality of experience (AppQoE) measures application SLAs and improves end-user experience
    • Controls and prioritizes traffic based on application and user role
    End-user experience WAN assurance
    • Complements the Juniper Secure SD-WAN solution with AI-powered automation and service levels
    • Provides visibility and insights into users, applications, WAN links, control and data plane, and CPU for proactive remediation
    Highly secure IPsec VPN, Remote Access/SSL VPN, Media Access Control Security (MACsec)
    • Creates secure, reliable, and fast overlay link over public internet
    • Employs anti-counterfeit features to protect from unauthorized hardware spares
    • Includes high-performance CPU with built-in hardware to assist IPsec acceleration
    • Provides TPM-based protection of device secrets such as passwords and certificates
    • Offers secure and flexible remote access SSL VPN with Juniper Secure Connect
    Threat protection IPS, antivirus, anti-spam, enhanced web filtering, Juniper Advanced Threat Prevention Cloud, Encrypted Traffic Insights, and Threat Intelligence Feeds
    • Provides real-time updates to IPS signatures and protects against exploits
    • Protects from zero-day attacks
    • Implements industry-leading antivirus and URL filtering
    • Integrates open threat intelligence platform with third-party feeds
    • Restores visibility that was lost due to encryption without the heavy burden of full TLS/SSL decryption
    Application visibility On-box GUI, Security Director
    • Detects 4,275 Layer 3-7 applications, including Web 2.0
    • Inspects and detects applications inside the SSL encrypted traffic
    Easy to manage and scale On-box GUI, Security Director
    • Includes centralized management for auto-provisioning, firewall policy management, Network Address Translation (NAT), and IPsec VPN deployments, or simple, easy-to-use on-box GUI for local management
    Minimize TCO Junos OS
    • Integrates routing, switching, and security in a single device
    • Reduces operation expense with Junos automation capabilities
     
    SRX300, SRX320, SRX340, SRX345, SRX380 Image

    SRX300 Specifications

    Software Specifications

    Routing Protocols

    • IPv4, IPv6, ISO, Connectionless Network Service (CLNS)
    • Static routes
    • RIP v1/v2
    • OSPF/OSPF v3
    • BGP with Route Reflector
    • IS-IS
    • Multicast: Internet Group Management Protocol (IGMP) v1/v2, Protocol Independent Multicast (PIM) sparse mode (SM)/dense mode (DM)/source-specific multicast (SSM), Session Description Protocol (SDP), Distance Vector Multicast Routing Protocol (DVMRP), Multicast Source Discovery Protocol (MSDP), Reverse Path Forwarding (RPF)
    • Encapsulation: VLAN, Point-to-Point Protocol (PPP), Frame Relay, High-Level Data Link Control (HDLC), serial, Multilink Point-to-Point Protocol (MLPPP), Multilink Frame Relay (MLFR), and Point-to-Point Protocol over Ethernet (PPPoE)
    • Virtual routers
    • Policy-based routing, source-based routing
    • Equal-cost multipath (ECMP)
     

    QoS Features

    • Support for 802.1p, DiffServ code point (DSCP), EXP
    • Classification based on VLAN, data-link connection identifier (DLCI), interface, bundles, or multifield filters
    • Marking, policing, and shaping
    • Classification and scheduling
    • Weighted random early detection (WRED)
    • Guaranteed and maximum bandwidth
    • Ingress traffic policing
    • Virtual channels
    • Hierarchical shaping and policing
     

    Switching Features

    • ASIC-based Layer 2 Forwarding
    • MAC address learning
    • VLAN addressing and integrated routing and bridging (IRB) support
    • Link aggregation and LACP
    • LLDP and LLDP-MED
    • STP, RSTP, MSTP
    • MVRP
    • 802.1X authentication
     

    Firewall Services

    • Stateful and stateless firewall
    • Zone-based firewall
    • Screens and distributed denial of service (DDoS) protection
    • Protection from protocol and traffic anomaly
    • Integration with Pulse Unified Access Control (UAC)
    • Integration with Aruba Clear Pass Policy Manager
    • User role-based firewall
    • SSL Inspection (Forward-proxy)
     

    Network Address Translation (NAT)

    • Source NAT with Port Address Translation (PAT)
    • Bidirectional 1:1 static NAT
    • Destination NAT with PAT
    • Persistent NAT
    • IPv6 address translation
     

    VPN Features

    • Tunnels: Site-to-Site, Hub and Spoke, Dynamic Endpoint, AutoVPN, ADVPN, Group VPN (IPv4/ IPv6/ Dual Stack)
    • Juniper Secure Connect: Remote access / SSL VPN
    • Configuration payload: Yes
    • IKE Encryption algorithms: Prime, DES-CBC, 3DES-CBC, AEC-CBC, AES-GCM, SuiteB
    • IKE authentication algorithms: MD5, SHA-1, SHA-128, SHA-256, SHA-384
    • Authentication: Pre-shared key and public key infrastructure (PKI) (X.509)
    • IPsec (Internet Protocol Security): Authentication Header (AH) / Encapsulating Security Payload (ESP) protocol
    • IPsec Authentication Algorithms: hmac-md5, hmac-sha-196, hmac-sha-256
    • IPsec Encryption Algorithms: Prime, DES-CBC, 3DES-CBC, AEC-CBC, AES-GCM, SuiteB
    • Perfect forward secrecy, anti-reply
    • Internet Key Exchange: IKEv1, IKEv2
    • Monitoring: Standard-based dead peer detection (DPD) support, VPN monitoring
    • VPNs GRE, IP-in-IP, and MPLS
     

    Network Services

    • Dynamic Host Configuration Protocol (DHCP) client/server/relay
    • Domain Name System (DNS) proxy, dynamic DNS (DDNS)
    • Juniper real-time performance monitoring (RPM) and IP-monitoring
    • Juniper flow monitoring (J-Flow)1
    • Bidirectional Forwarding Detection (BFD)
    • Two-Way Active Measurement Protocol (TWAMP)
    • IEEE 802.3ah Link Fault Management (LFM)
    • IEEE 802.1ag Connectivity Fault Management (CFM)
     

    High Availability Features

    • Virtual Router Redundancy Protocol (VRRP)
    • Stateful high availability
    • Dual box clustering
    • Active/passive
    • Active/active
    • Configuration synchronization
    • Firewall session synchronization
    • Device/link detection
    • In-Band Cluster Upgrade (ICU)
    • Dial on-demand backup interfaces
    • IP monitoring with route and interface failover
     

    Management, Automation, Logging, and Reporting

    • SSH, Telnet, SNMP
    • Smart image download
    • Juniper CLI and Web UI
    • Mist AI
      • Simplified management
      • WAN Assurance
    • Junos Space and Security Director
    • Python
    • Junos OS event, commit, and OP script
    • Application and bandwidth usage reporting
    • Auto installation
    • Debug and troubleshooting tools
    • Zero-Touch Provisioning with Contrail Service Orchestration

    Advanced Routing Services

    • Packet mode
    • MPLS (RSVP, LDP)
    • Circuit cross-connect (CCC), translational cross-connect (TCC)
    • L2/L3 MPLS VPN, pseudowires
    • Virtual private LAN service (VPLS), next-generation multicast VPN (NG-MVPN)
    • MPLS traffic engineering and MPLS fast reroute
     

    Application Security Services1

    • Application visibility and control
    • Application-based firewall
    • Application QoS
    • Application-based advanced policy-based routing
    • Application quality of experience (AppQoE)
     

    Enhanced SD-WAN Services

    • Application-based advanced policy-based routing (APBR)
    • Application-based link monitoring and switchover with Application quality of experience (AppQoE)
     

    Threat Defense and Intelligence Services1

    • Intrusion prevention
    • Antivirus
    • Antispam
    • Category/reputation-based URL filtering
    • Protection from botnets (command and control)
    • Adaptive enforcement based on GeoIP
    • Juniper Advanced Threat Prevention to detect and block zero-day attacks
    • Adaptive Threat Profiling
    • Encrypted Traffic Insights
    • SecIntel to provide threat intelligence
     
    1Offered as advanced security services subscription licenses.  

    Hardware Specifications

    2SRX320 with PoE+ ports available as a separate SKU: SRX320-POE.
    3SRX345 with dual AC PSU model.
    4SRX320 non PoE model.
    5SRX320-POE with 6 ports PoE+ model.
    6SRX345 with DC power supply (operating temperature as per GR-63 Issue 4 2012 test criteria).
    7As per GR63 Issue 4 (2012) test criteria.
    Specification SRX300 SRX320 SRX340 SRX345 SRX380
    Connectivity
    Total onboard ports 8x1GbE 8x1GbE 16x1GbE 16x1GbE 20 (16x1GbE, 4x10GbE)
    Onboard RJ-45 ports 6x1GbE 6x1GbE 8x1GbE 8x1GbE 16x1GbE
    Onboard small form-factor pluggable (SFP) transceiver ports 2x1GbE 2x1GbE 8x1GbE 8x1GbE 4x10GbE SFP+
    MACsec-capable ports 2x1GbE 2x1GbE 16x1GbE 16x1GbE 16x1GbE 4x10GbE
    Out-of-band (OOB) management ports 0 0 1x1GbE 1x1GbE 1x1GbE
    Mini PIM (WAN) slots 0 2 4 4 4
    Console (RJ-45 + miniUSB) 1 1 1 1 1
    USB 3.0 ports (type A) 1 1 1 1 1
    PoE+ ports N/A 62 0 0 16
    Memory and Storage
    System memory (RAM) 4 GB 4 GB 4 GB 4 GB 4GB
    Storage 8 GB 8 GB 8 GB 8 GB 100GB SSD
    SSD slots 0 0 1 1 1
    Dimensions and Power
    Form factor Desktop Desktop 1 U 1 U 1U
    Size (WxHxD) 12.63 x 1.37 x 7.52 in. (32.08 x 3.47 x 19.10 cm) 11.81 x 1.73 x 7.52 in. (29.99 x 4.39 x 19.10 cm) 17.36 x 1.72 x 14.57 in. (44.09 x 4.36 x 37.01 cm) 17.36 x 1.72 x 14.57 in. (44.09 x 4.36 x 37.01 cm) / 17.36 x 1.72 x 18.7 in. (44.09 x 4.36 x 47.5 cm)3 17.36 x 1.72 x 18.7 in. (44.09 x 4.37 x 47.5 cm) / 17.36 x 1.72 x 20.47 in. (44.09 x 4.37 x 52 cm)
    Weight (device and PSU) 4.38 lb (1.98 kg) 3.28 lb (1.51 kg)4 / 3.4 lb (1.55 kb)5 10.80 lb (4.90 kg) 10.80 lb (4.90 kg) / 11.02 lb (5 kg)6 15 lb (6.8 kg) with 1xPSU / 16.76 lb (7.6 kg) with 2xPSU
    Redundant PSU No No No No Yes
    Power supply AC (external) AC (external) AC (internal) AC (internal) / DC (internal)6 1+1 hot-swappable AC PSU
    Rated DC voltage range N/A N/A N/A -48 to -60 VDC (with -15% and +20% tolerance) NA
    Rated DC operating voltage range N/A N/A N/A -40.8 VDC to -72 VDC6 N/A
    Maximum PoE power N/A 180 W5 N/A N/A 480W
    Average power consumption 24.9 W 46 W4/221 W5 122 W 122 W 150 W (without PoE) 510 W (with PoE)
    Average heat dissipation 85 BTU/h 157 BTU/h4/755 BTU/h5 420 BTU/h 420 BTU/h 511.5 BTU/hr (without PoE)
    Maximum current consumption 0.346 A 0.634 A4/2.755 A5 1.496 A 1.496 A / 6A @ -48 VDC6 1.79A/7.32A
    Acoustic noise level 0dB (fanless) 37 dBA4/40 dBA5 45.5 dBA 45.5 dBA < 50dBA @ room temperature 27C
    Airflow/cooling Fanless Front to back Front to back Front to back Front to back
    Environmental, Compliance, and Safety Certification
    Operational temperature -4° to 140° F (-20° to 60° C)7 32° to 104° F (0° to 40° C) 32° to 104° F (0° to 40° C) 32° to 104° F (0° to 40° C) -22° to 131° F (-30° to 55° C) for SRX345-DC 32° to 104° F (0° to 40° C) with MPIMs32° to 122° F (0° to 50° C) without MPIMs
    Nonoperational temperature -4° to 158° F (-20° to 70° C) -4° to 158° F (-20° to 70° C) -4° to 158° F (-20° to 70° C) -4° to 158° F (-20° to 70° C) -22° to 158° F (-30° to 70° C) for SRX345-DC -4° to 158° F (-20° to 70° C)
    Operating humidity 10% to 90% noncondensing 10% to 90% noncondensing 10% to 90% noncondensing 10% to 90% noncondensing 10% to 90% noncondensing
    Nonoperating humidity 5% to 95% noncondensing 5% to 95% noncondensing 5% to 95% noncondensing 5% to 95% noncondensing 5% to 95% noncondensing
    Meantime between failures (MTBF) 44.5 years 32.5 years4/ 26 years5 27 years 27.4 years 28.1 years
    FCC classification Class A Class A Class A Class A Class A
    RoHS compliance RoHS 2 RoHS 2 RoHS 2 RoHS 2 RoHS 2
    FIPS 140-2 Level 2 (Junos 15.1X49-D60) Level 1 (Junos 15.1X49-D60) Level 2 (Junos 15.1X49-D60) Level 2 (Junos 15.1X49-D60) N/A
    Common Criteria certification NDPP, VPNEP, FWEP, IPSEP (based on Junos 15.1X49-D60) NDPP, VPNEP, FWEP, IPSEP (based on Junos 15.1X49-D60) NDPP, VPNEP, FWEP, IPSEP (based on Junos 15.1X49-D60) NDPP, VPNEP, FWEP, IPSEP (based on Junos 15.1X49-D60) N/A
     

    Performance and Scale

    8Throughput numbers based on UDP packets and RFC2544 test methodology.
    9Throughput numbers based on HTTP traffic with 44 KB transaction size.
    10Route scaling numbers are with enhanced route-scale features turned on.
    11Next-Generation firewall performance is measured with Firewall, Application Security and IPS enabled using 64KB transactions
    12Secure Web Access firewall performance is measured with Firewall, Application Security, IPS, SecIntel, and URL Filtering enabled using 64KB transactions
    Parameter SRX300 SRX320 SRX340 SRX345 SRX380
    Routing with packet mode (64 B packet size) in Kpps8 300 300 550 750 1700
    Routing with packet mode (IMIX packet size) in Mbps8 800 800 1,600 2,300 5000
    Routing with packet mode (1,518 B packet size in Mbps8 1,500 1,500 3,000 5,500 10,000
    Stateful firewall (64 B packet size) in Kpps8 200 200 350 550 1700
    Stateful firewall (IMIX packet size) in Mbps8 600 600 1,100 1,500 6,500
    Stateful firewall (1,518 B packet size) in Mbps8 1,900 1,900 4,700 5,000 20,000
    IPsec VPN (IMIX packet size) in Mbps8 116 116 239 325 1400
    IPsec VPN (1,400 B packet size) in Mbps8 336 336 733 977 4,400
    Application visibility and control in Mbps9 500 500 1,000 1,700 6,000
    Recommended IPS in Mbps9 200 200 400 600 2,000
    Next-generation firewall in Mbps11 226 226 420 430 2,500
    Secure Web Access firewall in Mbps12 171 171 280 295 1,800
    Route table size (RIB/FIB) (IPv4 or IPv6) 256,000/256,000 256,000/256,000 1 million/600,00010 1 million/600,00010 1 million/600,00010
    Maximum concurrent sessions (IPv4 or IPv6) 64,000 64,000 256,000 375,000 380,000
    Maximum security policies 1,000 1,000 2,000 4,000 4,000
    Connections per second 5,000 5,000 10,000 15,000 50,000
    NAT rules 1,000 1,000 2,000 2,000 3,000
    MAC table size 15,000 15,000 15,000 15,000 16,000
    IPsec VPN tunnels 256 256 1,024 2,048 2,048
    Number of remote access/SSL VPN (concurrent) users 25 50 150 250 500
    GRE tunnels 256 256 512 1,024 2,048
    Maximum number of security zones 16 16 64 64 128
    Maximum number of virtual routers 32 32 64 128 128
    Maximum number of VLANs 1,000 1,000 2,000 3,000 3,000
    AppID sessions 16,000 16,000 64,000 64,000 64,000
    IPS sessions 16,000 16,000 64,000 64,000 64,000
    URLF sessions 16,000 16,000 64,000 64,000 64,000
     

    WAN and Wi-Fi Interface Support Matrix

    WAN and Wi-Fi Interface SRX300 SRX320 SRX340 SRX345 SRX380
    1 port T1/E1 MPIM (SRX-MP-1T1E1-R) No Yes Yes Yes Yes
    1 port VDSL2 Annex A/M MPIM (SRX-MP-1VDSL2-R) No Yes Yes Yes Yes
    4G / LTE MPIM (SRX-MP-LTE-AA and SRX-MP-LTE-AE) No Yes Yes Yes Yes
    802.11ac Wave 2 Wi-Fi MPIM No Yes Yes Yes Yes
     

    WAN and Wi-Fi Interface Module Performance Data

    Interface Module Description Performance
    4G/LTE Dual SIM 4G/LTE-A CAT 6 Up to 300 Mbps download and 50 Mbps upload
    Wi-Fi MPIM Dual band 802.11 a/b/g/n/ac Wave 2 (2x2 MIMO) Up to 866 Mbps at 5GHz / 300 Mbps at 2.4GHz
     

    Juniper Networks Services and Support

    Juniper Networks is the leader in performance-enabling services that are designed to accelerate, extend, and optimize your high-performance network. Our services allow you to maximize operational efficiency while reducing costs and minimizing risk, achieving a faster time to value for your network. Juniper Networks ensures operational excellence by optimizing the network to maintain required levels of performance, reliability, and availability. For more details, please visit https://www.juniper.net/us/en/products.html.  

    Ordering Information

    To order Juniper Networks SRX Series Firewalls, and to access software licensing information, please visit the How to Buy page at https://www.juniper.net/us/en/how-to-buy/form.html
    11 Based on concurrent users; two free licenses included
    SRXnnn-SYS-JB
    Hardware Included
    Management (CLI, JWEB, SNMP, Telnet, SSH) Included
    Ethernet switching (L2 Forwarding, IRB, LACP etc) Included
    L2 Transparent, Secure Wire Included
    Routing (RIP, OSPF, BGP, Virtual router) Included
    Multicast (IGMP, PIM, SSDP, DMVRP) Included
    Packet Mode Included
    Overlay (GRE, IP-IP) Included
    Network Services (J-Flow, DHCP, QOS, BFD) Included
    Stateful Firewall, Screens, ALGs Included
    NAT (static, SNAT, DNAT) Included
    IPSec VPN (Site-to-Site VPN, Auto VPN, Group VPN) Included
    Firewall policy enforcement (UAC, Aruba CPPM) Included
    Remote Access/SSL VPN (concurrent users)11 Optional
    Chassis Cluster, VRRP, ISSU/ICU Included
    Automation (Junos scripting, auto-installation) Included
    MPLS, LDP, RSVP, L3 VPN, pseudo-wires, VPLS Included
     

    Base System Model Numbers

    Product Number Description
    SRX300-SYS-JB SRX300 Firewalls includes hardware (8GbE, 4G RAM, 8G Flash, power adapter and cable) and Junos Software Base (firewall, NAT, IPSec, routing, MPLS and switching). RMK not included.
    SRX320-SYS-JB SRX320 Firewalls includes hardware (8GbE, 2x MPIM slots, 4G RAM, 8G Flash, power adapter and cable) and Junos Software Base (firewall, NAT, IPSec, routing, MPLS and switching). RMK not included.
    SRX320-SYS-JB-P SRX320 Firewalls includes hardware (8GbE, 6-port POE+, 2x MPIM slots, 4G RAM, 8G Flash, power adapter and cable) and Junos Software Base (firewall, NAT, IPSec, routing, MPLS and switching). RMK not included.
    SRX340-SYS-JB SRX340 Firewalls includes hardware (16GbE, 4x MPIM slots, 4G RAM, 8G Flash, power supply, cable and RMK) and Junos Software Base (firewall, NAT, IPSec, routing, MPLS and switching)
    SRX345-SYS-JB SRX345 Firewalls includes hardware (16GbE, 4x MPIM slots, 4G RAM, 8G Flash, power supply, cable and RMK) and Junos Software Base (firewall, NAT, IPSec, routing, MPLS and switching)
    SRX345-SYS-JB-2AC SRX345 Firewalls includes hardware (16GbE, 4x MPIM slots, 4G RAM, 8G Flash, dual AC power supply, cable and RMK) and Junos Software Base (firewall, NAT, IPSec, routing, MPLS and switching)
    SRX345-SYS-JB-DC SRX345 Firewalls includes hardware (16GbE, 4x MPIM slots, 4G RAM, 8G Flash, single DC power supply, cable and RMK) and Junos Software Base (firewall, NAT, IPSec, routing, MPLS and switching)
    SRX380-P-SYS-JB-AC SRX380 Firewalls includes hardware (16GbE PoE+, 4x10GbE, 4x MPIM slots, 4GB RAM, 100GB SSD, single AC power supply, cable and RMK) and Junos Software Base (firewall, NAT, IPSec, routing, MPLS and switching)
     

    Software Licenses

    12The S-SRXnnn-P2-1/3/5 year SKUs are only available for the SRX340, SRX345, and SRX380 models.
    Product Number Description
    S-SRXnnn-A1-1 SRXnnn Advanced 1 - JSE/SD-WAN, includes SD-WAN features App+ (AppID, AppFW, AppQoS, AppRoute, AppQoE, AppTrack) and IPS; 1-year subscription (example: S-SRX380-A1-1)
    S-SRXnnn-A1-3 SRXnnn Advanced 1 - JSE/SD-WAN, includes SD-WAN features App+ (AppID, AppFW, AppQoS, AppRoute, AppQoE, AppTrack) and IPS; 3-year subscription (example: S-SRX380-A1-3)
    S-SRXnnn-A1-5 SRXnnn Advanced 1 - JSE/SD-WAN, includes SD-WAN features App+ (AppID, AppFW, AppQoS, AppRoute, AppQoE, AppTrack) and IPS; 5-year subscription (example: S-SRX380-A1-5]
    S-SRXnnn-P1-1 SRXnnn Premium 1, includes App+ (AppID, AppFW, AppQoS, AppRoute, AppQoE, AppTrack), IPS and Juniper ATP; 1-year subscription (example: S-SRX380-P1-1)
    S-SRXnnn-P1-3 SRXnnn Premium 1, includes App+ (AppID, AppFW, AppQoS, AppRoute, AppQoE, AppTrack), IPS and Juniper ATP; 3-year subscription (example: S-SRX380-P1-3)
    S-SRXnnn-P1-5 SRXnnn Premium 1, includes App+ (AppID, AppFW, AppQoS, AppRoute, AppQoE, AppTrack), IPS and Juniper ATP; 5-year subscription (example: S-SRX380-P1-5)
    S-SRXnnn-A2-1 SRXnnn Advanced 2, includes App+ (AppID, AppFW, AppQoS, AppRoute, AppQoE, AppTrack), IPS and Content Security (UTM, Cloud AV, URLF and AS); 1-year subscription (example: S-SRX380-A2-1)
    S-SRXnnn-A2-3 SRXnnn Advanced 2, includes App+ (AppID, AppFW, AppQoS, AppRoute, AppQoE, AppTrack), IPS and Content Security (UTM, Cloud AV, URLF and AS); 3-year subscription (example: S-SRX380-A2-3)
    S-SRXnnn-A2-5 SRXnnn Advanced 2, includes App+ (AppID, AppFW, AppQoS, AppRoute, AppQoE, AppTrack), IPS and Content Security (UTM, Cloud AV, URLF and AS); 5-year subscription (example: S-SRX380-A2-5)
    S-SRXnnn-P2-112 SRXnnn Premium 2, includes App+ (AppID, AppFW, AppQoS, AppRoute, AppQoE, AppTrack), IPS, Content Security (UTM, Cloud AV, URLF and AS) and Juniper Sky ATP; 1-year subscription (example: S-SRX380-P2-1)
    S-SRXnnn-P2-312 SRXnnn Premium 2, includes App+ (AppID, AppFW, AppQoS, AppRoute, AppQoE, AppTrack), IPS, Content Security (UTM, Cloud AV, URLF and AS) and Juniper Sky ATP; 3-year subscription (example: S-SRX380-P2-3)
    S-SRXnnn-P2-512 SRXnnn Premium 2, includes App+ (AppID, AppFW, AppQoS, AppRoute, AppQoE, AppTrack), IPS, Content Security (UTM, Cloud AV, URLF and AS) and Juniper Sky ATP; 5-year subscription (example: S-SRX380-P2-5)
     

    Remote Access/Juniper Secure Connect VPN Licenses

    Product Number Description
    S-RA3-SRX300-S-1 SW, Remote Access VPN - Juniper, 25 Concurrent Users, Standard, with SW support, 1 Year
    S-RA3-SRX320-S-1 SW, Remote Access VPN - Juniper, 50 Concurrent Users, Standard, with SW support, 1 Year
    S-RA3-SRX340-S-1 SW, Remote Access VPN - Juniper, 150 Concurrent Users, Standard, with SW support, 1 Year
    S-RA3-SRX345-S-1 SW, Remote Access VPN - Juniper, 250 Concurrent Users, Standard, with SW support, 1 Year
    S-RA3-SRX380-S-1 SW, Remote Access VPN - Juniper, 500 Concurrent Users, Standard, with SW support, 1 Year
     S-RA3-5CCU-S-1 SW, Remote Access VPN - Juniper, 5 Concurrent Users, Standard, with SW support, 1 Year
     S-RA3-25CCU-S-1 SW, Remote Access VPN - Juniper, 25 Concurrent Users, Standard, with SW support, 1 Year
     S-RA3-50CCU-S-1 SW, Remote Access VPN - Juniper, 50 Concurrent Users, Standard, with SW support, 1 Year
     S-RA3-100CCU-S-1 SW, Remote Access VPN - Juniper, 100 Concurrent Users, Standard, with SW support, 1 Year
     S-RA3-250CCU-S-1 SW, Remote Access VPN - Juniper, 250 Concurrent Users, Standard, with SW support, 1 Year
     S-RA3-500CCU-S-1 SW, Remote Access VPN - Juniper, 500 Concurrent Users, Standard, with SW support, 1 Year
     S-RA3-SRX300-S-3 SW, Remote Access VPN - Juniper, 25 Concurrent Users, Standard, with SW support, 3 Year
     S-RA3-SRX320-S-3 SW, Remote Access VPN - Juniper, 50 Concurrent Users, Standard, with SW support, 3 Year
     S-RA3-SRX340-S-3 SW, Remote Access VPN - Juniper, 150 Concurrent Users, Standard, with SW support, 3 Year
     S-RA3-SRX345-S-3 SW, Remote Access VPN - Juniper, 250 Concurrent Users, Standard, with SW support, 3 Year
     S-RA3-SRX380-S-3 SW, Remote Access VPN - Juniper, 500 Concurrent Users, Standard, with SW support, 3 Year
     S-RA3-5CCU-S-3 SW, Remote Access VPN - Juniper, 5 Concurrent Users, Standard, with SW support, 3 Year
     S-RA3-25CCU-S-3 SW, Remote Access VPN - Juniper, 25 Concurrent Users, Standard, with SW support, 3 Year
     S-RA3-50CCU-S-3 SW, Remote Access VPN - Juniper, 50 Concurrent Users, Standard, with SW support, 3 Year
     S-RA3-100CCU-S-3 SW, Remote Access VPN - Juniper, 100 Concurrent Users, Standard, with SW support, 3 Year
     S-RA3-250CCU-S-3 SW, Remote Access VPN - Juniper, 250 Concurrent Users, Standard, with SW support, 3 Year
     S-RA3-500CCU-S-3 SW, Remote Access VPN - Juniper, 500 Concurrent Users, Standard, with SW support, 3 Year
     

    Interface Modules

    Product Number Description
    SRX-MP-1T1E1-R 1 port T1E1, MPIM form factor supported on SRX320, SRX340, SRX345, SRX380, and SRX550M. ROHS complaint
    SRX-MP-1VDSL2-R 1 port VDSL2 (backward compatible with ADSL / ADSL2+), MPIM form factor supported on SRX320, SRX340, SRX345, SRX380, and SRX550M. ROHS complaint
    SRX-MP-LTE-AA 4G / LTE MPIM support 1, 3, 5, 7-8, 18-19, 21, 28, 38-41 LTE bands (for Asia and Australia). Supported on SRX320, SRX340, SRX345, SRX380, and SRX550M
    SRX-MP-LTE-AE 4G / LTE MPIM support 1-5, 7-8, 12-13, 30, 25-26, 29-30, 41 LTE bands (for Americas and EMEA). Supported on SRX320, SRX340, SRX345, SRX380, and SRX550M
    SRX-MP-WLAN-US Wireless access point (Wi-Fi) MPIM for SRX320, SRX34x, SRX380, and SRX550M. Supported for U.S. regulatory bands only.
    SRX-MP-WLAN-WW Wireless access point (Wi-Fi) MPIM for SRX320, SRX34x, SRX380, and SRX550M. Supported for worldwide regulatory bands (excluding U.S. and Israel).
    SRX-MP-WLAN-IL Wireless access point (Wi-Fi) MPIM for SRX320, SRX34x, SRX380, and SRX550M. Supported for Israel regulatory bands only.
    SRX-MP-ANT-EXT Antenna extension cable for WLAN MPIM on SRX Series platforms
     

    Accessories

    Product Number Description
    SRX300-RMK0 SRX300 rack mount kit with adaptor tray
    SRX300-RMK1 SRX300 rack mount kit without adaptor tray
    SRX300-WALL-KIT0 SRX300 wall mount kit with brackets
    SRX320-P-RMK0 SRX320-POE rack mount kit with adaptor tray
    SRX320-P-RMK1 SRX300-POE rack mount kit without adaptor tray
    SRX320-RMK0 SRX320 rack mount kit with adaptor tray
    SRX320-RMK1 SRX320 rack mount kit without adaptor tray
    SRX320-WALL-KIT0 SRX320 wall mount kit with brackets
    SRX34X-RMK SRX340 and SRX345 rack mount kit
    EX-4PST-RMK SRX380 rack mount kit
    JSU-SSD-MLC-100 Juniper Storage Unit, SSD, MLC, 100GB
    JPSU-600-AC-AFO SRX380 600W AC PSU, front-to-back
    Add to cart Details

  • Juniper SRX345 Firewall

    ASK FOR PRICE
    SRX345 Datasheet
    Add to cart Details

  • Juniper SRX380 Firewall

    ASK FOR PRICE

    SRX380 Overview:

    The SRX300 line of services gateways combines security, routing, switching, and WAN interfaces with next-generation firewall and advanced threat mitigation capabilities for costeffective, secure connectivity across distributed enterprise locations. By consolidating fast, highly available switching, routing, security, and next-generation firewall capabilities in a single device, enterprises can remove network complexity, protect and prioritize their resources, and improve user and application experience while lowering total cost of ownership (TCO).

    Product Description

    Juniper Networks SRX300 line of services gateways delivers a next-generation networking and security solution that supports the changing needs of cloud-enabled enterprise networks. Whether rolling out new services and applications across locations, connecting to the cloud, or trying to achieve operational efficiency, the SRX300 line helps organizations realize their business objectives while providing scalable, easy to manage, secure connectivity and advanced threat mitigation capabilities. Next-generation firewall and unified threat management (UTM) capabilities also make it easier to detect and proactively mitigate threats to improve the user and application experience. The SRX300 line consists of four models:
    • SRX300: Securing small branch or retail offices, the SRX300 Services Gateway consolidates security, routing, switching, and WAN connectivity in a small desktop device. The SRX300 supports up to 1 Gbps firewall and 300 Mbps IPsec VPN in a single, consolidated, cost-effective networking and security platform.
    • SRX320: Securely connecting small distributed enterprise branch offices, the SRX320 Services Gateway consolidates security, routing, switching, and WAN connectivity in a small desktop device. The SRX320 supports up to 1 Gbps firewall and 300 Mbps IPsec VPN in a single, consolidated, cost-effective networking and security platform.
    • SRX340: Securely connecting midsize distributed enterprise branch offices, the SRX340 Services Gateway consolidates security, routing, switching, and WAN connectivity in a 1 U form factor. The SRX340 supports up to 3 Gbps firewall and 600 Mbps IPsec VPN in a single, consolidated, cost-effective networking and security platform.
    • SRX345: Best suited for midsize to large distributed enterprise branch offices, the SRX345 Services Gateway consolidates security, routing, switching, and WAN connectivity in a 1 U form factor. The SRX345 supports up to 5 Gbps firewall and 800 Mbps IPsec VPN in a single, consolidated, cost-effective networking and security platform.
    • SRX380: A high-performance and secure SD-WAN gateway, the SRX380 offers superior and reliable WAN connectivity while consolidating security, routing, and switching for distributed enterprise offices. The SRX380 features greater port density than other SRX300 models, with 16x1GbE PoE+ and 4x10GbE ports, and includes redundant dual power supplies, all in a 1 U form factor.

    Highlights

    The SRX300 line of services gateways consists of secure SD-WAN routers that bring high performance and proven deployment capabilities to enterprises that need to build a worldwide network of thousands of remote sites. WAN or Internet connectivity and Wi-Fi module options include:
    • Ethernet, T1/E1, ADSL2/2+, and VDSL
    • 3G/4G LTE wireless
    • 802.11ac Wave 2 Wi-Fi

    Mist AI

    WAN Assurance Mist WAN Assurance is a cloud service that brings AI-powered automation and service levels to Juniper SRX Series Services Gateways, complementing the Juniper Secure SD-WAN solution. Mist WAN Assurance transforms IT operations from reactive troubleshooting to proactive remediation, turning insights into actions and delivering operational simplicity with seamless integration into existing deployments.
    • SRX Series firewalls, deployed as secure SD-WAN edge devices, deliver the rich Junos streaming telemetry that provides the insights needed for WAN health metrics and anomaly detection. This data is leveraged within the Mist Cloud and AI engine, driving simpler operations, reducing mean time to repair (MTTR) and providing greater visibility into end-user experiences.
    • Insights derived from SRX Series SD-WAN gateway telemetry data allows WAN Assurance to compute unique “User Minutes” that indicate whether users are having a good experience.
    • The Marvis assistant for WAN allows you to ask direct questions like “Why is my Zoom call bad?” and provides complete insights, correlation, and actions.
    • Marvis Actions identifies and summarizes issues such as application latency conditions, congested WAN circuits, or negotiation mismatches.
    Simplifying Branch Deployments (Secure Connectivity/SD-WAN) The SRX300 line delivers fully automated SD-WAN to both enterprises and service providers.
    • A Zero-Touch Provisioning (ZTP) feature simplifies branch network connectivity for initial deployment and ongoing management.
    • SRX300 firewalls offer best-in-class secure connectivity.
    • The SRX300 firewalls efficiently utilize multiple links and load balance traffic across the enterprise WAN, blending traditional MPLS with other connectivity options such as broadband internet, leased lines, 4G/LTE, and more.
    • Policy- and application-based forwarding capabilities enforce business rules created by the enterprise to steer application traffic towards a preferred path.

    Comprehensive Security Suite

    The SRX300 line offers a comprehensive suite of application security services, threat defenses, and intelligence services. The services consist of intrusion prevention system (IPS), application security user role-based firewall controls and cloud-based antivirus, anti-spam, and enhanced Web filtering, protecting networks from the latest content-borne threats. Integrated threat intelligence via Juniper Networks SecIntel offers adaptive threat protection against Command and Control (C&C)-related botnets and policy enforcement based on GeoIP. Customers can also leverage their own custom and third-party feeds for protection from advanced malware and other threats. Integrating the Juniper Networks Advanced Threat Protection solution, the SRX300 line detects and enforces automated protection against known malware and zero-day threats with a very high degree of accuracy.

    Industry-Certified Junos Operating System

    SRX300 Services Gateways run the Junos operating system, a proven, carrier-hardened OS that powers the top 100 service provider networks in the world. The rigorously tested, carrier-class, rich routing features such as IPv4/IPv6, OSPF, BGP, and multicast have been proven over 15 years of worldwide deployments. The SRX300 line also enables agile SecOps through automation capabilities that support Zero Touch Deployment, Python scripts for orchestration, and event scripting for operational management.

    Features & Benefits:

    Business Requirement Feature/Solution SRX300 Advantages
    High performance Up to 5 Gbps of routing and firewall performance
    • Best suited for small, medium and large branch office deployments
    • Addresses future needs for scale and feature capacity
    Business continuity Stateful high availability (HA), IP monitoring
    • Uses stateful HA to synchronize configuration and firewall sessions
    • Supports multiple WAN interface with dial-on-demand backup
    • Route/link failover based on real-time link performance
    SD-WAN Better end-user application and cloud experience and lower operational costs
    • ZTP simplifies remote device provisioning
    • Advanced Policy-Based Routing (APBR) orchestrates business intent policies across the enterprise WAN
    • Application quality of experience (AppQoE) measures application SLAs and improves end-user experience
    • Controls and prioritizes traffic based on application and user role
    End-user experience WAN assurance
    • Complements the Juniper Secure SD-WAN solution with AI-powered automation and service levels
    • Provides visibility and insights into users, applications, WAN links, control and data plane, and CPU for proactive remediation
    Highly secure IPsec VPN, Remote Access/SSL VPN, Media Access Control Security (MACsec)
    • Creates secure, reliable, and fast overlay link over public internet
    • Employs anti-counterfeit features to protect from unauthorized hardware spares
    • Includes high-performance CPU with built-in hardware to assist IPsec acceleration
    • Provides TPM-based protection of device secrets such as passwords and certificates
    • Offers secure and flexible remote access SSL VPN with Juniper Secure Connect
    Threat protection IPS, antivirus, anti-spam, enhanced web filtering, Juniper Advanced Threat Prevention Cloud, Encrypted Traffic Insights, and Threat Intelligence Feeds
    • Provides real-time updates to IPS signatures and protects against exploits
    • Protects from zero-day attacks
    • Implements industry-leading antivirus and URL filtering
    • Integrates open threat intelligence platform with third-party feeds
    • Restores visibility that was lost due to encryption without the heavy burden of full TLS/SSL decryption
    Application visibility On-box GUI, Security Director
    • Detects 3500+ Layer 3-7 applications, including Web 2.0
    • Inspects and detects applications inside the SSL encrypted traffic
    Easy to manage and scale On-box GUI, Security Director
    • Includes centralized management for auto-provisioning, firewall policy management, Network Address Translation (NAT), and IPsec VPN deployments, or simple, easy-to-use on-box GUI for local management
    Minimize TCO Junos OS
    • Integrates routing, switching, and security in a single device
    • Reduces operation expense with Junos automation capabilities

    Technical Specifications:

    Model: SRX300 SRX320 SRX340 SRX345 SRX380
    Connectivity
    Total onboard ports 8x1GbE 8x1GbE 16x1GbE 16x1GbE 20 (16x1GbE, 4x10GbE)
    Onboard RJ-45 ports 6x1GbE 6x1GbE 8x1GbE 8x1GbE 16x1GbE
    Onboard small form-factor pluggable (SFP) transceiver ports 2x1GbE 2x1GbE 8x1GbE 8x1GbE 4x10GbE SFP+
    MACsec-capable ports 2x1GbE 2x1GbE 16x1GbE 16x1GbE 16x1GbE 4x10GbE
    Out-of-Band (OOB) management ports 0 0 1x1GbE 1x1GbE 1x1GbE
    Mini PIM (WAN) slots 0 2 4 4 4
    Console (RJ-45 + miniUSB) 1 1 1 1 1
    USB 3.0 ports (type A) 1 1 1 1 1
    Optional PoE+ ports N/A 61 0 0 16
    Memory and Storage
    System memory (RAM) 4 GB 4 GB 4 GB 4 GB 4GB
    Storage (flash) 8 GB 8 GB 8 GB 8 GB 100GB SSD
    SSD slots 0 0 1 1 1
    Dimensions and Power SRX300 SRX320 SRX340 SRX345 SRX380
    Form factor Desktop Desktop 1U 1U 1U
    Size (WxHxD) 12.63 x 1.37 x 7.52 in. (32.08 x 3.47 x 19.10 cm) 11.81 x 1.73 x 7.52 in. (29.99 x 4.39 x 19.10 cm) 17.36 x 1.72 x 14.57 in. (44.09 x 4.36 x 37.01 cm) 17.36 x 1.72 x 14.57 in. (44.09 x 4.36 x 37.01 cm) / 17.36 x 1.72 x 18.7 in. (44.09 x 4.36 x 47.5 cm)2 17.36 x 1.72 x 18.7 in. (44.09 x 4.37 x 47.5 cm) / 17.36 x 1.72 x 20.47 in. (44.09 x 4.37 x 52 cm)
    Weight (device and PSU) 4.38 lb (1.98 kg) 3.28 lb (1.51 kg)3 / 3.4 lb (1.55 kb)4 10.80 lb (4.90 kg) 10.80 lb (4.90 kg) / 11.02 lb (5 kg)5 15 lb (6.8 kg) with 1xPSU / 16.76 lb (7.6 kg) with 2xPSU
    Redundant PSU No No No Yes Yes
    Power supply AC (external) AC (external) AC (external) AC (internal) / DC (internal)5 1+1 hot-swappable AC PSU
    DC Input N/A N/A N/A -40.8 VDC to -72 VDC5 N/A
    Maximum PoE power N/A 180 W4 N/A N/A 480W
    Average power consumption 15.4 W 27 W3 / 112 W4 122 W 122 W 150 W (without PoE) 510 W (with PoE)
    Average heat dissipation 85 BTU/h 157 BTU/h3 / 755 BTU/h4 420 BTU/h 420 BTU/h 511.5 BTU/hr (without PoE)
    Maximum current consumption 0.346 A 0.634 A3 / 2.755 A4 1.496 A 1.496 A / 6A @ -48 VDC5 1.79A/7.32A
    Acoustic noise level 0dB (fanless) 37 dBA3 / 40 dBA4 45.5 dBA 45.5 dBA < 50dBA @ room temperature 27C
    Airflow/cooling Fanless Front to back Front to back Front to back Front to back
    Environmental, Compliance, and Safety Certification SRX300 SRX320 SRX340 SRX345 SRX380
    Operating temperature 32° to 104° F (0° to 40° C) 32° to 104° F (0° to 40° C) -22° to 131° F (-30° to 55° C) for SRX345-DC 32° to 104° F (0° to 40° C) with MPIMs 32° to 122° F (0° to 50° C) without MPIMs
    Nonoperating temperature 4° to 158° F (-20° to 70° C) -4° to 158° F (-20° to 70° C) -22° to 158° F (-30° to 70° C) for SRX345-DC -4° to 158° F (-20° to 70° C)
    Operating humidity 10% to 90% noncondensing
    Nonoperating humidity 5% to 95% noncondensing
    Meantime between failures (MTBF) 44.5 years 32.5 years3 / 26 years4 27 years 27.4 years 28.1 years
    FCC classification Class A Class A Class A Class A Class A
    RoHS compliance RoHS 2 RoHS 2 RoHS 2 RoHS 2 RoHS 2
    FIPS 140-2 Level 2 (Junos 15.1X49-D60) Level 1 (Junos 15.1X49-D60) Level 2 (Junos 15.1X49-D60) Level 2 (Junos 15.1X49-D60) N/A
    Common Criteria certification NDPP, VPNEP, FWEP, IPSEP (based on Junos 15.1X49-D60) N/A
    Performance and Scale SRX300 SRX320 SRX340 SRX345 SRX380
    Routing with packet mode (64 B packet size) in Kpps7 300 300 550 750 1,700
    Routing with packet mode (IMIX packet size) in Mbps7 800 800 1,600 2,300 5,000
    Routing with packet mode (1,518 B packet size in Mbps7 1,500 1,500 3,000 5,500 10,000
    Stateful firewall (64 B packet size) in Kpps7 200 200 350 550 1,700
    Stateful firewall (IMIX packet size) in Mbps7 500 500 1,100 1,700 4,000
    Stateful firewall (1,518 B packet size) in Mbps7 1,000 1,000 3,000 5,000 10,000
    IPsec VPN (IMIX packet size) in Mbps7 100 100 200 300 1,000
    IPsec VPN (1,400 B packet size) in Mbps7 300 300 600 800 3,500
    Application visibility and control in Mbps8 500 500 1,000 1,700 6,000
    Recommended IPS in Mbps8 200 200 400 600 2,000
    Next-generation firewall in Mbps8 100 100 200 300 1,000
    Route table size (RIB/FIB) (IPv4 or IPv6) 256,000/256,000 256,000/256,000 1 million/600,0009 1 million/600,0009 1 million/600,0009
    Maximum concurrent sessions (IPv4 or IPv6) 64,000 64,000 256,000 375,000 380,000
    Maximum security policies 1,000 1,000 2,000 4,000 4,000
    Connections per second 5,000 5,000 10,000 15,000 50,000
    NAT rules 1,000 1,000 2,000 2,000 3,000
    MAC table size 15,000 15,000 15,000 15,000 16,000
    IPsec VPN tunnels 256 256 1,024 2,048 2,048
    Number of remote access uses 25 50 150 250 500
    GRE tunnels 256 256 512 1,024 2,048
    Maximum number of security zones 16 16 64 64 128
    Maximum number of virtual routers 32 32 64 128 128
    Maximum number of VLANs 1,000 1,000 2,000 3,000 3,000
    AppID sessions 16,000 16,000 64,000 64,000 64,000
    IPS sessions 16,000 16,000 64,000 64,000 64,000
    URLF sessions 16,000 16,000 64,000 64,000 64,000
    WAN Interface SRX300 SRX320 SRX340 SRX345 SRX380
    1 port T1/E1 MPIM (SRX-MP-1T1E1-R) No Yes Yes Yes Yes
    1 port VDSL2 Annex A/M MPIM (SRX-MP-1VDSL2-R) No Yes Yes Yes Yes
    1 port serial MPIM (SRX-MP-1SERIAL-R) No Yes Yes Yes Yes
    4G / LTE MPIM (SRX-MP-LTE-AA & SRX-MP-LTE-AE) No Yes Yes Yes Yes

    Additional Specification Features:

    Routing Protocols
    • IPv4, IPv6, ISO, Connectionless Network Service (CLNS)
    • Static routes
    • RIP v1/v2
    • OSPF/OSPF v3
    • BGP with Route Reflector
    • IS-IS
    • Multicast: Internet Group Management Protocol (IGMP) v1/v2, Protocol Independent Multicast (PIM) sparse mode (SM)/dense mode (DM)/source-specific multicast (SSM), Session Description Protocol (SDP), Distance Vector Multicast Routing Protocol (DVMRP), Multicast Source Discovery Protocol (MSDP), Reverse Path Forwarding (RPF)
    • Encapsulation: VLAN, Point-to-Point Protocol (PPP), Frame Relay, High-Level Data Link Control (HDLC), serial, Multilink Point-to-Point Protocol (MLPPP), Multilink Frame Relay (MLFR), and Point-to-Point Protocol over Ethernet (PPPoE)
    • Virtual routers
    • Policy-based routing, source-based routing
    • Equal-cost multipath (ECMP)
    QoS Features
    • Support for 802.1p, DiffServ code point (DSCP), EXP
    • Classification based on VLAN, data-link connection identifier (DLCI), interface, bundles, or multifield filters
    • Marking, policing, and shaping
    • Classification and scheduling
    • Weighted random early detection (WRED)
    • Guaranteed and maximum bandwidth
    • Ingress traffic policing
    • Virtual channels
    • Hierarchical shaping and policing
    Switching Features
    • ASIC-based Layer 2 Forwarding
    • MAC address learning
    • VLAN addressing and integrated routing and bridging (IRB) support
    • Link aggregation and LACP
    • LLDP and LLDP-MED
    • STP, RSTP, MSTP
    • MVRP
    • 802.1X authentication
    Firewall Services
    • Stateful and stateless firewall
    • Zone-based firewall
    • Screens and distributed denial of service (DDoS) protection
    • Protection from protocol and traffic anomaly
    • Integration with Pulse Unified Access Control (UAC)
    • Integration with Aruba Clear Pass Policy Manager
    • User role-based firewall
    • SSL Inspection (Forward-proxy)
    Network Address Translation (NAT)
    • Source NAT with Port Address Translation (PAT)
    • Bidirectional 1:1 static NAT
    • Destination NAT with PAT
    • Persistent NAT
    • IPv6 address translation
    VPN Features
    • Tunnels: Generic routing encapsulation (GRE)3, IP-IP3, IPsec
    • Juniper Secure Connect: Remote access / SSL VPN
    • Configuration payload: Yes
    • IKE Encryption algorithms: Prime, DES-CBC, 3DES-CBC, AEC-CBC, AES-GCM, SuiteB
    • IKE authentication algorithms: MD5, SHA-1, SHA-128, SHA-256, SHA-384
    • Authentication: Pre-shared key and public key infrastructure (PKI) (X.509)
    • IPsec (Internet Protocol Security): Authentication Header (AH) / Encapsulating Security Payload (ESP) protocol
    • IPsec Authentication Algorithms: hmac-md5, hmac-sha-196, hmac-sha-256
    • IPsec Encryption Algorithms: Prime, DES-CBC, 3DES-CBC, AEC-CBC, AES-GCM, SuiteB
    • Perfect forward secrecy, anti-reply
    • Internet Key Exchange: IKEv1, IKEv2
    • Monitoring: Standard-based dead peer detection (DPD) support, VPN monitoring
    • VPNs GRE, IP-in-IP, and MPLS
    Network Services
    • Dynamic Host Configuration Protocol (DHCP) client/server/relay
    • Domain Name System (DNS) proxy, dynamic DNS (DDNS)
    • Juniper real-time performance monitoring (RPM) and IP-monitoring
    • Juniper flow monitoring (J-Flow)
    • Bidirectional Forwarding Detection (BFD)
    • Two-Way Active Measurement Protocol (TWAMP)
    • IEEE 802.3ah Link Fault Management (LFM)
    • IEEE 802.1ag Connectivity Fault Management (CFM)
    High Availability Features
    • Virtual Router Redundancy Protocol (VRRP)10
    • Stateful high availability
      • Dual box clustering
      • Active/passive
      • Active/active
      • Configuration synchronization
      • Firewall session synchronization
      • Device/link detection
      • In-Band Cluster Upgrade (ICU)
    • Dial on-demand backup interfaces
    • IP monitoring with route and interface failover
    Management, Automation, Logging, and Reporting
    • SSH, Telnet, SNMP
    • Smart image download
    • Juniper CLI and Web UI
    • Mist AI
      • Simplified management
      • WAN Assurance
    • Junos Space and Security Director
    • Python
    • Junos OS event, commit, and OP script
    • Application and bandwidth usage reporting
    • Auto installation
    • Debug and troubleshooting tools
    • Zero-Touch Provisioning with Contrail Service Orchestration
    Advanced Routing Services
    • Packet mode
    • MPLS (RSVP, LDP)
    • Circuit cross-connect (CCC), translational cross-connect (TCC)
    • L2/L3 MPLS VPN, pseudowires
    • Virtual private LAN service (VPLS), next-generation multicast VPN (NG-MVPN)
    • MPLS traffic engineering and MPLS fast reroute
    Application Security Services10
    • Application visibility and control
    • Application-based firewall
    • Application QoS
    • Application-based advanced policy-based routing
    • Application quality of experience (AppQoE)
    Enhanced SD-WAN Services
    • Application-based advanced policy-based routing (APBR)
    • Application-based link monitoring and switchover with Application quality of experience (AppQoE)
    Threat Defense and Intelligence Services10
    • Intrusion prevention
    • Antivirus
    • Antispam
    • Category/reputation-based URL filtering
    • Protection from botnets (command and control)
    • Adaptive enforcement based on GeoIP
    • Juniper Advanced Threat Prevention to detect and block zero-day attacks
    • Adaptive Threat Profiling
    • Encrypted Traffic Insights
    • SecIntel to provide threat intelligence

    1 SRX320 with PoE+ ports available as a separate SKU: SRX320-POE. 2 3SRX345 with dual AC PSU model. 3 4SRX320 non PoE model. 4 5SRX320-POE with 6 ports PoE+ model. 5 6SRX345 with DC power supply (operating temperature as per GR-63 Issue 4 2012 test criteria). 6 7As per GR63 Issue 4 (2012) test criteria. 7 Throughput numbers based on UDP packets and RFC2544 test methodology. 8 9Throughput numbers based on HTTP traffic with 44 KB transaction size. 9 10Route scaling numbers are with enhanced route-scale features turned on. 10 Offered as advanced security services subscription licenses.

    Views:

    Top Front View Top Front View
    Front View Front View
    Rear View Rear View
    Left Angle View Left Angle View
    Right Angle View Right Angle View
    Add to cart Details

  • Juniper SRX4100 Firewall

    ASK FOR PRICE
    SRX345 Datasheet
    Add to cart Details

  • Juniper SRX4200 Firewall

    ASK FOR PRICE

    Product Overview

    The SRX4100 and SRX4200 Firewalls offer outstanding protection, performance, scalability, availability, and integrated security services. Designed for high-performance security services architectures and seamless integration of networking and security in a single platform, the SRX4100 and SRX4200 are best suited for enterprise data centers, campuses, and regional headquarters, with a focus on application visibility and control, intrusion prevention, advanced threat protection, authentication, confidentiality of information, and integrated cloud-based security. Both devices are powered by Junos OS, the industry-leading operating system that keeps the world’s largest mission-critical enterprise networks secure.  
    SRX4200 front top image

    Product Description

    The Juniper Networks® SRX4100 and SRX4200 Firewalls are high-performance, next-generation firewalls and hardware-accelerated security services gateways that protect mission-critical data center networks, enterprise campuses, and regional headquarters. The SRX4100 and SRX4200 provide best-in-class security and advanced threat mitigation capabilities and integrate carrier-class routing. The SRX4100 and SRX4200 deliver fully automated SD-WAN to both enterprises and service providers. Their high performance and scale allow the SRX4100 and SRX4200 to act as VPN hubs, terminating VPN/secure overlay connections in various SD-WAN topologies. The SRX4100 and SRX4200 deliver a next-generation security solution that supports the changing needs of cloud-enabled enterprise networks, helping organizations realize their business objectives whether rolling out new services in an enterprise data center or campus, or connecting to the cloud. The SRX4100 and SRX4200 comply with industry standards, delivering the scalability, ease of management, secure connectivity, and advanced threat mitigation capabilities businesses need. The SRX4100 and SRX4200 protect critical corporate assets such as next-generation firewalls, act as enforcement points for cloud-based security solutions, and provide application visibility and control to improve the user and application experience.  

    Architecture and Key Components

    The SRX4100 and SRX4200 hardware and software architecture provides cost-effective security performance in a small 1 U form factor. Purpose-built to protect up to 40 Gbps Internet Mix (IMIX) firewall throughput network environments, the SRX4100 and SRX4200 incorporate multiple security services and networking functions on top of the industry-leading Juniper Networks Junos® operating system. The SRX4100 supports up to 22 Gbps (IMIX) of firewall performance, 9 Gbps of next- generation firewall (application security, intrusion prevention, and logging), and 14.8 Gbps of IPsec VPN in data center, enterprise campus, and regional headquarter deployments with IMIX traffic patterns. The SRX4200 supports up to 44 Gbps of firewall performance, 18 Gbps of next-generation firewall, and up to 29.6 Gbps of IPsec VPN in data center, enterprise campus, and regional headquarter deployments with IMIX traffic patterns.
    Table 1. SRX4100 and SRX4200 Statistics¹
    1Performance, capacity and features listed are based on systems running Junos OS 21.4R1 and are measured under ideal testing conditions. Actual results may vary based on Junos OS releases and by deployments.
    2Next-Generation Datacenter Firewall performance is measured with Firewall, Application Security and IPS enabled using 64KB transactions
    3Secure Web Access Firewall performance is measured with Firewall, Application Security, IPS, SecIntel, and URL Filtering enabled using 64KB transactions
    SRX4100 SRX4200
    Firewall throughput 40 Gbps 80 Gbps
    Firewall throughput—IMIX 22 Gbps 44 Gbps
    Firewall throughput with application security 19.9 Gbps 39.8 Gbps
    IPsec VPN throughput-IMIX 14.8 Gbps 29.6 Gbps
    Intrusion prevention 13.9 Gbps 27.7 Gbps
    NGFW2 throughput 9 Gbps 18 Gbps
    Secure Web Access3 throughput 6.7 Gbps 13.3 Gbps
    Connections per second 250000 500000
    Maximum session 5 million 10 million
    The SRX4100 and SRX4200 recognize more than 4,275 applications and nested applications in plain-text or SSL-encrypted transactions. The firewalls also integrate with Microsoft Active Directory and combine user information with application data to provide network-wide application and user visibility and control.  

    Features and Benefits

    Table 2. SRX4100 and SRX4200 Features and Benefits
    Business Requirement Feature/Solution SRX4100/SRX4200 Advantages
    High performance Up to 80 Gbps of firewall throughput (up to 40 Gbps of IMIX firewall throughput)
    • Best suited for enterprise campus and data center edge deployments
    • Ideal for secure router deployments at the head office
    • Addresses future needs for scale and feature capacity
    High-quality end-user experience Application visibility and control
    • Detects 3,500+ L3-L7 applications, including Web 2.0
    • Controls and prioritizes traffic based on application and use role
    • Inspects and detects applications inside SSL-encrypted traffic
    Advanced threat protection  IPS, antivirus, antispam, enhanced web filtering, Juniper Advanced Threat Prevention Cloud, Encrypted Traffic Insights, Threat Intelligence Feeds, and Juniper ATP Appliance
    • Provides real-time updates to IPS signatures and protects against exploits
    • Implements industry-leading antivirus and URL filtering
    • Delivers open threat intelligence platform that integrates with third-party feeds
    • Protects against zero-day attacks
    • Restores visibility lost due to encryption, without the heavy burden of full TLS/SSL decryption
    Professional-grade networking services  Routing, secure wire
    • Supports carrier-class advanced routing and quality of service (QoS)
    Highly secure IPsec VPN, Remote Access/SSL VPN
    • Provides high-performance IPsec VPN with dedicated crypto engine
    • Offers diverse VPN options for various network designs, including remote access and dynamic site-to-site communications
    • Simplifies large VPN deployments with auto VPN
    • Includes hardware-based crypto acceleration
    • Secure and flexible remote access SSL VPN with Juniper Secure Connect
    Highly reliable Chassis cluster, redundant power supplies
    • Provides stateful configuration and session synchronization
    • Supports active/active and active/backup deployment scenarios
    • Offers highly available hardware with redundant power supply unit (PSU) and redundant fans
    • Delivers dedicated control and fabric link with seamless high availability
    Easy to manage and scale On-box GUI, Junos Space Security Director
    • Enables centralized management for auto-provisioning, firewall policy management, Network Address Translation (NAT), and IPsec VPN deployments
    • Includes simple, easy-to-use on-box GUI for local management
    Low TCO Junos OS
    • Integrates routing and security in a single device
    • Reduces OpEx with Junos OS automation capabilities
     
    SRX4100 and SRX4200 front top image

    SRX4100 and SRX4200 Firewalls Specifications

    Software Specifications

    Firewall Services

    • Stateful and stateless firewall
    • Zone-based firewall
    • Screens and distributed denial of service (DDoS) protection
    • Protection from protocol and traffic anomalies
    • Unified Access Control (UAC)

    Network Address Translation (NAT)

    • Source NAT with Port Address Translation (PAT)
    • Bidirectional 1:1 static NAT
    • Destination NAT with PAT
    • Persistent NAT
    • IPv6 address translation

    VPN Features

    • Tunnels: Site-to-site, hub and spoke, dynamic endpoint, AutoVPN, ADVPN, Group VPN (IPv4/ IPv6/Dual Stack)
    • Juniper Secure Connect: Remote access/SSL VPN
    • Configuration payload: Yes
    • IKE Encryption algorithms: Prime, DES-CBC, 3DES-CBC, AEC-CBC, AES-GCM, Suite B
    • IKE authentication algorithms: MD5, SHA-1, SHA-128, SHA-256, SHA-384
    • Authentication: Pre-shared key and public key infrastructure (PKI) (X.509)
    • IPsec (Internet Protocol Security): Authentication Header (AH) / Encapsulating Security Payload (ESP) protocol
    • IPsec Authentication Algorithms: hmac-md5, hmac-sha-196, hmac-sha-256
    • IPsec Encryption Algorithms: Prime, DES-CBC, 3DES-CBC, AEC-CBC, AES-GCM, Suite B
    • Perfect forward secrecy, anti-reply
    • Internet Key Exchange: IKEv1, IKEv2
    • Monitoring: Standard-based dead peer detection (DPD) support, VPN monitoring
    • VPNs GRE, IP-in-IP, and MPLS

    High Availability Features

    • Virtual Router Redundancy Protocol (VRRP) – IPv4 and IPv6
    • Stateful high availability:
      • Dual box clustering
      • Active/passive
      • Active/active
      • Configuration synchronization
      • Firewall session synchronization
      • Device/link detection
      • In-Service Software Upgrade (ISSU)
    • IP monitoring with route and interface failover

    Application Security Services3

    • Application visibility and control
    • Application-based firewall
    • Application QoS
    • Advanced/application policy-based routing (APBR)
    • Application Quality of Experience (AppQoE)
    • Application-based multipath routing
    • User-based firewall

    Threat Defense and Intelligence Services3

    • Intrusion prevention system
    • Antivirus
    • Antispam
    • Category/reputation-based URL filtering
    • SSL proxy/inspection
    • Protection from botnets (command and control)
    • Adaptive enforcement based on GeoIP
    • Juniper Advanced Threat Prevention, a cloud-based SaaS offering, to detect and block zero-day attacks
    • Adaptive Threat Profiling
    • Encrypted Traffic Insights
    • SecIntel to provide threat intelligence
    • Juniper ATP Appliance, a distributed, on-premises advanced threat prevention solution to detect and block zero-day attacks
    3Offered as advanced security subscription license.  

    Routing Protocols

    • IPv4, IPv6, static routes, RIP v1/v2
    • OSPF/OSPF v3
    • BGP with route reflector
    • IS-IS
    • Multicast: Internet Group Management Protocol (IGMP) v1/v2; Protocol Independent Multicast (PIM) sparse mode (SM)/source-specific multicast (SSM); Session Description Protocol (SDP); Distance Vector Multicast Routing Protocol (DVMRP); Multicast Source Discovery Protocol (MSDP); reverse path forwarding (RPF)
    • Encapsulation: VLAN, Point-to-Point Protocol over Ethernet (PPPoE)
    • Virtual routers
    • Policy-based routing, source-based routing
    • Equal-cost multipath (ECMP)

    QoS Features

    • Support for 802.1p, DiffServ code point (DSCP), EXP
    • Classification based on VLAN, data-link connection identifier (DLCI), interface, bundles, or multifield filters
    • Marking, policing, and shaping
    • Classification and scheduling
    • Weighted random early detection (WRED)
    • Guaranteed and maximum bandwidth
    • Ingress traffic policing
    • Virtual channels

    Network Services

    • Dynamic Host Configuration Protocol (DHCP) client/server/relay
    • Domain Name System (DNS) proxy, dynamic DNS (DDNS)
    • Juniper real-time performance monitoring (RPM) and IP monitoring
    • Juniper flow monitoring (J-Flow)

    Advanced Routing Services

    • Packet Mode
    • MPLS (RSVP, LDP)
    • Circuit cross-connect (CCC), translational cross-connect (TCC)
    • L2/L2 MPLS VPN, pseudo-wires
    • Virtual private LAN service (VPLS), next-generation multicast VPN (NG-MVPN)
    • MPLS traffic engineering and MPLS fast re-route

    Management, Automation, Logging, and Reporting

    • SSH, Telnet, SNMP
    • Smart image download
    • Juniper CLI and Web UI
    • Juniper Networks Junos Space Security Director
    • Python
    • Junos events, commit and OP scripts
    • Application and bandwidth usage reporting
    • Debug and troubleshooting tools

    Hardware Specifications

    Table 3. SRX4100 and SRX4200 Hardware Specifications
    4Throughput numbers based on UDP packets and RFC2544 test methodology
    5Performance, capacity and features listed are measured under ideal testing conditions. Actual results may vary based on Junos OS releases and by deployments.
    6Next-Generation Datacenter Firewall performance is measured with Firewall, Application Security and IPS enabled using 64KB transactions.
    7Secure Web Access Firewall performance is measured with Firewall, Application Security, IPS, SecIntel, and URL Filtering enabled using 64KB transactions
    Add to cart Details

  • Juniper SRX5400 Firewall

    ASK FOR PRICE

    Product Overview

    The SRX Series are next-generation firewalls based on a revolutionary architecture offering outstanding performance, scalability, availability, and security services integration. Custom designed for flexible processing scalability, I/O scalability, and services integration, the SRX Series Firewalls exceed the security requirements of data center consolidation and services aggregation. The award-winning SRX Series is powered by Junos OS, the same industry-leading operating system that keeps the world’s largest data center networks available, manageable, and secure.
    srx5400 front with top

    Product Description

    The Juniper Networks® SRX5400SRX5600, and SRX5800 are next-generation firewalls (NGFWs) that deliver outstanding protection, market-leading performance, six nines reliability and availability, scalability, and services integration. These devices are ideally suited for service provider, large enterprise, and public sector networks, including:
    • Cloud and hosting provider data centers
    • Mobile operator environments
    • Managed service providers
    • Core service provider infrastructures
    • Large enterprise data centers
    The SRX5400, SRX5600, and SRX5800 are an integral part of the Juniper Connected Security framework, which is built to protect users, applications, and infrastructure from advanced threats. Delivering the highest level of protection against exploits, malware, and command and control (C&C) communications, these platforms feature a carrier-grade next-generation firewall and advanced security services such as application security, Content Security, intrusion prevention system (IPS), and integrated threat intelligence services. For advanced protection, the SRX Series offers integrated threat intelligence services via Juniper Networks Advanced Threat Prevention (ATP), Juniper’s open threat intelligence platform in the cloud. Juniper ATP Cloud delivers actionable security intelligence to SRX Series devices to enable advanced protection against C&C-related botnets and Web application threats, as well as allowing policy enforcement based on GeoIP data—all based on Juniper-provided feeds. Customers may also leverage their own custom and third-party feeds for protection from advanced malware and other threats unique to their business environment. This advanced, customer-relevant, and consolidated threat intelligence service is delivered to the SRX Series on-premises from the cloud. The SRX5400, SRX5600, and SRX5800 are supported by Juniper Networks Security Director, which enables distributed security policy management through an intuitive, centralized interface that enables enforcement across emerging and traditional risk vectors. Using intuitive dashboards and reporting features, administrators gain insight into threats, compromised devices, risky applications, and more.
    Based on Juniper’s Dynamic Services Architecture, the SRX5000 line provides unrivaled scalability and performance. Each firewall can support near near linear scalability with the addition of Services Processing Cards (SPCs) and I/O cards (IOCs), enabling a fully equipped SRX5800 to support up to 3.36 Tbps firewall throughput. The SPCs are designed to support a wide range of services, enabling future support of new capabilities without the need for service-specific hardware. Using SPCs on all services ensures that there are no idle resources based on specific services being used—maximizing hardware utilization. The scalability and flexibility of the SRX5000 line is supported by equally robust interfaces. The SRX5000 line employs a modular approach, where each platform can be equipped with a flexible number of IOCs that offer a wide range of connectivity options, including 1GbE, 10GbE, 40GbE, and 100GbE interfaces. With the IOCs sharing the same interface slot as the SPCs, the firewall can be configured as needed to support the ideal balance of processing and I/O. Hence, each deployment of the SRX Series can be tailored to specific network requirements. The scalability of both SPCs and IOCs in the SRX5000 line is enabled by the custom-designed switch fabric. Supporting up to 960 Gbps of data transfer, the fabric enables the realization of maximum processing and I/O capability available in any particular configuration. This level of scalability and flexibility enables future expansion and growth of the network infrastructure, providing unrivaled investment protection. The tight service integration on the SRX Series is enabled by Juniper Networks Junos® operating system. The SRX Series is equipped with a robust set of services that include stateful firewall, intrusion prevention system (IPS), denial of service (DoS), application security, VPN (IPsec), Network Address Translation (NAT), Content Security, quality of service (QoS), and large-scale multitenancy. In addition to the benefit of individual services, the SRX5000 line provides a low latency solution. Junos OS also delivers carrier-class reliability with six nines system availability, the first in the industry to achieve independent verification by Telcordia. Furthermore, the SRX Series enjoys the benefit of a single source OS, and single integrated architecture traditionally available on Juniper’s carrier-class routers and switches.

    SRX5800

    The SRX5800 Firewall is the market-leading security solution supporting up to 3.36 Tbps firewall throughput and latency as low as 32 microseconds for the stateful firewall. The SRX5800 also supports 638 Gbps IPS and 338 million concurrent sessions. The SRX5800 is equipped with the full range of advanced security services and is ideally suited for securing large enterprise, hosted, or colocated data centers, service provider core and cloud provider infrastructures, and mobile operator environments. The massive performance, scalability, and flexibility of the SRX5800 make it ideal for densely consolidated processing environments, and the service density makes it ideal for cloud and managed service providers.

    SRX5600

    The SRX5600 Firewall uses the same SPCs and IOCs as the SRX5800 and can support up to 1.44 Tbps firewall throughput, 182 million concurrent sessions, and 245 Gbps IPS. The SRX5600 is ideally suited for securing enterprise data centers as well as aggregating various security solutions. The capability to support unique security policies per zone and its ability to scale with the growth of the network infrastructure make the SRX5600 an ideal deployment for consolidation of services in large enterprise, service provider, or mobile operator environments.

    SRX5400

    The SRX5600 Firewall uses the same SPCs and IOCs as the SRX5800 and can support up to 960 Gbps firewall throughput, 90 million concurrent sessions, and 172 Gbps IPS. The SRX5400 is a small footprint, high-performance firewall ideally suited for securing large enterprise campuses as well as data centers, either for edge or core security deployments. The ability to support unique security policies per zone and a compelling price/performance/footprint ratio make the SRX5400 an optimal solution for edge or data center services in large enterprise, service provider, or mobile operator environments.

    Service Processing Cards (SPCs)

    As the “brains” behind the SRX5000 line, SPCs are designed to process all available services on the platform. Without the need for dedicated hardware for specific services or capabilities, there are no instances in which a piece of hardware is taxed to the limit while other hardware is sitting idle. SPCs are designed to be pooled together, allowing the SRX5000 line to expand performance and capacities with the introduction of additional SPCs, significantly reducing management overhead and complexity. The high-performance SPC3 cards are supported on the SRX5400, SRX5600, and SRX5800 Firewalls.

    I/O Cards (IOCs)

    To provide the most flexible solution, the SRX5000 line employs the same modular architecture for SPCs and IOCs. The SRX5000 line can be equipped with one or several IOCs, supporting the ideal mix of interfaces. With the flexibility to install an IOC or an SPC on any available slot, the SRX5000 line can be equipped to support the perfect blend of interfaces and processing capabilities, meeting the needs of the most demanding environments while ensuring investment protection. The third generation of IOCs from Juniper, the IOC3, delivers high throughput along with superior connectivity options including 100GbE, 40GbE, and high-density 10GbE interfaces. The IOC3 cards are supported on the SRX5400, SRX5600, and SRX5800. The fourth generation of IOCs delivers the highest throughput of all available linecards of up to 480 Gbps and offers multiple connectivity options from 10GbE and 40GbE to 100GbE. IOC4 can deliver up to 480 Gbps of hardware-accelerated throughput per linecard.

    Routing Engine (RE3) and Enhanced System Control Board (SCB4)

    The SRX5K-RE3-128G Routing Engine (RE3) is the latest in the family of REs for the SRX5000 line with a multicore processor running at 2000 MHz. It delivers improved performance, scalability, and reliability with 128 GB DRAM and includes a TPM module. The SRX5K-SCB4 enables 480 Gbps throughput per SCB and can be configured with intra- and interchassis redundancy.

    Features and Benefits

    Networking and Security

    The Juniper Networks SRX5000 line of Firewalls has been designed from the ground up to offer robust networking and security services.
    Feature Feature Description Benefits
    Purpose-built platform Built from the ground up on dedicated hardware designed for networking and security services. Delivers unrivaled performance and flexibility to protect high-speed network environments.
    Scalable performance Offers scalable processing based on Juniper’s Dynamic Services Architecture. Offers a simple and cost-effective solution to leverage new services with appropriate processing.
    System and network resiliency Provides carrier-class hardware design and proven OS. Offers the reliability needed for any critical high-speed network deployments without service interruption. Utilizes a unique architectural design based on multiple processing cores and a separation of the data and control planes.
    High availability (HA) Active/passive and active/active HA configurations use dedicated HA interfaces. Achieves availability and resiliency necessary for critical networks.
    Interface flexibility Offers flexible I/O options with modular cards based on the Dynamic Services Architecture. Offers flexible I/O configuration and independent I/O scalability (options include 1GbE, 10GbE, 40GbE, and 100GbE) to meet the port density requirements of demanding network environments.
    Network segmentation Security zones, virtual LANs (VLANs), and virtual routers allow administrators to deploy security policies to isolate subnetworks and use overlapping IP address ranges. Features the capability to tailor unique security and networking policies for various internal, external, and demilitarized zone (DMZ) subgroups.
    Robust Routing Engine Dedicated RE provides physical and logical separation to data and control planes. Enables deployment of consolidated routing and security devices, as well as ensuring the security of routing infrastructure—all via a dedicated management environment.
    Advanced threat protection IPS, antivirus, antispam, enhanced web filtering, Juniper Advanced Threat Prevention Cloud, Encrypted Traffic Insights, Threat Intelligence Feeds, and Juniper ATP Appliance.
    • Provides real-time updates to IPS signatures and protects against exploits
    • Implements industry-leading antivirus and URL filtering
    • Delivers open threat intelligence platform that integrates with third-party feeds
    • Protects against zero-day attacks
    • Stops rogue and compromised devices to disseminate malware
    • Restores visibility that was lost due to encryption, without the heavy burden of full TLS/SSL decryption
    AppTrack Detailed analysis on application volume/usage throughout the network based on bytes, packets, and sessions. Provides the ability to track application usage to help identify high-risk applications and analyze traffic patterns for improved network management and control.
    AppFirewall Fine-grained application control policies to allow or deny traffic based on dynamic application name or group names. Enhances security policy creation and enforcement based on applications and user roles rather than traditional port and protocol analysis.
    AppQoS Leverage Juniper’s rich QoS capabilities to prioritize applications based on customers’ business and bandwidth needs. Provides the ability to prioritize traffic as well as limit and shape bandwidth based on application information and contexts for improved application and overall network performance.
    Application signatures Open signature library for identifying applications and nested applications with more than 3000 application signatures. Accurately identifies applications so that the resulting information can be used for visibility, enforcement, control, and protection.
    SSL proxy (forward and reverse) Performs SSL encryption and decryption between the client and the server. Combines with application identification to provide visibility and protection against threats embedded in SSL encrypted traffic.
    Stateful GTP and SCTP inspection Support for General Packet Radio Service Tunneling Protocol (GTP) and Stream Control Transmission Protocol (SCTP) firewall in mobile operator networks. Enables the SRX5000 line to provide stateful firewall capabilities for protecting key GPRS nodes within mobile operator networks.
    IOC3 The third-generation I/O card offers very high levels of firewall throughput and low latency. The card includes two board choices: six 40GbE interfaces and 24 10GbE interfaces, or two 100GbE interfaces and four 10GbE interfaces. The IOC3 pairs well with existing SPC2/SPC3 for maximum firewall performance in any of the SRX5000 line of Firewalls. Provides vastly superior, top-of-the-line connectivity efficiency and record-breaking high throughput I/O interfaces. Reduces the need for link aggregation to the firewall and enables very high firewall throughput of up to 2 Tbps with Express Path enabled.
    IOC4 The fourth-generation I/O card is being offered in two flavors. The first delivers 40x10GbE interfaces while the second, depending on the chosen optics, delivers 48x10GbE, 12x40GbE, or 4x100GbE interfaces. Provides the fastest throughput per slot and, in combination with Express Path, can deliver up to 480 Gbps of throughput per I/O card.
    SPC3 card Enables performance and scale with backwards compatibility to the SPC2 service cards. These cards support in-service software and in-service hardware upgrades. Delivers always-on security resiliency to meet your growing network performance needs.
    AutoVPN One-time hub configuration for site-to-site VPN for all spokes, even newly added ones. Configuration options include: routing, interfaces, Internet Key Exchange (IKE), and IPsec. Enables IT administrative time and cost savings with easy, zero-touch deployment for IPsec VPN networks.
    Remote access/SSL VPN Secure and flexible remote access SSL VPN with Juniper Secure Connect. Extends secure access to corporate resources from anywhere.
    Multitenancy Offers logical, large-scale segmentation and separation of security functions and features. Enables separate, logical instances to be deployed with dedicated security policies, zones, and other features and functions. Removes the need to deploy several physical or virtual firewalls.

    IPS Capabilities

    Juniper Networks IPS capabilities offer several unique features that assure the highest level of network security.
    Feature Feature Description Benefits
    Stateful signature inspection Signatures are applied only to relevant portions of the network traffic determined by the appropriate protocol context. This minimizes false positives and offers flexible signature development.
    Protocol decodes This feature enables highly accurate detection and helps reduce false positives. Accuracy of signatures is improved through precise contexts of protocols.
    Signatures There are more than 8500 signatures for identifying anomalies, attacks, spyware, and applications. Attacks are accurately identified and attempts to exploit a known vulnerability are detected.
    Traffic normalization Reassembly, normalization, and protocol decoding are provided. Overcome attempts to bypass other IPS detections by using obfuscation methods.
    Zero-day protection Protocol anomaly detection and same-day coverage for newly found vulnerabilities are provided. Your network is already protected against any new exploits.
    Recommended policy Group of attack signatures are identified by Juniper Networks Security Team as critical for the typical enterprise to protect against. Installation and maintenance are simplified while ensuring the highest network security.
    Active/active traffic monitoring IPS monitoring on active/active SRX5000 line chassis clusters is provided. Includes support for active/active IPS monitoring, including advanced features such as in-service software upgrade.
    Packet capture IPS policy supports packet capture logging per rule. Conduct further analysis of surrounding traffic and determine further steps to protect target.

    Content Security Capabilities

    The Content Security services offered on the SRX5000 line of Firewalls include industry-leading antivirus, antispam, content filtering, and additional content security services.
    Feature Feature Description Benefits
    Antivirus Antivirus includes reputation enhanced, cloud-based antivirus capabilities that detect and block spyware, adware, viruses, keyloggers, and other malware over POP3 HTTP, SMTP, IMAP, and FTP protocols. This service is provided in cooperation with Sophos Labs, a dedicated security company. Sophisticated protection from respected antivirus experts against malware attacks that can lead to data breaches and lost productivity.
    Antispam Multilayered spam protection, up-to-date phishing URL detection, standards-based S/MIME, Open PGP and TLS encryption, MIME type, and extension blockers are provided in cooperation with Sophos Labs, a dedicated security company. Protection against advanced persistent threats perpetrated through social networking attacks and the latest phishing scams with sophisticated e-mail filtering and content blockers.
    Enhanced Web filtering Enhanced Web filtering includes extensive category granulation (95+ categories) and a real-time threat score delivered with Forcepoint, an expert Web security provider. Protection against lost productivity and the impact of malicious URLs as well as helping to maintain network bandwidth for business essential traffic.
    Content filtering Effective content filtering is based on MIME type, file extension, and protocol commands. Protection against lost productivity and the impact of extraneous or malicious content on the network to help maintain bandwidth for business essential traffic.

    Advanced Threat Prevention

    Advanced threat prevention (ATP) solutions that defend against sophisticated malware, persistent threats, and ransomware are available for the SRX5000 line. Two versions are available: Juniper ATP Cloud, a SaaS-based service, and the Juniper ATP Appliance, an on-premises solution.
    Feature Feature Description Benefits
    Advanced malware detection and remediation Malware analysis and sandboxing are based on machine learning and behavioral analysis. Protects enterprise users from a spectrum of malicious attacks, including advanced malware that exploits “zero-day” vulnerabilities.
    Comprehensive threat feeds (C2, GeoIP, custom) Curated, actionable threat intelligence feeds are delivered in near real time to SRX Series devices. Proactively blocks malware communication channels and protects from botnets, phishing, and other attacks.
    Encrypted Traffic Insights SRX Series firewalls collect relevant TLS/SSL connection data, including certificates used, cipher suites negotiated, and connection behavior.  This information is processed by Juniper ATP Cloud, which uses network behavioral analysis and machine learning to determine whether the connection is benign or malicious.  Policies configured on SRX Series firewalls can be used to block encrypted traffic identified as malicious. Restores visibility that was lost due to encryption without the heavy burden of full TLS/SSL decryption.
    HTTP, HTTPs, e-mail Web- and e-mail-based threats are analyzed, including encrypted sessions. Protects users from all major threat vectors, including e-mail. Provides flexible message handling options for e-mail. The Juniper ATP Appliance includes support for cloud-based e-mail services such as Office 365 and Google Mail, and detects threats in SMB traffic.
    Integration with Security Director and JSA Juniper Networks Secure Analytics portfolio (JSA Series) security information and event management (SIEM) can consume and correlate threat events. Juniper ATP Cloud is also fully integrated with Security Director for provisioning and monitoring. The Juniper ATP Appliance includes a built-in management console and is not integrated with Security Director. Single pane-of-glass management with Security Director and JSA Series integration delivers a simplified policy application and monitoring experience.
    More information about Juniper Advanced Threat Prevention products can be found at https://www.juniper.net/us/en/products/security/advanced-threat-prevention.html.

    Centralized Management

    Juniper Networks® Security Director is the central manager for all SRX Series Firewalls. It provides security policy management for all physical, logical, and virtual firewalls through an innovative, intuitive, and centralized web-based interface that offers enforcement across emerging and traditional threat vectors. It provides detailed visibility into application performance, reduces risk while enabling users to diagnose, and it resolves problems quickly. More information about Juniper Networks Security Director can be found at https://www.juniper.net/us/en/products/security/security-director-network-security-management.html.
    SRX5400, SRX5600, SRX5800 image

    Specifications

    Note: Performance, capacity, and features are measured under ideal lab testing conditions. Actual results may vary based on Junos OS release and by deployment.
    SRX5400 SRX5600 SRX5800
    Maximum Performance and Capacity1
    Junos OS version tested Junos OS 21.2 Junos OS 21.2 Junos OS 21.2
    Firewall Performance, IMIX 960 Gbps 1.44 Tbps 3.36 Tbps
    Maximum performance per chassis 960 Gbps 1440 Tbps 3.36 Tbps
    Next-Generation Datacenter Firewall Performance2 136 Gbps 194 Gbps 504 Gbps
    Secure Web Access Firewall Performance3 75 Gbps 107 Gbps 277 Gbps
    Latency (stateful firewall) ~11µsec ~11µsec ~11µsec
    IPsec VPN AES-256-GCM (IMIX) 188 Gbps 269 Gbps 699 Gbps
    Maximum IPS performance 172 Gbps 245 Gbps 638 Gbps
    Maximum concurrent sessions 91 Million 182 Million 338 Million
    New sessions/second (sustained, tcp, 3way, firewall NAT) 1.7/1 million 3.4/2 Million 6.3/4 Million
    Maximum users supported Unrestricted Unrestricted Unrestricted
    Network Connectivity
    IOC4 options (SRX5K-IOC4-MRAT; SRX5K-IOC4-10G) 40x10GbE SFP+ or 12xQSFP+/QSFP28 multirate
    IOC3 options (SRX5K-MPC3-100G10G; SRX5K-MPC3-40G10G) 2x100GbE CFP2 and 4x10GbE SFP+ or 6x40GbE QSFP+ and 24x10GbE SFP+
    Firewall
    Network attack detection Yes Yes Yes
    DoS and distributed denial of service (DDoS) protection Yes Yes Yes
    TCP reassembly for fragmented packet protection Yes Yes Yes
    Brute force attack mitigation Yes Yes Yes
    SYN cookie protection Yes Yes Yes
    Zone-based IP spoofing Yes Yes Yes
    Malformed packet protection Yes Yes Yes
    IPsec VPN
    Site-to-site tunnels 15,000 15,000 15,000
    Tunnel interfaces 15,000 15,000 15,000
    Number of remote access / SSL VPN (concurrent) users 25,000 40,000 50,000
    Tunnels Site-to-Site, Hub and Spoke, Dynamic Endpoint, AutoVPN, ADVPN, Group VPN (IPv4 / IPv6 / Dual Stack)
     Internet Key Exchange IKEv1, IKEv2
    Configuration Payload Yes Yes Yes
    IKE Authentication Algorithms MD5, SHA1, SHA-256, SHA-384, SHA-512
    IKE Encryption Algorithms Prime, DES-CBC, 3DES-CBC, AEC-CBC, AES-GCM, SuiteB
    Authentication Pre-shared key and public key infrastructure (PKI X.509)
    IPsec (Internet Protocol Security) Authentication Header (AH) / Encapsulating Security Payload (ESP) protocol
    Perfect forward secrecy Yes
    IPsec Authentication Algorithms hmac-md5, hmac-sha-196, hmac-sha-256, hmac-sha-384, hmac-sha-512
    IPsec Encryption Algorithms Prime, DES-CBC, 3DES-CBC, AEC-CBC, AES-GCM, SuiteB
    Monitoring Standard-based Dead peer detection (DPD), VPN monitoring
    Prevent replay attack Yes Yes Yes
    VPNs (GRE, IP-in-IP, MPLS) Yes Yes Yes
    Redundant VPN gateways Yes Yes Yes
    Intrusion Prevention System (IPS)
    Signature-based and customizable (via templates) Yes Yes Yes
    Active/active traffic monitoring Yes Yes Yes
    Stateful protocol signatures Yes Yes Yes
    Attack detection mechanisms Stateful signatures, protocol anomaly detection (zero-day coverage), application identification Stateful signatures, protocol anomaly detection (zero-day coverage), application identification Stateful signatures, protocol anomaly detection (zero-day coverage), application identification
    Attack response mechanisms Drop connection, close connection, session packet log, session summary, e-mail Drop connection, close connection, session packet log, session summary, e-mail Drop connection, close connection, session packet log, session summary, e-mail
    Attack notification mechanisms Structured system logging Structured system logging Structured system logging
    Worm protection Yes Yes Yes
    Simplified installation through recommended policies Yes Yes Yes
    Trojan protection Yes Yes Yes
    Spyware/adware/keylogger protection Yes Yes Yes
    Advanced malware protection Yes Yes Yes
    Protection against attack proliferation from infected systems Yes Yes Yes
    Reconnaissance protection Yes Yes Yes
    Request and response side attack protection Yes Yes Yes
    Compound attacks—combines stateful signatures and protocol anomalies Yes Yes Yes
    Custom attack signatures creation Yes Yes Yes
    Contexts accessible for customization 600+ 600+ 600+
    Attack editing (port range, other) Yes Yes Yes
    Stream signatures Yes Yes Yes
    Protocol thresholds Yes Yes Yes
    Stateful protocol signatures Yes Yes Yes
    Frequency of updates Daily and emergency Daily and emergency Daily and emergency
    Content Security
    Antivirus Yes Yes Yes
    Content filtering Yes Yes Yes
    Enhanced Web filtering Yes Yes Yes
    Redirect Web filtering Yes Yes Yes
    Antispam Yes Yes Yes
    AppSecure
    AppTrack (application visibility and tracking) Yes Yes Yes
    AppFirewall (policy enforcement by application name) Yes Yes Yes
    AppQoS (network traffic prioritization by application name) Yes Yes Yes
    User-based application policy enforcement Yes Yes Yes
    GPRS Security
    GPRS stateful firewall Yes Yes Yes
    Destination Network Address Translation
    Destination NAT with Port Address Translation (PAT) Yes Yes Yes
    Destination NAT within same subnet as ingress interface IP Yes Yes Yes
    Destination addresses and port numbers to one single address and a specific port number (M:1P) Yes Yes Yes
    Destination addresses to one single address (M:1) Yes Yes Yes
    Destination addresses to another range of addresses (M:M) Yes Yes Yes
    Source Network Address Translation
    Static Source NAT—IP-shifting Dynamic Internet Protocol (DIP) Yes Yes Yes
    Source NAT with PAT—port translated Yes Yes Yes
    Source NAT without PAT—fix port Yes Yes Yes
    Source NAT—IP address persistency Yes Yes Yes
    Source pool grouping Yes Yes Yes
    Source pool utilization alarm Yes Yes Yes
    Source IP outside of the interface subnet Yes Yes Yes
    Interface source NAT—interface DIP Yes Yes Yes
    Oversubscribed NAT pool with fallback to PAT when the address pool is exhausted Yes Yes Yes
    Symmetric NAT Yes Yes Yes
    Allocate multiple ranges in NAT pool Yes Yes Yes
    Proxy Address Resolution Protocol (ARP) for physical port Yes Yes Yes
    Source NAT with loopback grouping—DIP with loopback grouping Yes Yes Yes
    User Authentication and Access Control
    Built-in (internal) database Yes Yes Yes
    RADIUS accounting Yes Yes Yes
    Web-based authentication Yes Yes Yes
    Public Key Infrastructure (PKI) Support
    PKI certificate requests (PKCS 7, PKCS 10, and CMPv2) Yes Yes Yes
    Automated certificate enrollment (SCEP) Yes Yes Yes
    Certificate authorities supported Yes Yes Yes
    Self-signed certificates Yes Yes Yes
    Virtualization
    Maximum custom routing instances with data plane separation 2000 2000 2000
    Maximum security zones 2000 2000 2000
    Maximum virtual firewalls with data plane and administrative separation (logical/tenant systems) 500 500 500
    Additional off-platform virtual firewall option with Juniper Networks vSRX Virtual Firewall (VM based) Unlimited Unlimited Unlimited
    Maximum number of VLANs 4096 4096 4096
    Routing
    BGP instances 1000 1000 1000
    BGP peers 2000 2000 2000
    BGP routes 1 Million 1 Million 1 Million
    OSPF instances 400 400 400
    OSPF routes 1 Million 1 Million 1 Million
    RIP v1/v2 instances 50 50 50
    RIP v2 table size 30,000 30,000 30,000
    Dynamic routing Yes Yes Yes
    Static routes Yes Yes Yes
    Source-based routing Yes Yes Yes
    Policy-based routing Yes Yes Yes
    Equal cost multipath (ECMP) Yes Yes Yes
    Reverse path forwarding (RPF) Yes Yes Yes
    Multicast Yes Yes Yes
    IPv6
    Firewall/stateless filters Yes Yes Yes
    Dual-stack IPv4/IPv6 firewall Yes Yes Yes
    RIPng Yes Yes Yes
    BFD, BGP Yes Yes Yes
    ICMPv6 Yes Yes Yes
    OSPFv3 Yes Yes Yes
    Class of service (CoS) Yes Yes Yes
    Mode of Operation
    Layer 2 (transparent) mode Yes Yes Yes
    Layer 3 (route and/or NAT) mode Yes Yes Yes
    IP Address Assignment
    Static Yes Yes Yes
    Dynamic Host Configuration Protocol (DHCP) Yes Yes Yes
    Internal DHCP server Yes Yes Yes
    DHCP relay Yes Yes Yes
    Traffic Management Quality of Service (QoS)
    Maximum bandwidth Yes Yes Yes
    RFC2474 IP Diffserv in IPv4 Yes Yes Yes
    Firewall filters for CoS Yes Yes Yes
    Classification Yes Yes Yes
    Scheduling Yes Yes Yes
    Shaping Yes Yes Yes
    Intelligent Drop Mechanisms (WRED) Yes Yes Yes
    Three-level scheduling Yes Yes Yes
    Weighted round robin for each level of scheduling Yes Yes Yes
    Priority of routing protocols Yes Yes Yes
    Traffic management/policing in hardware Yes Yes Yes
    High Availability (HA)
    Active/passive, active/active Yes Yes Yes
    Unified in-service software upgrade (unified ISSU) Yes Yes Yes
    Configuration synchronization Yes Yes Yes
    Session synchronization for firewall and IPsec VPN Yes Yes Yes
    Session failover for routing change Yes Yes Yes
    Device failure detection Yes Yes Yes
    Link and upstream failure detection Yes Yes Yes
    Dual control links Yes Yes Yes
    Interface link aggregation/Link Aggregation Control Protocol (LACP) Yes Yes Yes
    Redundant fabric links Yes Yes Yes
    Management
    WebUI (HTTP and HTTPS) Yes Yes Yes
    Command line interface (console, telnet, SSH) Yes Yes Yes
    Junos Space Security Director Yes Yes Yes
    Administration
    Local administrator database support Yes Yes Yes
    External administrator database support Yes Yes Yes
    Restricted administrative networks Yes Yes Yes
    Root admin, admin, and read-only user levels Yes Yes Yes
    Software upgrades Yes Yes Yes
    Configuration rollback Yes Yes Yes
    Logging/Monitoring
    Structured syslog Yes Yes Yes
    SNMP (v2 and v3) Yes Yes Yes
    Traceroute Yes Yes Yes
    Certifications
    Safety certifications Yes Yes Yes
    Electromagnetic Compatibility (EMC) certifications Yes Yes Yes
    RoHS2 Compliant (European Directive 2011/65/EU) Yes Yes Yes
    NIST FIPS-140-2 Level 2 Yes Yes Yes
    Common Criteria NDPP+TFFW EP + VPN EP Yes Yes Yes
    USGv6 Yes Yes Yes
    Dimensions and Power
    Dimensions (W x H x D) 17.45 x 8.7 x 24.5 in (44.3 x 22.1 x 62.2 cm) 17.5 x 14 x 23.8 in (44.5 x 35.6 x 60.5 cm) 17.5 x 27.8 x 23.5 in (44.5 x 70.5 x 59.7 cm)
    Weight Fully configured 128 lb (58.1 kg) Fully Configured: 180 lb (81.7 kg) Fully Configured: 334 lb (151.6 kg)
    Power supply (AC) 100 to 240 VAC 100 to 240 VAC 200 to 240 VAC
    Power supply (DC) -40 to -60 VDC -40 to -60 VDC -40 to -60 VDC
    Maximum power 4,100 watts (AC high capacity) 4,100 watts (AC high capacity) 8,200 watts (AC high capacity)
    Typical Power 1540 watts 2440 watts 5015 watts
    Environmental
    Operating temperature – long term 41° to 104° F (5° to 40° C) 41° to 104° F (5° to 40° C) 41° to 104° F (5° to 40° C
    Humidity – long term 5% to 85% noncondensing 5% to 85% noncondensing 5% to 85% noncondensing
    Humidity – short term 5% to 93% noncondensing but not to exceed 0.026 kg water/kg of dry air 5% to 93% noncondensing but not to exceed 0.026 kg water/kg of dry air 5% to 93% noncondensing but not to exceed 0.026 kg water/kg of dry air
    1 Performance, capacity and features listed are measured under ideal testing conditions. Actual results may vary based on Junos OS releases and by deployments.
    2Next-Generation Datacenter firewall performance is measured with Firewall, Application Security and IPS enabled using 64KB transactions.
    3Secure Web Access firewall performance is measured with Firewall, Application Security, IPS, SecIntel, and URL Filtering enabled using 64KB transactions.
    Add to cart Details

  • Juniper SRX550 Firewall

    ASK FOR PRICE

    Product Overview

    The SRX550M Firewall combines securitySD-WANroutingswitching, and WAN interfaces with next-generation firewall and advanced threat mitigation capabilities for secure, cost-effective connectivity across distributed enterprise locations. By consolidating fast, highly available switching, routing, security, and next-generation firewall in a single device, enterprises can remove network complexity, protect and prioritize their resources, and improve user and application experience while lowering total cost of ownership.
    srx550 front with top

    Product Description

    Juniper Networks® SRX550M Firewall delivers a next-generation secure SD-WAN and security solution that supports the changing needs of cloud-enabled enterprise networks. Whether rolling out new services and applications across locations, connecting to the cloud, or trying to achieve operational efficiency, the SRX550M helps organizations realize their business objectives while providing scalable, easy to manage, secure connectivity and advanced threat mitigation capabilities. Next-generation firewall (NGFW) and advanced security also make it easier to detect and proactively mitigate threats to improve the user and application experience.  

    Architecture and Key Components

    The SRX550M Firewall is a secure router that brings high performance and proven deployment capabilities to enterprises building a worldwide network composed of thousands of remote sites. WAN or Internet connectivity module options include:
    • Ethernet, serial, T1/E1, ADSL2/2+, and VDSL
    • 3G/4G LTE wireless
    • 802.11ac Wave 2 Wi-Fi
    Industry-best, high-performance IPsec VPN solutions provide comprehensive encryption and authentication capabilities to secure intersite communications. Multiple form factors that offer Ethernet switching support on native Gigabit Ethernet ports allow cost-effective choices for mission-critical deployments. The SRX550M Firewall runs Junos® operating system, a proven, carrier-hardened network OS that powers the top 100 service provider networks around the world. The rigorously tested, carrier-class, rich routing features such as IPv4/IPv6, OSPF, BGP, and multicast have been proven in over 15 years of worldwide deployments. The automation and scripting capabilities of Junos OS and Junos Space® Security Director reduce operational complexity and simplify the provisioning of new sites. The SRX550M recognizes more than 4,275 Layer 3-7 applications, including Web 2.0 and evasive peer-to-peer (P2P) applications like Skype, torrents, and others. Correlating application information with user contextual information, the SRX550M can generate bandwidth usage reports, enforce access control policies, prioritize and rate-limit traffic exiting WAN interfaces, and proactively secure remote sites. This optimizes resources in the branch office and improves the application and user experience.  

    Mist AI

    WAN Assurance

    Mist WAN Assurance is a cloud service that brings AI-powered automation and service levels to Juniper SRX Series Firewalls, complementing the Juniper Secure SD-WAN solution. Mist WAN Assurance transforms IT operations from reactive troubleshooting to proactive remediation, turning insights into actions and delivering operational simplicity with seamless integration into existing deployments.
    • SRX Series firewalls, deployed as secure SD-WAN edge devices, deliver the rich Junos streaming telemetry that provides the insights needed for WAN health metrics and anomaly detection. This data is leveraged within the Mist Cloud and AI engine, driving simpler operations, reducing mean time to repair (MTTR) and providing greater visibility into end-user experiences.
    • Insights derived from SRX Series SD-WAN gateway telemetry data allows WAN Assurance to compute unique “User Minutes” that indicate whether users are having a good experience.
    • The Marvis assistant for WAN allows you to ask direct questions like “Why is my Zoom call bad?” and provides complete insights, correlation, and actions.
    • Marvis Actions identifies and summarizes issues such as application latency conditions, congested WAN circuits, or negotiation mismatches.
     

    Simplifying Branch Deployments (Secure Connectivity/SD-WAN)

    The SRX550M line delivers fully automated SD-WAN to both enterprises and service providers.
    • A Zero-Touch Provisioning (ZTP) feature simplifies branch network connectivity for initial deployment and ongoing management.
    • SRX550M firewalls offer best-in-class secure connectivity.
    • The SRX550M firewall efficiently utilizes multiple links and load balance traffic across the enterprise WAN, blending traditional MPLS with other connectivity options such as broadband internet, leased lines, 4G/LTE, and more.
    • Policy- and application-based forwarding capabilities enforce business rules created by the enterprise to steer application traffic towards a preferred path.
     

    Comprehensive Security Suite

    At the perimeter, the SRX550M offers a comprehensive suite of application security services, threat defenses, and intelligence services. The services consist of intrusion prevention system (IPS), application security user role-based firewall controls and cloud-based antivirus, antispam, and enhanced Web filtering, protecting networks from the latest content-borne threats. Integrated threat intelligence via Juniper Networks SecIntel offers adaptive threat protection against Command and Control (C&C)-related botnets and policy enforcement based on GeoIP. Customers can also leverage their own custom and third-party feeds for protection from advanced malware and other threats. Integrating the Juniper Advanced Threat Protection solution, the SRX550M detects and enforces automated protection against known malware and zero-day threats with a high degree of accuracy.  

    Industry-Certified Junos Operating System

    SRX550M Firewalls run the Junos operating system, a proven, carrier-hardened OS that powers the top 100 service provider networks in the world. The rigorously tested, carrier-class, rich routing features such as IPv4/IPv6, OSPF, BGP, and multicast have been proven over 15 years of worldwide deployments. The SRX550M enables agile SecOps through automation capabilities that support Zero Touch Deployment, Python scripts for orchestration, and event scripting for operational management.  

    Features and Benefits

    Business Requirement Feature/Solution SRX550M Advantages
    High performance Up to 7 Gbps of routing and firewall performance
    • Meets the needs of small, medium, and large branch office deployments
    • Addresses future needs for scale and feature capacity
    Business continuity Stateful high availability (HA), IP monitoring
    • Uses stateful HA to synchronize configuration and firewall sessions
    • Supports multiple WAN interface with dial-on-demand backup
    • Performs route/link failover based on real-time link performance
    SD-WAN Better end-user application and cloud experience and lower operational costs
    • ZTP simplifies remote device provisioning
    • Orchestrates business intent policies across the enterprise WAN via centralized or local advanced policy-based routing (APBR)
    • Measures application service-level agreements (SLAs) and improves end-user experience through application quality of experience (AppQoE)
    • Detects 4,275 Layer 3-7 applications, including Web 2.0
    • Inspects and detects applications in SSL-encrypted traffic
    • Controls and prioritizes traffic based on application and user role
    End-user experience WAN assurance
    • Provides AI-powered automation and service levels that complement the Juniper secure SD-WAN solution
    • Provides visibility and insights into users, applications, WAN links, controls, and data plane CPU for proactive remediation
    High security IPsec VPN, Remote Access/SSL VPN, Media Access Control Security (MACsec)
    • Creates secure, reliable, and fast overlay link over public Internet
    • Employs anti-counterfeit features to defend against unauthorized hardware spares
    • Includes high-performance CPU with built-in hardware assist IPsec acceleration
    • Offers secure and flexible remote access SSL VPN with Juniper Secure Connect
    Threat protection IPS, antivirus, antispam, enhanced web filtering, Juniper Advanced Threat Prevention Cloud, Encrypted Traffic Insights, and Threat Intelligence Feeds
    • Provides real-time updates to IPS signatures and protects against exploits
    • Implements industry-leading antivirus and URL filtering
    • Protects against zero-day attacks
    • Integrates open threat intelligence platform with third-party feeds
    • Restores visibility that was lost due to encryption without the heavy burden of full TLS/SSL decryption
    Easy management and scale On-box GUI, Security Director
    • Includes centralized management for autoprovisioning, firewall policy management, Network Address Translation (NAT), and IPsec VPN deployments
    • Includes simple, easy-to-use on-box GUI for local management
    Minimal TCO Junos OS
    • Integrates routing, switching, and security in a single device
    • Reduces operational expense with Junos OS automation capabilities
     
    SRX550M Firewall front with top low view image

    SRX550M Specifications

    Software Specifications

    Routing Protocols

    • IPv4, IPv6, ISO, Connectionless Network Service (CLNS)
    • Static routes
    • RIP v1/v2
    • OSPF/OSPF v3
    • BGP with route reflector
    • IS-IS
    • Multicast: Internet Group Management Protocol (IGMP) v1/v2, Protocol Independent Multicast (PIM) sparse mode (SM)/dense mode (DM)/source-specific multicast (SSM), Session Description Protocol (SDP), Distance Vector Multicast Routing Protocol (DVMRP), Multicast Source Discovery Protocol (MSDP), Reverse Path Forwarding (RPF)
    • Encapsulation: VLAN, Point-to-Point Protocol (PPP), Frame Relay, High-Level Data Link Control (HDLC), serial, Multilink Point-to-Point Protocol (MLPPP), Multilink Frame Relay (MLFR), and Point-to-Point Protocol over Ethernet (PPPoE)
    • Virtual routers
    • Policy-based routing, source-based routing
    • Equal-cost multipath (ECMP)
     

    QoS Features

    • Support for 802.1p, DiffServ code point (DSCP), EXP
    • Classification based on VLAN, data-link connection identifier (DLCI), interface, bundles, or multifield filters
    • Marking, policing, and shaping
    • Classification and scheduling
    • Weighted random early detection (WRED)
    • Guaranteed and maximum bandwidth
    • Ingress traffic policing
    • Virtual channels
    • Hierarchical shaping and policing
     

    Switching Features

    • ASIC-based Layer 2 forwarding
    • MAC address learning
    • VLAN addressing and integrated routing and bridging (IRB) support
    • Link aggregation and LACP
    • Link Layer Discovery Protocol (LLDP) and Link Layer Discovery Protocol–Media Endpoint Discovery (LLDP-MED)
    • Spanning Tree Protocol (STP), Rapid Spanning Tree Protocol (RSTP), Multiple Spanning Tree Protocol (MSTP)
    • Multiple VLAN Registration Protocol (MVRP)
    • 802.1X authentication
     

    Firewall Services

    • Stateful and stateless firewall
    • Zone-based firewall
    • Screens and distributed denial of service (DDoS) protection
    • Protection from protocol and traffic anomaly
    • Integration with Pulse Unified Access Control (UAC)
    • Integration with Aruba Clear Pass Policy Manager
    • User role-based firewall
    • SSL Inspection (forward-proxy)
     

    Network Address Translation (NAT)

    • Source NAT with Port Address Translation (PAT)
    • Bidirectional 1:1 static NAT
    • Destination NAT with PAT
    • Persistent NAT
    • IPv6 address translation
     

    VPN Features

    • Tunnels: Site-to-Site, Hub and Spoke, Dynamic Endpoint, AutoVPN, ADVPN, Group VPN (IPv4/IPv6/Dual Stack)
    • Juniper Secure Connect: Remote access/SSL VPN
    • Configuration payload: Yes
    • IKE Encryption algorithms: Prime, DES-CBC, 3DES-CBC, AEC-CBC, AES-GCM, SuiteB
    • IKE authentication algorithms: MD5, SHA-1, SHA-128, SHA-256, SHA-384
    • Authentication: Pre-shared key and public key infrastructure (PKI) (X.509)
    • IPsec (Internet Protocol Security): Authentication Header (AH)/Encapsulating Security Payload (ESP) protocol
    • IPsec Authentication Algorithms: hmac-md5, hmac-sha-196, hmac-sha-256
    • IPsec Encryption Algorithms: Prime, DES-CBC, 3DES-CBC, AEC-CBC, AES-GCM, SuiteB
    • Perfect forward secrecy, anti-reply
    • Internet Key Exchange: IKEv1, IKEv2
    • Monitoring: Standard-based dead peer detection (DPD) support, VPN monitoring
    • VPNs GRE, IP-in-IP, and MPLS
     

    Network Services

    • Dynamic Host Configuration Protocol (DHCP) client/server/relay
    • Domain Name System (DNS) proxy, dynamic DNS (DDNS)
    • Juniper real-time performance monitoring (RPM) and IP-monitoring
    • Juniper flow monitoring (J-Flow)
    • Bidirectional Forwarding Detection (BFD)
    • Two-Way Active Measurement Protocol (TWAMP)
    • IEEE 802.3ah Link Fault Management (LFM)
    • IEEE 802.1ag Connectivity Fault Management (CFM)
     

    High Availability Features

    • Virtual Router Redundancy Protocol (VRRP)
    • Stateful high availability
    • Dual box clustering
    • Active/passive
    • Active/active
    • Configuration synchronization
    • Firewall session synchronization
    • Device/link detection
    • In-Band Cluster Upgrade (ICU)
    • Dial on-demand backup interfaces
    • IP monitoring with route and interface failover
     

    Management, Automation, Logging, and Reporting

    • SSH, Telnet, SNMP
    • Smart image download
    • Juniper CLI and Web UI
    • Mist AI
      • Simplified management
      • WAN Assurance
    • Junos Space and Security Director
    • Python, PyEz, and Ansible modules
    • Junos OS event, commit, and OP script
    • Application and bandwidth usage reporting
    • Auto installation
    • Debug and troubleshooting tools
    • ZTP with Contrail Service Orchestration
     

    Advanced Routing Services

    • Packet mode
    • MPLS (RSVP, LDP)
    • Circuit cross-connect (CCC), translational cross-connect (TCC)
    • L2/L3 MPLS VPN, pseudowires
    • Virtual private LAN service (VPLS), next-generation multicast VPN (NG-MVPN)
    • MPLS traffic engineering and MPLS fast reroute
     

    Application Security Services1

    • Application visibility and control
    • Application-based firewall
    • Application QoS
     

    Enhanced SD-WAN Services

    • Application-based advanced policy-based routing (APBR)
    • Application quality of experience (AppQoE)
    • Application-based link monitoring and switchover with AppQoE
     

    Threat Defense and Intelligence Services1

    • Intrusion prevention system (IPS)
    • Antivirus
    • Antispam
    • Category/reputation-based URL filtering
    • Protection from botnets (command and control)
    • Adaptive enforcement based on GeoIP
    • Juniper Advanced Threat Prevention to detect and block zero-day attacks
    • Adaptive Threat Profiling
    • Encrypted Traffic Insights
    • Juniper SecIntel to provide threat intelligence
     
    1 Offered as advanced security services subscription licenses.  

    Hardware Specifications

    Network Connectivity

    • Fixed I/O: 6 x 10/100/1000 BASE-T + 4 small form-factor pluggable transceivers (SFP transceivers)
    • I/O slots: 2 x SRX Series Mini-PIM, 6 x Gigabit-Backplane Physical Interface Module (GPIM) or multiple GPIM and XPIM combinations
    • Services and Routing Engine slots: No
    • WAN/LAN interface options: See ordering information
    • Maximum number of PoE ports (PoE optional on some SRX Series models): Up to 40 ports of 802.3af/at with maximum 247 W
    • USB: 2
     

    Flash and Memory

    • Memory (DRAM): 4 GB
    • Memory slots: 2 DIMM
    • Flash memory: 8 GB, CF internal
    • USB port for external storage: Yes
     

    Dimensions and Power

    • Dimensions (W x H x D): 17.5 x 3.5 x 18.2 in (44.4 x 8.8 x 46.2 cm)
    • Weight (device and power supply): 21.96 lb (9.96 kg) (no interface modules, 1 power supply)
    • Rack-mountable: Yes, 2 U
    • Power supply (AC): 100-240 VAC, single 645 W or dual 645 W
    • Maximum PoE power: 247 W redundant, or 494 W non-redundant
    • Average power consumption: 85 W
    • Input frequency: 50-60 Hz
    • Maximum current consumption: 7.5 A @ 100 VAC with single PSU with PoE, 10.5 A @ 100 VAC with dual PSU with PoE
    • Maximum inrush current: 45 A for half-cycle
    • Average heat dissipation: 238 BTU/hr
    • Maximum heat dissipation: 1449 BTU/hr
    • Redundant power supply (hot swappable): Yes (up to maximum capacity of single PSU)
    • Acoustic noise level (per ISO 7779 Standard): 51.8 dB
     

    Environmental, Compliance, and Safety Certification

    • Operational temperature: 32° to 104° F (0° to 40° C)
    • Nonoperational temperature: 4° to 158° F, (-20° to 70° C)
    • Humidity (operating): 10% to 90% noncondensing
    • Humidity (nonoperating): 5% to 95% noncondensing
    • Mean time between failures (Telcordia model): 9.6 years with redundant power
    • FCC classification: Class A
    • RoHS compliance: Yes
     

    Performance and Scale

    • Firewall performance (large packets)2: 7 Gbps
    • Firewall performance (IMIX)2: 2 Gbps
    • Firewall + routing pps (64 Byte)2: 700 Kpps
    • Firewall performance (HTTP)3: 2 Gbps
    • IPsec VPN throughput (large packets): 1.0 Gbps
    • IPsec VPN tunnels: 2000
    • Application firewall4: 2.0 Gbps
    • Intrusion prevention system (IPS)3: 800 Mbps
    • Antivirus: 300 Mbps (Sophos antivirus)
    • Connections per second: 27,000
    • Maximum concurrent sessions: 375,000
    • Maximum security policies: 8000
    • Maximum users supported: Unrestricted
    • Route table size (RIB/FIB) (IPv4 or IPv6): 1.5 million/750,000
    • NAT rules: 6144
    • MAC table size: 15,000
    • Number of remote access/SSL VPN (concurrent) users: 500
    • GRE tunnels: 1500
    • Maximum number of security zones: 96
    • Maximum number of virtual routers: 128
    • Maximum number of VLANs: 3967
    • AppID sessions: 65,000
    • IPS sessions: 64,000
    • URL filtering (URLF) sessions: 64,000
     
    2Throughput numbers based on UDP packets and RFC2544 test methodology 3Throughput numbers based on HTTP traffic with 44 KB transaction size  

    Juniper Networks Services and Support

    Juniper Networks is the leader in performance-enabling services that are designed to accelerate, extend, and optimize your high-performance network. Our services allow you to maximize operational efficiency while reducing costs and minimizing risk, achieving a faster time to value for your network. Juniper Networks ensures operational excellence by optimizing the network to maintain required levels of performance, reliability, and availability. For more details, please visit https://www.juniper.net/us/en/products.html.  

    Ordering Information

    To order Juniper Networks SRX Series Firewalls, and to access software licensing information, please visit the How to Buy page at https://www.juniper.net/us/en/how-to-buy/form.html.
    Product Number Description
    SRX550M Base System
    SRX550-645AP-M SRX550M Firewall with 4 GB DRAM and 8 GB CF, 2 U height, 6 GPIM slots, 2 Mini-PIM slots, 6 10/100/1000BASE-T ports, 4GbE SFP ports, dual PS slots, and fans; ships with one 645 W AC power supply with 247 W PoE power (power cord and rack-mount kit included)
    SRX550-645DP-M SRX550M Firewall with 4 GB DRAM and 8 GB CF, 2 U height, 6 GPIM slots, 2 Mini-PIM slots, 6 10/100/1000BASE-T ports, 4GbE SFP ports, dual PS slots, and fans; ships with one 645 W DC power supply with 247 W PoE power (no power cord or rack-mount kit included)
    SRX550M Power Supplies and Accessories
    SRX600-PWR-645AC-POE Spare 645 W AC PoE power supply unit for SRX550M systems; one is included in SRX550M base system (SRX550M-645AC)
    SRX600-PWR-645DC-POE 645 W DC source power supply for SRX550M provides 397 W system power @ 12 V and 248 W PoE power @ 50 VDC; works with 43-56 VDC input; no power cord
    SRX550-CHAS-M SRX550M Firewall, 2 U height, 6 GPIM slots, 2 Mini-PIM slots, 6 10/100/1000BASE-T ports, 4 GbE SFP ports, dual PS slots, and fans (power supply not included)
    SRX550M Software Licenses
    SRX550-IDP One-year subscription for intrusion detection and prevention (IDP) updates on SRX550M
    SRX550-S2-AS One-year subscription for Juniper-Sophos antispam updates on SRX550M
    SRX550-W-EWF One-year subscription for Juniper Web filtering updates on SRX550M
    SRX550-S-SMB4-CS One-year security subscription for enterprise; includes Sophos antivirus, enhanced Web filtering, Sophos antispam, AppSecure, and IDP on SRX550M
    SRX550-ATP-1 One-year subscription for Advanced Threat Prevention Cloud for SRX550M
    SRX550-S-AV-3 Three-year subscription for Juniper-Sophos antivirus updates on SRX550M
    SRX550-IDP-3 Three-year subscription for IDP updates on SRX550M
    SRX550-S2-AS-3 Three-year subscription for Juniper-Sophos antispam updates on SRX550M
    SRX550-W-EWF-3 Three-year subscription for Juniper Web filtering updates on SRX550M
    SRX550-S-SMB4-CS-3 Three-year subscription for enterprise-includes Sophos antivirus, enhanced Web filtering, Sophos antispam, AppSecure, and IDP on SRX550M
    SRX550-ATP-3 Three-year subscription for Advanced Threat Prevention Cloud for SRX550M
    SRX550-IDP-5 Five-year license for IDP updates on SRX550M
    SRX550-W-EWF-5 Five-year subscription for Juniper Web filtering updates on SRX550M
    SRX550-S-SMB4-CS-5 Five year security subscription for enterprise; includes Sophos antivirus, enhanced Web filtering, Sophos antispam, AppSecure, and IDP on SRX550M
    SRX550-APPSEC-A-1 One-year subscription for Application Security and IPS updates for SRX550M
    SRX550-APPSEC-A-3 Three-year subscription for Application Security and IPS updates for SRX550M
    SRX550-APPSEC-A-5 Five-year subscription for Application Security and IPS updates for SRX550M
    SRX550-ATP-5 Five-year subscription for Advanced Threat Prevention Cloud for SRX550
    Remote Access/Juniper Secure Connect VPN Licenses
    S-RA3-5CCU-S-1 SW, Remote Access VPN - Juniper, 5 Concurrent Users, Standard, with SW support, 1 Year
    S-RA3-25CCU-S-1 SW, Remote Access VPN - Juniper, 25 Concurrent Users, Standard, with SW support, 1 Year
    S-RA3-50CCU-S-1 SW, Remote Access VPN - Juniper, 50 Concurrent Users, Standard, with SW support, 1 Year
    S-RA3-100CCU-S-1 SW, Remote Access VPN - Juniper, 100 Concurrent Users, Standard, with SW support, 1 Year
    S-RA3-250CCU-S-1 SW, Remote Access VPN - Juniper, 250 Concurrent Users, Standard, with SW support, 1 Year
    S-RA3-500CCU-S-1 SW, Remote Access VPN - Juniper, 5 Concurrent Users, Standard, with SW support, 3 Year
    S-RA3-5CCU-S-3 SW, Remote Access VPN - Juniper, 5 Concurrent Users, Standard, with SW support, 3 Year
    S-RA3-25CCU-S-3 SW, Remote Access VPN - Juniper, 25 Concurrent Users, Standard, with SW support, 3 Year
    S-RA3-50CCU-S-3 SW, Remote Access VPN - Juniper, 50 Concurrent Users, Standard, with SW support, 3 Year
     S-RA3-100CCU-S-3 SW, Remote Access VPN - Juniper, 100 Concurrent Users, Standard, with SW support, 3 Year
     S-RA3-250CCU-S-3 SW, Remote Access VPN - Juniper, 250 Concurrent Users, Standard, with SW support, 3 Year
     S-RA3-500CCU-S-3 SW, Remote Access VPN - Juniper, 500 Concurrent Users, Standard, with SW support, 3 Year
    Interface Modules
    SRX-GP-16GE-POE 16-port 10/100/1000BASE-T PoE XPIM
    SRX-GP-8SFP 8-port GbE copper, fiber SFP XPIM
    SRX-GP-DUAL-T1-E1 Dual T1/E1 GPIM
    SRX-GP-QUAD-T1-E1 Quad T1/E1 GPIM
    SRX-GP-1DS3-E3 1-port clear channel DS3/E3 GPIM single GPIM slot
    SRX-MP-1T1E1-R 1 port T1E1, MPIM form factor supported on SRX320, SRX340, SRX345, SRX380, and SRX550M Firewalls; ROHS compliant
    SRX-MP-1VDSL2-R 1 port VDSL2 (backward compatible with ADSL/ADSL2+), MPIM form factor supported on SRX320, SRX340, SRX345, SRX380, and SRX550M Firewalls; ROHS compliant
    SRX-MP-1SERIAL-R 1 port Synchronous Serial, MPIM form factor supported on SRX320, SRX340, SRX345, SRX380, and SRX550M Firewalls; ROHS compliant
    SRX-MP-LTE-AA 4G/LTE MPIM support for 1, 3, 5, 7-8, 18-19, 21, 28, 38-41 LTE bands (for Asia and Australia); supported on SRX320, SRX340, SRX345, SRX380, and SRX550M Firewalls
    SRX-MP-LTE-AE 4G/LTE MPIM support for 1-5, 7-8, 12-13, 30, 25-26, 29-30, 41 LTE bands (for Americas and EMEA); supported on SRX320, SRX340, SRX345, SRX380, and SRX550M Firewalls
    SRX-MP-WLAN-US Wireless access point (Wi-Fi) MPIM for SRX320, SRX340, SRX345, SRX380, and SRX550M Firewalls; supported for U.S. regulatory bands only
    SRX-MP-WLAN-WW Wireless access point (Wi-Fi) MPIM for SRX320, SRX340, SRX345, SRX380, and SRX550M Firewalls; supported for worldwide regulatory bands (excluding U.S. and Israel)
    SRX-MP-WLAN-IL Wireless access point (Wi-Fi) MPIM for SRX320, SRX340, SRX345, SRX380, and SRX550M Firewalls; supported for Israel regulatory bands only
    SRX-MP-ANT-EXT Antenna extension cable for WLAN MPIM on SRX Series platforms
    Add to cart Details

  • Juniper SRX5600 Firewall

    ASK FOR PRICE

    Product Overview

    The SRX Series are next-generation firewalls based on a revolutionary architecture offering outstanding performance, scalability, availability, and security services integration. Custom designed for flexible processing scalability, I/O scalability, and services integration, the SRX Series Firewalls exceed the security requirements of data center consolidation and services aggregation. The award-winning SRX Series is powered by Junos OS, the same industry-leading operating system that keeps the world’s largest data center networks available, manageable, and secure.
    srx5400 front with top

    Product Description

    The Juniper Networks® SRX5400SRX5600, and SRX5800 are next-generation firewalls (NGFWs) that deliver outstanding protection, market-leading performance, six nines reliability and availability, scalability, and services integration. These devices are ideally suited for service provider, large enterprise, and public sector networks, including:
    • Cloud and hosting provider data centers
    • Mobile operator environments
    • Managed service providers
    • Core service provider infrastructures
    • Large enterprise data centers
    The SRX5400, SRX5600, and SRX5800 are an integral part of the Juniper Connected Security framework, which is built to protect users, applications, and infrastructure from advanced threats. Delivering the highest level of protection against exploits, malware, and command and control (C&C) communications, these platforms feature a carrier-grade next-generation firewall and advanced security services such as application security, Content Security, intrusion prevention system (IPS), and integrated threat intelligence services. For advanced protection, the SRX Series offers integrated threat intelligence services via Juniper Networks Advanced Threat Prevention (ATP), Juniper’s open threat intelligence platform in the cloud. Juniper ATP Cloud delivers actionable security intelligence to SRX Series devices to enable advanced protection against C&C-related botnets and Web application threats, as well as allowing policy enforcement based on GeoIP data—all based on Juniper-provided feeds. Customers may also leverage their own custom and third-party feeds for protection from advanced malware and other threats unique to their business environment. This advanced, customer-relevant, and consolidated threat intelligence service is delivered to the SRX Series on-premises from the cloud. The SRX5400, SRX5600, and SRX5800 are supported by Juniper Networks Security Director, which enables distributed security policy management through an intuitive, centralized interface that enables enforcement across emerging and traditional risk vectors. Using intuitive dashboards and reporting features, administrators gain insight into threats, compromised devices, risky applications, and more.
    Based on Juniper’s Dynamic Services Architecture, the SRX5000 line provides unrivaled scalability and performance. Each firewall can support near near linear scalability with the addition of Services Processing Cards (SPCs) and I/O cards (IOCs), enabling a fully equipped SRX5800 to support up to 3.36 Tbps firewall throughput. The SPCs are designed to support a wide range of services, enabling future support of new capabilities without the need for service-specific hardware. Using SPCs on all services ensures that there are no idle resources based on specific services being used—maximizing hardware utilization. The scalability and flexibility of the SRX5000 line is supported by equally robust interfaces. The SRX5000 line employs a modular approach, where each platform can be equipped with a flexible number of IOCs that offer a wide range of connectivity options, including 1GbE, 10GbE, 40GbE, and 100GbE interfaces. With the IOCs sharing the same interface slot as the SPCs, the firewall can be configured as needed to support the ideal balance of processing and I/O. Hence, each deployment of the SRX Series can be tailored to specific network requirements. The scalability of both SPCs and IOCs in the SRX5000 line is enabled by the custom-designed switch fabric. Supporting up to 960 Gbps of data transfer, the fabric enables the realization of maximum processing and I/O capability available in any particular configuration. This level of scalability and flexibility enables future expansion and growth of the network infrastructure, providing unrivaled investment protection. The tight service integration on the SRX Series is enabled by Juniper Networks Junos® operating system. The SRX Series is equipped with a robust set of services that include stateful firewall, intrusion prevention system (IPS), denial of service (DoS), application security, VPN (IPsec), Network Address Translation (NAT), Content Security, quality of service (QoS), and large-scale multitenancy. In addition to the benefit of individual services, the SRX5000 line provides a low latency solution. Junos OS also delivers carrier-class reliability with six nines system availability, the first in the industry to achieve independent verification by Telcordia. Furthermore, the SRX Series enjoys the benefit of a single source OS, and single integrated architecture traditionally available on Juniper’s carrier-class routers and switches.

    SRX5800

    The SRX5800 Firewall is the market-leading security solution supporting up to 3.36 Tbps firewall throughput and latency as low as 32 microseconds for the stateful firewall. The SRX5800 also supports 638 Gbps IPS and 338 million concurrent sessions. The SRX5800 is equipped with the full range of advanced security services and is ideally suited for securing large enterprise, hosted, or colocated data centers, service provider core and cloud provider infrastructures, and mobile operator environments. The massive performance, scalability, and flexibility of the SRX5800 make it ideal for densely consolidated processing environments, and the service density makes it ideal for cloud and managed service providers.

    SRX5600

    The SRX5600 Firewall uses the same SPCs and IOCs as the SRX5800 and can support up to 1.44 Tbps firewall throughput, 182 million concurrent sessions, and 245 Gbps IPS. The SRX5600 is ideally suited for securing enterprise data centers as well as aggregating various security solutions. The capability to support unique security policies per zone and its ability to scale with the growth of the network infrastructure make the SRX5600 an ideal deployment for consolidation of services in large enterprise, service provider, or mobile operator environments.

    SRX5400

    The SRX5600 Firewall uses the same SPCs and IOCs as the SRX5800 and can support up to 960 Gbps firewall throughput, 90 million concurrent sessions, and 172 Gbps IPS. The SRX5400 is a small footprint, high-performance firewall ideally suited for securing large enterprise campuses as well as data centers, either for edge or core security deployments. The ability to support unique security policies per zone and a compelling price/performance/footprint ratio make the SRX5400 an optimal solution for edge or data center services in large enterprise, service provider, or mobile operator environments.

    Service Processing Cards (SPCs)

    As the “brains” behind the SRX5000 line, SPCs are designed to process all available services on the platform. Without the need for dedicated hardware for specific services or capabilities, there are no instances in which a piece of hardware is taxed to the limit while other hardware is sitting idle. SPCs are designed to be pooled together, allowing the SRX5000 line to expand performance and capacities with the introduction of additional SPCs, significantly reducing management overhead and complexity. The high-performance SPC3 cards are supported on the SRX5400, SRX5600, and SRX5800 Firewalls.

    I/O Cards (IOCs)

    To provide the most flexible solution, the SRX5000 line employs the same modular architecture for SPCs and IOCs. The SRX5000 line can be equipped with one or several IOCs, supporting the ideal mix of interfaces. With the flexibility to install an IOC or an SPC on any available slot, the SRX5000 line can be equipped to support the perfect blend of interfaces and processing capabilities, meeting the needs of the most demanding environments while ensuring investment protection. The third generation of IOCs from Juniper, the IOC3, delivers high throughput along with superior connectivity options including 100GbE, 40GbE, and high-density 10GbE interfaces. The IOC3 cards are supported on the SRX5400, SRX5600, and SRX5800. The fourth generation of IOCs delivers the highest throughput of all available linecards of up to 480 Gbps and offers multiple connectivity options from 10GbE and 40GbE to 100GbE. IOC4 can deliver up to 480 Gbps of hardware-accelerated throughput per linecard.

    Routing Engine (RE3) and Enhanced System Control Board (SCB4)

    The SRX5K-RE3-128G Routing Engine (RE3) is the latest in the family of REs for the SRX5000 line with a multicore processor running at 2000 MHz. It delivers improved performance, scalability, and reliability with 128 GB DRAM and includes a TPM module. The SRX5K-SCB4 enables 480 Gbps throughput per SCB and can be configured with intra- and interchassis redundancy.

    Features and Benefits

    Networking and Security

    The Juniper Networks SRX5000 line of Firewalls has been designed from the ground up to offer robust networking and security services.
    Feature Feature Description Benefits
    Purpose-built platform Built from the ground up on dedicated hardware designed for networking and security services. Delivers unrivaled performance and flexibility to protect high-speed network environments.
    Scalable performance Offers scalable processing based on Juniper’s Dynamic Services Architecture. Offers a simple and cost-effective solution to leverage new services with appropriate processing.
    System and network resiliency Provides carrier-class hardware design and proven OS. Offers the reliability needed for any critical high-speed network deployments without service interruption. Utilizes a unique architectural design based on multiple processing cores and a separation of the data and control planes.
    High availability (HA) Active/passive and active/active HA configurations use dedicated HA interfaces. Achieves availability and resiliency necessary for critical networks.
    Interface flexibility Offers flexible I/O options with modular cards based on the Dynamic Services Architecture. Offers flexible I/O configuration and independent I/O scalability (options include 1GbE, 10GbE, 40GbE, and 100GbE) to meet the port density requirements of demanding network environments.
    Network segmentation Security zones, virtual LANs (VLANs), and virtual routers allow administrators to deploy security policies to isolate subnetworks and use overlapping IP address ranges. Features the capability to tailor unique security and networking policies for various internal, external, and demilitarized zone (DMZ) subgroups.
    Robust Routing Engine Dedicated RE provides physical and logical separation to data and control planes. Enables deployment of consolidated routing and security devices, as well as ensuring the security of routing infrastructure—all via a dedicated management environment.
    Advanced threat protection IPS, antivirus, antispam, enhanced web filtering, Juniper Advanced Threat Prevention Cloud, Encrypted Traffic Insights, Threat Intelligence Feeds, and Juniper ATP Appliance.
    • Provides real-time updates to IPS signatures and protects against exploits
    • Implements industry-leading antivirus and URL filtering
    • Delivers open threat intelligence platform that integrates with third-party feeds
    • Protects against zero-day attacks
    • Stops rogue and compromised devices to disseminate malware
    • Restores visibility that was lost due to encryption, without the heavy burden of full TLS/SSL decryption
    AppTrack Detailed analysis on application volume/usage throughout the network based on bytes, packets, and sessions. Provides the ability to track application usage to help identify high-risk applications and analyze traffic patterns for improved network management and control.
    AppFirewall Fine-grained application control policies to allow or deny traffic based on dynamic application name or group names. Enhances security policy creation and enforcement based on applications and user roles rather than traditional port and protocol analysis.
    AppQoS Leverage Juniper’s rich QoS capabilities to prioritize applications based on customers’ business and bandwidth needs. Provides the ability to prioritize traffic as well as limit and shape bandwidth based on application information and contexts for improved application and overall network performance.
    Application signatures Open signature library for identifying applications and nested applications with more than 3000 application signatures. Accurately identifies applications so that the resulting information can be used for visibility, enforcement, control, and protection.
    SSL proxy (forward and reverse) Performs SSL encryption and decryption between the client and the server. Combines with application identification to provide visibility and protection against threats embedded in SSL encrypted traffic.
    Stateful GTP and SCTP inspection Support for General Packet Radio Service Tunneling Protocol (GTP) and Stream Control Transmission Protocol (SCTP) firewall in mobile operator networks. Enables the SRX5000 line to provide stateful firewall capabilities for protecting key GPRS nodes within mobile operator networks.
    IOC3 The third-generation I/O card offers very high levels of firewall throughput and low latency. The card includes two board choices: six 40GbE interfaces and 24 10GbE interfaces, or two 100GbE interfaces and four 10GbE interfaces. The IOC3 pairs well with existing SPC2/SPC3 for maximum firewall performance in any of the SRX5000 line of Firewalls. Provides vastly superior, top-of-the-line connectivity efficiency and record-breaking high throughput I/O interfaces. Reduces the need for link aggregation to the firewall and enables very high firewall throughput of up to 2 Tbps with Express Path enabled.
    IOC4 The fourth-generation I/O card is being offered in two flavors. The first delivers 40x10GbE interfaces while the second, depending on the chosen optics, delivers 48x10GbE, 12x40GbE, or 4x100GbE interfaces. Provides the fastest throughput per slot and, in combination with Express Path, can deliver up to 480 Gbps of throughput per I/O card.
    SPC3 card Enables performance and scale with backwards compatibility to the SPC2 service cards. These cards support in-service software and in-service hardware upgrades. Delivers always-on security resiliency to meet your growing network performance needs.
    AutoVPN One-time hub configuration for site-to-site VPN for all spokes, even newly added ones. Configuration options include: routing, interfaces, Internet Key Exchange (IKE), and IPsec. Enables IT administrative time and cost savings with easy, zero-touch deployment for IPsec VPN networks.
    Remote access/SSL VPN Secure and flexible remote access SSL VPN with Juniper Secure Connect. Extends secure access to corporate resources from anywhere.
    Multitenancy Offers logical, large-scale segmentation and separation of security functions and features. Enables separate, logical instances to be deployed with dedicated security policies, zones, and other features and functions. Removes the need to deploy several physical or virtual firewalls.

    IPS Capabilities

    Juniper Networks IPS capabilities offer several unique features that assure the highest level of network security.
    Feature Feature Description Benefits
    Stateful signature inspection Signatures are applied only to relevant portions of the network traffic determined by the appropriate protocol context. This minimizes false positives and offers flexible signature development.
    Protocol decodes This feature enables highly accurate detection and helps reduce false positives. Accuracy of signatures is improved through precise contexts of protocols.
    Signatures There are more than 8500 signatures for identifying anomalies, attacks, spyware, and applications. Attacks are accurately identified and attempts to exploit a known vulnerability are detected.
    Traffic normalization Reassembly, normalization, and protocol decoding are provided. Overcome attempts to bypass other IPS detections by using obfuscation methods.
    Zero-day protection Protocol anomaly detection and same-day coverage for newly found vulnerabilities are provided. Your network is already protected against any new exploits.
    Recommended policy Group of attack signatures are identified by Juniper Networks Security Team as critical for the typical enterprise to protect against. Installation and maintenance are simplified while ensuring the highest network security.
    Active/active traffic monitoring IPS monitoring on active/active SRX5000 line chassis clusters is provided. Includes support for active/active IPS monitoring, including advanced features such as in-service software upgrade.
    Packet capture IPS policy supports packet capture logging per rule. Conduct further analysis of surrounding traffic and determine further steps to protect target.

    Content Security Capabilities

    The Content Security services offered on the SRX5000 line of Firewalls include industry-leading antivirus, antispam, content filtering, and additional content security services.
    Feature Feature Description Benefits
    Antivirus Antivirus includes reputation enhanced, cloud-based antivirus capabilities that detect and block spyware, adware, viruses, keyloggers, and other malware over POP3 HTTP, SMTP, IMAP, and FTP protocols. This service is provided in cooperation with Sophos Labs, a dedicated security company. Sophisticated protection from respected antivirus experts against malware attacks that can lead to data breaches and lost productivity.
    Antispam Multilayered spam protection, up-to-date phishing URL detection, standards-based S/MIME, Open PGP and TLS encryption, MIME type, and extension blockers are provided in cooperation with Sophos Labs, a dedicated security company. Protection against advanced persistent threats perpetrated through social networking attacks and the latest phishing scams with sophisticated e-mail filtering and content blockers.
    Enhanced Web filtering Enhanced Web filtering includes extensive category granulation (95+ categories) and a real-time threat score delivered with Forcepoint, an expert Web security provider. Protection against lost productivity and the impact of malicious URLs as well as helping to maintain network bandwidth for business essential traffic.
    Content filtering Effective content filtering is based on MIME type, file extension, and protocol commands. Protection against lost productivity and the impact of extraneous or malicious content on the network to help maintain bandwidth for business essential traffic.

    Advanced Threat Prevention

    Advanced threat prevention (ATP) solutions that defend against sophisticated malware, persistent threats, and ransomware are available for the SRX5000 line. Two versions are available: Juniper ATP Cloud, a SaaS-based service, and the Juniper ATP Appliance, an on-premises solution.
    Feature Feature Description Benefits
    Advanced malware detection and remediation Malware analysis and sandboxing are based on machine learning and behavioral analysis. Protects enterprise users from a spectrum of malicious attacks, including advanced malware that exploits “zero-day” vulnerabilities.
    Comprehensive threat feeds (C2, GeoIP, custom) Curated, actionable threat intelligence feeds are delivered in near real time to SRX Series devices. Proactively blocks malware communication channels and protects from botnets, phishing, and other attacks.
    Encrypted Traffic Insights SRX Series firewalls collect relevant TLS/SSL connection data, including certificates used, cipher suites negotiated, and connection behavior.  This information is processed by Juniper ATP Cloud, which uses network behavioral analysis and machine learning to determine whether the connection is benign or malicious.  Policies configured on SRX Series firewalls can be used to block encrypted traffic identified as malicious. Restores visibility that was lost due to encryption without the heavy burden of full TLS/SSL decryption.
    HTTP, HTTPs, e-mail Web- and e-mail-based threats are analyzed, including encrypted sessions. Protects users from all major threat vectors, including e-mail. Provides flexible message handling options for e-mail. The Juniper ATP Appliance includes support for cloud-based e-mail services such as Office 365 and Google Mail, and detects threats in SMB traffic.
    Integration with Security Director and JSA Juniper Networks Secure Analytics portfolio (JSA Series) security information and event management (SIEM) can consume and correlate threat events. Juniper ATP Cloud is also fully integrated with Security Director for provisioning and monitoring. The Juniper ATP Appliance includes a built-in management console and is not integrated with Security Director. Single pane-of-glass management with Security Director and JSA Series integration delivers a simplified policy application and monitoring experience.
    More information about Juniper Advanced Threat Prevention products can be found at https://www.juniper.net/us/en/products/security/advanced-threat-prevention.html.

    Centralized Management

    Juniper Networks® Security Director is the central manager for all SRX Series Firewalls. It provides security policy management for all physical, logical, and virtual firewalls through an innovative, intuitive, and centralized web-based interface that offers enforcement across emerging and traditional threat vectors. It provides detailed visibility into application performance, reduces risk while enabling users to diagnose, and it resolves problems quickly. More information about Juniper Networks Security Director can be found at https://www.juniper.net/us/en/products/security/security-director-network-security-management.html.
    SRX5400, SRX5600, SRX5800 image

    Specifications

    Note: Performance, capacity, and features are measured under ideal lab testing conditions. Actual results may vary based on Junos OS release and by deployment.
    SRX5400 SRX5600 SRX5800
    Maximum Performance and Capacity1
    Junos OS version tested Junos OS 21.2 Junos OS 21.2 Junos OS 21.2
    Firewall Performance, IMIX 960 Gbps 1.44 Tbps 3.36 Tbps
    Maximum performance per chassis 960 Gbps 1440 Tbps 3.36 Tbps
    Next-Generation Datacenter Firewall Performance2 136 Gbps 194 Gbps 504 Gbps
    Secure Web Access Firewall Performance3 75 Gbps 107 Gbps 277 Gbps
    Latency (stateful firewall) ~11µsec ~11µsec ~11µsec
    IPsec VPN AES-256-GCM (IMIX) 188 Gbps 269 Gbps 699 Gbps
    Maximum IPS performance 172 Gbps 245 Gbps 638 Gbps
    Maximum concurrent sessions 91 Million 182 Million 338 Million
    New sessions/second (sustained, tcp, 3way, firewall NAT) 1.7/1 million 3.4/2 Million 6.3/4 Million
    Maximum users supported Unrestricted Unrestricted Unrestricted
    Network Connectivity
    IOC4 options (SRX5K-IOC4-MRAT; SRX5K-IOC4-10G) 40x10GbE SFP+ or 12xQSFP+/QSFP28 multirate
    IOC3 options (SRX5K-MPC3-100G10G; SRX5K-MPC3-40G10G) 2x100GbE CFP2 and 4x10GbE SFP+ or 6x40GbE QSFP+ and 24x10GbE SFP+
    Firewall
    Network attack detection Yes Yes Yes
    DoS and distributed denial of service (DDoS) protection Yes Yes Yes
    TCP reassembly for fragmented packet protection Yes Yes Yes
    Brute force attack mitigation Yes Yes Yes
    SYN cookie protection Yes Yes Yes
    Zone-based IP spoofing Yes Yes Yes
    Malformed packet protection Yes Yes Yes
    IPsec VPN
    Site-to-site tunnels 15,000 15,000 15,000
    Tunnel interfaces 15,000 15,000 15,000
    Number of remote access / SSL VPN (concurrent) users 25,000 40,000 50,000
    Tunnels Site-to-Site, Hub and Spoke, Dynamic Endpoint, AutoVPN, ADVPN, Group VPN (IPv4 / IPv6 / Dual Stack)
     Internet Key Exchange IKEv1, IKEv2
    Configuration Payload Yes Yes Yes
    IKE Authentication Algorithms MD5, SHA1, SHA-256, SHA-384, SHA-512
    IKE Encryption Algorithms Prime, DES-CBC, 3DES-CBC, AEC-CBC, AES-GCM, SuiteB
    Authentication Pre-shared key and public key infrastructure (PKI X.509)
    IPsec (Internet Protocol Security) Authentication Header (AH) / Encapsulating Security Payload (ESP) protocol
    Perfect forward secrecy Yes
    IPsec Authentication Algorithms hmac-md5, hmac-sha-196, hmac-sha-256, hmac-sha-384, hmac-sha-512
    IPsec Encryption Algorithms Prime, DES-CBC, 3DES-CBC, AEC-CBC, AES-GCM, SuiteB
    Monitoring Standard-based Dead peer detection (DPD), VPN monitoring
    Prevent replay attack Yes Yes Yes
    VPNs (GRE, IP-in-IP, MPLS) Yes Yes Yes
    Redundant VPN gateways Yes Yes Yes
    Intrusion Prevention System (IPS)
    Signature-based and customizable (via templates) Yes Yes Yes
    Active/active traffic monitoring Yes Yes Yes
    Stateful protocol signatures Yes Yes Yes
    Attack detection mechanisms Stateful signatures, protocol anomaly detection (zero-day coverage), application identification Stateful signatures, protocol anomaly detection (zero-day coverage), application identification Stateful signatures, protocol anomaly detection (zero-day coverage), application identification
    Attack response mechanisms Drop connection, close connection, session packet log, session summary, e-mail Drop connection, close connection, session packet log, session summary, e-mail Drop connection, close connection, session packet log, session summary, e-mail
    Attack notification mechanisms Structured system logging Structured system logging Structured system logging
    Worm protection Yes Yes Yes
    Simplified installation through recommended policies Yes Yes Yes
    Trojan protection Yes Yes Yes
    Spyware/adware/keylogger protection Yes Yes Yes
    Advanced malware protection Yes Yes Yes
    Protection against attack proliferation from infected systems Yes Yes Yes
    Reconnaissance protection Yes Yes Yes
    Request and response side attack protection Yes Yes Yes
    Compound attacks—combines stateful signatures and protocol anomalies Yes Yes Yes
    Custom attack signatures creation Yes Yes Yes
    Contexts accessible for customization 600+ 600+ 600+
    Attack editing (port range, other) Yes Yes Yes
    Stream signatures Yes Yes Yes
    Protocol thresholds Yes Yes Yes
    Stateful protocol signatures Yes Yes Yes
    Frequency of updates Daily and emergency Daily and emergency Daily and emergency
    Content Security
    Antivirus Yes Yes Yes
    Content filtering Yes Yes Yes
    Enhanced Web filtering Yes Yes Yes
    Redirect Web filtering Yes Yes Yes
    Antispam Yes Yes Yes
    AppSecure
    AppTrack (application visibility and tracking) Yes Yes Yes
    AppFirewall (policy enforcement by application name) Yes Yes Yes
    AppQoS (network traffic prioritization by application name) Yes Yes Yes
    User-based application policy enforcement Yes Yes Yes
    GPRS Security
    GPRS stateful firewall Yes Yes Yes
    Destination Network Address Translation
    Destination NAT with Port Address Translation (PAT) Yes Yes Yes
    Destination NAT within same subnet as ingress interface IP Yes Yes Yes
    Destination addresses and port numbers to one single address and a specific port number (M:1P) Yes Yes Yes
    Destination addresses to one single address (M:1) Yes Yes Yes
    Destination addresses to another range of addresses (M:M) Yes Yes Yes
    Source Network Address Translation
    Static Source NAT—IP-shifting Dynamic Internet Protocol (DIP) Yes Yes Yes
    Source NAT with PAT—port translated Yes Yes Yes
    Source NAT without PAT—fix port Yes Yes Yes
    Source NAT—IP address persistency Yes Yes Yes
    Source pool grouping Yes Yes Yes
    Source pool utilization alarm Yes Yes Yes
    Source IP outside of the interface subnet Yes Yes Yes
    Interface source NAT—interface DIP Yes Yes Yes
    Oversubscribed NAT pool with fallback to PAT when the address pool is exhausted Yes Yes Yes
    Symmetric NAT Yes Yes Yes
    Allocate multiple ranges in NAT pool Yes Yes Yes
    Proxy Address Resolution Protocol (ARP) for physical port Yes Yes Yes
    Source NAT with loopback grouping—DIP with loopback grouping Yes Yes Yes
    User Authentication and Access Control
    Built-in (internal) database Yes Yes Yes
    RADIUS accounting Yes Yes Yes
    Web-based authentication Yes Yes Yes
    Public Key Infrastructure (PKI) Support
    PKI certificate requests (PKCS 7, PKCS 10, and CMPv2) Yes Yes Yes
    Automated certificate enrollment (SCEP) Yes Yes Yes
    Certificate authorities supported Yes Yes Yes
    Self-signed certificates Yes Yes Yes
    Virtualization
    Maximum custom routing instances with data plane separation 2000 2000 2000
    Maximum security zones 2000 2000 2000
    Maximum virtual firewalls with data plane and administrative separation (logical/tenant systems) 500 500 500
    Additional off-platform virtual firewall option with Juniper Networks vSRX Virtual Firewall (VM based) Unlimited Unlimited Unlimited
    Maximum number of VLANs 4096 4096 4096
    Routing
    BGP instances 1000 1000 1000
    BGP peers 2000 2000 2000
    BGP routes 1 Million 1 Million 1 Million
    OSPF instances 400 400 400
    OSPF routes 1 Million 1 Million 1 Million
    RIP v1/v2 instances 50 50 50
    RIP v2 table size 30,000 30,000 30,000
    Dynamic routing Yes Yes Yes
    Static routes Yes Yes Yes
    Source-based routing Yes Yes Yes
    Policy-based routing Yes Yes Yes
    Equal cost multipath (ECMP) Yes Yes Yes
    Reverse path forwarding (RPF) Yes Yes Yes
    Multicast Yes Yes Yes
    IPv6
    Firewall/stateless filters Yes Yes Yes
    Dual-stack IPv4/IPv6 firewall Yes Yes Yes
    RIPng Yes Yes Yes
    BFD, BGP Yes Yes Yes
    ICMPv6 Yes Yes Yes
    OSPFv3 Yes Yes Yes
    Class of service (CoS) Yes Yes Yes
    Mode of Operation
    Layer 2 (transparent) mode Yes Yes Yes
    Layer 3 (route and/or NAT) mode Yes Yes Yes
    IP Address Assignment
    Static Yes Yes Yes
    Dynamic Host Configuration Protocol (DHCP) Yes Yes Yes
    Internal DHCP server Yes Yes Yes
    DHCP relay Yes Yes Yes
    Traffic Management Quality of Service (QoS)
    Maximum bandwidth Yes Yes Yes
    RFC2474 IP Diffserv in IPv4 Yes Yes Yes
    Firewall filters for CoS Yes Yes Yes
    Classification Yes Yes Yes
    Scheduling Yes Yes Yes
    Shaping Yes Yes Yes
    Intelligent Drop Mechanisms (WRED) Yes Yes Yes
    Three-level scheduling Yes Yes Yes
    Weighted round robin for each level of scheduling Yes Yes Yes
    Priority of routing protocols Yes Yes Yes
    Traffic management/policing in hardware Yes Yes Yes
    High Availability (HA)
    Active/passive, active/active Yes Yes Yes
    Unified in-service software upgrade (unified ISSU) Yes Yes Yes
    Configuration synchronization Yes Yes Yes
    Session synchronization for firewall and IPsec VPN Yes Yes Yes
    Session failover for routing change Yes Yes Yes
    Device failure detection Yes Yes Yes
    Link and upstream failure detection Yes Yes Yes
    Dual control links Yes Yes Yes
    Interface link aggregation/Link Aggregation Control Protocol (LACP) Yes Yes Yes
    Redundant fabric links Yes Yes Yes
    Management
    WebUI (HTTP and HTTPS) Yes Yes Yes
    Command line interface (console, telnet, SSH) Yes Yes Yes
    Junos Space Security Director Yes Yes Yes
    Administration
    Local administrator database support Yes Yes Yes
    External administrator database support Yes Yes Yes
    Restricted administrative networks Yes Yes Yes
    Root admin, admin, and read-only user levels Yes Yes Yes
    Software upgrades Yes Yes Yes
    Configuration rollback Yes Yes Yes
    Logging/Monitoring
    Structured syslog Yes Yes Yes
    SNMP (v2 and v3) Yes Yes Yes
    Traceroute Yes Yes Yes
    Certifications
    Safety certifications Yes Yes Yes
    Electromagnetic Compatibility (EMC) certifications Yes Yes Yes
    RoHS2 Compliant (European Directive 2011/65/EU) Yes Yes Yes
    NIST FIPS-140-2 Level 2 Yes Yes Yes
    Common Criteria NDPP+TFFW EP + VPN EP Yes Yes Yes
    USGv6 Yes Yes Yes
    Dimensions and Power
    Dimensions (W x H x D) 17.45 x 8.7 x 24.5 in (44.3 x 22.1 x 62.2 cm) 17.5 x 14 x 23.8 in (44.5 x 35.6 x 60.5 cm) 17.5 x 27.8 x 23.5 in (44.5 x 70.5 x 59.7 cm)
    Weight Fully configured 128 lb (58.1 kg) Fully Configured: 180 lb (81.7 kg) Fully Configured: 334 lb (151.6 kg)
    Power supply (AC) 100 to 240 VAC 100 to 240 VAC 200 to 240 VAC
    Power supply (DC) -40 to -60 VDC -40 to -60 VDC -40 to -60 VDC
    Maximum power 4,100 watts (AC high capacity) 4,100 watts (AC high capacity) 8,200 watts (AC high capacity)
    Typical Power 1540 watts 2440 watts 5015 watts
    Environmental
    Operating temperature – long term 41° to 104° F (5° to 40° C) 41° to 104° F (5° to 40° C) 41° to 104° F (5° to 40° C
    Humidity – long term 5% to 85% noncondensing 5% to 85% noncondensing 5% to 85% noncondensing
    Humidity – short term 5% to 93% noncondensing but not to exceed 0.026 kg water/kg of dry air 5% to 93% noncondensing but not to exceed 0.026 kg water/kg of dry air 5% to 93% noncondensing but not to exceed 0.026 kg water/kg of dry air
    1 Performance, capacity and features listed are measured under ideal testing conditions. Actual results may vary based on Junos OS releases and by deployments.
    2Next-Generation Datacenter firewall performance is measured with Firewall, Application Security and IPS enabled using 64KB transactions.
    3Secure Web Access firewall performance is measured with Firewall, Application Security, IPS, SecIntel, and URL Filtering enabled using 64KB transactions.
    Add to cart Details

  • Juniper SRX5800 Firewall

    ASK FOR PRICE

    Product Overview

    The SRX Series are next-generation firewalls based on a revolutionary architecture offering outstanding performance, scalability, availability, and security services integration. Custom designed for flexible processing scalability, I/O scalability, and services integration, the SRX Series Firewalls exceed the security requirements of data center consolidation and services aggregation. The award-winning SRX Series is powered by Junos OS, the same industry-leading operating system that keeps the world’s largest data center networks available, manageable, and secure.
    srx5400 front with top

    Product Description

    The Juniper Networks® SRX5400SRX5600, and SRX5800 are next-generation firewalls (NGFWs) that deliver outstanding protection, market-leading performance, six nines reliability and availability, scalability, and services integration. These devices are ideally suited for service provider, large enterprise, and public sector networks, including:
    • Cloud and hosting provider data centers
    • Mobile operator environments
    • Managed service providers
    • Core service provider infrastructures
    • Large enterprise data centers
    The SRX5400, SRX5600, and SRX5800 are an integral part of the Juniper Connected Security framework, which is built to protect users, applications, and infrastructure from advanced threats. Delivering the highest level of protection against exploits, malware, and command and control (C&C) communications, these platforms feature a carrier-grade next-generation firewall and advanced security services such as application security, Content Security, intrusion prevention system (IPS), and integrated threat intelligence services. For advanced protection, the SRX Series offers integrated threat intelligence services via Juniper Networks Advanced Threat Prevention (ATP), Juniper’s open threat intelligence platform in the cloud. Juniper ATP Cloud delivers actionable security intelligence to SRX Series devices to enable advanced protection against C&C-related botnets and Web application threats, as well as allowing policy enforcement based on GeoIP data—all based on Juniper-provided feeds. Customers may also leverage their own custom and third-party feeds for protection from advanced malware and other threats unique to their business environment. This advanced, customer-relevant, and consolidated threat intelligence service is delivered to the SRX Series on-premises from the cloud. The SRX5400, SRX5600, and SRX5800 are supported by Juniper Networks Security Director, which enables distributed security policy management through an intuitive, centralized interface that enables enforcement across emerging and traditional risk vectors. Using intuitive dashboards and reporting features, administrators gain insight into threats, compromised devices, risky applications, and more.
    Based on Juniper’s Dynamic Services Architecture, the SRX5000 line provides unrivaled scalability and performance. Each firewall can support near near linear scalability with the addition of Services Processing Cards (SPCs) and I/O cards (IOCs), enabling a fully equipped SRX5800 to support up to 3.36 Tbps firewall throughput. The SPCs are designed to support a wide range of services, enabling future support of new capabilities without the need for service-specific hardware. Using SPCs on all services ensures that there are no idle resources based on specific services being used—maximizing hardware utilization. The scalability and flexibility of the SRX5000 line is supported by equally robust interfaces. The SRX5000 line employs a modular approach, where each platform can be equipped with a flexible number of IOCs that offer a wide range of connectivity options, including 1GbE, 10GbE, 40GbE, and 100GbE interfaces. With the IOCs sharing the same interface slot as the SPCs, the firewall can be configured as needed to support the ideal balance of processing and I/O. Hence, each deployment of the SRX Series can be tailored to specific network requirements. The scalability of both SPCs and IOCs in the SRX5000 line is enabled by the custom-designed switch fabric. Supporting up to 960 Gbps of data transfer, the fabric enables the realization of maximum processing and I/O capability available in any particular configuration. This level of scalability and flexibility enables future expansion and growth of the network infrastructure, providing unrivaled investment protection. The tight service integration on the SRX Series is enabled by Juniper Networks Junos® operating system. The SRX Series is equipped with a robust set of services that include stateful firewall, intrusion prevention system (IPS), denial of service (DoS), application security, VPN (IPsec), Network Address Translation (NAT), Content Security, quality of service (QoS), and large-scale multitenancy. In addition to the benefit of individual services, the SRX5000 line provides a low latency solution. Junos OS also delivers carrier-class reliability with six nines system availability, the first in the industry to achieve independent verification by Telcordia. Furthermore, the SRX Series enjoys the benefit of a single source OS, and single integrated architecture traditionally available on Juniper’s carrier-class routers and switches.

    SRX5800

    The SRX5800 Firewall is the market-leading security solution supporting up to 3.36 Tbps firewall throughput and latency as low as 32 microseconds for the stateful firewall. The SRX5800 also supports 638 Gbps IPS and 338 million concurrent sessions. The SRX5800 is equipped with the full range of advanced security services and is ideally suited for securing large enterprise, hosted, or colocated data centers, service provider core and cloud provider infrastructures, and mobile operator environments. The massive performance, scalability, and flexibility of the SRX5800 make it ideal for densely consolidated processing environments, and the service density makes it ideal for cloud and managed service providers.

    SRX5600

    The SRX5600 Firewall uses the same SPCs and IOCs as the SRX5800 and can support up to 1.44 Tbps firewall throughput, 182 million concurrent sessions, and 245 Gbps IPS. The SRX5600 is ideally suited for securing enterprise data centers as well as aggregating various security solutions. The capability to support unique security policies per zone and its ability to scale with the growth of the network infrastructure make the SRX5600 an ideal deployment for consolidation of services in large enterprise, service provider, or mobile operator environments.

    SRX5400

    The SRX5600 Firewall uses the same SPCs and IOCs as the SRX5800 and can support up to 960 Gbps firewall throughput, 90 million concurrent sessions, and 172 Gbps IPS. The SRX5400 is a small footprint, high-performance firewall ideally suited for securing large enterprise campuses as well as data centers, either for edge or core security deployments. The ability to support unique security policies per zone and a compelling price/performance/footprint ratio make the SRX5400 an optimal solution for edge or data center services in large enterprise, service provider, or mobile operator environments.

    Service Processing Cards (SPCs)

    As the “brains” behind the SRX5000 line, SPCs are designed to process all available services on the platform. Without the need for dedicated hardware for specific services or capabilities, there are no instances in which a piece of hardware is taxed to the limit while other hardware is sitting idle. SPCs are designed to be pooled together, allowing the SRX5000 line to expand performance and capacities with the introduction of additional SPCs, significantly reducing management overhead and complexity. The high-performance SPC3 cards are supported on the SRX5400, SRX5600, and SRX5800 Firewalls.

    I/O Cards (IOCs)

    To provide the most flexible solution, the SRX5000 line employs the same modular architecture for SPCs and IOCs. The SRX5000 line can be equipped with one or several IOCs, supporting the ideal mix of interfaces. With the flexibility to install an IOC or an SPC on any available slot, the SRX5000 line can be equipped to support the perfect blend of interfaces and processing capabilities, meeting the needs of the most demanding environments while ensuring investment protection. The third generation of IOCs from Juniper, the IOC3, delivers high throughput along with superior connectivity options including 100GbE, 40GbE, and high-density 10GbE interfaces. The IOC3 cards are supported on the SRX5400, SRX5600, and SRX5800. The fourth generation of IOCs delivers the highest throughput of all available linecards of up to 480 Gbps and offers multiple connectivity options from 10GbE and 40GbE to 100GbE. IOC4 can deliver up to 480 Gbps of hardware-accelerated throughput per linecard.

    Routing Engine (RE3) and Enhanced System Control Board (SCB4)

    The SRX5K-RE3-128G Routing Engine (RE3) is the latest in the family of REs for the SRX5000 line with a multicore processor running at 2000 MHz. It delivers improved performance, scalability, and reliability with 128 GB DRAM and includes a TPM module. The SRX5K-SCB4 enables 480 Gbps throughput per SCB and can be configured with intra- and interchassis redundancy.

    Features and Benefits

    Networking and Security

    The Juniper Networks SRX5000 line of Firewalls has been designed from the ground up to offer robust networking and security services.
    Feature Feature Description Benefits
    Purpose-built platform Built from the ground up on dedicated hardware designed for networking and security services. Delivers unrivaled performance and flexibility to protect high-speed network environments.
    Scalable performance Offers scalable processing based on Juniper’s Dynamic Services Architecture. Offers a simple and cost-effective solution to leverage new services with appropriate processing.
    System and network resiliency Provides carrier-class hardware design and proven OS. Offers the reliability needed for any critical high-speed network deployments without service interruption. Utilizes a unique architectural design based on multiple processing cores and a separation of the data and control planes.
    High availability (HA) Active/passive and active/active HA configurations use dedicated HA interfaces. Achieves availability and resiliency necessary for critical networks.
    Interface flexibility Offers flexible I/O options with modular cards based on the Dynamic Services Architecture. Offers flexible I/O configuration and independent I/O scalability (options include 1GbE, 10GbE, 40GbE, and 100GbE) to meet the port density requirements of demanding network environments.
    Network segmentation Security zones, virtual LANs (VLANs), and virtual routers allow administrators to deploy security policies to isolate subnetworks and use overlapping IP address ranges. Features the capability to tailor unique security and networking policies for various internal, external, and demilitarized zone (DMZ) subgroups.
    Robust Routing Engine Dedicated RE provides physical and logical separation to data and control planes. Enables deployment of consolidated routing and security devices, as well as ensuring the security of routing infrastructure—all via a dedicated management environment.
    Advanced threat protection IPS, antivirus, antispam, enhanced web filtering, Juniper Advanced Threat Prevention Cloud, Encrypted Traffic Insights, Threat Intelligence Feeds, and Juniper ATP Appliance.
    • Provides real-time updates to IPS signatures and protects against exploits
    • Implements industry-leading antivirus and URL filtering
    • Delivers open threat intelligence platform that integrates with third-party feeds
    • Protects against zero-day attacks
    • Stops rogue and compromised devices to disseminate malware
    • Restores visibility that was lost due to encryption, without the heavy burden of full TLS/SSL decryption
    AppTrack Detailed analysis on application volume/usage throughout the network based on bytes, packets, and sessions. Provides the ability to track application usage to help identify high-risk applications and analyze traffic patterns for improved network management and control.
    AppFirewall Fine-grained application control policies to allow or deny traffic based on dynamic application name or group names. Enhances security policy creation and enforcement based on applications and user roles rather than traditional port and protocol analysis.
    AppQoS Leverage Juniper’s rich QoS capabilities to prioritize applications based on customers’ business and bandwidth needs. Provides the ability to prioritize traffic as well as limit and shape bandwidth based on application information and contexts for improved application and overall network performance.
    Application signatures Open signature library for identifying applications and nested applications with more than 3000 application signatures. Accurately identifies applications so that the resulting information can be used for visibility, enforcement, control, and protection.
    SSL proxy (forward and reverse) Performs SSL encryption and decryption between the client and the server. Combines with application identification to provide visibility and protection against threats embedded in SSL encrypted traffic.
    Stateful GTP and SCTP inspection Support for General Packet Radio Service Tunneling Protocol (GTP) and Stream Control Transmission Protocol (SCTP) firewall in mobile operator networks. Enables the SRX5000 line to provide stateful firewall capabilities for protecting key GPRS nodes within mobile operator networks.
    IOC3 The third-generation I/O card offers very high levels of firewall throughput and low latency. The card includes two board choices: six 40GbE interfaces and 24 10GbE interfaces, or two 100GbE interfaces and four 10GbE interfaces. The IOC3 pairs well with existing SPC2/SPC3 for maximum firewall performance in any of the SRX5000 line of Firewalls. Provides vastly superior, top-of-the-line connectivity efficiency and record-breaking high throughput I/O interfaces. Reduces the need for link aggregation to the firewall and enables very high firewall throughput of up to 2 Tbps with Express Path enabled.
    IOC4 The fourth-generation I/O card is being offered in two flavors. The first delivers 40x10GbE interfaces while the second, depending on the chosen optics, delivers 48x10GbE, 12x40GbE, or 4x100GbE interfaces. Provides the fastest throughput per slot and, in combination with Express Path, can deliver up to 480 Gbps of throughput per I/O card.
    SPC3 card Enables performance and scale with backwards compatibility to the SPC2 service cards. These cards support in-service software and in-service hardware upgrades. Delivers always-on security resiliency to meet your growing network performance needs.
    AutoVPN One-time hub configuration for site-to-site VPN for all spokes, even newly added ones. Configuration options include: routing, interfaces, Internet Key Exchange (IKE), and IPsec. Enables IT administrative time and cost savings with easy, zero-touch deployment for IPsec VPN networks.
    Remote access/SSL VPN Secure and flexible remote access SSL VPN with Juniper Secure Connect. Extends secure access to corporate resources from anywhere.
    Multitenancy Offers logical, large-scale segmentation and separation of security functions and features. Enables separate, logical instances to be deployed with dedicated security policies, zones, and other features and functions. Removes the need to deploy several physical or virtual firewalls.

    IPS Capabilities

    Juniper Networks IPS capabilities offer several unique features that assure the highest level of network security.
    Feature Feature Description Benefits
    Stateful signature inspection Signatures are applied only to relevant portions of the network traffic determined by the appropriate protocol context. This minimizes false positives and offers flexible signature development.
    Protocol decodes This feature enables highly accurate detection and helps reduce false positives. Accuracy of signatures is improved through precise contexts of protocols.
    Signatures There are more than 8500 signatures for identifying anomalies, attacks, spyware, and applications. Attacks are accurately identified and attempts to exploit a known vulnerability are detected.
    Traffic normalization Reassembly, normalization, and protocol decoding are provided. Overcome attempts to bypass other IPS detections by using obfuscation methods.
    Zero-day protection Protocol anomaly detection and same-day coverage for newly found vulnerabilities are provided. Your network is already protected against any new exploits.
    Recommended policy Group of attack signatures are identified by Juniper Networks Security Team as critical for the typical enterprise to protect against. Installation and maintenance are simplified while ensuring the highest network security.
    Active/active traffic monitoring IPS monitoring on active/active SRX5000 line chassis clusters is provided. Includes support for active/active IPS monitoring, including advanced features such as in-service software upgrade.
    Packet capture IPS policy supports packet capture logging per rule. Conduct further analysis of surrounding traffic and determine further steps to protect target.

    Content Security Capabilities

    The Content Security services offered on the SRX5000 line of Firewalls include industry-leading antivirus, antispam, content filtering, and additional content security services.
    Feature Feature Description Benefits
    Antivirus Antivirus includes reputation enhanced, cloud-based antivirus capabilities that detect and block spyware, adware, viruses, keyloggers, and other malware over POP3 HTTP, SMTP, IMAP, and FTP protocols. This service is provided in cooperation with Sophos Labs, a dedicated security company. Sophisticated protection from respected antivirus experts against malware attacks that can lead to data breaches and lost productivity.
    Antispam Multilayered spam protection, up-to-date phishing URL detection, standards-based S/MIME, Open PGP and TLS encryption, MIME type, and extension blockers are provided in cooperation with Sophos Labs, a dedicated security company. Protection against advanced persistent threats perpetrated through social networking attacks and the latest phishing scams with sophisticated e-mail filtering and content blockers.
    Enhanced Web filtering Enhanced Web filtering includes extensive category granulation (95+ categories) and a real-time threat score delivered with Forcepoint, an expert Web security provider. Protection against lost productivity and the impact of malicious URLs as well as helping to maintain network bandwidth for business essential traffic.
    Content filtering Effective content filtering is based on MIME type, file extension, and protocol commands. Protection against lost productivity and the impact of extraneous or malicious content on the network to help maintain bandwidth for business essential traffic.

    Advanced Threat Prevention

    Advanced threat prevention (ATP) solutions that defend against sophisticated malware, persistent threats, and ransomware are available for the SRX5000 line. Two versions are available: Juniper ATP Cloud, a SaaS-based service, and the Juniper ATP Appliance, an on-premises solution.
    Feature Feature Description Benefits
    Advanced malware detection and remediation Malware analysis and sandboxing are based on machine learning and behavioral analysis. Protects enterprise users from a spectrum of malicious attacks, including advanced malware that exploits “zero-day” vulnerabilities.
    Comprehensive threat feeds (C2, GeoIP, custom) Curated, actionable threat intelligence feeds are delivered in near real time to SRX Series devices. Proactively blocks malware communication channels and protects from botnets, phishing, and other attacks.
    Encrypted Traffic Insights SRX Series firewalls collect relevant TLS/SSL connection data, including certificates used, cipher suites negotiated, and connection behavior.  This information is processed by Juniper ATP Cloud, which uses network behavioral analysis and machine learning to determine whether the connection is benign or malicious.  Policies configured on SRX Series firewalls can be used to block encrypted traffic identified as malicious. Restores visibility that was lost due to encryption without the heavy burden of full TLS/SSL decryption.
    HTTP, HTTPs, e-mail Web- and e-mail-based threats are analyzed, including encrypted sessions. Protects users from all major threat vectors, including e-mail. Provides flexible message handling options for e-mail. The Juniper ATP Appliance includes support for cloud-based e-mail services such as Office 365 and Google Mail, and detects threats in SMB traffic.
    Integration with Security Director and JSA Juniper Networks Secure Analytics portfolio (JSA Series) security information and event management (SIEM) can consume and correlate threat events. Juniper ATP Cloud is also fully integrated with Security Director for provisioning and monitoring. The Juniper ATP Appliance includes a built-in management console and is not integrated with Security Director. Single pane-of-glass management with Security Director and JSA Series integration delivers a simplified policy application and monitoring experience.
    More information about Juniper Advanced Threat Prevention products can be found at https://www.juniper.net/us/en/products/security/advanced-threat-prevention.html.

    Centralized Management

    Juniper Networks® Security Director is the central manager for all SRX Series Firewalls. It provides security policy management for all physical, logical, and virtual firewalls through an innovative, intuitive, and centralized web-based interface that offers enforcement across emerging and traditional threat vectors. It provides detailed visibility into application performance, reduces risk while enabling users to diagnose, and it resolves problems quickly. More information about Juniper Networks Security Director can be found at https://www.juniper.net/us/en/products/security/security-director-network-security-management.html.
    SRX5400, SRX5600, SRX5800 image

    Specifications

    Note: Performance, capacity, and features are measured under ideal lab testing conditions. Actual results may vary based on Junos OS release and by deployment.
    SRX5400 SRX5600 SRX5800
    Maximum Performance and Capacity1
    Junos OS version tested Junos OS 21.2 Junos OS 21.2 Junos OS 21.2
    Firewall Performance, IMIX 960 Gbps 1.44 Tbps 3.36 Tbps
    Maximum performance per chassis 960 Gbps 1440 Tbps 3.36 Tbps
    Next-Generation Datacenter Firewall Performance2 136 Gbps 194 Gbps 504 Gbps
    Secure Web Access Firewall Performance3 75 Gbps 107 Gbps 277 Gbps
    Latency (stateful firewall) ~11µsec ~11µsec ~11µsec
    IPsec VPN AES-256-GCM (IMIX) 188 Gbps 269 Gbps 699 Gbps
    Maximum IPS performance 172 Gbps 245 Gbps 638 Gbps
    Maximum concurrent sessions 91 Million 182 Million 338 Million
    New sessions/second (sustained, tcp, 3way, firewall NAT) 1.7/1 million 3.4/2 Million 6.3/4 Million
    Maximum users supported Unrestricted Unrestricted Unrestricted
    Network Connectivity
    IOC4 options (SRX5K-IOC4-MRAT; SRX5K-IOC4-10G) 40x10GbE SFP+ or 12xQSFP+/QSFP28 multirate
    IOC3 options (SRX5K-MPC3-100G10G; SRX5K-MPC3-40G10G) 2x100GbE CFP2 and 4x10GbE SFP+ or 6x40GbE QSFP+ and 24x10GbE SFP+
    Firewall
    Network attack detection Yes Yes Yes
    DoS and distributed denial of service (DDoS) protection Yes Yes Yes
    TCP reassembly for fragmented packet protection Yes Yes Yes
    Brute force attack mitigation Yes Yes Yes
    SYN cookie protection Yes Yes Yes
    Zone-based IP spoofing Yes Yes Yes
    Malformed packet protection Yes Yes Yes
    IPsec VPN
    Site-to-site tunnels 15,000 15,000 15,000
    Tunnel interfaces 15,000 15,000 15,000
    Number of remote access / SSL VPN (concurrent) users 25,000 40,000 50,000
    Tunnels Site-to-Site, Hub and Spoke, Dynamic Endpoint, AutoVPN, ADVPN, Group VPN (IPv4 / IPv6 / Dual Stack)
     Internet Key Exchange IKEv1, IKEv2
    Configuration Payload Yes Yes Yes
    IKE Authentication Algorithms MD5, SHA1, SHA-256, SHA-384, SHA-512
    IKE Encryption Algorithms Prime, DES-CBC, 3DES-CBC, AEC-CBC, AES-GCM, SuiteB
    Authentication Pre-shared key and public key infrastructure (PKI X.509)
    IPsec (Internet Protocol Security) Authentication Header (AH) / Encapsulating Security Payload (ESP) protocol
    Perfect forward secrecy Yes
    IPsec Authentication Algorithms hmac-md5, hmac-sha-196, hmac-sha-256, hmac-sha-384, hmac-sha-512
    IPsec Encryption Algorithms Prime, DES-CBC, 3DES-CBC, AEC-CBC, AES-GCM, SuiteB
    Monitoring Standard-based Dead peer detection (DPD), VPN monitoring
    Prevent replay attack Yes Yes Yes
    VPNs (GRE, IP-in-IP, MPLS) Yes Yes Yes
    Redundant VPN gateways Yes Yes Yes
    Intrusion Prevention System (IPS)
    Signature-based and customizable (via templates) Yes Yes Yes
    Active/active traffic monitoring Yes Yes Yes
    Stateful protocol signatures Yes Yes Yes
    Attack detection mechanisms Stateful signatures, protocol anomaly detection (zero-day coverage), application identification Stateful signatures, protocol anomaly detection (zero-day coverage), application identification Stateful signatures, protocol anomaly detection (zero-day coverage), application identification
    Attack response mechanisms Drop connection, close connection, session packet log, session summary, e-mail Drop connection, close connection, session packet log, session summary, e-mail Drop connection, close connection, session packet log, session summary, e-mail
    Attack notification mechanisms Structured system logging Structured system logging Structured system logging
    Worm protection Yes Yes Yes
    Simplified installation through recommended policies Yes Yes Yes
    Trojan protection Yes Yes Yes
    Spyware/adware/keylogger protection Yes Yes Yes
    Advanced malware protection Yes Yes Yes
    Protection against attack proliferation from infected systems Yes Yes Yes
    Reconnaissance protection Yes Yes Yes
    Request and response side attack protection Yes Yes Yes
    Compound attacks—combines stateful signatures and protocol anomalies Yes Yes Yes
    Custom attack signatures creation Yes Yes Yes
    Contexts accessible for customization 600+ 600+ 600+
    Attack editing (port range, other) Yes Yes Yes
    Stream signatures Yes Yes Yes
    Protocol thresholds Yes Yes Yes
    Stateful protocol signatures Yes Yes Yes
    Frequency of updates Daily and emergency Daily and emergency Daily and emergency
    Content Security
    Antivirus Yes Yes Yes
    Content filtering Yes Yes Yes
    Enhanced Web filtering Yes Yes Yes
    Redirect Web filtering Yes Yes Yes
    Antispam Yes Yes Yes
    AppSecure
    AppTrack (application visibility and tracking) Yes Yes Yes
    AppFirewall (policy enforcement by application name) Yes Yes Yes
    AppQoS (network traffic prioritization by application name) Yes Yes Yes
    User-based application policy enforcement Yes Yes Yes
    GPRS Security
    GPRS stateful firewall Yes Yes Yes
    Destination Network Address Translation
    Destination NAT with Port Address Translation (PAT) Yes Yes Yes
    Destination NAT within same subnet as ingress interface IP Yes Yes Yes
    Destination addresses and port numbers to one single address and a specific port number (M:1P) Yes Yes Yes
    Destination addresses to one single address (M:1) Yes Yes Yes
    Destination addresses to another range of addresses (M:M) Yes Yes Yes
    Source Network Address Translation
    Static Source NAT—IP-shifting Dynamic Internet Protocol (DIP) Yes Yes Yes
    Source NAT with PAT—port translated Yes Yes Yes
    Source NAT without PAT—fix port Yes Yes Yes
    Source NAT—IP address persistency Yes Yes Yes
    Source pool grouping Yes Yes Yes
    Source pool utilization alarm Yes Yes Yes
    Source IP outside of the interface subnet Yes Yes Yes
    Interface source NAT—interface DIP Yes Yes Yes
    Oversubscribed NAT pool with fallback to PAT when the address pool is exhausted Yes Yes Yes
    Symmetric NAT Yes Yes Yes
    Allocate multiple ranges in NAT pool Yes Yes Yes
    Proxy Address Resolution Protocol (ARP) for physical port Yes Yes Yes
    Source NAT with loopback grouping—DIP with loopback grouping Yes Yes Yes
    User Authentication and Access Control
    Built-in (internal) database Yes Yes Yes
    RADIUS accounting Yes Yes Yes
    Web-based authentication Yes Yes Yes
    Public Key Infrastructure (PKI) Support
    PKI certificate requests (PKCS 7, PKCS 10, and CMPv2) Yes Yes Yes
    Automated certificate enrollment (SCEP) Yes Yes Yes
    Certificate authorities supported Yes Yes Yes
    Self-signed certificates Yes Yes Yes
    Virtualization
    Maximum custom routing instances with data plane separation 2000 2000 2000
    Maximum security zones 2000 2000 2000
    Maximum virtual firewalls with data plane and administrative separation (logical/tenant systems) 500 500 500
    Additional off-platform virtual firewall option with Juniper Networks vSRX Virtual Firewall (VM based) Unlimited Unlimited Unlimited
    Maximum number of VLANs 4096 4096 4096
    Routing
    BGP instances 1000 1000 1000
    BGP peers 2000 2000 2000
    BGP routes 1 Million 1 Million 1 Million
    OSPF instances 400 400 400
    OSPF routes 1 Million 1 Million 1 Million
    RIP v1/v2 instances 50 50 50
    RIP v2 table size 30,000 30,000 30,000
    Dynamic routing Yes Yes Yes
    Static routes Yes Yes Yes
    Source-based routing Yes Yes Yes
    Policy-based routing Yes Yes Yes
    Equal cost multipath (ECMP) Yes Yes Yes
    Reverse path forwarding (RPF) Yes Yes Yes
    Multicast Yes Yes Yes
    IPv6
    Firewall/stateless filters Yes Yes Yes
    Dual-stack IPv4/IPv6 firewall Yes Yes Yes
    RIPng Yes Yes Yes
    BFD, BGP Yes Yes Yes
    ICMPv6 Yes Yes Yes
    OSPFv3 Yes Yes Yes
    Class of service (CoS) Yes Yes Yes
    Mode of Operation
    Layer 2 (transparent) mode Yes Yes Yes
    Layer 3 (route and/or NAT) mode Yes Yes Yes
    IP Address Assignment
    Static Yes Yes Yes
    Dynamic Host Configuration Protocol (DHCP) Yes Yes Yes
    Internal DHCP server Yes Yes Yes
    DHCP relay Yes Yes Yes
    Traffic Management Quality of Service (QoS)
    Maximum bandwidth Yes Yes Yes
    RFC2474 IP Diffserv in IPv4 Yes Yes Yes
    Firewall filters for CoS Yes Yes Yes
    Classification Yes Yes Yes
    Scheduling Yes Yes Yes
    Shaping Yes Yes Yes
    Intelligent Drop Mechanisms (WRED) Yes Yes Yes
    Three-level scheduling Yes Yes Yes
    Weighted round robin for each level of scheduling Yes Yes Yes
    Priority of routing protocols Yes Yes Yes
    Traffic management/policing in hardware Yes Yes Yes
    High Availability (HA)
    Active/passive, active/active Yes Yes Yes
    Unified in-service software upgrade (unified ISSU) Yes Yes Yes
    Configuration synchronization Yes Yes Yes
    Session synchronization for firewall and IPsec VPN Yes Yes Yes
    Session failover for routing change Yes Yes Yes
    Device failure detection Yes Yes Yes
    Link and upstream failure detection Yes Yes Yes
    Dual control links Yes Yes Yes
    Interface link aggregation/Link Aggregation Control Protocol (LACP) Yes Yes Yes
    Redundant fabric links Yes Yes Yes
    Management
    WebUI (HTTP and HTTPS) Yes Yes Yes
    Command line interface (console, telnet, SSH) Yes Yes Yes
    Junos Space Security Director Yes Yes Yes
    Administration
    Local administrator database support Yes Yes Yes
    External administrator database support Yes Yes Yes
    Restricted administrative networks Yes Yes Yes
    Root admin, admin, and read-only user levels Yes Yes Yes
    Software upgrades Yes Yes Yes
    Configuration rollback Yes Yes Yes
    Logging/Monitoring
    Structured syslog Yes Yes Yes
    SNMP (v2 and v3) Yes Yes Yes
    Traceroute Yes Yes Yes
    Certifications
    Safety certifications Yes Yes Yes
    Electromagnetic Compatibility (EMC) certifications Yes Yes Yes
    RoHS2 Compliant (European Directive 2011/65/EU) Yes Yes Yes
    NIST FIPS-140-2 Level 2 Yes Yes Yes
    Common Criteria NDPP+TFFW EP + VPN EP Yes Yes Yes
    USGv6 Yes Yes Yes
    Dimensions and Power
    Dimensions (W x H x D) 17.45 x 8.7 x 24.5 in (44.3 x 22.1 x 62.2 cm) 17.5 x 14 x 23.8 in (44.5 x 35.6 x 60.5 cm) 17.5 x 27.8 x 23.5 in (44.5 x 70.5 x 59.7 cm)
    Weight Fully configured 128 lb (58.1 kg) Fully Configured: 180 lb (81.7 kg) Fully Configured: 334 lb (151.6 kg)
    Power supply (AC) 100 to 240 VAC 100 to 240 VAC 200 to 240 VAC
    Power supply (DC) -40 to -60 VDC -40 to -60 VDC -40 to -60 VDC
    Maximum power 4,100 watts (AC high capacity) 4,100 watts (AC high capacity) 8,200 watts (AC high capacity)
    Typical Power 1540 watts 2440 watts 5015 watts
    Environmental
    Operating temperature – long term 41° to 104° F (5° to 40° C) 41° to 104° F (5° to 40° C) 41° to 104° F (5° to 40° C
    Humidity – long term 5% to 85% noncondensing 5% to 85% noncondensing 5% to 85% noncondensing
    Humidity – short term 5% to 93% noncondensing but not to exceed 0.026 kg water/kg of dry air 5% to 93% noncondensing but not to exceed 0.026 kg water/kg of dry air 5% to 93% noncondensing but not to exceed 0.026 kg water/kg of dry air
    1 Performance, capacity and features listed are measured under ideal testing conditions. Actual results may vary based on Junos OS releases and by deployments.
    2Next-Generation Datacenter firewall performance is measured with Firewall, Application Security and IPS enabled using 64KB transactions.
    3Secure Web Access firewall performance is measured with Firewall, Application Security, IPS, SecIntel, and URL Filtering enabled using 64KB transactions.
    Add to cart Details

  • PTX10000 Modular Router

    ASK FOR PRICE

    Product Overview

    Juniper Networks PTX10000 modular routers were specifically designed to meet new service level agreements in the cloud era. As cloud and 5G trends accelerate network transformation, core and peering networks face exponential traffic growth due to the massive increase in the number of connected devices, presenting operators with the same challenges but at a faster rate. Leading the 400G transition, these modular routers set new benchmarks of scale, flexibility, and reliability with high-performance custom silicon. These platforms share a common set of components and full feature sets, with various 400GbE-capable line cards available to satisfy specific core, peering, data center, and metro-core deployments in the most demanding environments.  
     

    Product Description

    Increasingly sophisticated network operators and users seek highly responsive and customizable cloud-like online experiences and services that align with their unique needs and interests, creating more traffic that consumes increasing amounts of network bandwidth. The demands of the increased network traffic are driving the creation of new core and peering architectures. Cloud routing allows for more centralized, interconnected cores to help operators scale their networks to meet new service-level agreements. Competing with the ability to rapidly expand capacity is the need to reduce operational costs; providers are under enormous pressure to lower margins and compete with new entrants and disruptors that do not have legacy networks to maintain. There is immense pressure on core and peering routers to simultaneously address:
    • Scale: Providers may offer backbone connectivity that requires a large number of label-switched paths (LSPs). If they are using Segment Routing or RSVP to take advantage of the traffic engineering (SR-TE/RSVP-TE) functionality, the control plane signaling path must be able to scale in step with the growth of LSPs. This ability to scale is needed for both the primary and backup paths to support redundancy mechanisms like fast re-route (FRR). Today, the total number needed for backbone connectivity is a few million. This type of scaling challenge will be felt by operators who are trying to diversify their portfolios by adding a broader scope of connectivity options; for example, a data center operator who wants to provide cloud connectivity or VPN services to enterprise customers, or an operator of private line service who wants to add a collocation service to its offering.
    • Operational Flexibility: Virtualized services and the explosion of cloud-based applications are creating increasingly erratic traffic patterns. To handle this unpredictability, service providers need architectures that are flexible and dynamic across all layers. Operators today rely on the flexibility and capacity of IP filters to mitigate the impact of increasing denial-of-service (DoS) attacks.
    • Investment Protection: Ensuring operators are investing in platforms designed to last has become imperative to leveraging the next generation of ASIC improvements the industry is offering. The risk of packet drops from rip-and-replace strategies to yearly silicon upgrades severely impacts the reliability of future upgrades.
     
    PTX10000 service provider router deployment diagram
    Figure 1: PTX10000 router deployment
    In order to address these challenges, network operators need a router that delivers scalability, flexibility, and reliability to the network. Juniper Networks® PTX Series Routers takes high-performance networking to the next level, easily fitting into both cloud- and service-providers networks across core, peering, data center spice, data center edge, and infrastructure edge routing. (Figure 1). The PTX Series Routers are powered by Juniper’s custom Express family ASICs, supporting 400GbE architectures and delivering predictable IP/MPLS packet performance and functionality, eliminating the complex packet profiles found in elaborate, over-engineered network processing units  deployed in other core routers. The PTX Series Routers bring physical and virtual innovations to the cloud and service provider networks. These next-generation routers help network operators achieve their business goals while effectively handling current and future traffic demands through automation, optimization, and programmability. The PTX Series Routers combines the best of Juniper’s Express ASICs with the reliability and familiarity of Junos® OS. The PTX Series Routers are comprised of feature-rich, 400G-optimized fixed and modular platforms.  

    PTX10004, PTX10008, PTX10016 Hardware

    The PTX10004 (4-slot), PTX10008 (8-slot), and PTX10016 (16-slot) modular routers utilize Juniper’s Express4 ASIC powered line cards to support deep buffers, flexible packet filtering, and bandwidth demanding core and peering architectures.
    Table 1. PTX10004, PTX10008, PTX100016 Modular Chassis Options
    Router Bandwidth Height
    3T (30 x 100GbE; 144 x 10GbE) 4.8T (4 x 400GbE; 48 x 100GbE) 14.4T (36 x 400GbE; 144 x 100GbE)
    PTX10004 - 19.2T 57.6T 4 slots/7 RU
    PTX10008 24T 38.4T 115.2T 8 slots/13 RU
    PTX10016 48T 76.8T 230.4T 16 slots/21 RU
    The PTX10004, PTX10008, and PTX10016 are cloud-optimized to support the transition and expansion of 400GbE networks. These high density routers are designed for today’s space- and power-constrained facilities, supporting 400GbE architectures with inline Media Access Control Security (MACsec) on all ports for uncompromised security. PTX LC1201 and LC1202 line cards offer native SFP+ transceiver support through QSFP adapter, MAM1Q00A-QSA. This option enables deployments where 10GE connectivity over more than 10KM single mode fiber links is required. These modular routers enable network operators to build core architectures that optimize label-switching router (LSR), Internet backbone, peering, and optical convergence applications. As a result, operators can—for the first time—match traffic demands with enhanced core router performance and flexible deployments. With its ultra-optimized and compact form factor, the PTX10000 line is ideal for peering, collocation, and central office locations where space and power are at a premium.

    Silicon Innovations with Express Family ASICs

    Continuous innovations in silicon enable the PTX10000 modular routers to accommodate scale-up and scale-out architectures with smooth migration paths as traffic patterns change. Juniper’s custom Express silicon allows adaptive load balancing, data structure sharing, and better resource utilization, as well as supporting value-added resources for additional filtering flexibility—all while lowering cost per bit. The PTX10004, PTX10008, and PTX10016 are powered by the highly scalable Juniper Express4 silicon, the industry’s first inline MACsec for 400GbE chip to support universal multirate QSFP56-DD. The Juniper Express4 silicon delivers consistently low latency, 8M counters, 256 Advanced Encryption Standard (AES) MACsec encryption supported on all ports, and wire-rate packet performance for IP traffic without sacrificing the optimized system power profile. Preserving the spirit of the Junos Express silicon family, Juniper Express4 silicon is the first purpose-built telecommunications silicon to incorporate a 3D memory architecture into the base design, offering the industry’s highest packet performance per gigabit in the fewest rack units. It also provides dynamic table memory allocation for massive IP routing scale while delivering tremendous power efficiency gains at 0.14 watts/gigabit. The ability to address a provider’s core networking requirements— scale, operational flexibility, and SDN control— begins with the silicon. With the PTX10000 line, operators can now deploy a core architecture with full Juniper Paragon Automation suite.  

    Architecture and Key Components

    The PTX10000 line of Packet Transport Routers features a number of key architectural elements. Dual redundant routing engines (REs) on the PTX10004, PTX10008, and PTX10016 run the Juniper Networks Junos operating system, where they manage all routing protocol processes, router interface control, and control plane functions such as chassis component, system management, and user access to the router. In addition, unique cryptographic digital identity has been added to the Trusted Platform Module (TPM 2.0), which is embedded in the latest generation of REs. This addition enables device attestation and enhances security. REs’ processes interact with the Packet Forwarding Engine (PFE) on the line cards via dedicated high- bandwidth management channels, providing a clean separation of the control and forwarding planes. The PTX10004, PTX10008, and PTX10016 Express-based line cards currently support 10GbE, 25GbE, 40GbE, 100GbE, and 400GbE interfaces. The horizontal line cards in the front of the chassis connect directly to the vertical switch fabric cards in the rear of the chassis via orthogonal interconnects without requiring a midplane. This provides unparalleled investment protection by ensuring a smooth upgrade path to higher speed switch fabric cards as they become available. The midplane-less design improves airflow with a front-to-back design and enables limitless scale. To maintain uninterrupted operation, the PTX10000 modular chassis fan trays cool the line cards and REs with redundant, variable-speed fans. In addition, the PTX10000 line power supplies  convert building power to the internal voltage required by the system. All PTX10000 line components are hot-swappable, and all central functions are available in redundant configurations, providing high operational availability by allowing continuous system operation during maintenance or repairs.  

    PTX10000 Line: Shared Hardware Components

    Key hardware components of the PTX10004, PTX10008, and PTX10016 modular routers include the switch fabrics, REs, and line cards.
    Table 2: Shared Components Across PTX Modular Chassis
    PTX10004, PTX10008, PTX10016
    Switch Fabrics
    • SF (3 Tbps/slot, Express2)
    • SF3 (14.4Tbps/slot, Express4)
    Routing Engines
    • JNP10K-RE0: The first-generation RE0 RE features a quad-core 2.5 GHz Intel processor with 32 GB  memory and 2x50 GB solid-state drive (SSD) storage.
    • JNP10K-RE1: The second-generation RE1 RE features a 10-core 2.2 GHz Intel processor with memory options of 64 GB or 128 GB and 2x200 GB solid-state drive (SSD) storage.
     
    Table 3: Express-based Line Cards
    Line card Bandwidth Silicon 100GbE Ports 400GbE Ports
    PTX10K-LC1201-36CD (JNP10K-LC1201): 14.4 Tbps Express4 144 36 QSFP56-DD/ QSFP56/QSFP28-DD/QSFP28/QSFP+
    PTX10K-LC1202-36MR (JNP10K-LC1202): 4.8 Tbps Express4 32 4 QSFP56-DD and QSFP28
    PTX10K-LC1101 (JNP10K-LC1101): 3 Tbps Express2 30 - QSFP28/QSFP+.
    PTX10K-LC1102 (JNP10K-LC1102): 1.4 Tbps Express2 12 - QSFP28/QSFP+.
    PTX10K-LC1104 (JNP10K-LC1104): 1.2 Tbps Express2 6 - DWDM
    PTX10K-LC1105 (JNP10K-LC1105): 3 Tbps Express2 30 - QSFP28/QSFP+.
    The line cards also supports native MACsec without compromising throughput on any supported interface rate up to 400GbE, providing point-to-point security on Ethernet links. MACsec blocks security threats such as DoS, intrusion, man-in-the-middle, masquerading, passive wiretapping, and playback attacks while securing links for most traffic frames from the Link Layer Discovery Protocol (LLDP), Link Aggregation Control Protocol (LACP), Dynamic Host Configuration Protocol (DHCP), Address Resolution Protocol (ARP), and others. All ports can support 400GbE ZR and ZR+ optics, making it ready for full packet/optical convergence without compromising density.  

    Power

    The PTX10004 has three power supply slots, the PTX10008 offers six power supply slots, and the PTX10016 has 10 power supply slots, providing complete flexibility for provisioning and redundancy. Each power supply has its own internal fan for cooling. The PTX10000 line supports both AC and DC power supplies; however, AC and DC supplies cannot be mixed in the same chassis. Two generations of power supplies exist: the first generation is designed to support Express2 line cards, while the second generation is designed to support both Express2 and Express4 line cards.. The first generation of AC power supplies on the PTX10000 line routers accept 200 to 240 volts alternating current (VAC) input, delivering 2700 watts of power to the chassis. The first generation of DC power supplies accept -40 to -72 volts direct current (VDC) input, delivering 2500 watts of power to the chassis. Each AC and DC power supply has two inputs for feed redundancy. Second-generation AC power supplies (AC2) on the PTX10000 line routers are high-capacity, high-line models designed to support either AC or DC systems in either a low-power or high-power mode. The power supply takes AC input and provides DC output of 12.3 VDC, delivering 5000 watts with a single feed and 5500 watts with a dual feed. For AC systems, the operating input is 180 to 305 VAC; for DC systems, the operating input is190 to 410 VDC. Second-generation DC power supplies (DC2) provide two power supplies in a single housing that accepts either 60 A or 80 A using four redundant input power feeds.  

    Cooling

    The PTX10000 line supports front-to-back cooling with air drawn in through the perforations on the REs and the line cards in the front of the platform. The fan trays are in front of the fabric cards and are accessible from the rear of the chassis. Hot air exhausts through the rear of the chassis.  

    Chassis Management

    The PTX10000 line delivers powerful Junos OS chassis management that allows environmental monitoring and field-replaceable unit (FRU) control. Chassis management provides a faster primary switchover, enhanced power budgeting with a modular power management, reduced power consumption for partially populated systems, granular control over FRU power-on, adaptive cooling, and CPU leveling during monitoring intervals.  

    Simplified Management

    The PTX10000 line routers simplify management based on the elegance and simplicity of the Junos OS. Management applications can receive streaming telemetry data to provide robust protocol analytics for an SDN environment. Junos OS enables resilience by design, operational consistency, and the versatility needed to evolve your network.  

    SONiC Support on the PTX10008

    The PTX10008 supports Juniper’s SONiC implementation, delivering best-of-breed hardware for cloud operators while taking advantage of the flexibility of SONiC’s open and disaggregated architecture. The SONiC-enabled PTX10008 plugs seamlessly into a unified SONiC network infrastructure, leveraging the existing PTX10008 hardware. The Juniper-provided SONiC image, installed on the hardware at the factory, includes the platform device drivers and Juniper's Hardware Abstraction Layer (HAL), including Juniper's implementation of the Switch Abstraction Interface (SAI) for the Express4 ASIC and the line card PFE software. As a modular and dense multi-PFE 400GbE/100GbE platform, the PTX10008 is perfectly suited for large spine layer applications in data center IP fabrics. Juniper complements the SONiC OS with the containerized Routing Protocol Daemon (cRPD), a full-function routing and management stack packaged as a container. This ensures a consistent end-to-end routing experience across different tiers in the data center. In addition, the cRPD enables high-performance telemetry, automation, and programmability in a lightweight deployment. For features available with SONiC, please refer to the SONiC deployment guide.

    Features and Benefits

    Table 1 summarizes the features available on the PTX10004, PTX10008, and PTX10016 routers.
    Table 1. PTX10000 Line Features and Benefits
    Feature Feature Description Benefits
    System capacity The four-slot PTX10004 scales to 57.6 Tbps in a single chassis, supporting up to 576 10GbE, 576 25GbE, 144 40GbE, 576 100GbE, or 144 400GbE interfaces.  The PTX10008 scales to 115.2 Tbps in a single chassis, supporting up to 1152 10GbE, 1152 25GbE, 288 40GbE, 1152 100GbE, or 288 400GbE interfaces. The PTX10016 has 16 slots, each supporting 3 Tbps (6 Tbps half-duplex). A fully equipped PTX10016 can support 2304 10GbE, 576 40GbE, or 480 100GbE interfaces. The PTX10000 line gives network operators the performance and scalability needed to outpace increased traffic demands.
    Packet performance Groundbreaking Juniper silicon innovation powers the PTX10000 line routers with unparalleled packet processing for both full IP and MPLS functionality, thereby leveraging revolutionary 3D memory architecture. Exceptional packet processing capabilities help alleviate the challenge of scaling the network as traffic increases while optimizing IP/MPLS transit functionality around superior performance and elegant deployability.
    Full-scale IP and MPLS routing The PTX10000 line of routers features a rich set of IP/MPLS services, consistent low latency, and wire-rate forwarding at scale while providing the reliability needed to meet strict SLAs. Supports peering applications with more than 2 million IPv4 routes and 30 million routing information base (RIB) routing tables, 3000 OSPF adjacencies, and 4000 BGP sessions required to match expanding traffic demands.
    Segment Routing (SR) Junos OS supports Segment Routing, which provides the ability for a trusted source node to specify a forwarding path, other than the normal shortest path, that a particular packet will traverse. Enables traffic engineering at scale, link protection using topology-independent loop-free alternates (TI-LFA) implementation, VPN traffic steering, egress peering engineering, and path verification.
    High availability (HA) hardware The PTX10000 line is engineered with full hardware redundancy for cooling, power supply, REs, and switch fabric. High availability (HA) is a critical requirement for maintaining an always-on infrastructure base to meet stringent SLAs across the core.
    High availability software The PTX10000 line features a resilient operating system that supports HA features such as graceful RE switchover (GRES) and nonstop active routing (NSR) for high availability. PTX Series routers support 48 ms redundancy switchover under load. Junos OS supports HA features that allow software upgrades and changes without disrupting network traffic.
     
    Image of the PTX10004, PTX10008, and PTX100016 Packet Transport Router

    Specifications

    Table 2. PTX10000 Line Specifications
    *These numbers are power supply ratings. Actual power usage is much lower. **Assuming a max of 14W optics if fully populated and no air filter.
    Feature Specifications
    PTX10004
    Physical dimensions (W x H x D) 17.4 x 12.2 x 35 in. (44.2 x 33 x 88.9 cm); 42.2 in. (107.7 cm) depth with EMI door
    Maximum weight 271.2 lb (116.7 kg)
    Mounting Front rack mount
    Power system rating* 200-240 VAC/50-60 Hz -48 VDC @ 60 A
    Typical power consumption 10.3 kW with Express4 line cards, fully loaded
    Operating temperature** 32° to 115° F (0° to 46° C) at sea level
    PTX10008
    Physical dimensions (W x H x D) 17.4 x 22.55 x 32 in.(44.2 x 57.76 x 81.28 cm); 39.37 in. (100 cm) depth with EMI door
    Maximum weight 493 lb (223.62 kg)
    Mounting Front rack mount
    Power system rating* 200-240 VAC / 50-60 Hz -48 VDC @ 60 A
    Typical power consumption 17.3 kW with Express4 line cards, fully loaded
    Operating temperature 32° to 115° F (0° to 46° C) at sea level
    PTX10016
    Physical dimensions (W x H x D) 17.4 x 36.65 x 35 in(44.2 x 93.09 x 88.90 cm); 42.40 in (107.7 cm) depth with EMI door
    Maximum weight 596 lb (270 kg)
    Mounting Front rack mount
    Power system rating* 200-240 VAC / 50-60 Hz -48 VDC @ 60 A
    Typical power consumption 18 kW with Express2 line cards, fully loaded
    Operating temperature 32° to 115° F (0° to 46° C) at sea level
     

    Juniper Networks Services and Support

    Juniper Networks is the leader in performance-enabling services that are designed to accelerate, extend, and optimize your high-performance network. Our services allow you to maximize operational efficiency while reducing costs and minimizing risk, achieving a faster time to value for your network. Juniper Networks ensures operational excellence by optimizing the network to maintain required levels of performance, reliability, and availability. For more details, please visit https://www.juniper.net/us/en/products.html.  

    PTX10000 Line Ordering Information

    For more information, please contact your Juniper Networks representative.
    Product Number Description
    PTX10004 Premium and Base Units
    PTX10004-PREM3 PTX10004 redundant 4-slot chassis for 57.6Tbps. Includes 2 REs, 3 AC/HVDC or DC power supplies, 2 fan trays, 2 fan tray controllers, and 6 switch fabric cards.
    PTX10004-PREM2 PTX10004 redundant 4-slot chassis.  Includes 2 REs, 3 AC/HVDC or DC power supplies, 2 fan trays, 2 fan tray controllers, and 4 switch fabric cards.
    PTX10004-BASE3 PTX10004 base 4-slot chassis.  Includes 1 RE, 3 AC/HVDC or DC power supplies, 2 fan trays, 2 fan tray controllers, and 3 switch fabric cards.
    PTX10008 Premium and Base Units
    PTX10008-PREM3 PTX10008 redundant 8-slot chassis for 115.2Tbps. Includes 2 REs, 6 power supplies, 2 fan trays, 2 fan tray controllers, and 6 switch fabric cards.
    PTX10008-PREM2 PTX10008 redundant 8-slot chassis. Includes 2 REs, 6 AC/HVDC/DC power supplies, 2 fan trays, 2 fan tray controllers, and 4 switch fabric cards
    PTX10008-BASE3 PTX10008 base 8-slot chassis. Includes 1 RE, 6 AC/HVDC/DC power supplies, 2 fan trays, 2 fan tray controllers, and 3 switch fabric cards
    PTX10008-PREMIUM PTX10008 redundant 8-slot chassis [JNP10008]. Includes 2 REs, 6 power supplies, 2 fan trays, 2 fan tray controllers, and 6 switch fabric cards.
    PTX10008-BASE PTX10008 8-slot chassis [JNP10008]. Includes 1 RE, 3 power supplies, 2 fan trays, 2 fan tray controllers, and 5 switch fabric cards.
    PTX10008-PREM3-SON PTX10008 8-slot chassis for 14.4T LC, including 1 RE running SONiC, 6 AC/HVDC/DC power supplies, 2 fan trays, 2 fan tray controllers, and 6 switch fabric cards.
    PTX10008-PREM2-SON PTX10008 8-slot chassis for 14.4T LC, including 1 RE running SONiC, 6 AC/HVDC/DC power supplies, 2 fan trays, 2 fan tray controllers, and 4 switch fabric cards.
    PTX10008-BASE3-SON PTX10008 8-slot chassis for 14.4T LC, including 1 RE running SONiC, 6 AC/HVDC/DC power supplies, 2 fan trays, 2 fan tray controllers, and 3 switch fabric cards.
    PTX10016 Premium and Base Units
    PTX10016-PREM3 PTX10008 redundant 16-slot chassis for 230.4Tbps. Includes 2 REs, 10 power supplies, 2 fan trays, 2 fan tray controllers, and 6 switch fabric cards.
    PTX10016-PREM2 PTX10008 redundant 16-slot chassis. Includes 2 REs, 10 AC/ HVDC/DC power supplies, 2 fan trays, 2 fan tray controllers, and 4 switch fabric cards.
    PTX10016-BASE3 PTX10008 base 16-slot chassis. Includes 1 RE, 10 AC/HVDC/DC power supplies, 2 fan trays, 2 fan tray controllers, and 3 switch fabric cards.
    PTX10016-BASE PTX10016 16-slot chassis [JNP10016]. Includes 1 RE, 5 power supplies, 2 fan trays, 2 fan tray controllers, and 5 switch fabric cards.
    PTX10016-PREMIUM PTX10016 redundant 16-slot chassis [JNP10016]. Includes 2 REs, 10 power supplies, 2 fan trays, 2 fan tray controllers, and 6 switch fabric cards.
    PTX10000 Routing Engines
    JNP10K-RE0-BB PTX10000/JNP10000 RE X4, base bundle
    JNP10K-RE0-R PTX10000/JNP10000 RE X4, redundant
    JNP10K-RE0 PTX10000/JNP10000 RE X4
    JNP10K-RE1-BB PTX10000/JNP10000 RE X8, base bundle
    JNP10K-RE1-R PTX10000/JNP10000 RE X8, redundant
    JNP10K-RE1 PTX10000/JNP10000 RE X8
    JNP10K-RE1-E-BB PTX10000/JNP10000 RE X8 with Junos Evolved, base bundle
    JNP10K-RE1-E-R PTX10000/JNP10000 RE X8 with Junos Evolved, redundant
    JNP10K-RE1-E PTX10000/JNP10000 RE X8 with Junos Evolved
    JNP10K-RE1-S128-BB JNP10000 RE with SONiC, base bundle
    JNP10K-RE1-S128 JNP10000 RE with SONiC
    PTX10004 Switch Fabric
    JNP10004-SF3-BB PTX10004/JNP10004 switch fabric card supporting up to 14.4 Tbps LC, base bundle
    JNP10004-SF3-R PTX10004/JNP10004 switch fabric card supporting up to 14.4 Tbps LC, redundant
    JNP10004-SF3 PTX10004/JNP10004 switch fabric card supporting up to 14.4 Tbps LC
    PTX10008 Switch Fabric
    JNP10008-SF3-BB PTX10008/JNP10008 switch fabric card supporting up to 14.4 Tbps LC, base bundle
    JNP10008-SF3-R PTX10008/JNP10008 switch fabric card supporting up to 14.4 Tbps LC, redundant
    JNP10008-SF3 PTX10008/JNP10008 switch fabric card supporting up to 14.4 Tbps LC
    JNP10008-SF-BB PTX10008/JNP10008 switch fabric card, base bundle
    JNP10008-SF-R PTX10008/JNP10008 switch fabric card, redundant
    JNP10008-SF PTX10008/JNP10008 switch fabric card
    PTX10016 Switch Fabric
    JNP10016-SF3-BB PTX10016/JNP10016 switch fabric card supporting up to 14.4 Tbps LC, base bundle
    JNP10016-SF3-R PTX10016/JNP10016 switch fabric card supporting up to 14.4 Tbps LC, redundant
    JNP10016-SF3 PTX10016/JNP10016 switch fabric card supporting up to 14.4 Tbps LC
    JNP10016-SF-BB PTX10016/JNP10016 switch fabric card, base
    JNP10016-SF-R PTX10016/JNP10016 switch fabric card, redundant
    JNP10016-SF PTX10016/JNP10016 switch fabric card, base bundle
    PTX10000 Express4 Line Cards
    PTX10K-LC1201-36CD 36x400GbE/36x200GbE/36x100GbE/36x40GbE line card [JNP10K-LC1201]
    PTX10K-LC1202-36MR 4x400GbE and 32x100GbE [JNP10K-LC1202]
    S-PTX10K-144C-A1-3 SW, PTX10000 14.4T RTU Adv1 Lic, 3-year term, with SW support
    S-PTX10K-144C-A2-3 SW, PTX10000 14.4T RTU Adv2 Lic, 3-year term, with SW support
    S-PTX10K-144C-P1-3 SW, PTX10000 14.4T RTU Prem1 Lic, 3-year term, with SW support
    S-PTX10K-144C-P2-3 SW, PTX10000 14.4T RTU Prem2 Lic, 3-year term, with SW support
    S-PTX10K-144C-A1-5 SW, PTX10000 14.4T RTU Adv1 Lic, 5-year term, with SW support
    S-PTX10K-144C-A2-5 SW, PTX10000 14.4T RTU Adv2 Lic, 5-year term, with SW support
    S-PTX10K-144C-P1-5 SW, PTX10000 14.4T RTU Prem1 Lic, 5-year term, with SW support
    S-PTX10K-144C-P2-5 SW, PTX10000 14.4T RTU Prem2 Lic, 5-year term, with SW support
    S-PTX10K-144C-A1-P SW, PTX10K, 14.4T, Adv1, without SW support, perpetual
    S-PTX10K-144C-A2-P SW, PTX10K, 14.4T, Adv2, without SW support, perpetual
    S-PTX10K-144C-P1-P SW, PTX10K, 14.4T, Pre1, without SW support, perpetual
    S-PTX10K-144C-P2-P SW, PTX10K, 14.4T, Pre2, without SW support, perpetual
    S-PTX10K-48C-A1-3 SW, PTX10K, 4.8T, Advanced 1, with SW support, 3 year
    S-PTX10K-48C-A2-3 SW, PTX10K, 4.8T, Advanced 2, with SW support, 3 year
    S-PTX10K-48C-P1-3 SW, PTX10K, 4.8T, Premium 1, with SW support, 3 year
    S-PTX10K-48C-P2-3 SW, PTX10K, 4.8T, Premium 2, with SW support, 3 year
    S-PTX10K-48C-A1-5 SW, PTX10K, 4.8T, Advanced 1, with SW support, 5 year
    S-PTX10K-48C-A2-5 SW, PTX10K, 4.8T, Advanced 2, with SW support, 5 year
    S-PTX10K-48C-P1-5 SW, PTX10K, 4.8T, Premium 1, with SW support, 5 year
    S-PTX10K-48C-P2-5 SW, PTX10K, 4.8T, Premium 2, with SW support, 5 year
    S-PTX10K-48C-A1-P SW, PTX10K, 4.8T, Adv1, without SW support, perpetual
    S-PTX10K-48C-A2-P SW, PTX10K, 4.8T, Adv2, without SW support, perpetual
    S-PTX10K-48C-P1-P SW, PTX10K, 4.8T, Pre1, without SW support, perpetual
    S-PTX10K-48C-P2-P SW, PTX10K, 4.8T, Pre2, without SW support, perpetual
    PTX10000 Express2 Line Cards
    PTX10K-LC110 30x100GbE/30x40GbE line card [JNP10K-LC1101]
    PTX10K-LC1101-IR 30x100GbE/30x40GbE line card [JNP10K-LC1101], IR mode
    PTX10K-LC1101-R 30x100GbE/30x40GbE line card [JNP10K-LC1101], R mode
    PTX10K-LC1102 36X40GbE/12X100GbE line card [JNP10K-LC1102]
    PTX10K-LC1102-IR 36X40GbE/12X100GbE line card [JNP10K-LC1102], IR mode
    PTX10K-LC1102-R 36X40GbE/12X100GbE line card [JNP10K-LC1102], R mode
    PTX10K-LC1104 6x100GbE/150GbE/200GbE DWDM line card with MACsec [JNP10K-LC1104]
    PTX10K-LC1105 30x100GbE/30x40GbE line card with MACsec [JNP10K-LC1105]
    PTX10K-LC1105-IR 30x100GbE/30x40GbE line card with MACsec [JNP10K-LC1105], IR mode
    PTX10K-LC1105-R 30x100GbE/30x40GbE line card with MACsec [JNP10K-LC1105], R mode
    PTX10004 Fan Tray and Controller
    JNP10004-FAN2-BB JNP10004 fan, Gen2, base bundle
    JNP10004-FAN2 JNP10004 fan, Gen2
    JNP10004-FTC2-BB JNP10004 fan tray controller, Gen2, base bundle
    JNP10004-FTC2 JNP10004 fan tray controller, Gen2
    PTX10008 Fan Tray and Controller
    JNP10008-FAN-BB PTX10008/JNP10008 fan, base bundle
    JNP10008-FAN PTX10008/JNP10008 fan
    JNP10008FANCTRL-BB PTX10008/JNP10008 fan tray controller, base bundle
    JNP10008-FAN-CTRL PTX10008/JNP10008 fan tray controller
    JNP10008-FAN2-BB JNP10008 fan, Gen2, base bundle
    JNP10008-FAN2 JNP10008 fan, Gen2
    JNP10008-FTC2-BB JNP10008 fan tray controller, Gen2, base bundle
    JNP10008-FTC2 JNP10008 fan tray controller, Gen2
    PTX10016 Fan Tray and Controller
    JNP10016-FAN-BB PTX10016/JNP10016 fan, base bundle
    JNP10016-FAN PTX10016/JNP10016 fan
    JNP10016FANCTRL-BB PTX10016/JNP10016 fan tray controller, base bundle
    JNP10016-FAN-CTRL PTX10016/JNP10016 fan tray controller
    JNP10016-FAN2-BB JNP10016 fan, Gen2, base bundle
    JNP10016-FAN2 JNP10016 fan, Gen2
    JNP10016-FTC2-BB JNP10016 fan tray controller, Gen2, base bundle
    JNP10016-FTC2 JNP10016 fan tray controller, Gen2
    PTX10000 Power Cables
    CBL-PWR2-L6-30P Power cord, JNP10000 AC2 L6-30P
    CBL-PWR2-L6-30P-RA Power cord, JNP10000 AC2 RA L6-30P
    CBL-PWR2-330P6W Power cord, JNP10000 AC2 IEC309-330P6W
    CBL-PWR2-330P6W-RA Power cord, JNP10000 AC2 RA IEC309-330P6W
    CBL-PWR2-332P6W Power cord, JNP10000 AC2 IEC309-332P6W
    CBL-PWR2-332P6W-RA Power cord, JNP10000 AC2 RA IEC309-332P6W
    PTX10000 Power Modules
    JNP10K-PWR-AC2-BB JNP10000 5000 watts AC/HVDC power supply base bundle
    JNP10K-PWR-AC2-R JNP10000 5000 watts AC/HVDC power supply redundant
    JNP10K-PWR-AC2 JNP10000 5000 watts AC/HVDC power supply
    JNP10K-PWR-DC2-BB JNP10000 5000 watts DC power supply base bundle
    JNP10K-PWR-DC2-R JNP10000 5000 watts DC power supply redundant
    JNP10K-PWR-DC2 JNP10000 5000 watts DC power supply
    JNP10K-PWR-AC-BB PTX10000/JNP10000 2700 W AC power supply, base bundle
    JNP10K-PWR-AC-R PTX10000/JNP10000 2700 W AC power supply, redundant
    JNP10K-PWR-AC PTX10000/JNP10000 2700 W AC power supply
    JNP10K-PWR-DC-BB PTX10000/JNP10000 2500 W DC power supply, base bundle
    JNP10K-PWR-DC-R PTX10000/JNP10000 2500 W DC power supply,redundant
    JNP10K-PWR-DC PTX10000/JNP10000 2500 W DC power supply
    PTX10004 Front Panels
    JNP10004-FRPNL-BB PTX10004/JNP10004 front panel, base bundle
    JNP10004-FRNT-PNL PTX10004/JNP10004 front panel
    JNP10004-FRPNL1-BB PTX10004/JNP10004 front panel with filter, base bundle
    JNP10004-FRPNL1 PTX10004/JNP10004 front panel with filter
    JNP10004-FLTR PTX10004/JNP10004 replaceable filter
    PTX10008 Front Panels
    JNP10008-FRPNL-BB PTX10008/JNP10008 front panel, base bundle
    JNP10008-FRNT-PNL PTX10008/JNP10008 front panel
    JNP10008-FRPNL1-BB PTX10008/JNP10008 front panel with filter, base bundle
    JNP10008-FRPNL1 PTX10008/JNP10008 front panel with filter
    JNP10008-FLTR PTX10008/JNP10008 replaceable filter
    PTX10016 Front Panels
    JNP10008-FLTR PTX10008/JNP10008 replaceable filter
    JNP10016-FRPNL-BB PTX10016/JNP10016 front panel, base bundle
    JNP10016-FRNT-PNL PTX10016/JNP10016 front panel
    JNP10016-FRPNL1-BB PTX10016/JNP10016 front panel with filter, base bundle
    JNP10016-FRPNL1 PTX10016/JNP10016 front panel with filter
    JNP10016-FLTR PTX10016/JNP10016 replaceable filter
    Add to cart Details

  • PTX10001-36MR Packet Transport Router

    ASK FOR PRICE

    Product Overview

    Changing market dynamics have intensified the challenge of accommodating growth with traditional products and architectures. Juniper’s secure and automated solutions help cloud-based networks quickly react to these evolving conditions, accelerating service delivery with world-class products and innovative architectural components. PTX Series Fixed Configuration Routers with custom Express3 and Express4 silicon are an integral part of this solution, delivering a massively scalable and efficient core architecture across space- and power-constrained cloud provider, service provider, and enterprise networks, reducing TCO with innovative, highly flexible, high-performance platforms built for the most demanding environments.

    Product Description

    The Juniper Networks® PTX Series Packet Transport Routers transform the core network with physical and virtual innovations that deliver unprecedented scale at the lowest cost per bit. Four fixed-configuration platforms are available: the PTX1000 Packet Transport Router, the industry’s first 2 U packet transport routing device; the PTX10001-36MR Packet Transport Router, a compact, power-optimized 400GbE platform based on custom Express4 silicon; the PTX10002 Packet Transport Router, a second-generation device that doubles the density of the PTX1000 with Juniper Networks Express3™ silicon; and the PTX10003, the industry’s first 3U 400-GbE enabled packet transport routing device. These transport routers give cloud and communication providers the freedom to develop and deliver new virtualized services anywhere in the network with elastic architectures and precise traffic controls, without compromising the service experience.

    The Evolving Landscape

    New traffic dynamics such as mobility, video, and cloud-based services are transforming traditional network patterns and topologies. Stratified, statically designed, and manually operated networks must evolve to support the constantly growing volumes of traffic quickly and economically. Many operators have seen their profits stagnate and TCO grow under the burden that these growing traffic volumes are imposing. Cloud and service providers need to become more agile in order to optimize their existing network resources, shorten planning cycles, and remove rigid network layers. Operators are facing the following challenges under the current environment:
    • Static scale: The cloud and communication providers’ backbone handles the full weight of network traffic. Therefore, it is paramount that core networks are inherently designed for scalability and efficiency. The 400GbE-capable platforms, 100/400GbE inline MACsec, silicon, system, and SDN innovations for the core empower network operators to scale faster than the traffic in an elegant, elastic, redundant package—without requiring forklift upgrades.
    • Static architecture: Virtualized services and the explosion of cloud-based applications are creating increasingly unpredictable traffic patterns. To handle this unpredictability, service providers need a dynamic, scale-out architecture across all layers to create programmable, traffic-optimized networks that support any service, anywhere.
    • Power costs: For cloud and communication providers, the operational cost of transmitting a packet through the core is less than the cost of the power required to move that packet. In fact, projections suggest that over a few short years, the total power draw will exceed the cost of deploying the entire network infrastructure. Efficient power utilization by the core router requires a holistic ground-up engineering approach.
    • Facility limitations: Service providers cannot grow their facilities exponentially forever. They need innovations that provide a low-touch deployment model optimized around space availability, facility power requirements, and floor weight thresholds. Transport-oriented central office locations have the added burden of meeting European Telecommunications Standards Institute (ETSI) standard depth. Any transit router innovation must operate within these constraints.
    In order to address these challenges, cloud and communication providers need an innovative, scalable core router that satisfies three defining principles: performance, deployability, and SDN programmability. The PTX1000, PTX10001-36MR, PTX10002, and PTX10003 fixed-configuration packet transport routers provide the foundation for a scale-out core backbone architecture, ensuring a consistent user experience across geographies. The PTX1000, PTX10001-36MR, PTX10002, and PTX10003 meet all existing traditional core requirements, easily fitting into cloud and communication provider networks that require transit-focused IP/MPLS applications such as Internet peering, scale-out metro and backbone topologies, and label-switching router (LSR) optimized deployments.

    Architecture and Key Components

    The PTX1000, PTX10001-36MR, PTX10002, and PTX10003 fixed-configuration packet transport routers bring physical and virtual innovation to the cloud and service provider core networks, addressing concerns about operational expenditures while scaling organically to keep pace with growing traffic demands with the following features:
    • Core routing: The PTX1000, PTX10001-36MR, PTX10002, and PTX10003 employ a massively scalable yet compact 1, 2, or 3 U form factor with secure connectivity and high flexibility.
    • Peering: The PTX Series fixed platforms are perfect for scale-out peering in space- and power-constrained environments with full traffic visibility and L3 services.
    • LSR: The PTX Series fixed platforms provide 2.88 Tbps to 16 Tbps aggregate capacity for multi-plane core networks as an LSR router. They can also be positioned as an LSR fabric node in spine-leaf architectures for increased scale and reduced blast radius.
    • CDN Gateway: The compact PTX Series offers high routing scale in a 1, 2, or 3 U fixed form factor for full traffic statistics visibility and deep buffers.
    • Data Center Interconnect (DCI): The PTX10001-36MR and PTX10003 offer secure inline MACsec with no compromise in throughput or latency, and an extended range enabled by 400GbE ZR / ZR+.

    Innovations in Silicon

    Physical innovations at the core silicon level enable the PTX Series fixed-configuration routers to reduce OpEx and accommodate scale-out architectures with smooth migration paths as traffic patterns change.

    Express3 and Express-Based Silicon

    The PTX1000 and PTX10002 are powered by Express3 silicon, delivering predictable IP/MPLS packet performance and functionality. The PTX10003 is powered by functionally equivalent Express3 Silicon to support high-density 100/200/400GbE interfaces and inline MACsec with no performance penalty while delivering the same IP/MPLS functionality. Express3 silicon eliminates the complex sawtooth packet profile found in elaborate, over-engineered network processing units (NPUs) deployed in other core routers. This delivers the peering scale required to match expanding traffic demands. These devices build upon the Juniper Networks Junos® Express silicon concepts of low consistent latency and wire-rate packet performance for both IP traffic and MPLS transport, without sacrificing the optimized system power profile. These concepts are incorporated into the PTX Series design along with full IP functionality, preserving the spirit of the original Junos Express chipset. The Express3 silicon is the first purpose-built telecommunications silicon to engineer a 3D memory architecture into the base design for more than 1.6 billion filter operations per second, dynamic table memory allocation for mammoth IP routing scale, and enormous power efficiency gains. The PTX10003 supports inline MACsec on all interfaces using 10/40/100GbE.

    Express4 Silicon

    The PTX10001-36MR is powered by the highly scalable, next-generation ASIC in the Express silicon family, Juniper Express4 silicon—the industry’s first inline MACsec for 400GbE chips that supports universal multirate QSFP56-DD. Juniper Express4 silicon delivers consistently low latency, 8m counters, 256 AES MACsec encryption supported on all ports, and wire-rate packet performance for IP traffic without sacrificing the optimized system power profile. Preserving the spirit of the Junos Express silicon family, Juniper Express4 silicon is the first purpose-built telecommunications silicon to incorporate a 3D memory architecture into the base design, offering the industry’s highest packet performance per gigabit in the fewest rack units. It also provides dynamic table memory allocation for massive IP routing scale while delivering tremendous power efficiency gains at 0.14 Watts/Gig. The ability to address a provider’s core networking requirements—scale, operational flexibility, and SDN control—begins with the silicon. With the PTX Series fixed-configuration routers, operators can now deploy a core architecture with SDN control. Combining Juniper Networks NorthStar Controller with a robust full-featured Internet backbone router, and a regional IP/MPLS core router with integrated 100GbE coherent transport for superior performance, operators can tune their network infrastructure through proactive monitoring and what-if planning capabilities. The NorthStar Controller dynamically creates explicit routing paths using a global view based on user-defined constraints to create a fully autonomous operation. Scale is one of the guiding design principles for the PTX Series routers, allowing network operators to smoothly handle increased traffic demands. The PTX Series fixed-configuration routers simplify network engineering challenges with predictable system latency, improving the overall service experience by delivering best-in-class resiliency to help providers meet strict customer service-level agreements (SLAs). Operational efficiency is another design attribute for the PTX Series routers, focusing on power, space, and weight—fundamental concerns that affect network operators’ operational budgets. Juniper has designed the PTX Series to fit the requirements of current and future data center facilities. SDN programmability brings virtual innovations to the service provider core, while the NorthStar Controller offers an open, standards-based solution that optimizes both the IP layer and the transport layer with precise SDN control, allowing network operators to fully automate and scale their operations with ease.

    PTX1000, PTX10002, and PTX10003 Fixed-Configuration Packet Transport Routers

    PTX1000

    The PTX1000, with its rich IP/MPLS feature set, lets service providers organically distribute peering points throughout the network without sacrificing performance and deployability—the main contributors to eroding TCO for service providers when peering. The PTX1000 expands the applications scope that the PTX Series architecture addresses, enabling service providers to implement a distributed core architecture for interconnecting growing cloud services. Service providers can distribute peering points to match traffic demand with an optimized core router without sacrificing performance or deployability. The PTX1000 is a first-generation fixed-configuration core router, providing up to 3 million FIB and 10+ million routing information base (RIB) in a 2 U footprint, making it easily deployable in space-constrained Internet exchange locations, remote central offices, and embedded peering points anywhere in the network, including cloud-hosted services. The PTX1000 operates at 2.88 Tbps in a fixed core router configuration and supports flexible interface configuration options, including 288 10GbE ports via a quad small form-factor pluggable plus transceiver (QSFP+) breakout, 72 40GbE ports via QSFP+, and 24 100GbE ports via QSFP28.

    PTX10001-36MR

    The PTX10001-36MR features a compact, 1 U form factor that is easy to deploy in space- and power-constrained Internet exchange locations, remote central offices, and embedded peering points throughout the network, including cloud- hosted services. The PTX10001-36MR is particularly suited for power-constrained environments, providing unprecedented power efficiency of 0.14 watts/Gbps. It offers up to 4 million IPv4 FIB, deep buffers, and integrated 100GbE and 400GbE MACsec capabilities. The PTX10001-36MR operates at 9.6 Tbps in a fixed core router configuration with 36 multi-rate ports—24 400GbE (QSFP56-DD) ports and 12 100GbE (QSFP28) ports to facilitate the migration from 100GbE to 400GbE deployments. The PTX10001-36MR features flexible interface configuration options with universal multi-rate QSFP-DD for 100GbE/400GbE to support 120 10GbE ports with QSFP+ breakout, 60 100GbE ports with QSFP28-DD (24x2) and QSFP28 (12), 108 100GbE ports with QSFP56-DD breakout (24x4) and QSFP28 (12), and 24 400GbE ports with QSFP56-DD. PTX10001-36MR supports MACSec on all ports, regardless of the port speed.

    PTX10002

    The PTX10002 is a second-generation PTX Series fixed-configuration core router featuring a compact, 2 U form factor that is easy to deploy in space-constrained Internet exchange locations, remote central offices, and embedded peering points throughout the network, including cloud-hosted services. The PTX10002 operates at 6 Tbps in a fixed core router configuration. It supports flexible interface configuration options, offering 60 physical quad small form-factor pluggable 28 (QSFP28) 100GbE ports, 60 QSFP+ 40GbE ports, and 192 10GbE ports via QSFP+ breakout cables.

    PTX10003

    The PTX10003 is a fixed-configuration core router featuring a compact, 3 U form factor that is easy to deploy in space-constrained Internet exchange locations, remote central offices, and embedded peering points throughout the network, including cloud-hosted services. It offers up to 4 million FIB, deep buffers, and integrated 100GbE MACsec capabilities. The PTX10003 uniquely addresses power-constrained environments by providing unprecedented power efficiency of 0.2 watts/Gbps. Two versions of the PTX10003 are available, supporting 8 Tbps and 16 Tbps respectively in a 3 U footprint. Operating in a fixed core router configuration, the 8 Tbps model features flexible interface configuration options with universal multi-rate QSFP-DD for 100GbE/400GbE to support 160 (QSFP+) 10GbE ports, 80 (QSFP28) 100GbE ports, 32 (QSFP28-DD) 200GbE ports, and 16 (QSFP56-DD) 400GbE ports. The 16 Tbps model also offers universal multi-rate QSFP-DD for 100GbE/400GbE to support 320 (QSFP+) 10GbE ports, 160 (QSFP28) 100GbE ports, 64 (QSFP28-DD) 200GbE ports, and 32 (QSFP56-DD) 400GbE ports. PTX10001-36MR and PTX10003 routers offer native SFP+ transceiver support through QSFP adapter, MAM1Q00A-QSA . This option enables deployments where 10GE connectivity over more than 10KM single mode fiber links is required.

    Features and Benefits

    Performance is one of the guiding design principles for the PTX Series Packet Transport Routers. This focus empowers cloud and service providers with superior scale to match increased traffic levels and network engineering challenges with predictable system latency to improve the overall service experience, deliver best-in-class resiliency, and ensure that services meet strict customer SLAs. Deployability is the other guiding design principle for the PTX Series routers, focusing on power, space, and weight—fundamental concerns that impact service providers’ operational budget with respect to growing traffic. Infinite programmability with automation and telemetry brings virtual innovations to the cloud and service provider core, while the NorthStar Controller is an open, standards-based solution that optimizes both the IP layer and the transport layer with precise SDN control, allowing service providers to automate and scale operations with efficiency, simplicity, and security. One Junos Experience delivers operational consistency and uniformity across PTX Series platforms and solutions. The most modern OS on the market, Junos Evolved, is designed from the ground up for reliability, resiliency, velocity, and integration simplicity. Table 1 summarizes the features available on the fixed-configuration PTX Series Packet Transport Routers.
    Table 1. Fixed-Configuration PTX Series Features and Benefits
    Feature Feature Description Benefit
    System capacity The PTX1000 scales to 3 Tbps in a single chassis, breaking out into 288 10GbE, 72 40GbE, and 24 100GbE interfaces. The PTX10001-36MR scales to 9.6 Tbps in a single chassis, featuring flexible interface configuration options with universal multi-rate QSFP-DD for 100GbE/400GbE to support 120 10GbE ports with QSFP+ breakout, 60 100GbE ports with QSFP28-DD (24x2) and QSFP28 (12), 108 100GbE ports with QSFP56-DD breakout (24x4) and QSFP28 (12), and 24 400GbE ports with QSFP56-DD. The PTX10002 scales to 6 Tbps in a single chassis, breaking out into 192 10GbE, 60 40GbE, and 60 100GbE interfaces. The PTX10003 8 Tbps model scales to 8 Tbps is a single chassis, breaking out into 160 10GbE, 80 100GbE, 32 200GbE, and 16 400GbE interfaces. The PTX10003 16 Tbps model scales to 16 Tbps in a single chassis, breaking out into 320 10GbE, 160 100GbE, 64 200GbE, and 32 400GbE interfaces. The PTX1000, PTX10001-36MR, PTX10002, and PTX10003 give cloud and service providers the performance and scalability needed to outpace growing traffic demands.
    High availability (HA) hardware The PTX1000, PTX10001-36MR, PTX10002 and PTX10003 are built with hardware redundancy for cooling, power supplies, and forwarding. HA is critical for service providers to maintain an always-on infrastructure base and meet stringent SLAs across the core.
    Packet performance The PTX1000 and PTX10002 include groundbreaking Express3 silicon, empowering them with unparalleled packet processing for both full IP functionality and MPLS transport, leveraging a revolutionary 3D memory architecture. The PTX10003 uses a newer version of Express3 silicon that delivers inline MACsec on all ports and dense 100/400GbE. The PTX10001-36MR uses the next generation of Express, Express4 silicon, that delivers 100/400GbE inline MACsec on all ports for dense 400GbE architectures. Exceptional packet processing capabilities help alleviate the challenge of scaling the network as traffic levels increase while optimizing IP/MPLS transit functionality around superior performance and elegant deployability.
    Ultra-compact 1 U, 2 U and 3 U form factor With cutting-edge innovation in power and cooling technology, the PTX fixed-configuration core routers provide compact, power-optimized scale and efficiency. The PTX1000 provides 2.88 Tbps of capacity in a 2 U form factor; the PTX10001-36MR provides 9.6 Tbps in a 1 U form factor; the PTX10002 provides 6 Tbps of capacity in a 2 U form factor; the PTX10003 provides up to 16 Tbps of capacity in a 3 U form factor. Space efficiency is a critical requirement for peering Internet exchange points, peering collocations, central offices, and regional networks, especially in emerging markets.
    Security The PTX Series Packet Transport routers use a combination of hardware-based mechanisms like MACsec and software-based features like firewall filters and DDoS to provide scalable security. 100GbE and 400GbE inline MACsec is supported on all ports with no compromise in latency. Inline data plane MACsec security with no throughput or latency penalties in addition to control plane security with DDoS.

    PTX Series Fixed-Configuration Routers Specifications

    Hardware PTX1000 PTX10001-36MR PTX10002 PTX10003 (8T) PTX10003 (16T)
    System throughput 3 Tbps 9.6 Tbps 6 Tbps 8 Tbps 16 Tbps
    Forwarding capacity Up to 2 Bpps Up to 6 Bpps Up to 4 Bpps Up to 5.3 Bpps Up to 10.6 Bpps
    Max. 10GbE port density 288 120 192 160 320
    Max. 40GbE port density 72 30 60 40 80
    Max. 100GbE port density 24 108 60 80 160
    Max 200GbE port density - 48 - 32 64
    Max 400GbE port density - 24 - 16 32
    Dimension (WxHxD) 17.4 x 3.46 x 31 in (44.2 x 8.8 x 78.7 cm) 17.3 x 1.75 x 25.5 in (44 x 4.45 x 64.8 cm) 17.4 x 3.46 x 31 in (44.2 x 8.8 x 78.7 cm) 17.4 x 5.25 x 31 in (44.2 x 13.3 x 78.7 cm) 17.4 x 5.25 x 31 in (44.2 x 13.3 x 78.7 cm)
    Rack units 2 U 1 U 2 U 3 U 3 U
    Weight 68 lb (31 kg) 39.7 lb (18 kg) 68 lb (31 kg) 88 lb (40 kg) 110 lb (50 kg)
    CPU Intel Quad Core Ivy Bridge 2.5 GHz CPU Intel Xeon 12-Core 2.1 GHz CPU Intel Quad Core Ivy Bridge 2.5 GHz CPU Intel Broadwell CPU with 12 Cores Intel Broadwell CPU with 12 Cores
    RAM 32 Gb SDRAM 64 Gb SDRAM 32 Gb SDRAM 64 Gb SDRAM 64 Gb SDRAM
    SSD 64 GBx2 200 GBx2 64 GBx2 200 GBx2 200 GBx2
    Maximum power draw 1425 W (AC, DC), 4862 BTU/hr 2164 W (AC, DC), 7384 BTU/hr 2425 W (AC, DC), 8274 BTU/hr ~2500 W (AC,DC), 8525 BTU/hr ~4000 W (AC.DC), 13640 BTU/hr
    Typical power draw 1050 W (AC, DC), 3583 BTU/hr 1300 W (AC, DC), 4436 BTU/hr 1850 W (AC, DC), 6312 BTU/hr ~1600 W (AC,DC), 5456 BTU/hr ~3100W (AC,DC), 10571 BTU/hr
    Power supply 4x1600 watts (AC/DC) 2x3000 watts (AC/DC) 4x1600 watts (AC/DC) 2x3000 watts (AC/DC) 4x3000 watts (AC/DC)
    Cooling (front-to-back fan) 3 hot-swappable redundant fans 6 hot-swappable redundant fans 3 hot-swappable redundant fans 3 hot-swappable redundant fans 5 hot-swappable redundant fans
    Packet buffer 24 Gb 24 Gb 24 Gb 64 Gb 128 Gb
    Latency 2.5 µs within Packet Forwarding Engine (PFE), 5 µs between PFEs 2.5 µs within PFE, 5 us between PFEs 2.5 µs within PFE, 5 us between PFEs 2.5 µs within PFE, 5 us between PFEs 2.5 µs within PFE, 5 us between PFEs
    Power Efficiency (watts/Gbps) 0.4 0.14 0.3 0.2 0.2

    PTX1000, PTX10002, and PTX10003 Software Feature Table

    Feature PTX1000 PTX10001-36MR PTX10002 PTX10003 (8/16 Tbps)
    MPLS-TE Yes Yes Yes Yes
    MPLS LSR Yes Yes Yes Yes
    Firewall filters ACL Yes Yes Yes Yes
    SPRINGv4 Yes Yes Yes Yes
    DDoS control plane Yes Yes Yes Yes
    JFlow/SFlow Yes Yes Yes Yes
    BGP FlowSpec, EPE, URPF, L3VPN Yes Yes Yes Yes
    Integrated routing and bridging (IRB) Yes Yes Yes Yes
    Telemetry, NETCONF/YANG Yes Yes Yes Yes
    Zero Touch Provisioning (ZTP) Yes Yes Yes Yes
    PCEP, BGP-LS Yes Yes Yes Yes
    Fast restoration Yes Yes Yes Yes
    Operation, Administration, and Maintenance (OAM) Yes Yes Yes Yes

    Management Interfaces

    • 1 small form-factor pluggable transceiver (SFP/SFP+) port or Precision Time Protocol (PTP) Grandmaster
    • Fiber (SFP) or 10/100/1000BASE-T (RJ-45) Ethernet management port
    • SMB in, SMB out, 10 MHz in, 10 MHz out
    • One console port
    • USB 2.0 storage interface

    Environmental Ranges

    • Operating temperature: 32° to 115° F (0° to 46° C) at sea level
    • Storage temperature: -40° to 158° F (-40° to 70° C)
    • Operating altitude: Up to 10,000 ft. (3048 m)
    • Relative humidity operating: 5 to 90% (noncondensing)
    • Relative humidity nonoperating: 5 to 95% (noncondensing)
    • Seismic: Designed to meet GR-63, Zone 4 earthquake requirements

    Safety and Compliance

    Safety

    • CAN/CSA-C22.2 No. 60950-1 Information Technology Equipment—Safety
    • UL 60950-1 Information Technology Equipment—Safety
    • EN 60950-1 Information Technology Equipment—Safety
    • IEC 60950-1 Information Technology Equipment—Safety (all country deviations)
    • EN 60825-1 Safety of Laser Products—Part 1: Equipment Classification

    Electromagnetic Compatibility

    • 47CFR Part 15, (FCC) Class A
    • ICES-003 Class A
    • EN 55022 Class A
    • CISPR 22 Class A
    • EN 55024
    • CISPR 24
    • EN 300 386
    • VCCI Class A
    • AS/NZA CISPR22 Class A
    • KN22 Class A
    • CNS 13438 Class A
    • EN 61000-3-2
    • EN 61000-3-3
    • ETSI
    • ETSI EN 300 019: Environmental Conditions & Environmental Tests for Telecommunications Equipment
    • ETSI EN 300 019-2-1 (2000)—Storage
    • ETSI EN 300 019-2-2 (1999)—Transportation
    • ETSI EN 300 019-2-3 (2003)—Stationary Use at Weather-protected Locations
    • ETS 300753 (1997)—Acoustic noise emitted by telecommunications equipment

    Environmental Compliance

      Restriction of Hazardous Substances (ROHS) 6/6     Silver PSU Efficiency      Recycled material   Waste Electronics and Electrical Equipment (WEEE)   Registration, Evaluation, Authorisation and Restriction of Chemicals (REACH)    China Restriction of Hazardous Substances (ROHS)

    Telco

    • Common Language Equipment Identifier (CLEI) code

    Juniper Networks Services and Support

    Juniper Networks is the leader in performance-enabling services that are designed to accelerate, extend, and optimize your high-performance network. Our services allow you to maximize operational efficiency while reducing costs and minimizing risk, achieving a faster time to value for your network. Juniper Networks ensures operational excellence by optimizing the network to maintain required levels of performance, reliability, and availability. For more details, please visit https://www.juniper.net/us/en/products.html.

    Automated Support and Prevention

    Juniper’s Automated Support and Prevention consists of an ecosystem of tools, applications, and systems targeted towards simplifying and streamlining operations, delivering operational efficiency, reducing downtime, and increasing your network’s ROI running Juniper Networks Junos operating system. Automated Support and Prevention brings operational efficiency by automating several time-consuming tasks such as incident management, inventory management, proactive bug notification, and on-demand EOL/EOS/EOE reports. The Junos Space® Service Now and Service Insight service automation tools are standard entitlements of all Juniper Care contracts.

    Warranty

    For warranty information, please visit https://support.juniper.net/support/warranty/

    Ordering Information

    Product Number Description
    PTX1000
    PTX1K-72Q-AC PTX1000 base system with 24-port 100GbE QSFP28/72-port 40GbE QSFP+/288-port 10GbE SFP+ with 4 1600 W AC power supplies, 4 power cables, and 3 fan trays
    PTX1K-72Q-DC PTX1000 base system with 24-port 100GbE QSFP28/72-port 40GbE QSFP+/288-port 10GbE SFP+ with 4 1600 W DC power supplies, 4 power cables, and 3 fan trays
    PTX1K-72Q-AC-IR PTX1000 LSR/peering system with 24-port 100GbE QSFP28/72-port 40GbE QSFP+/288-port 10GbE SFP+ with 4 1600 W AC power supplies, 4 power cables, and 3 fan trays
    PTX1K-72Q-DC-IR PTX1000 LSR/peering system with 24-port 100GbE QSFP28/72-port 40GbE QSFP+/288-port 10GbE SFP+ with 4 1600 W DC power supplies, 4 power cables, and 3 fan trays
    PTX1K-72Q-AC-R PTX1000 full IP system with 24-port 100GbE QSFP28/72-port 40GbE QSFP+/288-port 10GbE SFP+ with 4 1600 W AC power supplies, 4 power cables, and 3 fan trays
    PTX1K-72Q-DC-R PTX1000 full IP system with 24-port 100GbE QSFP28/72-port 40GbE QSFP+/288-port 10GbE SFP+ with 4 1600 W DC power supplies, 4 power cables, and 3 fan trays
    PTX1K-36Q-AC PTX1000 base system with 12-port 100GbE QSFP28/36-port 40GbE QSFP+/144-port 10GbE SFP+ with 4 1600 W AC power supplies, 4 power cables, and 3 fan trays
    PTX1K-36Q-DC PTX1000 base system with 12-port 100GbE QSFP28/36-port 40GbE QSFP+/144-port 10GbE SFP+ with 4 1600 W DC power supplies, 4 power cables, and 3 fan trays
    PTX1K-36Q-AC-IR PTX1000 LSR/peering system with 12-port 100GbE QSFP28/36-port 40GbE QSFP+/144-port 10GbE SFP+ with 4 1600 W AC power supplies, 4 power cables, and 3 fan trays
    PTX1K-36Q-DC-IR PTX1000 LSR/peering system with 12-port 100GbE QSFP28/36-port 40GbE QSFP+/144-port 10GbE SFP+ with 4 1600 W DC power supplies, 4 power cables, and 3 fan trays
    PTX1K-36Q-AC-R PTX1000 full IP system with 12-port 100GbE QSFP28/36-port 40GbE QSFP+/144-port 10GbE SFP+ with 4 1600 W AC power supplies, 4 power cables, and 3 fan trays
    PTX1K-36Q-DC-R PTX1000 full IP system with 12-port 100GbE QSFP28/36-port 40GbE QSFP+/144-port 10GbE SFP+ with 4 1600 W DC power supplies, 4 power cables, and 3 fan trays
    PTX1K-18Q-AC PTX1000 base system with 6-port 100GbE QSFP28/18-port 40GbE QSFP+/72-port 10GbE SFP+ with 4 1600 W AC power supplies, 4 power cables, and 3 fan trays
    PTX1K-18Q-DC PTX1000 base system with 6-port 100GbE QSFP28/18-port 40GbE QSFP+/72-port 10GbE SFP+ with 4 1600 W DC power supplies, 4 power cables, and 3 fan trays
    PTX1K-18Q-AC-IR PTX1000 LSR/peering system with 6-port 100GbE QSFP28/18-port 40GbE QSFP+/72-port 10GbE SFP+ with 4 1600 W AC power supplies, 4 power cables, and 3 fan trays
    PTX1K-18Q-DC-IR PTX1000 LSR/peering system with 6-port 100GbE QSFP28/18-port 40GbE QSFP+/72-port 10GbE SFP+ with 4 1600 W DC power supplies, 4 power cables, and 3 fan trays
    PTX1K-18Q-AC-R PTX1000 full IP system with 6-port 100GbE QSFP28/18-port 40GbE QSFP+/72-port 10GbE SFP+ with 4 1600 W AC power supplies, 4 power cables, and 3 fan trays
    PTX1K-18Q-DC-R PTX1000 full IP system with 6-port 100GbE QSFP28/18-port 40GbE QSFP+/72-port 10GbE SFP+ with 4 1600 W DC power supplies, 4 power cables, and 3 fan trays
    S-PTX1K-72Q-SCA-UP PTX1000 scale-up software license to upgrade 72 port system (base to LSR or LSR to full IP)
    S-PTX1K-36Q-SCA-UP PTX1000 scale-up software license to upgrade 36 port system (base to LSR or LSR to full IP)
    S-PTX1K-18Q-SCA-UP PTX1000 scale-up software license to upgrade 18 port system (base to LSR or LSR to full IP)
    S-PTX1K-UPG-18Q PTX1000 software license to add 18 more ports to base system
    S-PTX1K-UPG-18Q-IR PTX1000 software license to add 18 more ports to LSR/peering system
    S-PTX1K-UPG-18Q-R PTX1000 software license to add 18 more ports to full IP system
    JPSU-1600W-AC-AFO PTX1000 1600 W AC power supply
    JPSU-1600W-DC-AFO PTX1000 1600 W DC power supply
    PTX1000-FAN-S PTX1000 fan
    JNP-3000W-DC-AFO DC power supply for JNP10003-160C and JNP10003-80C fixed platforms
    PTX10001-36MR
    PTX10001-36MR-AC PTX10001 36 QSFP56-DD / QSFP28 multi-rate port base system with redundant AC Power supplies, FAN trays, Junos Evolved
    PTX10001-36MR-DC PTX10001 36 QSFP56-DD / QSFP28 multi-rate port base system with redundant DC Power supplies, FAN trays, Junos Evolved
    JNP-FAN2-1RU Fan Tray for JNP10001-36MR platform
    JNP10001-36MR JNP10001 chassis with 36 QSFP56-DD / QSFP28 multi-rate ports, no power supplies or fans
    JNP-3000W-AC-AFO AC power supply for JNP10001-36MR fixed platform
    JNP-3000W-DC-AFO DC power supply for JNP10001-36MR fixed platform
    S-PTX10K-108C-A1-P SW, PTX10K fixed platform, 10.8T, right-to-use Advanced1 tier, without SW support, Perpetual
    S-PTX10K-108C-A2-P SW, PTX10K fixed platform, 10.8T, right-to-use Advanced2 tier, without SW support, Perpetual
    S-PTX10K-108C-P1-P SW, PTX10K fixed platform, 10.8T, right-to-use Premium1 tier, without SW support, Perpetual
    S-PTX10K-108C-P2-P SW, PTX10K fixed platform, 10.8T, right-to-use Premium2 tier, without SW support, Perpetual
    S-PTX10K-108C-A1-5 SW, PTX10K fixed platform, 10.8T, right-to-use Advanced1 tier, with SW support, 5 Years
    S-PTX10K-108C-A2-5 SW, PTX10K fixed platform, 10.8T, right-to-use Advanced2 tier, with SW support, 5 Years
    S-PTX10K-108C-P1-5 SW, PTX10K fixed platform, 10.8T, right-to-use Premium1 tier, with SW support, 5 Years
    S-PTX10K-108C-P2-5 SW, PTX10K fixed platform, 10.8T, right-to-use Premium2 tier, with SW support, 5 Years
    S-PTX10K-108C-A1-3 SW, PTX10K fixed platform, 10.8T, right-to-use Advanced1 tier, with SW support, 3 Years
    S-PTX10K-108C-A2-3 SW, PTX10K fixed platform, 10.8T, right-to-use Advanced2 tier, with SW support, 3 Years
    S-PTX10K-108C-P1-3 SW, PTX10K fixed platform, 10.8T, right-to-use Premium1 tier, with SW support, 3 Years
    S-PTX10K-108C-P2-3 SW, PTX10K fixed platform, 10.8T, right-to-use Premium2 tier, with SW support, 3 Years
    S-PTX10K100GMSEC-P SW, PTX10K 100G MACsec License SKU, w/out Customer Support, must purchase CS SKU separately, Perpetual
    S-PTX10K400GMSEC-P SW, PTX10K 400G MACsec License SKU, w/out Customer Support, must purchase CS SKU separately, Perpetual
    PTX10002
    PTX10002-60C-AC PTX10002 base system with 60-port 100GbE QSFP28/60-port 40GbE QSFP+/192-port 10GbE SFP+ with 4 1600 W AC power supplies, 4 power cables, and 3 fan trays
    PTX10002-60C-DC PTX10002 base system with 60-port 100GbE QSFP28/60-port 40GbE QSFP+/192-port 10GbE SFP+ with 4 1600 W DC power supplies, 4 power cables, and 3 fan trays
    PTX10002-60C-AC-IR PTX10002 LSR/peering system with 60-port 100GbE QSFP28/60-port 40GbE QSFP+/192-port 10GbE SFP+ with 4 1600 W AC power supplies, 4 power cables, and 3 fan trays
    PTX10002-60C-DC-IR PTX10002 LSR/peering system with 60-port 100GbE QSFP28/60-port 40GbE QSFP+/192-port 10GbE SFP+ with 4 1600 W DC power supplies, 4 power cables, and 3 fan trays
    PTX10002-60C-AC-R PTX10002 full IP system with 60-port 100GbE QSFP28/60-port 40GbE QSFP+/192-port 10GbE SFP+ with 4 1600 W AC power supplies, 4 power cables, and 3 fan trays
    PTX10002-60C-DC-R PTX10002 full IP system with 60-port 100GbE QSFP28/60-port 40GbE QSFP+/192-port 10GbE SFP+ with 4 1600 W DC power supplies, 4 power cables, and 3 fan trays
    PTX10K2-60C-H-AC PTX10002 base system with 30-port 100GbE QSFP28/30-port 40GbE QSFP+/96-port 10GbE SFP+ with 4 1600 W AC power supplies, 4 power cables, and 3 fan trays
    PTX10K2-60C-H-DC PTX10002 base system with 30-port 100GbE QSFP28/30-port 40GbE QSFP+/96-port 10GbE SFP+ with 4 1600 W DC power supplies, 4 power cables, and 3 fan trays
    PTX10K2-60C-H-ACIR PTX10002 LSR/peering system with 30-port 100GbE QSFP28/30-port 40GbE QSFP+/96-port 10GbE SFP+ with 4 1600 W AC power supplies, 4 power cables, and 3 fan trays
    PTX10K2-60C-H-DCIR PTX10002 LSR/peering system with 30-port 100GbE QSFP28/30-port 40GbE QSFP+/96-port 10GbE SFP+ with 4 1600 W DC power supplies, 4 power cables, and 3 fan trays
    PTX10K2-60C-H-AC-R PTX10002 full IP system with 30-port 100GbE QSFP28/30-port 40GbE QSFP+/96-port 10GbE SFP+ with 4 1600 W AC power supplies, 4 power cables, and 3 fan trays
    PTX10K2-60C-H-DC-R PTX10002 full IP system with 30-port 100GbE QSFP28/30-port 40GbE QSFP+/96-port 10GbE SFP+ with 4 1600 W DC power supplies, 4 power cables, and 3 fan trays
    JPSU-1600W-AC-AFO PTX1000 1600 W AC power supply
    JPSU-1600W-DC-AFO PTX1000 1600 W DC power supply
    JNP10002-FAN1 PTX10002 fan
    S-PTX10K2-60C-S-UP PTX10002 scale-up software license to upgrade 60-port system (base to LSR or LSR to full IP)
    S-PTX10K2-30C-S-UP PTX10002 scale-up software license to upgrade 30-port system (base to LSR or LSR to full IP)
    S-PTX10K2-15C-S-UP PTX10002 scale-up software license to upgrade 15-port system (base to LSR or LSR to full IP)
    S-PTX10K2-U-15C PTX10002 software license to add 15 more ports to base system
    S-PTX10K2-U-15C-IR PTX10002 software license to add 15 more ports to LSR/peering system
    S-PTX10K2-U-15C-R PTX10002 software license to add 15 more ports to full IP system
    PTX10003
    PTX10003-160C-AC PTX10003-160C base system with 160 100GbE ports or 32 400GbE ports, 4 3000W AC power supplies, 4 power cables, and 5 fan trays, with standard tier right-to-use license
    PTX10003-160C-DC PTX10003-160C base system with 160 100GbE ports or 32 400GbE ports, 4 3000W DC power supplies, and 5 fan trays, with standard tier right-to-use license
    PTX10003-80C-AC PTX10003-80C base system with 80 100GbE ports or 16 400GbE ports, 2 3000W AC power supplies, 2 power cables, and 3 fan trays, with standard tier right-to-use license
    PTX10003-80C-DC PTX10003-80C base system with 80 100GbE ports or 16 400GbE ports, 2 3000W DC power supplies, and 3 fan trays, with standard tier right-to-use license
    S-PTX10K3-16T-A1-P 16T PTX10003 Advanced1 tier right-to-use license, perpetual, without SW support
    S-PTX10K3-16T-A2-P 16T PTX10003 Advanced2 tier right-to-use license, perpetual, without SW support
    S-PTX10K3-16T-P1-P 16T PTX10003 Premium1 tier right-to-use license, perpetual, without SW support
    S-PTX10K3-16T-P2-P 16T PTX10003 Premium2 tier right-to-use license, perpetual, without SW support
    S-PTX10K3-16T-A1-5 16T PTX10003 Advanced1 tier right-to-use license, 5-year term, with SW support
    S-PTX10K3-16T-A2-5 16T PTX10003 Advanced2 tier right-to-use license, 5-year term, with software support
    S-PTX10K3-16T-P1-5 16T PTX10003 Premium1 tier right-to-use license, 5-year term, with software support
    S-PTX10K3-16T-P2-5 16T PTX10003 Premium2 tier right-to-use license, 5-year term, with software support
    S-PTX10K3-16T-A1-3 16T PTX10003 Advanced1 tier right-to-use license, 3-year term, with SW support
    S-PTX10K3-16T-A2-3 16T PTX10003 Advanced2 tier right-to-use license, 3-year term, with software support
    S-PTX10K3-16T-P1-3 16T PTX10003 Premium1 tier right-to-use license, 3-year term, with software support
    S-PTX10K3-16T-P2-3 16T PTX10003 Premium2 tier right-to-use license, 3-year term, with software support
    S-PTX10K3-8T-A1-P 8T PTX10003 Advanced1 tier right-to-use license, perpetual, without SW support
    S-PTX10K3-8T-A2-P 8T PTX10003 Advanced2 tier right-to-use license, perpetual, without SW support
    S-PTX10K3-8T-P1-P 8T PTX10003 Premium1 tier right-to-use license, perpetual, without SW support
    S-PTX10K3-8T-P2-P 8T PTX10003 Premium2 tier right-to-use license, perpetual, without SW support
    S-PTX10K3-8T-A1-5 8T PTX10003 Advanced1 tier right-to-use license, 5-year term, with software support
    S-PTX10K3-8T-A2-5 8T PTX10003 Advanced2 tier right-to-use license, 5-year term, with software support
    S-PTX10K3-8T-P1-5 8T PTX10003 Premium1 tier right-to-use license, 5-year term, with software support
    S-PTX10K3-8T-P2-5 8T PTX10003 Premium2 tier right-to-use license, 5-year term, with software support
    S-PTX10K3-8T-A1-3 8T PTX10003 Advanced1 tier right-to-use license, 3-year term, with software support
    S-PTX10K3-8T-A2-3 8T PTX10003 Advanced2 tier right-to-use license, 3-year term, with software support
    S-PTX10K3-8T-P1-3 8T PTX10003 Premium1 tier right-to-use license, 3-year term, with software support
    S-PTX10K3-8T-P2-3 8T PTX10003 Premium2 tier right-to-use license, 3-year term, with software support
    JNP10003-160C-CHAS JNP10003-160C spare chassis with 160 100GbE ports or 32 400GbE ports
    JNP10003-80C-CHAS JNP10003-80C spare chassis with 80 100GbE ports or 16 400GbE ports
    JNP10003-FAN Fan tray for 3RU 8T and 16T fixed platforms
    JNP-3000W-AC-AFO AC power supply for JNP10003-160C and JNP10003-80C fixed platforms
    Add to cart Details

  • PTX10003 Packet Transport Router

    ASK FOR PRICE

    Product Overview

    Changing market dynamics have intensified the challenge of accommodating growth with traditional products and architectures. Juniper’s secure and automated solutions help cloud-based networks quickly react to these evolving conditions, accelerating service delivery with world-class products and innovative architectural components. PTX Series Fixed Configuration Routers with custom Express3 and Express4 silicon are an integral part of this solution, delivering a massively scalable and efficient core architecture across space- and power-constrained cloud provider, service provider, and enterprise networks, reducing TCO with innovative, highly flexible, high-performance platforms built for the most demanding environments.

    Product Description

    The Juniper Networks® PTX Series Packet Transport Routers transform the core network with physical and virtual innovations that deliver unprecedented scale at the lowest cost per bit. Four fixed-configuration platforms are available: the PTX1000 Packet Transport Router, the industry’s first 2 U packet transport routing device; the PTX10001-36MR Packet Transport Router, a compact, power-optimized 400GbE platform based on custom Express4 silicon; the PTX10002 Packet Transport Router, a second-generation device that doubles the density of the PTX1000 with Juniper Networks Express3™ silicon; and the PTX10003, the industry’s first 3U 400-GbE enabled packet transport routing device. These transport routers give cloud and communication providers the freedom to develop and deliver new virtualized services anywhere in the network with elastic architectures and precise traffic controls, without compromising the service experience.

    The Evolving Landscape

    New traffic dynamics such as mobility, video, and cloud-based services are transforming traditional network patterns and topologies. Stratified, statically designed, and manually operated networks must evolve to support the constantly growing volumes of traffic quickly and economically. Many operators have seen their profits stagnate and TCO grow under the burden that these growing traffic volumes are imposing. Cloud and service providers need to become more agile in order to optimize their existing network resources, shorten planning cycles, and remove rigid network layers. Operators are facing the following challenges under the current environment:
    • Static scale: The cloud and communication providers’ backbone handles the full weight of network traffic. Therefore, it is paramount that core networks are inherently designed for scalability and efficiency. The 400GbE-capable platforms, 100/400GbE inline MACsec, silicon, system, and SDN innovations for the core empower network operators to scale faster than the traffic in an elegant, elastic, redundant package—without requiring forklift upgrades.
    • Static architecture: Virtualized services and the explosion of cloud-based applications are creating increasingly unpredictable traffic patterns. To handle this unpredictability, service providers need a dynamic, scale-out architecture across all layers to create programmable, traffic-optimized networks that support any service, anywhere.
    • Power costs: For cloud and communication providers, the operational cost of transmitting a packet through the core is less than the cost of the power required to move that packet. In fact, projections suggest that over a few short years, the total power draw will exceed the cost of deploying the entire network infrastructure. Efficient power utilization by the core router requires a holistic ground-up engineering approach.
    • Facility limitations: Service providers cannot grow their facilities exponentially forever. They need innovations that provide a low-touch deployment model optimized around space availability, facility power requirements, and floor weight thresholds. Transport-oriented central office locations have the added burden of meeting European Telecommunications Standards Institute (ETSI) standard depth. Any transit router innovation must operate within these constraints.
    In order to address these challenges, cloud and communication providers need an innovative, scalable core router that satisfies three defining principles: performance, deployability, and SDN programmability. The PTX1000, PTX10001-36MR, PTX10002, and PTX10003 fixed-configuration packet transport routers provide the foundation for a scale-out core backbone architecture, ensuring a consistent user experience across geographies. The PTX1000, PTX10001-36MR, PTX10002, and PTX10003 meet all existing traditional core requirements, easily fitting into cloud and communication provider networks that require transit-focused IP/MPLS applications such as Internet peering, scale-out metro and backbone topologies, and label-switching router (LSR) optimized deployments.

    Architecture and Key Components

    The PTX1000, PTX10001-36MR, PTX10002, and PTX10003 fixed-configuration packet transport routers bring physical and virtual innovation to the cloud and service provider core networks, addressing concerns about operational expenditures while scaling organically to keep pace with growing traffic demands with the following features:
    • Core routing: The PTX1000, PTX10001-36MR, PTX10002, and PTX10003 employ a massively scalable yet compact 1, 2, or 3 U form factor with secure connectivity and high flexibility.
    • Peering: The PTX Series fixed platforms are perfect for scale-out peering in space- and power-constrained environments with full traffic visibility and L3 services.
    • LSR: The PTX Series fixed platforms provide 2.88 Tbps to 16 Tbps aggregate capacity for multi-plane core networks as an LSR router. They can also be positioned as an LSR fabric node in spine-leaf architectures for increased scale and reduced blast radius.
    • CDN Gateway: The compact PTX Series offers high routing scale in a 1, 2, or 3 U fixed form factor for full traffic statistics visibility and deep buffers.
    • Data Center Interconnect (DCI): The PTX10001-36MR and PTX10003 offer secure inline MACsec with no compromise in throughput or latency, and an extended range enabled by 400GbE ZR / ZR+.

    Innovations in Silicon

    Physical innovations at the core silicon level enable the PTX Series fixed-configuration routers to reduce OpEx and accommodate scale-out architectures with smooth migration paths as traffic patterns change.

    Express3 and Express-Based Silicon

    The PTX1000 and PTX10002 are powered by Express3 silicon, delivering predictable IP/MPLS packet performance and functionality. The PTX10003 is powered by functionally equivalent Express3 Silicon to support high-density 100/200/400GbE interfaces and inline MACsec with no performance penalty while delivering the same IP/MPLS functionality. Express3 silicon eliminates the complex sawtooth packet profile found in elaborate, over-engineered network processing units (NPUs) deployed in other core routers. This delivers the peering scale required to match expanding traffic demands. These devices build upon the Juniper Networks Junos® Express silicon concepts of low consistent latency and wire-rate packet performance for both IP traffic and MPLS transport, without sacrificing the optimized system power profile. These concepts are incorporated into the PTX Series design along with full IP functionality, preserving the spirit of the original Junos Express chipset. The Express3 silicon is the first purpose-built telecommunications silicon to engineer a 3D memory architecture into the base design for more than 1.6 billion filter operations per second, dynamic table memory allocation for mammoth IP routing scale, and enormous power efficiency gains. The PTX10003 supports inline MACsec on all interfaces using 10/40/100GbE.

    Express4 Silicon

    The PTX10001-36MR is powered by the highly scalable, next-generation ASIC in the Express silicon family, Juniper Express4 silicon—the industry’s first inline MACsec for 400GbE chips that supports universal multirate QSFP56-DD. Juniper Express4 silicon delivers consistently low latency, 8m counters, 256 AES MACsec encryption supported on all ports, and wire-rate packet performance for IP traffic without sacrificing the optimized system power profile. Preserving the spirit of the Junos Express silicon family, Juniper Express4 silicon is the first purpose-built telecommunications silicon to incorporate a 3D memory architecture into the base design, offering the industry’s highest packet performance per gigabit in the fewest rack units. It also provides dynamic table memory allocation for massive IP routing scale while delivering tremendous power efficiency gains at 0.14 Watts/Gig. The ability to address a provider’s core networking requirements—scale, operational flexibility, and SDN control—begins with the silicon. With the PTX Series fixed-configuration routers, operators can now deploy a core architecture with SDN control. Combining Juniper Networks NorthStar Controller with a robust full-featured Internet backbone router, and a regional IP/MPLS core router with integrated 100GbE coherent transport for superior performance, operators can tune their network infrastructure through proactive monitoring and what-if planning capabilities. The NorthStar Controller dynamically creates explicit routing paths using a global view based on user-defined constraints to create a fully autonomous operation. Scale is one of the guiding design principles for the PTX Series routers, allowing network operators to smoothly handle increased traffic demands. The PTX Series fixed-configuration routers simplify network engineering challenges with predictable system latency, improving the overall service experience by delivering best-in-class resiliency to help providers meet strict customer service-level agreements (SLAs). Operational efficiency is another design attribute for the PTX Series routers, focusing on power, space, and weight—fundamental concerns that affect network operators’ operational budgets. Juniper has designed the PTX Series to fit the requirements of current and future data center facilities. SDN programmability brings virtual innovations to the service provider core, while the NorthStar Controller offers an open, standards-based solution that optimizes both the IP layer and the transport layer with precise SDN control, allowing network operators to fully automate and scale their operations with ease.

    PTX1000, PTX10002, and PTX10003 Fixed-Configuration Packet Transport Routers

    PTX1000

    The PTX1000, with its rich IP/MPLS feature set, lets service providers organically distribute peering points throughout the network without sacrificing performance and deployability—the main contributors to eroding TCO for service providers when peering. The PTX1000 expands the applications scope that the PTX Series architecture addresses, enabling service providers to implement a distributed core architecture for interconnecting growing cloud services. Service providers can distribute peering points to match traffic demand with an optimized core router without sacrificing performance or deployability. The PTX1000 is a first-generation fixed-configuration core router, providing up to 3 million FIB and 10+ million routing information base (RIB) in a 2 U footprint, making it easily deployable in space-constrained Internet exchange locations, remote central offices, and embedded peering points anywhere in the network, including cloud-hosted services. The PTX1000 operates at 2.88 Tbps in a fixed core router configuration and supports flexible interface configuration options, including 288 10GbE ports via a quad small form-factor pluggable plus transceiver (QSFP+) breakout, 72 40GbE ports via QSFP+, and 24 100GbE ports via QSFP28.

    PTX10001-36MR

    The PTX10001-36MR features a compact, 1 U form factor that is easy to deploy in space- and power-constrained Internet exchange locations, remote central offices, and embedded peering points throughout the network, including cloud- hosted services. The PTX10001-36MR is particularly suited for power-constrained environments, providing unprecedented power efficiency of 0.14 watts/Gbps. It offers up to 4 million IPv4 FIB, deep buffers, and integrated 100GbE and 400GbE MACsec capabilities. The PTX10001-36MR operates at 9.6 Tbps in a fixed core router configuration with 36 multi-rate ports—24 400GbE (QSFP56-DD) ports and 12 100GbE (QSFP28) ports to facilitate the migration from 100GbE to 400GbE deployments. The PTX10001-36MR features flexible interface configuration options with universal multi-rate QSFP-DD for 100GbE/400GbE to support 120 10GbE ports with QSFP+ breakout, 60 100GbE ports with QSFP28-DD (24x2) and QSFP28 (12), 108 100GbE ports with QSFP56-DD breakout (24x4) and QSFP28 (12), and 24 400GbE ports with QSFP56-DD. PTX10001-36MR supports MACSec on all ports, regardless of the port speed.

    PTX10002

    The PTX10002 is a second-generation PTX Series fixed-configuration core router featuring a compact, 2 U form factor that is easy to deploy in space-constrained Internet exchange locations, remote central offices, and embedded peering points throughout the network, including cloud-hosted services. The PTX10002 operates at 6 Tbps in a fixed core router configuration. It supports flexible interface configuration options, offering 60 physical quad small form-factor pluggable 28 (QSFP28) 100GbE ports, 60 QSFP+ 40GbE ports, and 192 10GbE ports via QSFP+ breakout cables.

    PTX10003

    The PTX10003 is a fixed-configuration core router featuring a compact, 3 U form factor that is easy to deploy in space-constrained Internet exchange locations, remote central offices, and embedded peering points throughout the network, including cloud-hosted services. It offers up to 4 million FIB, deep buffers, and integrated 100GbE MACsec capabilities. The PTX10003 uniquely addresses power-constrained environments by providing unprecedented power efficiency of 0.2 watts/Gbps. Two versions of the PTX10003 are available, supporting 8 Tbps and 16 Tbps respectively in a 3 U footprint. Operating in a fixed core router configuration, the 8 Tbps model features flexible interface configuration options with universal multi-rate QSFP-DD for 100GbE/400GbE to support 160 (QSFP+) 10GbE ports, 80 (QSFP28) 100GbE ports, 32 (QSFP28-DD) 200GbE ports, and 16 (QSFP56-DD) 400GbE ports. The 16 Tbps model also offers universal multi-rate QSFP-DD for 100GbE/400GbE to support 320 (QSFP+) 10GbE ports, 160 (QSFP28) 100GbE ports, 64 (QSFP28-DD) 200GbE ports, and 32 (QSFP56-DD) 400GbE ports. PTX10001-36MR and PTX10003 routers offer native SFP+ transceiver support through QSFP adapter, MAM1Q00A-QSA . This option enables deployments where 10GE connectivity over more than 10KM single mode fiber links is required.

    Features and Benefits

    Performance is one of the guiding design principles for the PTX Series Packet Transport Routers. This focus empowers cloud and service providers with superior scale to match increased traffic levels and network engineering challenges with predictable system latency to improve the overall service experience, deliver best-in-class resiliency, and ensure that services meet strict customer SLAs. Deployability is the other guiding design principle for the PTX Series routers, focusing on power, space, and weight—fundamental concerns that impact service providers’ operational budget with respect to growing traffic. Infinite programmability with automation and telemetry brings virtual innovations to the cloud and service provider core, while the NorthStar Controller is an open, standards-based solution that optimizes both the IP layer and the transport layer with precise SDN control, allowing service providers to automate and scale operations with efficiency, simplicity, and security. One Junos Experience delivers operational consistency and uniformity across PTX Series platforms and solutions. The most modern OS on the market, Junos Evolved, is designed from the ground up for reliability, resiliency, velocity, and integration simplicity. Table 1 summarizes the features available on the fixed-configuration PTX Series Packet Transport Routers.
    Table 1. Fixed-Configuration PTX Series Features and Benefits
    Feature Feature Description Benefit
    System capacity The PTX1000 scales to 3 Tbps in a single chassis, breaking out into 288 10GbE, 72 40GbE, and 24 100GbE interfaces. The PTX10001-36MR scales to 9.6 Tbps in a single chassis, featuring flexible interface configuration options with universal multi-rate QSFP-DD for 100GbE/400GbE to support 120 10GbE ports with QSFP+ breakout, 60 100GbE ports with QSFP28-DD (24x2) and QSFP28 (12), 108 100GbE ports with QSFP56-DD breakout (24x4) and QSFP28 (12), and 24 400GbE ports with QSFP56-DD. The PTX10002 scales to 6 Tbps in a single chassis, breaking out into 192 10GbE, 60 40GbE, and 60 100GbE interfaces. The PTX10003 8 Tbps model scales to 8 Tbps is a single chassis, breaking out into 160 10GbE, 80 100GbE, 32 200GbE, and 16 400GbE interfaces. The PTX10003 16 Tbps model scales to 16 Tbps in a single chassis, breaking out into 320 10GbE, 160 100GbE, 64 200GbE, and 32 400GbE interfaces. The PTX1000, PTX10001-36MR, PTX10002, and PTX10003 give cloud and service providers the performance and scalability needed to outpace growing traffic demands.
    High availability (HA) hardware The PTX1000, PTX10001-36MR, PTX10002 and PTX10003 are built with hardware redundancy for cooling, power supplies, and forwarding. HA is critical for service providers to maintain an always-on infrastructure base and meet stringent SLAs across the core.
    Packet performance The PTX1000 and PTX10002 include groundbreaking Express3 silicon, empowering them with unparalleled packet processing for both full IP functionality and MPLS transport, leveraging a revolutionary 3D memory architecture. The PTX10003 uses a newer version of Express3 silicon that delivers inline MACsec on all ports and dense 100/400GbE. The PTX10001-36MR uses the next generation of Express, Express4 silicon, that delivers 100/400GbE inline MACsec on all ports for dense 400GbE architectures. Exceptional packet processing capabilities help alleviate the challenge of scaling the network as traffic levels increase while optimizing IP/MPLS transit functionality around superior performance and elegant deployability.
    Ultra-compact 1 U, 2 U and 3 U form factor With cutting-edge innovation in power and cooling technology, the PTX fixed-configuration core routers provide compact, power-optimized scale and efficiency. The PTX1000 provides 2.88 Tbps of capacity in a 2 U form factor; the PTX10001-36MR provides 9.6 Tbps in a 1 U form factor; the PTX10002 provides 6 Tbps of capacity in a 2 U form factor; the PTX10003 provides up to 16 Tbps of capacity in a 3 U form factor. Space efficiency is a critical requirement for peering Internet exchange points, peering collocations, central offices, and regional networks, especially in emerging markets.
    Security The PTX Series Packet Transport routers use a combination of hardware-based mechanisms like MACsec and software-based features like firewall filters and DDoS to provide scalable security. 100GbE and 400GbE inline MACsec is supported on all ports with no compromise in latency. Inline data plane MACsec security with no throughput or latency penalties in addition to control plane security with DDoS.

    PTX Series Fixed-Configuration Routers Specifications

    Hardware PTX1000 PTX10001-36MR PTX10002 PTX10003 (8T) PTX10003 (16T)
    System throughput 3 Tbps 9.6 Tbps 6 Tbps 8 Tbps 16 Tbps
    Forwarding capacity Up to 2 Bpps Up to 6 Bpps Up to 4 Bpps Up to 5.3 Bpps Up to 10.6 Bpps
    Max. 10GbE port density 288 120 192 160 320
    Max. 40GbE port density 72 30 60 40 80
    Max. 100GbE port density 24 108 60 80 160
    Max 200GbE port density - 48 - 32 64
    Max 400GbE port density - 24 - 16 32
    Dimension (WxHxD) 17.4 x 3.46 x 31 in (44.2 x 8.8 x 78.7 cm) 17.3 x 1.75 x 25.5 in (44 x 4.45 x 64.8 cm) 17.4 x 3.46 x 31 in (44.2 x 8.8 x 78.7 cm) 17.4 x 5.25 x 31 in (44.2 x 13.3 x 78.7 cm) 17.4 x 5.25 x 31 in (44.2 x 13.3 x 78.7 cm)
    Rack units 2 U 1 U 2 U 3 U 3 U
    Weight 68 lb (31 kg) 39.7 lb (18 kg) 68 lb (31 kg) 88 lb (40 kg) 110 lb (50 kg)
    CPU Intel Quad Core Ivy Bridge 2.5 GHz CPU Intel Xeon 12-Core 2.1 GHz CPU Intel Quad Core Ivy Bridge 2.5 GHz CPU Intel Broadwell CPU with 12 Cores Intel Broadwell CPU with 12 Cores
    RAM 32 Gb SDRAM 64 Gb SDRAM 32 Gb SDRAM 64 Gb SDRAM 64 Gb SDRAM
    SSD 64 GBx2 200 GBx2 64 GBx2 200 GBx2 200 GBx2
    Maximum power draw 1425 W (AC, DC), 4862 BTU/hr 2164 W (AC, DC), 7384 BTU/hr 2425 W (AC, DC), 8274 BTU/hr ~2500 W (AC,DC), 8525 BTU/hr ~4000 W (AC.DC), 13640 BTU/hr
    Typical power draw 1050 W (AC, DC), 3583 BTU/hr 1300 W (AC, DC), 4436 BTU/hr 1850 W (AC, DC), 6312 BTU/hr ~1600 W (AC,DC), 5456 BTU/hr ~3100W (AC,DC), 10571 BTU/hr
    Power supply 4x1600 watts (AC/DC) 2x3000 watts (AC/DC) 4x1600 watts (AC/DC) 2x3000 watts (AC/DC) 4x3000 watts (AC/DC)
    Cooling (front-to-back fan) 3 hot-swappable redundant fans 6 hot-swappable redundant fans 3 hot-swappable redundant fans 3 hot-swappable redundant fans 5 hot-swappable redundant fans
    Packet buffer 24 Gb 24 Gb 24 Gb 64 Gb 128 Gb
    Latency 2.5 µs within Packet Forwarding Engine (PFE), 5 µs between PFEs 2.5 µs within PFE, 5 us between PFEs 2.5 µs within PFE, 5 us between PFEs 2.5 µs within PFE, 5 us between PFEs 2.5 µs within PFE, 5 us between PFEs
    Power Efficiency (watts/Gbps) 0.4 0.14 0.3 0.2 0.2

    PTX1000, PTX10002, and PTX10003 Software Feature Table

    Feature PTX1000 PTX10001-36MR PTX10002 PTX10003 (8/16 Tbps)
    MPLS-TE Yes Yes Yes Yes
    MPLS LSR Yes Yes Yes Yes
    Firewall filters ACL Yes Yes Yes Yes
    SPRINGv4 Yes Yes Yes Yes
    DDoS control plane Yes Yes Yes Yes
    JFlow/SFlow Yes Yes Yes Yes
    BGP FlowSpec, EPE, URPF, L3VPN Yes Yes Yes Yes
    Integrated routing and bridging (IRB) Yes Yes Yes Yes
    Telemetry, NETCONF/YANG Yes Yes Yes Yes
    Zero Touch Provisioning (ZTP) Yes Yes Yes Yes
    PCEP, BGP-LS Yes Yes Yes Yes
    Fast restoration Yes Yes Yes Yes
    Operation, Administration, and Maintenance (OAM) Yes Yes Yes Yes

    Management Interfaces

    • 1 small form-factor pluggable transceiver (SFP/SFP+) port or Precision Time Protocol (PTP) Grandmaster
    • Fiber (SFP) or 10/100/1000BASE-T (RJ-45) Ethernet management port
    • SMB in, SMB out, 10 MHz in, 10 MHz out
    • One console port
    • USB 2.0 storage interface

    Environmental Ranges

    • Operating temperature: 32° to 115° F (0° to 46° C) at sea level
    • Storage temperature: -40° to 158° F (-40° to 70° C)
    • Operating altitude: Up to 10,000 ft. (3048 m)
    • Relative humidity operating: 5 to 90% (noncondensing)
    • Relative humidity nonoperating: 5 to 95% (noncondensing)
    • Seismic: Designed to meet GR-63, Zone 4 earthquake requirements

    Safety and Compliance

    Safety

    • CAN/CSA-C22.2 No. 60950-1 Information Technology Equipment—Safety
    • UL 60950-1 Information Technology Equipment—Safety
    • EN 60950-1 Information Technology Equipment—Safety
    • IEC 60950-1 Information Technology Equipment—Safety (all country deviations)
    • EN 60825-1 Safety of Laser Products—Part 1: Equipment Classification

    Electromagnetic Compatibility

    • 47CFR Part 15, (FCC) Class A
    • ICES-003 Class A
    • EN 55022 Class A
    • CISPR 22 Class A
    • EN 55024
    • CISPR 24
    • EN 300 386
    • VCCI Class A
    • AS/NZA CISPR22 Class A
    • KN22 Class A
    • CNS 13438 Class A
    • EN 61000-3-2
    • EN 61000-3-3
    • ETSI
    • ETSI EN 300 019: Environmental Conditions & Environmental Tests for Telecommunications Equipment
    • ETSI EN 300 019-2-1 (2000)—Storage
    • ETSI EN 300 019-2-2 (1999)—Transportation
    • ETSI EN 300 019-2-3 (2003)—Stationary Use at Weather-protected Locations
    • ETS 300753 (1997)—Acoustic noise emitted by telecommunications equipment

    Environmental Compliance

      Restriction of Hazardous Substances (ROHS) 6/6     Silver PSU Efficiency      Recycled material   Waste Electronics and Electrical Equipment (WEEE)   Registration, Evaluation, Authorisation and Restriction of Chemicals (REACH)    China Restriction of Hazardous Substances (ROHS)

    Telco

    • Common Language Equipment Identifier (CLEI) code

    Juniper Networks Services and Support

    Juniper Networks is the leader in performance-enabling services that are designed to accelerate, extend, and optimize your high-performance network. Our services allow you to maximize operational efficiency while reducing costs and minimizing risk, achieving a faster time to value for your network. Juniper Networks ensures operational excellence by optimizing the network to maintain required levels of performance, reliability, and availability. For more details, please visit https://www.juniper.net/us/en/products.html.

    Automated Support and Prevention

    Juniper’s Automated Support and Prevention consists of an ecosystem of tools, applications, and systems targeted towards simplifying and streamlining operations, delivering operational efficiency, reducing downtime, and increasing your network’s ROI running Juniper Networks Junos operating system. Automated Support and Prevention brings operational efficiency by automating several time-consuming tasks such as incident management, inventory management, proactive bug notification, and on-demand EOL/EOS/EOE reports. The Junos Space® Service Now and Service Insight service automation tools are standard entitlements of all Juniper Care contracts.

    Warranty

    For warranty information, please visit https://support.juniper.net/support/warranty/

    Ordering Information

    Product Number Description
    PTX1000
    PTX1K-72Q-AC PTX1000 base system with 24-port 100GbE QSFP28/72-port 40GbE QSFP+/288-port 10GbE SFP+ with 4 1600 W AC power supplies, 4 power cables, and 3 fan trays
    PTX1K-72Q-DC PTX1000 base system with 24-port 100GbE QSFP28/72-port 40GbE QSFP+/288-port 10GbE SFP+ with 4 1600 W DC power supplies, 4 power cables, and 3 fan trays
    PTX1K-72Q-AC-IR PTX1000 LSR/peering system with 24-port 100GbE QSFP28/72-port 40GbE QSFP+/288-port 10GbE SFP+ with 4 1600 W AC power supplies, 4 power cables, and 3 fan trays
    PTX1K-72Q-DC-IR PTX1000 LSR/peering system with 24-port 100GbE QSFP28/72-port 40GbE QSFP+/288-port 10GbE SFP+ with 4 1600 W DC power supplies, 4 power cables, and 3 fan trays
    PTX1K-72Q-AC-R PTX1000 full IP system with 24-port 100GbE QSFP28/72-port 40GbE QSFP+/288-port 10GbE SFP+ with 4 1600 W AC power supplies, 4 power cables, and 3 fan trays
    PTX1K-72Q-DC-R PTX1000 full IP system with 24-port 100GbE QSFP28/72-port 40GbE QSFP+/288-port 10GbE SFP+ with 4 1600 W DC power supplies, 4 power cables, and 3 fan trays
    PTX1K-36Q-AC PTX1000 base system with 12-port 100GbE QSFP28/36-port 40GbE QSFP+/144-port 10GbE SFP+ with 4 1600 W AC power supplies, 4 power cables, and 3 fan trays
    PTX1K-36Q-DC PTX1000 base system with 12-port 100GbE QSFP28/36-port 40GbE QSFP+/144-port 10GbE SFP+ with 4 1600 W DC power supplies, 4 power cables, and 3 fan trays
    PTX1K-36Q-AC-IR PTX1000 LSR/peering system with 12-port 100GbE QSFP28/36-port 40GbE QSFP+/144-port 10GbE SFP+ with 4 1600 W AC power supplies, 4 power cables, and 3 fan trays
    PTX1K-36Q-DC-IR PTX1000 LSR/peering system with 12-port 100GbE QSFP28/36-port 40GbE QSFP+/144-port 10GbE SFP+ with 4 1600 W DC power supplies, 4 power cables, and 3 fan trays
    PTX1K-36Q-AC-R PTX1000 full IP system with 12-port 100GbE QSFP28/36-port 40GbE QSFP+/144-port 10GbE SFP+ with 4 1600 W AC power supplies, 4 power cables, and 3 fan trays
    PTX1K-36Q-DC-R PTX1000 full IP system with 12-port 100GbE QSFP28/36-port 40GbE QSFP+/144-port 10GbE SFP+ with 4 1600 W DC power supplies, 4 power cables, and 3 fan trays
    PTX1K-18Q-AC PTX1000 base system with 6-port 100GbE QSFP28/18-port 40GbE QSFP+/72-port 10GbE SFP+ with 4 1600 W AC power supplies, 4 power cables, and 3 fan trays
    PTX1K-18Q-DC PTX1000 base system with 6-port 100GbE QSFP28/18-port 40GbE QSFP+/72-port 10GbE SFP+ with 4 1600 W DC power supplies, 4 power cables, and 3 fan trays
    PTX1K-18Q-AC-IR PTX1000 LSR/peering system with 6-port 100GbE QSFP28/18-port 40GbE QSFP+/72-port 10GbE SFP+ with 4 1600 W AC power supplies, 4 power cables, and 3 fan trays
    PTX1K-18Q-DC-IR PTX1000 LSR/peering system with 6-port 100GbE QSFP28/18-port 40GbE QSFP+/72-port 10GbE SFP+ with 4 1600 W DC power supplies, 4 power cables, and 3 fan trays
    PTX1K-18Q-AC-R PTX1000 full IP system with 6-port 100GbE QSFP28/18-port 40GbE QSFP+/72-port 10GbE SFP+ with 4 1600 W AC power supplies, 4 power cables, and 3 fan trays
    PTX1K-18Q-DC-R PTX1000 full IP system with 6-port 100GbE QSFP28/18-port 40GbE QSFP+/72-port 10GbE SFP+ with 4 1600 W DC power supplies, 4 power cables, and 3 fan trays
    S-PTX1K-72Q-SCA-UP PTX1000 scale-up software license to upgrade 72 port system (base to LSR or LSR to full IP)
    S-PTX1K-36Q-SCA-UP PTX1000 scale-up software license to upgrade 36 port system (base to LSR or LSR to full IP)
    S-PTX1K-18Q-SCA-UP PTX1000 scale-up software license to upgrade 18 port system (base to LSR or LSR to full IP)
    S-PTX1K-UPG-18Q PTX1000 software license to add 18 more ports to base system
    S-PTX1K-UPG-18Q-IR PTX1000 software license to add 18 more ports to LSR/peering system
    S-PTX1K-UPG-18Q-R PTX1000 software license to add 18 more ports to full IP system
    JPSU-1600W-AC-AFO PTX1000 1600 W AC power supply
    JPSU-1600W-DC-AFO PTX1000 1600 W DC power supply
    PTX1000-FAN-S PTX1000 fan
    JNP-3000W-DC-AFO DC power supply for JNP10003-160C and JNP10003-80C fixed platforms
    PTX10001-36MR
    PTX10001-36MR-AC PTX10001 36 QSFP56-DD / QSFP28 multi-rate port base system with redundant AC Power supplies, FAN trays, Junos Evolved
    PTX10001-36MR-DC PTX10001 36 QSFP56-DD / QSFP28 multi-rate port base system with redundant DC Power supplies, FAN trays, Junos Evolved
    JNP-FAN2-1RU Fan Tray for JNP10001-36MR platform
    JNP10001-36MR JNP10001 chassis with 36 QSFP56-DD / QSFP28 multi-rate ports, no power supplies or fans
    JNP-3000W-AC-AFO AC power supply for JNP10001-36MR fixed platform
    JNP-3000W-DC-AFO DC power supply for JNP10001-36MR fixed platform
    S-PTX10K-108C-A1-P SW, PTX10K fixed platform, 10.8T, right-to-use Advanced1 tier, without SW support, Perpetual
    S-PTX10K-108C-A2-P SW, PTX10K fixed platform, 10.8T, right-to-use Advanced2 tier, without SW support, Perpetual
    S-PTX10K-108C-P1-P SW, PTX10K fixed platform, 10.8T, right-to-use Premium1 tier, without SW support, Perpetual
    S-PTX10K-108C-P2-P SW, PTX10K fixed platform, 10.8T, right-to-use Premium2 tier, without SW support, Perpetual
    S-PTX10K-108C-A1-5 SW, PTX10K fixed platform, 10.8T, right-to-use Advanced1 tier, with SW support, 5 Years
    S-PTX10K-108C-A2-5 SW, PTX10K fixed platform, 10.8T, right-to-use Advanced2 tier, with SW support, 5 Years
    S-PTX10K-108C-P1-5 SW, PTX10K fixed platform, 10.8T, right-to-use Premium1 tier, with SW support, 5 Years
    S-PTX10K-108C-P2-5 SW, PTX10K fixed platform, 10.8T, right-to-use Premium2 tier, with SW support, 5 Years
    S-PTX10K-108C-A1-3 SW, PTX10K fixed platform, 10.8T, right-to-use Advanced1 tier, with SW support, 3 Years
    S-PTX10K-108C-A2-3 SW, PTX10K fixed platform, 10.8T, right-to-use Advanced2 tier, with SW support, 3 Years
    S-PTX10K-108C-P1-3 SW, PTX10K fixed platform, 10.8T, right-to-use Premium1 tier, with SW support, 3 Years
    S-PTX10K-108C-P2-3 SW, PTX10K fixed platform, 10.8T, right-to-use Premium2 tier, with SW support, 3 Years
    S-PTX10K100GMSEC-P SW, PTX10K 100G MACsec License SKU, w/out Customer Support, must purchase CS SKU separately, Perpetual
    S-PTX10K400GMSEC-P SW, PTX10K 400G MACsec License SKU, w/out Customer Support, must purchase CS SKU separately, Perpetual
    PTX10002
    PTX10002-60C-AC PTX10002 base system with 60-port 100GbE QSFP28/60-port 40GbE QSFP+/192-port 10GbE SFP+ with 4 1600 W AC power supplies, 4 power cables, and 3 fan trays
    PTX10002-60C-DC PTX10002 base system with 60-port 100GbE QSFP28/60-port 40GbE QSFP+/192-port 10GbE SFP+ with 4 1600 W DC power supplies, 4 power cables, and 3 fan trays
    PTX10002-60C-AC-IR PTX10002 LSR/peering system with 60-port 100GbE QSFP28/60-port 40GbE QSFP+/192-port 10GbE SFP+ with 4 1600 W AC power supplies, 4 power cables, and 3 fan trays
    PTX10002-60C-DC-IR PTX10002 LSR/peering system with 60-port 100GbE QSFP28/60-port 40GbE QSFP+/192-port 10GbE SFP+ with 4 1600 W DC power supplies, 4 power cables, and 3 fan trays
    PTX10002-60C-AC-R PTX10002 full IP system with 60-port 100GbE QSFP28/60-port 40GbE QSFP+/192-port 10GbE SFP+ with 4 1600 W AC power supplies, 4 power cables, and 3 fan trays
    PTX10002-60C-DC-R PTX10002 full IP system with 60-port 100GbE QSFP28/60-port 40GbE QSFP+/192-port 10GbE SFP+ with 4 1600 W DC power supplies, 4 power cables, and 3 fan trays
    PTX10K2-60C-H-AC PTX10002 base system with 30-port 100GbE QSFP28/30-port 40GbE QSFP+/96-port 10GbE SFP+ with 4 1600 W AC power supplies, 4 power cables, and 3 fan trays
    PTX10K2-60C-H-DC PTX10002 base system with 30-port 100GbE QSFP28/30-port 40GbE QSFP+/96-port 10GbE SFP+ with 4 1600 W DC power supplies, 4 power cables, and 3 fan trays
    PTX10K2-60C-H-ACIR PTX10002 LSR/peering system with 30-port 100GbE QSFP28/30-port 40GbE QSFP+/96-port 10GbE SFP+ with 4 1600 W AC power supplies, 4 power cables, and 3 fan trays
    PTX10K2-60C-H-DCIR PTX10002 LSR/peering system with 30-port 100GbE QSFP28/30-port 40GbE QSFP+/96-port 10GbE SFP+ with 4 1600 W DC power supplies, 4 power cables, and 3 fan trays
    PTX10K2-60C-H-AC-R PTX10002 full IP system with 30-port 100GbE QSFP28/30-port 40GbE QSFP+/96-port 10GbE SFP+ with 4 1600 W AC power supplies, 4 power cables, and 3 fan trays
    PTX10K2-60C-H-DC-R PTX10002 full IP system with 30-port 100GbE QSFP28/30-port 40GbE QSFP+/96-port 10GbE SFP+ with 4 1600 W DC power supplies, 4 power cables, and 3 fan trays
    JPSU-1600W-AC-AFO PTX1000 1600 W AC power supply
    JPSU-1600W-DC-AFO PTX1000 1600 W DC power supply
    JNP10002-FAN1 PTX10002 fan
    S-PTX10K2-60C-S-UP PTX10002 scale-up software license to upgrade 60-port system (base to LSR or LSR to full IP)
    S-PTX10K2-30C-S-UP PTX10002 scale-up software license to upgrade 30-port system (base to LSR or LSR to full IP)
    S-PTX10K2-15C-S-UP PTX10002 scale-up software license to upgrade 15-port system (base to LSR or LSR to full IP)
    S-PTX10K2-U-15C PTX10002 software license to add 15 more ports to base system
    S-PTX10K2-U-15C-IR PTX10002 software license to add 15 more ports to LSR/peering system
    S-PTX10K2-U-15C-R PTX10002 software license to add 15 more ports to full IP system
    PTX10003
    PTX10003-160C-AC PTX10003-160C base system with 160 100GbE ports or 32 400GbE ports, 4 3000W AC power supplies, 4 power cables, and 5 fan trays, with standard tier right-to-use license
    PTX10003-160C-DC PTX10003-160C base system with 160 100GbE ports or 32 400GbE ports, 4 3000W DC power supplies, and 5 fan trays, with standard tier right-to-use license
    PTX10003-80C-AC PTX10003-80C base system with 80 100GbE ports or 16 400GbE ports, 2 3000W AC power supplies, 2 power cables, and 3 fan trays, with standard tier right-to-use license
    PTX10003-80C-DC PTX10003-80C base system with 80 100GbE ports or 16 400GbE ports, 2 3000W DC power supplies, and 3 fan trays, with standard tier right-to-use license
    S-PTX10K3-16T-A1-P 16T PTX10003 Advanced1 tier right-to-use license, perpetual, without SW support
    S-PTX10K3-16T-A2-P 16T PTX10003 Advanced2 tier right-to-use license, perpetual, without SW support
    S-PTX10K3-16T-P1-P 16T PTX10003 Premium1 tier right-to-use license, perpetual, without SW support
    S-PTX10K3-16T-P2-P 16T PTX10003 Premium2 tier right-to-use license, perpetual, without SW support
    S-PTX10K3-16T-A1-5 16T PTX10003 Advanced1 tier right-to-use license, 5-year term, with SW support
    S-PTX10K3-16T-A2-5 16T PTX10003 Advanced2 tier right-to-use license, 5-year term, with software support
    S-PTX10K3-16T-P1-5 16T PTX10003 Premium1 tier right-to-use license, 5-year term, with software support
    S-PTX10K3-16T-P2-5 16T PTX10003 Premium2 tier right-to-use license, 5-year term, with software support
    S-PTX10K3-16T-A1-3 16T PTX10003 Advanced1 tier right-to-use license, 3-year term, with SW support
    S-PTX10K3-16T-A2-3 16T PTX10003 Advanced2 tier right-to-use license, 3-year term, with software support
    S-PTX10K3-16T-P1-3 16T PTX10003 Premium1 tier right-to-use license, 3-year term, with software support
    S-PTX10K3-16T-P2-3 16T PTX10003 Premium2 tier right-to-use license, 3-year term, with software support
    S-PTX10K3-8T-A1-P 8T PTX10003 Advanced1 tier right-to-use license, perpetual, without SW support
    S-PTX10K3-8T-A2-P 8T PTX10003 Advanced2 tier right-to-use license, perpetual, without SW support
    S-PTX10K3-8T-P1-P 8T PTX10003 Premium1 tier right-to-use license, perpetual, without SW support
    S-PTX10K3-8T-P2-P 8T PTX10003 Premium2 tier right-to-use license, perpetual, without SW support
    S-PTX10K3-8T-A1-5 8T PTX10003 Advanced1 tier right-to-use license, 5-year term, with software support
    S-PTX10K3-8T-A2-5 8T PTX10003 Advanced2 tier right-to-use license, 5-year term, with software support
    S-PTX10K3-8T-P1-5 8T PTX10003 Premium1 tier right-to-use license, 5-year term, with software support
    S-PTX10K3-8T-P2-5 8T PTX10003 Premium2 tier right-to-use license, 5-year term, with software support
    S-PTX10K3-8T-A1-3 8T PTX10003 Advanced1 tier right-to-use license, 3-year term, with software support
    S-PTX10K3-8T-A2-3 8T PTX10003 Advanced2 tier right-to-use license, 3-year term, with software support
    S-PTX10K3-8T-P1-3 8T PTX10003 Premium1 tier right-to-use license, 3-year term, with software support
    S-PTX10K3-8T-P2-3 8T PTX10003 Premium2 tier right-to-use license, 3-year term, with software support
    JNP10003-160C-CHAS JNP10003-160C spare chassis with 160 100GbE ports or 32 400GbE ports
    JNP10003-80C-CHAS JNP10003-80C spare chassis with 80 100GbE ports or 16 400GbE ports
    JNP10003-FAN Fan tray for 3RU 8T and 16T fixed platforms
    JNP-3000W-AC-AFO AC power supply for JNP10003-160C and JNP10003-80C fixed platforms
    Add to cart Details

Title

logo_footer

RYL OÜ
Karikakra tee 20, Tiskre
Harku vald, Harju mk. 76916
Estonia
Tel: +37253446736
Email: info@datasys.ee
Web: www.datasys.ee
Go to Top