Call a Specialist Today! (02) 9388 1741
Free Delivery! Free Delivery!

Juniper Networks SRX110 Services Gateway for the Branch
Uses Dynamic Services Architecture provided by Junos to scale integrated security and network capabilities


Juniper Networks SRX110 Services Gateway for the Branch

Juniper Products
AppSecure Subscriptions for SRX100 and SRX110 - Learn More
1-year subscription for AppSecure and IPS updates for SRX100 and SRX110
#SRX1XX-APPSEC-A-1
Our Price: Request a Quote

More pricing below, click here!

Please Note: All Prices are Inclusive of GST

SRX110 Overview:

The SRX110 Services Gateway delivers a single, consolidated, and cost-effective networking and security platform to small branch locations. It features a built-in VDSL/ADSL2+ WAN interface, 3G/4G capabilities, and an 8-port Fast Ethernet switch.

Key Hardware Features:

  • VDSL/ADSL2+ and Ethernet WAN interfaces
  • Eight 10/100 Ethernet LAN ports and two USB port (support for 3G USB)
  • Full UTM; antivirus1, antispam1, enhanced Web filtering1, intrusion prevention system1, AppSecure1
  • Unified Access Control (UAC) and content filtering
  • 1 GB DRAM, 1 GB flash default

SRX Series Services Gateways for the branch are next-generation security gateways that provide essential capabilities that connect, secure, and manage workforce locations sized from handfuls to hundreds of users. By consolidating fast, highly available switching, routing, security, and next generation firewall capabilities in a single device, enterprises can protect their resources as well as economically deliver new services, safe connectivity, and a satisfying enduser experience. All SRX Series Services Gateways, including products scaled for Enterprise branch, Enterprise edge, and Data Center applications, are powered by Junos OS-the proven operating system that provides unmatched consistency, better performance with services, and superior infrastructure protection at a lower total cost of ownership.

The Juniper Networks SRX Series Services Gateways for the branch combine next generation firewall and unified threat management (UTM) services with routing and switching in a single, high-performance, cost-effective network device.

  • SRX Series for the branch runs Juniper Networks Junos operating system, the proven OS that is used by core Internet routers in all of the top 100 service providers around the world. The rigorously tested carrier-class routing features of IPv4/IPv6, OSPF, BGP, and multicast have been proven in over 15 years of worldwide deployments.

  • SRX Series for the branch provides perimeter security, content security, application visibility, tracking and policy enforcement, user role-based control, threat intelligence through integration with Juniper Networks Spotlight Secure*, and network-wide threat visibility and control. Using zones and policies, network administrators can configure and deploy branch SRX Series gateways quickly and securely. Policy-based VPNs support more complex security architectures that require dynamic addressing and split tunneling. The SRX Series also includes wizards for firewall, IPsec VPN, Network Address Translation (NAT), and initial setup to simplify configurations out of the box.

  • For content security, SRX Series for the branch offers a complete suite of next generation firewall, unified threat management (UTM) and threat intelligence services consisting of: intrusion prevention system (IPS), application security (AppSecure), user role-based firewall controls, on-box and cloud-based antivirus, antispam, and enhanced Web filtering to protect your network from the latest content-borne threats. Integrated threat intelligence via Spotlight Secure offers adaptive threat protection against command and control (C&C) related botnets and policy enforcement based on GeoIP and attacker fingerprinting technology (the latter for Web application protection)-all of which are based on Juniper provided feeds. Customers may also leverage their own custom and third-party feeds for protection from advanced malware and other threats. The branch SRX Series integrates with other Juniper security products to deliver enterprise-wide unified access control (UAC) and adaptive threat management.

  • SRX Series for the branch are secure routers that bring high performance and proven deployment capabilities to enterprises that need to build a worldwide network of thousands of sites. The wide variety of options allow configuration of performance, functionality, and price scaled to support from a handful to thousands of users. Ethernet, serial, T1/E1, DS3/E3, xDSL, Wi-Fi, and 3G/4G LTE wireless are all available options for WAN or Internet connectivity to securely link your sites. Multiple form factors allow you to make cost-effective choices for mission-critical deployments. Managing the network is easy using the proven Junos OS command-line interface (CLI), scripting capabilities, a simple-to-use Web-based GUI, or Juniper Networks Junos Space Security Director for centralized management.
*Available on SRX550 and higher devices
1 Unified Threat Management-antivirus, antispam, Web filtering, AppSecure, and IPS require a subscription license option to use the feature. UTM is not supported on the low memory version. Please see the ordering section for options. Content Filtering and UAC are part of the base software with no additional license.

Features & Benefits:

Firewalls, zones, and policiesNext Generation Firewall

SRX Series Services Gateways deliver next generation firewall protection with application awareness and extensive user rolebased control options plus bestof-breed UTM to protect and control your business assets. Next generation firewalls are able to perform full packet inspection and can apply security policies based on layer 7 information. This means you can create security policies based on the application running across your network, the user who is receiving or sending network traffic or the content that is traveling across your network to protect your environment against threats, manage how your network bandwidth is allocated, and control who has access to what.

AppSecure

AppSecure is a suite of application security capabilities for Juniper Networks SRX Series services Gateways that identifies applications for greater visibility, enforcement, control, and protection of the network.

Intrusion Prevention

The intrusion prevention system (IPS) understands application behaviors and weaknesses to prevent application-borne security threats that are difficult to detect and stop.

Unified Threat Management (UTM)

SRX Series can include comprehensive content security against malware, viruses, phishing attacks, intrusions, spam and other threats with unified threat management (UTM). Get a bestof-breed solution with anti-virus, anti-spam, web filtering and content filtering at a great value by easily adding these services to your SRX Series Services Gateway. Cloud-based and on-box solutions are both available.

User Firewall

Juniper offers a range of user role-based firewall control solutions that support dynamic security policies. User role-based firewall capabilities are integrated with the SRX Series Services Gateways for standard next generation firewall controls. More extensive, scalable, granular access controls for creating dynamic policies are available through the integration of SRX with a Juniper Unified Access Control solution.

Adaptive Threat Intelligence

To address the evolving threat landscape that has made it imperative to integrate external threat intelligence into the firewall for thwarting advanced malware and other threats, some SRX Series Services Gateways include threat intelligence via integration with Spotlight Secure. The Spotlight Secure threat intelligence platform aggregates threat feeds from multiple sources to deliver open, consolidated, actionable intelligence to SRX Series Services Gateways across the organization for policy enforcement. These sources include Juniper threat feeds, third party threat feeds and threat detection technologies that the customer can deploy.

Administrators are able to define enforcement policies from all feeds via a single, centralized management point, Junos Space Security Director.

Secure Routing

Many organizations use both a router and a firewall/VPN at their network edge to fulfill their networking and security needs. For many organizations, the SRX Series for the branch can fulfill both roles with one solution. Juniper built best-in-class routing, switching and firewall capabilities into one product.

SRX Series for the branch checks the traffic to see if it is legitimate and permissible, and only forwards it on when it is. This reduces the load on the network, allocates bandwidth for all other mission-critical applications, and secures the network from malicious users.

The main purpose of a secure router is to provide firewall protection and apply policies. The firewall (zone) functionality inspects traffic flows and state to ensure that originating and returning information in a session is expected and permitted for a particular zone. The security policy determines if the session can originate in one zone and traverse to another zone. Due to the architecture, SRX Series receives packets from a wide variety of clients and servers and keeps track of every session, of every application, and of every user. This allows the enterprise to make sure that only legitimate traffic is on its network and that traffic is flowing in the expected direction.

High Availability

Junos OS Services Redundancy Protocol (JSRP) is a core feature of the SRX Series for the branch. JSRP enables a pair of SRX Series systems to be easily integrated into a high availability network architecture, with redundant physical connections between the systems and the adjacent network switches. With link redundancy, Juniper Networks can address many common causes of system failures, such as a physical port going bad or a cable getting disconnected, to ensure that a connection is available without having to fail over the entire system. This is consistent with a typical active/standby nature of routing resiliency protocols.

When SRX Series Services Gateways for the branch are configured as an active/active HA pair, traffic and configuration is mirrored automatically to provide active firewall and VPN session maintenance in case of a failure. The branch SRX Series synchronizes both configuration and runtime information. As a result, during failover, synchronization of the following information is shared: connection/session state and flow information, IPSec security associations, Network Address Translation (NAT) traffic, address book information, configuration changes, and more. In contrast to the typical router active/standby resiliency protocols such as Virtual Router Redundancy Protocol (VRRP), all dynamic flow and session information is lost and must be reestablished in the event of a failover. Some or all network sessions will have to restart depending on the convergence time of the links or nodes. By maintaining state, not only is the session preserved, but security is kept intact. In an unstable network, this active/ active configuration also mitigates link flapping affecting session performance.

High Availability

Session-Based Forwarding Without the Performance Hit

In order to optimize the throughput and latency of the combined router and firewall, Junos OS implements session-based forwarding, an innovation that combines the session state information of a traditional firewall and the next-hop forwarding of a classic router into a single operation. With Junos OS, a session that is permitted by the forwarding policy is added to the forwarding table along with a pointer to the next-hop route. Established sessions have a single table lookup to verify that the session has been permitted and to find the next hop. This efficient algorithm improves throughput and lowers latency for session traffic when compared with a classic router that performs multiple table lookups to verify session information and then to find a next-hop route.

Session-based forwarding algorithm shows the session-based forwarding algorithm. When a new session is established, the session-based architecture within Junos OS verifies that the session is allowed by the forwarding policies. If the session is allowed, Junos OS will look up the nexthop route in the routing table. It then inserts the session and the next-hop route into the session and forwarding table and forwards the packet. Subsequent packets for the established session require a single table lookup in the session and forwarding table, and are forwarded to the egress interface.

Session-based forwarding algorithm

Session-based forwarding algorithm

Network Deployments:

The SRX Series Services Gateways for the branch are deployed at remote and branch locations in the network to provide all-in-one secure WAN connectivity, IP telephony, and connection to local PCs and servers via integrated Ethernet switching.

Distributed Enterprise Deloyments

Distributed Enterprise Deloyments

Technical Specifications:


Model: SRX100 SRX110 SRX210 SRX220 SRX240 SRX550 SRX650
Maximum Layer 3 Performance and Capacity
Junos OS version tested Junos OS 11.2R3 Junos OS 11.2R3 Junos OS 11.2R3 Junos OS 11.2R3 Junos OS 11.2R3 Junos OS 12.1 Junos OS 11.2R3
Firewall performance (large packets) 700 Mbps 700 Mbps 850 Mbps 950 Mbps 1.8 Gbps 5.5 Gbps 7 Gbps
Firewall performance (IMIX) 200 Mbps 200 Mbps 250 Mbps 300 Mbps 600 Mbps 1.7 Gbps 2.5 Gbps
Firewall + routing PPS (64 Byte) 70 Kpps 70 Kpps 95 Kpps 125 Kpps 200 Kpps 700 Kpps 850 Kpps
Firewall performance5 (HTTP) 100 Mbps 100 Mbps 290 Mbps 350 Mbps 830 Mbps 1.5 Gbps 2 Gbps
IPsec VPN throughput (large packets) 65 Mbps 65 Mbps 85 Mbps 100 Mbps 300 Mbps 1.0 Gbps 1.5 Gbps
IPsec VPN Tunnels 128 128 256 512 1,000 2,000 3,000
AppSecure firewall throughput5 90 Mbps 90 Mbps 250 Mbps 300 Mbps 750 Mbps 1.5 Gbps 1 Gbps
IPS (intrusion prevention system) 60 Mbps 60 Mbps 85 Mbps 100 Mbps 230 Mbps 800 Mbps 1 Gbps
Antivirus 25 Mbps
(ExpressAV)
25 Mbps
(ExpressAV)
30 Mbps
(ExpressAV)
35 Mbps
(ExpressAV)
85 Mbps
(ExpressAV)
300 Mbps
(Sophos AV)
350 Mbps
(ExpressAV)
Connections per second 1,800 1,800 2,200 2,800 8,500 27,000 35,000
Maximum concurrent sessions
DRAM options
16 K / 32 K1
512 MB3 / 1 GB DRAM
32 K1
1 GB DRAM
16 K / 32 K1
512 MB3 / 1 GB DRAM
96 K
1 GB DRAM
64 K / 128 K1
512 MB3 / 1 GB DRAM
375 K2
2 GB DRAM
512 K2
2 GB DRAM
Maximum security policies 384 384 512 2,048 4,096 7,256 8,192
Maximum users supported Unrestricted Unrestricted Unrestricted Unrestricted Unrestricted Unrestricted Unrestricted
Network Connectivity
Fixed I/O 8 x 10/100 VDSL/ADSL2+, 8 x 10/100 2 x 10/100/ 1000 BASE-T + 6 x 10/100 8 x 10/100/ 1000 BASE-T 16 x 10/100/ 1000 BASE-T 6 x 10/100/ 1000 BASE-T + 4 SFP 4 x 10/100/ 1000 BASE-T
I/O slots N/A N/A 1 x SRX Series Mini-PIM 2 x SRX Series Mini-PIM 4 x SRX Series Mini-PIM 2 x SRX Series Mini-PIM, 8 x GPIM or multiple GPIM and XPIM combinations 8 x GPIM or multiple GPIM and XPIM combinations
Services and Routing Engine slots No No No No No No 29
ExpressCard slot (3G WAN) No No Yes No No No No
WAN/LAN interface options N/A N/A See ordering information See ordering information See ordering information See ordering information See ordering information
Optional maximum number of PoE ports N/A N/A Up to 4 ports of 802.3af with maximum 50 W Up to 8 ports of 802.3af/at with maximum 120 W Up to 16 ports of 802.3af/at with maximum 150 W Up to 40 ports of 802.3af/at with maximum 247 W Up to 48 ports of 802.3af/at with maximum 247 W
USB 1 2 2 2 2 2 2 per SRE
Flash/Memory SRX100 SRX110 SRX210 SRX220 SRX240 SRX550 SRX650
Memory min and max(DRAM) 512 MB (Accessible), 1 GB2 1 GB 512 MB, 1 GB 1 GB 512 MB, 1 GB 2 GB 2 GB
Memory slots Fixed memory Fixed memory Fixed memory Fixed memory Fixed memory 2 DIMM 4 DIMM
Flash memory 1 GB 1 GB, externally accessible 1 GB 1 GB 1 GB 2 GB CF internal 2 GB CF internal on SRE, External slot empty, up to 2 GB CF supported
USB port for external storage Yes Yes Yes Yes Yes Yes Yes
Dimensions SRX100 SRX110 SRX210 SRX220 SRX240 SRX550 SRX650
Dimensions (W x H x D) 8.5 x 1.4 x 5.8 in
(21.6 x 3.6 x 14.7 cm)
11.02 x 1.72 x 8.385 in
(28 x 4.37 x 21.3 cm)
11.02 x 1.73 x 7.12 in
(28.0 x 4.4 x 18.1 cm)
14.31 x 1.73 x 7.11 in
(36.3 x 4.4 x 18.1 cm)
17.5 x 1.75 x 15.1 in
(44.4 x 4.4 x 38.5 cm)
17.5 x 3.5 x 18.2 in
(44.4 x 8.8 x 46.2 cm)
17.5 x 3.5 x 18.2 in
(44.4 x 8.8 x 46.2 cm)
Weight (device and power supply) 2.5 lb (1.1 kg) 6.7 lb (3.06kg) 3.3 lb (1.5 kg) non-PoE / 4.4 lb (2 kg) PoE No interface modules 3.43 lb (1.56 kg) non-PoE No interface modules 11.2 lb (5.1 kg) non-PoE / 12.3 lb (5.6 kg) PoE No interface modules 21.96 lb (9.96kg) No interface modules 1 power supply 24.9 lb (11.3 kg) No interface modules 1 power supply
Rack mountable Yes, 1 RU Yes, 1 RU Yes, 1 RU Yes, 1 RU Yes, 1 RU   Yes, 2 RU
Power SRX100 SRX110 SRX210 SRX220 SRX240 SRX550 SRX650
Power supply (AC) 100-240 VAC, 30 W 100-240 VAC, 60 W 100-240 VAC, 60 W Non-PoE/ 150 W PoE 100-240 VAC, 60 W Non-PoE/ 200 W PoE 100-240 VAC, 150 W Non- PoE/ 350 W PoE 100-240 VAC, single 645 W or dual 645 W 100-240 VAC, single 645 W or dual 645 W
Maximum PoE power N/A N/A 50 W 120 W 150 W 247 W redundant, or 494 W nonredundant 247 W redundant, or 494 W nonredundant
Average power consumption 10 W 24 W 27 W (LM), 28 W (HM), 84 W (PoE) 28 W (LM) 61 W (LM), 65 W (HM), 179 W (PoE) 122 W 122 W
Input frequency 50-60 Hz 50-60 Hz 50-60 Hz 50-60 Hz 50-60 Hz 50-60 Hz 50-60 Hz
Maximum current consumption 0.25 A @ 100 VAC 1.75 A @ 100 VAC 0.41 A @ 100 VAC (LM), 0.44 A @ 100 VAC (HM), 1.13 A @ 100 VAC (PoE) 0.44 A @ 100 VAC (HM) 1.0 A @ 100 VAC (LM), 1.1 A @ 100 VAC (HM), 3.0 A @ 100 VAC (PoE) 5.3 A @ 100 VAC with single PSU with PoE, 8.3 A @ 100 VAC with dual PSU with PoE 5.3 A @ 100 VAC with single PSU with PoE, 8.3 A @ 100 VAC with dual PSU with PoE
Maximum inrush current 60 A 70 A 80 A for LM/HM, 60 A for PoE 80 A for HM 40 A for LM/HM, 45 A for PoE 45 A for ½ cycle 45 A for ½ cycle
Average heat dissipation 35 BTU/hr 81 BTU/hr 92 BTU/hr (SRX210B), 95 BTU/hr (SRX210H), 116 BTU/hr (SRX210H-PoE) 126 BTU/hour (SRX220H) 208 BTU/Hr (SRX240B), 222 BTU/Hr (SRX240H), 249 BTU/Hr (SRX240H-PoE) 319 BTU/hr 319 BTU/Hr
Maximum heat dissipation 80 BTU/hr 99 BTU/hr 120 BTU/hr (SRX210B), 126 BTU/hr (SRX210H), 157 BTU/hr (SRX210H-PoE) 126 BTU/hour (SRX220H) 344 BTU/Hr (SRX240B), 369 BTU/Hr (SRX240H), 413 BTU/Hr (SRX240H-PoE) 699 BTU/hr 699 BTU/Hr
Redundant power supply (hot swappable) No No No No No Yes (up to maximum capacity of single PSU) Yes (up to maximum capacity of single PSU)
Acoustic noise level
(Per ISO 7779 Standard)
0 dB (fanless) 0 dB (fanless) 29.1 dB 51.1 dB 54.1 dB 51.8 dB 60.9 dB
Environment SRX100 SRX110 SRX210 SRX220 SRX240 SRX550 SRX650
Operational temperature 32° to 104° F
(0° to 40° C)
32° to 104° F
(0° to 40° C)
32° to 104° F
(0° to 40° C)
32° to 104° F
(0° to 40° C)
32° to 104° F
(0° to 40° C)
32° to 104° F
(0° to 40° C)
32° to 104° F
(0° to 40° C)
Nonoperational temperature 4° to 158° F,
(-20° to 70° C)
4° to 158° F,
(-20° to 70° C)
4° to 158° F,
(-20° to 70° C)
4° to 158° F,
(-20° to 70° C)
4° to 158° F,
(-20° to 70° C)
4° to 158° F,
(-20° to 70° C)
4° to 158° F,
(-20° to 70° C)
Humidity 5% to 95% noncondensing 5% to 95% noncondensing 5% to 95% noncondensing 5% to 95% noncondensing 5% to 95% noncondensing 5% to 95% noncondensing 5% to 95% noncondensing
Mean time between failures
(Telcordia model)
24.8 years (SRX100B)
24.8 years (SRX100H)
24.8 years 15.2 years (SRX210B)
14.3 years (SRX210H)
10.4 years
(SRX210H-PoE)
14.3 years (SRX220H)
10.4 years (SRX220H-PoE)
15.2 years (SRX240B)
14.3 years (SRX240H)
10.4 years (SRX240H-PoE)
9.6 years with redundant power 9.6 years with redundant power

Additional Specification Features:



Protocols

  • IPv4, IPv6, ISO Connectionless Network Service (CLNS)

Routing and Multicast

  • Static routes
  • RIPv2 +v1
  • OSPF/OSPFv3
  • BGP
  • BGP Router Reflector2
  • IS-IS
  • Multicast (Internet Group Management Protocol (IGMPv3), PIM, Session Description Protocol (SDP), Distance Vector Multicast Routing Protocol (DVMRP), source-specific), MSDP4
  • MPLS (RSVP, LDP)

IP Address Management

  • Static
  • Dynamic Host Configuration Protocol (DHCP) (client and server)
  • DHCP relay

Address Translation

  • Source NAT with Port Address Translation (PAT)
  • Static NAT
  • Destination NAT with PAT
  • Persistent NAT, NAT64

Encapsulations

  • Ethernet (MAC and tagged)
  • Point-to-Point Protocol (PPP) (synchronous)
    • Multilink Point-to-Point Protocol (MLPPP)
  • Frame Relay
    • Multilink Frame Relay (MLFR) (FRF.15, FRF.16)
  • High-Level Data Link Control (HDLC)
  • Serial (RS-232, RS-449, X.21, V.35, EIA-530)
  • 802.1q VLAN support
  • Point-to-Point Protocol over Ethernet (PPPoE)

L2 Switching

  • 802.1D, RSTP, MSTP, 802.3ad (LACP)
  • 802.1x, LLDP, 802.1ad (Q-in-Q), IGMP Snooping
  • Layer 2 switching with high availability

Traffic Management Quality of Service (QoS)

  • 802.1p, DSCP, EXP
  • Marking, policing, and shaping
  • Class-based queuing with prioritization
  • Weighted random early detection (WRED)
  • Queuing based on VLAN, data-link connection identifier (DLCI), interface, bundles, or multi-field (MF) filters
  • Guaranteed bandwidth
  • Maximum bandwidth
  • Ingress traffic policing
  • Priority-bandwidth utilization
  • DiffServ marking
  • Virtual channels

Security: Firewall

  • Firewall, zones, screens, policies
  • Stateful firewall, stateless filters
  • Network attack detection
  • Screens denial of service (DoS) and provides distributed denial of service (DDoS) protection (anomaly-based)
  • Prevent replay attack; Anti-Replay
  • Unified Access Control
    • TCP reassembly for fragmented packet protection
    • Brute force attack mitigation
    • SYN cookie protection
    • Zone-based IP spoofing
    • Malformed packet protection

Security: UTM1

  • Intrusion Prevention System (IPS)
    • Protocol anomaly detection
    • Stateful protocol signatures
    • Intrusion prevention system (IPS) attack pattern obfuscation
    • User role-based policies
  • Customer signatures creation
  • Daily and emergency updates
  • AppSecure
    • AppTrack (application visibility and tracking)
    • AppFW (policy enforcement by application name)
    • Custom signatures
    • Dynamic signature updates
    • User-based application policy enforcement
  • Antivirus
    • Express AV (stream-based AV, not available on SRX100 and SRX110)
    • File-based antivirus
      ›› Signature database
      ›› Protocols scanned: POP3, HTTP, SMTP, IMAP, FTP
      ›› Antispyware
      ›› Anti-adware
      ›› Antikeylogger
    • Cloud-based antivirus
  • Antispam
  • Integrated enhanced Web filtering
    • Category granularity (90+ categories)
    • Real time threat score
  • Redirect Web filtering
  • Content Security Accelerator in SRX210 high memory, SRX220, SRX240 high memory, SRX550, and SRX6501
  • ExpressAV option in SRX210 high memory, SRX220 high memory, SRX240 high memory, SRX550, and SRX6501
  • Content filtering
    • Based on MIME type, file extension, and protocol commands

VPN

  • Tunnels (generic routing encapsulation, IP-IP, IPsec)
  • IPsec, Data Encryption Standard (DES) (56-bit), triple Data
    Encryption Standard (3DES) (168-bit), Advanced Encryption
    Standard (AES) (256-bit+) encryption
  • Message Digest 5 (MD5) and SHA-1 , SHA-128, SHA-256
    authentication
  • Junos Pulse Dynamic VPN client; browser-based remote access feature requiring a license
Multimedia Transport
  • Compressed Real-Time Transport Protocol (CRTP)
High Availability
  • VRRP
  • JSRP
  • Stateful failover and dual box clustering
  • SRX650:
    • Redundant power (optional)
    • Future GPIM hot swap (online insertion and removal, OIR)
    • Future internal failover and SRE hot swap (OIR)
  • Backup link via 3G/4G LTE wireless or other WAN
  • Active/active-L3 mode2
  • Active/passive-L3 mode2
  • Configuration synchronization2
  • Session synchronization for firewall and VPN2
  • Session failover for routing change2
  • Device failure detection2
  • Link failure detection2
  • IP Monitoring with route and interface failover

IPv6

  • OSPFv3
  • RIPng
  • IPv6 Multicast Listener Discovery (MLD)
  • BGP
  • ISIS

Wireless

  • CX111 Cellular Broadband Data Bridge supported on all branch SRX Series devices
  • 3G ExpressCards supported on SRX210 with built-in ExpressCard slot
  • AX411 Wireless LAN (WLAN) Access Point supported on all6
    branch SRX Series devices
  • WLA Series Wireless LAN Access Points and WLC Series Wireless LAN Controllers are supported on branch SRX Series devices

SLA and Measurement

  • Real-time performance monitoring (RPM)
  • Sessions, packets, bandwidth usage
  • J-Flow flow monitoring and accounting services

Logging and Monitoring

  • Syslog
  • Traceroute
  • Extensive control- and data-plane structured and unstructured syslog

Administration

  • Juniper Networks Network and Security Manager support (NSM)
  • Juniper Networks Junos Space Security Design support
  • Juniper Networks STRM Series Security Threat Response Managers support
  • Juniper Networks Advanced Insight Solutions support
  • External administrator database (RADIUS, LDAP, SecureID)
  • Auto-configuration
  • Configuration rollback
  • Rescue configuration with button
  • Commit confirm for changes
  • Auto-record for diagnostics
  • Junos OS upgrade with button
  • Software upgrades (USB upgrade option)
  • Juniper Junos Web, USB, HTTP, FTP, SSH
  • Command-line interface
  • Smart image download

Certifications3

  • Common Criteria (CC) EAL44
  • Common Criteria (CC) EAL3
  • FIPS-140 Level 2
  • Supported hardware versions of the FIPS 140-2 gateways: SRX100B, SRX210B, SRX240B and SRX650-BASE-SRE6-645AP with JNPR-FIPS-TAMPER-LBLS
    • Roles, Services, and Authentication: Level 3
    • EMI/EMC: Level 3
    • Design Assurance: Level 3
    • FIPS-approved algorithms: Triple-DES; AES; DSA; SHS;
    • RNG; RSA; HMAC
  • NEBS Compliance for SRX240, SRX650
  • Department of Defense (DoD) Certification for SRX Series Services Gateways, including testing and certification by the Department of Defense Joint Interoperability Test Command (JITC) for interoperability with DoD networks and addition of the SRX Series Services Gateways to the Unified Capabilities Approved Product List (UC APL)
1. When UTM is enabled capacities supported are low memory specifications, on high memory system options.
2. When UTM is enabled concurrent sessions supported is 50% 0f value shown.
3. SRX100B installed with 1 GB DRAM, with 512 MB accessible. Optional upgrade to 1 GB DRAM is available with purchase of memory software license key.
4. SRX650 supports a single Services and Routing Engine (SRE) as of software release 11.2.
5. Throughput numbers based on HTTP traffic with 44 kilobyte transaction size.
6. Low memory/high memory
*There are several models available for the SRX210 including the enhanced version. Please contact your Juniper or partner account representative for more information.
** The additional software feature licenses apply to both the SRX100 and the SRX110. Available
in Q1, 2012 for SRX110.

Additional Features and Comparison:



Model: SRX100 SRX110 SRX210 SRX220 SRX240 SRX550 SRX650
Routing
BGP instances 5 5 10 16 20 56 64
BGP peers 8 8 16 16 32 192 256
BGP routes 4 K/8 K6 8 K 4 K/8 K6 32 K 32 K/64 K6 712 K 800 K
OSPF instances 4 4 10 16 20 56 64
OSPF routes 4 K/8 K6 8 K 8 K/16 K6 32 K 32 K/64 K6 712 K 800 K
RIP v1 / v2 instances 4 4 10 16 20 56 64
RIP v2 routes 4 K/8 K6 8 K 8 K/16 K6 32 K 32 K/64 K6 712 K 800 K
Static routes 4 K/8 K6 8 K 8 K/16 K6 32 K 32 K/64 K6 712 K 800 K
Source-based routing Yes Yes Yes Yes Yes Yes Yes
Policy-based routing Yes Yes Yes Yes Yes Yes Yes
Equal-cost multipath (ECMP) Yes Yes Yes Yes Yes Yes Yes
Reverse path forwarding (RPF) Yes Yes Yes Yes Yes Yes Yes
IPsec VPN SRX100 SRX110 SRX210 SRX220 SRX240 SRX550 SRX650
Concurrent VPN tunnels 128 128 256 512 1,000 2,000 3,000
Tunnel interfaces 10 10 64 64 128 456 512
DES (56-bit), 3DES (168-bit) and AES
(256-bit)
Yes Yes Yes Yes Yes Yes Yes
MD-5 and SHA-1 authentication Yes Yes Yes Yes Yes Yes Yes
Manual key, IKE,
PKI (X.509)
Yes Yes Yes Yes Yes Yes Yes
Perfect forward secrecy (DH Groups) 1, 2, 5 1, 2, 5 1, 2, 5 1, 2, 5 1, 2, 5 1, 2, 5 1, 2, 5
Prevent replay attack Yes Yes Yes Yes Yes Yes Yes
Dynamic remote access VPN Yes Yes Yes Yes Yes Yes Yes
IPsec NAT traversal Yes Yes Yes Yes Yes Yes Yes
Redundant VPN gateways Yes Yes Yes Yes Yes Yes Yes
Number of remote access users 25 users 25 users 50 users 150 users 250 users 500 users 500 users
User Authentication and Access Control
Third-party user authentication RADIUS, RSA SecureID, LDAP RADIUS, RSA SecureID, LDAP RADIUS, RSA SecureID, LDAP RADIUS, RSA SecureID, LDAP RADIUS, RSA SecureID, LDAP RADIUS, RSA SecureID, LDAP RADIUS, RSA SecureID, LDAP
RADIUS accounting Yes Yes Yes Yes Yes Yes Yes
XAUTH VPN, Web-based, 802.X
authentication
Yes Yes Yes Yes Yes Yes Yes
PKI certificate requests (PKCS 7 and
PKCS 10)
Yes Yes Yes Yes Yes Yes Yes
Certificate Authorities supported VeriSign, Entrust, Microsoft, RSA Keon, iPLanet, (Netscape), Baltimore, DoD PKI VeriSign, Entrust, Microsoft, RSA Keon, iPLanet, (Netscape), Baltimore, DoD PKI VeriSign, Entrust, Microsoft, RSA Keon, iPLanet, (Netscape), Baltimore, DoD PKI VeriSign, Entrust, Microsoft, RSA Keon, iPLanet, (Netscape), Baltimore, DoD PKI VeriSign, Entrust, Microsoft, RSA Keon, iPLanet, (Netscape), Baltimore, DoD PKI VeriSign, Entrust, Microsoft, RSA Keon, iPLanet, (Netscape), Baltimore, DoD PKI VeriSign, Entrust, Microsoft, RSA Keon, iPLanet, (Netscape), Baltimore, DoD PKI
Virtualization SRX100 SRX110 SRX210 SRX220 SRX240 SRX550 SRX650
Maximum number of security zones 10 10 12 24 32 96 128
Maximum number of virtual routers 3 3 10 15 20 48 60
Maximum number of VLANs 16 16 64 128 512 3,072 4,096
Encapsulations SRX100 SRX110 SRX210 SRX220 SRX240 SRX550 SRX650
PPP/MLPPP N/A N/A Yes Yes Yes Yes Yes
PPPoE N/A Yes Yes Yes Yes Yes 12
PPPoA N/A Yes Yes Yes Yes Yes 12
MLPPP maximum physical interfaces N/A N/A 1 2 4 12 12
Frame Relay N/A N/A Yes Yes Yes Yes Yes
MLFR (FRF .15, FRF .16) N/A N/A Yes Yes Yes Yes Yes
MLFR maximum physical interfaces N/A N/A 1 2 4 12 12
HDLC N/A N/A Yes Yes Yes Yes Yes
Wireless SRX100 SRX110 SRX210 SRX220 SRX240 SRX550 SRX650
CX111 3G Bridge support Yes Yes Yes Yes Yes Yes Yes
Junos/SRX Series management of CX111 Yes Yes Yes Yes Yes Yes Yes
Internal 3G ExpressCard slot support No No Yes No No No No
USB 3G/4G LTE support Yes Yes Yes No No No No
Max WLAN access points supported with AX411 2 2 4 4 4 4** 4
WLA Series access points and WLC Series controllers supported > 4 > 4 > 4 > 4 > 4 > 4 > 4
Certifications SRX100 SRX110 SRX210 SRX220 SRX240 SRX550 SRX650
USA
Safety certifications UL 60950-1 UL 60950-1 UL 60950-1 UL 60950-1 UL 60950-1 UL 60950-1 UL 60950-1
EMC certifications FCC Class B FCC Class B10 FCC Class A FCC Class A FCC Class A FCC Class A FCC Class A
Network homologation TIA-968 TIA-968 TIA-968 TIA-968 TIA-968 TIA-966 TIA-966
Canada
Safety certifications CSA 60950-1 CSA 60950-1 CSA 60950-1 CSA 60950-1 CSA 60950-1 CSA 60950-1 CSA 60950-1
EMC certifications ICES class B ICES Class B10 ICES Class A ICES Class A ICES Class A ICES Class A ICES Class A
Network homologation CS-03 CS-03 CS-03 CS-03 CS-03 CS-03 CS-03
European Union
Safety certifications EN 60950-1 EN 60950-1 EN 60950-1 EN 60950-1 EN 60950-1 EN 60950-1 EN 60950-1
EMC certifications EN 55022 Class B, EN 300 386 EN 55022 Class B10, EN 300 386 EN 55022 Class A, EN 300 386 EN 55022 Class A, EN 300 386 EN 55022 Class A, EN 300 386 EN 55022 Class A, EN 300 386 EN 55022 Class A, EN 300 386
Network homologation CTR 12/13, CTR 21, DoC CTR 12/13, CTR 21, DoC CTR 12/13, CTR 21, DoC CTR 12/13, CTR 21, DoC CTR 12/13, CTR 21, DoC CTR 12/13, DoC CTR 12/13, DoC
Japan
Safety certifications CB Scheme CB Scheme CB Scheme CB Scheme CB Scheme CB Scheme CB Scheme
EMC certifications VCCI Class B VCCI Class B10 VCCI Class A VCCI Class A VCCI Class A VCCI Class A VCCI Class A
Network homologation Certificate for Technical Conditions Certificate for Technical Conditions Certificate for Technical Conditions Certificate for Technical Conditions Certificate for Technical Conditions Certificate for Technical Conditions Certificate for Technical Conditions
Australia
Safety certifications AS/NZS 60950-1 AS/NZS 60950-1 AS/NZS 60950-1 AS/NZS 60950-1 AS/NZS 60950-1 AS/NZS 60950-1 AS/NZS 60950-1
EMC certifications AS/NZS CISPR22 Class B AS/NZS CISPR22 Class B10 AS/NZS CISPR22 Class A AS/NZS CISPR22 Class A AS/NZS CISPR22 Class A AS/NZS CISPR22 Class A AS/NZS CISPR22 Class A
Network homologation AS/ACIF S 002, S 016, S 043.1, S043.2 AS/ACIF S 002, S 016, S 043.1, S043.2 AS/ACIF S 002, S 016, S 043.1, S043.2 AS/ACIF S 002, S 016, S 043.1, S043.2 AS/ACIF S 002, S 016, S 043.1, S043.2 AS/ACIF S 016 AS/ACIF S 016
New Zealand
Safety certifications AS/NZS 60950-1 AS/NZS 60950-1 AS/NZS 60950-1 AS/NZS 60950-1 AS/NZS 60950-1 AS/NZS 60950-1 AS/NZS 60950-1
EMC certifications AS/NZS CISPR22 Class B AS/NZS CISPR22 Class B10 AS/NZS CISPR22 Class A AS/NZS CISPR22 Class A AS/NZS CISPR22 Class A AS/NZS CISPR22 Class A AS/NZS CISPR22 Class A
Network homologation PTC 217, PTC 273 PTC 217, PTC 273 PTC 217, PTC 273 PTC 217, PTC 273 PTC 217, PTC 273 PTC 217 PTC 217
1. When UTM is enabled capacities supported are low memory specifications, on high memory system options.
2. When UTM is enabled concurrent sessions supported is 50% 0f value shown.
3. SRX100B installed with 1 GB DRAM, with 512 MB accessible. Optional upgrade to 1 GB DRAM is available with purchase of memory software license key.
4. SRX650 supports a single Services and Routing Engine (SRE) as of software release 11.2.
5. Throughput numbers based on HTTP traffic with 44 kilobyte transaction size.
6. Low memory/high memory
*There are several models available for the SRX210 including the enhanced version. Please contact your Juniper or partner account representative for more information.
** The additional software feature licenses apply to both the SRX100 and the SRX110. Available
in Q1, 2012 for SRX110.

Views:


Top Front View
Top Front View

Front View
Front View
Rear View
Rear View
Left Angle View
Left Angle View
Right Angle View
Right Angle View

Documentation:

Download the Juniper Networks SRX Series Services Gateways for the Branch Datasheet (PDF).

It appears you don't have a PDF plugin for this browser. No biggie... you can click here to download the PDF file.

Pricing Notes:

Juniper Products
AppSecure Subscriptions for SRX100 and SRX110 - Learn More
1-year subscription for AppSecure and IPS updates for SRX100 and SRX110
#SRX1XX-APPSEC-A-1
Our Price: Request a Quote