Juniper Networks SRX110 Services Gateway for the Branch
Uses Dynamic Services Architecture provided by Junos to scale integrated security and network capabilities
Our Price: Request a Quote
More pricing below, click here!
Please Note: All Prices are Inclusive of GST
SRX110 Overview:
The SRX110 Services Gateway delivers a single, consolidated, and cost-effective networking and security platform to small branch locations. It features a built-in VDSL/ADSL2+ WAN interface, 3G/4G capabilities, and an 8-port Fast Ethernet switch.
Key Hardware Features:
- VDSL/ADSL2+ and Ethernet WAN interfaces
- Eight 10/100 Ethernet LAN ports and two USB port (support for 3G USB)
- Full UTM; antivirus1, antispam1, enhanced Web filtering1, intrusion prevention system1, AppSecure1
- Unified Access Control (UAC) and content filtering
- 1 GB DRAM, 1 GB flash default
SRX Series Services Gateways for the branch are next-generation security gateways that provide essential capabilities that connect, secure, and manage workforce locations sized from handfuls to hundreds of users. By consolidating fast, highly available switching, routing, security, and next generation firewall capabilities in a single device, enterprises can protect their resources as well as economically deliver new services, safe connectivity, and a satisfying enduser experience. All SRX Series Services Gateways, including products scaled for Enterprise branch, Enterprise edge, and Data Center applications, are powered by Junos OS-the proven operating system that provides unmatched consistency, better performance with services, and superior infrastructure protection at a lower total cost of ownership.
The Juniper Networks SRX Series Services Gateways for the branch combine next generation firewall and unified threat management (UTM) services with routing and switching in a single, high-performance, cost-effective network device.
- SRX Series for the branch runs Juniper Networks Junos operating system, the proven OS that is used by core Internet routers in all of the top 100 service providers around the world. The rigorously tested carrier-class routing features of IPv4/IPv6, OSPF, BGP, and multicast have been proven in over 15 years of worldwide deployments.
- SRX Series for the branch provides perimeter security, content security, application visibility, tracking and policy enforcement, user role-based control, threat intelligence through integration with Juniper Networks Spotlight Secure*, and network-wide threat visibility and control. Using zones and policies, network administrators can configure and deploy branch SRX Series gateways quickly and securely. Policy-based VPNs support more complex security architectures that require dynamic addressing and split tunneling. The SRX Series also includes wizards for firewall, IPsec VPN, Network Address Translation (NAT), and initial setup to simplify configurations out of the box.
- For content security, SRX Series for the branch offers a complete suite of next generation firewall, unified threat management (UTM) and threat intelligence services consisting of: intrusion prevention system (IPS), application security (AppSecure), user role-based firewall controls, on-box and cloud-based antivirus, antispam, and enhanced Web filtering to protect your network from the latest content-borne threats. Integrated threat intelligence via Spotlight Secure offers adaptive threat protection against command and control (C&C) related botnets and policy enforcement based on GeoIP and attacker fingerprinting technology (the latter for Web application protection)-all of which are based on Juniper provided feeds. Customers may also leverage their own custom and third-party feeds for protection from advanced malware and other threats. The branch SRX Series integrates with other Juniper security products to deliver enterprise-wide unified access control (UAC) and adaptive threat management.
- SRX Series for the branch are secure routers that bring high performance and proven deployment capabilities to enterprises that need to build a worldwide network of thousands of sites. The wide variety of options allow configuration of performance, functionality, and price scaled to support from a handful to thousands of users. Ethernet, serial, T1/E1, DS3/E3, xDSL, Wi-Fi, and 3G/4G LTE wireless are all available options for WAN or Internet connectivity to securely link your sites. Multiple form factors allow you to make cost-effective choices for mission-critical deployments. Managing the network is easy using the proven Junos OS command-line interface (CLI), scripting capabilities, a simple-to-use Web-based GUI, or Juniper Networks Junos Space Security Director for centralized management.
*Available on SRX550 and higher devices
1 Unified Threat Management-antivirus, antispam, Web filtering, AppSecure, and IPS require a subscription license option to use the feature. UTM is not supported on the low memory version. Please see the ordering section for options. Content Filtering and UAC are part of the base software with no additional license.
Features & Benefits:
Next Generation Firewall
SRX Series Services Gateways deliver next generation firewall protection with application awareness and extensive user rolebased control options plus bestof-breed UTM to protect and control your business assets. Next generation firewalls are able to perform full packet inspection and can apply security policies based on layer 7 information. This means you can create security policies based on the application running across your network, the user who is receiving or sending network traffic or the content that is traveling across your network to protect your environment against threats, manage how your network bandwidth is allocated, and control who has access to what.
AppSecure
AppSecure is a suite of application security capabilities for Juniper Networks SRX Series services Gateways that identifies applications for greater visibility, enforcement, control, and protection of the network.
Intrusion Prevention
The intrusion prevention system (IPS) understands application behaviors and weaknesses to prevent application-borne security threats that are difficult to detect and stop.
Unified Threat Management (UTM)
SRX Series can include comprehensive content security against malware, viruses, phishing attacks, intrusions, spam and other threats with unified threat management (UTM). Get a bestof-breed solution with anti-virus, anti-spam, web filtering and content filtering at a great value by easily adding these services to your SRX Series Services Gateway. Cloud-based and on-box solutions are both available.
User Firewall
Juniper offers a range of user role-based firewall control solutions that support dynamic security policies. User role-based firewall capabilities are integrated with the SRX Series Services Gateways for standard next generation firewall controls. More extensive, scalable, granular access controls for creating dynamic policies are available through the integration of SRX with a Juniper Unified Access Control solution.
Adaptive Threat Intelligence
To address the evolving threat landscape that has made it imperative to integrate external threat intelligence into the firewall for thwarting advanced malware and other threats, some SRX Series Services Gateways include threat intelligence via integration with Spotlight Secure. The Spotlight Secure threat intelligence platform aggregates threat feeds from multiple sources to deliver open, consolidated, actionable intelligence to SRX Series Services Gateways across the organization for policy enforcement. These sources include Juniper threat feeds, third party threat feeds and threat detection technologies that the customer can deploy.
Administrators are able to define enforcement policies from all feeds via a single, centralized management point, Junos Space Security Director.
Secure Routing
Many organizations use both a router and a firewall/VPN at their network edge to fulfill their networking and security needs. For many organizations, the SRX Series for the branch can fulfill both roles with one solution. Juniper built best-in-class routing, switching and firewall capabilities into one product.
SRX Series for the branch checks the traffic to see if it is legitimate and permissible, and only forwards it on when it is. This reduces the load on the network, allocates bandwidth for all other mission-critical applications, and secures the network from malicious users.
The main purpose of a secure router is to provide firewall protection and apply policies. The firewall (zone) functionality inspects traffic flows and state to ensure that originating and returning information in a session is expected and permitted for a particular zone. The security policy determines if the session can originate in one zone and traverse to another zone. Due to the architecture, SRX Series receives packets from a wide variety of clients and servers and keeps track of every session, of every application, and of every user. This allows the enterprise to make sure that only legitimate traffic is on its network and that traffic is flowing in the expected direction.
High Availability
Junos OS Services Redundancy Protocol (JSRP) is a core feature of the SRX Series for the branch. JSRP enables a pair of SRX Series systems to be easily integrated into a high availability network architecture, with redundant physical connections between the systems and the adjacent network switches. With link redundancy, Juniper Networks can address many common causes of system failures, such as a physical port going bad or a cable getting disconnected, to ensure that a connection is available without having to fail over the entire system. This is consistent with a typical active/standby nature of routing resiliency protocols.
When SRX Series Services Gateways for the branch are configured as an active/active HA pair, traffic and configuration is mirrored automatically to provide active firewall and VPN session maintenance in case of a failure. The branch SRX Series synchronizes both configuration and runtime information. As a result, during failover, synchronization of the following information is shared: connection/session state and flow information, IPSec security associations, Network Address Translation (NAT) traffic, address book information, configuration changes, and more. In contrast to the typical router active/standby resiliency protocols such as Virtual Router Redundancy Protocol (VRRP), all dynamic flow and session information is lost and must be reestablished in the event of a failover. Some or all network sessions will have to restart depending on the convergence time of the links or nodes. By maintaining state, not only is the session preserved, but security is kept intact. In an unstable network, this active/ active configuration also mitigates link flapping affecting session performance.
Session-Based Forwarding Without the Performance Hit
In order to optimize the throughput and latency of the combined router and firewall, Junos OS implements session-based forwarding, an innovation that combines the session state information of a traditional firewall and the next-hop forwarding of a classic router into a single operation. With Junos OS, a session that is permitted by the forwarding policy is added to the forwarding table along with a pointer to the next-hop route. Established sessions have a single table lookup to verify that the session has been permitted and to find the next hop. This efficient algorithm improves throughput and lowers latency for session traffic when compared with a classic router that performs multiple table lookups to verify session information and then to find a next-hop route.
Session-based forwarding algorithm shows the session-based forwarding algorithm. When a new session is established, the session-based architecture within Junos OS verifies that the session is allowed by the forwarding policies. If the session is allowed, Junos OS will look up the nexthop route in the routing table. It then inserts the session and the next-hop route into the session and forwarding table and forwards the packet. Subsequent packets for the established session require a single table lookup in the session and forwarding table, and are forwarded to the egress interface.
Session-based forwarding algorithm
Network Deployments:
The SRX Series Services Gateways for the branch are deployed at remote and branch locations in the network to provide all-in-one secure WAN connectivity, IP telephony, and connection to local PCs and servers via integrated Ethernet switching.
Distributed Enterprise Deloyments
Technical Specifications:
Model: | SRX100 | SRX110 | SRX210 | SRX220 | SRX240 | SRX550 | SRX650 |
---|---|---|---|---|---|---|---|
Maximum Layer 3 Performance and Capacity | |||||||
Junos OS version tested | Junos OS 11.2R3 | Junos OS 11.2R3 | Junos OS 11.2R3 | Junos OS 11.2R3 | Junos OS 11.2R3 | Junos OS 12.1 | Junos OS 11.2R3 |
Firewall performance (large packets) | 700 Mbps | 700 Mbps | 850 Mbps | 950 Mbps | 1.8 Gbps | 5.5 Gbps | 7 Gbps |
Firewall performance (IMIX) | 200 Mbps | 200 Mbps | 250 Mbps | 300 Mbps | 600 Mbps | 1.7 Gbps | 2.5 Gbps |
Firewall + routing PPS (64 Byte) | 70 Kpps | 70 Kpps | 95 Kpps | 125 Kpps | 200 Kpps | 700 Kpps | 850 Kpps |
Firewall performance5 (HTTP) | 100 Mbps | 100 Mbps | 290 Mbps | 350 Mbps | 830 Mbps | 1.5 Gbps | 2 Gbps |
IPsec VPN throughput (large packets) | 65 Mbps | 65 Mbps | 85 Mbps | 100 Mbps | 300 Mbps | 1.0 Gbps | 1.5 Gbps |
IPsec VPN Tunnels | 128 | 128 | 256 | 512 | 1,000 | 2,000 | 3,000 |
AppSecure firewall throughput5 | 90 Mbps | 90 Mbps | 250 Mbps | 300 Mbps | 750 Mbps | 1.5 Gbps | 1 Gbps |
IPS (intrusion prevention system) | 60 Mbps | 60 Mbps | 85 Mbps | 100 Mbps | 230 Mbps | 800 Mbps | 1 Gbps |
Antivirus | 25 Mbps (ExpressAV) |
25 Mbps (ExpressAV) |
30 Mbps (ExpressAV) |
35 Mbps (ExpressAV) |
85 Mbps (ExpressAV) |
300 Mbps (Sophos AV) |
350 Mbps (ExpressAV) |
Connections per second | 1,800 | 1,800 | 2,200 | 2,800 | 8,500 | 27,000 | 35,000 |
Maximum concurrent sessions DRAM options |
16 K / 32 K1 512 MB3 / 1 GB DRAM |
32 K1 1 GB DRAM |
16 K / 32 K1 512 MB3 / 1 GB DRAM |
96 K 1 GB DRAM |
64 K / 128 K1 512 MB3 / 1 GB DRAM |
375 K2 2 GB DRAM |
512 K2 2 GB DRAM |
Maximum security policies | 384 | 384 | 512 | 2,048 | 4,096 | 7,256 | 8,192 |
Maximum users supported | Unrestricted | Unrestricted | Unrestricted | Unrestricted | Unrestricted | Unrestricted | Unrestricted |
Network Connectivity | |||||||
Fixed I/O | 8 x 10/100 | VDSL/ADSL2+, 8 x 10/100 | 2 x 10/100/ 1000 BASE-T + 6 x 10/100 | 8 x 10/100/ 1000 BASE-T | 16 x 10/100/ 1000 BASE-T | 6 x 10/100/ 1000 BASE-T + 4 SFP | 4 x 10/100/ 1000 BASE-T |
I/O slots | N/A | N/A | 1 x SRX Series Mini-PIM | 2 x SRX Series Mini-PIM | 4 x SRX Series Mini-PIM | 2 x SRX Series Mini-PIM, 8 x GPIM or multiple GPIM and XPIM combinations | 8 x GPIM or multiple GPIM and XPIM combinations |
Services and Routing Engine slots | No | No | No | No | No | No | 29 |
ExpressCard slot (3G WAN) | No | No | Yes | No | No | No | No |
WAN/LAN interface options | N/A | N/A | See ordering information | See ordering information | See ordering information | See ordering information | See ordering information |
Optional maximum number of PoE ports | N/A | N/A | Up to 4 ports of 802.3af with maximum 50 W | Up to 8 ports of 802.3af/at with maximum 120 W | Up to 16 ports of 802.3af/at with maximum 150 W | Up to 40 ports of 802.3af/at with maximum 247 W | Up to 48 ports of 802.3af/at with maximum 247 W |
USB | 1 | 2 | 2 | 2 | 2 | 2 | 2 per SRE |
Flash/Memory | SRX100 | SRX110 | SRX210 | SRX220 | SRX240 | SRX550 | SRX650 |
Memory min and max(DRAM) | 512 MB (Accessible), 1 GB2 | 1 GB | 512 MB, 1 GB | 1 GB | 512 MB, 1 GB | 2 GB | 2 GB |
Memory slots | Fixed memory | Fixed memory | Fixed memory | Fixed memory | Fixed memory | 2 DIMM | 4 DIMM |
Flash memory | 1 GB | 1 GB, externally accessible | 1 GB | 1 GB | 1 GB | 2 GB CF internal | 2 GB CF internal on SRE, External slot empty, up to 2 GB CF supported |
USB port for external storage | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
Dimensions | SRX100 | SRX110 | SRX210 | SRX220 | SRX240 | SRX550 | SRX650 |
Dimensions (W x H x D) | 8.5 x 1.4 x 5.8 in (21.6 x 3.6 x 14.7 cm) |
11.02 x 1.72 x 8.385 in (28 x 4.37 x 21.3 cm) |
11.02 x 1.73 x 7.12 in (28.0 x 4.4 x 18.1 cm) |
14.31 x 1.73 x 7.11 in (36.3 x 4.4 x 18.1 cm) |
17.5 x 1.75 x 15.1 in (44.4 x 4.4 x 38.5 cm) |
17.5 x 3.5 x 18.2 in (44.4 x 8.8 x 46.2 cm) |
17.5 x 3.5 x 18.2 in (44.4 x 8.8 x 46.2 cm) |
Weight (device and power supply) | 2.5 lb (1.1 kg) | 6.7 lb (3.06kg) | 3.3 lb (1.5 kg) non-PoE / 4.4 lb (2 kg) PoE No interface modules | 3.43 lb (1.56 kg) non-PoE No interface modules | 11.2 lb (5.1 kg) non-PoE / 12.3 lb (5.6 kg) PoE No interface modules | 21.96 lb (9.96kg) No interface modules 1 power supply | 24.9 lb (11.3 kg) No interface modules 1 power supply |
Rack mountable | Yes, 1 RU | Yes, 1 RU | Yes, 1 RU | Yes, 1 RU | Yes, 1 RU | Yes, 2 RU | |
Power | SRX100 | SRX110 | SRX210 | SRX220 | SRX240 | SRX550 | SRX650 |
Power supply (AC) | 100-240 VAC, 30 W | 100-240 VAC, 60 W | 100-240 VAC, 60 W Non-PoE/ 150 W PoE | 100-240 VAC, 60 W Non-PoE/ 200 W PoE | 100-240 VAC, 150 W Non- PoE/ 350 W PoE | 100-240 VAC, single 645 W or dual 645 W | 100-240 VAC, single 645 W or dual 645 W |
Maximum PoE power | N/A | N/A | 50 W | 120 W | 150 W | 247 W redundant, or 494 W nonredundant | 247 W redundant, or 494 W nonredundant |
Average power consumption | 10 W | 24 W | 27 W (LM), 28 W (HM), 84 W (PoE) | 28 W (LM) | 61 W (LM), 65 W (HM), 179 W (PoE) | 122 W | 122 W |
Input frequency | 50-60 Hz | 50-60 Hz | 50-60 Hz | 50-60 Hz | 50-60 Hz | 50-60 Hz | 50-60 Hz |
Maximum current consumption | 0.25 A @ 100 VAC | 1.75 A @ 100 VAC | 0.41 A @ 100 VAC (LM), 0.44 A @ 100 VAC (HM), 1.13 A @ 100 VAC (PoE) | 0.44 A @ 100 VAC (HM) | 1.0 A @ 100 VAC (LM), 1.1 A @ 100 VAC (HM), 3.0 A @ 100 VAC (PoE) | 5.3 A @ 100 VAC with single PSU with PoE, 8.3 A @ 100 VAC with dual PSU with PoE | 5.3 A @ 100 VAC with single PSU with PoE, 8.3 A @ 100 VAC with dual PSU with PoE |
Maximum inrush current | 60 A | 70 A | 80 A for LM/HM, 60 A for PoE | 80 A for HM | 40 A for LM/HM, 45 A for PoE | 45 A for ½ cycle | 45 A for ½ cycle |
Average heat dissipation | 35 BTU/hr | 81 BTU/hr | 92 BTU/hr (SRX210B), 95 BTU/hr (SRX210H), 116 BTU/hr (SRX210H-PoE) | 126 BTU/hour (SRX220H) | 208 BTU/Hr (SRX240B), 222 BTU/Hr (SRX240H), 249 BTU/Hr (SRX240H-PoE) | 319 BTU/hr | 319 BTU/Hr |
Maximum heat dissipation | 80 BTU/hr | 99 BTU/hr | 120 BTU/hr (SRX210B), 126 BTU/hr (SRX210H), 157 BTU/hr (SRX210H-PoE) | 126 BTU/hour (SRX220H) | 344 BTU/Hr (SRX240B), 369 BTU/Hr (SRX240H), 413 BTU/Hr (SRX240H-PoE) | 699 BTU/hr | 699 BTU/Hr |
Redundant power supply (hot swappable) | No | No | No | No | No | Yes (up to maximum capacity of single PSU) | Yes (up to maximum capacity of single PSU) |
Acoustic noise level (Per ISO 7779 Standard) |
0 dB (fanless) | 0 dB (fanless) | 29.1 dB | 51.1 dB | 54.1 dB | 51.8 dB | 60.9 dB |
Environment | SRX100 | SRX110 | SRX210 | SRX220 | SRX240 | SRX550 | SRX650 |
Operational temperature | 32° to 104° F (0° to 40° C) |
32° to 104° F (0° to 40° C) |
32° to 104° F (0° to 40° C) |
32° to 104° F (0° to 40° C) |
32° to 104° F (0° to 40° C) |
32° to 104° F (0° to 40° C) |
32° to 104° F (0° to 40° C) |
Nonoperational temperature | 4° to 158° F, (-20° to 70° C) |
4° to 158° F, (-20° to 70° C) |
4° to 158° F, (-20° to 70° C) |
4° to 158° F, (-20° to 70° C) |
4° to 158° F, (-20° to 70° C) |
4° to 158° F, (-20° to 70° C) |
4° to 158° F, (-20° to 70° C) |
Humidity | 5% to 95% noncondensing | 5% to 95% noncondensing | 5% to 95% noncondensing | 5% to 95% noncondensing | 5% to 95% noncondensing | 5% to 95% noncondensing | 5% to 95% noncondensing |
Mean time between failures (Telcordia model) |
24.8 years (SRX100B) 24.8 years (SRX100H) |
24.8 years | 15.2 years (SRX210B) 14.3 years (SRX210H) 10.4 years (SRX210H-PoE) |
14.3 years (SRX220H) 10.4 years (SRX220H-PoE) |
15.2 years (SRX240B) 14.3 years (SRX240H) 10.4 years (SRX240H-PoE) |
9.6 years with redundant power | 9.6 years with redundant power |
Additional Specification Features:
Protocols
- IPv4, IPv6, ISO Connectionless Network Service (CLNS)
Routing and Multicast
- Static routes
- RIPv2 +v1
- OSPF/OSPFv3
- BGP
- BGP Router Reflector2
- IS-IS
- Multicast (Internet Group Management Protocol (IGMPv3), PIM, Session Description Protocol (SDP), Distance Vector Multicast Routing Protocol (DVMRP), source-specific), MSDP4
- MPLS (RSVP, LDP)
IP Address Management
- Static
- Dynamic Host Configuration Protocol (DHCP) (client and server)
- DHCP relay
Address Translation
- Source NAT with Port Address Translation (PAT)
- Static NAT
- Destination NAT with PAT
- Persistent NAT, NAT64
Encapsulations
- Ethernet (MAC and tagged)
- Point-to-Point Protocol (PPP) (synchronous)
- Multilink Point-to-Point Protocol (MLPPP)
- Frame Relay
- Multilink Frame Relay (MLFR) (FRF.15, FRF.16)
- High-Level Data Link Control (HDLC)
- Serial (RS-232, RS-449, X.21, V.35, EIA-530)
- 802.1q VLAN support
- Point-to-Point Protocol over Ethernet (PPPoE)
L2 Switching
- 802.1D, RSTP, MSTP, 802.3ad (LACP)
- 802.1x, LLDP, 802.1ad (Q-in-Q), IGMP Snooping
- Layer 2 switching with high availability
Traffic Management Quality of Service (QoS)
- 802.1p, DSCP, EXP
- Marking, policing, and shaping
- Class-based queuing with prioritization
- Weighted random early detection (WRED)
- Queuing based on VLAN, data-link connection identifier (DLCI), interface, bundles, or multi-field (MF) filters
- Guaranteed bandwidth
- Maximum bandwidth
- Ingress traffic policing
- Priority-bandwidth utilization
- DiffServ marking
- Virtual channels
Security: Firewall
- Firewall, zones, screens, policies
- Stateful firewall, stateless filters
- Network attack detection
- Screens denial of service (DoS) and provides distributed denial of service (DDoS) protection (anomaly-based)
- Prevent replay attack; Anti-Replay
- Unified Access Control
- TCP reassembly for fragmented packet protection
- Brute force attack mitigation
- SYN cookie protection
- Zone-based IP spoofing
- Malformed packet protection
Security: UTM1
- Intrusion Prevention System (IPS)
- Protocol anomaly detection
- Stateful protocol signatures
- Intrusion prevention system (IPS) attack pattern obfuscation
- User role-based policies
- Customer signatures creation
- Daily and emergency updates
- AppSecure
- AppTrack (application visibility and tracking)
- AppFW (policy enforcement by application name)
- Custom signatures
- Dynamic signature updates
- User-based application policy enforcement
- Antivirus
- Express AV (stream-based AV, not available on SRX100 and SRX110)
- File-based antivirus
›› Signature database
›› Protocols scanned: POP3, HTTP, SMTP, IMAP, FTP
›› Antispyware
›› Anti-adware
›› Antikeylogger - Cloud-based antivirus
- Antispam
- Integrated enhanced Web filtering
- Category granularity (90+ categories)
- Real time threat score
- Redirect Web filtering
- Content Security Accelerator in SRX210 high memory, SRX220, SRX240 high memory, SRX550, and SRX6501
- ExpressAV option in SRX210 high memory, SRX220 high memory, SRX240 high memory, SRX550, and SRX6501
- Content filtering
- Based on MIME type, file extension, and protocol commands
VPN
- Tunnels (generic routing encapsulation, IP-IP, IPsec)
- IPsec, Data Encryption Standard (DES) (56-bit), triple Data
Encryption Standard (3DES) (168-bit), Advanced Encryption
Standard (AES) (256-bit+) encryption - Message Digest 5 (MD5) and SHA-1 , SHA-128, SHA-256
authentication - Junos Pulse Dynamic VPN client; browser-based remote access feature requiring a license
- Compressed Real-Time Transport Protocol (CRTP)
- VRRP
- JSRP
- Stateful failover and dual box clustering
- SRX650:
- Redundant power (optional)
- Future GPIM hot swap (online insertion and removal, OIR)
- Future internal failover and SRE hot swap (OIR)
- Backup link via 3G/4G LTE wireless or other WAN
- Active/active-L3 mode2
- Active/passive-L3 mode2
- Configuration synchronization2
- Session synchronization for firewall and VPN2
- Session failover for routing change2
- Device failure detection2
- Link failure detection2
- IP Monitoring with route and interface failover
IPv6
- OSPFv3
- RIPng
- IPv6 Multicast Listener Discovery (MLD)
- BGP
- ISIS
Wireless
- CX111 Cellular Broadband Data Bridge supported on all branch SRX Series devices
- 3G ExpressCards supported on SRX210 with built-in ExpressCard slot
- AX411 Wireless LAN (WLAN) Access Point supported on all6
branch SRX Series devices - WLA Series Wireless LAN Access Points and WLC Series Wireless LAN Controllers are supported on branch SRX Series devices
SLA and Measurement
- Real-time performance monitoring (RPM)
- Sessions, packets, bandwidth usage
- J-Flow flow monitoring and accounting services
Logging and Monitoring
- Syslog
- Traceroute
- Extensive control- and data-plane structured and unstructured syslog
Administration
- Juniper Networks Network and Security Manager support (NSM)
- Juniper Networks Junos Space Security Design support
- Juniper Networks STRM Series Security Threat Response Managers support
- Juniper Networks Advanced Insight Solutions support
- External administrator database (RADIUS, LDAP, SecureID)
- Auto-configuration
- Configuration rollback
- Rescue configuration with button
- Commit confirm for changes
- Auto-record for diagnostics
- Junos OS upgrade with button
- Software upgrades (USB upgrade option)
- Juniper Junos Web, USB, HTTP, FTP, SSH
- Command-line interface
- Smart image download
Certifications3
- Common Criteria (CC) EAL44
- Common Criteria (CC) EAL3
- FIPS-140 Level 2
- Supported hardware versions of the FIPS 140-2 gateways: SRX100B, SRX210B, SRX240B and SRX650-BASE-SRE6-645AP with JNPR-FIPS-TAMPER-LBLS
- Roles, Services, and Authentication: Level 3
- EMI/EMC: Level 3
- Design Assurance: Level 3
- FIPS-approved algorithms: Triple-DES; AES; DSA; SHS;
- RNG; RSA; HMAC
- NEBS Compliance for SRX240, SRX650
- Department of Defense (DoD) Certification for SRX Series Services Gateways, including testing and certification by the Department of Defense Joint Interoperability Test Command (JITC) for interoperability with DoD networks and addition of the SRX Series Services Gateways to the Unified Capabilities Approved Product List (UC APL)
1. When UTM is enabled capacities supported are low memory specifications, on high memory system options.
2. When UTM is enabled concurrent sessions supported is 50% 0f value shown.
3. SRX100B installed with 1 GB DRAM, with 512 MB accessible. Optional upgrade to 1 GB DRAM is available with purchase of memory software license key.
4. SRX650 supports a single Services and Routing Engine (SRE) as of software release 11.2.
5. Throughput numbers based on HTTP traffic with 44 kilobyte transaction size.
6. Low memory/high memory
*There are several models available for the SRX210 including the enhanced version. Please contact your Juniper or partner account representative for more information.
** The additional software feature licenses apply to both the SRX100 and the SRX110. Available
in Q1, 2012 for SRX110.
Additional Features and Comparison:
Model: | SRX100 | SRX110 | SRX210 | SRX220 | SRX240 | SRX550 | SRX650 |
---|---|---|---|---|---|---|---|
Routing | |||||||
BGP instances | 5 | 5 | 10 | 16 | 20 | 56 | 64 |
BGP peers | 8 | 8 | 16 | 16 | 32 | 192 | 256 |
BGP routes | 4 K/8 K6 | 8 K | 4 K/8 K6 | 32 K | 32 K/64 K6 | 712 K | 800 K |
OSPF instances | 4 | 4 | 10 | 16 | 20 | 56 | 64 |
OSPF routes | 4 K/8 K6 | 8 K | 8 K/16 K6 | 32 K | 32 K/64 K6 | 712 K | 800 K |
RIP v1 / v2 instances | 4 | 4 | 10 | 16 | 20 | 56 | 64 |
RIP v2 routes | 4 K/8 K6 | 8 K | 8 K/16 K6 | 32 K | 32 K/64 K6 | 712 K | 800 K |
Static routes | 4 K/8 K6 | 8 K | 8 K/16 K6 | 32 K | 32 K/64 K6 | 712 K | 800 K |
Source-based routing | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
Policy-based routing | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
Equal-cost multipath (ECMP) | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
Reverse path forwarding (RPF) | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
IPsec VPN | SRX100 | SRX110 | SRX210 | SRX220 | SRX240 | SRX550 | SRX650 |
Concurrent VPN tunnels | 128 | 128 | 256 | 512 | 1,000 | 2,000 | 3,000 |
Tunnel interfaces | 10 | 10 | 64 | 64 | 128 | 456 | 512 |
DES (56-bit), 3DES (168-bit) and AES (256-bit) |
Yes | Yes | Yes | Yes | Yes | Yes | Yes |
MD-5 and SHA-1 authentication | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
Manual key, IKE, PKI (X.509) |
Yes | Yes | Yes | Yes | Yes | Yes | Yes |
Perfect forward secrecy (DH Groups) | 1, 2, 5 | 1, 2, 5 | 1, 2, 5 | 1, 2, 5 | 1, 2, 5 | 1, 2, 5 | 1, 2, 5 |
Prevent replay attack | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
Dynamic remote access VPN | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
IPsec NAT traversal | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
Redundant VPN gateways | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
Number of remote access users | 25 users | 25 users | 50 users | 150 users | 250 users | 500 users | 500 users |
User Authentication and Access Control | |||||||
Third-party user authentication | RADIUS, RSA SecureID, LDAP | RADIUS, RSA SecureID, LDAP | RADIUS, RSA SecureID, LDAP | RADIUS, RSA SecureID, LDAP | RADIUS, RSA SecureID, LDAP | RADIUS, RSA SecureID, LDAP | RADIUS, RSA SecureID, LDAP |
RADIUS accounting | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
XAUTH VPN, Web-based, 802.X authentication |
Yes | Yes | Yes | Yes | Yes | Yes | Yes |
PKI certificate requests (PKCS 7 and PKCS 10) |
Yes | Yes | Yes | Yes | Yes | Yes | Yes |
Certificate Authorities supported | VeriSign, Entrust, Microsoft, RSA Keon, iPLanet, (Netscape), Baltimore, DoD PKI | VeriSign, Entrust, Microsoft, RSA Keon, iPLanet, (Netscape), Baltimore, DoD PKI | VeriSign, Entrust, Microsoft, RSA Keon, iPLanet, (Netscape), Baltimore, DoD PKI | VeriSign, Entrust, Microsoft, RSA Keon, iPLanet, (Netscape), Baltimore, DoD PKI | VeriSign, Entrust, Microsoft, RSA Keon, iPLanet, (Netscape), Baltimore, DoD PKI | VeriSign, Entrust, Microsoft, RSA Keon, iPLanet, (Netscape), Baltimore, DoD PKI | VeriSign, Entrust, Microsoft, RSA Keon, iPLanet, (Netscape), Baltimore, DoD PKI |
Virtualization | SRX100 | SRX110 | SRX210 | SRX220 | SRX240 | SRX550 | SRX650 |
Maximum number of security zones | 10 | 10 | 12 | 24 | 32 | 96 | 128 |
Maximum number of virtual routers | 3 | 3 | 10 | 15 | 20 | 48 | 60 |
Maximum number of VLANs | 16 | 16 | 64 | 128 | 512 | 3,072 | 4,096 |
Encapsulations | SRX100 | SRX110 | SRX210 | SRX220 | SRX240 | SRX550 | SRX650 |
PPP/MLPPP | N/A | N/A | Yes | Yes | Yes | Yes | Yes |
PPPoE | N/A | Yes | Yes | Yes | Yes | Yes | 12 |
PPPoA | N/A | Yes | Yes | Yes | Yes | Yes | 12 |
MLPPP maximum physical interfaces | N/A | N/A | 1 | 2 | 4 | 12 | 12 |
Frame Relay | N/A | N/A | Yes | Yes | Yes | Yes | Yes |
MLFR (FRF .15, FRF .16) | N/A | N/A | Yes | Yes | Yes | Yes | Yes |
MLFR maximum physical interfaces | N/A | N/A | 1 | 2 | 4 | 12 | 12 |
HDLC | N/A | N/A | Yes | Yes | Yes | Yes | Yes |
Wireless | SRX100 | SRX110 | SRX210 | SRX220 | SRX240 | SRX550 | SRX650 |
CX111 3G Bridge support | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
Junos/SRX Series management of CX111 | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
Internal 3G ExpressCard slot support | No | No | Yes | No | No | No | No |
USB 3G/4G LTE support | Yes | Yes | Yes | No | No | No | No |
Max WLAN access points supported with AX411 | 2 | 2 | 4 | 4 | 4 | 4** | 4 |
WLA Series access points and WLC Series controllers supported | > 4 | > 4 | > 4 | > 4 | > 4 | > 4 | > 4 |
Certifications | SRX100 | SRX110 | SRX210 | SRX220 | SRX240 | SRX550 | SRX650 |
USA | |||||||
Safety certifications | UL 60950-1 | UL 60950-1 | UL 60950-1 | UL 60950-1 | UL 60950-1 | UL 60950-1 | UL 60950-1 |
EMC certifications | FCC Class B | FCC Class B10 | FCC Class A | FCC Class A | FCC Class A | FCC Class A | FCC Class A |
Network homologation | TIA-968 | TIA-968 | TIA-968 | TIA-968 | TIA-968 | TIA-966 | TIA-966 |
Canada | |||||||
Safety certifications | CSA 60950-1 | CSA 60950-1 | CSA 60950-1 | CSA 60950-1 | CSA 60950-1 | CSA 60950-1 | CSA 60950-1 |
EMC certifications | ICES class B | ICES Class B10 | ICES Class A | ICES Class A | ICES Class A | ICES Class A | ICES Class A |
Network homologation | CS-03 | CS-03 | CS-03 | CS-03 | CS-03 | CS-03 | CS-03 |
European Union | |||||||
Safety certifications | EN 60950-1 | EN 60950-1 | EN 60950-1 | EN 60950-1 | EN 60950-1 | EN 60950-1 | EN 60950-1 |
EMC certifications | EN 55022 Class B, EN 300 386 | EN 55022 Class B10, EN 300 386 | EN 55022 Class A, EN 300 386 | EN 55022 Class A, EN 300 386 | EN 55022 Class A, EN 300 386 | EN 55022 Class A, EN 300 386 | EN 55022 Class A, EN 300 386 |
Network homologation | CTR 12/13, CTR 21, DoC | CTR 12/13, CTR 21, DoC | CTR 12/13, CTR 21, DoC | CTR 12/13, CTR 21, DoC | CTR 12/13, CTR 21, DoC | CTR 12/13, DoC | CTR 12/13, DoC |
Japan | |||||||
Safety certifications | CB Scheme | CB Scheme | CB Scheme | CB Scheme | CB Scheme | CB Scheme | CB Scheme |
EMC certifications | VCCI Class B | VCCI Class B10 | VCCI Class A | VCCI Class A | VCCI Class A | VCCI Class A | VCCI Class A |
Network homologation | Certificate for Technical Conditions | Certificate for Technical Conditions | Certificate for Technical Conditions | Certificate for Technical Conditions | Certificate for Technical Conditions | Certificate for Technical Conditions | Certificate for Technical Conditions |
Australia | |||||||
Safety certifications | AS/NZS 60950-1 | AS/NZS 60950-1 | AS/NZS 60950-1 | AS/NZS 60950-1 | AS/NZS 60950-1 | AS/NZS 60950-1 | AS/NZS 60950-1 |
EMC certifications | AS/NZS CISPR22 Class B | AS/NZS CISPR22 Class B10 | AS/NZS CISPR22 Class A | AS/NZS CISPR22 Class A | AS/NZS CISPR22 Class A | AS/NZS CISPR22 Class A | AS/NZS CISPR22 Class A |
Network homologation | AS/ACIF S 002, S 016, S 043.1, S043.2 | AS/ACIF S 002, S 016, S 043.1, S043.2 | AS/ACIF S 002, S 016, S 043.1, S043.2 | AS/ACIF S 002, S 016, S 043.1, S043.2 | AS/ACIF S 002, S 016, S 043.1, S043.2 | AS/ACIF S 016 | AS/ACIF S 016 |
New Zealand | |||||||
Safety certifications | AS/NZS 60950-1 | AS/NZS 60950-1 | AS/NZS 60950-1 | AS/NZS 60950-1 | AS/NZS 60950-1 | AS/NZS 60950-1 | AS/NZS 60950-1 |
EMC certifications | AS/NZS CISPR22 Class B | AS/NZS CISPR22 Class B10 | AS/NZS CISPR22 Class A | AS/NZS CISPR22 Class A | AS/NZS CISPR22 Class A | AS/NZS CISPR22 Class A | AS/NZS CISPR22 Class A |
Network homologation | PTC 217, PTC 273 | PTC 217, PTC 273 | PTC 217, PTC 273 | PTC 217, PTC 273 | PTC 217, PTC 273 | PTC 217 | PTC 217 |
1. When UTM is enabled capacities supported are low memory specifications, on high memory system options.
2. When UTM is enabled concurrent sessions supported is 50% 0f value shown.
3. SRX100B installed with 1 GB DRAM, with 512 MB accessible. Optional upgrade to 1 GB DRAM is available with purchase of memory software license key.
4. SRX650 supports a single Services and Routing Engine (SRE) as of software release 11.2.
5. Throughput numbers based on HTTP traffic with 44 kilobyte transaction size.
6. Low memory/high memory
*There are several models available for the SRX210 including the enhanced version. Please contact your Juniper or partner account representative for more information.
** The additional software feature licenses apply to both the SRX100 and the SRX110. Available
in Q1, 2012 for SRX110.
Documentation:
Download the Juniper Networks SRX Series Services Gateways for the Branch Datasheet (PDF).
Pricing Notes:
- All Prices are Inclusive of GST
- Pricing and product availability subject to change without notice.
Our Price: Request a Quote