Juniper Networks SRX1500 Services Gateway
High-Performance, Reduced Latency Firewalls for Data Centers and The Cloud-Enabled Enterprise
Our Price: Request a Quote
More pricing below, click here!
Please Note: All Prices are Inclusive of GST
SRX1500 Overview:
The SRX1500 Services Gateway is a next-generation firewall and security services gateway offering outstanding protection, performance, scalability, availability, and security service integration. Designed for port density, a high-performance security services architecture, and seamless integration of networking and security in a single platform, the SRX1500 is best suited for client protection in enterprise campus, regional headquarters or cloud-based security solutions with a focus on application visibility and control, intrusion prevention, and advanced threat protection. The SRX1500 is powered by Junos OS, the industry-leading operating system that keeps the world’s largest and most mission-critical enterprise networks secure.
Product Description
The Juniper Networks SRX1500 Services Gateway is a high-performance next-generation firewall and security services gateway that protects mission-critical enterprise campuses, regional headquarters, and data center networks. The SRX1500 is the only product in its class that not only provides best-in-class security and threat mitigation capabilities, but also integrates carrier-class routing and feature-rich switching in a single platform.
The SRX1500 delivers a next-generation security solution that supports the changing needs of cloud-enabled enterprise networks. Whether rolling out new services in an enterprise campus, connecting to the cloud, complying with industry standards, or achieving operational efficiency, the SRX1500 helps organizations realize their business objectives while providing scalable, easy to manage, secure connectivity and advanced threat mitigation capabilities. The SRX1500 protects key corporate assets as a nextgeneration firewall, acts as an enforcement point for cloud-based security solutions, and provides application visibility and control to improve the user and application experience.
A combination of new hardware and software architectures on the SRX1500 add significant performance improvements to a small 1 U form factor. The key to the SRX1500 hardware is the security flow accelerator, a programmable high-speed Layer 4 firewall chip, and a powerful x86-based security compute engine for advanced security services like application visibility, intrusion prevention, and threat mitigation capabilities. The SRX1500 software architecture leverages these programmable hardware components and virtualization to deliver high-speed firewall performance, application visibility, and intrusion prevention while lowering total cost of ownership (TCO).
The SRX1500 is purpose-built to protect 10GbE network environments, consolidating multiple security services and networking functions in a highly available appliance. It supports up to 9 Gbps of firewall performance, 3 Gbps of intrusion prevention, and 4 Gbps of IPsec VPN in enterprise campus, regional headquarters, and data center deployments.
Highlights
The SRX1500 Services Gateway delivers a full complement of next-generation firewall capabilities that use advanced application identification and classification to enable greater visibility, enforcement, control, and protection over the network. It provides detailed analysis on application volume and usage, fine-grained application control policies to allow or deny traffic based on dynamic application name or group names, and prioritization of traffic based on application information and contexts.
The SRX1500 recognizes more than 3,500 applications and nested applications in plaintext or SSL encrypted transactions. The SRX1500 also integrates with Microsoft Active Directory and combines user information with application data to provide network-wide application and user visibility and control.
For the perimeter, the SRX1500 Services Gateway offers a comprehensive suite of application security services, threat defenses, and intelligence services to protect networks from the latest content-borne threats. Integrated threat intelligence via Juniper Networks Spotlight Secure offers adaptive threat protection against command and control (C&C)-related botnets and policy enforcement based on GeoIP. Integrating the Juniper Networks Sky Advanced Threat Protection solution, the SRX1500 detects and enforces automated protection against known malware and zero-day threats with a very high degree of accuracy.
The SRX1500 enables agile SecOps through automation capabilities that support Zero Touch Deployment, Python scripts for orchestration, and event scripting for operational management. The SRX1500 Services Gateway runs Juniper Networks Junos operating system, a proven, carrier-hardened network OS that powers the top 100 service provider networks around the world. The rigorously tested carrier-class routing features of IPv4/IPv6, OSPF, BGP, and multicast have been proven in over 15 years of worldwide deployments.
Features & Benefits:
| Business Requirement | Feature/Solution | SRX1500 Advantages |
|---|---|---|
| High performance | Up to 9 Gbps of firewall performance |
|
| High quality end-user experience | Application visibility and control |
|
| Threat protection | Intrusion prevention system (IPS), antivirus, anti-spam, Spotlight Secure, Sky Advanced Threat Prevention |
|
| Professional-grade networking services | Routing, switching, and secure wire |
|
| Highly secure | IPsec VPN, secure boot |
|
| High reliability | Chassis cluster, redundant power supply |
|
| Easy to manage and scale | On-box GUI, Security Director |
|
| Lower TCO | Junos OS |
|
Technical Specifications:
| Business Requirement | Feature/Solution |
|---|---|
| Connectivity | |
| Total onboard ports | 16x1GbE and 4x10GbE |
| Onboard RJ-45 ports | 12x1GbE |
| Onboard small form-factor pluggable (SFP) transceiver ports | 4x1GbE |
| Onboard SFP+ ports | 4x10GbE |
| Out-of-Band (OOB) management ports | 1x1GbE |
| Dedicated high availability (HA) ports | 1x1GbE (SFP) |
| PIM slots | 2 |
| Console (RJ-45 + miniUSB) | 1 |
| USB 2.0 ports (type A) | 1 |
| Memory and Storage | |
| System memory (RAM) | 16 GB |
| Primary boot storage (mSATA) | 16 GB |
| Secondary storage (SSD) | 100 GB |
| Dimensions and Power | |
| Form factor | 1U |
| Size (WxHxD) | 17.5 x 1.75 x 18.2 in (44.45 x 4.44 x 46.22 cm) |
| Weight (device and PSU) | 16.1 lb (7.30 kg) |
| Redundant PSU | 1+1 |
| Power supply | AC/DC (external) |
| Average power consumption | 150 W |
| Average heat dissipation | 614 BTU / hour |
| Maximum current consumption | 8A (for AC PSU); 20A (for DC PSU) |
| Maximum inrush current | 50A by 1 AC cycle |
| Acoustic noise level | 66.5dBA |
| Airflow/cooling | Front to back |
| Operating temperature | 32° to 104° F (0° to 40° C) |
| Nonoperating temperature | 4° to 158° F (-20° to 70° C) |
| Operating humidity | 10% to 90% noncondensing |
| Nonoperating humidity | 5% to 95% noncondensing |
| Meantime between failures (MTBF) | 9.78 years (85,787 hours) |
| FCC classification | Class A |
| RoHS compliance | RoHS 2 |
| Performance and Scale | |
| Routing/firewall (64 B packet size) Mpps1 | 1.7 |
| Routing/firewall (IMIX packet size) Gbps1 | 5 |
| Routing/firewall (1,518 B packet size) Gbps1 | 9 |
| IPsec VPN (IMIX packet size) Gbps1 | 1.3 |
| IPsec VPN (1,400 B packet size) Gbps1 | 4 |
| Application visibility and control in Gbps2 | 5 |
| Recommended IPS in Gbps2 | 3 |
| Next-generation firewall in Gbps2 | 1.5 |
| Route table size (RIB/FIB) (IPv4 or IPv6) | 2 million / 1 million |
| Maximum concurrent sessions (IPv4 or IPv6) | 2,000,000 |
| Maximum security policies | 16,000 |
| Connections per second | 50,000 |
| NAT rules | 8,000 |
| Media access control (MAC) table size | 64,000 |
| IPsec VPN tunnels | 2,000 |
| GRE tunnels | 2,000 |
| Maximum security zones | 512 |
| Maximum virtual router | 512 |
| Maximum VLANs | 3,900 |
| AppID sessions | 512,000 |
| IPS sessions | 512,000 |
| URL filtering sessions | 512,000 |
Additional Specification Features:
Firewall Services
- Stateful and stateless firewall
- Zone-based firewall
- Screens and distributed denial of service (DDoS) protection
- Protection from protocol and traffic anomalies
- Integration with Pulse Unified Access Control (UAC)
- Integration with Aruba Clear Pass Policy Manager
- User role-based firewall
- SSL Inspection
Network Address Translation (NAT)
- Source NAT with Port Address Translation (PAT)
- Bidirectional 1:1 static NAT
- Destination NAT with PAT
- Persistent NAT
- IPv6 address translation
VPN Features
- Tunnels: Generic routing encapsulation (GRE)3, IP-IP3, IPsec
- Site-site IPsec VPN, auto VPN, group VPN
- IPsec crypto algorithms: Data Encryption Standard (DES), triple DES (3DES), Advanced Encryption Standard (AES- 256), AES-GCM
- IPsec authentication algorithms: MD5, SHA-1, SHA-128, SHA-256
- Pre-shared key and public key infrastructure (PKI) (X.509)
- Perfect forward secrecy, anti-reply
- IPv4 and IPv6 IPsec VPN
- Multi-proxy ID for site-site VPN
- Internet Key Exchange (IKEv1, IKEv2), NAT-T
- Virtual router and quality-of-service (QoS) aware
- Standard-based dead peer detection (DPD) support
- VPN monitoring
High Availability Features
- Virtual Router Redundancy Protocol (VRRP)
- Stateful high availability
- Dual box clustering
- Active/passive
- Active/active
- Configuration synchronization
- Firewall session synchronization
- Device/link detection
- In-Service Software Upgrade (ISSU)
- IP monitoring with route and interface failover
Application Security Services4
- Application visibility and control
- Application-based firewall
- Application QoS
- Application-based advanced policy-based routing
Threat Defense and Intelligence Services5
- Intrusion prevention
- Antivirus
- Antispam
- Category/reputation-based URL filtering
- Spotlight Secure threat intelligence
- Protection from botnets (command and control)
- Adaptive enforcement based on GeoIP
- Sky Advanced Threat Prevention to detect and block zeroday attacks
Routing Protocols
- IPv4, IPv6
- Static routes
- RIP v1/v2
- OSPF/OSPF v3
- BGP with Route Reflector
- IS-IS
- Multicast: Internet Group Management Protocol (IGMP) v1/v2; Protocol Independent Multicast (PIM) sparse mode (SM)/dense mode (DM)/source-specific multicast (SSM); Session Description Protocol (SDP); Distance Vector Multicast Routing Protocol (DVMRP); Multicast Source Discovery Protocol (MSDP); Reverse Path Forwarding (RPF)
- Encapsulation: VLAN, Point-to-Point Protocol over Ethernet (PPPoE)
- Virtual routers
- Policy-based routing, source-based routing
- Equal-cost multipath (ECMP)
- Support for 802.1p, DiffServ code point (DSCP), EXP
- Classification based on VLAN, data-link connection identifier (DLCI), interface, bundles, or multifield filters
- Marking, policing, and shaping
- Classification and scheduling
- Weighted random early detection (WRED)
- Guaranteed and maximum bandwidth
- Ingress traffic policing
- Virtual channels
- Hierarchical shaping and policing
- ASIC-based Layer 2 forwarding
- MAC address learning
- VLAN addressing and integrated routing and bridging (IRB) support
- Link aggregation and LACP
- LLDP and LLDP-MED
- STP, RSTP, MSTP
- MVRP
- 802.1X authentication
Network Services
- Dynamic Host Configuration Protocol (DHCP) client/server/ relay
- Domain Name System (DNS) proxy, dynamic DNS (DDNS)
- Juniper real-time performance monitoring (RPM) and IP monitoring
- Juniper flow monitoring (J-Flow)
Advanced Routing Services
- Packet mode
- MPLS (RSVP, LDP)
- Circuit cross-connect (CCC), translational cross-connect (TCC)
- L2/L2 MPLS VPN, pseudowires
- Virtual private LAN service (VPLS), next-generation multicast VPN (NG-MVPN)
- MPLS traffic engineering and MPLS fast reroute
Management, Automation, Logging, and Reporting
- SSH, Telnet, SNMP
- Smart image download
- Juniper CLI and Web UI
- Juniper Networks Junos Space and Security Director
- Python
- Junos OS even, commit and OP scripts
- Application and bandwidth usage reporting
- Auto installation
- Debug and troubleshooting tools
1 Performance numbers based on UDP packets and RFC2544 test methodology
2 Performance numbers based on HTTP traffic with 44 KB transaction size
3 GRE, IP-IP, and VRRP are not supported in stateful high-availability mode
4 Available as part of Juniper Software Enhanced (JSE/JE) software package or advanced security subscription license.
5 Offered as advanced security subscription license.
Views:
Top Front View
Front View
Rear View
Left Angle View
Right Angle View
Documentation:
Download the Juniper Networks SRX1500 Services Gateways Datasheet (PDF).
Pricing Notes:
- All Prices are Inclusive of GST
- Pricing and product availability subject to change without notice.
Our Price: Request a Quote
Our Price: Request a Quote
Our Price: Request a Quote
Our Price: Request a Quote
Our Price: Request a Quote
Our Price: Request a Quote
Our Price: Request a Quote
Our Price: Request a Quote
(SOFTWARE SUPPORT IS NOT INCLUDED, must be purchased separately)
Our Price: Request a Quote
(SOFTWARE SUPPORT IS NOT INCLUDED, must be purchased separately)
Our Price: Request a Quote
(SOFTWARE SUPPORT IS NOT INCLUDED, must be purchased separately)
Our Price: Request a Quote
(SOFTWARE SUPPORT IS NOT INCLUDED, must be purchased separately)
Our Price: Request a Quote
(SOFTWARE SUPPORT IS NOT INCLUDED, must be purchased separately)
Our Price: Request a Quote
Our Price: Request a Quote