Description
Routing Protocols
- IPv4, IPv6, ISO, Connectionless Network Service (CLNS)
- Static routes
- RIP v1/v2
- OSPF/OSPF v3
- BGP with route reflector
- IS-IS
- Multicast: Internet Group Management Protocol (IGMP) v1/v2, Protocol Independent Multicast (PIM) sparse mode (SM)/dense mode (DM)/source-specific multicast (SSM), Session Description Protocol (SDP), Distance Vector Multicast Routing Protocol (DVMRP), Multicast Source Discovery Protocol (MSDP), Reverse Path Forwarding (RPF)
- Encapsulation: VLAN, Point-to-Point Protocol (PPP), Frame Relay, High-Level Data Link Control (HDLC), serial, Multilink Point-to-Point Protocol (MLPPP), Multilink Frame Relay (MLFR), and Point-to-Point Protocol over Ethernet (PPPoE)
- Virtual routers
- Policy-based routing, source-based routing
- Equal-cost multipath (ECMP)
QoS Features
- Support for 802.1p, DiffServ code point (DSCP), EXP
- Classification based on VLAN, data-link connection identifier (DLCI), interface, bundles, or multifield filters
- Marking, policing, and shaping
- Classification and scheduling
- Weighted random early detection (WRED)
- Guaranteed and maximum bandwidth
- Ingress traffic policing
- Virtual channels
- Hierarchical shaping and policing
Switching Features
- ASIC-based Layer 2 forwarding
- MAC address learning
- VLAN addressing and integrated routing and bridging (IRB) support
- Link aggregation and LACP
- Link Layer Discovery Protocol (LLDP) and Link Layer Discovery Protocol–Media Endpoint Discovery (LLDP-MED)
- Spanning Tree Protocol (STP), Rapid Spanning Tree Protocol (RSTP), Multiple Spanning Tree Protocol (MSTP)
- Multiple VLAN Registration Protocol (MVRP)
- 802.1X authentication
Firewall Services
- Stateful and stateless firewall
- Zone-based firewall
- Screens and distributed denial of service (DDoS) protection
- Protection from protocol and traffic anomaly
- Integration with Pulse Unified Access Control (UAC)
- Integration with Aruba Clear Pass Policy Manager
- User role-based firewall
- SSL Inspection (forward-proxy)
Network Address Translation (NAT)
- Source NAT with Port Address Translation (PAT)
- Bidirectional 1:1 static NAT
- Destination NAT with PAT
- Persistent NAT
- IPv6 address translation
VPN Features
- Tunnels: Site-to-Site, Hub and Spoke, Dynamic Endpoint, AutoVPN, ADVPN, Group VPN (IPv4/IPv6/Dual Stack)
- Juniper Secure Connect: Remote access/SSL VPN
- Configuration payload: Yes
- IKE Encryption algorithms: Prime, DES-CBC, 3DES-CBC, AEC-CBC, AES-GCM, SuiteB
- IKE authentication algorithms: MD5, SHA-1, SHA-128, SHA-256, SHA-384
- Authentication: Pre-shared key and public key infrastructure (PKI) (X.509)
- IPsec (Internet Protocol Security): Authentication Header (AH)/Encapsulating Security Payload (ESP) protocol
- IPsec Authentication Algorithms: hmac-md5, hmac-sha-196, hmac-sha-256
- IPsec Encryption Algorithms: Prime, DES-CBC, 3DES-CBC, AEC-CBC, AES-GCM, SuiteB
- Perfect forward secrecy, anti-reply
- Internet Key Exchange: IKEv1, IKEv2
- Monitoring: Standard-based dead peer detection (DPD) support, VPN monitoring
- VPNs GRE, IP-in-IP, and MPLS
Network Services
- Dynamic Host Configuration Protocol (DHCP) client/server/relay
- Domain Name System (DNS) proxy, dynamic DNS (DDNS)
- Juniper real-time performance monitoring (RPM) and IP-monitoring
- Juniper flow monitoring (J-Flow)
- Bidirectional Forwarding Detection (BFD)
- Two-Way Active Measurement Protocol (TWAMP)
- IEEE 802.3ah Link Fault Management (LFM)
- IEEE 802.1ag Connectivity Fault Management (CFM)
High Availability Features
- Virtual Router Redundancy Protocol (VRRP)
- Stateful high availability
- Dual box clustering
- Active/passive
- Active/active
- Configuration synchronization
- Firewall session synchronization
- Device/link detection
- In-Band Cluster Upgrade (ICU)
- Dial on-demand backup interfaces
- IP monitoring with route and interface failover
Management, Automation, Logging, and Reporting
- SSH, Telnet, SNMP
- Smart image download
- Juniper CLI and Web UI
- Mist AI
- Simplified management
- WAN Assurance
- Junos Space and Security Director
- Python, PyEz, and Ansible modules
- Junos OS event, commit, and OP script
- Application and bandwidth usage reporting
- Auto installation
- Debug and troubleshooting tools
- ZTP with Contrail Service Orchestration
Advanced Routing Services
- Packet mode
- MPLS (RSVP, LDP)
- Circuit cross-connect (CCC), translational cross-connect (TCC)
- L2/L3 MPLS VPN, pseudowires
- Virtual private LAN service (VPLS), next-generation multicast VPN (NG-MVPN)
- MPLS traffic engineering and MPLS fast reroute
Application Security Services
- Application visibility and control
- Application-based firewall
- Application QoS
Enhanced SD-WAN Services
- Application-based advanced policy-based routing (APBR)
- Application quality of experience (AppQoE)
- Application-based link monitoring and switchover with AppQoE
Threat Defense and Intelligence Services
- Intrusion prevention system (IPS)
- Antivirus
- Antispam
- Category/reputation-based URL filtering
- Protection from botnets (command and control)
- Adaptive enforcement based on GeoIP
- Juniper Advanced Threat Prevention to detect and block zero-day attacks
- Adaptive Threat Profiling
- Encrypted Traffic Insights
- Juniper SecIntel to provide threat intelligence
Hardware Specifications
Network Connectivity
- Fixed I/O: 6 x 10/100/1000 BASE-T + 4 small form-factor pluggable transceivers (SFP transceivers)
- I/O slots: 2 x SRX Series Mini-PIM, 6 x Gigabit-Backplane Physical Interface Module (GPIM) or multiple GPIM and XPIM combinations
- Services and Routing Engine slots: No
- WAN/LAN interface options: See ordering information
- Maximum number of PoE ports (PoE optional on some SRX Series models): Up to 40 ports of 802.3af/at with maximum 247 W
- USB: 2
Flash and Memory
- Memory (DRAM): 4 GB
- Memory slots: 2 DIMM
- Flash memory: 8 GB, CF internal
- USB port for external storage: Yes
Dimensions and Power
- Dimensions (W x H x D): 17.5 x 3.5 x 18.2 in (44.4 x 8.8 x 46.2 cm)
- Weight (device and power supply): 21.96 lb (9.96 kg) (no interface modules, 1 power supply)
- Rack-mountable: Yes, 2 U
- Power supply (AC): 100-240 VAC, single 645 W or dual 645 W
- Maximum PoE power: 247 W redundant, or 494 W non-redundant
- Average power consumption: 85 W
- Input frequency: 50-60 Hz
- Maximum current consumption: 7.5 A @ 100 VAC with single PSU with PoE, 10.5 A @ 100 VAC with dual PSU with PoE
- Maximum inrush current: 45 A for half-cycle
- Average heat dissipation: 238 BTU/hr
- Maximum heat dissipation: 1449 BTU/hr
- Redundant power supply (hot swappable): Yes (up to maximum capacity of single PSU)
- Acoustic noise level (per ISO 7779 Standard): 51.8 dB
Environmental, Compliance, and Safety Certification
- Operational temperature: 32° to 104° F (0° to 40° C)
- Nonoperational temperature: 4° to 158° F, (-20° to 70° C)
- Humidity (operating): 10% to 90% noncondensing
- Humidity (nonoperating): 5% to 95% noncondensing
- Mean time between failures (Telcordia model): 9.6 years with redundant power
- FCC classification: Class A
- RoHS compliance: Yes
Performance and Scale
- Firewall performance (large packets)2: 7 Gbps
- Firewall performance (IMIX)2: 2 Gbps
- Firewall + routing pps (64 Byte)2: 700 Kpps
- Firewall performance (HTTP)3: 2 Gbps
- IPsec VPN throughput (large packets): 1.0 Gbps
- IPsec VPN tunnels: 2000
- Application firewall4: 2.0 Gbps
- Intrusion prevention system (IPS)3: 800 Mbps
- Antivirus: 300 Mbps (Sophos antivirus)
- Connections per second: 27,000
- Maximum concurrent sessions: 375,000
- Maximum security policies: 8000
- Maximum users supported: Unrestricted
- Route table size (RIB/FIB) (IPv4 or IPv6): 1.5 million/750,000
- NAT rules: 6144
- MAC table size: 15,000
- Number of remote access/SSL VPN (concurrent) users: 500
- GRE tunnels: 1500
- Maximum number of security zones: 96
- Maximum number of virtual routers: 128
- Maximum number of VLANs: 3967
- AppID sessions: 65,000
- IPS sessions: 64,000
- URL filtering (URLF) sessions: 64,000