Power
| Input current |
1.75 A |
| Power supply |
60 W |
| Heat dissipation |
81 BTU/h |
| Input frequency |
50 - 60 Hz |
| Input voltage |
100 - 240 V |
Memory
| Flash memory |
2048 MB |
| Internal memory type |
DDR |
| Internal memory |
2048 MB |
Additionally
| Wireless connections |
Y |
| Ethernet LAN (RJ-45) ports quantity |
8 |
8x 10/100 Ethernet LAN, 2x USB, 3G, 2 GB DRAM, 100-240V AC, 50/60 Hz, 24W, 1U, 3.06 kg
<b>Network Deployments</b>
The SRX Series Services Gateways for the branch are deployed at remote, branch and Enterprise edge locations in the network to provide all-in-one secure WAN connectivity, and connection to local PCs and servers via integrated Ethernet switching.
<b>Next Generation Firewall</b>
SRX Series Services Gateways deliver next generation firewall protection with application wareness and extensive user role-based control options plus best-of-breed UTM to protect and control your business assets. Next generation firewalls are able to perform full packet inspection and can apply
security policies based on layer 7 information. This means you can create security policies based on
the application running across your network, the user who is receiving or sending network traffic or the content that is traveling across your network to protect your environment against threats, anage how your network bandwidth is allocated, and control who has access to what.
<b>AppSecure</b>
AppSecure is a suite of application security capabilities for Juniper Networks SRX Series services Gateways that identifies applications for greater visibility, enforcement, control, and protection of the network.
<b>Intrusion Prevention</b>
The intrusion prevention system (IPS) understands application behaviors and weaknesses to prevent application-borne security threats that are difficult to detect and stop.
<b>Unified Threat Management (UTM)</b>
SRX Series can include comprehensive content security against malware, viruses, phishing attacks, intrusions, spam and other threats with unified threat management (UTM). Get a best-of-breed solution with anti-virus, anti-spam, web filtering and content filtering at a great value by easily adding these services to your SRX Series Services Gateway. Cloud-based and on-box solutions are both available.
<b>User Firewall</b>
Juniper offers a range of user role-based firewall control solutions that support dynamic security policies. User role-based firewall capabilities are integrated with the SRX Series Services Gateways
for standard next generation firewall controls. More extensive, scalable, granular access controls for creating dynamic policies are available through the integration of SRX with a Juniper Unified Access Control solution.
<b>Adaptive Threat Intelligence</b>
To address the evolving threat landscape that has made it imperative to integrate external threat intelligence into the firewall for thwarting advanced malware and other threats, some SRX Series Services Gateways include threat intelligence via integration with Spotlight Secure. The Spotlight Secure threat intelligence platform aggregates threat feeds from multiple sources to deliver open, consolidated, actionable intelligence to SRX Series Services Gateways across the organization for policy enforcement. These sources include Juniper threat feeds, third party threat feeds and threat detection technologies that the customer can deploy.
<b>Secure Routing</b>
Many organizations use both a router and a firewall/VPN at their network edge to fulfill their networking and security needs. For many organizations, the SRX Series for the branch can fulfill both roles with one solution. Juniper built best-in-class routing, switching and firewall capabilities into one product.
SRX Series for the branch checks the traffic to see if it is legitimate and permissible, and only forwards it on when it is. This reduces the load on the network, allocates bandwidth for all other mission-critical applications, and secures the network from malicious users.
The main purpose of a secure router is to provide firewall protection and apply policies. The firewall (zone) functionality inspects traffic flows and state to ensure that originating and returning information in a session is expected and permitted for a particular zone. The security policy determines if the session can originate in one zone and traverse to another zone. Due to the architecture, SRX Series receives packets from a wide variety of clients and servers and keeps track of every session, of every application, and of every user. This allows the enterprise to make sure that only legitimate traffic is on its network and that traffic is flowing in the expected direction.
<b>High Availability</b>
Junos Services Redundancy Protocol (JSRP) is a core feature of the SRX Series for the branch. JSRP enables a pair of SRX Series systems to be easily integrated into a high availability network architecture, with redundant physical connections between the systems and the adjacent network switches. With link redundancy, Juniper Networks can address many common causes of system failures, such as a physical port going bad or a cable getting disconnected, to ensure that a connection is available without having to fail over the entire system. This is consistent with a typical active/standby nature of routing resiliency protocols.
When SRX Series Services Gateways for the branch are configured as an active/active HA pair, traffic and configuration is mirrored automatically to provide active firewall and VPN session maintenance in case of a failure. The branch SRX Series synchronizes both configuration and runtime information. As a result, during failover, synchronization of the following information
is shared: connection/session state and flow information, IPSec security associations, Network Address Translation (NAT) traffic, address book information, configuration changes, and more. In
contrast to the typical router active/standby resiliency protocols such as Virtual Router Redundancy Protocol (VRRP), all dynamic flow and session information is lost and must be reestablished
in the event of a failover. Some or all network sessions will have to restart depending on the convergence time of the links or nodes. By maintaining state, not only is the session preserved,
but security is kept intact. In an unstable network, this active/active configuration also mitigates link flapping affecting session performance.
<b>Session-Based Forwarding Without the Performance Hit</b>
In order to optimize the throughput and latency of the combined router and firewall, Junos OS implements session-based forwarding, an innovation that combines the session state information of a traditional firewall and the next-hop forwarding of a classic router into a single operation. With Junos OS, a session that is permitted by the forwarding policy is added to the forwarding table along with a pointer to the next-hop route. Established sessions have a single table lookup to verify that the session has been permitted and to find the next hop. This efficient algorithm improves throughput and lowers latency for session traffic when compared with a classic router that performs multiple table lookups to verify session information and then to find a next-
hop route.
Figure 3 shows the session-based forwarding algorithm. When a new session is established, the session-based architecture within Junos OS verifies that the session is allowed by the forwarding
policies. If the session is allowed, Junos OS will look up the next-hop route in the routing table. It then inserts the session and the next-hop route into the session and forwarding table and forwards the packet. Subsequent packets for the established session require a single table lookup in the session and forwarding table, and are forwarded to the egress interface.
