Compatible Systems | DES I/O Card 10/100 | SRX3400 and SRX3600 Services Gateways

DATASHEET
SRX3400 and SRX3600
Services Gateways
Product Overview
Product Description
generation solution for securing
Juniper Networks® SRX3400 Services Gateway and Juniper Networks SRX3600 Services
Gateway are next-generation services gateways that deliver market-leading scalability
and service integration in a mid-sized form factor. These devices are ideally suited for
medium to large enterprise and service provider networks, including:
the ever-increasing network
• Enterprise server farms/data centers
infrastructure and applications
• Service provider data centers
requirements for both enterprise
• Aggregation of departmental or segmented security solutions
and service providers. Designed
• Service provider infrastructure security and managed services
from the ground up to provide
Based on an innovative mid-plane design and Juniper’s dynamic services architecture,
the SRX3000 line resets the bar in price/performance for enterprise and service
provider environments. Each services gateway can support near linear scalability with
each additional Services Processing Card (SPC), enabling the SRX3600 to support up
to 30 Gbps of firewall throughput. The SPCs are designed to support a wide range of
services enabling future support of new capabilities without the need for service-specific
hardware. Using SPCs on all services ensures that there are no idle resources based on
specific services in operation—maximizing hardware utilization.
Juniper Networks SRX3000 line
of services gateways is the next-
flexible processing scalability, I/O
scalability, and high integration,
the SRX3000 line of services
gateways can meet the network
and security requirements of data
center hyper-consolidation, rapid
managed services deployments, and
aggregation of security solutions.
Built on Juniper Networks JUNOS
Software, incorporating Juniper’s rich
routing heritage and service provider
reliability with ScreenOS network
security heritage, the SRX3000
line offers the high-feature/service
integration necessary to secure
modern network infrastructure and
applications.
Market leading flexibility and price/performance of the SRX3000 line comes from the
modular architecture. Based on Juniper’s dynamic services architecture, the gateway
can be equipped with a flexible number of I/O cards (IOCs), network processing cards
(NPCs) and service processing cards (SPCs)—allowing the system to be configured to
support the ideal balance of performance and port density enabling each deployment of
the Juniper Networks SRX Series Services Gateways to be tailored to specific network
requirements. With this flexibility, the SRX3600 can be configured to support more
than 100 Gbps interfaces with choices of Gigabit Ethernet or 10-Gigabit Ethernet ports;
network processing performance from 10 to 30 Gbps; and services processing to match
specific business needs.
The switch fabric employed in the services gateway enables the scalability of SPCs,
NPCs and IOCs. Supporting up to 320 Gbps of data transfer, the fabric enables the
realization of maximum processing and I/O capability available in any particular
configuration. This level of scalability and flexibility enables uninterrupted expansion and
growth of the network infrastructure, without the security solution being a barrier.
1
The flexibility of the SRX3000 line extends beyond the innovation
and proven benefit of the dynamic services architecture.
Enabling the installation of SPCs on both the front and the back
of the SRX3000 line, the mid-plane design enables marketleading flexibility and scalability. By doubling the number of
SPCs supported in half the rack space needed, the SRX3000 line
offers not only the underlying architectural innovation but also
innovative physical design.
The feature integration on SRX Series Services Gateways is
enabled by Juniper Networks JUNOS® Software. By combining
the routing heritage of JUNOS Software and the security heritage
of ScreenOS®, the SRX Series Services Gateways are equipped
with a robust list of features that include firewall, IPsec VPN,
intrusion prevention system (IPS), denial of service (DoS),
Network Address Translation (NAT), and quality of service (QoS).
In addition to the benefit of individual features, incorporating the
various features under a single OS greatly optimizes the flow of
traffic through the services gateway. With JUNOS Software, the
SRX Series enjoys the benefit of a single source OS, single
release train, and one architecture traditionally available on
Juniper’s service provider-class routers and switches.
SRX3600
The SRX3600 Services Gateway is a market-leading security
solution supporting up to 30 Gbps firewall, 10 Gbps firewall
and IPS, or 10 Gbps of IPsec VPN along with up to 175,000 new
connections per second. Equipped with the full range of security
features, the SRX3600 is ideally suited for securing medium
to large enterprise data centers, co-located data centers, or
securing next-generation enterprise services/applications. It
can also be deployed to secure service provider infrastructures
as well as for securing next-generation services. The scalability
and flexibility of the services gateway makes it ideal for
consolidating and growing data center requirements, as well
as the rapid service deployment requirements by service and
managed service providers. The SRX3600 Services Gateway is
managed by Juniper Networks Network and Security Manager;
the same management solution used in all Juniper Networks
firewall, IDP Series Intrusion Detection and Prevention
Appliances, SA Series SSL VPN Appliances, Unified Access
Control, and EX Series Ethernet Switches.
SRX3400
The SRX3400 Services Gateway uses the same SPCs, IOCs and
NPCs as the SRX3600 and can support up to 20 Gbps firewall,
6 Gbps firewall and IPS, or 6 Gbps of IPsec VPN, along with up
to 175,000 new connections per second. The SRX3400 is ideally
suited for securing and segmenting enterprise data centers/
network infrastructure as well as aggregation of various
2
security solutions. The capability to support unique security
policies per zones and its ability to scale with the growth of the
network makes the SRX3400 an ideal deployment for small to
midsized server farms or hosting sites. The SRX3400 Services
Gateway is also managed by Juniper Networks Network and
Security Manager.
SRX3000 Line Service Processing Cards*
As the “brains” behind the SRX3000 line, SPCs are designed to
process all available services on the gateway. By eliminating the
need for dedicated hardware for specific services or capabilities,
there are no instances in which any piece of hardware is taxed
to the limit while other hardware sits idle. All of the processing
capabilities of the SPCs are used to support any and all services
and capabilities of the gateway. The same SPCs are supported on
both the SRX3600 and SRX3400. (Note: A minimum of one NPC
and one SPC is required for proper system functionality.)
SRX3000 Line I/O Cards*
In addition to supporting an ideal mix of built-in copper, small
form-factor pluggable transceiver (SFP) and high availability
(HA) ports, the SRX3000 line allows the greatest I/O port density
of any comparable offering in the same class. Each services
gateway in the SRX3000 line can be equipped with one or
several IOCs, each supporting either 16-gigabit interfaces (16 x
1 copper or fiber Gigabit Ethernet), or 20-gigabit interfaces (2 x
10 Gigabit XFP Ethernet). With the flexibility to provide multiple
IOCs, the SRX3000 line can be equipped to support an ideal
balance between interfaces and processing capabilities. (Note: A
minimum of one NPC and one SPC is required for proper system
functionality.)
SRX3000 Line Network Processing Cards*
To ensure maximum processing performance and flexibility,
the SRX3000 line utilizes NPCs to distribute inbound and
outbound traffic to the appropriate SPCs and IOCs, apply
QoS, and enforce DoS/distributed denial of service (DDoS)
protections. The SRX3600 can be configured to support one to
three NPCs, while the SRX3400 can be configured to support
one or two NPCs. Providing additional NPCs to the SRX3000 line
allows organizations to tailor the solution to fit their specific
performance requirements. (Note: A minimum of one NPC and
one SPC is required for proper system functionality.)
* The Juniper Networks SRX3000 line utilizes common form-factor
module (CFM) SPCs, NPCs, and IOCs. All modules are supported on
both the SRX3400 and SRX3600, but are not compatible with Juniper
Networks SRX5000 line of services gateways. Likewise, all SRX5000
line modules are not compatible with the SRX3000 line.
Features and Benefits
Networking and Security
The SRX Series Services Gateways have been designed from the ground up to offer robust networking and security services.
Features
Feature Description
Benefit
Purpose-built platform
Built from the ground up on dedicated hardware—
designed for networking and security services.
Delivers unrivaled performance and flexibility to
protect high-speed network environments.
Scalable performance
Offers scalable processing based on the Dynamic
Services Architecture.
Provides a simple and cost-effective solution to
leverage new services with appropriate processing.
System and network
resiliency
Provides carrier-class hardware design and
proven OS.
Offers reliability needed for any critical high-speed
network deployments.
High availability (HA)
Has active/passive HA configuration that uses
dedicated HA-control interfaces.
Achieve availability and resiliency necessary for
critical networks.
Interface flexibility
Offers flexible I/O options with modular CFM
modules based on the Dynamic Services
Architecture.
Offers flexible I/O configuration and independent
I/O scalability to meet the needs of any particular
network requirements.
Network segmentation
Provides security zones, VLANs, and virtual routers
that allow administrators to deploy security policies
to isolate guests and regional servers or databases.
Features capabilities to tailor unique security and
networking policies for various internal, external,
and DMZ subgroups.
Robust routing engine
Has a dedicated routing engine that provides
physical and logical separation to data and control
planes.
Enables deployment of consolidated routing and
security devices, as well as ensuring the security
of routing infrastructure—all via a dedicated
management environment.
Comprehensive threat
protection
Offers highly integrated features on JUNOS Software Offers unmatched integration, ensuring network
including multi-gigabit firewall, IPsec VPN, IPS,
security against all level of attacks.
DoS, and other services.
Traffic Inspection Methods
The SRX Series supports various detection methods to accurately identify the application and traffic flow through the network.
Features
Feature Description
Benefit
Protocol anomaly detection
Protocol usage against published RFCs is verified to
detect any violations or abuse.
Proactively protect network from undiscovered
vulnerabilities.
Traffic anomaly detection
Heuristic rules detect unexpected traffic patterns
that may suggest reconnaissance or attacks.
Proactively prevent reconnaissance activities or
block DDoS attacks.
IP spoofing detection
Validate IP addresses by checking allowed
addresses inside and outside the network.
Permit only authentic traffic while blocking
disguised sources.
DoS detection
SYN cookie-based protection from SYN flood
attacks.
Protect your key network assets from being
overwhelmed with SYN floods.
3
IPS Capabilities
Juniper Networks IPS capabilities offer several unique features that assure the highest level of network security.
Features
Feature Description
Benefit
Stateful signature inspection
Signatures are applied only to relevant portions of
the network traffic determined by the appropriate
protocol context.
Minimize false positives and offer flexible signature
development.
Protocol decodes
More than 65 protocol decodes are supported along
with more than 500 contexts to enforce proper
usage of protocols.
Accuracy of signatures is improved through precise
contexts of protocols.
Signatures1
There are more than 6,000 signatures for identifying
anomalies, attacks, spyware, and applications.
Attacks are accurately identified and attempts at
exploiting a known vulnerability are detected.
Traffic normalization
Reassembly, normalization, and protocol decoding
are provided.
Overcome attempts to bypass other IPS detections
by using obfuscation methods.
Application awareness/
identification
Context, protocol information, and signatures are
used to identify applications on any TCP or UDP
port.
Enable rules and policies based on application
traffic rather than ports—protect or police standard
applications on non-standard ports. (This also
applies for applications that do not have protocol
decoders.)
Zero-day protection
Protocol anomaly detection and same-day coverage
for newly found vulnerabilities are provided.
Your network is already protected against any new
exploits.
Recommended policy
Group of attack signatures are identified by Juniper
Networks Security Team as critical for the typical
enterprise to protect against.
Installation and maintenance are simplified while
ensuring the highest network security.
Centralized Management
Network and Security Manager—the common management solution for all Juniper Networks firewall, IDP Series, SA Series SSL VPN
Appliances, UAC, and EX Series—manages the SRX Series Services Gateways.
Features
Feature Description
Benefit
Role-based administration
More than 100 different activities can be assigned as
unique permissions for different administrators.
Streamline business operations by logically
separating and enforcing roles of various
administrators.
Scheduled security update
SRX Series Services Gateways can be automatically
updated with new attack objects/signatures.
Get up-to-the-minute security coverage without
manual intervention.
Domains
Logical separation of devices, policies, reports, and
other management activities are permitted.
Conform to business operations by grouping devices
based on business practices.
Object locking
Safe concurrent modification to the management
settings is allowed.
Avoid incorrect configuration due to overwritten
management settings.
Scheduled database backup
Automatic backup of NSM database is provided.
Provide configuration redundancy.
Job manager
View pending and completed jobs.
Simplify update of multiple devices.
As of August 2009, there are 6,200 signatures with approximately 10 new signatures added every week. Subscription to signature update service is required to receive new signatures.
1
4
Simple, Flexible Deployment
Features
Feature Description
Benefits
Centralized policy
management
• Delivers centralized policy management when
deployed with NSM and SA Series SSL VPN
Appliances.
• Create common configuration templates that can
be shared between SA Series SSL VPN (remote
access control) and UAC (LAN access control)
deployments using NSM.
• NSM also delivers a single management server
that can configure many key components within a
UAC deployment.
• Delivers consistent remote and local access
control policy implementation and enforcement
across a distributed network.
• Makes possible and simplifies enterprise-wide
deployment of uniform network access control.
Open, standards-based
solution
• Leverages industry-standards like 802.1X,
RADIUS, IPsec, and innovative open standards,
such as TNC to deliver a standards-based access
control solution.
• Leverages existing 802.1X-enabled switches and
access points.
• Delivers standards-based, vendor-agnostic
access control and seamless support for
heterogeneous networking environments.
• Facilitates quick, simple, and flexible access
control deployments without requiring forklift
upgrades, saving time and cost.
• No single vendor lock-in.
Phased access control
deployment
• Innovative design allows organizations to start
controlling access virtually anywhere on their
network.
• Audit mode enables organizations to track user
and device policy compliance without enforcing
policies.
• Saves access control deployment time and cost.
• Enables users to become familiar with
policies and necessary compliance and allows
organizations to phase in policy compliance
enforcement.
Windows Statement of Health
(SOH) and embedded NAP
agent support
• Through the TNC SOH standard, allows
organizations to leverage their pre-installed
Microsoft Windows Vista and XP (SP3) clients with
UAC for access control.
• Allows the use of the Windows Security Center
(WSC) SOH in access control decisions.
• Can pass the SOH to a Microsoft NPS server for
external enforcement and validation of the SOH
and transmit the information back to the IC Series
UAC Appliance for use in access control decisions.
• Streamlines client deployment.
• Simplifies access control rollout and deployment.
Dynamic authentication policy
(leveraging existing AAA
investments)
• Leverages an organization’s existing investment
in directories, PKI, and strong authentication.
• Supports 802.1X, RADIUS, LDAP, Microsoft
Active Directory, RSA ACE/Server, Network
Information Service (NIS), certificate servers
(digital certificates/PKI), local login/password,
Netegrity SiteMinder (Computer Associates), RSA
Cleartrust, Oblix (Oracle), and RADIUS Proxy.
• Establishes a dynamic authentication policy for
each user session.
• RADIUS Proxy enables support for deployments
where certain authentications are supported by a
backend RADIUS server.
Automatic realm decisions
based on authentication
protocols
IC Series UAC Appliance can be configured to make
a realm selection based on the authentication
protocol in the request.
Improves and eases the administrative experience
by offering a simple way to solve a complex
challenge without requiring complicated
authentication schemes or configuration issues.
Role-based UAC Agent
download
Agent downloads can be based on role and
dynamically delivered in the appropriate manner
(agent-based or agent-less).
Enables agent-less or agent-based access to be
dynamically linked to a user and/or device identity,
instead of forcing an upfront selection.
5
SRX3400
SRX3600
Specifications
SRX3400
SRX3600
JUNOS 9.6
JUNOS 9.6
Firewall performance (max)
10 / 20 Gbps
10 / 20 / 30 Gbps
Firewall performance (IMIX)
8 Gbps
18 Gbps
Firewall packets per second (64 bytes)
3 Mpps
6 Mpps
Maximum AES256+SHA-1 VPN performance
6 Gbps
10 Gbps
Maximum 3DES+SHA-1 VPN performance
6 Gbps
10 Gbps
Maximum IPS performance (NSS 4.2.1)
6 Gbps
10 Gbps
Maximum concurrent sessions
1 million
2 million
New sessions/second, (sustained, TCP, three-way)
175,000
175,000
Maximum security policies
40,000
40,000
Maximum user supported
Unrestricted
Unrestricted
8 10/100/1000 + 4 SFP
8 10/100/1000 + 4 SFP
16 x 1 10/100/1000 copper
16 x 1 Gigabit Ethernet SFP
2 x 10-Gigabit Ethernet XFP
16 x 1 10/100/1000 copper
16 x 1 Gigabit Ethernet SFP
2 x 10-Gigabit Ethernet XFP
Four (front slots)
Six (front slots)
Maximum available slots for SPCs3
Up to four SPCs supported per chassis4
(any slot)
Up to seven SPCs supported per chassis
(any slot)
Maximum available slots for NPCs3
Up to two NPCs supported per chassis4
(three rear slots)
Up to three NPCs supported per chassis
(three rear-right slots)
Maximum Performance and Capacity
2
Tested configuration to achieve performance, capacities and features listed below:
SRX3400 chassis equipped with four (4) SPCs, one (1) IOC, two (2) NCPs, and AC power supplies
SRX3600 chassis equipped with seven (7) SPCs, two (2) IOCs, three (3) NPCs, and AC power supplies
JUNOS Software version tested
Network Connectivity
Fixed I/O
LAN interface options
Maximum available slots for IOCs
Processing Scalability
Performance, capacity, and features listed are based upon systems running JUNOS 9.6 and are measured under ideal testing conditions. SRX3400 DC-powered systems achieve lower performance levels
as fewer cards can be supported. Actual results may vary based on JUNOS releases and by deployment. For a complete list of supported JUNOS versions for the SRX Series Services Gateways, please
visit the Juniper Customer Support Center (www.juniper.net/customers/support/).
2
Each SRX3000 line of Services Gateways employ multiple common form-factor module (CFM) expansion slots on the front and rear of the chassis to allow custom configurations of I/O and processing
capacities based on customer requirements. SPCs and NPCs are supported on all available CFM slots. However, for proper system functionality and allowing for I/O expansion, the SRX3400 supports a
maximum of up to four SPCs and two NPCs per chassis, and the SRX3600 supports a maximum of up to seven SPCs and three NPCs per chassis. Please refer to the respective hardware guides for more
information on SPCs and NPCs as well as for guidelines on placements.
3
Refer to user guide for guidelines when using DC power supplies.
4
6
Specifications (continued)
SRX3400
SRX3600
Network attack detection
Yes
Yes
DoS and DDoS protection
Yes
Yes
TCP reassembly for fragmented packet protection
Yes
Yes
Brute-force attack mitigation
Yes
Yes
SYN cookie protection
Yes
Yes
Zone-based IP spoofing
Yes
Yes
Malformed packet protection
Yes
Yes
Firewall
IPsec VPN
Tunnel interfaces
5,000
5,000
DES (56-bit), 3DES (168-bit), and AES encryption
Yes
Yes
MD5 and SHA-1 authentication
Yes
Yes
Manual key, IKE, PKI (X.509)
Yes
Yes
1,2,5
1,2,5
Prevent replay attack
Yes
Yes
Remote access VPN
Yes
Yes
Redundant VPN gateways
Yes
Yes
Perfect forward secrecy (DH groups)
Intrusion Prevention System
Stateful protocol signatures
Yes
Yes
Attack detection mechanisms
Stateful signatures, protocol anomaly
detection (zero-day coverage), application
identification
Stateful signatures, protocol anomaly
detection (zero-day coverage), application
identification
Attack response mechanisms
Drop connection, close connection, session
packet log, session summary, email, custom
session
Drop connection, close connection, session
packet log, session summary, email, custom
session
Structured Syslog
Structured Syslog
Worm protection
Yes
Yes
Simplified installation through recommended policies
Yes
Yes
Trojan protection
Yes
Yes
Spyware/adware/keylogger protection
Yes
Yes
Other malware protection
Yes
Yes
Protection against attack proliferation from infected
systems
Yes
Yes
Reconnaissance protection
Yes
Yes
Request and response-side attack protection
Yes
Yes
Compound attacks—combines stateful signatures and
protocol anomalies
Yes
Yes
Attack notification mechanisms
Create custom attack signatures
Yes
Yes
Access contexts for customization
500+
500+
Attack editing (port range, other)
Yes
Yes
Stream signatures
Yes
Yes
Protocol thresholds
Yes
Yes
Stateful protocol signatures
Yes
Yes
7
Specifications (continued)
SRX3400
SRX3600
6,000+
6,000+
Detailed threat descriptions and remediation/patch info
Yes
Yes
Create and enforce appropriate application-usage policies
Yes
Yes
Intrusion Prevention System (continued)
Approximate number of attacks covered
Attacker and target audit trail and reporting
Yes
Yes
Daily and emergency
Daily and emergency
Destination NAT with PAT
Yes
Yes
Destination NAT within same subnet as ingress interface IP
Yes
Yes
Destination addresses and port numbers to one single
address and a specific port number (M:1P)
Yes
Yes
Destination addresses to one single address (M:1)
Yes
Yes
Destination addresses to another range of addresses (M:M)
Yes
Yes
Static Source NAT – IP-shifting DIP
Yes
Yes
Source NAT with PAT – port-translated
Yes
Yes
Source NAT without PAT – fix-port
Yes
Yes
Source NAT – IP address persistency
Yes
Yes
Source pool grouping
Yes
Yes
Source pool utilization alarm
Yes
Yes
Source IP outside of the interface subnet
Yes
Yes
Interface source NAT – interface DIP
Yes
Yes
Oversubscribed NAT pool with fallback to PAT when the
address pool is exhausted
Yes
Yes
Symmetric NAT
Yes
Yes
Allocate multiple ranges in NAT pool
Yes
Yes
Proxy ARP for physical port
Yes
Yes
Source NAT with loopback grouping – DIP loopback
grouping
Yes
Yes
Built-in (internal) database
Yes
Yes
RADIUS accounting
Yes
Yes
Web-based authentication
Yes
Yes
UAC enforcement point
Yes
Yes
PKI certificate requests (PKCS 7 and PKCS 10)
Yes
Yes
Automated certificate enrollment (SCEP)
Yes
Yes
Certificate authorities supported
Yes
Yes
Self-signed certificates
Yes
Yes
256
256
Frequency of updates
Destination Network Address Translation
Source Network Address Translation
User Authentication and Access Control
Public Key Infrastructure (PKI) Support
Virtualization
Maximum number of security zones
Maximum number of virtual routers
256
256
Maximum number of VLANs per interface
4,096
4,096
Maximum number of L3 subinterfaces
16,384
16,384
8
Specifications (continued)
SRX3400
SRX3600
128
128
BGP peers
2,000
2,000
BGP routes
1,000,000
1,000,000
256
256
1,000,000
1,000,000
50
50
RIP v2 table size
30,000
30,000
Dynamic routing
Yes
Yes
Static routes
Yes
Yes
Filter-based forwarding (FBF)
Yes
Yes
Equal-cost multipath (ECMP)
Yes
Yes
Reverse path forwarding (RPF)
Yes
Yes
Static
Yes
Yes
Dynamic Host Configuration Protocol (DHCP)
Yes
Yes
Internal DHCP server
Yes
Yes
DHCP relay
Yes
Yes
Maximum bandwidth
Yes
Yes
RFC2474 IP DiffServ in IPv4
Yes
Yes
Filters for CoS
Yes
Yes
Classification
Yes
Yes
Scheduling
Yes
Yes
Shaping
Yes
Yes
Intelligent Drop Mechanisms (WRED)
Yes
Yes
Three-level scheduling
Yes
Yes
Weighted round-robin for each level of scheduling
Yes
Yes
Priority of routing protocols
Yes
Yes
Active/passive, active/active
Yes
Yes
Configuration synchronization
Yes
Yes
Session synchronization for firewall and IPsec VPN
Yes
Yes
Session failover for routing change
Yes
Yes
Device failure detection
Yes
Yes
Link failure detection
Yes
Yes
WebUI (HTTP and HTTPS)
Yes
Yes
Command-line interface (console)
Yes
Yes
Command-line interface (telnet)
Yes
Yes
Command-line interface (SSH)
Yes
Yes
Network and Security Manager version 2008.2 or later
Yes
Yes
Routing
BGP instances
OSPF instances
OSPF routes
RIP v1/v2 instances
IP Address Assignment
Traffic Management QoS
High Availability
Management
9
Specifications (continued)
SRX3400
SRX3600
Local administrator database support
Yes
Yes
External administrator database support
Yes
Yes
Restricted administrative networks
Yes
Yes
Root admin, admin, and read-only user levels
Yes
Yes
Software upgrades
Yes
Yes
Configuration rollback
Yes
Yes
Structured System Log
Yes
Yes
SNMP (v2/v3)
Yes
Yes
Traceroute
Yes
Yes
17.5 x 5.25 x 25.5 in
(44.5 x 13.3 x 64.8 cm)
17.5 x 8.75 x 25.5 in
(44.5 x 22.2 x 64.8 cm)
Chassis: 32.3 lb (14.7 kg)
Fully configured: 75 lb (34.1 kg)
Chassis: 43.6 lb (19.8 kg)
Fully configured: 115.7 lb (52.6 Kg)
100 to 240 VAC
100 to 240 VAC
Administration
Logging/Monitoring
Dimensions and Power
Dimensions (W x H x D)
Weight
Power supply (AC)
Power supply (DC)
-40 to -60 VDC
-40 to -60 VDC
1,200 W (AC power)
1,020 W (DC power)
1,800 W (AC power)
1,800 W (DC power)
1+1
2+1/2+2
Safety certifications
Yes
Yes
Electromagnetic compatibility (EMC) certifications
Yes
Yes
Maximum power draw
Power supply redundancy
Certifications
Operating Environment
Operating temperature
Humidity
10
32° to 104° F (0° to 40° C)
32° to 104° F (0° to 40° C)
5% to 90% noncondensing humidity
5% to 90% noncondensing humidity
Performance-Enabling Services and Support
Juniper Networks is the leader in performance-enabling
services and support, which are designed to accelerate, extend,
and optimize your high-performance network. Our services
allow you to bring revenue-generating capabilities online faster
so you can realize bigger productivity gains, faster rollouts of
new business models and ventures, and greater market reach,
while generating higher levels of customer satisfaction. At the
same time, Juniper Networks ensures operational excellence
by optimizing your network to maintain required levels of
performance, reliability, and availability. For more details, please
visit www.juniper.net/products-services.
Model Number
Model Number
C19 Straight Power Cables
Description
Base System
SRX3400BASE-AC
SRX3400 chassis, midplane, fan, routing engine,
SFB-12 Gigabit Ethernet, AC PEM5 - no power
cord - no SPC - no NPC
SRX3400BASE-DC
SRX3400 chassis, midplane, fan, routing engine,
SFB-12 Gigabit Ethernet, DC PEM - no SPC no NPC
SRX3600BASE-AC
SRX3600 chassis, midplane, fan, routing engine,
SFB-12 Gigabit Ethernet, 2xAC PEM5 - no power
cords - no SPC - no NPC
SRX3600BASE-DC
SRX3600 Chassis, midplane, fan, routing engine,
SFB-12 Gigabit Ethernet, 2xDC PEM - no SPC no NPC
SRX3000 Line Components
SRX3K-SPC-1-10-40
SRX3000 line Services Processing Card with
1 GHz processor and 4 GB memory
SRX3K-NPC
SRX3000 line Network Processing Card
SRX3K-16GE-TX
16 x 1 10/100/1000 Copper CFM I/O Card for
SRX3000 line
SRX3K-16GE-SFP
16 x 1 Gigabit SFP Ethernet I/O Card for
SRX3000 line, no transceivers
SRX3K-2XGE-XFP
2 x 10 Gigabit XFP Ethernet I/O Card for
SRX3000 line, no transceivers
Description
CBL-PWR-C19S-132-UK
Power cord, AC, Great Britain & Ireland, C19 at
70-80 mm, 13 A/250 V, 2.5 mm, straight
CBL-PWR-C19S-151US15
Power cord, AC, Japan/US, NEMA 5-15 to C19 at
70-80 mm, 15 A/125 V, 2.5 m, straight
CBL-PWR-C19S-152-AU
Power cord, AC, Australia/New Zealand, C19 at
70-80 mm, 15 A/250 V, 2.5 m, straight
CBL-PWR-C19S-162-CH
Power cord, AC, China, C19, 16 A/250 V, 2.5 m,
straight
CBL-PWR-C19S-162-EU
Power cord, AC, Continental Europe, C19,
16 A/250 V, 2.5 m, RA
CBL-PWR-C19S-162-IT
Power cord, AC, Italy, C19 at 70-80 mm,
16 A/250 V, 2.5 m, straight
CBL-PWR-C19S-162-JP
Power cord, AC, Japan, NEMA 6-20 to C19,
16 A/250 V, 2.5 m, straight
CBL-PWR-C19S-162JPL
Power cord, AC, Japan/US, C19 at 70-80 mm,
16 A/250 V, 2.5 m, straight, locking plug
CBL-PWR-C19S-162-US
Power cord, AC, Japan/US, NEMA 6-20 to C19 at
70-80 mm, 16 A/250 V, 2.5 m, straight
CBL-PWR-C19S-162USL
Power cord, AC, US, NEMA L6-20 to C19,
16 A/250 V, 2.5 m, straight, locking plug
AC power cords are not included. One C19-Straight cable with appropriate wall-plug for the final
destination of the system is required for each power supply.
5
About Juniper Networks
Juniper Networks, Inc. is the leader in high-performance
networking. Juniper offers a high-performance network
infrastructure that creates a responsive and trusted environment
for accelerating the deployment of services and applications
over a single network. This fuels high-performance businesses.
Additional information can be found at www.juniper.net.
Transceivers
SRX-SFP-1GE-LX
Small form-factor pluggable 1000BASE-LX
Gigabit Ethernet optic module
SRX-SFP-1GE-SX
Small form-factor pluggable 1000BASE-SX
Gigabit Ethernet optic module
SRX-SFP-1GE-T
Small form-factor pluggable 1000BASE-T
Gigabit Ethernet module
SRX-XFP-10GE-SR
10-Gigabit Ethernet pluggable transceiver, short
reach multimode
SRX-XFP-10GE-LR
10-Gigabit Ethernet pluggable transceiver,
10 Km, single mode
SRX-XFP-10GE-ER
10-Gigabit Ethernet pluggable transceiver,
40 Km, single mode
IPS Subscription
SRX3K-IDP
One year IPS signature subscription for
SRX3000 line
SRX3K-IDP-3
Three year IPS signature subscription for
SRX3000 line
11
Corporate and Sales Headquarters
APAC Headquarters
EMEA Headquarters
Juniper Networks, Inc.
1194 North Mathilda Avenue
Sunnyvale, CA 94089 USA
Phone: 888.JUNIPER (888.586.4737)
or 408.745.2000
Fax: 408.745.2100
Juniper Networks (Hong Kong)
26/F, Cityplaza One
1111 King’s Road
Taikoo Shing, Hong Kong
Phone: 852.2332.3636
Fax: 852.2574.7803
Juniper Networks Ireland
Airside Business Park
Swords, County Dublin, Ireland
Phone: 35.31.8903.600
Fax: 35.31.8903.601
To purchase Juniper Networks solutions, please
contact your Juniper Networks representative
at 1-866-298-6428 or authorized reseller.
1000267-005-EN Aug 2009
12
Copyright 2009 Juniper Networks, Inc. All rights
reserved. Juniper Networks, the Juniper Networks
logo, JUNOS, NetScreen, and ScreenOS are
registered trademarks of Juniper Networks, Inc.
in the United States and other countries. JUNOSe
is a trademark of Juniper Networks, Inc. All
other trademarks, service marks, registered
marks, or registered service marks are the
property of their respective owners. Juniper
Networks assumes no responsibility for any
inaccuracies in this document. Juniper Networks
reserves the right to change, modify, transfer, or
otherwise revise this publication without notice.
Printed on recycled paper.
Download PDF

advertising