SRX3400 and SRX3600 Services Gateways

SRX3400 and SRX3600 Services Gateways
DATASHEET
SRX3400 AND
SRX3600 SERVICE
GATEWAYS
Product Overview
Juniper Networks SRX3000 line of
services gateways is the next-generation
solution for securing the ever-increasing
Product Description
Juniper Networks® SRX3400 Services Gateway and Juniper Networks SRX3600 Services
Gateway are next-generation services gateways that deliver market-leading scalability
and service integration in a mid-sized form factor. These devices are ideally suited for
medium to large enterprise, public sector and service provider networks, including:
network infrastructure and applications
• Enterprise server farms/data centers
requirements for both enterprise
• Aggregation of departmental or segmented security solutions
and service providers. Designed from
• Cloud and hosting provider data centers
the ground up to provide flexible
• Managed services deployments
processing scalability, I/O scalability,
Based on an innovative mid-plane design and Juniper’s dynamic services architecture,
and high integration, the SRX3000
the SRX3000 line resets the bar in price/performance for enterprise and service
line of services gateways can meet the
provider environments. Each services gateway can support near linear scalability with
network and security requirements of
each additional Services Processing Card (SPC), enabling the SRX3600 to support up
data center hyper-consolidation, rapid
to 30 Gbps of firewall throughput. The SPCs are designed to support a wide range of
managed services deployments, and
services enabling future support of new capabilities without the need for service-specific
aggregation of security solutions. Built
hardware. Using SPCs on all services ensures that there are no idle resources based on
on Juniper Networks Junos Software,
specific services in operation—maximizing hardware utilization.
incorporating Juniper’s rich routing
heritage and service provider reliability
with ScreenOS network security
heritage, the SRX3000 line offers
the high-feature/service integration
necessary to secure modern network
infrastructure and applications.
Market leading flexibility and price/performance of the SRX3000 line comes from the
modular architecture. Based on Juniper’s dynamic services architecture, the gateway
can be equipped with a flexible number of I/O cards (IOCs), network processing cards
(NPCs) and service processing cards (SPCs)—allowing the system to be configured to
support the ideal balance of performance and port density enabling each deployment
of the Juniper Networks SRX Series Services Gateways to be tailored to specific network
requirements. With this flexibility, the SRX3600 can be configured to support more than
100 Gbps interfaces with choices of Gigabit Ethernet or 10-Gigabit Ethernet ports; network
processing performance from 10 to 30 Gbps; and services processing to match specific
business needs.
The switch fabric employed in the services gateway enables the scalability of SPCs, NPCs
and IOCs. Supporting up to 320 Gbps of data transfer, the fabric enables the realization
of maximum processing and I/O capability available in any particular configuration. This
level of scalability and flexibility enables uninterrupted expansion and growth of the
network infrastructure, without the security solution being a barrier.
1
The flexibility of the SRX3000 line extends beyond the innovation
SRX3000 Line Service Processing Cards*
and proven benefit of the dynamic services architecture. Enabling
As the “brains” behind the SRX3000 line, SPCs are designed to
the installation of SPCs on both the front and the back of the
process all available services on the gateway. By eliminating the
SRX3000 line, the mid-plane design enables market-leading
need for dedicated hardware for specific services or capabilities,
flexibility and scalability. By doubling the number of SPCs
there are no instances in which any piece of hardware is taxed
supported in half the rack space needed, the SRX3000 line
to the limit while other hardware sits idle. All of the processing
offers not only the underlying architectural innovation but also
capabilities of the SPCs are used to support any and all services
innovative physical design.
and capabilities of the gateway. The same SPCs are supported on
The feature integration on SRX Series Services Gateways is
both the SRX3600 and SRX3400. (Note: A minimum of one NPC
enabled by Juniper Networks Junos® Software. By combining the
and one SPC is required for proper system functionality.)
routing heritage of Junos Software and the security heritage of
ScreenOS®, the SRX Series Services Gateways are equipped with
SRX3000 Line I/O Cards*
a robust list of features that include firewall, IPsec VPN, intrusion
In addition to supporting an ideal mix of built-in copper, small
prevention system (IPS), denial of service (DoS), Network Address
form-factor pluggable transceiver (SFP) and high availability
Translation (NAT), and quality of service (QoS). In addition,
(HA) ports, the SRX3000 line allows the greatest I/O port density
incorporating the various features under a single OS greatly
of any comparable offering in the same class. Each services
optimizes the flow of traffic through the services gateway. With
gateway in the SRX3000 line can be equipped with one or
Junos Software, the SRX Series enjoys the benefit of a single
several IOCs, each supporting either 16-gigabit interfaces (16 x
source OS, single release train, and one architecture that is also
1 copper or fiber Gigabit Ethernet), or 20-gigabit interfaces (2 x
available across Juniper’s carrier-class routers and switches.
10 Gigabit XFP Ethernet). With the flexibility to provide multiple
IOCs, the SRX3000 line can be equipped to support an ideal
SRX3600
balance between interfaces and processing capabilities. (Note: A
The SRX3600 Services Gateway is a market-leading security
minimum of one NPC and one SPC is required for proper system
solution supporting up to 30 Gbps firewall, 10 Gbps firewall
functionality.)
and IPS, or 10 Gbps of IPsec VPN along with up to 175,000 new
connections per second. Equipped with the full range of security
SRX3000 Line Network Processing Cards*
features, the SRX3600 is ideally suited for securing medium to
To ensure maximum processing performance and flexibility, the
large enterprise data centers, hosted or co-located data centers,
SRX3000 line utilizes NPCs to distribute inbound and outbound
or securing next-generation enterprise services/applications. It can
traffic to the appropriate SPCs and IOCs, apply QoS, and
also be deployed to secure cloud provider infrastructures where
enforce DoS/distributed denial of service (DDoS) protections.
multi-tenancy is a requirement. The scalability and flexibility
The SRX3600 can be configured to support one to three NPCs,
of the services gateway makes it ideal for consolidating legacy
while the SRX3400 can be configured to support one or two
security appliances in densely populated data centers, and the
NPCs. Providing additional NPCs to the SRX3000 line allows
service density makes it ideal for cloud providers. The SRX3600
organizations to tailor the solution to fit their specific performance
Services Gateway is managed by Juniper Networks Network and
requirements. (Note: A minimum of one NPC and one SPC is
Security Manager; the single application used to manage all
required for proper system functionality.)
Juniper Networks firewall, IPS, Secure Sockets Layer (SSL), Juniper
* The Juniper Networks SRX3000 line utilizes common form-factor
Networks Unified Access Control (UAC), and EX Series Ethernet
module (CFM) SPCs, NPCs, and IOCs. All modules are supported
Switch products.
on both the SRX3400 and SRX3600, but are not compatible with
SRX3400
The SRX3400 Services Gateway uses the same SPCs, IOCs and
NPCs as the SRX3600 and can support up to 20 Gbps firewall,
6 Gbps firewall and IPS, or 6 Gbps of IPsec VPN, along with up
to 175,000 new connections per second. The SRX3400 is ideally
suited for securing and segmenting enterprise data centers/
network infrastructure as well as aggregation of various security
solutions. The capability to support unique security policies per
zones and its ability to scale with the growth of the network
makes the SRX3400 an ideal deployment for small to midsized
server farms or hosting sites. The SRX3400 Services Gateway is
also managed by Juniper Networks Network and Security Manager.
2
Juniper Networks SRX5000 line of services gateways. Likewise, all
SRX5000 line modules are not compatible with the SRX3000 line.
Features and Benefits
Networking and Security
The SRX Series Services Gateways have been designed from the ground up to offer robust networking and security services.
FEATURE
FEATURE DESCRIPTION
BENEFITS
Purpose-built platform
Built from the ground up on dedicated hardware—
designed for networking and security services.
Delivers unrivaled performance and flexibility to protect
high-speed network environments.
Scalable performance
Offers scalable processing based on the Dynamic Services
Architecture.
Provides a simple and cost-effective solution to leverage
new services with appropriate processing.
System and network
resiliency
Provides carrier-class hardware design and proven OS.
Offers reliability needed for any critical high-speed
network deployments.
High availability (HA)
Active/passive and active/active HA configurations using
dedicated HA-control interfaces.
Achieve availability and resiliency necessary for critical
networks.
Interface flexibility
Offers flexible I/O options with modular CFM modules
based on the Dynamic Services Architecture.
Offers flexible I/O configuration and independent I/O
scalability to meet the needs of any particular network
requirements.
Network segmentation
Provides security zones, VLANs, and virtual routers that
allow administrators to deploy security policies to isolate
guests and regional servers or databases.
Features capabilities to tailor unique security and
networking policies for various internal, external, and DMZ
subgroups.
Robust routing engine
Has a dedicated routing engine that provides physical and
logical separation to data and control planes.
Enables deployment of consolidated routing and
security devices, as well as ensuring the security of
routing infrastructure—all via a dedicated management
environment.
Comprehensive threat
protection
Offers highly integrated features on Junos Software
including multi-gigabit firewall, IPsec VPN, IPS, DoS, and
other services.
Offers unmatched integration, ensuring network security
against all level of attacks.
Traffic Inspection Methods
The SRX Series supports various detection methods to accurately identify the application and traffic flow through the network.
FEATURE
FEATURE DESCRIPTION
BENEFITS
Protocol anomaly detection
Protocol usage against published RFCs is verified to detect
any violations or abuse.
Proactively protect network from undiscovered
vulnerabilities.
Traffic anomaly detection
Heuristic rules detect unexpected traffic patterns that may
suggest reconnaissance or attacks.
Proactively prevent reconnaissance activities or block
DDoS attacks.
IP spoofing detection
Validate IP addresses by checking allowed addresses
inside and outside the network.
Permit only authentic traffic while blocking disguised
sources.
DoS detection
SYN cookie-based protection from SYN flood attacks.
Protect your key network assets from being overwhelmed
with SYN floods.
IPS Capabilities
Juniper Networks IPS capabilities offer several unique features that assure the highest level of network security.
FEATURE
FEATURE DESCRIPTION
BENEFITS
Stateful signature
inspection
Signatures are applied only to relevant portions of the
network traffic determined by the appropriate protocol
context.
Minimize false positives and offer flexible signature
development.
Protocol decodes
More than 65 protocol decodes are supported along
with more than 500 contexts to enforce proper usage of
protocols.
Accuracy of signatures is improved through precise
contexts of protocols.
Signatures1
There are more than 6,000 signatures for identifying
anomalies, attacks, spyware, and applications.
Attacks are accurately identified and attempts at
exploiting a known vulnerability are detected.
Traffic normalization
Reassembly, normalization, and protocol decoding are
provided.
Overcome attempts to bypass other IPS detections by
using obfuscation methods.
Zero-day protection
Protocol anomaly detection and same-day coverage for
newly found vulnerabilities are provided.
Your network is already protected against any new
exploits.
Recommended policy
Group of attack signatures are identified by Juniper
Networks Security Team as critical for the typical
enterprise to protect against.
Installation and maintenance are simplified while ensuring
the highest network security.
3
Application Security
FEATURE
FEATURE DESCRIPTION
BENEFITS
Application awareness/
identification
Context, protocol information, and signatures are used to
identify applications on any TCP or UDP port.
Enable rules and policies based on application traffic
rather than ports—protect or police standard applications
on non-standard ports. (This also applies for applications
that do not have protocol decoders.)
Application denial of
services
Multi-stage detection methods used to identify and
mitigate distributed denial of service attacks targeting
applications.
Prevent service disruptions due to targeted attacks at
applications by filtering and blocking malicious traffic
while allowing legitimate traffic.
SSL inspection
Inspection of HTTP traffic encrypted in SSL on any TCP/
UDP port.
Combined with application identification, provides
visibility and protection against threats embedded in SSL
encrypted traffic.
Centralized Management
Network and Security Manager—the common management solution for all Juniper Networks firewall, IDP Series, SA Series SSL VPN
Appliances, UAC, and EX Series—manages the SRX Series Services Gateways.
1
FEATURE
FEATURE DESCRIPTION
BENEFITS
Role-based administration
More than 100 different activities can be assigned as
unique permissions for different administrators.
Streamline business operations by logically separating
and enforcing roles of various administrators.
Scheduled security update
SRX Series Services Gateways can be automatically
updated with new attack objects/signatures.
Get up-to-the-minute security coverage without manual
intervention.
Domains
Logical separation of devices, policies, reports, and other
management activities are permitted.
Conform to business operations by grouping devices
based on business practices.
Object locking
Safe concurrent modification to the management settings
is allowed.
Avoid incorrect configuration due to overwritten
management settings.
Scheduled database
backup
Automatic backup of NSM database is provided.
Provide configuration redundancy.
Job manager
View pending and completed jobs.
Simplify update of multiple devices.
As of August 2009, there are 6,200 signatures with approximately 10 new signatures added every week. Subscription to signature update service is required to receive new signatures.
SRX3400
4
SRX3600
Specifications
SRX3400
Maximum Performance and Capacity
SRX3600
2
Tested configuration to achieve performance, capacities and features listed below:
SRX3400 chassis equipped with four (4) SPCs, one (1) IOC, two (2) NCPs, and AC power supplies
SRX3600 chassis equipped with seven (7) SPCs, two (2) IOCs, three (3) NPCs, and AC power supplies
Junos Software version tested
Junos 10.0
Junos 10.0
Firewall performance (max)
10 / 20 Gbps
10 / 20 / 30 Gbps
Firewall performance (IMIX)
8 Gbps
18 Gbps
Firewall packets per second (64 bytes)
3 Mpps
6 Mpps
Maximum AES256+SHA-1 VPN performance
6 Gbps
10 Gbps
Maximum 3DES+SHA-1 VPN performance
6 Gbps
10 Gbps
Maximum IPS performance (NSS 4.2.1)
6 Gbps
10 Gbps
Maximum concurrent sessions
2.25 million
2.25 million
New sessions/second, (sustained, TCP, three-way)
175,000
175,000
Maximum security policies
40,000
40,000
Maximum user supported
Unrestricted
Unrestricted
Fixed I/O
8 10/100/1000 + 4 SFP
8 10/100/1000 + 4 SFP
LAN interface options
16 x 1 10/100/1000 copper
16 x 1 10/100/1000 copper
16 x 1 Gigabit Ethernet SFP
16 x 1 Gigabit Ethernet SFP
2 x 10-Gigabit Ethernet XFP
2 x 10-Gigabit Ethernet XFP
Four (front slots)
Six (front slots)
Up to four SPCs supported per chassis4
Up to seven SPCs supported per chassis
(any slot)
(any slot)
Network Connectivity
Maximum available slots for IOCs
Processing Scalability
Maximum available slots for SPCs3
Maximum available slots for NPCs3
Up to two NPCs supported per chassis
Up to three NPCs supported per chassis
(three rear slots)
(three rear-right slots)
Network attack detection
Yes
Yes
DoS and DDoS protection
Yes
Yes
TCP reassembly for fragmented packet protection
Yes
Yes
Brute-force attack mitigation
Yes
Yes
SYN cookie protection
Yes
Yes
Zone-based IP spoofing
Yes
Yes
Malformed packet protection
Yes
Yes
Tunnel interfaces
5,000
5,000
DES (56-bit), 3DES (168-bit), and AES encryption
Yes
Yes
MD5 and SHA-1 authentication
Yes
Yes
Manual key, IKE, PKI (X.509)
Yes
Yes
Perfect forward secrecy (DH groups)
1,2,5
1,2,5
Prevent replay attack
Yes
Yes
Remote access VPN
Yes
Yes
Redundant VPN gateways
Yes
Yes
4
Firewall
IPsec VPN
Performance, capacity, and features listed are based upon systems running Junos 10.0 and are measured under ideal testing conditions. SRX3400 DC-powered systems achieve lower performance
levels as fewer cards can be supported. Actual results may vary based on Junos releases and by deployment. For a complete list of supported Junos versions for the SRX Series Services Gateways,
please visit the Juniper Customer Support Center (www.juniper.net/customers/support/).
3
Each SRX3000 line of Services Gateways employ multiple common form-factor module (CFM) expansion slots on the front and rear of the chassis to allow custom configurations of I/O and
processing capacities based on customer requirements. SPCs and NPCs are supported on all available CFM slots. However, for proper system functionality and allowing for I/O expansion, the
SRX3400 supports a maximum of up to four SPCs and two NPCs per chassis, and the SRX3600 supports a maximum of up to seven SPCs and three NPCs per chassis. Please refer to the respective
hardware guides for more information on SPCs and NPCs as well as for guidelines on placements.
4
Refer to user guide for guidelines when using DC power supplies.
2
5
SRX3400
SRX3600
Stateful protocol signatures
Yes
Yes
Attack detection mechanisms
Stateful signatures, protocol anomaly
detection (zero-day coverage), application
identification
Stateful signatures, protocol anomaly
detection (zero-day coverage), application
identification
Attack response mechanisms
Drop connection, close connection, session
packet log, session summary, email,
custom session
Drop connection, close connection, session
packet log, session summary, email,
custom session
Attack notification mechanisms
Structured Syslog
Structured Syslog
Worm protection
Yes
Yes
Simplified installation through recommended policies
Yes
Yes
Trojan protection
Yes
Yes
Spyware/adware/keylogger protection
Yes
Yes
Other malware protection
Yes
Yes
Application denial of service protection
Yes
Yes
Protection against attack proliferation from infected systems
Yes
Yes
Reconnaissance protection
Yes
Yes
Request and response-side attack protection
Yes
Yes
Compound attacks—combines stateful signatures and protocol anomalies
Yes
Yes
Create custom attack signatures
Yes
Yes
Access contexts for customization
500+
500+
Attack editing (port range, other)
Yes
Yes
Stream signatures
Yes
Yes
Protocol thresholds
Yes
Yes
Stateful protocol signatures
Yes
Yes
Approximate number of attacks covered
6,000+
6,000+
Detailed threat descriptions and remediation/patch info
Yes
Yes
Create and enforce appropriate application-usage policies
Yes
Yes
Attacker and target audit trail and reporting
Yes
Yes
Frequency of updates
Daily and emergency
Daily and emergency
Destination NAT with PAT
Yes
Yes
Destination NAT within same subnet as ingress interface IP
Yes
Yes
Destination addresses and port numbers to one single address and a
specific port number (M:1P)
Yes
Yes
Destination addresses to one single address (M:1)
Yes
Yes
Destination addresses to another range of addresses (M:M)
Yes
Yes
Static Source NAT – IP-shifting DIP
Yes
Yes
Source NAT with PAT – port-translated
Yes
Yes
Source NAT without PAT – fix-port
Yes
Yes
Source NAT – IP address persistency
Yes
Yes
Source pool grouping
Yes
Yes
Source pool utilization alarm
Yes
Yes
Source IP outside of the interface subnet
Yes
Yes
Interface source NAT – interface DIP
Yes
Yes
Oversubscribed NAT pool with fallback to PAT when the address pool is
exhausted
Yes
Yes
Intrusion Prevention System
Destination Network Address Translation
Source Network Address Translation
6
SRX3400
SRX3600
Symmetric NAT
Yes
Yes
Allocate multiple ranges in NAT pool
Yes
Yes
Proxy ARP for physical port
Yes
Yes
Source NAT with loopback grouping – DIP loopback grouping
Yes
Yes
Built-in (internal) database
Yes
Yes
RADIUS accounting
Yes
Yes
Web-based authentication
Yes
Yes
UAC enforcement point
Yes
Yes
PKI certificate requests (PKCS 7 and PKCS 10)
Yes
Yes
Automated certificate enrollment (SCEP)
Yes
Yes
Certificate authorities supported
Yes
Yes
Self-signed certificates
Yes
Yes
Maximum number of security zones
256
256
Maximum number of virtual routers
256
256
Maximum number of VLANs per interface
4,096
4,096
Maximum number of L3 subinterfaces
16,384
16,384
BGP instances
128
128
BGP peers
2,000
2,000
BGP routes
1,000,000
1,000,000
OSPF instances
256
256
OSPF routes
1,000,000
1,000,000
RIP v1/v2 instances
50
50
RIP v2 table size
30,000
30,000
Dynamic routing
Yes
Yes
Static routes
Yes
Yes
Filter-based forwarding (FBF)
Yes
Yes
Equal-cost multipath (ECMP)
Yes
Yes
Reverse path forwarding (RPF)
Yes
Yes
Static
Yes
Yes
Dynamic Host Configuration Protocol (DHCP)
Yes
Yes
Internal DHCP server
Yes
Yes
DHCP relay
Yes
Yes
Maximum bandwidth
Yes
Yes
RFC2474 IP DiffServ in IPv4
Yes
Yes
Filters for CoS
Yes
Yes
Classification
Yes
Yes
Scheduling
Yes
Yes
Shaping
Yes
Yes
Intelligent Drop Mechanisms (WRED)
Yes
Yes
Source Network Address Translation (continued)
User Authentication and Access Control
Public Key Infrastructure (PKI) Support
Virtualization
Routing
IP Address Assignment
Traffic Management QoS
7
SRX3400
SRX3600
Three-level scheduling
Yes
Yes
Weighted round-robin for each level of scheduling
Yes
Yes
Priority of routing protocols
Yes
Yes
Active/passive, active/active
Yes
Yes
Low impact chassis cluster upgrades
Yes
Yes
Configuration synchronization
Yes
Yes
Session synchronization for firewall and IPsec VPN
Yes
Yes
Session failover for routing change
Yes
Yes
Device failure detection
Yes
Yes
Link failure detection
Yes
Yes
WebUI (HTTP and HTTPS)
Yes
Yes
Command-line interface (console)
Yes
Yes
Command-line interface (telnet)
Yes
Yes
Command-line interface (SSH)
Yes
Yes
Network and Security Manager version 2008.2 or later
Yes
Yes
Local administrator database support
Yes
Yes
External administrator database support
Yes
Yes
Restricted administrative networks
Yes
Yes
Root admin, admin, and read-only user levels
Yes
Yes
Software upgrades
Yes
Yes
Configuration rollback
Yes
Yes
Structured System Log
Yes
Yes
SNMP (v2/v3)
Yes
Yes
Traceroute
Yes
Yes
17.5 x 5.25 x 25.5 in
17.5 x 8.75 x 25.5 in
(44.5 x 13.3 x 64.8 cm)
(44.5 x 22.2 x 64.8 cm)
Chassis: 32.3 lb (14.7 kg)
Chassis: 43.6 lb (19.8 kg)
Fully configured: 75 lb (34.1 kg)
Fully configured: 115.7 lb (52.6 Kg)
Power supply (AC)
100 to 240 VAC
100 to 240 VAC
Power supply (DC)
-40 to -60 VDC
-40 to -60 VDC
Maximum power draw
1,200 W (AC power)
1,800 W (AC power)
1,020 W (DC power)
1,800 W (DC power)
1+1
2+1/2+2
Safety certifications
Yes
Yes
Electromagnetic compatibility (EMC) certifications
Yes
Yes
Operating temperature
32° to 104° F (0° to 40° C)
32° to 104° F (0° to 40° C)
Humidity
5% to 90% noncondensing humidity
5% to 90% noncondensing humidity
IP Address Assignment (continued)
High Availability
Management
Administration
Logging/Monitoring
Dimensions and Power
Dimensions (W x H x D)
Weight
Power supply redundancy
Certifications
Operating Environment
8
Juniper Networks Services and Support
Juniper Networks is the leader in performance-enabling services
MODEL NUMBER
and support, which are designed to accelerate, extend, and
CBL-PWR-C19S-132-UK
Power cord, AC, Great Britain & Ireland, C19 at
70-80 mm, 13 A/250 V, 2.5 mm, straight
CBL-PWR-C19S-151-US15
Power cord, AC, Japan/US, NEMA 5-15 to C19
at 70-80 mm, 15 A/125 V, 2.5 m, straight
CBL-PWR-C19S-152-AU
Power cord, AC, Australia/New Zealand, C19 at
70-80 mm, 15 A/250 V, 2.5 m, straight
CBL-PWR-C19S-162-CH
Power cord, AC, China, C19, 16 A/250 V,
2.5 m, straight
CBL-PWR-C19S-162-EU
Power cord, AC, Continental Europe, C19,
16 A/250 V, 2.5 m, RA
CBL-PWR-C19S-162-IT
Power cord, AC, Italy, C19 at 70-80 mm,
16 A/250 V, 2.5 m, straight
CBL-PWR-C19S-162-JP
Power cord, AC, Japan, NEMA 6-20 to C19,
16 A/250 V, 2.5 m, straight
CBL-PWR-C19S-162-JPL
Power cord, AC, Japan/US, C19 at
70-80 mm, 16 A/250 V, 2.5 m, straight, locking
plug
CBL-PWR-C19S-162-US
Power cord, AC, Japan/US, NEMA 6-20 to C19
at 70-80 mm, 16 A/250 V, 2.5 m, straight
CBL-PWR-C19S-162-USL
Power cord, AC, US, NEMA L6-20 to C19,
16 A/250 V, 2.5 m, straight, locking plug
optimize your high-performance network. Our services allow
you to bring revenue-generating capabilities online faster so
you can realize bigger productivity gains and faster rollouts of
new business models and ventures. At the same time, Juniper
Networks ensures operational excellence by optimizing your
network to maintain required levels of performance, reliability, and
availability. For more details, please visit www.juniper.net/us/en/
products-services/.
MODEL NUMBER
DESCRIPTION
Base System
SRX3400BASE-AC
SRX3400BASE-DC
SRX3400 chassis, midplane, fan, routing
engine, SFB-12 Gigabit Ethernet, AC PEM5 - no
power cord - no SPC - no NPC
SRX3400 chassis, midplane, fan, routing
engine, SFB-12 Gigabit Ethernet, DC PEM - no
SPC - no NPC
SRX3600BASE-AC
SRX3600 chassis, midplane, fan, routing
engine, SFB-12 Gigabit Ethernet, 2xAC PEM5 no power cords - no SPC - no NPC
SRX3600BASE-DC
SRX3600 Chassis, midplane, fan, routing
engine, SFB-12 Gigabit Ethernet, 2xDC PEM no SPC - no NPC
SRX3000 Line Components
SRX3K-SPC-1-10-40
SRX3000 line Services Processing Card with 1
GHz processor and 4 GB memory
SRX3K-NPC
SRX3000 line Network Processing Card
SRX3K-16GE-TX
16 x 1 10/100/1000 Copper CFM I/O Card for
SRX3000 line
SRX3K-16GE-SFP
16 x 1 Gigabit SFP Ethernet I/O Card for
SRX3000 line, no transceivers
SRX3K-2XGE-XFP
2 x 10 Gigabit XFP Ethernet I/O Card for
SRX3000 line, no transceivers
DESCRIPTION
C19 Straight Power Cables
AC power cords are not included. One C19-Straight cable with appropriate wall-plug for the
final destination of the system is required for each power supply.
5
About Juniper Networks
Juniper Networks, Inc. is the leader in high-performance
networking. Juniper offers a high-performance network
infrastructure that creates a responsive and trusted environment
for accelerating the deployment of services and applications
over a single network. This fuels high-performance businesses.
Additional information can be found at www.juniper.net.
Transceivers
SRX-SFP-1GE-LX
Small form-factor pluggable 1000BASE-LX
Gigabit Ethernet optic module
SRX-SFP-1GE-SX
Small form-factor pluggable 1000BASE-SX
Gigabit Ethernet optic module
SRX-SFP-1GE-T
Small form-factor pluggable 1000BASE-T
Gigabit Ethernet module
SRX-XFP-10GE-SR
10-Gigabit Ethernet pluggable transceiver,
short reach multimode
SRX-XFP-10GE-LR
10-Gigabit Ethernet pluggable transceiver,
10 Km, single mode
SRX-XFP-10GE-ER
10-Gigabit Ethernet pluggable transceiver,
40 Km, single mode
IPS Subscription
SRX3K-IDP
One year IPS signature subscription for
SRX3000 line
SRX3K-IDP-3
Three year IPS signature subscription for
SRX3000 line
9
Notes
10
Notes
11
Corporate and Sales Headquarters
APAC Headquarters
EMEA Headquarters
To purchase Juniper Networks solutions,
Juniper Networks, Inc.
Juniper Networks (Hong Kong)
Juniper Networks Ireland
please contact your Juniper Networks
1194 North Mathilda Avenue
26/F, Cityplaza One
Airside Business Park
Sunnyvale, CA 94089 USA
1111 King’s Road
Swords, County Dublin, Ireland
representative at 1-866-298-6428 or
Phone: 888.JUNIPER (888.586.4737)
Taikoo Shing, Hong Kong
Phone: 35.31.8903.600
or 408.745.2000
Phone: 852.2332.3636
Fax: 35.31.8903.601
Fax: 408.745.2100
Fax: 852.2574.7803
authorized reseller.
www.juniper.net
Copyright 2009 Juniper Networks, Inc. All rights reserved. Juniper Networks, the Juniper Networks logo, Junos, NetScreen,
and ScreenOS are registered trademarks of Juniper Networks, Inc. in the United States and other countries. Junos is a
trademark of Juniper Networks, Inc. All other trademarks, service marks, registered marks, or registered service marks are
the property of their respective owners. Juniper Networks assumes no responsibility for any inaccuracies in this document.
Juniper Networks reserves the right to change, modify, transfer, or otherwise revise this publication without notice.
1000267-006-EN Oct 2009
12
Printed on recycled paper
Was this manual useful for you? yes no
Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

Download PDF

advertising