SRX-series Services Gateway
| The Juniper Networks SRX 5600 and SRX 5800 are engineered from the ground up to offer robust networking and security services. Based on our revolutionary Dynamic Services Architecture and powered by our proven JUNOS® Software, the SRX services gateways deliver a next-generation solution for securing enterprise and service provider infrastructure and applications. |  |
Overview
Based on our revolutionary Dynamic Services Architecture, the SRX 5000 line of services gateways provides unrivaled performance and scalability to ensure uninterrupted expansion and growth of your network infrastructure without sacrificing security. The SRX 5600 and the SRX 5800 are designed to meet the network and security requirements for data center hyper-consolidation, rapid managed services deployments, and aggregation of security services.
To see this video, get the Flash Player.
Features
- Scalable performance: The Dynamic Services Architecture allows the SRX to leverage new services with appropriate processing capabilities without sacrificing overall system performance.
- System and network resiliency: Carrier-class reliability based on features ranging from redundant hardware and components to JUNOS, our proven OS.
- Interface flexibility: Highly flexible I/O configuration and independent I/O scalability meet the needs of virtually any network environment.
- Network segmentation: Security zone, virtual LANs (VLANs), and virtual routers allow administrators to tailor security and networking policies for various internal, external, and demilitarized zone (DMZ) subgroups.
- Robust routing engine: Carrier-class routing engine provides physical and logical separation of data and control planes to allow deployment of consolidated routing and security devices and ensure the security of routing infrastructures.
- Comprehensive threat protection: Integrated security features and services include a multi-gigabit firewall, intrusion detection and prevention (IDP), denial of service (DoS), network address translation (NAT), and quality of service (QoS).
Specs
SRX 5000 Services Gateways Datasheet
961 KB
| Intrusion Detection and Prevention | SRX 5600 | SRX 5800 |
|---|---|---|
| JUNOS Software version tested | JUNOS 9.2 R2 | JUNOS 9.2 R2 |
| Firewall performance (max) | 60 Gbps | 120 Gbps |
| IDP performance (NSS 4.2.1) | 15 Gbps | 30 Gbps |
| Maximum concurrent sessions | 4 Million | 4 Million |
| New sessions/second (sustained, TCP, 3-way) | 350,000 | 350,000 |
| Maximum security policies | 80,000 | 80,000 |
| Maximum user supported | Unrestricted | Unrestricted |
| Maximum available slots for IOCs | 5 | 11 |
| LAN interface options | 40 x 1 Gigabit Ethernet SFP 4 x 10 Gigabit Ethernet ((short reach (SR) or long reach (LR)) |
40 x 1 Gigabit Ethernet small form-factor pluggable transceiver (SFP) 4 x 10 Gigabit Ethernet (SR or LR) |
| High Availability Support | Active/Passive | Active/Passive |
| Firewall | ||
| Network attack detection | Yes | Yes |
| DoS and DDoS protection | Yes | Yes |
| TCP reassembly for fragmented packet protection | Yes | Yes |
| Brute force attack mitigation | Yes | Yes |
| SYN cookie protection | Yes | Yes |
| Zone-based IP spoofing | Yes | Yes |
| Malformed packet protection | Yes | Yes |
| Stateful protocol signatures | Yes | Yes |
| Attack detection mechanisms | Stateful signatures, protocol anomaly detection (zero-day coverage), application identification | Stateful signatures, protocol anomaly detection (zero-day coverage), application identification |
| Attack response mechanisms | Drop connection, close connection, session packet log, session summary, email, custom session | Drop connection, close connection, session packet log, session summary, email, custom session |
| Attack notification mechanisms | Structured syslog | Structured syslog |
| Worm protection | Yes | Yes |
| Simplified installation through recommended policies | Yes | Yes |
| Trojan protection | Yes | Yes |
| Spyware/adware/keylogger protection | Yes | Yes |
| Other malware protection | Yes | Yes |
| Protection against attack proliferation from infected systems | Yes | Yes |
| Reconnaissance protection | Yes | Yes |
| Request and response side attack protection | Yes | Yes |
| Compound attacks — combines stateful signatures and protocol anomalies | Yes | Yes |
| Create custom attack signatures | Yes | Yes |
| Access contexts for customization | 500+ | 500+ |
| Attack editing (port range, other) | Yes | Yes |
| Stream signatures | Yes | Yes |
| Protocol thresholds | Yes | Yes |
| Stateful protocol signatures | Yes | Yes |
| Approximate number of attacks covered | 5,500+ | 5,500+ |
| Detailed threat descriptions and remediation/patch info | Yes | Yes |
| Create and enforce appropriate application-usage policies | Yes | Yes |
| Attacker and target audit trail and reporting | Yes | Yes |
| Deployment modes | Inline or TAP | Inline or TAP |
For complete SRX-series specifications, please refer to the datasheet.
Multimedia
Video
- SRX Services Gateway Introduction
- SRX 5000 Video Datasheet: Dynamic Service Architecture
- Executive Point of View: Mark Bauhaus and Michael Frendo
- Financial Enterprise Customer Spotlight: Sam Ghelfi, Raymond James
- Service Provider Customer Spotlight: Côté, Bell Canada
- Analyst Point Of View: Ray Mota, Synergy Research Group
Podcast
Demos
- SRX Services Gateway Product Tour
- SRX-series Services Gateways
Delivering a Scalable, Secure Solution for Network-Based Managed Service Providers - Security at Unprecendented Scale and Flexibility in SP Data Centers
3D-Modell
Literature
Brochures
- Security Portfolio: Juniper Networks Integrated Firewall/VPN Platforms716 KB
- Security at Unprecedented Scale and Flexibility in Service Provider Data Centers244 KB
Datasheets
Solution Briefs
- SRX-Series Services Gateways244 KB
Delivering a Scalable, Secure Solution for Network-Based Managed Service Providers
White Papers
- The Dawn of Network Security Super Gateways (NSSGs)398 KB
Charlotte Dunlap and Jon Oltsik, ESG
At-a-Glance