Juniper SRX 5400
Juniper SRX 5400
The SRX5400 Services Gateway is a next-generation security platform ideally suited for service provider, large enterprise and public sector networks. It is based on a revolutionary new architecture and utilizes new line cards to provide market-leading connectivity, performance and service integration.
Its superior price/performance value and small footprint makes the SRX5400 Services Gateway ideal for securing enterprise edges and data centers, service provider infrastructures, and next-generation services and applications.
The SRX5400 supports up to 65 Gbps firewall and 22 Gbps IPS, as well as 450,000 new connections per second and 28 million concurrent user sessions. It offers 10GbE, 40GbE, and 100GbE connectivity options.
The SRX5400 Services Gateway uses the IOCII and SPCII and can support up to 65 Gbps firewall and 22 Gbps IPS. The SRX5400 is a small footprint, high-performance gateway ideally suited for securing large enterprise campuses as well as data centers, either for edge or core security deployments. The capability to support unique security policies per zone and a compelling price/performance/footprint ratio make the SRX5400 an optimal solution for edge or data center services in large enterprise, service provider, or mobile operator environments.
Juniper Networks SRX Series Services Gateways are next-generation security platforms based on a revolutionary architecture offering outstanding protection, performance, scalability, availability, and security service integration. Custom designed for flexible processing scalability, I/O scalability, and services integration, the SRX Series exceeds the security requirements of data center consolidation and services aggregation. The SRX Series is powered by Junos OS, the same industry-leading operating system platform that keeps the world’s largest networks available, manageable, and secure for the data center.
The Juniper Networks SRX5400, SRX5600, and SRX5800 Services Gateways are next-generation security platforms based on a revolutionary architecture that provides marketleading performance, scalability, and service integration. These devices are ideally suited for service provider, large enterprise, and public sector networks, including:
+ Cloud and hosting provider data centers
+ Mobile operator environments
+ Managed service providers
+ Core service provider infrastructures
+ Large enterprise data centers
Based on Juniper’s dynamic services architecture, the SRX5000 line provides unrivaled scalability and performance. Each services gateway can support near linear scalability, with the addition of Services Processing Cards (SPCs) enabling a fully equipped SRX5800 to support up to 300 Gbps firewall throughput. The SPCs are designed to support a wide range of services, enabling future support of new capabilities without the need for servicespecific hardware. Using SPCs on all services ensures that there are no idle resources based on specific services being used—maximizing hardware utilization.
The scalability and flexibility of the SRX5000 line is supported by equally robust interfaces. The SRX5000 line employs a modular approach to interfaces, where each platform can be equipped with a flexible number of input/output cards (IOCs) that offer a wide range of connectivity options—from 1GbE to 100GbE interfaces. With the IOCs sharing the same interface slot as the SPCs, the gateway can be configured as needed to support the ideal balance of processing and I/O. Hence, each deployment of the SRX Series can be tailored to specific network requirements. With this flexibility, the SRX5800 can be configured to support more than 400GbE ports, or 220 10GbE, 22 100GbE, or 44 40GbE ports.
The scalability of both SPCs and IOCs in the SRX5000 line is enabled by the custom designed switch fabric. Supporting up to 960 Gbps of data transfer, the fabric enables realization of maximum processing and I/O capability available in any particular configuration. This level of scalability and flexibility facilitates future expansion and growth of the network infrastructure, providing unrivaled investment protection.
The tight service integration on the SRX Series is enabled by Juniper Networks Junos operating system. By combining the routing heritage of Junos OS and the security heritage of ScreenOS, the SRX Series is equipped with a robust list of services that include firewall, intrusion prevention system (IPS), denial of service (DoS), application security, Network Address Translation (NAT), and quality of service (QoS). In addition to the benefit of individual services, incorporating multiple security and networking services within one OS greatly optimizes the flow of traffic through the platform. Network traffic no longer needs to be routed across multiple data paths/cards or even disparate operating systems within a single gateway.
Junos OS also delivers carrier-class reliability to the already redundant SRX Series. The SRX Series enjoys the benefit of a single source OS, and single integrated architecture traditionally available on Juniper’s carrier-class routers and switches.
Specification
STT | Model | SRX5400 |
1 | Performance and Capacity | |
Junos OS version tested | Junos OS 18.2 | |
Firewall performance, IMIX | 270 Gbps | |
Express Path Firewall Performance, IMIX | 240 Gbps per IOC3 480 Gbps per IOC4 | |
Next-Generation Firewall Performance | 100 Gbps | |
Latency (stateful firewall) | ~32µsec | |
AES256+SHA-1 IMIX VPN performance | 60 Gbps | |
Maximum IPsec power mode performance (IKEv2 AES256, IMIX) | 140 Gbps | |
Maximum IPS performance | 230 Gbps | |
Maximum concurrent sessions | 91,000,000 | |
New sessions/second (sustained, tcp, 3way, firewall NAT) | 1.7/1 Million | |
IPSec VPN (Site-to-site & Tunel Intterfaces) | 15,000 | |
Maximum user supported | Unrestricted | |
2 | Network Connectivity | |
Maximum available slots for IOCs | 2 | |
IOC4 options (SRX5K-IOC4-MRAT; SRX5K-IOC4-10G) | 40x10GbE SFP+ or 12xQSFP+/QSFP28 multirate | |
IOC3 options (SRX5K-MPC3-100G10G; SRX5K-MPC3-40G10G) | 2x100GbE CFP2 and 4x10GbE SFP+ or 6x40GbE QSFP+ and 24x10GbE SFP+ | |
IOC2 options (SRX5K-MPC) | Supports 2 pluggable MIC modules per card. MICs can be mixed from the following models: 20 x 1GbE SFP (SRX-MIC-20GE-SFP) 10 x 10GbE SFP+ (SRX-MIC-10XG-SFPP) 2 x 40GbE QSFP (SRX-MIC-2X40G-QSFP) 1 x 100GbE CFP (SRX-MIC-1X100G-CFP) | |
3 | Processing Scalability | |
Maximum available slots for SPCs | 2 | |
Services Process Card (SPC) options | SPC3: Quad 14 core Intel CPU complexes | |
4 | Virtualization | |
Maximum custom routing instances with data plane separation | 2000 | |
Maximum security zones | 2000 | |
Maximum virtual firewalls with data plane and administrative separation (logical/tenant systems) | 500 | |
Additional off-platform virtual firewall option with Juniper Networks vSRX Virtual Firewall (VM based) | Unlimited | |
Maximum number of VLANs | 4096 | |
5 | Dimensions and Power | |
Dimensions (W x H x D) | 17.45 x 8.7 x 24.5 in (44.3 x 22.1 x 62.2 cm) | |
Weight | Fully configured 128 lb (58.1 kg) | |
Power supply (AC) | 100 to 240 VAC | |
Power supply (DC) | -40 to -60 VDC | |
Maximum power | 4,100 W (AC high capacity) | |
Typical Power | 1540 W | |
6 | Environmental | |
Operating temperature – long term | 41° to 104° F (5° to 40° C) | |
Operating temperature – short term | 23° to 131° F (-5° to 55° C) | |
Humidity – long term | 5% to 85% noncondensing | |
Humidity – short term | 5% to 93% noncondensing but not to exceed 0.026 kg water/kg of dry air | |
7 | Certifications | |
Safety certifications | Yes | |
Electromagnetic Compatibility (EMC) certifications | Yes | |
RoHS2 Compliant (European Directive 2011/65/EU) | Yes |
Subscriptions
Licensed Software Feature |
Supported Devices |
Model Number |
---|---|---|
Application Security, Intrusion Prevention Signatures, Enhanced Web Filtering, Antivirus and Sky Advanced Threat Prevention (1 year, 3 years and 5 years subscription) |
SRX5400 |
SRX5400-ATP-BUN-1 SRX5400-ATP-BUN-3 SRX5400-ATP-BUN-5 |
Application Security, Intrusion Prevention Signatures, Enhanced Web Filtering, Antivirus and Antispam (1 year, 3 years and 5 years subscription) |
SRX5400 |
SRX5400-CS-BUN-1 SRX5400-CS-BUN-3 SRX5400-CS-BUN-5 |
Sky Advanced Threat Prevention Threat Intelligence Feeds only (1 year, 3 years and 5 years subscription) |
SRX5400 |
SRX5400-THRTFEED-1 SRX5400-THRTFEED-3 SRX5400-THRTFEED-5 |
Application Security and Intrusion Prevention Signature (1 year, 3 years and 5 years subscription) |
SRX5400 |
SRX5400-APPSEC-1 SRX5400-APPSEC-3 SRX5400-APPSEC-5 |
Sky Advanced Threat Protection (1 year, 3 years and 5 years subscription) |
SRX5400 |
SRX5400-ATP-1 SRX5400-ATP-3 SRX5400-ATP-5 |
Logical System License (1, 5, and 25 Incremental) |
SRX5400 |
SRX-5400-LSYS-1 SRX-5400-LSYS-5 SRX-5400-LSYS-25 |
Enhanced Web Filtering (1 year, 3 years and 5 years subscription) |
SRX5400 |
SRX5400-W-EWF-1 SRX5400-W-EWF-3 SRX5400-W-EWF-5 |
Intrusion Detection and Prevention (1 year, 3 years and 5 years subscription) |
SRX5400 |
SRX5K-IDP SRX5K-IDP-3 SRX5K-IDP-5 |
Specs
System Performance
Firewall throughput | 270 Gbps |
Firewall Latency | -32 us |
Firewall IMIX | 270 Gbps |
Concurrent connections | 91.000.000 |
New connections/sec | 1.700.000 |
IPS throughput | 230 Gbps |
NGFW Throughput | 100 Gbps |
IPSec VPN throughput | 140 Gbps |
Physical interfaces
GE SFP Slots | 40 x 10 GbE SFP+ or 12 x QSFP28 multirate |
Dimensions & Enviroment
Dimensions Width x Depth x Height (inches) | 17.45 x 8.7 x 24.5 inches |
Dimensions Height x Width x Length (mm) | 44.3 x 22.1 x 62.2 cm |
Weight | 128 lbs (58.1 kg) |
Power supply | 100-240 VAC |
Power Consumption | 4100W |
Operating Temperature | 41-104 F |
Humidity | 5-85% non-condensing |
Certifications | UL 60950-1, FCC Class B, TIA-968, ICES Class B, CS-03, AS/NZS 60950-1, AS/NZS CISPR22 Class B, AS/ACIF S 002, S 016, S 043.1, S 043.2, PTC 217, PTC 273, VCCI Class B, EN 300 386, CTR 12/13, CTR 21 DoC, NIST FIPS-140-2 Level 2, ISO Common Criteria NDFP+TFFW EP, USGv6 |