Juniper SRX 5600
Juniper SRX 5600
The SRX5600 Services Gateway supports up to 60 Gbps firewall and 15 Gbps IPS, as well as 350,000 new connections per second and 9 million concurrent user sessions. Exhibiting extraordinary scalability, the SRX5600 Services Gateway is ideal for securing large enterprise data centers, service provider infrastructures, and next-generation services and applications, as well as enforcing unique per-zone security policies.
The SRX5600 Services Gateway uses the same SPCs and IOCs as the SRX5800 and can support up to 130 Gbps firewall and 60 Gbps IPS. The SRX5600 is ideally suited for securing enterprise data centers as well as aggregation of various security solutions. The capability to support unique security policies per zones and its ability to scale with the growth of the network infrastructure makes the SRX5600 an ideal deployment for consolidation of services in large enterprise, service provider, or mobile operator environments.
Juniper Networks SRX Series Services Gateways are next-generation security platforms based on a revolutionary architecture offering outstanding protection, performance, scalability, availability, and security service integration. Custom designed for flexible processing scalability, I/O scalability, and services integration, the SRX Series exceeds the security requirements of data center consolidation and services aggregation. The SRX Series is powered by Junos OS, the same industry-leading operating system platform that keeps the world’s largest networks available, manageable, and secure for the data center.
The Juniper Networks SRX5400, SRX5600, and SRX5800 Services Gateways are next-generation security platforms based on a revolutionary architecture that provides marketleading performance, scalability, and service integration. These devices are ideally suited for service provider, large enterprise, and public sector networks, including:
+ Cloud and hosting provider data centers
+ Mobile operator environments
+ Managed service providers
+ Core service provider infrastructures
+ Large enterprise data centers
Based on Juniper’s dynamic services architecture, the SRX5000 line provides unrivaled scalability and performance. Each services gateway can support near linear scalability, with the addition of Services Processing Cards (SPCs) enabling a fully equipped SRX5800 to support up to 300 Gbps firewall throughput. The SPCs are designed to support a wide range of services, enabling future support of new capabilities without the need for servicespecific hardware. Using SPCs on all services ensures that there are no idle resources based on specific services being used—maximizing hardware utilization.
The scalability and flexibility of the SRX5000 line is supported by equally robust interfaces. The SRX5000 line employs a modular approach to interfaces, where each platform can be equipped with a flexible number of input/output cards (IOCs) that offer a wide range of connectivity options—from 1GbE to 100GbE interfaces. With the IOCs sharing the same interface slot as the SPCs, the gateway can be configured as needed to support the ideal balance of processing and I/O. Hence, each deployment of the SRX Series can be tailored to specific network requirements. With this flexibility, the SRX5800 can be configured to support more than 400GbE ports, or 220 10GbE, 22 100GbE, or 44 40GbE ports.
The scalability of both SPCs and IOCs in the SRX5000 line is enabled by the custom designed switch fabric. Supporting up to 960 Gbps of data transfer, the fabric enables realization of maximum processing and I/O capability available in any particular configuration. This level of scalability and flexibility facilitates future expansion and growth of the network infrastructure, providing unrivaled investment protection.
The tight service integration on the SRX Series is enabled by Juniper Networks Junos operating system. By combining the routing heritage of Junos OS and the security heritage of ScreenOS, the SRX Series is equipped with a robust list of services that include firewall, intrusion prevention system (IPS), denial of service (DoS), application security, Network Address Translation (NAT), and quality of service (QoS). In addition to the benefit of individual services, incorporating multiple security and networking services within one OS greatly optimizes the flow of traffic through the platform. Network traffic no longer needs to be routed across multiple data paths/cards or even disparate operating systems within a single gateway.
Junos OS also delivers carrier-class reliability to the already redundant SRX Series. The SRX Series enjoys the benefit of a single source OS, and single integrated architecture traditionally available on Juniper’s carrier-class routers and switches.
Specification
STT | Model | SRX5600 |
1 | Performance and Capacity | |
Junos OS version tested | Junos OS 18.2 | |
Firewall performance, IMIX | 480 Gbps | |
Express Path Firewall Performance, IMIX | 240 Gbps per IOC3 480 Gbps per IOC4 | |
Next-Generation Firewall Performance | 210 Gbps | |
Latency (stateful firewall) | ~32µsec | |
AES256+SHA-1 IMIX VPN performance | 120 Gbps | |
Maximum IPsec power mode performance (IKEv2 AES256, IMIX) | 280 Gbps | |
Maximum IPS performance | 460 Gbps | |
Maximum concurrent sessions | 182,000,000 | |
New sessions/second (sustained, tcp, 3way, firewall NAT) | 3.4/2 Million | |
IPSec VPN (Site-to-site & Tunel Intterfaces) | 15,000 | |
Maximum user supported | Unrestricted | |
2 | Network Connectivity | |
Maximum available slots for IOCs | 5 | |
IOC4 options (SRX5K-IOC4-MRAT; SRX5K-IOC4-10G) | 40x10GbE SFP+ or 12xQSFP+/QSFP28 multirate | |
IOC3 options (SRX5K-MPC3-100G10G; SRX5K-MPC3-40G10G) | 2x100GbE CFP2 and 4x10GbE SFP+ or 6x40GbE QSFP+ and 24x10GbE SFP+ | |
IOC2 options (SRX5K-MPC) | Supports 2 pluggable MIC modules per card. MICs can be mixed from the following models: 20 x 1GbE SFP (SRX-MIC-20GE-SFP) 10 x 10GbE SFP+ (SRX-MIC-10XG-SFPP) 2 x 40GbE QSFP (SRX-MIC-2X40G-QSFP) 1 x 100GbE CFP (SRX-MIC-1X100G-CFP) | |
3 | Processing Scalability | |
Maximum available slots for SPCs | 5 | |
Services Process Card (SPC) options | SPC3: Quad 14 core Intel CPU complexes | |
4 | Virtualization | |
Maximum custom routing instances with data plane separation | 2000 | |
Maximum security zones | 2000 | |
Maximum virtual firewalls with data plane and administrative separation (logical/tenant systems) | 500 | |
Additional off-platform virtual firewall option with Juniper Networks vSRX Virtual Firewall (VM based) | Unlimited | |
Maximum number of VLANs | 4096 | |
5 | Dimensions and Power | |
Dimensions (W x H x D) | 17.5 x 14 x 23.8 in (44.5 x 35.6 x 60.5 cm) | |
Weight | Fully Configured: 180 lb (81.7 kg) | |
Power supply (AC) | 100 to 240 VAC | |
Power supply (DC) | -40 to -60 VDC | |
Maximum power | 4,100 W (AC high capacity) | |
Typical Power | 2440 W | |
6 | Environmental | |
Operating temperature – long term | 41° to 104° F (5° to 40° C) | |
Operating temperature – short term | 23° to 131° F (-5° to 55° C) | |
Humidity – long term | 5% to 85% noncondensing | |
Humidity – short term | 5% to 93% noncondensing but not to exceed 0.026 kg water/kg of dry air | |
7 | Certifications | |
Safety certifications | Yes | |
Electromagnetic Compatibility (EMC) certifications | Yes | |
RoHS2 Compliant (European Directive 2011/65/EU) | Yes |
Subscriptions
Licensed Software Feature |
Supported Devices |
Model Number |
---|---|---|
Application Security, Intrusion Prevention Signatures, Enhanced Web Filtering, Antivirus and Sky Advanced Threat Prevention (1 year, 3 years and 5 years subscription) |
SRX5600 |
SRX5600-ATP-BUN-1 SRX5600-ATP-BUN-3 SRX5600-ATP-BUN-5 |
Application Security, Intrusion Prevention Signatures, Enhanced Web Filtering, Antivirus and Antispam (1 year, 3 years and 5 years subscription) |
SRX5600 |
SRX5600-CS-BUN-1 SRX5600-CS-BUN-3 SRX5600-CS-BUN-5 |
Sky Advanced Threat Prevention Threat Intelligence Feeds only (1 year, 3 years and 5 years subscription) |
SRX5600 |
SRX5600-THRTFEED-1 SRX5600-THRTFEED-3 SRX5600-THRTFEED-5 |
Application Security and Intrusion Prevention Signature (1 year, 3 years and 5 years subscription) |
SRX5600 |
SRX5600-APPSEC-A-1 SRX5600-APPSEC-A-3 SRX5600-APPSEC-A-5 |
Sky Advanced Threat Protection (1 year, 3 years and 5 years subscription) |
SRX5600 |
SRX5600-ATP-1 SRX5600-ATP-3 SRX5600-ATP-5 |
Logical System License (1, 5, and 25 Incremental) |
SRX5600 |
SRX-5600-LSYS-1 SRX-5600-LSYS-5 SRX-5600-LSYS-25 |
Enhanced Web Filtering (1 year, 3 years and 5 years subscription) |
SRX5600 |
SRX5600-W-EWF-1 SRX5600-W-EWF-3 SRX5600-W-EWF-5 |
Intrusion Detection and Prevention (1 year, 3 years and 5 years subscription) |
SRX5600 |
SRX5K-IDP SRX5K-IDP-3 SRX5K-IDP-5 |
Specs
System Performance
Firewall throughput | 480 Gbps |
Firewall Latency | -32 us |
Firewall IMIX | 480 Mbps |
Concurrent connections | 182.000.000 |
New connections/sec | 3.400.000 |
IPS throughput | 460 Gbps |
NGFW Throughput | 210 Gbps |
IPSec VPN throughput | 280 Gbps |
Physical interfaces
GE SFP Slots | 40x10GbE SFP+ or 12xQSFP+/QSFP28 multirate |
Dimensions & Enviroment
Dimensions Width x Depth x Height (inches) | 17.5 x 14 x 23.8 inches |
Dimensions Height x Width x Length (mm) | 44.5 x 35.6 x 60.5 cm |
Weight | 180 lbs (81.7 kg) |
Power supply | 100-240 VAC |
Power Consumption | 4100W |
Operating Temperature | 41-104 F |
Humidity | 5-85% non-condensing |
Certifications | UL 60950-1, FCC Class B, TIA-968, ICES Class B, CS-03, AS/NZS 60950-1, AS/NZS CISPR22 Class B, AS/ACIF S 002, S 016, S 043.1, S 043.2, PTC 217, PTC 273, VCCI Class B, EN 300 386, CTR 12/13, CTR 21 DoC, NIST FIPS-140-2 Level 2, ISO Common Criteria NDFP+TFFW EP, USGv6 |