Juniper SRX4100 Firewall
ASK FOR PRICE
Description
Product Overview
The SRX4100 and SRX4200 Firewalls offer outstanding protection, performance, scalability, availability, and integrated security services. Designed for high-performance security services architectures and seamless integration of networking and security in a single platform, the SRX4100 and SRX4200 are best suited for enterprise data centers, campuses, and regional headquarters, with a focus on application visibility and control, intrusion prevention, advanced threat protection, authentication, confidentiality of information, and integrated cloud-based security. Both devices are powered by Junos OS, the industry-leading operating system that keeps the world’s largest mission-critical enterprise networks secure.
Product Description
The Juniper Networks® SRX4100 and SRX4200 Firewalls are high-performance, next-generation firewalls and hardware-accelerated security services gateways that protect mission-critical data center networks, enterprise campuses, and regional headquarters. The SRX4100 and SRX4200 provide best-in-class security and advanced threat mitigation capabilities and integrate carrier-class routing.
The SRX4100 and SRX4200 deliver fully automated SD-WAN to both enterprises and service providers. Their high performance and scale allow the SRX4100 and SRX4200 to act as VPN hubs, terminating VPN/secure overlay connections in various SD-WAN topologies.
The SRX4100 and SRX4200 deliver a next-generation security solution that supports the changing needs of cloud-enabled enterprise networks, helping organizations realize their business objectives whether rolling out new services in an enterprise data center or campus, or connecting to the cloud. The SRX4100 and SRX4200 comply with industry standards, delivering the scalability, ease of management, secure connectivity, and advanced threat mitigation capabilities businesses need.
The SRX4100 and SRX4200 protect critical corporate assets such as next-generation firewalls, act as enforcement points for cloud-based security solutions, and provide application visibility and control to improve the user and application experience.
Architecture and Key Components
The SRX4100 and SRX4200 hardware and software architecture provides cost-effective security performance in a small 1 U form factor. Purpose-built to protect up to 40 Gbps Internet Mix (IMIX) firewall throughput network environments, the SRX4100 and SRX4200 incorporate multiple security services and networking functions on top of the industry-leading Juniper Networks Junos® operating system.
The SRX4100 supports up to 22 Gbps (IMIX) of firewall performance, 9 Gbps of next- generation firewall (application security, intrusion prevention, and logging), and 14.8 Gbps of IPsec VPN in data center, enterprise campus, and regional headquarter deployments with IMIX traffic patterns. The SRX4200 supports up to 44 Gbps of firewall performance, 18 Gbps of next-generation firewall, and up to 29.6 Gbps of IPsec VPN in data center, enterprise campus, and regional headquarter deployments with IMIX traffic patterns.
Table 1. SRX4100 and SRX4200 Statistics¹
| 1Performance, capacity and features listed are based on systems running Junos OS 21.4R1 and are measured under ideal testing conditions. Actual results may vary based on Junos OS releases and by deployments. | ||
| 2Next-Generation Datacenter Firewall performance is measured with Firewall, Application Security and IPS enabled using 64KB transactions | ||
| 3Secure Web Access Firewall performance is measured with Firewall, Application Security, IPS, SecIntel, and URL Filtering enabled using 64KB transactions | ||
| SRX4100 | SRX4200 | |
| Firewall throughput | 40 Gbps | 80 Gbps |
| Firewall throughput—IMIX | 22 Gbps | 44 Gbps |
| Firewall throughput with application security | 19.9 Gbps | 39.8 Gbps |
| IPsec VPN throughput-IMIX | 14.8 Gbps | 29.6 Gbps |
| Intrusion prevention | 13.9 Gbps | 27.7 Gbps |
| NGFW2 throughput | 9 Gbps | 18 Gbps |
| Secure Web Access3 throughput | 6.7 Gbps | 13.3 Gbps |
| Connections per second | 250000 | 500000 |
| Maximum session | 5 million | 10 million |
The SRX4100 and SRX4200 recognize more than 4,275 applications and nested applications in plain-text or SSL-encrypted transactions. The firewalls also integrate with Microsoft Active Directory and combine user information with application data to provide network-wide application and user visibility and control.
Features and Benefits
Table 2. SRX4100 and SRX4200 Features and Benefits
| Business Requirement | Feature/Solution | SRX4100/SRX4200 Advantages |
| High performance | Up to 80 Gbps of firewall throughput (up to 40 Gbps of IMIX firewall throughput) |
|
| High-quality end-user experience | Application visibility and control |
|
| Advanced threat protection | IPS, antivirus, antispam, enhanced web filtering, Juniper Advanced Threat Prevention Cloud, Encrypted Traffic Insights, Threat Intelligence Feeds, and Juniper ATP Appliance |
|
| Professional-grade networking services | Routing, secure wire |
|
| Highly secure | IPsec VPN, Remote Access/SSL VPN |
|
| Highly reliable | Chassis cluster, redundant power supplies |
|
| Easy to manage and scale | On-box GUI, Junos Space Security Director |
|
| Low TCO | Junos OS |
|
SRX4100 and SRX4200 Firewalls Specifications
Software Specifications
Firewall Services
- Stateful and stateless firewall
- Zone-based firewall
- Screens and distributed denial of service (DDoS) protection
- Protection from protocol and traffic anomalies
- Unified Access Control (UAC)
Network Address Translation (NAT)
- Source NAT with Port Address Translation (PAT)
- Bidirectional 1:1 static NAT
- Destination NAT with PAT
- Persistent NAT
- IPv6 address translation
VPN Features
- Tunnels: Site-to-site, hub and spoke, dynamic endpoint, AutoVPN, ADVPN, Group VPN (IPv4/ IPv6/Dual Stack)
- Juniper Secure Connect: Remote access/SSL VPN
- Configuration payload: Yes
- IKE Encryption algorithms: Prime, DES-CBC, 3DES-CBC, AEC-CBC, AES-GCM, Suite B
- IKE authentication algorithms: MD5, SHA-1, SHA-128, SHA-256, SHA-384
- Authentication: Pre-shared key and public key infrastructure (PKI) (X.509)
- IPsec (Internet Protocol Security): Authentication Header (AH) / Encapsulating Security Payload (ESP) protocol
- IPsec Authentication Algorithms: hmac-md5, hmac-sha-196, hmac-sha-256
- IPsec Encryption Algorithms: Prime, DES-CBC, 3DES-CBC, AEC-CBC, AES-GCM, Suite B
- Perfect forward secrecy, anti-reply
- Internet Key Exchange: IKEv1, IKEv2
- Monitoring: Standard-based dead peer detection (DPD) support, VPN monitoring
- VPNs GRE, IP-in-IP, and MPLS
High Availability Features
- Virtual Router Redundancy Protocol (VRRP) – IPv4 and IPv6
- Stateful high availability:
- Dual box clustering
- Active/passive
- Active/active
- Configuration synchronization
- Firewall session synchronization
- Device/link detection
- In-Service Software Upgrade (ISSU)
- IP monitoring with route and interface failover
Application Security Services3
- Application visibility and control
- Application-based firewall
- Application QoS
- Advanced/application policy-based routing (APBR)
- Application Quality of Experience (AppQoE)
- Application-based multipath routing
- User-based firewall
Threat Defense and Intelligence Services3
- Intrusion prevention system
- Antivirus
- Antispam
- Category/reputation-based URL filtering
- SSL proxy/inspection
- Protection from botnets (command and control)
- Adaptive enforcement based on GeoIP
- Juniper Advanced Threat Prevention, a cloud-based SaaS offering, to detect and block zero-day attacks
- Adaptive Threat Profiling
- Encrypted Traffic Insights
- SecIntel to provide threat intelligence
- Juniper ATP Appliance, a distributed, on-premises advanced threat prevention solution to detect and block zero-day attacks
Routing Protocols
- IPv4, IPv6, static routes, RIP v1/v2
- OSPF/OSPF v3
- BGP with route reflector
- IS-IS
- Multicast: Internet Group Management Protocol (IGMP) v1/v2; Protocol Independent Multicast (PIM) sparse mode (SM)/source-specific multicast (SSM); Session Description Protocol (SDP); Distance Vector Multicast Routing Protocol (DVMRP); Multicast Source Discovery Protocol (MSDP); reverse path forwarding (RPF)
- Encapsulation: VLAN, Point-to-Point Protocol over Ethernet (PPPoE)
- Virtual routers
- Policy-based routing, source-based routing
- Equal-cost multipath (ECMP)
QoS Features
- Support for 802.1p, DiffServ code point (DSCP), EXP
- Classification based on VLAN, data-link connection identifier (DLCI), interface, bundles, or multifield filters
- Marking, policing, and shaping
- Classification and scheduling
- Weighted random early detection (WRED)
- Guaranteed and maximum bandwidth
- Ingress traffic policing
- Virtual channels
Network Services
- Dynamic Host Configuration Protocol (DHCP) client/server/relay
- Domain Name System (DNS) proxy, dynamic DNS (DDNS)
- Juniper real-time performance monitoring (RPM) and IP monitoring
- Juniper flow monitoring (J-Flow)
Advanced Routing Services
- Packet Mode
- MPLS (RSVP, LDP)
- Circuit cross-connect (CCC), translational cross-connect (TCC)
- L2/L2 MPLS VPN, pseudo-wires
- Virtual private LAN service (VPLS), next-generation multicast VPN (NG-MVPN)
- MPLS traffic engineering and MPLS fast re-route
Management, Automation, Logging, and Reporting
- SSH, Telnet, SNMP
- Smart image download
- Juniper CLI and Web UI
- Juniper Networks Junos Space Security Director
- Python
- Junos events, commit and OP scripts
- Application and bandwidth usage reporting
- Debug and troubleshooting tools
Hardware Specifications
Table 3. SRX4100 and SRX4200 Hardware Specifications
| 4Throughput numbers based on UDP packets and RFC2544 test methodology | ||
| 5Performance, capacity and features listed are measured under ideal testing conditions. Actual results may vary based on Junos OS releases and by deployments. | ||
| 6Next-Generation Datacenter Firewall performance is measured with Firewall, Application Security and IPS enabled using 64KB transactions. | ||
| 7Secure Web Access Firewall performance is measured with Firewall, Application Security, IPS, SecIntel, and URL Filtering enabled using 64KB transactions | ||
| Connectivity | SRX4100 | SRX4200 |
| Total onboard ports | 8x1GbE/10GbE | 8x1GbE/10GbE |
| Onboard small form-factor pluggable plus (SFP+) transceiver ports | 8x1GbE/10GbE | 8x1GbE/10GbE |
| Out-of-Band (OOB) management ports | 1x1GbE | 1x1GbE |
| Dedicated high availability (HA) ports | 2x1GbE/10GbE (SFP/SFP+) | 2x1GbE/10GbE (SFP/SFP+) |
| Console (RJ-45) | 1 | 1 |
| USB 2.0 ports (type A) | 2 | 2 |
| Memory and Storage | ||
| System memory (RAM) | 64 GB | 64 GB |
| Secondary storage (SSD) | 240 GB with 1+1 RAID | 240 GB with 1+1 RAID |
| Dimensions and Power | ||
| Form factor | 1 U | 1 U |
| Size (WxHxD) | 17.48 x 1.7 x 25 in (44.39 x 4.31 x 63.5 cm) |
17.48 x 1.7 x 25 in (44.39 x 4.31 x 63.5 cm) |
| Weight (device and PSU) | Chassis with two AC power supplies: 29 lb (13.15 kg) Chassis with two DC power supplies: 28.9 lb (13.06 kg) Chassis with package for shipping: 47.5 lb (21.54 kg) |
Chassis with two AC power supplies: 29 lb (13.15 kg) Chassis with two DC power supplies: 28.9 lb (13.06 kg) Chassis with package for shipping: 47.5 lb (21.54 kg) |
| Redundant PSU | 1+1 | 1+1 |
| Power supply | 2x 650 W redundant AC-DC/DC-DC PSU |
2x 650 W redundant AC-DC/DC-DC PSU |
| Average power consumption | 200 W | 200 W |
| Average heat dissipation | 685 BTU / hour | 685 BTU / hour |
| Maximum current consumption | 4A (for 110 V AC power) 2A (for 220 V AC power) 9A (for -48 V DC power) |
4A (for 110 V AC power) 2A (for 220 V AC power) 9A (for -48 V DC power) |
| Maximum inrush current | 50 A by 1 AC cycle | 50 A by 1 AC cycle |
| Acoustic noise level | 70 dBA | 70 dBA |
| Airflow/cooling | Front to back | Front to back |
| Operating temperature | 32° to 104° F (0° to 40° C) |
32° to 104° F (0° to 40° C) |
| Operating humidity | 5% to 90% noncondensing | 5% to 90% noncondensing |
| Meantime between failures (MTBF) | 221,729 hours (about 25.3 years) | 221,729 hours (about 25.3 years) |
| FCC classification | Class A | Class A |
| RoHS compliance | RoHS 2 | RoHS 2 |
| Performance and Scale | ||
| Routing/firewall (IMIX packet size) throughput Gbps4 | 22.5 | 44 |
| Routing/firewall (1,518 B packet size) throughput Gbps4 | 40 | 80 |
| IPsec VPN (IMIX packet size) Gbps4 | 14.8 | 29.6 |
| Application visibility and control in Gbps5 | 19.9 | 39.8 |
| Recommended IPS in Gbps5 | 13.9 | 27.7 |
| Next-generation firewall in Gbps6 | 9 | 18 |
| Secure Web Access firewall in Gbps7 | 6.7 | 13.3 |
| Connections per second (CPS) | 280,000 | 560,000 |
| Maximum security policies | 60,000 | 60,000 |
| Maximum concurrent sessions (IPv4 or IPv6) | 5 million | 10 million |
| Route table size (RIB/FIB) (IPv4) | 2 million/1.2 million | 2 million/1.2 million |
| IPsec tunnels | 7500 | 7500 |
| Number of remote access/SSL VPN (concurrent) users | 7500 | 7500 |
| Multitenancy (LSYS/TSYS) | 32/200 | 32/200 |
Juniper Networks Services and Support
Juniper Networks is the leader in performance-enabling services designed to accelerate, extend, and optimize your high-performance network. Our services allow you to maximize operational efficiency while reducing costs and minimizing risk, achieving a faster time to value. Juniper Networks ensures operational excellence by optimizing the network to maintain required levels of performance, reliability, and availability. For more details, please visit https://www.juniper.net/us/en/products.html.
Ordering Information
To order Juniper Networks SRX Series Firewalls, and to access software licensing information, please visit the How to Buy page at https://www.juniper.net/us/en/how-to-buy/form.html.
| 6Based on concurrent users; two free licenses included | ||
| SRX4100-SYS-JB | SRX4200-SYS-JB | |
| Hardware | Included | Included |
| Management (CLI, JWEB, SNMP, Telnet, SSH) | Included | Included |
| L2 Transparent, Secure Wire | Included | Included |
| Routing (RIP, OSPF, BGP, Virtual router) | Included | Included |
| Multicast (IGMP, PIM, SSDP, DMVRP) | Included | Included |
| Packet Mode | Included | Included |
| Overlay (GRE, IP-IP) | Included | Included |
| Network Services (J-Flow, DHCP, QoS, BFD) | Included | Included |
| Stateful Firewall, Screens, ALGs | Included | Included |
| NAT (static, SNAT, DNAT) | Included | Included |
| IPsec VPN (Site-Site VPN, Auto VPN, Group VPN) | Included | Included |
| Remote access/SSL VPN (concurrent users)6 | Optional | Optional |
| Firewall policy enforcement (UAC, Aruba CPPM) | Included | Included |
| Chassis Cluster, VRRP, ISSU | Included | Included |
| Automation (Junos scripting, auto-installation) | Included | Included |
| GPRS/GTP/SCTP | Included | Included |
| MPLS, LDP, RSVP, L3 VPN, pseudo-wires, VPLS | Included | Included |
| Application Security (AppID, AppFW, AppQoS, AppQoE, AppRoute) | Optional | Optional |
Base System
| Product Number | Description |
| SRX4100-SYS-JB-AC | SRX4100 Firewall includes hardware (8x10GbE, two AC PSUs, four fan trays, cables, and RMK) and Junos Software Base (firewall, NAT, IPsec, routing, MPLS) |
| SRX4100-SYS-JB-DC | SRX4100 Firewall includes hardware (8x10GbE, two DC PSUs, four fan trays, cables, and RMK) and Junos Software Base (firewall, NAT, IPsec, routing, MPLS) |
| SRX4200-SYS-JB-AC | SRX4200 Firewall includes hardware (8x10GbE, two AC PSUs, four fan trays, cables, and RMK) and Junos Software Base (firewall, NAT, IPsec, routing, MPLS) |
| SRX4200-SYS-JB-DC | SRX4200 Firewall includes hardware (8x10GbE, two DC PSUs, four fan trays, cables, and RMK) and Junos Software Base (firewall, NAT, IPsec, routing, MPLS) |
Accessories
| Product Number | Description |
| SRX4200-RMK | SRX4100/SRX4200 rack mount kit – rail |
| JPSU-650W-AC-AFO | Juniper 650W AC PSU, port side FRU side flow |
| JPSU-650W-DC-AFO | Juniper 650W DC PSU, port side FRU side flow |
| SRX4200-FAN | SRX4100/SRX4200 fan unit |
SRX4100 Performance Upgrade License
| 7The performance upgrade SKU for the SRX4100 requires the purchase of an SRX4200 support contract. | |
| Product Number | Description |
| SRX4100-E-P-UPG7 | SRX4100 Enhanced Performance Upgrade license; includes an upgrade to firewall IMIX performance (up to 20G IMIX to the base 20G IMIX firewall throughput supported on SRX4100 base SKU) and application security |
Advanced Security Services Subscription Licenses
| Product Number | Description |
| S-SRX4100-A1-1 | SW, A1, IPS, AppSecure, content security, 1 year |
| S-SRX4100-A2-1 | SW, A2, IPS, AppSecure, URL filtering, cloud anti-virus/anti-spam, content security, 1 year |
| S-SRX4100-A3-1 | SW, A3, IPS, AppSecure, URL filtering, on box anti-virus, content security, 1 year |
| S-SRX4100-A1-3 | SW, A1, IPS, AppSecure, content security, 3 year |
| S-SRX4100-A2-3 | SW, A2, IPS, AppSecure, URL filtering, cloud anti-virus/anti-spam, content security, 3 year |
| S-SRX4100-A3-3 | SW, A3, IPS, AppSecure, URL filtering, on box anti-virus, content security, 3 year |
| S-SRX4100-A1-5 | SW, A1, IPS, AppSecure, content security, 5 year |
| S-SRX4100-A2-5 | SW, A2, IPS, AppSecure, URL filtering, cloud anti-virus/anti-spam, content security, 5 year |
| S-SRX4100-A3-5 | SW, A3, IPS, AppSecure, URL filtering, on box anti-virus, content security, 5 year |
| S-SRX4100-P1-1 | SW, P1, IPS, AppSecure, ATP, content security, 1 year |
| S-SRX4100-P2-1 | SW, P2, IPS, AppSecure, URL filtering, cloud anti-virus/anti-spam, ATP, content security, 1 year |
| S-SRX4100-P3-1 | SW, P3, IPS, AppSecure, URL filtering, on box anti-virus, ATP, content security, 1 year |
| S-SRX4100-P1-3 | SW, P1, IPS, AppSecure, ATP, content security, 3 year |
| S-SRX4100-P2-3 | SW, P2, IPS, AppSecure, URL filtering, cloud anti-virus/anti-spam, ATP, content security, 3 year |
| S-SRX4100-P3-3 | SW, P3, IPS, AppSecure, URL filtering, on box anti-virus, ATP, content security, 3 year |
| S-SRX4100-P1-5 | SW, P1, IPS, AppSecure, ATP, content security, 5 year |
| S-SRX4100-P2-5 | SW, P2, IPS, AppSecure, URL filtering, cloud anti-virus/anti-spam, ATP, content security, 5 year |
| S-SRX4100-P3-5 | SW, P3, IPS, AppSecure, URL filtering, on box anti-virus, ATP, content security, 5 year |
| S-SRX4200-A1-1 | SW, A1, IPS, AppSecure, content security, 1 year |
| S-SRX4200-A2-1 | SW, A2, IPS, AppSecure, URL filtering, cloud anti-virus/anti-spam, content security, 1 year |
| S-SRX4200-A3-1 | SW, A3, IPS, AppSecure, URL filtering, on box anti-virus, content security, 1 year |
| S-SRX4200-A1-3 | SW, A1, IPS, AppSecure, content security, 3 year |
| S-SRX4200-A2-3 | SW, A2, IPS, AppSecure, URL filtering, cloud anti-virus/anti-spam, content security, 3 year |
| S-SRX4200-A3-3 | SW, A3, IPS, AppSecure, URL filtering, on box anti-virus, content security, 3 year |
| S-SRX4200-A1-5 | SW, A1, IPS, AppSecure, content security, 5 year |
| S-SRX4200-A2-5 | SW, A2, IPS, AppSecure, URL filtering, cloud anti-virus/anti-spam, content security, 5 year |
| S-SRX4200-A3-5 | SW, A3, IPS, AppSecure, URL filtering, on box anti-virus, content security, 5 year |
| S-SRX4200-P1-1 | SW, P1, IPS, AppSecure, ATP, content security, 1 year |
| S-SRX4200-P2-1 | SW, P2, IPS, AppSecure, URL filtering, cloud anti-virus/anti-spam, ATP, content security, 1 year |
| S-SRX4200-P3-1 | SW, P3, IPS, AppSecure, URL filtering, on box anti-virus, ATP, content security, 1 year |
| S-SRX4200-P1-3 | SW, P1, IPS, AppSecure, ATP, content security, 3 year |
| S-SRX4200-P2-3 | SW, P2, IPS, AppSecure, URL filtering, cloud anti-virus/anti-spam, ATP, content security, 3 year |
| S-SRX4200-P3-3 | SW, P3, IPS, AppSecure, URL filtering, on box anti-virus, ATP, content security, 3 year |
| S-SRX4200-P1-5 | SW, P1, IPS, AppSecure, ATP, content security, 5 year |
| S-SRX4200-P2-5 | SW, P2, IPS, AppSecure, URL filtering, cloud anti-virus/anti-spam, ATP, content security, 5 year |
| S-SRX4200-P3-5 | SW, P3, IPS, AppSecure, URL filtering, on box anti-virus, ATP, content security, 5 year |
