Data Sheet

SRX550M SERVICES GATEWAY

Product Description
Juniper Networks® SRX550M Services Gateway delivers a next-generation secure SD-
WAN and security solution that supports the changing needs of cloud-enabled enterprise
networks. Whether rolling out new services and applications across locations, connecting
to the cloud, or trying to achieve operational efficiency, the SRX550M helps organizations
realize their business objectives while providing scalable, easy to manage, secure
connectivity and advanced threat mitigation capabilities. Next-generation firewall (NGFW)
Product Overview and advanced security also make it easier to detect and proactively mitigate threats to
improve the user and application experience.
The SRX550M Services
Gateway combines security, SD- Architecture and Key Components
WAN, routing, switching, and The SRX550M Services Gateway is a secure router that brings high performance and
WAN interfaces with next-
proven deployment capabilities to enterprises building a worldwide network composed of
generation firewall and
thousands of remote sites. WAN or Internet connectivity module options include:
advanced threat mitigation
capabilities for secure, cost- • Ethernet, serial, T1/E1, ADSL2/2+, and VDSL
effective connectivity across • 3G/4G LTE wireless
distributed enterprise locations. • 802.11ac Wave 2 Wi-Fi

By consolidating fast, highly Industry-best, high-performance IPsec VPN solutions provide comprehensive encryption
available switching, routing, and authentication capabilities to secure intersite communications. Multiple form factors
security, and next-generation that offer Ethernet switching support on native Gigabit Ethernet ports allow cost-effective
firewall in a single device, choices for mission-critical deployments.
enterprises can remove network The SRX550M Services Gateway runs Junos® operating system, a proven, carrier-hardened
complexity, protect and
network OS that powers the top 100 service provider networks around the world. The
prioritize their resources, and
rigorously tested, carrier-class, rich routing features such as IPv4/IPv6, OSPF, BGP, and
improve user and application
multicast have been proven in over 15 years of worldwide deployments. The automation
experience while lowering total
and scripting capabilities of Junos OS and Junos Space® Security Director reduce
cost of ownership.
operational complexity and simplify the provisioning of new sites.
The SRX550M recognizes more than 3500 Layer 3-7 applications, including Web 2.0 and
evasive peer-to-peer (P2P) applications like Skype, torrents, and others. Correlating
application information with user contextual information, the SRX550M can generate
bandwidth usage reports, enforce access control policies, prioritize and rate-limit traffic
exiting WAN interfaces, and proactively secure remote sites. This optimizes resources in
the branch office and improves the application and user experience.

1
 SRX550M Services Gateway

Comprehensive Security Suite

Secure SD-WAN
At the perimeter, the SRX550M offers a comprehensive suite of
Along with Contrail® Service Orchestration, the SRX550M delivers
application security services, threat defenses, and intelligence
fully automated SD-WAN to both enterprises and service providers.
services. The services consist of intrusion prevention system (IPS),
A zero-touch provisioning (ZTP) capability greatly simplifies branch
application security user role-based firewall controls and cloud-
network connectivity for initial deployment and ongoing
based antivirus, antispam, and enhanced Web filtering, protecting
management. The SRX550M efficiently utilizes multiple links and
networks from the latest content-borne threats. Integrated threat
load-balances traffic across the enterprise WAN, blending
intelligence via Juniper Networks SecIntel offers adaptive threat
traditional MPLS with other connectivity options such as broadband
protection against Command and Control (C&C)-related botnets
Internet, leased lines, 4G/LTE, and more. Policy- and application-
and policy enforcement based on GeoIP. Customers can also
based forwarding capabilities enforce business rules created by the
leverage their own custom and third-party feeds for protection
enterprise to steer application traffic towards a preferred path.
from advanced malware and other threats.
WAN Assurance
Integrating the Juniper Advanced Threat Protection solution, the
Mist WAN Assurance is a cloud service that brings AI-powered
SRX550M detects and enforces automated protection against
automation and service levels to Juniper SRX Series Services
known malware and zero-day threats with a high degree of
Gateways, complementing the Juniper Secure SD-WAN solution. It
accuracy.
transforms IT operations from reactive troubleshooting to proactive
remediation, turning insights into actions, delivering operational Agile SecOps
simplicity with seamless integration into existing deployments. The SRX550M enables agile SecOps through automation
• SRX Series firewalls, deployed as secure SD-WAN edge capabilities that support zero-touch deployment (ZTD), Python
devices, provide the rich Junos streaming telemetry that scripts for orchestration, and event scripting for operational
provides the insights needed for WAN health metrics and management.
anomaly detection.
• This data is leveraged within the Mist Cloud and AI engine,
driving simpler operations, reducing mean time to repair, and
providing better visibility into end-user experiences.
• Insights derived from SRX Series SD-WAN gateway telemetry
data allows WAN Assurance to compute unique “User
Minutes” that indicate whether users are having a good
experience.

2
 SRX550M Services Gateway

Features and Benefits

Business Feature/Solution SRX550M Advantages
Requirement
High performance Up to 7 Gbps of routing and • Meets the needs of small, medium, and large branch office deployments
firewall performance • Addresses future needs for scale and feature capacity

Business continuity Stateful high availability (HA), IP • Uses stateful HA to synchronize configuration and firewall sessions
monitoring • Supports multiple WAN interface with dial-on-demand backup
• Performs route/link failover based on real-time link performance

SD-WAN Better end-user application and • ZTP simplifies remote device provisioning
cloud experience and lower • Orchestrates business intent policies across the enterprise WAN via centralized or local advanced policy-based routing (APBR)
operational costs
• Measures application service-level agreements (SLAs) and improves end-user experience through application quality of
experience (AppQoE)
• Detects 3500+ Layer 3-7 applications, including Web 2.0
• Inspects and detects applications in SSL-encrypted traffic
• Controls and prioritizes traffic based on application and user role

End-user experience WAN assurance • Provides AI-powered automation and service levels that complement the Juniper secure SD-WAN solution
• Provides visibility and insights into users, applications, WAN links, controls, and data plane CPU for proactive remediation

High security IPsec VPN, Media Access • Creates secure, reliable, and fast overlay link over public Internet
Control Security (MACsec) • Employs anti-counterfeit features to defend against unauthorized hardware spares
• Includes high-performance CPU with built-in hardware assist IPsec acceleration

Threat protection IPS, antivirus, antispam, Juniper • Enables zone-based stateful firewall by default
SecIntel, Juniper Advanced • Protects against malware and attacks with IPS and antivirus
Threat Prevention
• Integrates open threat intelligence platform with third-party feeds
• Defends against zero-day attacks

Easy management and On-box GUI, Security Director • Includes centralized management for autoprovisioning, firewall policy management, Network Address Translation (NAT), and
scale IPsec VPN deployments
• Includes simple, easy-to-use on-box GUI for local management

Minimal TCO Junos OS • Integrates routing, switching, and security in a single device
• Reduces operational expense with Junos OS automation capabilities

Protocol (DVMRP), Multicast Source Discovery Protocol

(MSDP), Reverse Path Forwarding (RPF)
• Encapsulation: VLAN, Point-to-Point Protocol (PPP), Frame
Relay, High-Level Data Link Control (HDLC), serial, Multilink
Point-to-Point Protocol (MLPPP), Multilink Frame Relay
(MLFR), and Point-to-Point Protocol over Ethernet (PPPoE)
• Virtual routers
• Policy-based routing, source-based routing
• Equal-cost multipath (ECMP)
SRX550M Specifications
Software Specifications QoS Features
Routing Protocols • Support for 802.1p, DiffServ code point (DSCP), EXP
• IPv4, IPv6, ISO, Connectionless Network Service (CLNS) • Classification based on VLAN, data-link connection identifier
• Static routes (DLCI), interface, bundles, or multifield filters
• RIP v1/v2 • Marking, policing, and shaping
• OSPF/OSPF v3 • Classification and scheduling
• BGP with route reflector • Weighted random early detection (WRED)
• IS-IS • Guaranteed and maximum bandwidth
• Multicast: Internet Group Management Protocol (IGMP) v1/v2, • Ingress traffic policing
Protocol Independent Multicast (PIM) sparse mode (SM)/dense • Virtual channels
mode (DM)/source-specific multicast (SSM), Session • Hierarchical shaping and policing
Description Protocol (SDP), Distance Vector Multicast Routing

3
 SRX550M Services Gateway

Switching Features Network Services

• ASIC-based Layer 2 forwarding • Dynamic Host Configuration Protocol (DHCP) client/server/
• MAC address learning relay
• VLAN addressing and integrated routing and bridging (IRB) • Domain Name System (DNS) proxy, dynamic DNS (DDNS)
support • Juniper real-time performance monitoring (RPM) and IP-
• Link aggregation and LACP monitoring
• Link Layer Discovery Protocol (LLDP) and Link Layer Discovery • Juniper flow monitoring (J-Flow)
Protocol–Media Endpoint Discovery (LLDP-MED) • Bidirectional Forwarding Detection (BFD)
• Spanning Tree Protocol (STP), Rapid Spanning Tree Protocol • Two-Way Active Measurement Protocol (TWAMP)
(RSTP), Multiple Spanning Tree Protocol (MSTP) • IEEE 802.3ah Link Fault Management (LFM)
• Multiple VLAN Registration Protocol (MVRP) • IEEE 802.1ag Connectivity Fault Management (CFM)
• 802.1X authentication
High Availability Features
Firewall Services • Virtual Router Redundancy Protocol (VRRP)1
• Stateful and stateless firewall • Stateful high availability
• Zone-based firewall • Dual box clustering
• Screens and distributed denial of service (DDoS) protection • Active/passive
• Protection from protocol and traffic anomaly • Active/active
• Integration with Pulse Unified Access Control (UAC) • Configuration synchronization
• Integration with Aruba Clear Pass Policy Manager • Firewall session synchronization
• User role-based firewall • Device/link detection
• SSL Inspection (forward-proxy) • In-Band Cluster Upgrade (ICU)
• Dial on-demand backup interfaces
Network Address Translation (NAT)
• IP monitoring with route and interface failover
• Source NAT with Port Address Translation (PAT)
• Bidirectional 1:1 static NAT GRE, IP-IP, J-Flow monitoring, and VRRP are not supported in stateful high availability mode.
1.

• Destination NAT with PAT Management, Automation, Logging, and Reporting

• Persistent NAT • SSH, Telnet, SNMP
• IPv6 address translation • Smart image download
• Juniper CLI and Web UI
VPN Features
• Junos Space and Security Director
• Tunnels: Generic routing encapsulation (GRE) 3, IP-IP3, IPsec • Python, PyEz, and Ansible modules
• Site-site IPsec VPN, auto VPN, group VPN • Junos OS event, commit, and OP script
• IPsec crypto algorithms: Data Encryption Standard (DES), triple • Application and bandwidth usage reporting
DES (3DES), Advanced Encryption Standard (AES-256), AES- • Auto installation
GCM • Debug and troubleshooting tools
• IPsec authentication algorithms: MD5, SHA-1, SHA-128, • ZTP with Contrail Service Orchestration
SHA-256
• Pre-shared key and public key infrastructure (PKI) (X.509) Advanced Routing Services
• Perfect forward secrecy, anti-reply • Packet mode
• IPv4 and IPv6 IPsec VPN • MPLS (RSVP, LDP)
• Multi-proxy ID for site-site VPN • Circuit cross-connect (CCC), translational cross-connect (TCC)
• Internet Key Exchange (IKEv1, IKEv2), NAT-T • L2/L3 MPLS VPN, pseudowires
• Virtual router and quality of service (QoS) aware • Virtual private LAN service (VPLS), next-generation multicast
• Standard-based dead peer detection (DPD) support VPN (NG-MVPN)
• VPN monitoring • MPLS traffic engineering and MPLS fast reroute

Application Security Services2

• Application visibility and control
• Application-based firewall

4
 SRX550M Services Gateway

• Application QoS • Maximum PoE power: 247 W redundant, or 494 W non-

redundant
Enhanced SD-WAN Services
• Average power consumption: 85 W
• Application-based advanced policy-based routing (APBR)
• Input frequency: 50-60 Hz
• Application quality of experience (AppQoE)
• Maximum current consumption: 7.5 A @ 100 VAC with single
• Application-based link monitoring and switchover with
PSU with PoE, 10.5 A @ 100 VAC with dual PSU with PoE
AppQoE
• Maximum inrush current: 45 A for half-cycle
Threat Defense and Intelligence Services2 • Average heat dissipation: 238 BTU/hr
• Intrusion prevention system (IPS) • Maximum heat dissipation: 1449 BTU/hr
• Antivirus • Redundant power supply (hot swappable): Yes (up to maximum
• Antispam capacity of single PSU)
• Category/reputation-based URL filtering • Acoustic noise level (per ISO 7779 Standard): 51.8 dB
• Juniper SecIntel to provide threat intelligence Environmental, Compliance, and Safety Certification
• Protection from botnets (command and control)
• Operational temperature: 32° to 104° F (0° to 40° C)
• Adaptive enforcement based on GeoIP
• Nonoperational temperature: 4° to 158° F, (-20° to 70° C)
• Juniper Advanced Threat Prevention to detect and block zero-
• Humidity (operating): 10% to 90% noncondensing
day attacks
• Humidity (nonoperating): 5% to 95% noncondensing
• Encrypted Traffic Analysis
• Mean time between failures (Telcordia model): 9.6 years with
2.
Offered as advanced security services subscription licenses. redundant power
Hardware Specifications • FCC classification: Class A
Network Connectivity • RoHS compliance: Yes
• Fixed I/O: 6 x 10/100/1000 BASE-T + 4 small form-factor Performance and Scale
pluggable transceivers (SFP transceivers)
• Firewall performance (large packets)3: 7 Gbps
• I/O slots: 2 x SRX Series Mini-PIM, 6 x Gigabit-Backplane
• Firewall performance (IMIX)3: 2 Gbps
Physical Interface Module (GPIM) or multiple GPIM and XPIM
• Firewall + routing pps (64 Byte)3: 700 Kpps
combinations
• Firewall performance (HTTP)4: 2 Gbps
• Services and Routing Engine slots: No
• IPsec VPN throughput (large packets): 1.0 Gbps
• WAN/LAN interface options: See ordering information
• IPsec VPN tunnels: 2000
• Maximum number of PoE ports (PoE optional on some SRX
• Application firewall4: 2.0 Gbps
Series models): Up to 40 ports of 802.3af/at with maximum
• Intrusion prevention system (IPS)4: 800 Mbps
247 W
• Antivirus: 300 Mbps (Sophos antivirus)
• USB: 2
• Connections per second: 27,000
Flash and Memory • Maximum concurrent sessions: 375,000
• Memory (DRAM): 4 GB • Maximum security policies: 8000
• Memory slots: 2 DIMM • Maximum users supported: Unrestricted
• Flash memory: 8 GB, CF internal • Route table size (RIB/FIB) (IPv4 or IPv6): 1.5 million/750,000
• USB port for external storage: Yes • NAT rules: 6144
• MAC table size: 15,000
Dimensions and Power
• Number of remote access users: 500
• Dimensions (W x H x D): 17.5 x 3.5 x 18.2 in (44.4 x 8.8 x 46.2 • GRE tunnels: 1500
cm) • Maximum number of security zones: 96
• Weight (device and power supply): 21.96 lb (9.96 kg) (no • Maximum number of virtual routers: 128
interface modules, 1 power supply) • Maximum number of VLANs: 3967
• Rack-mountable: Yes, 2 U • AppID sessions: 65,000
• Power supply (AC): 100-240 VAC, single 645 W or dual 645 • IPS sessions: 64,000
W • URL filtering (URLF) sessions: 64,000
3
Throughput numbers based on UDP packets and RFC2544 test methodology
4
Throughput numbers based on HTTP traffic with 44 KB transaction size

5
 SRX550M Services Gateway

Ordering Information Product Number Description

SRX-RAC-5-LTU Dynamic VPN Client: 5 simultaneous users
To order Juniper Networks SRX Series Services Gateways, and to
SRX-RAC-10-LTU Dynamic VPN Client: 10 simultaneous users
access software licensing information, please visit the How to Buy
SRX-RAC-25-LTU Dynamic VPN Client: 25 simultaneous users
page at https://www.juniper.net/us/en/how-to-buy/.
SRX-RAC-50-LTU Dynamic VPN Client: 50 simultaneous users
Product Number Description SRX-RAC-100-LTU Dynamic VPN Client: 100 simultaneous users
SRX550M Base System SRX-RAC-150-LTU Dynamic VPN Client: 150 simultaneous users
SRX550-645AP-M SRX550M Services Gateway with 4 GB DRAM and 8 GB CF, 2 SRX-RAC-250-LTU Dynamic VPN Client: 250 simultaneous users
U height, 6 GPIM slots, 2 Mini-PIM slots, 6
SRX-RAC-500-LTU Dynamic VPN Client: 500 simultaneous users
10/100/1000BASE-T ports, 4GbE SFP ports, dual PS slots, and
fans; ships with one 645 W AC power supply with 247 W PoE Interface Modules
power (power cord and rack-mount kit included)
SRX-GP-16GE-POE 16-port 10/100/1000BASE-T PoE XPIM
SRX550-645DP-M SRX550M Services Gateway with 4 GB DRAM and 8 GB CF, 2
U height, 6 GPIM slots, 2 Mini-PIM slots, 6 SRX-GP-8SFP 8-port GbE copper, fiber SFP XPIM
10/100/1000BASE-T ports, 4GbE SFP ports, dual PS slots, and SRX-GP-DUAL-T1-E1 Dual T1/E1 GPIM
fans; ships with one 645 W DC power supply with 247 W PoE
power (no power cord or rack-mount kit included) SRX-GP-QUAD-T1-E1 Quad T1/E1 GPIM

SRX550M Power Supplies and Accessories SRX-GP-1DS3-E3 1-port clear channel DS3/E3 GPIM single GPIM slot

SRX600-PWR-645AC-POE Spare 645 W AC PoE power supply unit for SRX550M systems; SRX-MP-1T1E1-R 1 port T1E1, MPIM form factor supported on SRX320,
one is included in SRX550M base system (SRX550M-645AC) SRX340, SRX345, SRX380, and SRX550M Services Gateways;
ROHS compliant
SRX600-PWR-645DC-POE 645 W DC source power supply for SRX550M provides 397 W
system power @ 12 V and 248 W PoE power @ 50 VDC; SRX-MP-1VDSL2-R 1 port VDSL2 (backward compatible with ADSL/ADSL2+),
works with 43-56 VDC input; no power cord MPIM form factor supported on SRX320, SRX340, SRX345,
SRX380, and SRX550M Services Gateways; ROHS compliant
SRX550-CHAS-M SRX550M Services Gateway, 2 U height, 6 GPIM slots, 2 Mini-
PIM slots, 6 10/100/1000BASE-T ports, 4 GbE SFP ports, dual SRX-MP-1SERIAL-R 1 port Synchronous Serial, MPIM form factor supported on
PS slots, and fans (power supply not included) SRX320, SRX340, SRX345, SRX380, and SRX550M Services
Gateways; ROHS compliant
SRX550M Software Licenses
SRX-MP-LTE-AA 4G/LTE MPIM support for 1, 3, 5, 7-8, 18-19, 21, 28, 38-41
SRX550-IDP One-year subscription for intrusion detection and prevention LTE bands (for Asia and Australia); supported on SRX320,
(IDP) updates on SRX550M SRX340, SRX345, SRX380, and SRX550M Services Gateways
SRX550-S2-AS One-year subscription for Juniper-Sophos antispam updates on SRX-MP-LTE-AE 4G/LTE MPIM support for 1-5, 7-8, 12-13, 30, 25-26, 29-30,
SRX550M 41 LTE bands (for Americas and EMEA); supported on SRX320,
SRX550-W-EWF One-year subscription for Juniper Web filtering updates on SRX340, SRX345, SRX380, and SRX550M Services Gateways
SRX550M SRX-MP-WLAN-US Wireless access point (Wi-Fi) MPIM for SRX320, SRX340,
SRX550-S-SMB4-CS One-year security subscription for enterprise; includes Sophos SRX345, SRX380, and SRX550M Services Gateways; supported
antivirus, enhanced Web filtering, Sophos antispam, AppSecure, for U.S. regulatory bands only
and IDP on SRX550M SRX-MP-WLAN-WW Wireless access point (Wi-Fi) MPIM for SRX320, SRX340,
SRX550-ATP-1 One-year subscription for Advanced Threat Prevention Cloud SRX345, SRX380, and SRX550M Services Gateways; supported
for SRX550M for worldwide regulatory bands (excluding U.S. and Israel)

SRX550-S-AV-3 Three-year subscription for Juniper-Sophos antivirus updates SRX-MP-WLAN-IL Wireless access point (Wi-Fi) MPIM for SRX320, SRX340,
on SRX550M SRX345, SRX380, and SRX550M Services Gateways; supported
for Israel regulatory bands only
SRX550-IDP-3 Three-year subscription for IDP updates on SRX550M
SRX-MP-ANT-EXT Antenna extension cable for WLAN MPIM on SRX Series
SRX550-S2-AS-3 Three-year subscription for Juniper-Sophos antispam updates platforms
on SRX550M
SRX550-W-EWF-3 Three-year subscription for Juniper Web filtering updates on
SRX550M
SRX550-S-SMB4-CS-3 Three-year subscription for enterprise-includes Sophos
antivirus, enhanced Web filtering, Sophos antispam, AppSecure,
and IDP on SRX550M
SRX550-ATP-3 Three-year subscription for Advanced Threat Prevention Cloud
for SRX550M
SRX550-IDP-5 Five-year license for IDP updates on SRX550M
SRX550-W-EWF-5 Five-year subscription for Juniper Web filtering updates on
SRX550M
SRX550-S-SMB4-CS-5 Five year security subscription for enterprise; includes Sophos
antivirus, enhanced Web filtering, Sophos antispam, AppSecure,
and IDP on SRX550M
SRX550-APPSEC-A-1 One-year subscription for Application Security and IPS updates
for SRX550M
SRX550-APPSEC-A-3 Three-year subscription for Application Security and IPS
updates for SRX550M
SRX550-APPSEC-A-5 Five-year subscription for Application Security and IPS updates
for SRX550M
SRX550-ATP-5 Five-year subscription for Advanced Threat Prevention Cloud
for SRX550

6
 SRX550M Services Gateway

About Juniper Networks

Juniper Networks brings simplicity to networking with products,
solutions and services that connect the world. Through engineering
innovation, we remove the constraints and complexities of
networking in the cloud era to solve the toughest challenges our
customers and partners face daily. At Juniper Networks, we believe
that the network is a resource for sharing knowledge and human
advancement that changes the world. We are committed to
imagining groundbreaking ways to deliver automated, scalable and
secure networks to move at the speed of business.

Corporate and Sales Headquarters APAC and EMEA Headquarters

Juniper Networks, Inc. Juniper Networks International B.V. Boeing

1133 Innovation Way Avenue 240 1119 PZ Schiphol-Rijk

Sunnyvale, CA 94089 USA Amsterdam, The Netherlands

Phone: 888.JUNIPER (888.586.4737) Phone: +31.0.207.125.700

or +1.408.745.2000

www.juniper.net

Copyright 2020 Juniper Networks, Inc. All rights reserved. Juniper Networks, the Juniper Networks logo, Juniper, and Junos are registered trademarks of Juniper Networks, Inc. in the United
States and other countries. All other trademarks, service marks, registered marks, or registered service marks are the property of their respective owners. Juniper Networks assumes no
responsibility for any inaccuracies in this document. Juniper Networks reserves the right to change, modify, transfer, or otherwise revise this publication without notice.

1000669-002-EN July 2020 7