Juniper SRX340
Juniper SRX340
- 8 x 1GbE RJ-45 ports and 8 x 1GbE SFP
- 3 Gbps Firewall performance
- 250 Mbps IPS performance
- 500 Mbps VPN performance
- 256,000 Concurrent sessions
- 10,000 New sessions/second
- 2,000 Maximum security policies
SRX300 Overview:
The SRX300 line of services gateways combines security, routing, switching, and WAN interfaces with next-generation firewall and advanced threat mitigation capabilities for cost effective, secure connectivity across distributed enterprise locations. By consolidating fast, highly available switching, routing, security, and next-generation firewall capabilities in a single device, enterprises can remove network complexity, protect and prioritize their resources, and improve user and application experience while lowering total cost of ownership (TCO).
Product Description
Juniper Networks SRX300 line of services gateways delivers a next-generation networking and security solution that supports the changing needs of cloud-enabled enterprise networks. Whether rolling out new services and applications across locations, connecting to the cloud, or trying to achieve operational efficiency, the SRX300 line helps organizations realize their business objectives while providing scalable, easy to manage, secure connectivity and advanced threat mitigation capabilities. Next-generation firewall and unified threat management (UTM) capabilities also make it easier to detect and proactively mitigate threats to improve the user and application experience.
The SRX300 line consists of four models:
- SRX300: Securing small branch or retail offices, the SRX300 Services Gateway consolidates security, routing, switching, and WAN connectivity in a small desktop device. The SRX300 supports up to 1 Gbps firewall and 300 Mbps IPsec VPN in a single, consolidated, cost-effective networking and security platform.
- SRX320: Securely connecting small distributed enterprise branch offices, the SRX320 Services Gateway consolidates security, routing, switching, and WAN connectivity in a small desktop device. The SRX320 supports up to 1 Gbps firewall and 300 Mbps IPsec VPN in a single, consolidated, cost-effective networking and security platform.
- SRX340: Securely connecting midsize distributed enterprise branch offices, the SRX340 Services Gateway consolidates security, routing, switching, and WAN connectivity in a 1 U form factor. The SRX340 supports up to 3 Gbps firewall and 600 Mbps IPsec VPN in a single, consolidated, cost-effective networking and security platform.
- SRX345: Best suited for midsize to large distributed enterprise branch offices, the SRX345 Services Gateway consolidates security, routing, switching, and WAN connectivity in a 1 U form factor. The SRX345 supports up to 5 Gbps firewall and 800 Mbps IPsec VPN in a single, consolidated, cost-effective networking and security platform.
Highlights
The SRX300 line of services gateways consists of secure routers that bring high performance and proven deployment capabilities to enterprises that need to build a worldwide network of thousands of remote sites. Ethernet, serial, T1/E1, ADSL2/2+, VDSL2, and 3G/4G LTE wireless are all available options for WAN or Internet connectivity to link sites. Industry best, high-performance IPsec VPN solutions provide comprehensive encryption and authentication capabilities to secure intersite communications. Multiple form factors with Ethernet switching support on native Gigabit Ethernet ports allow cost effective choices for mission-critical deployments. Juniper Networks Junos® automation and scripting capabilities and Junos Space Security Director reduce operational complexity and simplify the provisioning of new sites.
The SRX300 line of devices recognizes more than 3,500 Layer 3-7 applications, including Web 2.0 and evasive peer-to-peer (P2P) applications like Skype, torrents, and others. Correlating application information with user contextual information, the SRX300 line can generate bandwidth usage reports, enforce access control policies, prioritize and rate-limit traffic going out of WAN interfaces, and proactively secure remote sites. This optimizes resources in the branch office and improves the application and user experience.
For the perimeter, the SRX300 line offers a comprehensive suite of application security services, threat defenses, and intelligence services. The services consist of intrusion prevention system (IPS), application security user role-based firewall controls, and on-box and cloud-based antivirus, anti-spam, and enhanced Web filtering, protecting networks from the latest content-borne threats. Integrated threat intelligence via Juniper Networks Spotlight Secure offers adaptive threat protection against Command and Control (C&C)-related botnets and policy enforcement based on GeoIP. Customers can also leverage their own custom and third-party feeds for protection from advanced malware and other threats. Integrating the Juniper Networks Sky Advanced Threat Protection solution, the SRX300 line detects and enforces automated protection against known malware and zero-day threats with a very high degree of accuracy.
The SRX300 line enables agile SecOps through automation capabilities that support Zero Touch Deployment, Python scripts for orchestration, and event scripting for operational management.
SRX300 services gateways run Juniper Networks Junos operating system, a proven, carrier-hardened network OS that powers the top 100 service provider networks around the world. The rigorously tested, carrier-class, rich routing features such as IPv4/ IPv6, OSPF, BGP, and multicast have been proven in over 15 years of worldwide deployments.
Features & Benefits:
Business Requirement | Feature/Solution | SRX300 Advantages |
---|---|---|
High performance | Up to 5 Gbps of routing and firewall performance |
|
Business continuity | Stateful high availability (HA), IP monitoring |
|
End-user experience | IApp visibility and control |
|
Highly secure | IPsec VPN, Media Access Control Security (MACsec) |
|
Threat protection | IPS, antivirus, anti-spam, Spotlight Secure, Sky Advanced Threat Prevention |
|
Easy to manage and scale | On-box GUI, Security Director |
|
Minimize TCO | Junos OS |
|
Technical Specifications:
Model: | SRX300 | SRX320 | SRX340 | SRX345 |
---|---|---|---|---|
Connectivity | ||||
Total onboard ports | 8x1GbE | 8x1GbE | 16x1GbE | 16x1GbE |
Onboard RJ-45 ports | 6x1GbE | 6x1GbE | 8x1GbE | 8x1GbE |
Onboard small form-factor pluggable (SFP) transceiver ports | 2x1GbE | 2x1GbE | 8x1GbE | 8x1GbE |
MACsec-capable ports | 2x1GbE | 2x1GbE | 16x1GbE | 16x1GbE |
Out-of-Band (OOB) management ports | 0 | 0 | 1x1GbE | 1x1GbE |
Mini PIM (WAN) slots | 0 | 2 | 4 | 4 |
Console (RJ-45 + miniUSB) | 1 | 1 | 1 | 1 |
USB 3.0 ports (type A) | 1 | 1 | 1 | 1 |
Optional PoE+ ports | N/A | 61 | 0 | 0 |
Memory and Storage | ||||
System memory (RAM) | 4 GB | 4 GB | 4 GB | 4 GB |
Storage (flash) | 8 GB | 8 GB | 8 GB | 8 GB |
SSD slots | 0 | 0 | 1 | 1 |
Dimensions and Power | SRX300 | SRX320 | SRX340 | SRX345 |
Form factor | Desktop | Desktop | 1U | 1U |
Size (WxHxD) | 12.63 x 1.37 x 7.52 in. (32.08 x 3.47 x 19.10 cm) |
11.81 x 1.73 x 7.52 in. (29.99 x 4.39 x 19.10 cm) |
17.36 x 1.72 x 14.57 in. (44.09 x 4.36 x 37.01 cm) |
17.36 x 1.72 x 14.57 in. (44.09 x 4.36 x 37.01 cm) / 17.36 x 1.72 x 18.7 in. (44.09 x 4.36 x 47.5 cm)2 |
Weight (device and PSU) | 4.38 lb (1.98 kg) | 3.28 lb (1.51 kg)3 / 3.4 lb (1.55 kb)4 |
10.80 lb (4.90 kg) | 10.80 lb (4.90 kg) |
Redundant PSU | No | No | No | Yes |
Power supply | AC (external) | AC (external) | AC (external) | AC (external) |
Maximum PoE power | N/A | 180 W4 | N/A | N/A |
Average power consumption | 15.4 W | 27 W3 / 112 W4 | 122 W | 122 W |
Average heat dissipation | 85 BTU/h | 157 BTU/h3 / 755 BTU/h4 | 420 BTU/h | 420 BTU/h |
Maximum current consumption | 0.254 A | 0.473 A3 / 2.07 A4 | 1.364 A | 1.364 A |
Acoustic noise level | 0dB (fanless) | 37 dBA3 / 40 dBA4 | 45.5 dBA | 45.5 dBA |
Airflow/cooling | Fanless | Front to back | Front to back | Front to back |
Environmental, Compliance, and Safety Certification | SRX300 | SRX320 | SRX340 | SRX345 |
Operating temperature | 32° to 104° F (0° to 40° C) | |||
Nonoperating temperature | 4° to 158° F (-20° to 70° C) | |||
Operating humidity | 10% to 90% noncondensing | |||
Nonoperating humidity | 5% to 95% noncondensing | |||
Meantime between failures (MTBF) | 44.5 years | 32.5 years3 / 26 years4 | 27 years | 27.4 years |
FCC classification | Class A | Class A | Class A | Class A |
RoHS compliance | RoHS 2 | RoHS 2 | RoHS 2 | RoHS 2 |
Common Criteria certification | NDPP, VPNEP, FWEP, IPSEP (based on Junos 15.1X49-D60) | |||
Performance and Scale | SRX300 | SRX320 | SRX340 | SRX345 |
Routing with packet mode (64 B packet size) in Kpps5 | 300 | 300 | 550 | 750 |
Routing with packet mode (IMIX packet size) in Mbps5 | 800 | 800 | 1,600 | 2,300 |
Routing with packet mode (1,518 B packet size in Mbps5 | 1,500 | 1,500 | 3,000 | 5,500 |
Stateful firewall (64 B packet size) in Kpps5 | 200 | 200 | 350 | 550 |
Stateful firewall (IMIX packet size) in Mbps5 | 500 | 500 | 1,100 | 1,700 |
Stateful firewall (1,518 B packet size) in Mbps5 | 1,000 | 1,000 | 3,000 | 5,000 |
IPsec VPN (IMIX packet size) in Mbps5 | 100 | 100 | 200 | 300 |
IPsec VPN (1,400 B packet size) in Mbps5 | 300 | 300 | 600 | 800 |
Application visibility and control in Mbps6 | 500 | 500 | 1,000 | 1,700 |
Recommended IPS in Mbps6 | 200 | 200 | 400 | 600 |
Next-generation firewall in Mbps6 | 100 | 100 | 200 | 300 |
Route table size (RIB/FIB) (IPv4 or IPv6) | 256,000/256,000 | 256,000/256,000 | 1 million/600,0007 | 1 million/600,0007 |
Maximum concurrent sessions (IPv4 or IPv6) | 64,000 | 64,000 | 256,000 | 375,000 |
Maximum security policies | 1,000 | 1,000 | 2,000 | 4,000 |
Connections per second | 5,000 | 5,000 | 10,000 | 15,000 |
NAT rules | 1,000 | 1,000 | 2,000 | 2,000 |
MAC table size | 15,000 | 15,000 | 15,000 | 15,000 |
IPsec VPN tunnels | 256 | 256 | 1,024 | 2,048 |
Number of remote access uses | 25 | 50 | 150 | 250 |
GRE tunnels | 256 | 256 | 512 | 1,024 |
Maximum number of security zones | 16 | 16 | 64 | 64 |
Maximum number of virtual routers | 32 | 32 | 64 | 128 |
Maximum number of VLANs | 1,000 | 1,000 | 2,000 | 3,000 |
AppID sessions | 16,000 | 16,000 | 64,000 | 64,000 |
IPS sessions | 16,000 | 16,000 | 64,000 | 64,000 |
URLF sessions | 16,000 | 16,000 | 64,000 | 64,000 |
WAN Interface | SRX300 | SRX320 | SRX340 | SRX345 |
1 port T1/E1 MPIM (SRX-MP-1T1E1-R) | No | Yes | Yes | Yes |
1 port VDSL2 Annex A/M MPIM (SRX-MP-1VDSL2-R) | No | Yes | Yes | Yes |
1 port serial MPIM (SRX-MP-1SERIAL-R) | No | Yes | Yes | Yes |
4G / LTE MPIM (SRX-MP-LTE-AA & SRX-MP-LTE-AE) | No | Yes | Yes | Yes |
Additional Specification Features:
Routing Protocols
- IPv4, IPv6, ISO, Connectionless Network Service (CLNS)
- Static routes
- RIP v1/v2
- OSPF/OSPF v3
- BGP with Route Reflector
- IS-IS
- Multicast: Internet Group Management Protocol (IGMP) v1/v2, Protocol Independent Multicast (PIM) sparse mode (SM)/dense mode (DM)/source-specific multicast (SSM), Session Description Protocol (SDP), Distance Vector Multicast Routing Protocol (DVMRP), Multicast Source Discovery Protocol (MSDP), Reverse Path Forwarding (RPF)
- Encapsulation: VLAN, Point-to-Point Protocol (PPP), Frame Relay, High-Level Data Link Control (HDLC), serial, Multilink Point-to-Point Protocol (MLPPP), Multilink Frame Relay (MLFR), and Point-to-Point Protocol over Ethernet (PPPoE)
- Virtual routers
- Policy-based routing, source-based routing
- Equal-cost multipath (ECMP)
QoS Features
- Support for 802.1p, DiffServ code point (DSCP), EXP
- Classification based on VLAN, data-link connection identifier (DLCI), interface, bundles, or multifield filters
- Marking, policing, and shaping
- Classification and scheduling
- Weighted random early detection (WRED)
- Guaranteed and maximum bandwidth
- Ingress traffic policing
- Virtual channels
- Hierarchical shaping and policing
Switching Features
- ASIC-based Layer 2 Forwarding
- MAC address learning
- VLAN addressing and integrated routing and bridging (IRB) support
- Link aggregation and LACP
- LLDP and LLDP-MED
- STP, RSTP, MSTP
- MVRP
- 802.1X authentication
Firewall Services
- Stateful and stateless firewall
- Zone-based firewall
- Screens and distributed denial of service (DDoS) protection
- Protection from protocol and traffic anomaly
- Integration with Pulse Unified Access Control (UAC)
- Integration with Aruba Clear Pass Policy Manager
- User role-based firewall
- SSL Inspection (Forward-proxy)
Network Address Translation (NAT)
- Source NAT with Port Address Translation (PAT)
- Bidirectional 1:1 static NAT
- Destination NAT with PAT
- Persistent NAT
- IPv6 address translation
VPN Features
- Tunnels: Generic routing encapsulation (GRE)3, IP-IP3, IPsec
- Site-site IPsec VPN, auto VPN, group VPN
- IPsec crypto algorithms: Data Encryption Standard (DES), triple DES (3DES), Advanced Encryption Standard (AES-256), AES-GCM
- IPsec authentication algorithms: MD5, SHA-1, SHA-128, SHA-256
- Pre-shared key and public key infrastructure (PKI) (X.509)
- Perfect forward secrecy, anti-reply
- IPv4 and IPv6 IPsec VPN
- Multi-proxy ID for site-site VPN
- Internet Key Exchange (IKEv1, IKEv2), NAT-T
- Virtual router and quality-of-service (QoS) aware
- Standard-based dead peer detection (DPD) support
- VPN monitoring
Network Services
- Dynamic Host Configuration Protocol (DHCP) client/server/ relay
- Domain Name System (DNS) proxy, dynamic DNS (DDNS)
- Juniper real-time performance monitoring (RPM) and IPmonitoring
- Juniper flow monitoring (J-Flow)10
- Virtual Router Redundancy Protocol (VRRP)10
- Stateful high availability
- Dual box clustering
- Active/passive
- Active/active
- Configuration synchronization
- Firewall session synchronization
- Device/link detection
- In-Band Cluster Upgrade (ICU)
- Dial on-demand backup interfaces
- IP monitoring with route and interface failover
- SSH, Telnet, SNMP
- Smart image download
- Juniper CLI and Web UI
- Junos Space and Security Director
- Python
- Junos OS event, commit, and OP script
- Application and bandwidth usage reporting
- Auto installation
- Debug and troubleshooting tools
- Zero-Touch Provisioning with Contrail Service Orchestration
Advanced Routing Services
- Packet mode
- MPLS (RSVP, LDP)
- Circuit cross-connect (CCC), translational cross-connect (TCC)
- L2/L3 MPLS VPN, pseudowires
- Virtual private LAN service (VPLS), next-generation multicast VPN (NG-MVPN)
- MPLS traffic engineering and MPLS fast reroute
Application Security Services9
- Application visibility and control
- Application-based firewall
- Application QoS
- Application-based advanced policy-based routing
Threat Defense and Intelligence Services10
- Intrusion prevention
- Antivirus
- Antispam
- Category/reputation-based URL filtering
- Spotlight Secure threat intelligence
- Protection from botnets (command and control)
- Adaptive enforcement based on GeoIP
- Sky Advanced Threat Prevention to detect and block zeroday attacks11
1 PoE ports on SRX320 available as a separate SKU: SRX320-POE.
2 SRX345 with dual AC PSU model.
3 SRX320 non PoE model.
4 SRX320-POE with 6 ports PoE+ model.
5 Throughput numbers based on UDP packets and RFC2544 test methodology.
6 Throughput numbers based on HTTP traffic with 44 KB transaction size.
7 Route scaling numbers are with enhanced route-scale features turned on.
8 GRE, IP-IP, J-Flow monitoring, and VRRP are not supported in stateful high-availbility mode.
9 Available as part of Junos Software Enhanced (JSE) software package or advanced security subscription licenses.
10 Offered as advanced security services subscription licenses.
11 Sky ATP is supported on SRX340 and higher platforms.