Scribd
Upload
874 views6 pages

srx4600 Firewall Datasheet

Uploaded by

theanhcb
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
874 views6 pages

srx4600 Firewall Datasheet

Uploaded by

theanhcb
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd

Data Sheet

SRX4600 FIREWALL DATASHEET

Product Description
The SRX4600 Firewall protects mission-critical data center and campus networks for
enterprises, mobile service providers, and cloud service providers. Designed for high-
performance security services architectures, the SRX4600 protects critical corporate IT
assets as a next-generation firewall (NGFW), acts as an enforcement point for cloud-based
security solutions, and provides application visibility and control to improve the user and
application experience.
Product Overview
Integrating networking and security in a single platform, the SRX4600 features multiple
The SRX4600 is a high- high-speed interfaces, intrusion prevention, advanced threat protection, and authentication,
performance, next-generation along with high-performance IPsec VPN and Internet gateway capabilities. It also offers
firewall and hardware- high scalability, high availability, robust protection, application visibility, user identification,
accelerated security gateway and deep content inspection to provide unparalleled control over the security
offering up to 400 Gbps of infrastructure.
firewall performance that
The SRX4600 also acts as a central enforcement point, leveraging vital automation and
supports the changing needs of
actionable intelligence to protect users in a multivendor network environment. The
cloud-enabled enterprise and
SRX4600 also delivers fully automated SD-WAN to both enterprises and service providers.
service provider networks. The
SRX4600 allows organizations Due to its high performance and scale, the SRX4600 acts as a VPN hub and terminates
to roll out new services in an VPN/secure overlay connections in various SD-WAN topologies.
enterprise data center or The SRX4600 is powered by Juniper Networks Junos® operating system, the industry-
campus, connect to the cloud, leading OS that keeps the world’s largest mission-critical enterprise and service provider
comply with industry standards, networks secure.
deploy distributed security
gateways, or offer high-scale
multitenant security services. Architecture and Key Components
The SRX4600 helps The SRX4600 hardware and software architecture provides cost-effective security in a
organizations realize their small 1 U form factor. Purpose-built to protect network environments and provide Internet
business objectives while Mix (IMIX) firewall throughput up to 400 Gbps, the SRX4600 incorporates multiple security
providing scalability, high
services and networking functions on top of Junos OS. Best-in-class security and advanced
availability, ease of
threat mitigation capabilities on the SRX4600 are offered as 33 Gbps of NGFW, 45.4 Gbps
management, secure
of intrusion prevention system (IPS), and up to 44 Gbps of IPsec VPN in data center,
connectivity, and advanced
enterprise campus, and regional headquarter deployments with IMIX traffic patterns.
threat mitigation capabilities.

1
SRX4600 Firewall Datasheet

Table 1. SRX4600 Statistics¹

Performance SRX4600
Firewall throughput—IMIX 400 Gbps/400 Gbps
Firewall throughput with application security 90 Gbps
IPsec VPN throughput—IMIX/1400 B 44/70 Gbps
Intrusion prevention system (IPS) 45.4 Gbps
Next-Generation Datacenter Firewall throughput 2
33 Gbps
Secure Web Access Firewall3 throughput 22.6 Gbps
Connections per second 600,000
Maximum session 60 60 million
1
Performance, capacity, and features listed are based on systems running Junos OS 21.3R1 and are measured under ideal testing conditions. Actual results may vary based on Junos OS releases and by deployments.
2
Next-Generation Datacenter firewall performance is measured with Firewall, Application Security and IPS enabled using 64KB transactions.
3
Secure Web Access firewall performance is measured with Firewall, Application Security, IPS, SecIntel, and URL Filtering enabled using 64KB transactions.

The SRX4600 recognizes more than 4,275 applications and nested applications in plain text or SSL-encrypted transactions. The firewall
also integrates with Microsoft Active Directory and combines user information with application data to provide network-wide application
and user visibility and control.

Features and Benefits


Table 2. SRX4600 Features and Benefits

Business Requirement Feature/Solution SRX4600 Advantages


High performance Up to 400 Gbps of IMIX firewall • Best suited for enterprise campus and data center edge deployments
throughput • Ideal for secure router/VPN concentrator deployments at the head office
• Addresses diverse needs and scales for service provider deployments

High-quality end-user Application visibility and control • Detects 4,275 L3-L7 applications, including Web 2.0
experience • Controls and prioritizes traffic based on application and use role
• Inspects and detects applications inside SSL-encrypted traffic

Advanced threat IPS, antivirus, antispam, • Provides real-time updates to IPS signatures and protects against exploits
protection enhanced web filtering, Juniper • Implements industry-leading antivirus and URL filtering
Advanced Threat Prevention
Cloud, Encrypted Traffic Insights, • Delivers open threat intelligence platform that integrates with third-party feeds
Threat Intelligence Feeds, and • Protects against zero-day attacks
Juniper ATP Appliance • Stops rogue and compromised devices to disseminate malware
• Restores visibility lost due to encryption, without the heavy burden of full TLS/SSL decryption

Professional-grade Routing, secure wire • Supports carrier-class advanced routing and quality of service (QoS)
networking services
Highly secure IPsec VPN, Remote access/SSL • Provides high-performance IPsec VPN with dedicated crypto engine
VPN • Offers diverse VPN options for various network designs, including remote access and dynamic site-to-site communications
• Simplifies large VPN deployments with auto VPN
• Includes hardware-based crypto acceleration
• Secure and flexible remote access SSL VPN with Juniper Secure Connect

Highly reliable Chassis cluster, redundant power • Provides stateful configuration and session synchronization
supplies • Supports active/active and active/backup deployment scenarios
• Offers highly available hardware with redundant power supply unit (PSU) and fans

Easy to manage and On-box GUI, Juniper Networks • Enables centralized management for autoprovisioning, firewall policy management, Network Address Translation (NAT), and
scale Security Director IPsec VPN deployments
• Includes simple, easy-to-use on-box GUI for local management

Low TCO Junos OS • Integrates routing and security in a single device


• Reduces OpEx with Junos OS automation capabilities

2
SRX4600 Firewall Datasheet

Software Specifications High Availability Features


Firewall Services • Virtual Router Redundancy Protocol (VRRP)—IPv4 and IPv6
• Stateful and stateless firewall • Stateful high availability:
• Zone-based firewall - HA clustering
• Screens and distributed denial of service (DDoS) protection - Active/active
• Protection from protocol and traffic anomalies - Active/passive
• Unified Access Control (UAC) - Dual MACsec-enabled HA control ports (10GbE)
- Dual MACsec-enabled HA fabric ports (10GbE)
- Configuration synchronization
Network Address Translation (NAT) - Firewall session synchronization
• Source NAT with Port Address Translation (PAT) - Device/link detection
• Bidirectional 1:1 static NAT - Unified in-service software upgrade (unified ISSU)
• Destination NAT with PAT • IP monitoring with route and interface failover
• Persistent NAT
• IPv6 address translation
• Port Block Allocation method for CGNAT Application Security Services3
• Deterministic NAT • Application visibility and control
• Application-based firewall
• Application QoS
VPN Features • Advanced/application policy-based routing (APBR)
• Tunnels: Site-to-site, hub and spoke, dynamic endpoint, • Application Quality of Experience (AppQoE)
AutoVPN, ADVPN, Group VPN (IPv4/ IPv6/Dual Stack) • Application-based multipath routing
• Juniper Secure Connect: Remote access/SSL VPN • User-based firewall
• Configuration payload: Yes
• IKE Encryption algorithms: Prime, DES-CBC, 3DES-CBC, AEC-
CBC, AES-GCM, Suite B Threat Defense and Intelligence Services3
• IKE authentication algorithms: MD5, SHA-1, SHA-128, • IPS
SHA-256, SHA-384 • Antivirus
• Authentication: Pre-shared key and public key infrastructure • Antispam
(PKI) (X.509) • Category/reputation-based URL filtering
• IPsec (Internet Protocol Security): Authentication Header • SSL proxy/inspection
(AH) / Encapsulating Security Payload (ESP) protocol • Protection from botnets (command and control)
• IPsec Authentication Algorithms: hmac-md5, hmac-sha-196, • Adaptive enforcement based on GeoIP
hmac-sha-256 • Juniper ATP, a cloud-based SaaS offering, to detect and block
• IPsec Encryption Algorithms: Prime, DES-CBC, 3DES-CBC, zero-day attacks
AEC-CBC, AES-GCM, Suite B • Adaptive Threat Profiling
• Perfect forward secrecy, anti-reply • Encrypted Traffic Insights
• Internet Key Exchange: IKEv1, IKEv2 • SecIntel to provide threat intelligence
• Monitoring: Standard-based dead peer detection (DPD) • Juniper ATP Appliance, a distributed, on-premises advanced
support, VPN monitoring threat prevention solution to detect and block zero-day attacks
• VPNs GRE, IP-in-IP, and MPLS Routing Protocols
• IPv4, IPv6, static routes, RIP v1/v2
• OSPF/OSPF v3
• BGP with route reflector
• IS-IS
• Multicast: Internet Group Management Protocol (IGMP) v1/v2;
Protocol Independent Multicast (PIM) sparse mode (SM)/dense
mode (DM)/source-specific multicast (SSM); Session

3
SRX4600 Firewall Datasheet

Description Protocol (SDP); Distance Vector Multicast Routing


Protocol (DVMRP); Multicast Source Discovery Protocol
(MSDP); reverse path forwarding (RPF)
- Encapsulation: VLAN, Point-to-Point Protocol over
Ethernet (PPPoE)
- Virtual routers
- Policy-based routing, source-based routing
Hardware Specifications
- Equal-cost multipath (ECMP)
Table 3. SRX4600 Hardware Specifications

Specification SRX4600
Total onboard I/O ports Up to 24x1GbE/10GbE (SFP+)4
QoS Features 4x40GbE/100GbE (QSFP28)

• Support for 802.1p, DiffServ code point (DSCP) Out-of-Band (OOB) management ports RJ-45 (1 Gbps)

• Classification based on interface, bundles, or multifield filters Dedicated high availability (HA) ports 2x1GbE/10GbE (SFP+) Control
2x1GbE/10GbE (SFP+) Data
• Marking, policing, and shaping Console RJ-45 (RS232)
• Classification and scheduling USB 2.0 ports (Type A) 1
• Weighted random early detection (WRED) Memory and Storage
• Guaranteed and maximum bandwidth System memory (RAM) 256 GB
Secondary storage (SSD) 2x 1 TB M.2 SSD

Dimensions and Power


Network Services Form factor 1U
• Dynamic Host Configuration Protocol (DHCP) client/server/ Size (WxHxD) 17.4 x 1.7 x 26.5 in (44.19 x 4.32 x 67.31 cm)
With AC PEMs: 17.4 x 1.7 x 27.29 in (44.19 x
relay 4.32 x 69.32 cm)
With DC PEMs: 17.4 x 1.7 x 29.20 in (44.19 x
• Domain Name System (DNS) proxy, dynamic DNS (DDNS) 4.32 x 74.17 cm)
• Juniper real-time performance monitoring (RPM) and IP Weight (system and 2 power entry With AC PEMs: 38 lb (17.24 kg)
monitoring modules) Shipping weight: 45.47 lb (20.62 kg)
With DC PEMs: 40 lb (18.14 kg)
• Juniper flow monitoring (J-Flow) Shipping weight: 47.47 lb (21.53 kg)
Redundant PSU 1+1
Power supply 2x 1600 W AC-DC PSU redundant
2x 1100 W DC-DC PSU redundant
Management, Automation, Logging, and Reporting
Average power consumption 650 W
• SSH, Telnet, SNMP Average heat dissipation 2218 BTU/hour
• Smart image download Maximum current consumption 12 A (for 110 V AC power)
• Juniper CLI and Web UI 6 A (for 220 V AC power)
24 A (for -48 V DC power)
• Security Director
Precision Time Protocol Timing Ports
• Python Time of day – RS-232 (EIA-23) 1xRJ-45
• Junos OS events, commit, and OP scripts BITS clock 1xRJ-48
• Application and bandwidth usage reporting 10-MHz timing connector (GNSS) 1xInput (COAX)
1xOutput (COAX)
• Debug and troubleshooting tools
Pulse per second connection (1-PPS) 1xInput (COAX)
1xOutput (COAX)

Environmental and Regulatory Compliance


Acoustic noise level 69 dBA at normal fan speed,87 dBA at full fan
speed
3
Offered as advanced security subscription license
Airflow/cooling Front to back
Operating temperature 32° to 104° F (0° to 40° C)
Operating humidity 5% to 90% noncondensing
Meantime between failures (MTBF)111,626 111,626 hours (12.75 years)
hours (12.75 years)
FCC classification Class A
RoHS compliance RoHS 2
NEBS compliance Designed for NEBS Level 3

4
SRX4600 Firewall Datasheet

Specification SRX4600 Description SRX4600-SYS-JB


Performance Multicast (IGMP, PIM, SSDP, DMVRP) Included

Routing/firewall (64 B packet size) 104 Gbps Packet mode Included


throughput Gbps4
Overlay (GRE, IP-IP) Included
Routing/firewall (IMIX packet size) 400 Gbps
Network services (J-Flow, DHCP, QoS, BFD) Included
throughput Gbps4
Stateful firewall, screens, application-level gateways (ALGs) Included
Routing/firewall (1518 B packet size) 400 Gbps
throughput Gbps4 NAT (static, SNAT, DNAT) Included
IPsec VPN (IMIX packet size) Gbps4 44.4 Gbps IPsec VPN (site-site VPN, auto VPN, group VPN) Included
IPsec VPN (1400 B packet size) Gbps4 69.6 Gbps Remote access/SSL VPN (concurrent users)7 Optional
Application security performance in Gbps5 75.5 Gbps Firewall policy enforcement (UAC, Aruba CPPM) Included
Recommended IPS in Gbps6 45.5 Gbps Chassis cluster, VRRP, unified ISSU Included
Next-generation firewall in Gbps6 33 Gbps Automation (Junos OS scripting, auto-installation) Included
Secure Web Access firewall in Gbps 7 22.6 Gbps General Packet Radio Service (GPRS)/GPRS tunneling protocol (GTP)/ Included
Stream Control Transmission Protocol (SCTP)
Connections per second (CPS) 600,000
Application security (AppID, AppFW, AppQoS, AppQoE, AppRoute) Optional
Maximum security policies 80,000
7
Based on concurrent users; two free licenses included
Maximum concurrent sessions (IPv4 or 60 million
IPv6)
Route table size (RIB/FIB) (IPv4 or IPv68) 4 million/1.2 million
IPsec tunnels 7500 Base Systems
Number of remote access/SSL VPN 7500 Product Number Description
(concurrent) users
SRX4600-SYS-JB- SRX4600 Firewall includes hardware (4x100GbE, 8x10GbE, two AC
4
There are eight dedicated 1GbE/10GbE ports. The four 40GbE/100GbE ports can use breakout cables to create AC power supply units, five fan trays, cables, and rack mount kit) and
4x1GbE/10GbE (SFP+) ports each, resulting in a total of 24x 1GbE/10GbE ports.
Junos Software Base (Firewall, NAT, IPsec, routing, MPLS)
5
Throughput numbers based on UDP packets and RFC2544 test methodology.
6
Next-Generation Datacenter firewall performance is measured with Firewall, Application Security and IPS enabled SRX4600-SYS-JB- SRX4600 Firewall includes hardware (4x100GbE, 8x10GbE, two DC
using 64KB transactions. DC power supply units, five fan trays, cables, and rack mount kit) and
7
Secure Web Access firewall performance is measured with Firewall, Application Security, IPS, SecIntel, and URL Junos Software Base (Firewall, NAT, IPsec, routing, MPLS)
Filtering enabled using 64KB transactions.
8
IPv6 FIB scale is with 32-bit mask.
All systems include dual (redundant) AC or DC power supplies, five
(4+1) redundant fans, country-specific power cords, dual
Juniper Networks Services and Support
(redundant) solid-state drives, rack mount kit, and core Junos OS
Juniper Networks is the leader in performance-enabling services
software (stateful firewall, NAT, IPsec, and routing).
that are designed to accelerate, extend, and optimize your high-
performance network. Our services allow you to maximize
operational efficiency while reducing costs and minimizing risk, Advanced Security Services Subscription Licenses
achieving a faster time to value for your network. Juniper Networks Product Number Description

ensures operational excellence by optimizing the network to S-SRX4600-A1-1 SW, A1, IPS, AppSecure, content security, 1 year

maintain required levels of performance, reliability, and S-SRX4600-A2-1 SW, A2, IPS, AppSecure, URL filtering, cloud anti-virus/anti-spam,
content security, 1 year
availability. For services specific information specific to SRX Series S-SRX4600-A3-1 SW, A3, IPS, AppSecure, URL filtering, on box anti-virus, content
Firewalls, please read the Firewall Conversion Service or the SRX security, 1 year

Series QuickStart Service datasheets. For more details, please S-SRX4600-A1-3 SW, A1, IPS, AppSecure, content security, 3 year
S-SRX4600-A2-3 SW, A2, IPS, AppSecure, URL filtering, cloud anti-virus/anti-spam,
visit https://www.juniper.net/us/en/products.html. content security, 3 year
S-SRX4600-A3-3 SW, A3, IPS, AppSecure, URL filtering, on box anti-virus, content
security, 3 year
Ordering Information S-SRX4600-A1-5 SW, A1, IPS, AppSecure, content security, 5 year

To order Juniper Networks SRX Series Firewalls, and to access S-SRX4600-A2-5 SW, A2, IPS, AppSecure, URL filtering, cloud anti-virus/anti-spam,
content security, 5 year
software licensing information, please visit the How to Buy page
S-SRX4600-A3-5 SW, A3, IPS, AppSecure, URL filtering, on box anti-virus, content
at https://www.juniper.net/us/en/how-to-buy/form.html. security, 5 year
S-SRX4600-P1-1 SW, P1, IPS, AppSecure, ATP, content security, 1 year
S-SRX4600-P2-1 SW, P2, IPS, AppSecure, URL filtering, cloud anti-virus/anti-spam, ATP,
Description SRX4600-SYS-JB content security, 1 year

Hardware Included S-SRX4600-P3-1 SW, P3, IPS, AppSecure, URL filtering, on box anti-virus, ATP, content
security, 1 year
Management (CLI, J-Web, SNMP, Telnet, SSH) Included
S-SRX4600-P1-3 SW, P1, IPS, AppSecure, ATP, content security, 3 year
L2 transparent, secure wire Included
S-SRX4600-P2-3 SW, P2, IPS, AppSecure, URL filtering, cloud anti-virus/anti-spam, ATP,
Routing (RIP, OSPF, BGP, virtual router) Included content security, 3 year

5
SRX4600 Firewall Datasheet

Product Number Description Product Number Description


S-SRX4600-P3-3 SW, P3, IPS, AppSecure, URL filtering, on box anti-virus, ATP, content S-RA3-250CCU-S-3 SW, Remote Access VPN - Juniper, 250 Concurrent Users, Standard,
security, 3 year with SW support, 3 Year
S-SRX4600-P1-5 SW, P1, IPS, AppSecure, ATP, content security, 5 year S-RA3-500CCU-S-3 SW, Remote Access VPN - Juniper, 500 Concurrent Users, Standard,
with SW support, 3 Year
S-SRX4600-P2-5 SW, P2, IPS, AppSecure, URL filtering, cloud anti-virus/anti-spam, ATP,
content security, 5 year S-RA3-1KCCU-S-3 SW, Remote Access VPN - Juniper, 1000 Concurrent Users, Standard,
with SW support, 3 Year
S-SRX4600-P3-5 SW, P3, IPS, AppSecure, URL filtering, on box anti-virus, ATP, content
security, 5 year S-RA3-5KCCU-S-3 SW, Remote Access VPN - Juniper, 5000 Concurrent Users, Standard,
with SW support, 3 Year

Service Spares
About Juniper Networks
Product Number Description
JNP-FAN-1RU Universal fan, 1 U chassis At Juniper Networks, we are dedicated to dramatically simplifying
JNP-PWR1600-AC Universal AC power supply, 1600 W network operations and driving superior experiences for end users.
JNP-PWR1100-DC Universal DC power supply, 1100 W Our solutions deliver industry-leading insight, automation, security
JNP-SSD-M2-1TB Universal 1 TB SSD, in carrier, no Junos OS and AI to drive real business results. We believe that powering
SRX4600-4PST-RMK Rack mount kit, 4-post adjustable for SRX4600 connections will bring us closer together while empowering us all to
solve the world’s greatest challenges of well-being, sustainability
and equality.
Remote Access/Juniper Secure Connect VPN Licenses
Product Number Description
S-RA3-5CCU-S-1 SW, Remote Access VPN - Juniper, 5 Concurrent Users, Standard, with
SW support, 1 Year
S-RA3-25CCU-S-1 SW, Remote Access VPN - Juniper, 25 Concurrent Users, Standard,
with SW support, 1 Year
S-RA3-50CCU-S-1 SW, Remote Access VPN - Juniper, 50 Concurrent Users, Standard,
with SW support, 1 Year
S-RA3-100CCU-S-1 SW, Remote Access VPN - Juniper, 100 Concurrent Users, Standard,
with SW support, 1 Year
S-RA3-250CCU-S-1 SW, Remote Access VPN - Juniper, 250 Concurrent Users, Standard,
with SW support, 1 Year
S-RA3-500CCU-S-1 SW, Remote Access VPN - Juniper, 5 Concurrent Users, Standard, with
SW support, 3 Year
S-RA3-1KCCU-S-1 SW, Remote Access VPN - Juniper, 1000 Concurrent Users, Standard,
with SW support, 1 Year
S-RA3-5KCCU-S-1 SW, Remote Access VPN - Juniper, 5000 Concurrent Users, Standard,
with SW support, 1 Year
S-RA3-5CCU-S-3 SW, Remote Access VPN - Juniper, 5 Concurrent Users, Standard, with
SW support, 3 Year
S-RA3-25CCU-S-3 SW, Remote Access VPN - Juniper, 25 Concurrent Users, Standard,
with SW support, 3 Year
S-RA3-50CCU-S-3 SW, Remote Access VPN - Juniper, 50 Concurrent Users, Standard,
with SW support, 3 Year
S-RA3-100CCU-S-3 SW, Remote Access VPN - Juniper, 100 Concurrent Users, Standard,
with SW support, 3 Year

Corporate and Sales Headquarters APAC and EMEA Headquarters


Juniper Networks, Inc. Juniper Networks International B.V.

1133 Innovation Way Boeing Avenue 240 1119 PZ Schiphol-Rijk

Sunnyvale, CA 94089 USA Amsterdam, The Netherlands

Phone: 888.JUNIPER (888.586.4737) Phone: +31.207.125.700

or +1.408.745.2000

www.juniper.net

Copyright 2022 Juniper Networks, Inc. All rights reserved. Juniper Networks, the Juniper Networks logo, Juniper, and Junos are registered trademarks of Juniper Networks, Inc. in the United
States and other countries. All other trademarks, service marks, registered marks, or registered service marks are the property of their respective owners. Juniper Networks assumes no
responsibility for any inaccuracies in this document. Juniper Networks reserves the right to change, modify, transfer, or otherwise revise this publication without notice.

1000628-021-EN Sept 2022 6

You might also like