Juniper Networks SRX240 Services Gateway - security appliance
Juniper Networks
Juniper Networks SRX240 Services Gateway - Security appliance - 16 ports - GigE, HDLC, Frame Relay, RS-232, PPP, X.21, V.35, RS-449, MLPPP, FRF.15, FRF.16, FRF.12, MLFR - 1U - rack-mountable
OETC Part: JU-SRX240H2 | MFG Part: SRX240H2
Secure routing
Should you use a router and a firewall to secure your network? By building the branch SRX Series with best in class routing and firewall capabilities in one product, enterprises don't have to make that choice. Why forward traffic if it's not legitimate? SRX Series for the branch checks the traffic to see if it is legitimate, and only forwards it on when it is. This reduces the load on the network, allocates bandwidth for all other mission-critical applications, and secures the network from hacking.
High availability
When SRX Series Services Gateways for the branch are configured as an active/active pair, traffic and configuration will be mirrored automatically to provide active firewall and VPN session maintenance in case of a failure. The branch SRX Series will now synchronize both configuration and runtime information. As a result, during failover, synchronization of the following information is shared: connection/session state and flow information, IPsec security associations, Network Address Translation (NAT) traffic, address book information, configuration changes, and more. In contrast to the typical router active/standby resiliency protocols such as Virtual Router Redundancy Protocol (VRRP), all dynamic flow and session information is lost and must be reestablished in the event of a failover. Some or all applications sessions will have to restart depending on the convergence time of the links or nodes. By maintaining state, not only is the session preserved, but security is intact. In an unstable network, this active/active configuration also mitigates link flapping affecting session performance.
2 10/100/1000 Ethernet and 6 10/100 Ethernet LAN ports, 1 Mini-PIM slot, 1 ExpressCard slot and 2 USB ports
Factory option of 4 dynamic Power over Ethernet (PoE) ports 802.3af
Support for T1/E1, serial, ADSL/2/2+, Ethernet small form-factor pluggable transceiver (SFP), and Gigabit Ethernet interfaces
Content Security Accelerator hardware for faster performance of IPS and ExpressAV
Full UTM; antivirus, anti-spam, Web filtering, intrusion prevention system (with high memory version)
Unified Access Control (UAC) and content filtering
The Juniper Networks SRX Series Services Gateways for the branch joins Juniper Networks SRX Series for the high end, EX Series Ethernet Switches, M Series Multiservice Edge Routers, MX Series Ethernet Services Routers, and T Series Core Routers to provide a single Juniper Networks JUNOS Software-based portfolio of unprecedented scale. With JUNOS, enterprises and service providers can lower deployment and operational costs across their entire distributed workforce.
SRX Series Services Gateways for the branch provide perimeter security, content security, access control, and network-wide threat visibility and control. Best-in-class firewall and VPN technologies secure the perimeter with minimal configuration and consistent performance. By using zones and policies, even new network administrators can configure and deploy an SRX Series for the branch quickly and securely. Policy-based VPNs support more complex security architectures that require dynamic addressing and split tunneling. For content security, SRX Series for the branch offers a complete suite of Unified Threat Management (UTM) services consisting of: intrusion prevention system (IPS), antivirus, anti-spam, Web filtering and data loss prevention via content filtering to protect your network from the latest content borne threats. The branch SRX Series integrates with other Juniper security products to deliver enterprise-wide unified access control and adaptive threat management. These capabilities give security professionals powerful tools in the fight against cybercrime and data loss.
SRX Series for the branch brings high-performance and proven deployment and capabilities to enterprises that need to build a worldwide network of thousands of sites. The wide variety of options allows configuration of performance, functionality, and price scaled to support from a handful to thousands of users. Ethernet, serial, T1/E1, xDSL, Metro Ethernet, and third generation (3G) cellular wireless are all available options for WAN or Internet connectivity to securely link your sites. Multiple form factors allow you to make cost-effective choices for mission-critical deployments. Managing the network is easy using the proven JUNOS command-line interface (CLI) and scripting capabilities, or a simple to use Web-based GUI.
Environmental Parameters
| Spec | Value |
|---|---|
| Min Operating Temperature | 32 °F |
| Max Operating Temperature | 104 °F |
| Humidity Range Operating | 10 - 90% |
Expansion / Connectivity
| Spec | Value |
|---|---|
| Expansion Slot(s) | 4 (total) / 4 (free) x Mini-Physical Interface Module (Mini-PIM) |
| Interfaces | 16 x 1000Base-T - RJ-45 ¦ 2 x USB - Type A |
| Expansion Slots | 4 (total) / 4 (free) x Mini-Physical Interface Module (Mini-PIM) |
General
| Spec | Value |
|---|---|
| Device Type | Security appliance |
| Height (Rack Units) | 1U |
| Width | 17.5 in |
| Depth | 15.2 in |
| Height | 1.7 in |
| Weight | 11.24 lbs |
Miscellaneous
| Spec | Value |
|---|---|
| Rack Mounting Kit | Included |
| MTBF | 11.63 years |
| Compliant Standards | FCC Class A certified, CTR 21, ICSA IPSec certified, ICSA Firewall certified, CISPR 22 Class A, VCCI Class A ITE, EN55022 Class A, CB, AS/NZS 60950-1, EMC, DOC, CS-03, FIPS 140-2, EN300-386, UL 60950-1, EN 60950-1, EAL 4, NEBS, ICES Class A, CAN/CSA C22.2 No. 60950-1, TIA/EIA/IS-968, AS/ACIF S002, EMI |
Networking
| Spec | Value |
|---|---|
| Form Factor | Rack-mountable |
| Ports Qty | 16 |
| Connectivity Technology | Wired |
| Data Link Protocol | Ethernet, Fast Ethernet, Gigabit Ethernet, HDLC, Frame Relay, RS-232, PPP, X.21, V.35, RS-449, MLPPP, FRF.15, FRF.16, FRF.12, MLFR |
| Network / Transport Protocol | RSVP, IPSec, PPPoE, PPPoA, SMTP, FTP, DHCP, POP3, IMAP |
| Routing Protocol | OSPF, IS-IS, RIP-1, RIP-2, BGP, IGMPv2, IGMP, DVMRP, VRRP, PIM-SM, PIM-DM, IGMPv3, GRE, OSPFv3, PIM-SSM, MSDP, ECMP, RIPng, MLD, MPLS |
| Performance | Firewall throughput (large packets): 1.8 Gbps ¦ Firewall throughput (IMIX): 600 Mbps ¦ Firewall throughput (HTTP): 830 Mbps ¦ VPN throughput (IPSec): 300 Mbps ¦ IPS throughput: 230 Mbps ¦ Antivirus throughput: 85 Mbps ¦ Connection rate: 8500 connections per second |
| Capacity | IPSec VPN tunnels: 1000 ¦ Concurrent sessions: 256000 ¦ Security policies: 4096 ¦ BGP instances: 20 ¦ BGP peers: 32 ¦ BGP routes: 600000 ¦ OSPF instances: 20 ¦ OSPF routes: 200000 ¦ RIP instances: 20 ¦ RIP routes: 200000 ¦ Static routes: 256000 ¦ Concurrent VPN tunnels: 1000 ¦ VPN tunnel interfaces: 128 ¦ Maximum number of remote users: 250 ¦ Security zones: 64 ¦ Virtual routers: 64 ¦ Virtual interfaces (VLANs): 2000 ¦ MLPPP maximum physical interfaces: 4 ¦ MLFR maximum physical interfaces: 4 |
| Features | Firewall protection, layer 2 switching, NAT support, VPN support, PAT support, VLAN support, IGMP snooping, Syslog support, DoS attack prevention, content filtering, DiffServ support, IPv6 support, Intrusion Prevention System (IPS), firmware upgradable, DDos attack prevention, Weighted Random Early Detection (WRED), Rapid Spanning Tree Protocol (RSTP) support, Multiple Spanning Tree Protocol (MSTP) support, Quality of Service (QoS), Link Fragmentation and Interleaving (LFI), DHCP server, IPv4 support, LLDP support, DHCP relay, Link Aggregation Control Protocol (LACP), role based access control, J-Flow, static routing, policy based access control, tagged VLAN |
| Encryption Algorithm | DES, Triple DES, RSA, MD5, IKE, DH, SHA-1, DSA, PKI, 128-bit AES, 256-bit AES, IKEv2, SHA-2, 256-bit SHA |
| Authentication Method | SecurID, RADIUS, X.509 certificates, LDAP, XAUTH authentication |
| Compliant Standards | IEEE 802.1D, IEEE 802.1Q, IEEE 802.1p, IEEE 802.3ad (LACP), IEEE 802.1x, IEEE 802.1ad |
Power
| Spec | Value |
|---|---|
| Power Device | Internal power supply |
| Installed Qty | 1 |
| Voltage Required | AC 120/230 V (50/60 Hz) |
| Power Consumption Operational | 74 Watt |
| Power Provided | 150 Watt |
Processor / Memory / Storage
| Spec | Value |
|---|---|
| RAM Installed ( Max ) | 2 GB |
| Flash Memory Installed (Max) | 2 GB |
| Hard Drive | None. |
| RAM | 2 GB |
| Flash Memory | 2 GB |
Software / System Requirements
| Spec | Value |
|---|---|
| OS Provided | JUNOS |
| Higher ED | K-12 | Other | |
|---|---|---|---|
| Alabama | Available | Available | Available |
| Alaska | Available | Available | Available |
| Arizona | Available | Available | Available |
| Arkansas | Available | Available | Available |
| California | Available | Available | Available |
| Colorado | Available | Available | Available |
| Connecticut | Available | Available | Available |
| Delaware | Available | Available | Available |
| District of Columbia | Available | Available | Available |
| Florida | Available | Available | Available |
| Georgia | Available | Available | Available |
| Hawaii | Available | Available | Available |
| Idaho | Available | Available | Available |
| Illinois | Available | Available | Available |
| Indiana | Available | Available | Available |
| Iowa | Available | Available | Available |
| Kansas | Available | Available | Available |
| Kentucky | Available | Available | Available |
| Louisiana | Available | Available | Available |
| Maine | Available | Available | Available |
| Maryland | Available | Available | Available |
| Massachusetts | Available | Available | Available |
| Michigan | Available | Available | Available |
| Minnesota | Available | Available | Available |
| Mississippi | Available | Available | Available |
| Missouri | Available | Available | Available |
| Montana | Available | Available | Available |
| Nebraska | Available | Available | Available |
| Nevada | Available | Available | Available |
| New Hampshire | Available | Available | Available |
| New Jersey | Available | Available | Available |
| New Mexico | Available | Available | Available |
| New York | Available | Available | Available |
| North Carolina | Available | Available | Available |
| North Dakota | Available | Available | Available |
| Ohio | Available | Available | Available |
| Oklahoma | Available | Available | Available |
| Oregon | Available | Available | Available |
| Pennsylvania | Available | Available | Available |
| Rhode Island | Available | Available | Available |
| South Carolina | Available | Available | Available |
| South Dakota | Available | Available | Available |
| Tennessee | Available | Available | Available |
| Texas | Available | Available | Available |
| Utah | Available | Available | Available |
| Vermont | Available | Available | Available |
| Virginia | Available | Available | Available |
| Washington | Available | Available | Available |
| West Virginia | Available | Available | Available |
| Wisconsin | Available | Available | Available |
| Wyoming | Available | Available | Available |