Overview
SRX Series Services Gateways are high-performance network security solutions for enterprises and service providers that pack high port-density, advanced security, and flexible connectivity, into easily managed platforms.
These versatile and cost-effective solutions support fast, secure, and highly-available, data center and branch operations, with unmatched performance to deliver some of the industry’s best price-performance ratios and lowest TCOs.
The SRX5400 Services Gateway is a next-generation security platform ideally suited for service provider, large enterprise and public sector networks. It is based on a revolutionary new architecture and utilizes new line cards to provide market-leading connectivity, performance and service integration.
Its superior price/performance value and small footprint makes the SRX5400 Services Gateway ideal for securing enterprise edges and data centers, service provider infrastructures, and next-generation services and applications.
The SRX5400 supports up to 65 Gbps firewall and 22 Gbps IPS, as well as 450,000 new connections per second and 28 million concurrent user sessions. It offers 10GbE, 40GbE, and 100GbE connectivity options.
Specifications
| Junos Software version tested |
Junos 12.1X46 |
| Firewall performance (max) |
65Gbps |
| IPS performance (NSS 4.2.1) |
22Gbps |
| AES256+SHA-1 / 3DES+SHA-1 VPN performance |
43Gbps |
| Maximum concurrent sessions |
28 million |
| New sessions/second (sustained, TCP, 3-way) |
450,000 |
| Maximum security policies |
80,000 |
| Maximum users supported |
Unrestricted |
| Maximum available slots for IOCs |
2 |
| Fixed I/O ports |
N/A |
| CX111 3G Bridge support |
N/A |
| Internal 3G Express Card Slot support |
N/A |
| Centralized Management |
Junos Space Security Design |
| LAN interface options |
- 1 x 100 Gigabit Ethernet
- 2 x 40 Gigabit Ethernet
- 10 x 10 Gigabit Ethernet
|
| High-availability support |
- Active/Passive, Active/Active
- Low impact chassis cluster
- Interface aggregation groups across chassis cluster
|
| AppSecure Services |
- Application Identification: yes
- Application Denial of Service Protection (AppDoS): yes
- AppTrack: yes
- AppQoS: yes
- AppFW: yes
|
| Dimensions and Power |
- Dimensions (W x H x D): 8.7 x 17.45 x 24.5 in (22.1 x 44.3 x 62.2 cm)
- Weight: Chassis: Fully Configured: 128 lb / 58.1 kg
- Power supply (AC): 100 to 240 V AC
- Power supply (DC): -40 to -60 V DC
- Maximum power draw: 4,100 W
|
| Firewall |
- Network attack detection: Yes
- DoS and DDoS protection: Yes
- TCP reassembly for fragmented packet protection: Yes
- Brute force attack mitigation: Yes
- SYN cookie protection: Yes
- Zone-based IP spoofing: Yes
- Malformed packet protection: Yes
- GPRS stateful inspection: Yes
|
| Intrusion Prevention System |
- Stateful protocol signatures: Yes
- Attack detection mechanisms: Stateful signatures, protocol anomaly detection (zero-day coverage), application identification
- Attack response mechanisms: Drop connection, close connection, session packet log, session summary, email, custom session
- Attack notification mechanisms: Structured syslog
- Worm protection: Yes
- SSL encrypted traffic inspection: Yes
- Simplified installation through recommended policies: Yes
- Trojan protection: Yes
- Spyware/adware/keylogger protection: Yes
- Other malware protection: Yes
- Protection against attack proliferation from infected systems: Yes
- Reconnaissance protection: Yes
- Request and response side attack protection: Yes
- Compound attacks — combines stateful signatures and protocol anomalies: Yes
- Create custom attack signatures: Yes
- Access contexts for customization: 500+
- Attack editing (port range, other): Yes
- Stream signatures: Yes
- Protocol thresholds: Yes
- Stateful protocol signatures: Yes
- Approximate number of attacks covered: 8,000+
- Detailed threat descriptions and remediation/patch info: Yes
- Create and enforce appropriate application-usage policies: Yes
- Attacker and target audit trail and reporting: Yes
- Deployment modes: Inline or TAP
|
