SRX5400, SRX5600, AND SRX5800 Services Gateways: Product Overview

Data Sheet
SRX5400, SRX5600, AND SRX5800

SERVICES GATEWAYS
Product Description
The Juniper Networks® SRX5400, SRX5600, and SRX5800 Services Gateways are next-
generation firewalls (NGFWs) that deliver outstanding protection, market-leading
performance, six nines reliability and availability, scalability, and services integration. These
devices are ideally suited for service provider, large enterprise, and public sector networks,
Product Overview including:
• Cloud and hosting provider data centers
SRX Series Services Gateways • Mobile operator environments
are next-generation firewalls
• Managed service providers
based on a revolutionary
• Core service provider infrastructures
architecture offering
• Large enterprise data centers
outstanding performance,
scalability, availability, and
security services integration. The SRX5400, SRX5600, and SRX5800 are an integral part of the Juniper Connected
Custom designed for flexible Security framework, which is built to protect users, applications, and infrastructure from
processing scalability, I/O advanced threats.
scalability, and services
Delivering the highest level of protection from Layer 3 to Layer 7, these platforms feature a
integration, the SRX Series
carrier-grade next-generation firewall and advanced security services such as application
Services Gateways exceed the
security, unified threat management (UTM), intrusion prevention system (IPS), and
security requirements of data
center consolidation and integrated threat intelligence services.
services aggregation. The For advanced protection, the SRX Series offers integrated threat intelligence services via
award-winning SRX Series is Juniper Networks Advanced Threat Prevention (ATP), Juniper’s open threat intelligence
powered by Junos OS, the same platform in the cloud. Juniper ATP Cloud delivers actionable security intelligence to SRX
industry-leading operating
Series devices to enable advanced protection against Command and Control (C&C)-related
system that keeps the world’s
botnets and Web application threats, as well as allowing policy enforcement based on
largest data center networks
GeoIP data—all based on Juniper-provided feeds. Customers may also leverage their own
available, manageable, and
custom and third-party feeds for protection from advanced malware and other threats
secure.
unique to their business environment. This advanced, customer-relevant, and consolidated
threat intelligence service is delivered to the SRX Series on premises from the cloud.
The SRX5400, SRX5600, and SRX5800 are supported by Juniper Networks Junos® Space
Security Director, which enables distributed security policy management through an
intuitive, centralized interface that enables enforcement across emerging and traditional
risk vectors. Using intuitive dashboards and reporting features, administrators gain insight
into threats, compromised devices, risky applications, and more.
1
SRX5400, SRX5600, and SRX5800 Services Gateways
Based on Juniper’s Dynamic Services Architecture, the SRX5000 SRX5800

line provides unrivaled scalability and performance. Each services The SRX5800 Services Gateway is the market-leading security
gateway can support near linear scalability with the addition of solution supporting up to 1 Tbps firewall throughput and latency as
Services Processing Cards (SPCs) and I/O cards (IOCs), enabling a low as 32 microseconds for stateful firewall. The SRX5800 also
fully equipped SRX5800 to support up to 1 Tbps firewall supports 860 Gbps IPS and 338 million concurrent sessions.
throughput. The SPCs are designed to support a wide range of Equipped with the full range of advanced security services, the
services, enabling future support of new capabilities without the SRX5800 is ideally suited for securing large enterprise, hosted, or
need for service-specific hardware. Using SPCs on all services colocated data centers, service provider core and cloud provider
ensures that there are no idle resources based on specific services infrastructures, and mobile operator environments. The massive
being used—maximizing hardware utilization. performance, scalability, and flexibility of the SRX5800 make it ideal
The scalability and flexibility of the SRX5000 line is supported by for densely consolidated processing environments, and the service
equally robust interfaces. The SRX5000 line employs a modular density makes it ideal for cloud and managed service providers.
approach, where each platform can be equipped with a flexible SRX5600
number of IOCs that offer a wide range of connectivity options,
The SRX5600 Services Gateway uses the same SPCs and IOCs as
including 1GbE, 10GbE, 40GbE, and 100GbE interfaces. With the
the SRX5800 and can support up to 480 IMIX Gbps firewall
IOCs sharing the same interface slot as the SPCs, the gateway can
throughput, 182 million concurrent sessions, and 460 Gbps IPS.
be configured as needed to support the ideal balance of processing
The SRX5600 is ideally suited for securing enterprise data centers
and I/O. Hence, each deployment of the SRX Series can be tailored
as well as aggregation of various security solutions. The capability
to specific network requirements.
to support unique security policies per zone and its ability to scale
The scalability of both SPCs and IOCs in the SRX5000 line is with the growth of the network infrastructure make the SRX5600
enabled by the custom-designed switch fabric. Supporting up to an ideal deployment for consolidation of services in large
960 Gbps of data transfer, the fabric enables realization of enterprise, service provider, or mobile operator environments.
maximum processing and I/O capability available in any particular
SRX5400
configuration. This level of scalability and flexibility enables future
expansion and growth of the network infrastructure, providing The SRX5400 Services Gateway uses the same SPCs and IOCs as
unrivaled investment protection. the SRX5800 and can support up to 270 Gbps IMIX firewall, 90
million concurrent sessions, and 230 Gbps IPS. The SRX5400 is a
The tight service integration on the SRX Series is enabled by
small footprint, high-performance gateway ideally suited for
Juniper Networks Junos® operating system. The SRX Series is
securing large enterprise campuses as well as data centers, either
equipped with a robust set of services that include stateful firewall,
for edge or core security deployments. The ability to support
intrusion prevention system (IPS), denial of service (DoS),
unique security policies per zone and a compelling price/
application security, VPN (IPsec), Network Address Translation
performance/footprint ratio make the SRX5400 an optimal solution
(NAT), unified threat management (UTM), quality of service (QoS),
for edge or data center services in large enterprise, service
and large-scale multitenancy. In addition to the benefit of individual
provider, or mobile operator environments.
services, the SRX5000 line provides a low latency solution.
Service Processing Cards (SPCs)
Junos OS also delivers carrier-class reliability with six nines system
availability, the first in the industry to achieve independent As the “brains” behind the SRX5000 line, SPCs are designed to
verification by Telcordia. Furthermore, the SRX Series enjoys the process all available services on the platform. Without the need for
benefit of a single source OS, and single integrated architecture dedicated hardware for specific services or capabilities, there are no
traditionally available on Juniper’s carrier-class routers and instances in which a piece of hardware is taxed to the limit while
switches. other hardware is sitting idle. SPCs are designed to be pooled
together, allowing the SRX5000 line to expand performance and
capacities with the introduction of additional SPCs, drastically
reducing management overhead and complexity. The high-
performance SPC3 cards are supported on the SRX5400, SRX5600,
and SRX5800 Services Gateways.
2
I/O Cards (IOCs) 100GbE, 40GbE, and high-density 10GbE interfaces. The IOC2 or
To provide the most flexible solution, the SRX5000 line employs the IOC3 operates with the Express Path optimization capability,
same modular architecture for SPCs and IOCs. The SRX5000 line delivering higher levels of throughput—up to an industry-leading 2
can be equipped with one or several IOCs, supporting the ideal mix Tbps on the SRX5800. The IOC3 cards are supported on the
of interfaces. With the flexibility to install an IOC or an SPC on any SRX5400, SRX5600, and SRX5800.
available slot, the SRX5000 line can be equipped to support the The fourth generation of IOCs delivers the highest throughput of all
perfect blend of interfaces and processing capabilities, meeting the available linecards of up to 480 Gbps and offers multiple
needs of the most demanding environments while ensuring connectivity options from 10GbE and 40GbE to 100GbE. Hand-in-
investment protection. hand with Juniper’s Express Path feature, IOC4 can deliver up to
Juniper offers the IOC2, a second-generation card with superior 480 Gbps of hardware-accelerated throughput per linecard.
connectivity options. The IOC2 offers 100GbE as well as 40GbE Routing Engine (RE3) and Enhanced System Control Board (SCB4)
and high-density 10GbE and 1GbE connectivity options. These
The SRX5K-RE3-128G Routing Engine (RE3) is the latest in the
options reduce the need for link aggregation when connecting high
family of REs for the SRX5000 line with a multicore processor
throughput switches to the firewall, as well as enabling increased
running at 2000 MHz. It delivers improved performance, scalability,
throughput in the firewall itself. The IOC2 is supported on all three
and reliability with 128 GB DRAM and includes a TPM module. The
platforms in the SRX5000 line of services gateways.
SRX5K-SCB4 enables 480 Gbps throughput per SCB and can be
The third generation of IOCs from Juniper, the IOC3, delivers high configured with intra- and interchassis redundancy.
throughput along with superior connectivity options including
Features and Benefits

Networking and Security
The Juniper Networks SRX5000 line of Services Gateways has been designed from the ground up to offer robust networking and security
services.
Feature Feature Description Benefits

Purpose-built platform Built from the ground up on dedicated hardware designed for networking and Delivers unrivaled performance and flexibility to protect high-speed network
security services. environments.
Scalable performance Offers scalable processing based on Juniper’s Dynamic Services Architecture. Offers a simple and cost-effective solution to leverage new services with
appropriate processing.
System and network Provides carrier-class hardware design and proven OS. Offers the reliability needed for any critical high-speed network deployments
resiliency without service interruption. Utilizes a unique architectural design based on
multiple processing cores and a separation of the data and control planes.
High availability (HA) Active/passive and active/active HA configurations use dedicated HA interfaces. Achieves availability and resiliency necessary for critical networks.
Interface flexibility Offers flexible I/O options with modular cards based on the Dynamic Services Offers flexible I/O configuration and independent I/O scalability (options include
Architecture. 1GbE, 10GbE, 40GbE, and 100GbE) to meet the port density requirements of
demanding network environments.
Network segmentation Security zones, virtual LANs (VLANs), and virtual routers allow administrators to Features the capability to tailor unique security and networking policies for
deploy security policies to isolate subnetworks and use overlapping IP address various internal, external, and demilitarized zone (DMZ) subgroups.
ranges.
Robust Routing Engine Dedicated RE provides physical and logical separation to data and control planes. Enables deployment of consolidated routing and security devices, as well as
ensuring the security of routing infrastructure—all via a dedicated management
environment.
Threat intelligence Integration with Juniper ATP Cloud for application of advanced threat detection Offers policy enforcement based on optimized and up-to-date threat intelligence,
technologies and feeds for policy enforcement. which is automatically syndicated across the firewall estate, enabling higher
security effectiveness and operational efficiency.
AppTrack Detailed analysis on application volume/usage throughout the network based on Provides the ability to track application usage to help identify high-risk
bytes, packets, and sessions. applications and analyze traffic patterns for improved network management and
control.
AppFirewall Fine-grained application control policies to allow or deny traffic based on Enhances security policy creation and enforcement based on applications and
dynamic application name or group names. user roles rather than traditional port and protocol analysis.
AppQoS Leverage Juniper’s rich QoS capabilities to prioritize applications based on Provides the ability to prioritize traffic as well as limit and shape bandwidth based
customers’ business and bandwidth needs. on application information and contexts for improved application and overall
network performance.
Application signatures Open signature library for identifying applications and nested applications with Accurately identifies applications so that the resulting information can be used for
more than 3000 application signatures. visibility, enforcement, control, and protection.
SSL proxy (forward and Performs SSL encryption and decryption between the client and the server. Combines with application identification to provide visibility and protection
reverse) against threats embedded in SSL encrypted traffic.
3

Intrusion prevention Detects known and unknown exploits and anomalies in network traffic streams. Adds a critical layer of protection beyond stateful firewall, enabling detection of
system (IPS) vulnerabilities in network traffic and highly granular control over IPS policy
enforcement.
Stateful GTP and SCTP Support for General Packet Radio Service Tunneling Protocol (GTP) and Stream Enables the SRX5000 line to provide stateful firewall capabilities for protecting
inspection Control Transmission Protocol (SCTP) firewall in mobile operator networks. key GPRS nodes within mobile operator networks.
User identity-based Secure access to data center resources via the tight integration of standards- Enables agent-based and agentless identity security services for enterprise data
access control based access control capabilities in Juniper Networks Junos Pulse Access Control centers by integrating the SRX5000 line with the standards-based access control
enforcement Service and SRX5000 line. capabilities of Junos Pulse Access Control Service. This integration enables
administrative flexibility to manage a variety of user access categories, including
corporate, guest, and mobile.
Unified threat Strong UTM capabilities, including IPS, antivirus, antispam, Web and content Provides best-in-class UTM protection with strong, high-performance content
management (UTM) filtering. Available on-box with preinstalled, expanding, and adaptive capabilities security leveraging intelligence from multiple expert security companies.
that are quickly activated for zero-day, easy, and instant protection. Antivirus and
Web filtering options are available from Sophos; Web filtering is available from
Forcepoint.
IOC2 supporting 2 MICs The first firewall I/O card in the industry to offer 100GbE connectivity. The card Increases connectivity efficiency with high throughput I/O interfaces. Reduces the
includes a choice of ten 10GbE, twenty 1GbE, two 40GbE, or one 100GbE I/O need for link aggregation to the firewall and enables higher firewall throughput.
interfaces. Pairs well with SPC2/SPC3 for maximized firewall performance in any
of the SRX5000 line of Services Gateways.
IOC3* The third-generation I/O card offers very high levels of firewall throughput and Provides vastly superior, top-of-the-line connectivity efficiency and record-
low latency. The card includes two board choices: six 40GbE interfaces and 24 breaking high throughput I/O interfaces. Reduces the need for link aggregation to
10GbE interfaces, or two 100GbE interfaces and four 10GbE interfaces. The the firewall and enables very high firewall throughput of up to 2 Tbps with
IOC3 pairs well with existing SPC2/SPC3 for maximum firewall performance in Express Path enabled.
any of the SRX5000 line of Services Gateways.
IOC4** The fourth-generation I/O card is being offered in two flavors. The first delivers Provides the fastest throughput per slot and, in combination with Express Path,
40x10GbE interfaces while the second, depending on the chosen optics, delivers can deliver up to 480 Gbps of throughput per I/O card.
48x10GbE, 12x40GbE, or 4x100GbE interfaces.
SPC3 card*** Enables performance and scale with backwards compatibility to the SPC2 service Delivers always-on security resiliency to meet your growing network performance
cards. These cards support in-service software and in-service hardware upgrades. needs.
Express Path An optional optimization capability (formerly Services Offload) for the SRX5000 Securely delivers extremely high levels of throughput, making it the ideal solution
line that improves throughput and lowers latency by identifying and accelerating for high-speed, latency-sensitive networks and applications, as well as high-
traffic flows that do not require deep inspection. Provides support for single, performance compute networks.
high-bandwidth flows of 40 Gbps and 100 Gbps. Can be configured on a per-
policy basis.
AutoVPN One-time hub configuration for site-to-site VPN for all spokes, even newly added Enables IT administrative time and cost savings with easy, zero-touch deployment
ones. Configuration options include: routing, interfaces, Internet Key Exchange for IPsec VPN networks.
(IKE), and IPsec.
Multitenancy Offers logical, large-scale segmentation and separation of security functions and Enables separate, logical instances to be deployed with dedicated security policies,
features. zones, and other features and functions. Removes the need to deploy several
physical or virtual firewalls.
*
Requires Junos OS 15.1x49-D10 or greater.
**
Requires Junos OS 19.3R1 or greater.
***
Requires Junos OS 18.2R1-S1 or greater.
IPS Capabilities
Juniper Networks IPS capabilities offer several unique features that assure the highest level of network security.

Stateful signature inspection Signatures are applied only to relevant portions of the network traffic determined This minimizes false positives and offers flexible signature development.
by the appropriate protocol context.
Protocol decodes This feature enables highly accurate detection and helps reduce false positives. Accuracy of signatures is improved through precise contexts of protocols.
Signatures There are more than 8500 signatures for identifying anomalies, attacks, spyware, Attacks are accurately identified and attempts to exploit a known
and applications. vulnerability are detected.
Traffic normalization Reassembly, normalization, and protocol decoding are provided. Overcome attempts to bypass other IPS detections by using obfuscation
methods.
Zero-day protection Protocol anomaly detection and same-day coverage for newly found Your network is already protected against any new exploits.
vulnerabilities are provided.
Recommended policy Group of attack signatures are identified by Juniper Networks Security Team as Installation and maintenance are simplified while ensuring the highest
critical for the typical enterprise to protect against. network security.
Active/active traffic IPS monitoring on active/active SRX5000 line chassis clusters is provided. Includes support for active/active IPS monitoring including advanced
monitoring features such as in-service software upgrade.
Packet capture IPS policy supports packet capture logging per rule. Conduct further analysis of surrounding traffic and determine further steps
to protect target.
4
Content Security UTM Capabilities

The UTM services offered on the SRX5000 line of Services Gateways include industry-leading antivirus, antispam, content filtering, and
additional content security services.

Antivirus Antivirus includes reputation enhanced, cloud-based antivirus capabilities that detect and Sophisticated protection from respected antivirus experts against malware
block spyware, adware, viruses, keyloggers, and other malware over POP3 HTTP, SMTP, IMAP, attacks that can lead to data breaches and lost productivity.
and FTP protocols. This service is provided in cooperation with Sophos Labs, a dedicated
security company.
Antispam Multilayered spam protection, up-to-date phishing URL detection, standards-based S/MIME, Protection against advanced persistent threats perpetrated through social
Open PGP and TLS encryption, MIME type and extension blockers are provided in networking attacks and the latest phishing scams with sophisticated e-mail
cooperation with Sophos Labs, a dedicated security company. filtering and content blockers.
Enhanced Web Enhanced Web filtering includes extensive category granulation (95+ categories) and a real- Protection against lost productivity and the impact of malicious URLs as well
filtering time threat score delivered with Forcepoint, an expert Web security provider. as helping to maintain network bandwidth for business essential traffic.
Content filtering Effective content filtering is based on MIME type, file extension, and protocol commands. Protection against lost productivity and the impact of extraneous or
malicious content on the network to help maintain bandwidth for business
essential traffic.
Advanced Threat Prevention

Advanced threat prevention (ATP) solutions that defend against sophisticated malware, persistent threats, and ransomware are available
for the SRX5000 line. Two versions are available: Juniper ATP Cloud , a SaaS-based service, and the Juniper ATP Appliance, an on-
premises solution.

Advanced malware detection and Malware analysis and sandboxing are based on machine learning and behavioral Protects enterprise users from a spectrum of malicious
remediation analysis. attacks, including advanced malware that exploits “zero-day”
vulnerabilities.
Comprehensive threat feeds (C&C, Curated, actionable threat intelligence feeds are delivered in near real time to SRX Proactively blocks malware communication channels and
GeoIP, custom) Series devices. protects from botnets, phishing, and other attacks.
HTTP, HTTPs, e-mail 1500 1500
Integration with Junos Space Security Juniper Networks Secure Analytics portfolio (JSA Series) security information and Single pane-of-glass management with Security Director and
Director and JSA SIEM event management (SIEM) can consume and correlate threat events. Juniper ATP JSA Series integration delivers a simplified policy application
Cloud is also fully integrated with Junos Space Security Director for provisioning and and monitoring experience.
monitoring. The Juniper ATP appliance includes a built-in management console and is
not integrated with Security Director.
More information about Juniper Advanced Threat Prevention products can be found at https://www.juniper.net/us/en/products-services/
security/advanced-threat-prevention/.
Centralized Management
Security Director runs on the Junos Space Network Management
Juniper Networks Junos Space Security Director delivers scalable
Platform for highly extensible, network-wide management
and responsive security management that improves the reach, ease,
functionality, including ongoing access to Juniper and third-party
and accuracy of security policy administration. It lets administrators
Junos Space ecosystem innovations.
manage all phases of the security policy life cycle through a single
web-based interface, accessible via standard browsers. Junos Space
Security Director centralizes application identification, firewall, IPS,
NAT, and VPN security management for intuitive and quick policy
administration.
5
Specifications
Note: Performance, capacity, and features are measured under ideal lab testing conditions. Actual results may vary based on Junos OS
release and by deployment.
SRX5400 SRX5600 SRX5800

Maximum Performance and Capacity2
Junos OS version tested Junos OS 18.2 Junos OS 18.2 Junos OS 18.2
Firewall performance, IMIX 270 Gbps 480 Gbps 1 Tbps
Express Path Firewall Performance, IMIX 240 Gbps per IOC3 240 Gbps per IOC3 240 Gbps per IOC3
480 Gbps per IOC4 480 Gbps per IOC4 480 Gbps per IOC4
Next-Generation Firewall Performance 100 Gbps 210 Gbps 400 Gbps
Latency (stateful firewall) ~32µsec ~32µsec ~32µsec
AES256+SHA-1 IMIX VPN performance 60 Gbps 120 Gbps 230 Gbps
Maximum IPsec power mode performance (IKEv2 AES256, IMIX) 140 Gbps 280 Gbps 530 Gbps
Maximum IPS performance 230 Gbps 460 Gbps 860 Gbps
Maximum concurrent sessions3 91 Million 182 Million 338 Million
New sessions/second (sustained, tcp, 3way, firewall NAT) 1.7/1 million 3.4/2 Million 6.3/4 Million
Maximum user supported Unrestricted Unrestricted Unrestricted
Network Connectivity
Maximum available slots for IOCs 2 5 11
IOC4 options (SRX5K-IOC4-MRAT; SRX5K-IOC4-10G) 40x10GbE SFP+ or 12xQSFP+/QSFP28 multirate
IOC3 options (SRX5K-MPC3-100G10G; SRX5K-MPC3-40G10G) 2x100GbE CFP2 and 4x10GbE SFP+ or 6x40GbE QSFP+ and 24x10GbE SFP+
IOC2 options Supports 2 pluggable MIC modules per card. MICs can be mixed from the following models:
(SRX5K-MPC) 20 x 1GbE SFP (SRX-MIC-20GE-SFP)
10 x 10GbE SFP+ (SRX-MIC-10XG-SFPP)
2 x 40GbE QSFP (SRX-MIC-2X40G-QSFP)
1 x 100GbE CFP (SRX-MIC-1X100G-CFP)
Processing Scalability
Maximum available slots for SPCs 2 5 81
Services Process Card (SPC) options SPC3: Quad 14 core Intel CPU SPC3: Quad 14 core Intel CPU SPC3: Quad 14 core Intel CPU
complexes complexes complexes
Firewall
Network attack detection Yes Yes Yes
DoS and distributed denial of service (DDoS) protection Yes Yes Yes
TCP reassembly for fragmented packet protection Yes Yes Yes
Brute force attack mitigation Yes Yes Yes
SYN cookie protection Yes Yes Yes
Zone-based IP spoofing Yes Yes Yes
Malformed packet protection Yes Yes Yes
IPsec VPN
Site-to-site tunnels 15,000 15,000 15,000
6
SRX5400 SRX5600 SRX5800

Tunnel interfaces 15,000 15,000 15,000
DES (56-bit), 3DES (168-bit), and AES encryption Yes Yes Yes
MD5, SHA-1, and SHA-2 authentication Yes Yes Yes
Manual key, IKE, PKI (X.509) Yes Yes Yes
Perfect forward secrecy (DH groups) 1, 2, 5 1, 2, 5 1, 2, 5
Prevent replay attack Yes Yes Yes
IPv4 and IPv6 Yes Yes Yes
Redundant VPN gateways Yes Yes Yes
Intrusion Prevention System (IPS)*

Signature-based and customizable (via templates) Yes Yes Yes
Active/active traffic monitoring Yes Yes Yes
Stateful protocol signatures Yes Yes Yes
Attack detection mechanisms Stateful signatures, protocol anomaly Stateful signatures, protocol anomaly Stateful signatures, protocol anomaly
detection (zero-day coverage), detection (zero-day coverage), detection (zero-day coverage),
application identification application identification application identification
Attack response mechanisms Drop connection, close connection, Drop connection, close connection, Drop connection, close connection,
session packet log, session summary, e- session packet log, session summary, e- session packet log, session summary, e-
mail mail mail
Attack notification mechanisms Structured system logging Structured system logging Structured system logging
Worm protection Yes Yes Yes
Simplified installation through recommended policies Yes Yes Yes
Trojan protection Yes Yes Yes
Spyware/adware/keylogger protection Yes Yes Yes
Advanced malware protection Yes Yes Yes
Protection against attack proliferation from infected systems Yes Yes Yes
Reconnaissance protection Yes Yes Yes
Request and response side attack protection Yes Yes Yes
Compound attacks—combines stateful signatures and protocol Yes Yes Yes
anomalies
Custom attack signatures creation Yes Yes Yes
Contexts accessible for customization 600+ 600+ 600+
Attack editing (port range, other) Yes Yes Yes
Stream signatures Yes Yes Yes
Protocol thresholds Yes Yes Yes
Stateful protocol signatures Yes Yes Yes
Frequency of updates Daily and emergency Daily and emergency Daily and emergency
UTM*
Antivirus Yes Yes Yes
Content filtering Yes Yes Yes
Enhanced Web filtering Yes Yes Yes
Redirect Web filtering Yes Yes Yes
Antispam Yes Yes Yes
AppSecure*
AppTrack (application visibility and tracking) Yes Yes Yes
AppFirewall (policy enforcement by application name) Yes Yes Yes
AppQoS (network traffic prioritization by application name) Yes Yes Yes
User-based application policy enforcement Yes Yes Yes
GPRS Security
GPRS stateful firewall Yes Yes Yes
Destination Network Address Translation

Destination NAT with Port Address Translation (PAT) Yes Yes Yes
Destination NAT within same subnet as ingress interface IP Yes Yes Yes
7
SRX5400 SRX5600 SRX5800

Destination addresses and port numbers to one single address Yes Yes Yes
and a specific port number (M:1P)
Destination addresses to one single address (M:1) Yes Yes Yes
Destination addresses to another range of addresses (M:M) Yes Yes Yes
Source Network Address Translation

Static Source NAT—IP-shifting Dynamic Internet Protocol (DIP) Yes Yes Yes
Source NAT with PAT—port translated Yes Yes Yes
Source NAT without PAT—fix port Yes Yes Yes
Source NAT—IP address persistency Yes Yes Yes
Source pool grouping Yes Yes Yes
Source pool utilization alarm Yes Yes Yes
Source IP outside of the interface subnet Yes Yes Yes
Interface source NAT—interface DIP Yes Yes Yes
Oversubscribed NAT pool with fallback to PAT when the address Yes Yes Yes
pool is exhausted
Symmetric NAT Yes Yes Yes
Allocate multiple ranges in NAT pool Yes Yes Yes
Proxy Address Resolution Protocol (ARP) for physical port Yes Yes Yes
Source NAT with loopback grouping—DIP with loopback grouping Yes Yes Yes
User Authentication and Access Control

Built-in (internal) database Yes Yes Yes
RADIUS accounting Yes Yes Yes
Web-based authentication Yes Yes Yes
Public Key Infrastructure (PKI) Support

PKI certificate requests (PKCS 7, PKCS 10, and CMPv2) Yes Yes Yes
Automated certificate enrollment (SCEP) Yes Yes Yes
Certificate authorities supported Yes Yes Yes
Self-signed certificates Yes Yes Yes
Virtualization
Maximum custom routing instances with data plane separation 2000 2000 2000
Maximum security zones 2000 2000 2000
Maximum virtual firewalls with data plane and administrative 500 500 500
separation (logical/tenant systems)
Additional off-platform virtual firewall option with Juniper Unlimited Unlimited Unlimited
Networks vSRX Virtual Firewall (VM based)
Maximum number of VLANs 4096 4096 4096
Routing
BGP instances 1000 1000 1000
BGP peers 2000 2000 2000
BGP routes 1 Million4 1 Million4 1 Million4
OSPF instances 400 400 400
OSPF routes 1 Million4 1 Million4 1 Million4
RIP v1/v2 instances 50 50 50
RIP v2 table size 30,000 30,000 30,000
Dynamic routing Yes Yes Yes
Static routes Yes Yes Yes
Source-based routing Yes Yes Yes
Policy-based routing Yes Yes Yes
Equal cost multipath (ECMP) Yes Yes Yes
Reverse path forwarding (RPF) Yes Yes Yes
Multicast Yes Yes Yes
8
SRX5400 SRX5600 SRX5800

IPv6
Firewall/stateless filters Yes Yes Yes
Dual stack IPv4/IPv6 firewall Yes Yes Yes
RIPng Yes Yes Yes
BFD, BGP Yes Yes Yes
ICMPv6 Yes Yes Yes
OSPFv3 Yes Yes Yes
Class of service (CoS) Yes Yes Yes
Mode of Operation
Layer 2 (transparent) mode Yes Yes Yes
Layer 3 (route and/or NAT) mode Yes Yes Yes
IP Address Assignment
Static Yes Yes Yes
Dynamic Host Configuration Protocol (DHCP) Yes Yes Yes
Internal DHCP server Yes Yes Yes
DHCP relay Yes Yes Yes
Traffic Management Quality of Service (QoS)

Maximum bandwidth Yes Yes Yes
RFC2474 IP Diffserv in IPv4 Yes Yes Yes
Firewall filters for CoS Yes Yes Yes
Classification Yes Yes Yes
Scheduling Yes Yes Yes
Shaping Yes Yes Yes
Intelligent Drop Mechanisms (WRED) Yes Yes Yes
Three level scheduling Yes Yes Yes
Weighted round robin for each level of scheduling Yes Yes Yes
Priority of routing protocols Yes Yes Yes
Traffic management/policing in hardware Yes Yes Yes
High Availability (HA)

Active/passive, active/active Yes Yes Yes
Unified in-service software upgrade (unified ISSU)5 Yes Yes Yes
Configuration synchronization Yes Yes Yes
Session synchronization for firewall and IPsec VPN Yes Yes Yes
Session failover for routing change Yes Yes Yes
Device failure detection Yes Yes Yes
Link and upstream failure detection Yes Yes Yes
Dual control links 6
Yes Yes Yes
Interface link aggregation/Link Aggregation Control Protocol Yes Yes Yes
(LACP)
Redundant fabric links Yes Yes Yes
Management
WebUI (HTTP and HTTPS) Yes Yes Yes
Command line interface (console, telnet, SSH) Yes Yes Yes
Junos Space Security Director Yes Yes Yes
Administration
Local administrator database support Yes Yes Yes
External administrator database support Yes Yes Yes
Restricted administrative networks Yes Yes Yes
Root admin, admin, and read-only user levels Yes Yes Yes
Software upgrades Yes Yes Yes
Configuration rollback Yes Yes Yes
9
SRX5400 SRX5600 SRX5800

Logging/Monitoring
Structured syslog Yes Yes Yes
SNMP (v2 and v3) Yes Yes Yes
Traceroute Yes Yes Yes
Third-Generation Partnership Project (3GPP) TS 20.060 Compliance7

R6: 3GPP TS 29.060 version 6.21.0 Yes Yes Yes
Certifications
Safety certifications Yes Yes Yes
Electromagnetic Compatibility (EMC) certifications Yes Yes Yes
RoHS2 Compliant (European Directive 2011/65/EU) Yes Yes Yes
Designed for NEBS Level 3 Yes Yes Yes
NIST FIPS-140-2 Level 2 Yes, Junos OS 12.3X48-D30 Yes, Junos OS 12.3X48-D30 Yes, Junos OS 12.3X48-D30
Common Criteria NDPP+TFFW EP + VPN EP Yes, Junos OS 15.1X49-D60 Yes, Junos OS 15.1X49-D60 Yes, Junos OS 15.1X49-D60
USGv6 Yes (with Junos OS 12.1X48) Yes, Junos OS 12.3X48) Yes, Junos OS 12.3X48)
Dimensions and Power

Dimensions (W x H x D) 17.45 x 8.7 x 24.5 in 17.5 x 14 x 23.8 in 17.5 x 27.8 x 23.5 in
(44.3 x 22.1 x 62.2 cm) (44.5 x 35.6 x 60.5 cm) (44.5 x 70.5 x 59.7 cm)
Weight Fully configured 128 lb Fully Configured: 180 lb Fully Configured: 334 lb
(58.1 kg) (81.7 kg) (151.6 kg)
Power supply (AC) 100 to 240 VAC 100 to 240 VAC 200 to 240 VAC
Power supply (DC) -40 to -60 VDC -40 to -60 VDC -40 to -60 VDC
Maximum power 4,100 watts 4,100 watts (AC high capacity) 8,200 watts (AC high capacity)
(AC high capacity)
Typical Power 1540 watts 2440 watts 5015 watts
Environmental
Operating temperature – long term 41° to 104° F (5° to 40° C) 41° to 104° F (5° to 40° C) 41° to 104° F (5° to 40° C
Operating temperature – short term8 23° to 131° F (-5° to 55° C) 23° to 131° F (-5° to 55° C) 23° to 131° F (-5° to 55° C)
Humidity – long term 5% to 85% noncondensing 5% to 85% noncondensing 5% to 85% noncondensing
Humidity – short term8 5% to 93% noncondensing but not to 5% to 93% noncondensing but not to 5% to 93% noncondensing but not to
exceed 0.026 kg water/kg of dry air exceed 0.026 kg water/kg of dry air exceed 0.026 kg water/kg of dry air
1
Requires Junos 19.4 or higher
2
Performance, capacity and features listed are based on systems running Junos OS 18.2R1 and are measured under ideal testing conditions. Actual results may vary based on Junos OS releases and by deployments.
3
Maximum concurrent sessions and new sessions/second improvements are a result of Junos 18.2.
4
Maximum number of BGP and OSPF routes recommended is 100,000
5
Please consult the technical publication documents and release notes for a list of compatible ISSU features.
6
To enable dual control links on the SRX5000 line, two Routing Engines must be installed on each cluster member.
7
SRX5000 line of gateways operating with Junos OS release 10.0 and later are compliant with the R6, R7, and R8 releases of 3GPP TS 20.060 with the following exceptions (not supported on the SRX5000 line)
- Section 7.5A Multimedia Broadcast and Multicast Services (MBMS) messages
- Section 7.5B Mobile Station (MS) info change messages
- Section 7.3.12 Initiate secondary PDP context from GGSN
8
Short term is not greater than 96 consecutive hours, and not greater than 15 days in 1 year
* Session capacity differs based on UTM/AppSecure/IPS features enabled.
Warranty
For warranty information, please visit www.juniper.net/support/warranty/.
10
Juniper Networks Services and Support Product Number Description

SRX5400X-B7-DC SRX5400X cluster bundle includes 2xSRX5400X-B1 (SCB3, RE2,
Juniper Networks is the leader in performance-enabling services 2xSPC2, 1xIOC2, 1x10GbE MIC, 2xDC PEMs), 4xSRX5600-
that are designed to accelerate, extend, and optimize your high- PWR-2400-DC-S (extra redundant DC PEMS), and 2xSRX5400-
APPSEC-1 (1 year).
performance network. Our services allow you to maximize
SRX5600E-BASE- SRX5600 chassis includes standard midplane, SRX5K-RE-1800X4,
operational efficiency while reducing costs and minimizing risk, AC* SRX5K-SCBE, 2xAC HC PEM, HC fan tray.
achieving a faster time to value for your network. Juniper Networks SRX5600E-BASE- SRX5600 chassis includes standard midplane, SRX5K-RE-1800X4,
DC* SRX5K-SCBE, 2xDC HC PEM, HC fan tray.
ensures operational excellence by optimizing the network to
SRX5600X-BASE** SRX5600 configuration includes chassis, enhanced midplane, SRX5K-
maintain required levels of performance, reliability, and availability. RE-1800X4, SRX5K-SCB3, 2xHC PEM, HC fan tray.
For more details, please visit www.juniper.net/us/en/products- SRX5800E-BASE- SRX5800 chassis includes standard midplane, SRX5K-RE-1800X4,
AC* 2xSRX5K-SCBE, 2xAC HC PEM, 2xHC fan tray.
services
SRX5800E-BASE- SRX5800 chassis includes standard midplane, SRX5K-RE-1800X4,
DC* 2xSRX5K-SCBE, 2xDC HC PEM, 2xHC fan tray.
Ordering Information
SRX5800X-BASE** SRX5800 configuration includes chassis, enhanced midplane, SRX5K-
Product Number Description RE-1800X4, 2xSRX5K-SCB3, 2xHC PEM, 2xHC fan tray.
Base/Bundle SRX5400X-BASE2 SRX5400 configuration includes chassis, enhanced midplane, SRX5K-

RE3-128G, 1xSRX5K-SCB3, 2xHC PEM, 1xHC fan tray; supported by
SRX5400E-B1-AC* SRX5400 configuration 1 includes chassis, standard midplane, SRX5K- Junos release 19.3R1 or later
RE-1800X4, SRX5K-SCBE, 2xAC HC PEM, HC fan tray, SRX5K-
SPC-4-15-320, SRX5K-MPC, and SRX-MIC-10XG-SFPP. SRX5600X-BASE2 SRX5600 configuration includes chassis, enhanced midplane, SRX5K-
SRX5400E-B1-DC* SRX5400 configuration 1 includes chassis, standard midplane, SRX5K- Junos release 19.3R1 or later
RE-1800X4, SRX5K-SCBE, 2xDC HC PEM, HC fan tray, SRX5K-
SPC-4-15-320, SRX5K-MPC, and SRX-MIC-10XG-SFPP. SRX5800X-BASE2 SRX5800 configuration includes chassis, enhanced midplane, SRX5K-
SRX5400E-B2-AC* SRX5400 configuration 2 includes chassis, standard midplane, SRX5K- Junos release 19.3R1 or later
RE-1800X4, SRX5K-SCBE, 2xAC HC PEM, HC fan tray, 2xSRX5K-
*These products require Junos OS 12.1X47-D15 or greater.
SPC-4-15-320, SRX5K-MPC, and SRX-MIC-10XG-SFPP.
**Requires Junos OS 15.1X49-D10 or greater.
SRX5400E-B2-DC* SRX5400 configuration 2 includes chassis, standard midplane, SRX5K-
RE-1800X4, SRX5K-SCBE, 2xDC HC PEM, HC fan tray, 2xSRX5K-
SPC-4-15-320, SRX5K-MPC, and SRX-MIC-10XG-SFPP.
SRX5000 Line Components
SRX5400E-B5-AC* SRX5400E cluster bundle includes 2xSRX5400E-B1-AC (SCB2, RE2, Product Number Description Compatible
1xSPC2, 1xIOC2, 1x10GbE MIC, 2xAC PEMs), 4xSRX5600- Systems
PWR-2520-AC-S (extra redundant AC PEMS), and 2xSRX5400-
SRX5K-SCBE* SRX5000 line enhanced Switch SRX5400E
APPSEC-1 (1 year).
Control Board SRX5600E
SRX5400E-B5-DC* SRX5400E cluster bundle includes 2xSRX5400E-B1-DC (SCB2, RE2, SRX5800E
1xSPC2, 1xIOC2, 1x10GbE MIC, 2xDC PEMs), 4xSRX5600-
SRX5K-SCB3** SRX5000 line SCB3 Switch Control SRX5400X
PWR-2400-DC-S (extra redundant DC PEMS), and 2xSRX5400-
Board SRX5600X
APPSEC-1 (1 year).
SRX5800X
SRX5400X-B1** SRX5400 configuration includes chassis, enhanced midplane, SRX5K-
SRX5K-SCB4 SRX5000 line SCB4 Switch Control RX5600X
RE-1800X4, SRX5K-SCB3, 2xHC PEM, HC fan tray, SRX5K-
Board SRX5800X
SPC-4-15-320, SRX5K-MPC, SRX-MIC-10XG-SFPP.
SRX5K-RE-1800X4* SRX5000 line RE, 1.8 GHz quad-core SRX5400E
SRX5400X-B2** SRX5400 configuration includes chassis, enhanced midplane, SRX5K-
Xeon, 16 GB DRAM, 128 GB SSD SRX5600E
RE-1800X4, SRX5K-SCB3, 2xHC PEM, HC fan tray, SRX5K-
SRX5800E
SPC-4-15-320, SRX5K-MPC3-40G10G.
SRX5400X
SRX5400X-B3** SRX5400 configuration includes chassis, enhanced midplane, SRX5K- SRX5600X
RE-1800X4, SRX5K-SCB3, 2xHC PEM, HC fan tray, SRX5K- SRX5800X
SPC-4-15-320, SRX5K-MPC3-100G10G.
SRX5K-RE3-128G SRX5000 line RE, 6 core 2.0GHz SRX5400E
SRX5400X-B5-AC SRX5400X cluster bundle includes 2xSRX5400X-B1 (SCB3, RE2, with 128G memory, secure boot SRX5600E
1xSPC2, 1xIOC2, 1x10GbE MIC, 2xAC PEMs), 4xSRX5600- SRX5800E
PWR-2520-AC-S (extra redundant AC PEMS), and 2xSRX5400- SRX5400X
APPSEC-1 (1 year). SRX5600X
SRX5800X
1xSPC2, 1xIOC2, 1x10GbE MIC, 2xDC PEMs), 4xSRX5600- SRX5K-SPC-4-15-320 SRX5000 line next-generation All models
PWR-2400-DC-S (extra redundant DC PEMS), and 2xSRX5400- Services Processing Card (SCP)
APPSEC-1 (1 year). featuring 20 million sessions
SRX5400X-B6-AC SRX5400X cluster bundle includes 2xSRX5400X-B1 (SCB3, RE2, SRX5K-SPC3 SRX5000 line latest next-generation All models
1xSPC2, 1xIOC2, 1x10GbE MIC, 2xAC PEMs), 4xSRX5600- Service Processing Card
SRX-5K-BLANK Blank panel for SRX5000 line All models
APPSEC-1 (1 year).
SRX5K-IOC4-10G 40x10GbE SFP+ port linecard; optics SRX5400E
sold separately SRX5600E
1xSPC2, 1xIOC2, 1x10GbE MIC, 2xDC PEMs), 4xSRX5600-
SRX5800E
PWR-2400-DC-S (extra redundant DC PEMS), and 2xSRX5400-
SRX5400X
APPSEC-1 (1 year).
SRX5600X
SRX5400X-B7-AC SRX5400X cluster bundle includes 2xSRX5400X-B1 (SCB3, RE2, SRX5800X
2xSPC2, 1xIOC2, 1x10GbE MIC, 2xAC PEMs), 4xSRX5600-
APPSEC-1 (1 year).
11
Product Number Description Compatible Product Number Description Compatible

Systems Systems
SRX5K-IOC4-MRAT 12xQSFP+/QSFP28 multirate port SRX5400E SFPP-10GE-ER SFP+ 10GbE pluggable transceiver, SRX5K-IOC4-10G
linecard; optics sold separately SRX5600E SMF, 1550nm for 40KM
SRX5800E transmission
SRX5400X
SRX5600X SFPP-10GE-ER-XT SFP+ 10GbE pluggable transceiver SRX5K-IOC4-10G
SRX5800X with extended Temperature, SMF,
1550nm for 40KM transmission
SRX5K- SRX5000 line IOC3, 2x100GbE and SRX5400E
MPC3-100G10G** 4x10GbE port SRX5600E SFPP-10GE-LR SFP+ 10GbE pluggable transceiver, SRX5K-IOC4-10G
SRX5800E SMF, 1310nm for 10KM
SRX5400X transmission
SRX5600X SFPP-10GE-SR SFP+ 10GbE pluggable transceiver, SRX5K-IOC4-10G
SRX5800X MMF, 850nm for 300m transmission
SRX5K-MPC MPC for 100GbE, 40GbE, 10GbE, All models; supports 2 JNP-100G-AOC-10M 100G QSFP28 to QSFP28 active SRX5K-IOC4-MRAT
and 1GbE MIC Interfaces MIC modules optical cables,10m
SRX-MIC-1X100G-CFP MIC with 1x100GbE CFP interface All models JNP-100G-AOC-15M 100G QSFP to QSFP active optical SRX5K-IOC4-MRAT
MIC module for SRX5K-MPC ca-bles,15M
SRX-MIC-2X40G-QSFP MIC with 2x40GbE QSFP+ All models JNP-100G-AOC-1M 100G QSFP to QSFP active optical SRX5K-IOC4-MRAT
interfaces MIC module for SRX5K- ca-bles,1M
MPC
JNP-100G-AOC-20M 100G QSFP28 to QSFP28 active SRX5K-IOC4-MRAT
SRX-MIC-10XG-SFPP MIC with 10x10GbE SFP+ All models optical cables,20m
interfaces, MIC module for SRX5K-
MPC JNP-100G-AOC-30M 100G QSFP28 to QSFP28 active SRX5K-IOC4-MRAT
optical cables,30m
SRX-MIC-20GE-SFP MIC with 20x1GbE SFP interfaces, All models
MIC module for SRX5K-MPC JNP-100G-AOC-3M 100G QSFP28 to QSFP28 active SRX5K-IOC4-MRAT
optical cables,3m
Transceivers
SRX-SFP-1GE-LH Small form factor pluggable (SFP) SRX5K-MPC optical cables,5m
1000BASE-LH GbE optic module
SRX-SFP-1GE-LX SFP 1000BASE-LX GbE optic SRX5K-MPC optical cables,7m
module
JNP-QSFP-100G-CWDM QSFP28 100GBase-CWDM4 Optics SRX5K-IOC4-MRAT
SRX-SFP-1GE-SX SFP 1000BASE-SX GbE optic SRX5K-MPC for up to 2km transmission over
module serial SMF
SRX-SFP-1GE-T SFP 1000BASE-T GbE module (uses SRX5K-MPC JNP-QSFP-100G-PSM4 QSFP28 100GBase-PSM4 Optics for SRX5K-IOC4-MRAT
Cat 5 cable) up to 500m transmission over
parallel SMF
SRX-SFP-10GE-LR 10GbE SFP+ optical transceiver, LR SRX5K-MPC
SRX5K-MPC3 JNP-QSFP-100G-SR4 QSFP28 100GBase-SR4 Optics for SRX5K-IOC4-MRAT
up to 100m transmission over
SRX-SFP-10GE-SR 10GbE SFP+ optical transceiver, SR SRX5K-MPC
parallel MMF
SRX5K-MPC3
QSFP-100G-ER4L 100GBASE-ER4-Lite QSFP28 SRX5K-IOC4-MRAT
SRX-CFP-100G-LR4 100GbE LR4 C form-factor SRX5K-MPC
plugga-ble module, support only
pluggable transceiver (CFP) (IEEE
Ethernet rate
802.3ba) for SRX-MIC-1X100G-CFP
QSFP-100GBASE-CWDM QSFP28, 100GBASE-CWDM4 SRX5K-IOC4-MRAT
SRX-CFP-100G-SR10 100GbE SR10 CFP transceiver, SRX5K-MPC
MMF, 100M, OM3 for SRX- QSFP-100GBASE-LR4 100GBASE-LR4 QSFP28 pluggable SRX5K-IOC4-MRAT
MIC-1X100G-CFP module, support only Ethernet rate
SRX-QSFP-40G-SR4 40GbE SR4 quad small form-factor SRX5K-MPC QSFP-100GBASE-SR4 100GBASE-SR4 QSFP28 pluggable SRX5K-IOC4-MRAT
pluggable plus transceiver (QSFP+) SRX5K-MPC3 module, support only Ethernet rate
transceiver for SRX-MIC-2X40G-
QSFP QSFPP-40G-LX4 40GBASE-LX4 QSFP+ pluggable SRX5K-IOC4-MRAT
trans-ceiver
SRX-SFPP-10G-SR-ET 10GbE SR SFP+ transceiver, 200M SRX5K-MPC
ET 0-85 SRX5K-MPC3 QSFPP-40GBASE-ER4 40GBASE-ER4 QSFP+ pluggable SRX5K-IOC4-MRAT
transceiver
SRX-SFPP-10G-LR 10GbE SFP+ optical transceiver, LR SRX5K-MPC
SRX5K-MPC3 QSFPP-40GBASE-LR4 One 40GBASE-LR4 QSFP+ SRX5K-IOC4-MRAT
pluggable module
SRX-QSFP-40G-LR4 40GbE QSFP+ optical transceiver, LR SRX5K-MPC
SRX5K-MPC3 QSFPP-40GBASE-SR4 One 40GBASE-SR4 QFP+ pluggable SRX5K-IOC4-MRAT
module
CFP2-100GBASE-SR10 CFP2 100GbE optical transceiver, SR SRX5K-MPC3-100G10G
QSFPP-4X10GE-LR QSFP+ 4x10GBASE LR Ethernet SRX5K-IOC4-MRAT
CFP2-100GBASE-LR4 CFP2 100GbE optical transceiver, LR SRX5K-MPC3-100G10G mod-ule
JNP-QSFP-40G-LX4 QSFP+ 40GBASE-LX4 40GbE SRX5K-MPC, SRX5K- QSFPP-4X10GE-SR QSFP+ 4x10GBASE SR Ethernet SRX5K-IOC4-MRAT
transceiver, 100 m (150 m) with MPC3-40G10G mod-ule
OM3 (OM4) duplex multimode fiber-
optic (MMF) fiber
SFPP-10G-DT-ZRC2 10G-ZR Eth OTN tunable SFP Plus SRX5K-IOC4-10G
1.5W 70 degrees C
SFPP-10G-ZR-OTN-XT SFP+ 10GbE pluggable transceiver, SRX5K-IOC4-10G
SMF, 1550nm for 80KM
transmission, extended temperature
12
Advanced Security Services Subscription Licenses Product Number Description

S-SRX5800-A2-1 SW, A2, IPS, AppSecure, URL filtering, cloud anti-virus/anti-spam,
Product Number Description
content security, 1 year
S-SRX5400-A1-1 SW, A1, IPS, AppSecure, content security, 1 year
S-SRX5400-A1-3 SW, A1, IPS, AppSecure, content security, 3 year content security, 3 year
S-SRX5400-A1-5 SW, A1, IPS, AppSecure, content security, 5 year S-SRX5800-A2-5 SW, A2, IPS, AppSecure, URL filtering, cloud anti-virus/anti-spam,
content security, 1 year S-SRX5800-A3-1 SW, A3, IPS, AppSecure, URL filtering, on box AV, content security, 1
year
year
year
S-SRX5400-A3-1 SW, A3, IPS, AppSecure, URL filtering, on box AV, content security, 1
year S-SRX5800-P1-1 SW, P1, IPS, AppSecure, ATP, content security, 1 year
S-SRX5400-A3-3 SW, A3, IPS, AppSecure, URL filtering, on box AV, content security, 3 S-SRX5800-P1-3 SW, P1, IPS, AppSecure, ATP, content security, 3 year
year
S-SRX5800-P1-5 SW, P1, IPS, AppSecure, ATP, content security, 5 year
year S-SRX5800-P2-1 SW, P2, IPS, AppSecure, URL filtering, cloud anti-virus/anti-spam, ATP,
S-SRX5800-P2-3 SW, P2, IPS, AppSecure, URL filtering, cloud anti-virus/anti-spam, ATP,
S-SRX5400-P1-3 SW, P1, IPS, AppSecure, ATP, content security, 3 year content security, 3 year
S-SRX5400-P1-5 SW, P1, IPS, AppSecure, ATP, content security, 5 year S-SRX5800-P2-5 SW, P2, IPS, AppSecure, URL filtering, cloud anti-virus/anti-spam, ATP,
content security, 1 year S-SRX5800-P3-1 SW, P3, IPS, AppSecure on box anti-virus, ATP, content security, 1 year
S-SRX5400-P2-3 SW, P2, IPS, AppSecure, URL filtering, cloud anti-virus/anti-spam, ATP, S-SRX5800-P3-3 SW, P3, IPS, AppSecure on box anti-virus, ATP, content security, 3 year
S-SRX5800-P3-5 SW, P3, IPS, AppSecure on box anti-virus, ATP, content security, 5 year
Express Path (Formerly Service Offload License)*
S-SRX5400-P3-3 SW, P3, IPS, AppSecure on box anti-virus, ATP, content security, 3 year Product Number Description Compatible
Systems
SRX5K-SVCS-OFFLOAD- Perpetual license (pre-installed SRX5400
S-SRX5600-A1-1 SW, A1, IPS, AppSecure, content security, 1 year RTU in Junos 12.3X48 or later) SRX5600
SRX5800
*In 12.3X48-D10, the Services Offload feature was renamed Express Path and is included without requiring a license for
S-SRX5600-A1-5 SW, A1, IPS, AppSecure, content security, 5 year Junos OS X48 releases and beyond. With the X48 release, the Express Path feature is supported on all SRX5000
Services Gateways including the SRX5400. For versions prior to the X48 release, the Services Offload license is still
S-SRX5600-A2-1 SW, A2, IPS, AppSecure, URL filtering, cloud anti-virus/anti-spam, required and supports only SRX5600 and SRX5800 products. Express Path is available on the SRX5400, SRX5600, and
content security, 1 year SRX5800 Services Gateways. No separate license required.

content security, 3 year Product Number Description
S-SRX5600-A2-5 SW, A2, IPS, AppSecure, URL filtering, cloud anti-virus/anti-spam, SRX-5400-LSYS-1 1 incremental Logical Systems License for SRX5400, SRX5400E
SRX-5400-LSYS-5 5 incremental Logical Systems Licenses for SRX5400,
S-SRX5600-A3-1 SW, A3, IPS, AppSecure, URL filtering, on box AV, content security, 1 SRX5400E
year
S-SRX5600-A3-3 SW, A3, IPS, AppSecure, URL filtering, on box AV, content security, 3 SRX5400E
year
SRX-5600-LSYS-1 1 incremental Logical Systems License for SRX5600
year SRX-5600-LSYS-5 5 incremental Logical Systems Licenses for SRX5600,
SRX5600E
SRX-5600-LSYS-25 25 incremental Logical Systems Licenses for SRX5600
SRX-5800-LSYS-1 1 incremental Logical Systems License for SRX5800, SRX5800E
S-SRX5600-P2-1 SW, P2, IPS, AppSecure, URL filtering, cloud anti-virus/anti-spam, ATP, SRX5800E
S-SRX5600-P2-3 SW, P2, IPS, AppSecure, URL filtering, cloud anti-virus/anti-spam, ATP, SRX5800E
13
Product Number Description

Power Cords
CBL-M-PWR-RA-AU AC power cord, Australia (SAA/3/15), C19, 15 A/250 V, 2.5 m,
Right Angle
CBL-M-PWR-RA-CH AC power cord, China (GB 2099.1-1996, Angle), C19, 16
A/250 V, 2.5 m, Right Angle
CBL-M-PWR-RA-EU AC power cord, Cont. Europe (VII), C19, 16 A/250 V, 2.5 m,
Right Angle
CBL-M-PWR-RA-IT AC power cord, Italy (I/3/16), C19, 16 A/250 V, 2.5 m, Right
Angle
CBL-M-PWR-RA-JP AC power cord, Japan (NEMA LOCKING), C19, 20 A/250 V,
2.5 m, Right Angle
CBL-M-PWR-RA-TWLK- AC power cord, US (NEMA LOCKING), C19, 20 A/250 V, 2.5
US m, Right Angle
CBL-M-PWR-RA-UK AC power cord, UK (BS89/13), C19, 13 A/250 V, 2.5 m, Right
Angle
CBL-M-PWR-RA-US AC power cord, USA/Canada (N6/20), C19, 20 A/250 V, 2.5 m,
Right Angle
CBL-PWR-RA-JP15 AC power cable, JIS 8303 15 A/125 V 2.5 m length for Japan,
Right Angle
CBL-PWR-RA-TWLK- AC power cable, NEMA L5-15P (twist lock) 15 A/125 V 2.5 m
US15 length for U.S., Canada, and Mexico, Right Angle
CBL-PWR-RA-US15 AC power cable, NEMA 5-15 15 A/125 V, 2.5 m length for
North America, parts of South America, parts of Central
America, parts of Africa, and parts of Asia, Right Angle
About Juniper Networks

Juniper Networks brings simplicity to networking with products,
solutions and services that connect the world. Through engineering
innovation, we remove the constraints and complexities of
networking in the cloud era to solve the toughest challenges our
customers and partners face daily. At Juniper Networks, we believe
that the network is a resource for sharing knowledge and human
advancement that changes the world. We are committed to
imagining groundbreaking ways to deliver automated, scalable and
secure networks to move at the speed of business.
Corporate and Sales Headquarters APAC and EMEA Headquarters

Juniper Networks, Inc. Juniper Networks International B.V. Boeing
1133 Innovation Way Avenue 240 1119 PZ Schiphol-Rijk
Sunnyvale, CA 94089 USA Amsterdam, The Netherlands
Phone: 888.JUNIPER (888.586.4737) Phone: +31.0.207.125.700
or +1.408.745.2000
www.juniper.net
Copyright 2020 Juniper Networks, Inc. All rights reserved. Juniper Networks, the Juniper Networks logo, Juniper, and Junos are registered trademarks of Juniper Networks, Inc. in the United
States and other countries. All other trademarks, service marks, registered marks, or registered service marks are the property of their respective owners. Juniper Networks assumes no
responsibility for any inaccuracies in this document. Juniper Networks reserves the right to change, modify, transfer, or otherwise revise this publication without notice.
1000254-038-EN April 2020 14

SRX5400, SRX5600, AND SRX5800 Services Gateways: Product Overview

Uploaded by

Copyright:

Available Formats

SRX5400, SRX5600, AND SRX5800 Services Gateways: Product Overview

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

SRX5400, SRX5600, AND SRX5800 Services Gateways: Product Overview

Uploaded by

Copyright:

Available Formats

Data Sheet

SRX5400, SRX5600, AND SRX5800

Based on Juniper’s Dynamic Services Architecture, the SRX5000 SRX5800

Features and Benefits

Feature Feature Description Benefits

Feature Feature Description Benefits

Feature Feature Description Benefits

Content Security UTM Capabilities

Feature Feature Description Benefits

Advanced Threat Prevention

Feature Feature Description Benefits

SRX5400 SRX5600 SRX5800

SRX5400 SRX5600 SRX5800

Intrusion Prevention System (IPS)*

Destination Network Address Translation

SRX5400 SRX5600 SRX5800

Source Network Address Translation

User Authentication and Access Control

Public Key Infrastructure (PKI) Support

SRX5400 SRX5600 SRX5800

Traffic Management Quality of Service (QoS)

High Availability (HA)

SRX5400 SRX5600 SRX5800

Third-Generation Partnership Project (3GPP) TS 20.060 Compliance7

Dimensions and Power

Juniper Networks Services and Support Product Number Description

Base/Bundle SRX5400X-BASE2 SRX5400 configuration includes chassis, enhanced midplane, SRX5K-

Product Number Description Compatible Product Number Description Compatible

Advanced Security Services Subscription Licenses Product Number Description

S-SRX5600-A2-3 SW, A2, IPS, AppSecure, URL filtering, cloud anti-virus/anti-spam,

Product Number Description

About Juniper Networks

Corporate and Sales Headquarters APAC and EMEA Headquarters

1133 Innovation Way Avenue 240 1119 PZ Schiphol-Rijk

Sunnyvale, CA 94089 USA Amsterdam, The Netherlands

Phone: 888.JUNIPER (888.586.4737) Phone: +31.0.207.125.700

1000254-038-EN April 2020 14

You might also like