Datasheet

SRX2300 FIREWALL DATASHEET

Product Description
Juniper Networks® SRX2300 Firewall is a high-performance, next-generation firewall
(NGFW) designed to provide reliable network protection for your enterprise campus edge
and data center edge. It also supports roaming, SD-WAN large branch, and SD-WAN
secure hub use cases. Combining carrier-grade routing with state-of-the-art switching, this
platform delivers robust security, effective threat detection, and comprehensive automation
and mitigation capabilities.
Product Overview

The firewall's role must expand

as data centers evolve from
traditional architectures to
distributed ones. Rather than
being a perimeter technology,
firewalls need to be part of a
security fabric woven Figure 1: Juniper SRX Series Firewalls have achieved the highest scores in security effectiveness by
throughout the network. A CyberRatings and NetSecOpen

security fabric ensures that

security is maintained at every SRX2300 delivers NGFW features that support the changing needs of cloud-enabled
point of connection. enterprise networks and data centers. Whether rolling out new services within an
Juniper's Connected Security enterprise campus, connecting to the cloud seamlessly, complying with industry standards,
Distributed Services or achieving operational efficiency, the SRX2300 empowers organizations to operationalize
Architecture, managed by Zero Trust principles at scale while realizing their business objectives. The SRX2300
Juniper Security Director Cloud, protects critical corporate assets with intrusion prevention system (IPS), follow-the-user
offers a high-performance, and follow-the-application access policies, and Juniper’s AI-Predictive Threat Prevention.
scalable, and easy-to-manage Furthermore, SRX2300 works with Juniper cloud security solutions to secure hybrid cloud
firewall solution to secure environments with networkwide visibility and control, providing consistently secure on-
today’s distributed data centers. premises and cloud environments.
Juniper Networks SRX2300 line
of Firewalls is integral to this As network architectures become more distributed and decentralized, Juniper Networks
new architecture and it SRX Series Firewalls ensure seamless integration with other Juniper and third-party
empowers organizations to networking platforms and facilitate architectural transformation. At the same time, the
operationalize security across NGFWs facilitate architectural transformation, taking organizations from on-premises to
their networks. This 1 U, power- hybrid cloud environments seamlessly and cost-effectively. SRX Series Firewalls are the
efficient firewall features built-in first to implement industry-standard Ethernet VPN (EVPN) Type 5 and Virtual Extensible
Zero Trust, Ethernet VPN-Virtual LAN (VXLAN) protocols within data center environments, enabling the SRX2300 to act as a
Extensible LAN (EVPN-VXLAN) secure, fabric-aware leaf in the data center spine-leaf architecture.
fabric integration, and AI-
The SRX2300 participates in the industry-first Connected Security Distributed Services
Predictive Threat Prevention to
Architecture, enabling organizations to scale horizontally and elastically, simplifying the
secure your network.
operational management of large-scale firewall networks. With this architecture, several
SRX2300 platforms can work together as a single large logical firewall to provide higher
performance and scale security.
The SRX2300 is powered by the Junos® operating system, which underpins and helps
secure the world’s largest mission-critical enterprise and service provider networks. It is
managed by Juniper Security Director Cloud, Juniper’s unified management experience that

1
SRX2300 Firewall Datasheet

connects the organization’s current deployments with future compliant Secure Zero-Touch Provisioning (sZTP) to efficiently,
architectural rollouts. Security Director Cloud uses a single policy expediently, and remotely deploy products in your network.
framework, enabling consistent security policies across any Additionally, the SRX2300 supports MACsec at wire speed,
environment and expanding Zero Trust to all parts of the network, ensuring data integrity and confidentiality.
from the edge into the data center. This provides unbroken
visibility, policy configuration, administration, and collective threat
Connected Security Distributed Services Architecture
intelligence all in one place.
The SRX2300 is part of Juniper's Connected Security Distributed
Services Architecture, revolutionizing data center security. With
Architecture and Key Components Juniper's Connected Security Distributed Services Architecture,
The SRX2300 hardware and software architecture provides cost- firewall performance can scale horizontally by interconnecting
effective security in a compact, scalable 1U form factor. Purpose traffic forwarding and security services across multiple locations.
built to protect network environments, the SRX2300 incorporates The Juniper solution also provides automated failover and backup
multiple security services and networking functions on top of Junos nodes for forwarding and inspection components. In addition to
OS, providing highly-customizable threat protection, automation, redundancy and load balancing, Juniper's Connected Security
and integration capabilities. Best-in-class advanced security Distributed Services Architecture simplifies how large-scale data
capabilities on the SRX2300 are offered in the data center, center firewall networks are managed and operated. Regardless of
enterprise campus, and regional headquarters deployments with how many additional firewall engines across the various form
IMIX traffic patterns. factors (physical, virtual, containerized) are added, they can all be
managed as one logical unit. This centralized management
Built-In Zero Trust eliminates the complexity that has been an unintended
consequence of a traditional scale-out approach.
To increase trust and streamline operations, the SRX2300 features
several built-in Zero Trust device capabilities, including an
embedded Trusted Platform Module (TPM) 2.0 and
cryptographically signed device ID. The SRX2300 supports RFC-

Features and Benefits

Business Requirement Feature/Solution SRX2300 Advantages
High performance Hardware-accelerated • Offloads CPU-intensive encryption/decryption tasks
encryption/decryption • Improves performance for SSL and IPsec

High-quality, end user Application visibility and • Updates application continuously and decodes custom applications
experience control • Controls and prioritizes traffic based on application and user role
• Inspects and detects applications inside SSL-encrypted traffic, including Web and SaaS

Advanced threat NGFW Services: IPS, antivirus, • Prevents exploits with 99.9% effectiveness2; signatures update in real time
protection antispam, Web filtering • Protects against known malware and malicious Web and DNS traffic
Juniper Advanced Threat
Prevention Cloud: sandboxing, • Sandboxing for unknown malware across multiple OS types, including iOS, Windows, Android, and CentOS
Encrypted Traffic Insights, • Delivers threat intelligence in an open platform to accommodate third-party and custom threat feeds
SecIntel threat intelligence • Detects threats hidden inside encrypted traffic without decrypting
feeds
Zero-day protection Juniper’s AI-Predictive Threat • Predicts and prevents malware at line rate by using AI to identify threats from packet snippets effectively
Prevention • Eliminates patient-zero infections
• Auto-generates protective signatures that remain active for the full attack lifecycle, keeping the network safe from subsequent
attacks

Secure data transactions Juniper Secure Connect: IPsec • Provides high-performance IPsec VPN with dedicated crypto engine
VPN, remote access/SSL VPN • Offers diverse VPN options for various network designs, including remote access and dynamic site-to-site communications
• Simplifies large VPN deployments with auto-VPN
• Includes hardware-based crypto acceleration
• Secure and flexible remote access SSL VPN

Advanced networking Routing, secure wire • Supports carrier-class advanced routing and quality of service (QoS)
services
Security embedded into EVPN-VXLAN (EVPN Type 5 • Enhances tunnel inspection for VXLAN encapsulated traffic with Layer 4-7 security services
the data center fabric route) • Eases operations with Type 5 support through BGP
• Does not require decapsulation for EVPN-VXLAN traffic

2
 SRX2300 Firewall Datasheet

Business Requirement Feature/Solution SRX2300 Advantages

Reliability Chassis cluster, MNHA, • Provides stateful configuration and session state synchronization
redundant power supplies • Supports active/active and active/backup deployment scenarios
• Offers highly available hardware with redundant power supply unit (PSU) and fans

Easy to manage and scale Juniper Security Director • Provides centralized management via Juniper’s unified management experience, including zero-touch provisioning (ZTP),
Cloud, on-box GUI unbroken visibility, intelligent rule placement, and simplified policy configuration and automation
• Supports Network Address Translation (NAT) and automated IPsec VPN deployments via wizards
• Supports on-box GUI

Built-in Zero Trust DevID with TPM 2.0 Module • Verifies the device’s trust posture easily
capabilities • Provides cryptographically signed device ID that supports RFC-compliant sZTP for hardware and software attestation
• Mitigates the risks of supply chain attacks

Low TCO Junos OS • Integrates routing and security capabilities into a single device
• Reduces OpEx with Junos OS automation capabilities
• Automates integration with other devices running Junos OS, such as Juniper MX, PTX, and ACX routers; EX and QFX switches;
and Cloud-Native Contrail Networking (CN2)

2
Exploit block rate results tested by CyberRatings’ 2023 Enterprise Firewall test report

Figure 2: SRX2300 Firewall

Software Specifications
Firewall Services VPN Features

• Stateful firewall services • Tunnels: Site-to-site, hub and spoke, dynamic endpoint,
• Zone-based firewall AutoVPN, ADVPN, Group VPN (IPv4/ IPv6/Dual Stack)
• Screens and distributed denial of service (DDoS) protection • Juniper Secure Connect: Remote access IPsec/SSL VPN
• Protection from protocol and traffic anomalies • Configuration payload: Yes
• Unified Access Control (UAC) • IKE encryption algorithms: Prime, 3DES-CBC, AEC-CBC, AES-
• Integration with Juniper Mist™ Access Assurance GCM, Suite B
• Authentication: Pre-shared key and public key infrastructure
(PKI) (X.509)
Carrier-Grade Network Address Translation (CGNAT) • IPsec: Authentication Header (AH) / Encapsulating Security
• Carrier-grade Network Address Translation (Large-scale NAT) Payload (ESP) protocol
• IPv4 and IPv6 address translation NAT44, NAPT44, NAT66, • IPsec authentication algorithms: hmac-md5, hmac-sha-196,
NAPT66, NAT64, NAT46 hmac-sha-256
• Static and dynamic 1-1 translation • IPsec encryption algorithms: Prime, DES-CBC, 3DES-CBC,
• Source NAT with Port Address Translation (PAT) AEC-CBC, AES-GCM, Suite B
• Destination NAT with Port Address Translation (PAT) • Perfect forward secrecy, anti-replay
• Persistent NAT (EIM/EIF) • Internet Key Exchange: IKEv1, IKEv2
• Port Block Allocation (PBA) • Monitoring: Standard-based dead peer detection (DPD)
• Deterministic NAT (DetNAT) support, VPN monitoring
• Port overload • VPNs GRE, IP-in-IP, and MPLS
• Twice-NAT44
• DS-lite and Port Control Protocol (PCP)

3
SRX2300 Firewall Datasheet

High Availability Features • Multicast: Internet Group Management Protocol (IGMP) v1/v2,
Protocol Independent Multicast (PIM) sparse mode (SM)/
• Virtual Router Redundancy Protocol (VRRP)–IPv4 and IPv6
• Stateful high availability: Dual box clustering source-specific multicast (SSM), Session Description Protocol
- Active/passive (SDP); Distance Vector Multicast Routing Protocol (DVMRP),
Multicast Source Discovery Protocol (MSDP), reverse path
- Active/active
forwarding (RPF)
- Configuration synchronization
• Encapsulation: VLAN, Point-to-Point Protocol over Ethernet
- Firewall session synchronization
(PPPoE)
- Device/link detection
• Virtual routers
- In-Service Software Upgrade (ISSU)
• EVPN-VXLAN (EVPN Type 5 route)
- IP monitoring with route and interface failover
• Policy-based routing, source-based routing
- BFD monitoring
• Equal-cost multipath (ECMP)
• Chassis cluster HA and Multinode HA (MNHA)

QoS Features
Application Security Services (offered as advanced security
subscription license) • Support for 802.1p, DiffServ code point (DSCP), EXP
• Application visibility and control • Classification based on VLAN, data-link connection identifier
• Application QoS (DLCI), interface, bundles, or multifield filters
• Advanced/application policy-based routing (APBR) • Marking, policing, and shaping
• Application Quality of Experience (AppQoE) • Classification and scheduling
• Application-based multipath routing • Weighted random early detection (WRED)
• User-based firewall • Guaranteed and maximum bandwidth
• Ingress traffic policing
• Virtual channels
Threat Defense and Intelligence Services (offered as an advanced
security subscription license)
• Intrusion prevention system Network Services
• AI-Predictive Threat Prevention • Dynamic Host Configuration Protocol (DHCP) client/server/
• Antivirus relay
• Antispam • Domain Name System (DNS) proxy, dynamic DNS (DDNS)
• Category/reputation-based URL filtering • Juniper real-time performance monitoring (RPM) and IP
• SSL proxy/inspection monitoring
• Protection from botnets (command and control) • Juniper flow monitoring (J-Flow)
• Adaptive enforcement based on GeoIP
• Juniper Advanced Threat Prevention, a cloud-based SaaS
offering to detect and block zero-day attacks Advanced Routing Services
• Adaptive Threat Profiling • MPLS (RSVP, LDP)
• Encrypted Traffic Insights • Circuit cross-connect (CCC), translational cross-connect (TCC)
• SecIntel threat intelligence • L2/L2 MPLS VPN, pseudo-wires
• Juniper ATP virtual appliance, a distributed, on-premises • Virtual private LAN service (VPLS), next-generation multicast
advanced threat prevention solution to detect and block zero- • VPN (NG-MVPN)
day attacks • MPLS traffic engineering and MPLS fast re-route

Routing Protocols Management, Automation, Logging, and Reporting

• IPv4, IPv6, static routes, RIP v1/v2 • SSH, Telnet, SNMP-MIBs, Traps
• OSPF/OSPF v3 • Smart image download
• BGP with route reflector • Juniper CLI, Web UI, NetCONF, XML APIs, RMON
• IS-IS • Juniper Networks Security Director Cloud

4
SRX2300 Firewall Datasheet

• Python Specifications SRX2300

• Junos OS events, commit and OP scripts Maximum concurrent sessions (IPv4 or
5 Million
IPv6)
• Application and bandwidth usage reporting
Route table size (RIB/FIB) (IPv4) 2 Million/1.2 Million
• Debug and troubleshooting tools
IPsec VPN tunnels 4,000

3
Throughput numbers based on UDP packets and RFC2544 test methodology
4
Next-generation firewall performance is measured with firewall, application security, and IPS enabled
Hardware Specifications 5
Secure Web Access firewall performance is measured with firewall, application security, IPS, SecIntel, and URL filtering
enabled
Table 3. SRX2300 Hardware Specifications 6
Advanced Threat performance is measured with Firewall, Application Security, IPS, SecIntel, URL Filtering and Malware
Protection enabled
#
TPS Method: Throughput performance of average HTTP sessions
Specifications SRX2300 **
CPS Method: Short-lived sessions

Connectivity
Onboard ports 8 x 1 GbE/2.5 GbE/5 GbE/10 GbE BASE-T Juniper Networks Services and Support
Onboard small form-factor pluggable 8 x 1 GbE/10 GbE SFP+
plus (SFP+) transceiver ports 4 x 1 GbE/10 GbE/25 GbE SFP28 Juniper Networks is the leader in performance-enabling services
2 x 40 GbE/100 GbE QSFP28
designed to accelerate, extend, and optimize your high-
Out-of-Band (OOB) management ports 1 x 1 GbE (RJ-45)
performance network. Our services allow you to maximize
Dedicated high availability (HA) ports 2 x 1 GbE SFP
operational efficiency while reducing costs and minimizing risk,
Console 1 (RJ-45)
USB 3.0 ports (Type A) 1
achieving a faster time to value. Juniper Networks ensures
Storage
operational excellence by optimizing the network to maintain
Storage (SSD) 1 x 120 GB (primary), 1 x 120 GB (secondary) required levels of performance, reliability, and availability. For more
Dimensions and Power details, please visit https://www.juniper.net/us/en/products.html.
Form factor 1U
Size (W x H x D) 17.28 x 1.74 x 18.20 in
(43.89 x 4.42 x 46.23 cm) Ordering Information
Weight (device and PSU) Chassis with two AC power supplies: 19 lb (8.6 kg) To order Juniper Networks SRX Series Firewalls, and to access
Chassis with two DC power supplies: 19.3 lb (8.8
kg) software licensing information, please visit the How to Buy page at
Chassis with package for shipping: 35.6 lb (16.2 kg)
https://www.juniper.net/us/en/how-to-buy/form.html.
Redundant PSU 1+1
Power supply 2 x 450 W AC PSU redundant
2 x 650 W DC PSU redundant
Average heat dissipation 1 x DC PSU (40V): 653.4 BTU/h
About Juniper Networks
2 x DC PSU (40V): 737 BTU/h
1 x AC PSU (110V): 682 BTU/h
Juniper Networks believes that connectivity is not the same as
1 x AC PSU (230V): 662 BTU/h experiencing a great connection. Juniper's AI-Native Networking
2 x AC PSU (110V): 703 BTU/h
2 x AC PSU (230V): 682 BTU/h Platform is built from the ground up to leverage AI to deliver
Environment and Regulatory Compliance the best and most secure user experiences from the edge to the
Airflow/cooling Front to back data center and cloud. Additional information can be found at
Operating temperature 32° to 104° F (0° to 40° C at 6000 ft altitude) Juniper Networks (www.juniper.net) or connect with Juniper on X
Operating humidity 5% to 90% non-condensing (Twitter), LinkedIn, and Facebook.
Meantime between failures (MTBF) Over 100,000 hours (12 years)
FCC classification Class A
RoHS compliance RoHS 6

Performance and Scale

Firewall throughput3 (IMIX) 28 Gbps
Firewall throughput3 (1518B) 39 Gbps
IPsec VPN throughput (IMIX)
3
18 Gbps
IPsec VPN throughput3 (1400B) 36 Gbps
Application security performance (TPS#/
36 Gbps/23 Gbps
CPS**)
Next-generation firewall (TPS /CPS**)
# 4
35 Gbps/12 Gbps
Secure Web Access Firewall (CPS**)5 11 Gbps
Advanced Threat (CPS**)6 6 Gbps
Connections per second (64B) 450,000
SSL connections per second 8,000

5
 SRX2300 Firewall Datasheet

Statement of Product Direction

The information on this page may contain Juniper's development
and plans for future products, features, or enhancements (“SOPD
Information”). SOPD Information is subject to change at any time,
without notice. Juniper provides no assurances, and assumes no
responsibility, that future products, features, or enhancements will
be introduced. In no event should any purchase decision be based
upon reliance of timeframes or specifics outlined as part of SOPD
Information, because Juniper may delay or never introduce the
future products, features, or enhancements.
Any SOPD Information within, or referenced or obtained from, this
website by any person does not give rise to any reliance claim, or
any estoppel, against Juniper in connection with, or arising out of,
any representations set forth in the SOPD Information. Juniper is
not liable for any loss or damage (howsoever incurred) by any
person in connection with, or arising out of, any representations set
forth in the SOPD Information.

Corporate and Sales Headquarters APAC and EMEA Headquarters

Juniper Networks, Inc. Juniper Networks International B.V.

1133 Innovation Way Boeing Avenue 240 1119 PZ Schiphol-Rijk

Sunnyvale, CA 94089 USA Amsterdam, The Netherlands

Phone: 888.JUNIPER (888.586.4737) Phone: +31.207.125.700

or +1.408.745.2000

www.juniper.net

Copyright 2024 Juniper Networks, Inc. All rights reserved. Juniper Networks, the Juniper Networks logo, Juniper, and Junos are registered trademarks of Juniper Networks, Inc. in the United
States and other countries. All other trademarks, service marks, registered marks, or registered service marks are the property of their respective owners. Juniper Networks assumes no
responsibility for any inaccuracies in this document. Juniper Networks reserves the right to change, modify, transfer, or otherwise revise this publication without notice.

1000778-004-EN May 2024 6