Juniper J2320, J2350, J4350, J6350 Specifications
J SERIES SERVICES
J SERIES SERVICES
J2320, J2350, J4350, and J6350
ROUTERS
J2320, J2350, J4350, and J6350
DATASHEET
Product Overview
Juniper Networks J Series
Services Routers extend enterprise
applications and deliver reliable
connectivity to remote offi ces
with a powerful blend of highperformance network protection and
advanced services. J Series Services
Routers leverage the modular
JUNOS Software and Juniper’s rich
product and partner portfolio to
consolidate market leading security,
application optimization, and voice
capabilities onto a single, easy to
manage platform. Our innovative
security approach inseparably
integrates routing and fi rewalls for
exceptional performance. Available
options, including integrated
Juniper Networks WX application
acceleration and integrated voice
gateway technology from Avaya,
make the J Series the ideal choice
for closing the distance between
central resources and remote
locations.
Product Description
Enterprises are faced with a number of challenges and opportunities by converging
voice, video and data to one network. This consolidation of network elements reduces
cost by easing deployment of SIP enabled VoIP, real-time high-defi nition Telepresence
and standardizing on a consistent infrastructure network operating system like Juniper
Networks
interactions with suppliers, and employee productivity. This mission-critical multimedia network must be always on and always available. To accomplish this, fully
integrated stateful security is a key requirement, not merely forwarding packets without
regard to the intended application or individual user session. JUNOS Software provides
the high-performance networking infrastructure that helps enterprises implement key
initiatives that:
• Integrates routing, fi rewalling and vpn into one best in class secure router. By
• Minimizes the cost of installing and operating a network by deploying J Series. With
Whether you have an enterprise network or a service provider looking for customer
premise equipment for an MPLS or IP network, the J Series offers a mix of features that
excel at both. By leveraging JUNOS, the J Series can be deployed at medium to large
sites and the wide range of interfaces scales the bandwidth as necessary for today’s real
time communications
®
JUNOS® Software. These new technologies improve; customer relations,
securing an enterprise’s mission critical information and protecting the network from
vulnerabilities and attack, the J Series offers a combination of features that increases
productivity and reduces costs. With JUNOS release 9.6, the J Series enhances these
features with Unifi ed Threat Management, consisting of antivirus, antispam, Web
fi ltering and intrusion prevention system. These advanced security features can
eliminate a standalone appliance and be applied with a software key.
the modular, protected mode design of JUNOS Software and the rigorous JUNOS
development and testing process, there are fewer system process failures. The single
code source of JUNOS makes the qualifi cation of new releases across the network
much simpler. In addition, superior confi guration management reduces human errors
that could lead to network downtime.
1
Table 1: Key Hardware Features of the J Series Services Routers
PRODUCT DESCRIPTION
J2320 • Support for T1, E1, Synchronous Serial, ISDN Basic Rate Interface, ADSL2/ADSL2+, G.SHDSL, and Gigabit
J2350 • Support for T1, E1, Synchronous Serial, ISDN BRI, ADSL/2/2+, G.SHDSL, and Gigabit Ethernet interfaces
Ethernet interfaces
• Support for integrated IP telephony using the Avaya IG550 Integrated Gateway
• Support for application acceleration using the Juniper Networks ISM200 Integrated Services Module
• 4 xed Gigabit Ethernet LAN ports, and 3 PIM slots
• 512 MB DRAM default, expandable to 1 GB DRAM
• 512 MB compact ash default, upgradeable to 1 GB
• Hardware encryption acceleration (optional)
• Full UTM; antivirus, antispam, Web ltering, intrusion prevention system (with high memory version)
• Unied Access Control (UAC) and content ltering
• Support for integrated IP telephony using the Avaya IG550 Integrated Gateway
• Support for application acceleration using the Juniper Networks ISM200 Integrated Services Module
• 4 xed Gigabit Ethernet LAN ports, and 5 PIM slots
• 512 MB DRAM default, expandable to 1 GB DRAM
• 512 MB compact ash default, upgradeable to 1 GB
• Hardware encryption acceleration (optional)
• DC version available
• NEBS-compliant models available
• Full UTM; antivirus, antispam, Web ltering, intrusion prevention system (with high memory version)
• Unied Access Control (UAC) and content ltering
J4350 • Support for T1, E1, Fast Ethernet, Synchronous Serial, ISDN BRI, ADSL2/ADSL2+, G.SHDSL, DS3, E3, Gigabit
J6350 • Support for T1, E1, Fast Ethernet, Synchronous Serial, ISDN BRI, ADSL2/ADSL2+, G.SHDSL, DS3, E3, Gigabit
Ethernet interfaces
• Support for integrated IP telephony using the Avaya IG550 Integrated Gateway
• Support for application acceleration using the Juniper Networks ISM200 Integrated Services Module
• 4 xed Gigabit Ethernet LAN ports, 4 PIM slots, and 2 EPIM/PIM slots
• DC version available
• 512 MB or 1 GB DRAM default, expandable to 2 GB DRAM
• 512 MB compact ash default, upgradeable to 1 GB
• Hardware encryption acceleration (optional)
• NEBS-compliant models available
• Full UTM; antivirus, antispam, Web ltering, intrusion prevention system (with high memory version)
• Unied Access Control (UAC) and content ltering
Ethernet interfaces
• Support for integrated IP telephony using the Avaya IG550 Integrated Gateway
• Support for application acceleration using the Juniper Networks ISM200 Integrated Services Module
• 4 xed Gigabit Ethernet LAN ports, 2 PIM slots, and 4 EPIM/PIM slots
• DC version available
• 1 GB DRAM default, expandable to 2 GB DRAM
• 512 MB compact ash default, upgradeable to 1 GB
• Hardware encryption acceleration standard
• NEBS-compliant models available
• Redundant AC or DC power supplies
• Full UTM; antivirus, antispam, Web ltering, intrusion prevention system (with high memory version)
• Unied Access Control (UAC) and content ltering
2
Features and Benefits
Secure Routing
Should you use a router and a firewall to secure your network?
By building the branch J Series Services Routers with best-inclass routing and firewall capabilities in one product, enterprises
don’t have to make that choice. Why forward traffic if it’s not
legitimate?
J Series for the branch checks the traffic to see if it is legitimate,
and only forwards it on when it is. This reduces the load on
the network, allocates bandwidth for all other mission-critical
applications, and secures the network from hacking.
The main purpose of a secure router is to provide firewall
protection and apply policies. The rewall (zone) functionality
inspects trafc ows and state to ensure that originating and
returning information in a session is expected and permitted for
a particular zone. The security policy determines if the session
can originate in one zone and traverse to another zone. This
architectural choice receives packets from a wide variety of
clients and servers and keeps track of every session, of every
application, and of every user. It allows the enterprise to make
sure that only legitimate traffic is on its network and that traffic
is owing in the expected direction.
“Untrust” Zone
INTERNET
High Availability
Active/StandbyActive/Standby
INTERNETINTERNET
Active
J Series
EX Series EX Series
Active
EX Series
By using the Web interface or CLI, enterprises can create a
series of security policies that will control the traffic from within
and in between zones by defining policies. At the broadest
level, all types of traffic can be allowed from any source in
security zones to any destination in all other zones without any
scheduling restrictions. At the narrowest level, policies can be
created that allow only one kind of traffic between a specified
host in one zone and another specified host in another zone
during a scheduled time period.
Standby
J Series
Active
J SeriesJ Series
EX Series
Figure 2: High availability
Failure
Failure
EX Series
EX Series
Active
J SeriesJ Series
EX Series
Active/ActiveActive/Active
INTERNETINTERNET
Active
J SeriesJ Series
EX Series
“Trust” Zone
Intranet
“Guest” Zone
“DMZ” Zone
Figure 1: Firewalls, zones and policies
To ease the configuration of a firewall, J Series for the branch
uses two features—“zones” and “policies.” While these can be
user defined, the default shipping configuration contains, at a
minimum, a trust and an untrust zone. The trust zone is used
for configuration and attaching the LAN to the branch J Series
routers. The untrust zone is used for the WAN or Internet
interface. To simplify installation and make configuration easier,
a default policy is in place that allows traffic originating from the
trust zone to ow to the untrust zone. This policy blocks all trafc
originating from the untrust zone to the trust zone. A traditional
router forwards all trafc without regard to a rewall (session
awareness) or policy (origination and destination of a session).
High Availability
JUNOS Services Redundancy Protocol (JSRP) is a core feature
of the J Series for the branch. JSRP enables a pair of security
systems to be easily integrated into a high availability network
architecture, with redundant physical connections between
the systems and the adjacent network switches. With link
redundancy, Juniper Networks can address many common
causes of system failures, such as a physical port going bad
or a cable getting disconnected, to ensure that a connection
is available, without having to fail over the entire system. This
is consistent with a typical active/standby nature of routing
resiliency protocols.
When J Series routers for the branch are configured as an
active/active pair, trafc and conguration will be mirrored
automatically to provide active firewall and VPN session
maintenance in case of a failure. The J Series will now
synchronize both configuration and runtime information.
As a result, during failover, synchronization of the following
information is shared: connection/session state and ow
information, IPsec security associations, Network Address
Translation (NAT) trafc, address book information, conguration
changes, and more. In contrast to the typical router active/
standby resiliency protocols such as Virtual Router Redundancy
3
Protocol (VRRP), all dynamic ow and session information is
lost and must be reestablished in the event of a failover. Some
or all applications sessions will have to restart depending on the
convergence time of the links or nodes. By maintaining state,
not only is the session preserved, but security is intact. In an
unstable network, this active/active conguration also mitigates
link apping affecting session performance.
Session-Based Forwarding Without the Performance Hit
In order to optimize the throughput and latency of the combined
router and firewall, JUNOS implements session-based
forwarding, an innovation that combines the session state
information of a traditional firewall and the next-hop forwarding
of a classic router into a single operation. With JUNOS, a
session that is permitted by the forwarding policy is added to
the forwarding table along with a pointer to the next-hop route.
Established sessions have a single table lookup to verify that
the session has been permitted and to find the next hop. This
efficient algorithm improves throughput and lowers latency
for session traffic when compared with a classic router that
performs multiple table lookups to verify session information and
then to find a next-hop route.
Figure 3 shows the session-based forwarding algorithm. When
a new session is established, the session-based architecture
within JUNOS verifies that the session is allowed by the
forwarding policies. If the session is allowed, JUNOS will look
up the next-hop route in the routing table. It then inserts the
session and the next-hop route into the session and forwarding
table and forwards the packet. Subsequent packets for the
established session require a single table lookup in the session
and forwarding table, and are forwarded to the egress interface.
Session Initial
Packet Processing
Forwarding Table
Ingress
Interface
Session and
Figure 3: Session-based forwarding algorithm
Security Policy Evaluation
and Next-Hop Lookup
Table
Update
Disallowed by
Policy: Dropped
Forwarding for
Permitted Traffic
Egress
Interface
SMALL OFFICE
Mobile
SRX210
DSL
LARGE OFFICE
EX4200 EX3200
EX4200-24T
J4350
Cellular
J6350
FIXED MOBILE SITE
(Mobile – 3G)
POP
PBX
SRX210
Wireless
Service Provider
SIP Softswitch
PSTN
EX3200-24P
POP
Voice (AMI)
Data (B8ZS)
Channelized T-1
Clear channel T-1
J2350
Fax
INTERNET
Service Provider
SIP Softswitch
PSTN
POP
SRX210
Fax
HQ BRANCH
4
BRANCH
Figure 4: The distributed enterprise
Product Options
Juniper Networks J2320, J2350, J4350, and J6350 Services
Routers offer a number of options in terms of LAN and WAN
ports, hardware encryption acceleration, power supplies, DRAM,
compact ash, and feature licenses.
LAN Ports
All J2320, J2350, J4350, and J6350 Services Routers ship with
four xed 10/100/1000 Ethernet ports. You can add more modular
LAN interfaces by ordering the appropriate PIMs, Enhanced PIMs
(EPIMs), or Universal PIMs (UPIMs). For more information, see
the J Series WAN and LAN modules Ordering Information section
on page 14.
WAN Ports
All J2320, J2350, J4350, and J6350 Services Routers ship without
fixed WAN ports. The customer can add modular WAN interfaces
by ordering the appropriate PIMs. For more information, see the
J Series WAN and LAN Modules Part Numbers in the Ordering
Information section on page 14.
Hardware Encryption Acceleration
The J2320, J2350, and J4350 are available with optional hardware
encryption acceleration. All J6350 models include hardware
encryption acceleration by default. If you purchase a J2320,
J2350, or J4350 without hardware encryption, you can add it later
by ordering the appropriate encryption card.
Power Supply
All J2350, J4350, and J6350 Services Routers ship with either a
DC power supply or an AC power supply and include a regionspecic power cord. (The J2320 is available with AC power only.)
The J6350 supports a second redundant AC or DC power supply,
which can be added by ordering SSG-PS-DC or SSG-PS-AC. The
region-specic AC power cable for SSG-PS-AC must be ordered
separately.
DRAM
The J2320 and J2350 are upgradeable to a maximum of 1
GB DRAM. The J2320 and J2350 models without hardware
encryption acceleration (J2320-JB-SC and J2350-JB-SC) come
with 512 MB DRAM. All other models come with 1 GB of DRAM.
All J4350 models are upgradeable to a maximum of 2 GB
DRAM. The J4350 model that ships without hardware encryption
acceleration (J-4350-JB-SC) ships with 512 MB of DRAM. All
other J4350 models ship with 1 GB of DRAM.
All J6350 Services Routers ship with 1 GB of DRAM and are
upgradeable to 2 GB of DRAM. Order and install two additional
JXX50-MEM-512M-S DIMMs.
Note that when upgrading DRAM, DIMMs should always be
installed in pairs; for example, to upgrade to 1 GB DRAM, order
two JXX50-MEM-512M-S DIMMs. To upgrade to 2 GB DRAM,
order four JXX50-MEM-512M-S DIMMs.
With JUNOS Release 9.1 and later, all J Series Services Routers
(J2320, J2350, J4350, J6350) must run at least 512 MB of DRAM.
Compact Flash
All J2320, J2350, J4350, and J6350 Services Routers ship with
512 MB of primary compact ash. You can replace that with a
larger compact ash by ordering one either JX-CF-512M-S (for
512 MB) or JX-CF-1G-S (for 1 GB).
Table 2: J4350 and J6350 Supported Memory Configurations
TOTAL MEMORY DIMM 0 DIMM 1 DIMM 2 DIMM 3
512 MB 512 MB
512 MB 256 MB – 256 MB –
1 GB 256 MB 256 MB 256 MB 256 MB
1 GB 512 MB – 512 MB –
2 GB 512 MB 512 MB 512 MB 512 MB
5
Loading...