Juniper networks SRX 1400 User Manual

SRX1400 SERVICES
GATEWAY

DATASHEET

Product Overview

The SRX1400 Services Gateway is

a professional-grade platform for

security ideally suited for small to

mid-size data centers, enterprise, and

service provider network deployments

where consolidated functionality,

uncompromising 10 Gbps performance,

compact environmental footprint, and

aordability are key requirements.

The SRX1400 expands the SRX Series

family of next-generation security

platforms, delivering market-leading

performance and extensive service

integration to 10GbE environments

where the features are required without

the massive scalability provided by

SRX3000 and SRX5000 lines.

The SRX1400 is available in two base

configurations oering a choice of

built-in high-density 1GbE ports or

combination of built-in 10GbE ports

and 1GbE ports. For enhanced flexibility,

the SRX1400 can use the integrated

SRX1400 NSPC processing card or

use separate NPC and SPC cards from

the SRX3000 line, simplifying sparing

logistics and interoperability. The

appliance includes one expansion slot

on the front panel.

Product Description

Juniper Networks® SRX1400 Services Gateway is the newest member of the market-

leading SRX Series data center line. Purpose-built to protect 10GbE network

environments, the SRX1400 consolidates multiple security services and networking

functions in a highly-available appliance. Featuring a modular design that uses common

form-factor modules serviceable from the front panel, the SRX1400 incorporates

innovation that improve reliability, enhance network availability and deliver deterministic

performance of concurrent security services at scale.

®

Combining Juniper’s Dynamic Services Architecture and Juniper Networks Junos

system with carrier-class features based on the proven design of the SRX3000 line of

services gateways, SRX1400 sets a new standard in value by extending the SRX Series

data center line to cost-effectively satisfy network security requirements in smaller

environments. Each SRX1400 Services Gateway consolidates multiple security services

in one chassis under one integrated security policy, while delivering the uncompromised

performance needed to support 10GbE environments in today’s high-performance networks.

Purpose-Built for Network Security Professionals

The SRX1400 is a carrier grade appliance designed from the ground up for long, trouble-free

service life of continuous operation in demanding, high-performance data center network

environments. Designed and produced using a TL 9000 registered quality management

system, the SRX1400 is 100% Juniper - software, support services and hardware including

innovative new chipsets to separate control and user planes, enabling performance to scale

to new levels required to meet the needs of high performance networks.

Dynamic Services Architecture

The high-end SRX Series uses the Juniper Dynamic Services Architecture to distribute

data sessions between multi-core processing resources dynamically, on-the-fly. Instead

of binding network traffic and services to specific CPU cores and processing resources

in a fixed or rigid manner, as other vendors do, Dynamic Services Architecture balances

traffic session processing work load dynamically within a pool formed from all available

resources. This avoids an all-too-common situation experienced on general-purpose

computing platforms used for security, where a subset of resources operate at or near

their maximum limits while other resources are under-used or idle.

operating

1

The Dynamic Services Architecture in SRX Series Services

Gateways is what enables Juniper to deliver massive scalability,

market-leading throughput, and deterministic performance

with multiple security services operating concurrently. WIth the

chassis-based SRX Series gateways, additional processing cards

can be easily installed adding to the resource pool as your traffic

grows over time.

Converged Security Services

The SRX1400 consolidates multiple security services and

networking functions into one physical appliance by tightly

integrating the configuration, security policy, and device

management of these services within Junos OS. All services

are included in the Junos OS software image, and all services

are available when the software is running. This means that no

additional software components need to be, installed, activated

or configured when more services are needed, greatly simplifying

system administration and reducing costs. Services can be used or

not depending on the rules in the security policy.

Services available on the SRX1400 include:

• Stateful inspection of IPv4, IPv6, General Packet Radio Service

tunneling protocol (GTP), and applications at layers 4-7.

• IPsec VPN

• SSL decryption

• IP and GTP IPS

• Hardware assisted quality of service (QoS)

• Denial of service/distributed denial of service (DoS/DDoS)

protection, including protection from attacks on business and

application logic

• Dynamic routing

• Multiple (virtual) routing instances

• AppSecure

• AppDoS

• AppTrack

• Streams Control Transmission Protocol (SCTP)

• Network Address Translation (NAT)

• Application-level gateways (ALGs)

SRX1400 Architecture and Key Components

Based on the time-tested, proven design of the SRX3000 line, the

SRX1400 delivers deterministic performance optimized for 10GbE.

A functional SRX1400 system consists of a base configuration

together with a Network and Services Processing Card (NSPC)

designed specifically for the SRX1400, or a combination of base

configuration together with interchangeable SRX3000 line

processing cards. The capability of the SRX1400 to use SRX3000

line cards can provide significant advantages and a lower total

cost of ownership (TCO). Customers can simplify operations

and maintenance by using one common security policy and a

common set of spares that are compatible and interoperable

between SRX1400 and SRX3000 line services gateways. Policy

and configuration backup and restore operations, equipment

replacements, migration and upgrade from SRX1400 to the

SRX3000 line are straightforward.

With the exception of the hot-swappable fan tray, which is

accessible from the rear panel, all modules and connections on

the SRX1400 are accessible from the front panel.

Choice of Base Systems

Two base systems are available for the SRX1400 - a GE version

and a XGE version. Both base system versions include a discrete

2

Routing Engine module, one power supply (AC or DC

tray assembly.

GE-Base System

The GE-Base System contains twelve GbE ports. Six of the

twelve GbE ports are 10/ 100/ 1000 copper (RJ45), and six are

1000BASE-X. Two of the six 1000BASE-X ports can be used for

either high availability (HA) cluster control or as data ports. The

1000BASE-X ports accept small form-factor pluggable (SFP)

transceivers which are available in copper, short reach (SX)

multimode (MM fiber) and long reach (LX) single mode (SM fiber).

XGE-Base System

The XGE-Base System contains three ports of 10GbE and nine

ports of GbE. Six of the nine GbE ports are 10/100/1000 copper

(RJ45) and three are 1000BASE-X. Two of the three 1000BASE-X

ports can be used for either HA cluster control or as data ports.

The 1000BASE-X ports accept SFP transceivers which are

available in copper, SX (MM fiber) and LX (SM fiber). The three

10GbE ports accept SFP+ transceivers which are available in SR

(MM fiber), LR (SM fiber), and ER (SM fiber).

In addition to a base system, processing resources—either one

integrated NSPC, or the combination of one SRX3000 line NPC,

one SRX3000 line SPC, and one double wide tray—must be

installed in order to have an operational system.

), and a fan

2