Page 1
SRX1400 SERVICES
GATEWAY
DATASHEET
Product Overview
The SRX1400 Services Gateway is
a professional-grade platform for
security ideally suited for small to
mid-size data centers, enterprise, and
service provider network deployments
where consolidated functionality,
uncompromising 10 Gbps performance,
compact environmental footprint, and
aordability are key requirements.
The SRX1400 expands the SRX Series
family of next-generation security
platforms, delivering market-leading
performance and extensive service
integration to 10GbE environments
where the features are required without
the massive scalability provided by
SRX3000 and SRX5000 lines.
The SRX1400 is available in two base
configurations oering a choice of
built-in high-density 1GbE ports or
combination of built-in 10GbE ports
and 1GbE ports. For enhanced flexibility,
the SRX1400 can use the integrated
SRX1400 NSPC processing card or
use separate NPC and SPC cards from
the SRX3000 line, simplifying sparing
logistics and interoperability. The
appliance includes one expansion slot
on the front panel.
Product Description
Juniper Networks® SRX1400 Services Gateway is the newest member of the market-
leading SRX Series data center line. Purpose-built to protect 10GbE network
environments, the SRX1400 consolidates multiple security services and networking
functions in a highly-available appliance. Featuring a modular design that uses common
form-factor modules serviceable from the front panel, the SRX1400 incorporates
innovation that improve reliability, enhance network availability and deliver deterministic
performance of concurrent security services at scale.
®
Combining Juniper’s Dynamic Services Architecture and Juniper Networks Junos
system with carrier-class features based on the proven design of the SRX3000 line of
services gateways, SRX1400 sets a new standard in value by extending the SRX Series
data center line to cost-effectively satisfy network security requirements in smaller
environments. Each SRX1400 Services Gateway consolidates multiple security services
in one chassis under one integrated security policy, while delivering the uncompromised
performance needed to support 10GbE environments in today’s high-performance networks.
Purpose-Built for Network Security Professionals
The SRX1400 is a carrier grade appliance designed from the ground up for long, trouble-free
service life of continuous operation in demanding, high-performance data center network
environments. Designed and produced using a TL 9000 registered quality management
system, the SRX1400 is 100% Juniper - software, support services and hardware including
innovative new chipsets to separate control and user planes, enabling performance to scale
to new levels required to meet the needs of high performance networks.
Dynamic Services Architecture
The high-end SRX Series uses the Juniper Dynamic Services Architecture to distribute
data sessions between multi-core processing resources dynamically, on-the-fly. Instead
of binding network traffic and services to specific CPU cores and processing resources
in a fixed or rigid manner, as other vendors do, Dynamic Services Architecture balances
traffic session processing work load dynamically within a pool formed from all available
resources. This avoids an all-too-common situation experienced on general-purpose
computing platforms used for security, where a subset of resources operate at or near
their maximum limits while other resources are under-used or idle.
operating
1
Page 2
The Dynamic Services Architecture in SRX Series Services
Gateways is what enables Juniper to deliver massive scalability,
market-leading throughput, and deterministic performance
with multiple security services operating concurrently. WIth the
chassis-based SRX Series gateways, additional processing cards
can be easily installed adding to the resource pool as your traffic
grows over time.
Converged Security Services
The SRX1400 consolidates multiple security services and
networking functions into one physical appliance by tightly
integrating the configuration, security policy, and device
management of these services within Junos OS. All services
are included in the Junos OS software image, and all services
are available when the software is running. This means that no
additional software components need to be, installed, activated
or configured when more services are needed, greatly simplifying
system administration and reducing costs. Services can be used or
not depending on the rules in the security policy.
Services available on the SRX1400 include:
• Stateful inspection of IPv4, IPv6, General Packet Radio Service
tunneling protocol (GTP), and applications at layers 4-7.
• IPsec VPN
• SSL decryption
• IP and GTP IPS
• Hardware assisted quality of service (QoS)
• Denial of service/distributed denial of service (DoS/DDoS)
protection, including protection from attacks on business and
application logic
• Dynamic routing
• Multiple (virtual) routing instances
• AppSecure
• AppDoS
• AppTrack
• Streams Control Transmission Protocol (SCTP)
• Network Address Translation (NAT)
• Application-level gateways (ALGs)
SRX1400 Architecture and Key Components
Based on the time-tested, proven design of the SRX3000 line, the
SRX1400 delivers deterministic performance optimized for 10GbE.
A functional SRX1400 system consists of a base configuration
together with a Network and Services Processing Card (NSPC)
designed specifically for the SRX1400, or a combination of base
configuration together with interchangeable SRX3000 line
processing cards. The capability of the SRX1400 to use SRX3000
line cards can provide significant advantages and a lower total
cost of ownership (TCO). Customers can simplify operations
and maintenance by using one common security policy and a
common set of spares that are compatible and interoperable
between SRX1400 and SRX3000 line services gateways. Policy
and configuration backup and restore operations, equipment
replacements, migration and upgrade from SRX1400 to the
SRX3000 line are straightforward.
With the exception of the hot-swappable fan tray, which is
accessible from the rear panel, all modules and connections on
the SRX1400 are accessible from the front panel.
Choice of Base Systems
Two base systems are available for the SRX1400 - a GE version
and a XGE version. Both base system versions include a discrete
2
Routing Engine module, one power supply (AC or DC
tray assembly.
GE-Base System
The GE-Base System contains twelve GbE ports. Six of the
twelve GbE ports are 10/ 100/ 1000 copper (RJ45), and six are
1000BASE-X. Two of the six 1000BASE-X ports can be used for
either high availability (HA) cluster control or as data ports. The
1000BASE-X ports accept small form-factor pluggable (SFP)
transceivers which are available in copper, short reach (SX)
multimode (MM fiber) and long reach (LX) single mode (SM fiber).
XGE-Base System
The XGE-Base System contains three ports of 10GbE and nine
ports of GbE. Six of the nine GbE ports are 10/100/1000 copper
(RJ45) and three are 1000BASE-X. Two of the three 1000BASE-X
ports can be used for either HA cluster control or as data ports.
The 1000BASE-X ports accept SFP transceivers which are
available in copper, SX (MM fiber) and LX (SM fiber). The three
10GbE ports accept SFP+ transceivers which are available in SR
(MM fiber), LR (SM fiber), and ER (SM fiber).
In addition to a base system, processing resources—either one
integrated NSPC, or the combination of one SRX3000 line NPC,
one SRX3000 line SPC, and one double wide tray—must be
installed in order to have an operational system.
), and a fan
2
Page 3
Options
Optional modules that can be added include one additional
2
(redundant) power supply (AC or DC
Ethernet connectivity. The SRX3000 line and SRX1400 use the
same interchangeable IOC modules. The SRX1400 is designed
for future expansion, including the ability to accommodate next-
generation silicon from Juniper Networks.
SRX1400 NSPC
1
Providing the power inside the SRX1400, the integrated NSPC is
optimized to perform all packet processing and inspection for all
available services on the platform. The Juniper Dynamic Services
Architecture manages the multiple cores of processing power on
the NSPC as one pool or reservoir of resources, and dynamically
allocates resources to services as needed. To ensure maximum
processing performance and flexibility, the SRX Series high-end
products uses network processors (NPCs) to distribute inbound
and outbound traffic to SPCs and IOCs, apply QoS, and enforce
protection from DoS/DDoS attack scenarios.
) and one IOC for additional
I/O Cards (IOC)
Supporting a wide variety of use cases and to accommodate
interfacing between different Ethernet standards, the SRX1400
provides for additional front panel I/O to complement the
excellent port density provided in the base system. SRX1400 and
SRX3000 line of products use the same IOCs interchangeably.
Each SRX1400 Services Gateway can accommodate one
additional IOC; either 16 gigabit interfaces (16 x 10/100/ 1000
copper GbE or 16 x 1000BASE-X fiber GbE), or two 10GbE
interfaces (2 x 10GbE XFP Ethernet).
Power Supplies
The SRX1400 accommodates one or two AC or DC2 power
supply modules. Each individual power supply is fully capable of
furnishing all of the power the SRX1400 needs. The second power
supply is redundant to the first and is used to increase availability
in the event of a power supply failure. Power supplies are hot-
swappable, Network Equipment Building System (NEBS-III) ready,
and accessible from the front panel.
SRX3000 Line NPC and SPC
The SRX1400 will interoperate with the SRX3000 NPC and SPC
cards. In order to use the SRX3000 line NPC and SRX3000 SPC in
the SRX1400, it is necessary to use the optional double wide tray.
Features and Benefits
Loaded with features and optimized for 10GbE networks, the
SRX1400 has many attributes that make it superior to other
products on the market:
Table 1: SRX1400 Features and Benefits
FEATURE DESCRIPTION BENEFIT
Professional-grade networking
security services
Consolidated security services Consolidation of multiple security services into one
Dynamic Services Architecture • Separate control and data plane.
• Purpose-built platform for security built from the
ground up to provide many years of professionalgrade, high-performance, high-availability
networking security services.
• One Junos OS release to manage across entire
network (routing, switching, security) and proven
over time in the most demanding environments.
• Powerful command-line interface (CLI) and
extensive scripting capability.
chassis-based system (IP, GTP, and application
firewall; IP and GTP IPS; NAT; IP and application QoS;
dynamic routing; application identification, tracking
and reporting; and more.
• Discrete routing engine.
• Multiple CPU cores form a pool of resources where
idle and under used processing resources are
dynamically allocated to the security services that
need them.
• Network security solutions you can trust because
they work as expected, day in and day out, year
aer year.
• Single source that takes full responsibility for
networking security equipment, service and support.
• Radically simplifies and reduces total cost of
ownership of large scale deployments, particularly
Long Term Evolution (LTE).
• Deploy fewer unique devices.
• Reduce latency, performance, and availability
impacts from multiple devices.
• Reduce operation and maintenance (O&M)
costs with single, integrated policy and device
management system, common spares, and
technical training.
• Superior performance under varying trac loads,
especially DoS and DDoS attacks.
• Significant reduction in TCO.
• Significant improvement in network reliability,
availability, and performance.
• Improvement in customer satisfaction and time to
market.
3
Page 4
Table 1: SRX1400 Features and Benefits (continued)
FEATURE DESCRIPTION BENEFIT
Interoperable SRX3000 line IOC
and processing cards
I/O flexibility, density, integration,
and scale
Investment protection • SRX1400 is chassis-based and designed to be
• SRX1400 is a derivative of the SRX3000 line,
making device configuration, policy, NPC, SPC and
IOCs interoperable and interchangeable.
• Technical hardware and soware knowledge, in
addition to spares, can be leveraged easily across
the organization.
• SRX1400 has the I/O flexibility and density,
consolidated services, and performance at scale to
satisfy multiple requirements and use cases.
• Individual security services are top rated by industry
analyst organizations.
• Multiple services are tightly integrated under a
common security policy and management system.
compatible with next-generation silicon from
Juniper Networks.
• Additional services can be delivered through the
Junos OS release train.
• AppSecure plus related upcoming features can
significantly enhance data center/server farm
protection use case scenarios.
• SRX1400 design includes expansion slot.
• SRX3000 line NPC and SPC can interoperate in
SRX1400. IOCs are interchangeable.
Simplified logistics and spares, reduced operations
and maintenance costs, and improved network
availability.
One appliance satisfies a wide variety of use cases.
Juniper’s strategy and product roadmap is designed
to protect customer investment into the future.
SRX1400 SHOWN WITH XGE BASE SYSTEM, OPTION AL IOC AND OPTIONAL
REDUNDANT POWER SUPPLY.
SRX1400 Specifications
Network Interfaces
• 1GbE ports:
- Built-in: 9 or 12
- IOC: 16
• 10GbE ports:
- Built-in: 0 or 3
- IOC: 2
• Chassis HA control ports: 2 shared 1GbE
• Expansion slot: 1 single-wide SRX3000 IOC
• Power supply: AC or DC2, one supplied, one optional redundant,
hot-swappable
System Performance (maximum)
• Stateful inspection firewall (1518 byte UDP): 10 Gbps
• IPS: 2 Gbps
• IPsec VPN: 2 Gbps
• Concurrent sessions: 0.5 million
• Connection establishment rate: 45,000 cps sustained
• Security policies: 40,000
Dimensions (W x H x D):
• 17.5 x 5.25 x 13.8 in (44.5 x 13.3 x 35.05 cm)
• Rack mount: 3 RU
Weight:
• Base chassis: 29.3 lb (13.3 kg)
• Fully configured chassis: 42.5 lb (19.3 kg)
Source power:
• Provisioning requirements:
- 100 to 127 VAC, 60 Hz, 13.0 A
- 200 to 240 VAC, 50 Hz, 2.5 A
- -40 to -72 VDC, 30 A @ -48 VDC
Thermal:
• Thermal load: 1654 BTU/hr AC or DC2 power
Environmental Ranges:
• Operating temperature: 32° to 104° F (0° to 40° C)
• Non-operating storage temperature: -40° to 158° F
(-40° to 70° C)
• Altitude: 10,000 ft (3048 m)
• Humidity: 5% to 90% noncondensing
4
Page 5
Registration, Compliance, Certification
• SRX Series production employs a TL-9000 registered quality
management system.
• 3GPP TS 20.060
3
R6: version 6.21.0
R7: version 7.3.0
R8: version 8.3.0
• NEBS-III Planned
• CC EAL4+ Planned
• FIPS-140-2 Planned
Consolidated Security Services
• Stateful firewall
• Stateless firewall filter
• IPsec VPN
• Intrusion prevention system (IPS)
• Network address translation (NAT)
• User authentication and access control
• Public key infrastructure (PKI) support
• Virtualization
• Dynamic Routing
• IPv6
• Layer 2 (transparent) mode
• Layer 3 (route and/or NAT) mode
• IP address assignment
• Traffic management QoS
4
• HA
4
• Application Security
• Application QoS
• Management
• Administration
• Logging/monitoring
Juniper Networks Services and Support
Juniper Networks is the leader in performance-enabling services
and support, which are designed to accelerate, extend, and
optimize your high-performance network. Our services allow
you to bring revenue-generating capabilities online faster so
you can realize bigger productivity gains and faster rollouts of
new business models and ventures. At the same time, Juniper
Networks ensures operational excellence by optimizing your
network to maintain required levels of performance, reliability, and
availability. For more details, please visit www.juniper.net/us/en/
products-services.
Ordering Information
MODEL NUMBER DESCRIPTION
Base System
SRX1400BASE-GE-AC SRX1400 chassis, fan, Routing Engine, GbE-
SRX1400BASE-XGE-AC SRX1400 chassis, fan, Routing Engine, 10GbE-
Network and Services Processing Cards
SRX1K-NPC-SPC-1-10-40 Network and Services Processing Card (NSPC) for
Field Replaceable Units (FRU)
SRX1400-CHAS SRX1400 chassis (includes back plane)
SRX1400-FAN SRX1400 fan tray
SRX1400-FAN-BLANK SRX1400 fan tray cover/door
SRX1400-FLTR SRX1400 replacement fan filter
SRX1K-PWR-AC AC power supply for SRX1400
SRX1K-PWR-BLANK Blank power supply cover for SRX1400
SRX1K-RE-12-10 Routing Engine with 1200 MHz processor and 1 GB
SRX1K-SYSIO-GE GE System I/O card with 6 x 10/100/1000 copper
SRX1K-SYSIO-XGE XGE System I/O card with 3 x 10GbE SFP+,
SRX3000 line processing cards interoperable with SRX1400
SRX3K-SPC-1-10-40 SPC for SRX1400 and SRX3000 line, single
SRX3K-NPC NPC for SRX1400 and SRX3000 line
Tray for SRX3000 Processing Cards
SRX1K3K-2CFM-TRAY Double wide tray holder for two single wide
I/O Cards (IOCs)
SRX3K-16GE-SFP 16 x 1GbE SFP I/O card for SRX1400 and
SRX3K-16GE-TX 16 x 10/100/ 1000 copper I/O card for SRX1400
SRX3K-2XGE-XFP 2 x 10GbE XFP I/O card for SRX1400 and
1GbE Transceivers and Optic Modules
SRX-SFP-1GE-LH SFP 1000BASE-LH gigabit Ethernet optic module
SRX-SFP-1GE-LX SFP 1000BASE-LX gigabit Ethernet optic module
SRX-SFP-1GE-SX SFP 1000BASE-SX gigabit Ethernet optic module
SRX-SFP-1GE-T SFP 1000BASE-T gigabit Ethernet module (uses
System I/O card, AC power supply, C13 power cord.
(no SPC, no NPC, no NSPC, no IOC)
System I/O card, AC power supply, C13 power cord.
(no SPC, no NPC, no NSPC, no IOC)
1
SRX1400, single processor, 1 GHz, 4 GB memory/
CPU
memory for SRX1400 (included in base system)
and 6 x GbE SFP for SRX1400 (included in GE
base system)
6x10/100/1000 copper and 3xGE SFP for
SRX1400 (included in XGE base system)
processor, 1 GHz processor, 4 GB memory/CPU
SRX3000 line modules
SRX3000 line
and SRX3000 line
SRX3000 line
Cat 5 cable)
5
Page 6
Ordering Information (continued)
MODEL NUMBER DESCRIPTION
10GbE Transceivers and Optic Modules
SFP+ Transceivers (for XGE Base System)
SRX-SFP-10GE-DAC-1M SFP+ 10GbE direct attach copper (twinax copper
cable) 1 m
SRX-SFP-10GE-DAC-3M SFP+ 10GbE direct attach copper (twinax copper
cable) 3 m
SRX-SFP-10GE-ER SFP+ 10GbE ER optics, 1550 nm for 40 km
transmission
SRX-SFP-10GE-LR SFP+ 10GbE LR optics, 1310 nm for 10 km
transmission
SRX-SFP-10GE-LRM SFP+ 10GbE LRM optics, 1310 nm for 220 m
transmission
SRX-SFP-10GE-SR SFP+ 10GbE SR optics, 850 nm for up to 300 m
transmission
XFP Transceivers for 10GbE IOC
SRX-XFP-10GE-ER 10GbE 40 km single mode pluggable interface
SRX-XFP-10GE-LR 10GbE XFP pluggable transceiver; single mode
1310 nm 10 km reach
SRX-XFP-10GE-SR 10GbE short reach multimode pluggable interface
C13 Straight Power Cables5
CBL-JX-PWR-UK Power cord, AC, Great Britain and Ireland, C19 at
70-80 mm, 13A/250 V, 2.5 m
CBL-JX-PWR-US Power cord, AC, Japan/US, NEMA 5-15 to C19 at
70-80 mm, 15A/125 V, 2.5 m
CBL-JX-PWR-AU Power cord, AC, Australia/New Zealand, C19 at
70-80 mm, 15A/250 V, 2.5 m
CBL-JX-PWR-CH Power cord, AC, China, C19, 16A/250 V, 2.5 m
CBL-JX-PWR-EU Power cord, AC, Continental Europe, C19, 16A/250
V, 2.5 m
CBL-JX-PWR-IT Power cord, AC, Italy, C19 at 70-80 mm, 16A/250
V, 2.5 m
CBL-JX-PWR-JP Power cord, AC, Japan, NEMA 6-20 to C19,
16A/250 V, 2.5 m
MODEL NUMBER DESCRIPTION
AppSecure Subscription
SRX1400-APPSEC-A-1 One year subscription for Application Security and
SRX1400-APPSEC-A-3 Three year subscription for Application Security
SRX1400-APPSEC-A-1-R One year subscription renewal for Application
SRX1400-APPSEC-A-3-R Three year subscription renewal for Application
1
Pocessing card(s) must be installed in the SRX1400 in order for proper operation. If the
SRX1400 NSPC is not installed, then separate SRX3000 line NPC and SPC cards mounted on
a double-wide tray must be installed in order for the SRX1400 system to function properly.
2
Not available at product introduction. Check with a Juniper Sales representative for availability.
3
Exceptions: - Section 7.5A Multimedia Broadcast and Multicast Services (MBMS) messages
- Section 7.5B Mobile Station (MS) information change messages
- Section 7.3.12 Initiate secondary PDP context from gateway GSN (GGSN)
4
Not supported in Junos OS 10.4
5
AC power cord for appropriate region is included in base system.
IPS updates for SRX1400
and IPS updates for SRX1400
Security and IPS updates for SRX1400
Security and IPS updates for SRX1400
About Juniper Networks
Juniper Networks, Inc. is the leader in high-performance
networking. Juniper offers a high-performance network
infrastructure that creates a responsive and trusted environment
for accelerating the deployment of services and applications
over a single network. This fuels high-performance businesses.
Additional information can be found at www.juniper.net.
Corporate and Sales Headquarters
Juniper Networks, Inc.
1194 North Mathilda Avenue
Sunnyvale, CA 94089 USA
Phone: 888.JUNIPER (888.586.4737)
or 408.745.2000
Fax: 408.745.2100
APAC Headquar ters
Juniper Networks (Hong Kong)
26/F, Citypla za One
1111 King’s Road
Taikoo Shing, Hong Kong
Phone: 852. 2332.3636
Fax: 852.2574.7803
EMEA Headquarters
Juniper Networks Ireland
Airside Business Park
Swords, County D ublin, Ireland
Phone: 35.31.8903.600
EMEA Sales: 00800.4586.4737
Fax: 35.31.8903.601
www.juniper.net
Copyri ght 2010 Juniper Netw orks, Inc. All r ights reser ved. Juniper N etworks, t he Juniper Net works logo, Jun os,
NetScr een, and Screen OS are registere d trademarks o f Juniper Netw orks, Inc. in th e United States and oth er
countri es. All other trad emarks, se rvice marks , registered m arks, or regis tered serv ice marks are th e property o f
their re spective own ers. Junipe r Networks a ssumes no res ponsibilit y for any inaccurac ies in this docum ent. Juniper
Netwo rks reser ves the right to cha nge, modify, tran sfer, or otherw ise revise thi s publication w ithout notice.
1000336-001-EN Oct 2010
Printed o n recycled pape r
6
To purchase Juniper Networks solutions,
please contact your Juniper Networks
representative at 1-866-298-6428 or
authorized reseller.
Loading...