You are on page 1of 12

DATASHEET

SRX Series Services
Gateways for the Branch

SRX100, SRX210, SRX240 and
SRX650

Product Overview
Juniper Networks SRX Series
Services Gateways for the branch are
secure routers that provide essential
capabilities that connect, secure, and
manage work force locations sized
from handfuls to hundreds of users.
By consolidating fast, highly available
switching, routing, security, and
applications capabilities in a single
device, enterprises can economically
deliver new services, safe
connectivity, and a satisfying end user
experience. All SRX Series Services
Gateways, including products scaled
for the branch, campus and data
center applications, are powered
by Juniper Networks JUNOS
Software—the proven operating
system that provides unmatched
consistency, better performance with
services, and superior infrastructure
protection at a lower total cost of
ownership.

Product Description
The Juniper Networks® SRX Series Services Gateways for the branch joins Juniper
Networks SRX Series for the high end, EX Series Ethernet Switches, M Series
Multiservice Edge Routers, MX Series Ethernet Services Routers, and T Series Core
Routers to provide a single Juniper Networks JUNOS® Software-based portfolio
of unprecedented scale. With JUNOS, enterprises and service providers can lower
deployment and operational costs across their entire distributed workforce.
• SRX Series for the branch runs JUNOS Software, the proven operating system that is
used by core Internet routers in all of the top 100 service providers around the world.
The rigorously tested carrier class routing features of IPv4/IPv6, OSPF, BGP, and
multicast have been proven in over 10 years of worldwide deployments.
• SRX Series Services Gateways for the branch provide perimeter security, content
security, access control, and network-wide threat visibility and control. Best-in-class
firewall and VPN technologies secure the perimeter with minimal configuration
and consistent performance. By using zones and policies, even new network
administrators can configure and deploy an SRX Series for the branch quickly and
securely. Policy-based VPNs support more complex security architectures that
require dynamic addressing and split tunneling. For content security, SRX Series for
the branch offers a complete suite of Unified Threat Management (UTM) services
consisting of: intrusion prevention system (IPS), antivirus, antispam, Web filtering
and data loss prevention via content filtering to protect your network from the latest
content borne threats. Select models feature Content Security Accelerator for highperformance IPS and antivirus performance. The branch SRX Series integrates with
other Juniper security products to deliver enterprise-wide unified access control and
adaptive threat management. These capabilities give security professionals powerful
tools in the fight against cybercrime and data loss.
• SRX Series for the branch are secure routers that bring high-performance and proven
deployment capabilities to enterprises that need to build a worldwide network of
thousands of sites. The wide variety of options allows configuration of performance,
functionality, and price scaled to support from a handful to thousands of users.
Ethernet, serial, T1/E1, xDSL, Metro Ethernet, and third generation (3G) cellular
wireless are all available options for WAN or Internet connectivity to securely link your
sites. Multiple form factors allow you to make cost-effective choices for mission-critical
deployments. Managing the network is easy using the proven JUNOS command-line
interface (CLI) and scripting capabilities, or a simple to use Web-based GUI.

1

PoE+ 803. The main purpose of a secure router is to provide firewall protection and apply policies. backwards compatible with 802.9. PoE+. Ethernet SFP. allocates bandwidth for all other missioncritical applications. This architectural choice receives packets from a wide variety of clients and servers and keeps track of every session. serial. This reduces the load on the network. Features and Benefits Secure Routing Should you use a router and a firewall to secure your network? By building the branch SRX Series with best in class routing and firewall capabilities in one product. “Untrust” Zone INTERNET “Trust” Zone Intranet “Guest” Zone “DMZ” Zone Figure 1: Firewalls. antispam2. Web filtering2. intrusion prevention system2 (with high memory version) • Unified Access Control and content filtering • 512 MB RAM default. enterprises don’t have to make that choice. intrusion prevention system2. ADSL/2/2+.3af • Content Security Accelerator hardware for faster performance of IPS and ExpressAV • Full UTM2. 4 Mini-PIM slots • Factory option of 16 PoE ports. of every 2 application. 1 GB flash default (512 MB DRAM accessible in low memory version) SRX210 Services Gateway • 2 10/100/1000 Ethernet and 6 10/100 Ethernet LAN ports. It allows the enterprise to make sure that only legitimate traffic is on its network and that traffic is flowing in the expected direction. and Gigabit Ethernet interfaces • Content Security Accelerator hardware for faster performance of IPS and ExpressAV • Full UTM2. and intrusion prevention system2 • Unified Access Control and content filtering • Modular Services and Routing Engine. zones and policies .3af • Support for T1/E1.9. serial. Web filtering2. Web filtering2. future internal failover and hot-swap • 2 GB DRAM default. external compact flash slot for additional storage • Optional redundant AC power. and Gigabit Ethernet interfaces • Content Security Accelerator hardware for faster performance of IPS and ExpressAV • Full UTM2. antivirus2. 1 ExpressCard slot and 2 USB ports • Factory option of 4 dynamic Power over Ethernet (PoE) ports 802.Architecture and Key Components Key Hardware Features of the Branch SRX Series Products Product Description SRX100 Services Gateway • 8 10/100 Ethernet LAN ports • Full UTM2. and of every user. Gigabit Ethernet LAN ports. standard AC power supply that is PoE-ready. 1 GB flash default SRX240 Services Gateway • 16 10/1000/1000 Ethernet LAN ports. antispam2. 8 GPIM slots or multiple GPIM and XPIM combinations • Support for T1. Ethernet small form-factor pluggable transceiver (SFP). IP telephony.3af • Support for T1/E1. Network Deployments The SRX Series Services Gateways for the branch are deployed at remote and branch locations in the network to provide all-in-one secure WAN connectivity. backwards compatible with 802. E1. 1 Mini-PIM slot. The security policy determines if the session can originate in one zone and traverse to another zone. and connection to local PCs and servers via integrated Ethernet switching. antispam2. 1 GB flash default SRX650 Services Gateway • 4 fixed ports 10/100/1000 Ethernet LAN ports.3at. and secures the network from hacking. and only forwards it on when it is. supports up to 48 ports switching with optional PoE including 802.9 (with high memory version) • Unified Access Control (UAC) and content filtering • 1 GB8 DRAM. 2 GB compact flash default. The firewall (zone) functionality inspects traffic flows and state to ensure that originating and returning information in a session is expected and permitted for a particular zone. intrusion prevention system2 (with high memory version) • Unified Access Control (UAC) and content filtering • 512 MB DRAM default.3at. optional factory 1 GB DRAM. antivirus2. antivirus2. optional factory 1 GB DRAM. antivirus2. PoE power up to 250 watts redundant. antispam2. ADSL2/2+. Web filtering2. or 500 watts non-redundant. Why forward traffic if it’s not legitimate? SRX Series for the branch checks the traffic to see if it is legitimate.

As a result. At the narrowest level. Juniper Networks can address many common causes of system failures. To simplify installation and make configuration easier. The trust zone is used for configuration and attaching the LAN to the branch SRX Series. traffic and configuration will be mirrored automatically to provide active firewall and VPN session maintenance in case of a failure. without having to fail over the entire system. High Availability By using the Web interface or CLI. Network Address Translation (NAT) traffic. JSRP enables a pair of security systems to be easily integrated into a high availability network architecture. IPsec security associations. This is consistent with a typical active/standby nature of routing resiliency protocols.Active/Standby High Availability Active/Standby INTERNET Active Standby SRX240 SRX240 EX Series Active SRX240 EX Series INTERNET Active Failure SRX240 EX Series SRX240 EX Series EX Series Active/Active Active/Active INTERNET INTERNET Active SRX240 Failure SRX240 EX Series EX Series Active SRX240 EX Series Figure 2: High availability To ease the configuration of a firewall. JUNOS Services Redundancy Protocol (JSRP) is a core feature of the SRX Series for the branch. synchronization of the following information is shared: connection/session state and flow information. all types of traffic can be allowed from any source in security zones to any destination in all other zones without any scheduling restrictions. The untrust zone is used for the WAN or Internet interface. enterprises can create a series of security policies that will control the traffic from within and in between zones by defining policies. address book information. The branch SRX Series will now synchronize both configuration and runtime information. A traditional router forwards all traffic without regard to a firewall (session awareness) or policy (origination and destination of a session). At the broadest level. at a minimum. such as a physical port going bad or a cable getting disconnected.” While these can be user defined. With link redundancy. a default policy is in place that allows traffic originating from the trust zone to flow to the untrust zone. SRX Series for the branch uses two features—“zones” and “policies. the default shipping configuration contains. This policy blocks ALL traffic originating from the untrust zone to the trust zone. during failover. policies can be created that allow only one kind of traffic between a specified host in one zone and another specified host in another zone during a scheduled time period. with redundant physical connections between the systems and the adjacent network switches. 3 . a trust and an untrust zone. to ensure that a connection is available. When SRX Series Services Gateways for the branch are configured as an active/active pair.

By maintaining state. Figure 3 shows the session-based forwarding algorithm. Session-Based Forwarding Without the Performance Hit Security Policy Evaluation and Next-Hop Lookup Session Initial Packet Processing In order to optimize the throughput and latency of the combined router and firewall. JUNOS will look up the next-hop route in the routing table. Table Update Session and Forwarding Table Ingress Interface Forwarding for Permitted Traffic Disallowed by Policy: Dropped Figure 3: Session-based forwarding algorithm FIXED MOBILE SITE (Mobile – 3G) SMALL OFFICE INTERNET Mobile SRX210 Wireless Cellular SRX210 DSL Service Provider SIP Softswitch LARGE OFFICE EX4200 EX3200 Service Provider SIP Softswitch PSTN SRX240 PSTN POP SRX650 EX4200-24T POP Channelized T-1 Voice (AMI) Clear channel T-1 Data (B8ZS) POP EX3200-24P SRX210 SRX210 PBX Fax Fax HQ BRANCH Figure 4: The distributed enterprise 4 BRANCH Egress Interface . Some or all applications sessions will have to restart depending on the convergence time of the links or nodes. all dynamic flow and session information is lost and must be reestablished in the event of a failover. Subsequent packets for the established session require a single table lookup in the session and forwarding table. not only is the session preserved. In contrast to the typical router active/standby resiliency protocols such as Virtual Router Redundancy Protocol (VRRP). With JUNOS Software. but security is intact. Established sessions have a single table lookup to verify that the session has been permitted and to find the next hop. JUNOS Software implements session-based forwarding. When a new session is established. It then inserts the session and the next-hop route into the session and forwarding table and forwards the packet. the session-based architecture within JUNOS verifies that the session is allowed by the forwarding policies. a session that is permitted by the forwarding policy is added to the forwarding table along with a pointer to the next-hop route. and more.configuration changes. In an unstable network. and are forwarded to the egress interface. If the session is allowed. This efficient algorithm improves throughput and lowers latency for session traffic when compared with a classic router that performs multiple table lookups to verify session information and then to find a next-hop route. an innovation that combines the session state information of a traditional firewall and the next-hop forwarding of a classic router into a single operation. this active/active configuration also mitigates link flapping affecting session performance.

Voice Transport • FRF. triple Data Encryption Standard (3DES) (168-bit). source-specific))7 • MPLS4 IP Address Management • Static • Dynamic Host Configuration Protocol (DHCP) (client and server) • DHCP relay Encapsulations • Ethernet (MAC and tagged) • Point-to-Point Protocol (PPP) (synchronous) – Multilink Point-to-Point Protocol (MLPPP) • Frame Relay – Multilink Frame Relay (MLFR) (FRF.21. SRX240 high memory. interface. IPv6. Web filtering2. RS-449.SRX100 SRX210 SRX240 SRX650 Specifications Protocols Security • IPv4. zones. and SRX6502 – ExpressAV option in SRX210 high memory.16) • High-Level Data Link Control (HDLC) • Serial (RS-232. SRX240 high memory.9. Session Description Protocol (SDP). or filters VPN • Tunnels (generic routing encapsulation. EIA-530) • 802. and SRX6502 – Content filtering Routing and Multicast • Static routes • RIPv2 • OSPF • BGP • BGP Router Reflector1 • IS-IS • Multicast ((Internet Group Management Protocol (IGMPv3).35. SRX2109.15. Data Encryption Standard (DES) (56-bit). V. and shaping • Class-based queuing with prioritization • Weighted random early detection (WRED) • Queuing based on VLAN.9 – Content Security Accelerator in SRX210 high memory. policies • Stateful firewall. Anti-Replay • Unified Access Control • UTM2 (SRX650 and high memory versions of SRX240. OIR) – Future internal failover and SRE hot swap (OIR) • Backup link via 3G wireless or other WAN 5 . Browser based remote access feature requiring a license. screens. X. data-link connection identifier (DLCI). and SRX100 only) – Antivirus2. ISO Connectionless Network Service (CLNS) • Firewall.12 • Link fragmentation and interleaving (LFI) • Compressed Real-Time Transport Protocol (CRTP) High Availability • VRRP • Stateful failover and dual box clustering via JSRP3 • SRX650: – Redundant power (optional) – Future GPIM hot swap (online insertion and removal. Distance Vector Multicast Routing Protocol (DVMRP). bundles. antispam2. IP-in-IP. FRF. PIM. policing. ACL filters • Denial of service (DoS) and distributed denial of service (DDoS) protection (anomaly-based) • Prevent replay attack. IPsec) • IPsec. Advanced Encryption Standard (AES) (256-bit) encryption • Message Digest 5 (MD5) and SHA-1 authentication • Access Manager: Dynamic VPN Client. IPS2.1q VLAN support • Point-to-Point Protocol over Ethernet (PPPoE) Traffic Management • Marking.

SecureID) • Auto configuration • Configuration rollback • Rescue configuration with button • Commit confirm for changes • Auto record for diagnostics • Software upgrades • J-Web SLA and Measurement • Real-time performance monitoring (RPM) • Top talkers (sessions.000 IPS (intrusion prevention system) Future9 80 Mbps 250 Mbps 900 Mbps Antivirus 25 Mbps 30 Mbps 85 Mbps 350 Mbps IPsec VPN Tunnels Connections per second Maximum concurrent sessions DRAM options 2.5 Gbps 7 Gbps Firewall performance (IMIX) 200 Mbps 250 Mbps 500 Mbps 2.000 3.000 2.Specifications (continued) IPv64 Administration • OSPFv3 • IPv6 Multicast Listener Discovery (MLD) • BGP • Quality of service (QoS) • Juniper Networks Network and Security Manager support • Juniper Networks STRM Series Security Threat Response Managers support • Juniper Networks Advanced Insight Solutions support • External administrator database (RADIUS.5 Gbps Maximum Performance and Capacity Firewall + routing PPS (64 Byte) 75 Kpps 80 Kpps 200 Kpps 900 Kpps AES256+SHA-1/3DES+SHA-1 VPN performance 65 Mbps 75 Mbps 250 Mbps 1.6 JUNOS 9.3af/at with maximum 247 W 1 2 2 2 per SRE BGP instances 5 10 20 64 BGP peers 8 16 32 256 BGP routes 4 K / 8 K5 8 K / 16 K5 32 K / 64 K5 1 M6 USB Routing OSPF instances OSPF routes RIP v1 / v2 instances 4 10 20 64 4 K / 8 K5 8 K / 16 K5 32 K / 64 K5 1 M6 4 10 20 64 RIP v2 routes 4 K / 8 K5 8 K / 16 K5 32 K / 64 K5 1 M6 Static routes 4 K / 8 K5 8 K / 16 K5 32 K / 64 K5 1 M6 6 .6 JUNOS 9.000 30.000 9.6 JUNOS 9. bandwidth usage) • J-Flow flow monitoring and accounting services Logging and Monitoring • Syslog • Traceroute Product Comparison SRX100 SRX210 SRX240 SRX650 JUNOS Software version tested JUNOS 9.000 16 K / 32 K5 512 MB8 / 1 GB DRAM 32 K / 64 K5 512 MB / 1 GB DRAM 64 K / 128 K5 512 MB / 1 GB DRAM 512 K6 2 GB DRAM Maximum security policies 384 512 4096 8192 Maximum users supported Unrestricted Unrestricted Unrestricted Unrestricted Fixed I/O 8 x 10/100 2 x 10/100/1000BASE-T + 6 x 10/100 16 x 10/100/1000BASE-T 4 x 10/100/1000BASE-T I/O slots N/A 1 x SRX Mini-PIM 4 x SRX Mini-PIM 8 x GPIM or multiple GPIM and XPIM combinations Services and Routing Engine slots N/A N/A N/A 23 Network Connectivity ExpressCard slot (3G WAN) No Yes No No WAN/LAN interface options N/A See ordering information See ordering information See ordering information Optional maximum number of PoE ports N/A Up to 4 ports of 802.3af with maximum 50 W Up to 16 ports of 802. packets.6 Firewall performance (large packets) 650 Mbps 750 Mbps 1.3af/at with maximum 150 W Up to 48 ports of 802.5 Gbps 128 256 1. LDAP.

Product Comparison (continued) SRX100 SRX210 SRX240 SRX650 Source-based routing Yes Yes Yes Yes Policy-based routing Yes Yes Yes Yes Equal-cost multipath (ECMP) Yes Yes Yes Yes Reverse path forwarding (RPF) Yes Yes Yes Yes Layer 2 VPN (VPLS) Yes Yes Yes Yes Layer 3 VPN Yes Yes Yes Yes LDP Yes Yes Yes Yes RSVP Yes Yes Yes Yes Circuit Cross-connect (CCC) Yes Yes Yes Yes Translational Cross-connect (TCC) Yes Yes Yes Yes IGMP (v1. Microsoft. (Netscape).15. RSA SecureID.5 1. Entrust. 802.2. Microsoft. iPLanet.5 1. (Netscape). LDAP User Authentication and Access Control Third-party user authentication RADIUS accounting Yes Yes Yes Yes XAUTH VPN. Baltimore.509) Yes Yes Yes Yes Routing (continued) MPLS 4 Multicast 7 IPsec VPN Perfect forward secrecy (DH Groups) 1. Baltimore. Entrust. Microsoft.2. FRF . DoD PKI VeriSign. (Netscape). LDAP RADIUS.X authentication Yes Yes Yes Yes PKI certificate requests (PKCS 7 and PKCS 10) Yes Yes Yes Yes VeriSign. DoD PKI VeriSign.5 Prevent replay attack Yes Yes Yes Yes Dynamic remote access VPN Yes9 Yes Yes No IPsec NAT traversal Yes Yes Yes Yes Redundant VPN gateways Yes Yes Yes Yes RADIUS. LDAP RADIUS. RSA SecureID. v3) Yes Yes Yes Yes PIM SM Yes Yes Yes Yes PIM source-specific multicast (SSM) Yes Yes Yes Yes Multicast inside IPsec tunnel Yes Yes Yes Yes Concurrent VPN tunnels 128 256 1000 3000 Tunnel interfaces 10 64 128 512 DES (56-bit). RSA Keon. v2.5 1. Baltimore. (Netscape). RSA Keon. Microsoft.2. LDAP RADIUS. iPLanet. iPLanet. RSA Keon. DoD PKI Maximum number of security zones 10 12 32 128 Maximum number of virtual routers 3 10 20 60 Maximum number of VLANs 16 64 512 4096 Yes Certificate Authorities supported Virtualization Encapsulations PPP/MLPPP N/A Yes Yes MLPPP maximum physical interfaces N/A 1 4 12 Frame Relay N/A Yes Yes Yes MLFR (FRF . iPLanet.16) N/A Yes Yes Yes MLFR maximum physical interfaces N/A 1 4 12 HDLC N/A Yes Yes Yes 7 . Entrust. RSA Keon. DoD PKI VeriSign. 3DES (168-bit) and AES (256-bit) Yes Yes Yes Yes MD-5 and SHA-1 authentication Yes Yes Yes Yes Manual key. public key infrastructure (PKI) (X. RSA SecureID. RSA SecureID. Entrust.2. Web-based. Baltimore. Internet Key Exchange (IKE).

1Q Yes Yes Yes Yes Link Aggregation 802.3ad/LACP Yes Yes Yes Yes Jumbo Frame (9216 Byte) No Yes Yes Yes Spanning Tree Protocol (STP) 802.Product Comparison (continued) SRX100 SRX210 SRX240 SRX650 Source NAT with Port Address Translation (PAT) Yes Yes Yes Yes Static NAT Yes Yes Yes Yes Destination NAT with PAT Yes Yes Yes Yes Static Yes Yes Yes Yes DHCP. RSTP 802.1x Port based and multiple supplicant Yes Yes Yes Yes Guaranteed bandwidth Yes Yes Yes Yes Maximum bandwidth Yes Yes Yes Yes Ingress traffic policing Yes Yes Yes Yes Priority-bandwidth utilization Yes Yes Yes Yes DiffServ marking Yes Yes Yes Yes Active/active—L3 mode Yes Yes Yes3 Yes3 Active/passive—L3 mode Yes Yes Yes Yes3 Configuration synchronization Yes Yes Yes Yes3 VRRP Yes Yes Yes Yes Session synchronization for firewall and VPN Yes Yes Yes3 Yes3 Session failover for routing change Yes Yes Yes3 Yes3 Device failure detection Yes Yes Yes Yes3 Link failure detection Yes Yes 3 Yes Yes3 Network attack detection Yes Yes Yes Yes DoS and DDos protection Yes Yes Yes Yes TCP reassembly for fragmented packet protection Yes Yes Yes Yes Brute force attack mitigation Yes Yes Yes Yes SYN cookie protection Yes Yes Yes Yes Zone-based IP spoofing Yes Yes Yes Yes Malformed packet protection Yes Yes Yes Yes Yes9 Yes Yes Yes Protocol anomaly detection Yes9 Yes Yes Yes Stateful protocol signatures 9 Yes Yes Yes Yes Intrusion prevention system (IPS) attack pattern obfuscation Yes9 Yes Yes Yes Address Translation IP Address Assignment L2 Switching Traffic Management Quality of Service (QoS) High Availability 3 3 3 Firewall Unified Threat Management 2 Intrusion Prevention System (IPS) Customer signatures creation Frequency of updates 8 Yes9 Yes Yes Yes Daily and emergency9 Daily and emergency Daily and emergency Daily and emergency . PPPoE client Yes Yes Yes Yes Internal DHCP server Yes Yes Yes Yes DHCP relay Yes Yes Yes Yes VLAN 802. MSTP 802.1w.1D.1s Yes Yes Yes Yes Authentication 802.

HTTP.3 A at 100 VAC with single PSU with PoE 8.13 A @ 100 VAC (PoE) 1.1 A @ 100 VAC for HM 3. 1 GB 512 MB.1 in (27.5 x 3.5 cm) 17. 84 W (PoE) 61 W (LM). HTTP.1 in (44. SMTP. 150 W Non PoE / 350 W PoE 100–240 VAC.6 kg) POE No interface modules 24.41 A @ 100 VAC (LM).3 A at 100 VAC with dual PSU with PoE 60 A 80 A for LM/HM.2 cm) 2.2 lb (5. FTP POP3. External slot empty. FTP Antispyware Yes Yes Yes Yes Antiadware Yes Yes Yes Yes Antikeylogger Yes Yes Yes Yes Antispam 9 Yes Yes Yes Yes Integrated Web filtering Yes Yes Yes Yes Redirect Web filtering Yes Yes Yes Yes Content filtering Yes Yes Yes Yes Yes Yes Yes Yes Web UI Yes Yes Yes Yes Command-line interface Yes Yes Yes Yes Network and Security Manager Yes Yes Yes Yes STRM Series Yes Yes Yes Yes 512 MB (Accessible).8 in (21.3 kg) No interface modules 1 power supply Yes. SMTP. 60 W (Non-PoE) / 150 W PoE 100–240 VAC.1 x 18.5 x 18.75 x 15. IMAP.4 lb (2 kg) POE No interface modules 11.0 A @ 100 VAC for LM 1. and protocol commands System Management Flash and Memory Memory minimum and maximum (DRAM) USB port for external storage Dimensions and Power Dimensions (W x H x D) Weight (Device and Power supply) Rack mountable Power supply (AC) Input frequency Maximum current consumption Maximum inrush current 50-60 Hz 50-60 Hz 50-60 Hz 50-60 Hz 0. 30 W 100–240 VAC. 1 RU Yes. or 494 W non-redundant Average power consumption 10 W 27 W Low Memory (LM). HTTP. HTTP. FTP POP3. 28 W High Memory (HM).0 cm) 17.3 lb (5.2 in (44.4 x 4.5 x 1. 0. Single 645 W or Dual 645 W Maximum PoE power N/A 50 W 150 W 247 W redundant. 65 W (HM).9 x 4. SMTP.4 x 5. 1 GB8 512 MB.0 A @ 100 VAC for PoE 5. IMAP. 1 RU Yes.5 x 1. 2 RU 100-240 VAC. IMAP.7 cm) 11.8 x 46.Product Comparison (continued) SRX100 SRX210 SRX240 SRX650 Express AV (packet-based AV) No Yes Yes Yes File-based antivirus Yes Yes Yes Yes Unified Threat Management (continued) 2 Antivirus Signature database Yes Yes Yes Yes Protocols scanned POP3.6 x 3. 60 A for PoE 40 A for LM/HM.4 x 8.1 x 1.9 lb (11. 1 RU Yes.1 kg) 3.75 x 7.44 A @ 100 VAC (HM).3 lb (1. SMTP.5 lb (1.4 x 38.25 A @ 100 VAC 0. 1.5 kg) Non-POE / 4. 179 W (PoE) 122 W B  ased on MIME type. file extension. up to 2 GB CF supported Yes Yes Yes Yes 8. FTP POP3. 45 A for PoE 45 A for ½ cycle 9 .1 kg) Non-POE / 12. 1 GB 2 GB Memory slots Fixed memory Fixed memory Fixed memory 4 DIMM Flash memory 1 GB 1 GB 1 GB 2 GB CF internal on SRE.6 x 14. IMAP.

8 years [SRX100H] 15. S043. High availability. (0° to 40° C) 32° to 104° F. on high memory system options. BGP Route Reflector supported on SRX650. 9. DoC CTR 12 / 13. 3. CTR 21. 6.antivirus. S 016. 2. (0° to 40° C) 32° to 104° F. S 043.1. SRX210H-POE is Class A.1.6. 5.3 years (SRX240H) 10. (-20° to 70° C) 4° to 158° F. 126 BTU/hr (SRX210H). S 016. S 043. 10. CTR 21. DoC CTR 12 / 13. S 043. DoC CTR 12 / 13.Product Comparison (continued) SRX100 SRX210 Average heat dissipation 35 BTU/hr 92 BTU/hr (SRX210B) 95 BTU/hr (SRX210H). U  nified Threat Management.1. Optional upgrade to 1 GB DRAM is available with purchase of memory software license key. Please see the ordering section for options.2 AS / ACIF S 002.6 release.0 release. Content Filtering and UAC are part of the base software with no additional license. (-20° to 70° C) 10–90% noncondensing 10–90% noncondensing 10–90% noncondensing 10–90% noncondensing 24. SMB.2 AS / ACIF S 002.4 years (SRX210H-PoE) 15. IPS. CTR 21. Web filtering and IPS require a subscription license and the high memory system option to use the feature.2 AS / ACIF S 016 New Zealand Safety certifications EMC certifications Network homologation AS / NZS 60950-1 AS / NZS 60950-1 AS / NZS 60950-1 AS / NZS 60950-1 AS / NZS CISPR22 Class B AS / NZS CISPR22 Class B10 AS / NZS CISPR22 Class A AS / NZS CISPR22 Class A PTC 217. SRX100B installed with 1 GB DRAM. and dynamic VPN features in SRX100 are supported as of the 10. UTM is not supported on the low memory version.2 years (SRX240B) 14. Supported in 9. DoC 1.2 years (SRX210B) 14.3 years (SRX210H) 10. EN 300386 EN 55022 Class A. PTC 273 PTC 217. (0° to 40° C) 32° to 104° F. S043. 10 . EN 300386 EN 55022 Class B10. with 512 MB accessible.5 in packet mode without services. S043. antispam.4 years (SRX240H-PoE) 9. 157 BTU/hr (SRX210H-PoE) 344 BTU/Hr (SRX210B) 369 BTU/Hr (SRX210H) 413 BTU/Hr (SRX210H-PoE) 699 BTU/Hr No No No Yes (up to maximum capacity of single PSU) 0 dB (fanless) <50 dB <60 dB 60. EN 300386 EN 55022 Class A.9 dB Redundant power supply (hot swappable) Acoustic noise level (Per ISO 7779 Standard) SRX240 SRX650 Environment Operational temperature 32° to 104° F.6 years with redundant power Humidity Mean time between failures (Telcordia model) Certifications and Network Homologation USA Safety certifications UL 60950-1 UL 60950-1 UL 60950-1 UL 60950-1 EMC certifications FCC Class B FCC Class B FCC Class A FCC Class A TIA-968 TIA-966 Network homologation 10 TIA-968 TIA-968 Safety certifications CSA 60950-1 CSA 60950-1 CSA 60950-1 CSA 60950-1 EMC certifications ICES class B ICES class B ICES class A ICES class A CS-03 CS-03 Canada Network homologation CS-03 10 CS-03 Australia Safety certifications EMC certifications Network homologation AS / NZS 60950-1 AS / NZS 60950-1 AS / NZS 60950-1 AS / NZS 60950-1 AS / NZS CISPR22 Class B AS / NZS CISPR22 Class B10 AS / NZS CISPR22 Class A AS / NZS CISPR22 Class A AS / ACIF S 002. When UTM is enabled capacities supported are low memory specifications. 8. 4. EN 300386 CTR 12 / 13. 116 BTU/hr (SRX210H-PoE) 208 BTU/Hr (SRX240B) 222 BTU/Hr (SRX240H) 249 BTU/Hr (SRX240H-PoE) 319 BTU/Hr Maximum heat dissipation 80 BTU/hr 120 BTU/hr (SRX210B). When UTM is enabled concurrent sessions supported is 50% 0f value shown. PTC 273 PTC 217 Japan Safety certifications CB Scheme CB Scheme CB Scheme CB Scheme EMC certifications VCCI Class B VCCI Class B10 VCCI Class A VCCI Class A Certificate for Technical Conditions Certificate for Technical Conditions Certificate for Technical Conditions Certificate for Technical Conditions Network homologation European Union Safety certifications EMC certifications Network homologation EN 60950-1 EN 60950-1 EN 60950-1 EN 60950-1 EN 55022 Class B. See ordering section for more information. 7. (-20° to 70° C) 4° to 158° F. antispam. VRRP supported on all SRX Series products. SRX240 and SRX650 will support high availability features in JUNOS 9. Multicast features in SRX240 and SRX650 are supported as of the 9.8 years [SRX100B] 24. S 016. (0° to 40°C) Nonoperational temperature 4° to 158° F. (-20° to 70° C) 4° to 158° F. PTC 273 PTC 217.

1 GB Flash). and availability.Performance-Enabling Services and Support Model Number Description Juniper Networks is the leader in performance-enabling services and support. SRX650-CHAS SRX650 chassis including fan tray. which are designed to accelerate. AS. 1 GB Flash) 11 . while generating higher levels of customer satisfaction. 1 GB Flash) SRX240H SRX240 Services Gateway with 16 Gigabit Ethernet ports. SRX650 Options Interface Modules Interface Modules SRX-MP-1SERIAL 1-port Sync Serial Mini Physical Interface Module (Mini-PIM) for branch SRX Series SRX-MP-1ADSL2-A 1-port ADSL2+ Mini-PIM supporting ADSL/ ADSL2/ADSL2+ Annex A SRX-MP-1ADSL2-B 1-port ADSL2+ Mini-PIM supporting ADSL/ ADSL2/ADSL2+ Annex B SRX-GP-16GE 16-port 10/100/1000BASE-T XPIM SRX-GP-16GE-POE 16-port 10/100/1000BASE-T PoE XPIM SRX-MP-1SFP SRX-GP-24GE 24-port 10/100/1000BASE-T XPIM. and greater market reach. Works with 90-250 VAC input. One is included in SRX650 Chassis Spare (SRX650-CHAS). 4 Mini-PIM slots. 1 Mini-PIM slot. No system processor (SRE) and no power supply unit. includes 4 SFP slots 1-port SFP Mini Physical Interface Module (Mini-PIM) for branch SRX Series SRX-MP-1T1E1 SRX-GP-24GE-POE 24-port 10/100/1000BASE-T PoE XPIM. and IDP on SRX650 SRX650-K-AV-3 Three year subscription for Juniper-Kaspersky antivirus updates on SRX650 SRX650-IDP-3 Three year subscription for IDP updates on SRX650 SRX210 Base System SRX210B SRX210 Services Gateway with 2 GbE + 6 Fast Ethernet ports. For more details. Holds one unit. 2 GB DRAM. 1 Mini-PIM slot. and not included in SRX650 Base System (SRX650-BASE-SRE6-645AP). and IDP on SRX240 SRX240-K-AV-3 Three year subscription for Juniper-Kaspersky antivirus updates on SRX240 SRX600-PWR-645ACPOE Spare 645 W AC PoE power supply unit for SRX650 systems. but recommended for dusty environments. with 16 ports PoE (150 W) SRX240-RMK SRX240 Rack mount kit for 19 in rack. SRX240-W-WF-3 Three year subscription for Juniper-Websense Web filtering updates on SRX240 SRX240-SMB-CS-3 Three year security subscription for enterprise includes antivirus. AS. fan tray. 4 Mini-PIM slots. WF. 645 W AC PoE power supply unit for SRX650. faster rollouts of new business models and ventures. please visit www. WF. AS. and high memory (1 GB RAM.juniper. and IDP on SRX240 SRX-RAC-5-LTU Dynamic VPN Client: 5 simultaneous users for SRX210 and SRX240 only SRX650-FILT-01 OPTIONAL Additional Software Feature Licenses SRX650-K-AV One year subscription for Juniper-Kaspersky antivirus updates on SRX650 SRX-RAC-10-LTU SRX650-IDP One year subscription for IDP updates on SRX650 Dynamic VPN Client: 10 simultaneous users for SRX210 and SRX240 only SRX650-S-AS One year subscription for Juniper-Symantec antispam updates on SRX650 SRX-RAC-25-LTU Dynamic VPN Client: 25 simultaneous users for SRX210 and SRX240 only SRX650-W-WF One year subscription for Juniper-Websense Web filtering updates on SRX650 SRX-RAC-50-LTU Dynamic VPN Client: 50 simultaneous users for SRX240 only SRX650-SMB-CS One year security subscription for enterprise includes antivirus. and included in SRX650 Base System (SRX650-BASE-SRE6645AP) SRX240-IDP-3 Three year subscription for IDP updates on SRX240 SRX240-S-AS-3 Three year subscription for Juniper-Symantec antispam updates on SRX240 Not included in SRX650 Chassis Spare (SRX650CHAS). Provides 397 W system power @ 12 V and 247 W POE power @ 50 VDC. Our services allow you to bring revenue-generating capabilities online faster so you can realize bigger productivity gains. 1 GB Flash) SRX210H SRX210 Services Gateway with 2 GbE+ 6 Fast Ethernet ports. SRX650-S-AS-3 Three year subscription for Juniper-Symantec antispam updates on SRX650 SRX650-W-WF-3 Three year subscription for Juniper-Websense Web filtering updates on SRX650 SRX650-SMB-CS-3 Three year security subscription for enterprise includes antivirus. Includes power cord and rack mount kit. 1 ExpressCard slot and high memory (1 GB RAM. 1 ExpressCard slot and base memory (512 MB RAM. AS. and base memory (512 MB RAM. SRX600-SRE6H SPARE Spare SRE6-H for SRX650. WF. SRX650-FAN-01 Spare SRX650 fan tray. 4 x 10/100/1000BASE-T ports. and IDP on SRX650 SRX-BGP-ADV-LTU Advanced BGP on SRX650 (Route Reflector) SRX240 Base System SRX240B SRX240 Services Gateway with 16 Gigabit Ethernet ports. and optimize your high-performance network. One is included in SRX650 Base System (SRX650-BASE-SRE6645AP). 1 GB Flash) SRX240H-POE SRX240 Services Gateway with 16 Gigabit Ethernet ports. One is included in SRX650 Base System (SRX650-BASE-SRE6-645AP). includes 4 SFP slots 1-port T1 or E1 Mini Physical Interface Module (Mini-PIM) for branch SRX Series SRX-GP-DUAL-T1-E1 Dual T1/E1 GPIM SRX-GP-QUAD-T1-E1 QUAD T1/E1 GPIM Power Supplies and Accessories Additional Software Feature Licenses SRX240-K-AV One year subscription for Juniper-Kaspersky antivirus updates on SRX240 SRX240-IDP One year subscription for IDP updates on SRX240 SRX240-S-AS One year subscription for Juniper-Symantec antispam updates on SRX240 SRX240-W-WF One year subscription for Juniper-Websense Web filtering updates on SRX240 SRX240-SMB-CS One year security subscription for enterprise includes antivirus. At the same time. reliability. as this is not required for normal operations. WF. 2 GB CF. Ordering Information Model Number Description SRX650 Base System SRX650-BASE-SRE6645AP SRX650 Services Gateway with 1 Services Routing Engine (SRE). 4 Mini-PIM slots. and high memory (1 GB RAM.net/products-services. extend. Juniper Networks ensures operational excellence by optimizing your network to maintain required levels of performance. Optional.

registered marks.holds one unit *See price list for country-specific power cord model numbers. Inc. 1194 North Mathilda Avenue Sunnyvale. Ireland Phone: 35. CA 94089 USA Phone: 888. 1 ExpressCard slot and high memory (1 GB RAM. All rights reserved. 60 W (non-PoE) SRX210-PWR-150W-* Spare SRX210 switching power supply. 1 Mini-PIM slot. Juniper Networks assumes no responsibility for any inaccuracies in this document. transfer. SRX210-PWR-60W-* Spare SRX210 switching power supply. County Dublin.8903. is the leader in high-performance networking.8903. . AS. Holds one unit. Additional Software Feature Licenses Model Number Description SRX-RAC-5-LTU Dynamic VPN Client: 5 simultaneous users for SRX210 and SRX240 only SRX-RAC-10-LTU Dynamic VPN Client: 10 simultaneous users for SRX210 and SRX240 only SRX-RAC-25-LTU Dynamic VPN Client: 25 simultaneous users for SRX210 and SRX240 only SRX-RAC-50-LTU Dynamic VPN Client: 50 simultaneous users for SRX240 only Small Form Factor Pluggable (SFP) Transceivers SRX-SFP-1GE-LH SFP 1000BASE-LH Optical Transceiver SRX-SFP-1GE-LX SFP 1000BASE-LX Optical Transceiver SRX-SFP-1GE-SX SFP 1000BASE-SX Optical Transceiver SRX-SFP-1GE-T SFP 1000BASE-T Copper Transceiver SRX-SFP-FE-FX SFP 100BASE-FX Optical Transceiver SRX100 Base System SRX100B SRX100 Services Gateway with 8xFE ports and base memory (On-board 1 GB RAM w/ 512 MB accessible.745. SRX210-K-AV One year subscription for Juniper-Kaspersky antivirus updates on SRX210 SRX210-IDP One year subscription for IDP updates on SRX210 SRX100-MEM-LIC-UPG SRX210-S-AS One year subscription for Juniper-Symantec antispam updates on SRX210 SRX100 memory software license .Ordering Information (continued) Model Number Description SRX210 Base System (continued) SRX210H-POE SRX210 Services Gateway with 2 GbE + 6 Fast Ethernet ports. NetScreen. 1000281-003-EN Aug 2009 12 Copyright 2009 Juniper Networks.4737) or 408. service marks. 150 W (PoE) *See price list for country-specific power cord model numbers.31. Printed on recycled paper.586.holds two units SRX100-WALL-KIT SRX100 wall mount kit . Juniper Networks. AS. or registered service marks are the property of their respective owners. Cityplaza One 1111 King’s Road Taikoo Shing. 30 W (non-POE) SRX-100-RMK SRX100 19” rack mount kit .2100 Juniper Networks (Hong Kong) 26/F. Inc.JUNIPER (888.745.2574. Holds one unit.601 To purchase Juniper Networks solutions. and IDP on SRX210 One year subscription for Juniper-Websense Web filtering updates on SRX100 SRX100-K-AV-3 SRX210-K-AV-3 Three year subscription for Juniper-Kaspersky antivirus updates on SRX210 Three year subscription for Juniper-Kaspersky antivirus updates on SRX100 SRX100-W-WF-3 SRX210-IDP-3 Three year subscription for IDP updates on SRX210 Three year subscription for Juniper-Websense Web filtering updates on SRX100 SRX210-S-AS-3 Three year subscription for Juniper-Symantec antispam updates on SRX210 Additional Software Feature Licenses (continued) SRX210-W-WF-3 Three year subscription for Juniper-Websense Web filtering updates on SRX210 SRX210-SMB-CS-3 Three year security subscription for enterprise includes antivirus. Holds one unit.net. with 4 ports PoE (50 W) Interface Modules SRX-MP-1SERIAL 1 port Sync Serial Mini Physical Interface Module (Mini-PIM) for branch SRX Series SRX-MP-1ADSL2-A 1-port ADSL2+ Mini-PIM supporting ADSL/ ADSL2/ADSL2+ Annex A SRX-MP-1ADSL2-B 1-port ADSL2+ Mini-PIM supporting ADSL/ ADSL2/ADSL2+ Annex B SRX-MP-1SFP SRX-MP-1T1E1 1-port SFP Mini Physical Interface Module (MiniPIM) for branch SRX Series 1-port T1 or E1 Mini Physical Interface Module (Mini-PIM) for branch SRX Series Additional Hardware SRX210-DESK-STAND SRX210 desk top stand. All other trademarks.2332.2000 Fax: 408. SRX210-WALL-KIT SRX210 Wall mount kit. Inc.upgrades SRX100B model from 512 MB RAM to 1 GB RAM SRX100-K-AV SRX210-W-WF One year subscription for Juniper-Websense Web filtering updates on SRX210 One year subscription for Juniper-Kaspersky antivirus updates on SRX100 SRX100-W-WF SRX210-SMB-CS One year security subscription for enterprise includes antivirus. JUNOSe is a trademark of Juniper Networks. Inc. please contact your Juniper Networks representative at 1-866-298-6428 or authorized reseller. or otherwise revise this publication without notice. the Juniper Networks logo. WF. in the United States and other countries.7803 Juniper Networks Ireland Airside Business Park Swords. and ScreenOS are registered trademarks of Juniper Networks. JUNOS. Hong Kong Phone: 852. Additional information can be found at www.600 Fax: 35. Juniper Networks reserves the right to change. modify.holds one unit SRX100-DESK-STAND SRX100 desk stand . Inc. 1 GB flash) Additional Hardware SRX100-PWR-30W-* Spare SRX100 switching power supply. WF.juniper. 1 GB flash) SRX100H SRX100 Services Gateway with 8xFE ports and high memory (1 GB RAM. This fuels high-performance businesses.3636 Fax: 852. Juniper offers a high-performance network infrastructure that creates a responsive and trusted environment for accelerating the deployment of services and applications over a single network. 1 GB Flash). Corporate and Sales Headquarters APAC Headquarters EMEA Headquarters Juniper Networks.31. SRX210-RMK SRX210 Rack mount kit for 19 in rack. and IDP on SRX210 Additional Software Feature Licenses About Juniper Networks Juniper Networks.