SRX4600 Overview:
The high-performance SRX4600 next-generation firewall offers fast, scalable protection for enterprise private cloud, campus networks, cloud service providers, and telcos. With integrated malware prevention and a full suite of next-generation services, the SRX4600 is optimized to provide consistent protection across private cloud environments.
Fortification against advanced threats and zero-day attacks is ensured with real-time updates to IPS signatures, industry-leading antivirus and URL filtering, expansive application visibility, user identification, and deep content inspection.
As the center point of your defense, the SRX4600 offers unprecedented command over your security system with “single pane of glass” management through Junos Space Security Director.
The SRX4600 strengthens your security posture while simplifying your physical environment by integrating high-performance routing and security into a single, compact 1 U device.
The SRX4600 Services Gateway is a high-performance, next-generation firewall and hardware-accelerated security gateway that supports the changing needs of cloud-enabled enterprise and service provider networks. Whether rolling out new services in an enterprise data center or campus, connecting to the cloud, complying with industry standards, deploying distributed security gateways, or offering high-scale multitenant security services, the SRX4600 helps organizations realize their business objectives while providing scalability, high availability, ease of management, secure connectivity, and advanced threat mitigation capabilities.
Product Description
The Juniper Networks® SRX4600 Services Gateway protects mission-critical data center and campus networks for enterprises, mobile service providers, and cloud service providers. Designed for high-performance security services architectures, the SRX4600 protects key corporate IT assets as a next-generation firewall, acts as an enforcement point for cloudbased security solutions, and provides application visibility and control to improve the user and application experience.
Integrating networking and security in a single platform, the SRX4600 features multiple high-speed interfaces, intrusion prevention, advanced threat protection, and authentication, along with high-performance IPsec VPN and Internet gateway capabilities. It also offers high scalability, high availability, robust protection, application visibility, user identification, and deep content inspection to provide unparalleled control over the security infrastructure.
The SRX4600 also acts as a central enforcement point in the Juniper Software-Defined Secure Network (SDSN) framework, leveraging strong automation and actionable intelligence to protect users in a multivendor network environment.
The SRX4600 is powered by Juniper Networks Junos® operating system, the industryleading OS that keeps the world’s largest mission-critical enterprise and service provider networks secure.
Architecture and Key Components:
The SRX4600 hardware and software architecture provides cost-effective security in a small 1 U form factor. Purpose-built to protect network environments and provide Internet Mix (IMIX) firewall throughput up of 75 Gbps, the SRX4600 incorporates multiple security services and networking functions on top of Junos OS. Best-in-class security and advanced threat mitigation capabilities on the SRX4600 are offered as 20 Gbps of next-generation firewall, 20 Gbps of intrusion prevention system (IPS), and up to 16 Gbps of IPsec VPN in data center, enterprise campus, and regional headquarter deployments with IMIX traffic patterns.
Table 1: SRX4600 Statistics1
| Performance |
SRX4600 |
| Firewall throughput |
95 Gbps |
| Firewall throughput—IMIX |
75 Gbps |
| Firewall throughput with application security |
80 Gbps |
| IPsec VPN throughput—IMIX/1400 B |
16/38 Gbps |
| Intrusion prevention system (IPS) |
20 Gbps |
| NGFW2 throughput |
20 Gbps |
| Connections per second |
500,000 |
| Maximum session |
60 million |
The SRX4600 recognizes more than 3500 applications and nested applications in plain text or SSL-encrypted transactions. The firewall also integrates with Microsoft Active Directory and combines user information with application data to provide network-wide application and user visibility and control.
1 Performance, capacity, and features listed are based on systems running Junos OS 17.4R1-S1 and are measured under ideal testing conditions. Actual results may vary based on Junos OS releases and by deployments. 2 Next-generation firewall (NGFW) is a combination of advanced features such as application security, IPS, and URLF in addition to the foundational services such as logging and stateful firewall.
Features & Benefits:
Table 2: SRX4600 Features and Benefits
| Business Requirement |
Feature/Solution |
SRX4600 Advantages |
| High performance |
Up to 95 Gbps of firewall throughput (up to 75 Gbps of IMIX firewall throughput) |
- Best suited for enterprise campus and data center edge deployments
- Ideal for secure router/VPN concentrator deployments at the head office
- Addresses diverse needs and scale for service provider deployments
|
| High-quality end-user experience |
Application visibility and control |
- Detects 3500+ L3-L7 applications, including Web 2.0
- Controls and prioritizes traffic based on application and use role
- Inspects and detects applications inside SSL-encrypted traffic
|
| Advanced threat protection |
Intrusion prevention system (IPS), antivirus, antispam, threat intelligence feeds, Juniper Sky™ Advanced Threat Prevention, Juniper ATP Appliance |
- Provides real-time updates to IPS signatures and protects against exploits
- Implements industry-leading antivirus and URL filtering
- Delivers open threat intelligence platform that integrates with third-party feeds
- Protects against zero-day attacks
- Stops rogue and compromised devices to disseminate malware
|
| Professional-grade networking services |
Routing, secure wire |
- Supports carrier-class advanced routing and quality of service (QoS)
|
| Highly secure |
IPsec VPN |
- Provides high-performance IPsec VPN with dedicated crypto engine
- Offers diverse VPN options for various network designs, including remote access and dynamic site-to-site communications
- Simplifies large VPN deployments with auto VPN
- Includes hardware-based crypto acceleration
|
| Highly reliable |
Chassis cluster, redundant power supplies |
- Provides stateful configuration and session synchronization
- Supports active/active and active/backup deployment scenarios
- Offers highly available hardware with dual power supply unit (PSU)
|
| Easy to manage and scale |
On-box GUI, Juniper Networks Junos Space® Security Director |
- Enables centralized management for autoprovisioning, firewall policy management, Network Address Translation (NAT), and IPsec VPN deployments
- Includes simple, easy-to-use on-box GUI for local management
|
| Low TCO |
Junos OS |
- Integrates routing and security in a single device
- Reduces OpEx with Junos OS automation capabilities
|
Hardware Specifications:
Table 3: SRX4600 Hardware Specifications
| Specification |
SRX4600 |
| Total onboard I/O ports |
8 10GbE (SFP+)
4x40GbE/100GbE (QSFP28) |
| Out-of-Band (OOB) management ports |
RJ-45 (1 Gbps) |
| Dedicated high availability (HA) ports |
2x10GbE (SFP+) Control
2x10GbE (SFP+) Data |
| Console |
RJ-45 (RS232) |
| USB 2.0 ports (Type A) |
1 |
| System memory (RAM) |
256 GB |
| Secondary storage (SSD) |
2x 1 TB M.2 SSD Formatted as 960 GB |
| Form factor |
1 U |
| Size (WxHxD) |
17.4 x 1.7 x 26.5 in (44.19 x 4.32 x 67.31 cm)
With AC PEMs: 17.4 x 1.7 x 27.29 in (44.19 x 4.32 x 69.32 cm)
With DC PEMs: 17.4 x 1.7 x 29.20 in (44.19 x 4.32 x 74.17 cm) |
| Weight (system and 2 power entry modules) |
With AC PEMs: 38 lb (17.24 kg)
Shipping weight: 45.47 lb (20.62 kg)
With DC PEMs: 40 lb (18.14 kg)
Shipping weight: 47.47 lb (21.53 kg) |
| Redundant PSU |
1+1 |
| Power supply |
2x 1600 W AC-DC PSU redundant
2x 1100 W DC-DC PSU redundant |
| Average power consumption |
650 W |
| Average heat dissipation |
2218 BTU/hour |
| Maximum current consumption |
12 A (for 110 V AC power)
6 A (for 220 V AC power)
24 A (for -48 V DC power) |
| Time of day - RS-232 (EIA-23) |
1xRJ-45 |
| BITS clock |
1xRJ-48 |
| 10-MHz timing connector (GNSS) |
1xInput (COAX)
1xOutput (COAX) |
| Pulse per second connection (1-PPS) |
1xInput (COAX)
1xOutput (COAX)
|
| Acoustic noise level |
69 dBA at normal fan speed,
87 dBA at full fan speed |
| Airflow/cooling |
Front to back |
| Operating temperature |
32° to 104° F (0° to 40° C) |
| Operating humidity |
5% to 90% noncondensing |
| Meantime between failures (MTBF) |
112,000 hours |
| FCC classification |
Class A |
| RoHS compliance |
RoHS 2 |
| NEBS compliance |
Designed for NEBS Level 3 |
| Routing/firewall (64 B packet size) throughput Gbps3 |
17 Gbps |
| Routing/firewall (IMIX packet size) throughput Gbps3 |
75 Gbps |
| Routing/firewall (1518 B packet size) throughput Gbps3 |
95 Gbps |
| IPsec VPN (IMIX packet size) Gbps3 |
16 Gbps |
| IPsec VPN (1400 B packet size) Gbps3 |
38 Gbps |
| Application security performance in Gbps3 |
80 Gbps |
| Recommended IPS in Gbps4 |
20 Gbps |
| Next-generation firewall in Gbps4 |
20 Gbps |
| Connections per second (CPS) |
500,000 |
| Maximum security policies |
80,000 |
| Maximum concurrent sessions (IPv4 or IPv6) |
60 million |
| Route table size (RIB/FIB) (IPv4 or IPv6) |
4 million/2 million |
3 Throughput numbers based on UDP packets and RFC2544 test methodology
4 Throughput numbers based on HTTP traffic with 44 KB transaction size and up to the numbers captured here
