SRX1400 Overview:
The SRX1400 Services Gateway supports up to 10 Gbps firewall, 2 Gbps firewall and IPS, or 2 Gbps of IPsec VPN, and up to 45,000 new connections per second. The SRX1400 is a professional-grade platform for security ideally suited for small to mid-size data centers, and enterprise and service provider 10 GbE network environments where consolidated functionality, uncompromising performance, and services integration, are required.
The SRX1400 Services Gateway is a professional-grade platform for security ideally suited for small to mid-size data centers, enterprise, and service provider network deployments where consolidated functionality, uncompromising 10 Gbps performance, compact environmental footprint, and affordability are key requirements.
The SRX1400 expands the SRX Series family of next-generation security platforms, delivering market-leading performance and extensive service integration to 10GbE environments where the features are required without the massive scalability provided by SRX3000 and SRX5000 lines.
The SRX1400 is available in two base configurations offering a choice of built-in high-density 1GbE ports or combination of built-in 10GbE ports and 1GbE ports. For enhanced flexibility, the SRX1400 can use the integrated SRX1400 NSPC processing card or use separate NPC and SPC cards from the SRX3000 line, simplifying sparing logistics and interoperability. The appliance includes one expansion slot on the front panel.
Juniper Networks® SRX1400 Services Gateway is the newest member of the marketleading SRX Series data center line. Purpose-built to protect 10GbE network environments, the SRX1400 consolidates multiple security services and networking functions in a highly-available appliance. Featuring a modular design that uses common form-factor modules serviceable from the front panel, the SRX1400 incorporates innovation that improve reliability, enhance network availability and deliver deterministic performance of concurrent security services at scale.
Combining Juniper’s Dynamic Services Architecture and Juniper Networks Junos® operating system with carrier-class features based on the proven design of the SRX3000 line of services gateways, SRX1400 sets a new standard in value by extending the SRX Series data center line to cost-effectively satisfy network security requirements in smaller environments. Each SRX1400 Services Gateway consolidates multiple security services in one chassis under one integrated security policy, while delivering the uncompromised performance needed to support 10GbE environments in today’s high-performance networks.
Purpose-Built for Network Security Professionals
The SRX1400 is a carrier grade appliance designed from the ground up for long, trouble-free service life of continuous operation in demanding, high-performance data center network environments. Designed and produced using a TL 9000 registered quality management system, the SRX1400 is 100% Juniper - software, support services and hardware including innovative new chipsets to separate control and user planes, enabling performance to scale to new levels required to meet the needs of high performance networks.
Dynamic Services Architecture
The high-end SRX Series uses the Juniper Dynamic Services Architecture to distribute data sessions between multi-core processing resources dynamically, on-the-fly. Instead of binding network traffic and services to specific CPU cores and processing resources in a fixed or rigid manner, as other vendors do, Dynamic Services Architecture balances traffic session processing work load dynamically within a pool formed from all available resources. This avoids an all-too-common situation experienced on general-purpose computing platforms used for security, where a subset of resources operate at or near their maximum limits while other resources are under-used or idle.
The Dynamic Services Architecture in SRX Series Services Gateways is what enables Juniper to deliver massive scalability, market-leading throughput, and deterministic performance with multiple security services operating concurrently. WIth the chassis-based SRX Series gateways, additional processing cards can be easily installed adding to the resource pool as your traffic grows over time.
Converged Security Services
The SRX1400 consolidates multiple security services and networking functions into one physical appliance by tightly integrating the configuration, security policy, and device management of these services within Junos OS. All services are included in the Junos OS software image, and all services are available when the software is running. This means that no additional software components need to be, installed, activated or configured when more services are needed, greatly simplifying system administration and reducing costs. Services can be used or not depending on the rules in the security policy.
Services available on the SRX1400 include:
- Stateful inspection of IPv4, IPv6, General Packet Radio Service tunneling protocol (GTP), and applications at layers 4-7.
- IPsec VPN
- SSL decryption
- IP and GTP IPS
- Hardware assisted quality of service (QoS)
- Denial of service/distributed denial of service (DoS/DDoS) protection, including protection from attacks on business and application logic
- Dynamic routing
- Multiple (virtual) routing instances
- AppSecure
- AppDoS
- AppTrack
- Streams Control Transmission Protocol (SCTP)
- Network Address Translation (NAT)
- Application-level gateways (ALGs)
Architecture and Key Components:
Based on the time-tested, proven design of the SRX3000 line, the SRX1400 delivers deterministic performance optimized for 10GbE. A functional SRX1400 system consists of a base configuration together with a Network and Services Processing Card (NSPC) designed specifically for the SRX1400, or a combination of base configuration together with interchangeable SRX3000 line processing cards. The capability of the SRX1400 to use SRX3000 line cards can provide significant advantages and a lower total cost of ownership (TCO). Customers can simplify operations and maintenance by using one common security policy and a common set of spares that are compatible and interoperable between SRX1400 and SRX3000 line services gateways. Policy and configuration backup and restore operations, equipment replacements, migration and upgrade from SRX1400 to the SRX3000 line are straightforward.
With the exception of the hot-swappable fan tray, which is accessible from the rear panel, all modules and connections on the SRX1400 are accessible from the front panel.
Choice of Base Systems
Two base systems are available for the SRX1400 - a GE version and a XGE version. Both base system versions include a discrete Routing Engine module, one power supply (AC or DC2), and a fan tray assembly.
GE-Base System
The GE-Base System contains twelve GbE ports. Six of the twelve GbE ports are 10/100/1000 copper (RJ45), and six are 1000BASE-X. Two of the six 1000BASE-X ports can be used for either high availability (HA) cluster control or as data ports. The 1000BASE-X ports accept small form-factor pluggable (SFP) transceivers which are available in copper, short reach (SX) multimode (MM fiber) and long reach (LX) single mode (SM fiber).
XGE-Base System
The XGE-Base System contains three ports of 10GbE and nine ports of GbE. Six of the nine GbE ports are 10/100/1000 copper (RJ45) and three are 1000BASE-X. Two of the three 1000BASE-X ports can be used for either HA cluster control or as data ports. The 1000BASE-X ports accept SFP transceivers which are available in copper, SX (MM fiber) and LX (SM fiber). The three 10GbE ports accept SFP+ transceivers which are available in SR (MM fiber), LR (SM fiber), and ER (SM fiber).
In addition to a base system, processing resources—either one integrated NSPC, or the combination of one SRX3000 line NPC, one SRX3000 line SPC, and one double wide tray—must be installed in order to have an operational system.
Options
Optional modules that can be added include one additional (redundant) power supply (AC or DC2) and one IOC for additional Ethernet connectivity. The SRX3000 line and SRX1400 use the same interchangeable IOC modules. The SRX1400 is designed for future expansion, including the ability to accommodate next-generation silicon from Juniper Networks.
SRX1400 NSPC1
Providing the power inside the SRX1400, the integrated NSPC is optimized to perform all packet processing and inspection for all available services on the platform. The Juniper Dynamic Services Architecture manages the multiple cores of processing power on the NSPC as one pool or reservoir of resources, and dynamically allocates resources to services as needed. To ensure maximum processing performance and flexibility, the SRX Series high-end products uses network processors (NPCs) to distribute inbound and outbound traffic to SPCs and IOCs, apply QoS, and enforce protection from DoS/DDoS attack scenarios.
SRX3000 Line NPC and SPC
The SRX1400 will interoperate with the SRX3000 NPC and SPC cards. In order to use the SRX3000 line NPC and SRX3000 SPC in the SRX1400, it is necessary to use the optional double wide tray.
I/O Cards (IOC)
Supporting a wide variety of use cases and to accommodate interfacing between different Ethernet standards, the SRX1400 provides for additional front panel I/O to complement the excellent port density provided in the base system. SRX1400 and SRX3000 line of products use the same IOCs interchangeably. Each SRX1400 Services Gateway can accommodate one additional IOC; either 16 gigabit interfaces (16 x 10/100/1000 copper GbE or 16 x 1000BASE-X fiber GbE), or two 10GbE interfaces (2 x 10GbE XFP Ethernet).
Power Supplies
The SRX1400 accommodates one or two AC or DC2power supply modules. Each individual power supply is fully capable of furnishing all of the power the SRX1400 needs. The second power supply is redundant to the first and is used to increase availability in the event of a power supply failure. Power supplies are hotswappable, Network Equipment Building System (NEBS-III) ready, and accessible from the front panel.
1 Pocessing card(s) must be installed in the SRX1400 in order for proper operation. If the SRX1400 NSPC is not installed, then separate SRX3000 line NPC and SPC cards mounted on a double-wide tray must be installed in order for the SRX1400 system to function properly.
2 Not available at product introduction. Check with a Juniper Sales representative for availability.
Features & Benefits:
Loaded with features and optimized for 10GbE networks, the SRX1400 has many attributes that make it superior to other products on the market:
Features |
Features Description |
Benefits |
Professional-grade networking security services |
- Purpose-built platform for security built from the ground up to provide many years of professionalgrade, high-performance, high-availability networking security services.
- One Junos OS release to manage across entire network (routing, switching, security) and proven over time in the most demanding environments.
- Powerful command-line interface (CLI) and extensive scripting capability.
|
- Network security solutions you can trust because they work as expected, day in and day out, year after year.
- Single source that takes full responsibility for networking security equipment, service and support.
- Radically simplifies and reduces total cost of ownership of large scale deployments, particularly Long Term Evolution (LTE).
|
Consolidated security services |
Consolidation of multiple security services into one chassis-based system (IP, GTP, and application firewall; IP and GTP IPS; NAT; IP and application QoS; dynamic routing; application identification, tracking and reporting; and more. |
- Deploy fewer unique devices.
- Reduce latency, performance, and availability impacts from multiple devices.
- Reduce operation and maintenance (O&M) costs with single, integrated policy and device management system, common spares, and technical training.
|
Dynamic Services Architecture |
- Separate control and data plane.
- Discrete routing engine.
- Multiple CPU cores form a pool of resources where idle and under used processing resources are dynamically allocated to the security services that need them.
|
- Superior performance under varying traffic loads, especially DoS and DDoS attacks.
- Significant reduction in TCO.
- Significant improvement in network reliability, availability, and performance.
- Improvement in customer satisfaction and time to market.
|
Interoperable SRX3000 line IOC and processing cards |
- SRX1400 is a derivative of the SRX3000 line, making device configuration, policy, NPC, SPC and IOCs interoperable and interchangeable.
- Technical hardware and software knowledge, in addition to spares, can be leveraged easily across the organization.
|
Simplified logistics and spares, reduced operations and maintenance costs, and improved network availability. |
I/O flexibility, density, integration, and scale |
- SRX1400 has the I/O flexibility and density, consolidated services, and performance at scale to satisfy multiple requirements and use cases.
- Individual security services are top rated by industry analyst organizations.
- Multiple services are tightly integrated under a common security policy and management system.
|
One appliance satisfies a wide variety of use cases. |
Investment protection |
- SRX1400 is chassis-based and designed to be compatible with next-generation silicon from Juniper Networks.
- Additional services can be delivered through the Junos OS release train.
- AppSecure plus related upcoming features can significantly enhance data center/server farm protection use case scenarios.
- SRX1400 design includes expansion slot.
- SRX3000 line NPC and SPC can interoperate in SRX1400. IOCs are interchangeable.
|
Juniper’s strategy and product roadmap is designed to protect customer investment into the future. |
Modules:
Network and Services Processing Cards
Customers have the option to install a new NSPC card or use a combination of 2 existing modules that are interchangeable and interoperable with both the SRX3000 line and the SRX1400.
Option 1 - SRX1400 NSPC
The NSPC combines in one new card, all of the services and network multi-core processing the SRX1400 needs to implement the Juniper dynamic services architecture.
Option 2 - Combination of SRX3000 NPC, SRX3000 SPC and double-wide carrier tray
The SRX1400 provides the flexibility to use SRX3000 line NPC and SPC cards in place of the SRX1400 NSPC. SRX3000 NPC and SRX3000 SPC cards must be mounted on a new double-wide carrier tray which is then installed in the top slot of the SRX1400 base system. The ability to use interoperable cards interchangeably in both SRX3000 and SRX1400 can simplify sparing logistics and reduce TCO.
Route Engine (RE)
The SRX data center series separates the control plane from the data plane, providing superior DoS/DDoS protection and maximizing management availability of the appliance under severe operating conditions, such as DoS attack or policy install. The SRX1400 features a new discrete RE card on the control plane to manage route tables, calculate routes for network traffic, provide overall device management, and facilitate communications with systems administrators.
System I/O Card (SYSIO)
There are two base systems available for the SRX1400:
- The GE base system comes with a GE SYSIO card installed. The GE version has 12 ports of 1Gb Ethernet built in. The built-in1GbE ports are a combination of six 10/100/1000 RJ45 and six 1000Base-X that accommodate SFP transceivers.
- The XGE base system comes with a XGE SYSIO card installed. The XGE version has 9 ports of 1Gb Ethernet and 3 ports of 10Gb Ethernet built in. The built-in1GbE ports are a combination of six 10/100/1000 RJ45 and three 1000Base-X that accommodate SFP transceivers. The built-in10GbE ports accommodate SFP+ optic transceivers. Two of the 1000Base-X ports in both base systems are shared ports that can be used either as data ports if clustering is not enabled, or as HA cluster control if clustering is enabled.
Input/Output Cards (IOC)
The SRX1400 has one expansion slot for additional IOCs or for next generation hardware containing Juniper's next generation silicon. The SRX1400 uses the same IOCs as the SRX3000 line - which provides for interoperability and interchangeability of IOCs between the SRX1400 and SRX3000 lines. In addition to the excellent high port density that is built-in to the base systems, three versions of SRX3000 line IOCs are available for the SRX1400:
- 16 x 10/100/1000 RJ45
- 16 x 1000Base-X SFP
- 2 x 10GBase-X XFP
Power Supplies
The SRX1400 uses new high-efficiency power supplies for a low environmental footprint. The SRX1400 base systems come with one AC power supply installed. A second, redundant AC power supply is available as an option for increased availability.
Technical Specifications:
Model: |
SRX1400 |
1GbE ports |
- Built-in: 9 or 12
- IOC: 16
|
10GbE ports |
|
Chassis HA control ports |
2 shared 1GbE |
Expansion slot |
1 single-wide SRX3000 IOC |
Power supply |
AC or DC2, one supplied, one optional redundant, hot-swappable |
Stateful inspection firewall (1518 byte UDP) |
10 Gbps |
IPS (intrusion prevention system) |
2 Gbps |
IPsec VPN |
2 Gbps |
Concurrent sessions |
0.5 million |
Connection establishment rate |
45,000 cps sustained |
Security policies |
40,000 |
Dimensions (W x H x D) |
17.5 x 5.25 x 13.8 in (44.5 x 13.3 x 35.05 cm) |
Weight (Base chassis) |
29.3 lb (13.3 kg) |
Weight (Fully configured chassis) |
42.5 lb (19.3 kg) |
Rack mount |
3 RU |
Provisioning requirements |
- 100 to 127 VAC, 60 Hz, 13.0 A
- 200 to 240 VAC, 50 Hz, 2.5 A
- -40 to -72 VDC, 30 A @ -48 VDC
|
Thermal load |
1654 BTU/hr AC or DC2power |
Operating temperature |
32° to 104° F (0° to 40° C) |
Non-operating storage temperature |
-40° to 158° F (-40° to 70° C) |
Altitude |
10,000 ft (3048 m) |
Humidity |
5% to 90% noncondensing |
SRX Series production employs a TL-9000 registered quality management system. |
3GPP TS 20.0603 |
R6: version 6.21.0
R7: version 7.3.0
R8: version 8.3.0 |
NEBS-III |
Planned |
CC EAL4+ |
Planned |
FIPS-140-2 |
Planned |
Consolidated Security Services |
- Stateful firewall
- Stateless firewall filter
- IPsec VPN
- Intrusion prevention system (IPS)
- Network address translation (NAT)
- User authentication and access control
- Public key infrastructure (PKI) support
- Virtualization
- Dynamic Routing
- IPv6
- Layer 2 (transparent) mode
- Layer 3 (route and/or NAT) mode
- IP address assignment
- Traffic management QoS4
- HA4
- Application Security
- Application QoS
- Management
- Administration
- Logging/monitoring
|
1 Pocessing card(s) must be installed in the SRX1400 in order for proper operation. If the SRX1400 NSPC is not installed, then separate SRX3000 line NPC and SPC cards mounted on a double-wide tray must be installed in order for the SRX1400 system to function properly.
2 Not available at product introduction. Check with a Juniper Sales representative for availability.
3 Exceptions:
- Section 7.5A Multimedia Broadcast and Multicast Services (MBMS) messages
- Section 7.5B Mobile Station (MS) information change messages
- Section 7.3.12 Initiate secondary PDP context from gateway GSN (GGSN)
4 Not supported in Junos OS 10.4
5 AC power cord for appropriate region is included in base system.