- 1 x Juniper Networks SRX100 Secure Services Gateway Security Appliance SRX100H
The SRX110 Services Gateway delivers a single, consolidated, and cost-effective networking and security platform to small branch locations. It features a built-in VDSL/ADSL2+ WAN interface, 3G/4G capabilities, and an 8-port Fast Ethernet switch.
Key Hardware Features
- VDSL/ADSL2+ and Ethernet WAN interfaces
- Eight 10/100 Ethernet LAN ports and two USB port (support for 3G USB)
- Full UTM; antivirus1, antispam1, enhanced Web filtering1, intrusion prevention system1, AppSecure1
- Unified Access Control (UAC) and content filtering
- 1 GB DRAM, 1 GB flash default
The Juniper Networks SRX Series Services Gateways for the branch combine next generation firewall and unified threat management (UTM) services with routing and switching in a single, high-performance, cost-effective network device.
SRX Series for the branch runs Juniper Networks Junos operating system, the proven OS that is used by core Internet routers in all of the top 100 service providers around the world. The rigorously tested carrier-class routing features of IPv4/IPv6, OSPF, BGP, and multicast have been proven in over 15 years of worldwide deployments.
SRX Series provides perimeter security, content security, application visibility, tracking and policy enforcement, user role-based control, threat intelligence through integration with Juniper Networks Spotlight Secure*, and network-wide threat visibility and control. Using zones and policies, network administrators can configure and deploy branch SRX Series gateways quickly and securely. Policy-based VPNs support more complex security architectures that require dynamic addressing and split tunneling. The SRX Series also includes wizards for firewall, IPsec VPN, Network Address Translation (NAT), and initial setup to simplify configurations out of the box.
For content security, SRX Series offers a complete suite of next generation firewall, unified threat management (UTM) and threat intelligence services consisting of: intrusion prevention system (IPS), application security (AppSecure), user role-based firewall controls, on-box and cloud-based antivirus, antispam, and enhanced Web filtering to protect your network from the latest content-borne threats. Integrated threat intelligence via Spotlight Secure offers adaptive threat protection against command and control (C&C) related botnets and policy enforcement based on GeoIP and attacker fingerprinting technology (the latter for Web application protection)—all of which are based on Juniper provided feeds. Customers may also leverage their own custom and third-party feeds for protection from advanced malware and other threats. The branch SRX Series integrates with other Juniper security products to deliver enterprise-wide unified access control (UAC) and adaptive threat management.
SRX Series are secure routers that bring high performance and proven deployment capabilities to enterprises that need to build a worldwide network of thousands of sites. The wide variety of options allow configuration of performance, functionality, and price scaled to support from a handful to thousands of users. Ethernet, serial, T1/E1, DS3/E3, xDSL, Wi-Fi, and 3G/4G LTE wireless are all available options for WAN or Internet connectivity to securely link your sites. Multiple form factors allow you to make cost-effective choices for mission-critical deployments. Managing the network is easy using the proven Junos OS command-line interface (CLI), scripting capabilities, a simple-to-use Web-based GUI, or Juniper Networks Junos Space Security Director for centralized management.
Features & Benefits
Next Generation Firewall
SRX Series Services Gateways deliver next generation firewall protection with application awareness and extensive user rolebased control options plus bestof-breed UTM to protect and control your business assets. Next generation firewalls are able to perform full packet inspection and can apply security policies based on layer 7 information. This means you can create security policies based on the application running across your network, the user who is receiving or sending network traffic or the content that is traveling across your network to protect your environment against threats, manage how your network bandwidth is allocated, and control who has access to what.
AppSecure is a suite of application security capabilities for Juniper Networks SRX Series services Gateways that identifies applications for greater visibility, enforcement, control, and protection of the network.
The intrusion prevention system (IPS) understands application behaviors and weaknesses to prevent application-borne security threats that are difficult to detect and stop.
Unified Threat Management (UTM)
SRX Series can include comprehensive content security against malware, viruses, phishing attacks, intrusions, spam and other threats with unified threat management (UTM). Get a bestof-breed solution with anti-virus, anti-spam, web filtering and content filtering at a great value by easily adding these services to your SRX Series Services Gateway. Cloud-based and on-box solutions are both available.
Juniper offers a range of user role-based firewall control solutions that support dynamic security policies. User role-based firewall capabilities are integrated with the SRX Series Services Gateways for standard next generation firewall controls. More extensive, scalable, granular access controls for creating dynamic policies are available through the integration of SRX with a Juniper Unified Access Control solution.
Adaptive Threat Intelligence
To address the evolving threat landscape that has made it imperative to integrate external threat intelligence into the firewall for thwarting advanced malware and other threats, some SRX Series Services Gateways include threat intelligence via integration with Spotlight Secure. The Spotlight Secure threat intelligence platform aggregates threat feeds from multiple sources to deliver open, consolidated, actionable intelligence to SRX Series Services Gateways across the organization for policy enforcement. These sources include Juniper threat feeds, third party threat feeds and threat detection technologies that the customer can deploy.
Administrators are able to define enforcement policies from all feeds via a single, centralized management point, Junos Space Security Director.
Many organizations use both a router and a firewall/VPN at their network edge to fulfill their networking and security needs. For many organizations, the SRX Series for the branch can fulfill both roles with one solution. Juniper built best-in-class routing, switching and firewall capabilities into one product.
SRX Series for the branch checks the traffic to see if it is legitimate and permissible, and only forwards it on when it is. This reduces the load on the network, allocates bandwidth for all other mission-critical applications, and secures the network from malicious users.
The main purpose of a secure router is to provide firewall protection and apply policies. The firewall (zone) functionality inspects traffic flows and state to ensure that originating and returning information in a session is expected and permitted for a particular zone. The security policy determines if the session can originate in one zone and traverse to another zone. Due to the architecture, SRX Series receives packets from a wide variety of clients and servers and keeps track of every session, of every application, and of every user. This allows the enterprise to make sure that only legitimate traffic is on its network and that traffic is flowing in the expected direction.
Junos OS Services Redundancy Protocol (JSRP) is a core feature of the SRX Series for the branch. JSRP enables a pair of SRX Series systems to be easily integrated into a high availability network architecture, with redundant physical connections between the systems and the adjacent network switches. With link redundancy, Juniper Networks can address many common causes of system failures, such as a physical port going bad or a cable getting disconnected, to ensure that a connection is available without having to fail over the entire system. This is consistent with a typical active/standby nature of routing resiliency protocols.
When SRX Series Services Gateways for the branch are configured as an active/active HA pair, traffic and configuration is mirrored automatically to provide active firewall and VPN session maintenance in case of a failure. The branch SRX Series synchronizes both configuration and runtime information. As a result, during failover, synchronization of the following information is shared: connection/session state and flow information, IPSec security associations, Network Address Translation (NAT) traffic, address book information, configuration changes, and more. In contrast to the typical router active/standby resiliency protocols such as Virtual Router Redundancy Protocol (VRRP), all dynamic flow and session information is lost and must be reestablished in the event of a failover. Some or all network sessions will have to restart depending on the convergence time of the links or nodes. By maintaining state, not only is the session preserved, but security is kept intact. In an unstable network, this active/ active configuration also mitigates link flapping affecting session performance.
- Firewall performance (large packets): 700 Mbps
- Firewall performance (IMIX): 200 Mbps
- Firewall + routing PPS (64 Byte): 70 Kpps
- Firewall performance (HTTP): 100 Mbps
- IPsec VPN throughput (large packets): 65 Mbps
- IPsec VPN Tunnels: 128
- AppSecure firewall throughput: 90 Mbps
- IPS (intrusion prevention system): 60 Mbps
- Antivirus: 25 Mbps(ExpressAV)
- Connections per second: 1,800
- Maximum concurrent sessions: 32000
- DRAM : GB DRAM
- Maximum security policies: 384
- Maximum users supported: Unrestricted
- Fixed I/O: 8 x 10/100
- I/O slots: N/A
- Services and Routing Engine slots: No
- ExpressCard slot (3G WAN): No
- WAN/LAN interface options: N/A
- Optional maximum number of PoE ports: N/A
- USB: 1
- Memory min and max(DRAM): 512 MB (Accessible), 1 GB2
- Memory slots: Fixed memory
- Flash memory: 1 GB
- USB port for external storage: Yes
- Dimensions (W x H x D): 8.5 x 1.4 x 5.8 in (21.6 x 3.6 x 14.7 cm)
- Weight (device and power supply): 2.5 lb (1.1 kg)
- Rack mountable: Yes, 1 RU
- Power supply (AC): 100-240 VAC, 30 W
- Maximum PoE power: N/A
- Average power consumption: 10 W
- Input frequency: 50-60 Hz
- Maximum current consumption: 0.25 A @ 100 VAC
- Maximum inrush current: 60 A
- Average heat dissipation: 35 BTU/hr
- Maximum heat dissipation: 80 BTU/hr
- Redundant power supply (hot swappable): No
- Acoustic noise level (Per ISO 7779 Standard): 0 dB (fanless)
- Operational temperature: 32° to 104° F (0° to 40° C)
- Nonoperational temperature: 4° to 158° F, (-20° to 70° C)
- Humidity: 5% to 95% noncondensing
root> show version
JUNOS Software Release [12.1X46-D55.3]
root> show chassis hardware
Item Version Part number Serial number Description
Chassis BZ1515AF1093 SRX100H2
Routing Engine REV 05 650-048781 BZ1515AF1093 RE-SRX100H2
FPC 0 FPC
PIC 0 8x FE Base PIC
Power Supply 0
root> show system license
Licenses Licenses Licenses Expiry
Feature name used installed needed
dynamic-vpn 0 2 0 permanent
ax411-wlan-ap 0 2 0 permanent
Licenses installed: none