data sheet
SRX300 Line of Services Gateways for the Branch
Product Overview
The SRX300 line of services gateways combines security, routing, switching, and WAN interfaces with next- generation firewall and advanced threat mitigation capabilities for cost- effective, secure connectivity across distributed enterprise locations. By consolidating fast, highly available switching, routing, security, and next-generation firewall capabilities in a single device, enterprises can remove network complexity, protect and prioritize their resources, and improve user and application experience while lowering total cost of ownership (TCO).
Product Description
Juniper Networks® SRX300 line of services gateways delivers a next-generation networking and security solution that supports the changing needs of cloud-enabled enterprise networks. Whether rolling out new services and applications across locations, connecting to the cloud, or trying to achieve operational efficiency, the SRX300 line helps organizations realize their business objectives while providing scalable, easy to manage, secure connectivity and advanced threat mitigation capabilities. Next-generation firewall and unified threat management (UTM) capabilities also make it easier to detect and proactively mitigate threats to improve the user and application experience.
The SRX300 line consists of four models:
• SRX300: Securing small branch or retail offices, the SRX300 Services Gateway consolidates security, routing, switching, and WAN connectivity in a small desktop device. The SRX300 supports up to 1 Gbps firewall and 300 Mbps IPsec VPN in a single, consolidated, cost-effective networking and security platform.
• SRX320: Securely connecting small distributed enterprise branch offices, the SRX320 Services Gateway consolidates security, routing, switching, and WAN connectivity in a small desktop device. The SRX320 supports up to 1 Gbps firewall and 300 Mbps IPsec VPN in a single, consolidated, cost-effective networking and security platform.
• SRX340: Securely connecting midsize distributed enterprise branch offices, the SRX340 Services Gateway consolidates security, routing, switching, and WAN connectivity in a 1 U form factor. The SRX340 supports up to 3 Gbps firewall and 600 Mbps IPsec VPN in a single, consolidated, cost-effective networking and security platform.
• SRX345: Best suited for midsize to large distributed enterprise branch offices, the SRX345 Services Gateway consolidates security, routing, switching, and WAN connectivity in a 1 U form factor. The SRX345 supports up to 5 Gbps firewall and 800 Mbps IPsec VPN in a single, consolidated, cost-effective networking and security platform.
SRX300 Highlights
The SRX300 line of services gateways consists of secure routers that bring high performance and proven deployment capabilities to enterprises that need to build a worldwide network of thousands of remote sites. Ethernet, serial, T1/E1, ADSL2/2+, VDSL2, and 3G/4G LTE wireless are all available options for WAN or Internet connectivity to link sites. Industry best, high-performance IPsec VPN solutions provide comprehensive encryption and authentication capabilities to secure intersite communications. Multiple form factors with Ethernet switching support on native Gigabit Ethernet ports allow cost- effective choices for mission-critical deployments. Juniper Networks Junos® automation and scripting capabilities and Junos Space Security Director reduce operational complexity and simplify the provisioning of new sites.
The SRX300 line of devices recognizes more than 3,500 Layer 3-7 applications, including Web 2.0 and evasive peer-to-peer (P2P) applications like Skype, torrents, and others. Correlating application information with user contextual information, the SRX300 line can generate bandwidth usage reports, enforce access control policies, prioritize and rate-limit traffic going out of WAN interfaces, and proactively secure remote sites. This optimizes resources in the branch office and improves the application and user experience.
For the perimeter, the SRX300 line offers a comprehensive suite of application security services, threat defenses, and intelligence services. The services consist of intrusion prevention system (IPS), application security user role-based firewall controls, and on-box and cloud-based antivirus, anti-spam, and enhanced Web filtering, protecting networks from the latest content-borne threats. Integrated threat intelligence via Juniper Networks Spotlight Secure offers adaptive threat protection against Command and Control (C&C)-related botnets and policy enforcement based on GeoIP. Customers can also leverage their own custom and third-party feeds for protection from advanced malware and other threats. Integrating the Juniper Networks Sky Advanced Threat Protection solution, the SRX300 line detects and enforces automated protection against known malware and zero-day threats with a very high degree of accuracy.
The SRX300 line enables agile SecOps through automation capabilities that support Zero Touch Deployment, Python scripts for orchestration, and event scripting for operational management. SRX300 services gateways run Juniper Networks Junos operating system, a proven, carrier-hardened network OS that powers the top 100 service provider networks around the world. The rigorously tested, carrier-class, rich routing features such as IPv4/ IPv6, OSPF, BGP, and multicast have been proven in over 15 years of worldwide deployments.
Features and Benefits
1- MACsec for LAN/WAN links available in 15.1X49-D100 and later releases
2- SSL forward proxy and Sky ATP are supported on SRX340 and higher platforms
SRX300 Specifications
Software Specifications
Routing Protocols
IPv4, IPv6, ISO, Connectionless Network Service (CLNS)
Static routes
RIP v1/v2
OSPF/OSPF v3
BGP with Route Reflector
IS-IS
Multicast: Internet Group Management Protocol (IGMP) v1/v2, Protocol Independent Multicast (PIM) sparse mode (SM)/dense mode (DM)/source-specific multicast (SSM), Session Description Protocol (SDP), Distance Vector Multicast Routing Protocol (DVMRP), Multicast Source Discovery Protocol (MSDP), Reverse Path Forwarding (RPF)
Encapsulation: VLAN, Point-to-Point Protocol (PPP), Frame Relay, High-Level Data Link Control (HDLC), serial, Multilink Point-to-Point Protocol (MLPPP), Multilink Frame Relay (MLFR), and Point-to-Point Protocol over Ethernet (PPPoE)
Virtual routers
Policy-based routing, source-based routing
Equal-cost multipath (ECMP)
QoS Features
Support for 802.1p, DiffServ code point (DSCP), EXP
Classification based on VLAN, data-link connection identifier (DLCI), interface, bundles, or multifield filters
Marking, policing, and shaping
Classification and scheduling
Weighted random early detection (WRED)
Guaranteed and maximum bandwidth
Ingress traffic policing
Virtual channels
Hierarchical shaping and policing
Switching Features
ASIC-based Layer 2 Forwarding
MAC address learning
VLAN addressing and integrated routing and bridging (IRB) support
Link aggregation and LACP
LLDP and LLDP-MED
STP, RSTP, MSTP
MVRP
802.1X authentication
Firewall Services
Stateful and stateless firewall
Zone-based firewall
Screens and distributed denial of service (DDoS) protection
Protection from protocol and traffic anomaly
Integration with Pulse Unified Access Control (UAC)
Integration with Aruba Clear Pass Policy Manager
User role-based firewall
SSL Inspection (Forward-proxy)2
Network Address Translation (NAT)
Source NAT with Port Address Translation (PAT)
Bidirectional 1:1 static NAT
Destination NAT with PAT
Persistent NAT
IPv6 address translation
VPN Features
Tunnels: Generic routing encapsulation (GRE)3, IP-IP3, IPsec
Site-site IPsec VPN, auto VPN, group VPN
IPsec crypto algorithms: Data Encryption Standard (DES), triple DES (3DES), Advanced EncryptionStandard (AES-256), AES-GCM
IPsec authentication algorithms: MD5, SHA-1, SHA-128, SHA-256
Pre-shared key and public key infrastructure (PKI) (X.509)
Perfect forward secrecy, anti-reply
IPv4 and IPv6 IPsec VPN
Multi-proxy ID for site-site VPN
Internet Key Exchange (IKEv1, IKEv2), NAT-T
Virtual router and quality-of-service (QoS) aware
Standard-based dead peer detection (DPD) support
VPN monitoring
Network Services
Dynamic Host Configuration Protocol (DHCP) client/server/ relay
Domain Name System (DNS) proxy, dynamic DNS (DDNS)
Juniper real-time performance monitoring (RPM) and IP- monitoring
Juniper flow monitoring (J-Flow)3
High Availability Features
Virtual Router Redundancy Protocol (VRRP)3
Stateful high availability
Dual box clustering
Active/passive
Active/active
Configuration synchronization
Firewall session synchronization
Device/link detection
In-Band Cluster Upgrade (ICU)
Dial on-demand backup interfaces
IP monitoring with route and interface failover
Management, Automation, Logging, and Reporting
SSH, Telnet, SNMP
Smart image download
Juniper CLI and Web UI
Junos Space and Security Director
Python
Junos OS event, commit, and OP script
Application and bandwidth usage reporting
Auto installation
Debug and troubleshooting tools
Zero-Touch Provisioning with Contrail Service Orchestration
3GRE, IP-IP, J-Flow monitoring, and VRRP are not supported in stateful high-availbility mode.
Advanced Routing Services
Packet mode
MPLS (RSVP, LDP)
Circuit cross-connect (CCC), translational cross-connect (TCC)
L2/L3 MPLS VPN, pseudowires
Virtual private LAN service (VPLS), next-generation multicast VPN (NG-MVPN)
MPLS traffic engineering and MPLS fast reroute
Application Security Services4
Application visibility and control
Application-based firewall
Application QoS
Application-based advanced policy-based routing
Threat Defense and Intelligence Services5
Intrusion prevention
Antivirus
Antispam
Category/reputation-based URL filtering
Spotlight Secure threat intelligence
Protection from botnets (command and control)
Adaptive enforcement based on GeoIP
Sky Advanced Threat Prevention to detect and block zero- day attacks6