Junos 10.2
20 Gbps
6 Gbps
6 Gbps
2.25 Million
175,000
40,000
Unrestricted
4 (front slots)
8 10/100/1000 + 4 SFP
N/A
N/A
- 16 x 1 10/100/1000 copper
- 16 x 1 Gigabit Ethernet small form-factor pluggable transceivers (SFP)
- 2 x 10 Gigabit Ethernet XFP
- Active/Passive, Active/Active
- Low impact chassis cluster
- Interface aggregation groups across chassis cluster
- Application Identification: yes
- Application Denial of Service Protection (AppDoS): yes
- AppTrack: yes
- Network attack detection: Yes
- DoS and DDoS protection: Yes
- TCP reassembly for fragmented packet protection: Yes
- Brute force attack mitigation: Yes
- SYN cookie protection: Yes
- Zone-based IP spoofing: Yes
- Malformed packet protection: Yes
- GPRS stateful inspection: Yes
- Stateful protocol signatures: Yes
- Attack detection mechanisms: Stateful signatures, protocol anomaly detection (zero-day coverage), application identification
- Attack response mechanisms: Drop connection, close connection, session packet log, session summary, email, custom session
- Attack notification mechanisms: Structured syslog
- Worm protection: Yes
- SSL encrypted traffic inspection: Yes
- Simplified installation through recommended policies: Yes
- Trojan protection: Yes
- Spyware/adware/keylogger protection: Yes
- Other malware protection: Yes
- Protection against attack proliferation from infected systems: Yes
- Reconnaissance protection: Yes
- Request and response side attack protection: Yes
- Compound attacks — combines stateful signatures and protocol anomalies: Yes
- Create custom attack signatures: Yes
- Access contexts for customization: 500+
- Attack editing (port range, other): Yes
- Stream signatures: Yes
- Protocol thresholds: Yes
- Stateful protocol signatures: Yes
- Approximate number of attacks covered: 6,000+
- Detailed threat descriptions and remediation/patch info: Yes
- Create and enforce appropriate application-usage policies: Yes
- Attacker and target audit trail and reporting: Yes
- Deployment modes: Inline or TAP
- Dimensions (W x H x D): 17.5 x 5.25 x 25.5 in (44.5 x 13.3 x 64.8 cm)
- Weight: Chassis: 32.3 lb (14.7 kg), Fully Configured: 75 lb (34.1 kg)
- Power supply (AC): 100 to 240 V AC
- Power supply (DC): -40 to -72 V DC
- Maximum power draw: 1,100 W (AC power), 1,050 W (DC power)
- Power supply redundancy: 1 + 1
Switch Fabric and Control Board (SCB)
At the heart of the Dynamic Services Architecture is the switch fabric and control board (SCB). The SCB transforms the chassis from a simple module enclosure into a highly effective mesh network. The purpose of the SCB is to allow all modules in the chassis to send traffic at extremely high bandwidth.
The Route Engine (RE)
The routing engine (RE) is tightly coupled with the functionality of the SCB and can be considered the central nervous system of the architecture. The RE is the control plane of the chassis, and provides overall management and communications to and from system administrators, as well as calculating route tables for routing network traffic.
Services Processing Card (SPC)
As the "brains" behind the SRX3000 services gateways, services processing cards (SPCs) are designed to process all available services on the gateway. By eliminating the need for dedicated hardware for specific services or capabilities, no piece of hardware is ever taxed to the limit while other hardware sits idle. All of the processing capabilities of the SPCs are used to support any and all services and capabilities of the gateway. The same SPCs are supported on both the SRX3600 and the SRX3400 services gateways.(Note: A minimum of one NPC and one SPC is required for proper system functionality.)
Network Processing Cards (NPC)
To ensure maximum processing performance and flexibility, the SRX3000 line of services gateways utilize network processing cards (NPCs) to distribute inbound and outbound traffic to the appropriate SPCs and IOCs, apply QoS, and enforce DoS/DDoS protections. The SRX3600 can be configured to support one to three NPCs, while the SRX3400 can be configured to support one or two NPCs. Adding additional NPCs to these gateways allows organizations to tailor the solution to fit their specific performance requirements.(Note: A minimum of one NPC and one SPC is required for proper system functionality.)
Input/Output Cards (IOC)
In addition to supporting an ideal mix of built-in copper, small form-factor pluggable (SFP), and high-availability (HA) ports, the SRX3000 line allows the greatest I/O port density of any comparable offering. Each SRX3000 services gateway can be equipped with one or several input/output cards (IOCs), each supporting either 16 gigabit interfaces (16 x 1 copper or fiber Gigabit Ethernet), or 20 gigabit interfaces (2 x 10 Gigabit XFP Ethernet). With the flexibility to add additional IOCs, the SRX3000 line of services gateways can be equipped to support an ideal balance between interfaces and processing capabilities. (Note: A minimum of one NPC and one SPC is required for proper system functionality.)
| SRX3K-SPC-1-10-40 | SRX 3000 services processing card with 1Ghz processor and 4GB memory |
| SRX3K-NPC | SRX 3000 network processing card |
| SRX3K-16GE-TX | 16x1 10/100/1000 copper CFM I/O card for SRX3000 |
| SRX3K-16GE-SFP | 16x1 Gigabit SFP Ethernet I/O card for SRX3000, no transceivers |
| SRX3K-2XGE-XFP | 2x10 Gigabit XFP Ethernet I/O card for SRX3000, no transceivers |
SRX3400 and SRX3600 Services Gateways
591 KB (한글) ]
SRX3400 system configuration guidelines:
- 7 slots for common form-factor modules (CFMs):
- 4 in the front for IOCs and SPCs
- 3 in the rear for NPCs and SPCs
- 4 SPCs max (1 min)
- 2 NPCs max (1 min)
- 4 IOCs max
SRX3400 base-system configuration: SRX3400 base(AC or DC), one SPC, one NPC, and one power cord.
Ordering Information
| Base System | |
|---|---|
| SRX3400BASE-AC | SRX3400 chassis, midplane, fan, RE, SFB-12GE, AC PEM4 - no power cord - no SPC - no NPC |
| SRX3400BASE-DC | SRX3400 chassis, midplane, fan, RE, SFB-12GE, DC PEM - no SPC - no NPC |
| SRX 3000 Components | |
| SRX3K-SPC-1-10-40 | SRX3000 services processing card with 1Ghz processor and 4GB memory |
| SRX3K-NPC | SRX3000 network processing card |
| SRX3K-16GE-TX | 16x1 10/100/1000 copper CFM I/O card for SRX3000 |
| SRX3K-16GE-SFP | 16x1 Gigabit SFP Ethernet I/O card for SRX3000, no transceivers |
| SRX3K-2XGE-XFP | 2x10 Gigabit XFP Ethernet I/O card for SRX3000, no transceivers |
| Transceivers | |
| SRX-SFP-1GE-LX | Small form-factor pluggable 1000BASE-LX Gigabit Ethernet optic module |
| SRX-SFP-1GE-SX | Small form-factor pluggable 1000BASE-SX Gigabit Ethernet optic module |
| SRX-SFP-1GE-T | Small form-factor pluggable 1000BASE-T Gigabit Ethernet module |
| SRX-XFP-10GE-SR | 10 Gigabit Ethernet pluggable transceiver, short reach multimode |
| SRX-XFP-10GE-LR | 10 Gigabit Ethernet pluggable transceiver, 10 Km, single mode |
| SRX-XFP-10GE-ER | 10 Gigabit Ethernet pluggable transceiver, 40 Km, single mode |
