New Features in JUNOS Software Release 9.4 for SRX-series Services Gateways
- Software Features
- Hardware Features—SRX 3400 and SRX 3600 Services Gateways
- Hardware Features—SRX 5600 and SRX 5800 Services Gateways
Software Features
Security
- UAC Integration—You can
configure an SRX-series services gateway to act as a JUNOS Enforcer
in a Unified Access Control (UAC) deployment. When deployed as a JUNOS
Enforcer, the SRX-series device enforces the policies that are defined
on the UAC’s Infranet Controller.
To configure the SRX-series device as a JUNOS Enforcer, enable the uac-policy option for the application-services statement at the [edit security policies from-zone zone-name to-zone zone-name policy match then permit] hierarchy level. Then use the unified-access-control statement at the [edit services] hierarchy level to configure UAC features. For more information, see the JUNOS Software Security Configuration Guide.
Chassis Management
The chassis control daemon (chassisd) comprises the following major components:
- Switch Control Board (SCB)
- Routing Engine (RE)
- Network Processing Card (NPC)
- Services Processing Card (SPC)
- Input/Output Card (IOC)
- Power Module (PWM)
- Front Panel Display (FPD)
- Fan Tray
- Map table fru
To view chassis details, use the show chassis statement.
 | Note: This feature is applicable only for SRX 3400 and SRX 3600 services gateways. |
Flow and Processing
- Combo-mode SPU—The central point (CP) in the architecture has two basic flow functionalities: load balancing and traffic identification. However, the central point functionalities and normal flow processing are embedded in a single Services Processing Unit (SPU), and this shared SPU is operating in combination, or combo, mode. In combo-mode, the number of threads is divided among the central point and the flow services, based on the number of SPUs in the system.
| Note: This feature is applicable only for SRX 3400, SRX 3600, SRX 5600, and SRX 5800 services gateways. |
Interfaces and Routing
- Network interfaces—SRX
3400 and SRX 3600 devices support a Switch Fabric Board (SFB) and
Common Form-factor (CFM) slots.
The following table lists CFM slots on SRX 3400 and SRX 3600 devices:
Table 3: CFM Slots on SRX 3400 and SRX 3600 Devices
CFM Type
SRX 3400 Devices
SRX 3600 Devices
I/O Cards (IOC)
Slots—1 through 4
Slots—1 through 6
Services Processing Cards (SPC)
Slots—any
Slots—any
Network Processing Cards (NPC)
Slots—5 through 7
Slots—10 through 12
The unique name of each network interface identifies its type and location and indicates whether it is a physical interface or an optional logical unit created on a physical interface. The name of each network interface has the following format to identify the physical device that corresponds to a single physical network connector:
type-slot/pic/port
For the SRX 3400 and 3600 devices:
- The Switch Fabric Board (SFB) is always slot 0.
- The PIC number is always 0. Only one PIC can be installed in a slot.
- The designated port numbers are described in the following
format:
- For the SFB built-in copper Gigabit Ethernet ports, this number begins at 0 and increases from top to bottom, left to right, to a maximum of 7. For the SFB built-in fiber Gigabit Ethernet ports, this number begins at 8 and increases from left to right to a maximum of 11.
- For 16-port Gigabit Ethernet IOCs, this number begins at 0 to a maximum of 15.
- For 2-port 10-Gigabit Ethernet IOCs, this number is 0 or 1.
| Note: This feature is applicable only for SRX 3400 and SRX 3600 services gateways. |
Hardware Features—SRX 3400 and SRX 3600 Services Gateways
Hardware
This release of JUNOS software also supports the SRX 3400 and SRX 3600 Services Gateways, which enable secure deployment of a wide range of business applications and services in medium to large enterprises, at Service Provider (SP) premises, and within data centers. The SRX 3400 and SRX 3600 services gateways offer native support for stateful firewall, IPsec virtual private networks (VPNs), carrier-class Ethernet routing, and full Intrusion Prevention (IPS) functionality. The devices are flexible and scalable, with multiple, interchangeable Common Form-Factor Modules (CFMs).
By installing different combinations of I/O Cards (IOCs), Services Processing Cards (SPCs), and Network Processing Cards (NPCs) you can tailor both the number of interfaces, the Services capacity and forwarding levels to suit existing and future network requirements.
The following table compares the SRX 3400 and SRX 3600 services gateways:
SRX 3400 | SRX 3600 | |
|---|---|---|
Common Form-factor (CFM) slots for SPCs, IOCs, and NPCs | 7 | 12 |
Chassis Height | 3 RU (5.25”) | 5 RU (8.75”) |
Three types of I/O Cards (IOCs) are available:
- A 16-port Gigabit Ethernet IOC with SFP connectors (1000 Mbit copper and fiber only)
- A 16-port 10/100/1000 Copper Ethernet IOC with RJ-45 connectors
- A 2-port 10-Gigabit Ethernet IOC with XFP connectors
Hardware Features—SRX 5600 and SRX 5800 Services Gateways
Hardware
This release of JUNOS software supports the SRX 5600 and SRX 5800 services gateways, which are high-performance, highly scalable, carrier-class devices featuring multiprocessor architecture optimized for JUNOS software.
By installing different combinations of Input/Output Cards (IOCs) and Services Processing Cards (SPCs), you can tailor both the number of Gigabit ports and the maximum security processing capacity to suit your network.
The following table compares the SRX 5600 and SRX 5800 services gateways:
SRX 5600 | SRX 5800 | |
|---|---|---|
Maximum Throughput | 60 Gigabits per second | 120 Gigabits per second |
Total Slots | 8 | 14 |
Slots for SPCs and IOCs | 6 | 12 |
Slots for Switch Control Boards (SCBs) | 2 | 3 |
Chassis Height | 8 U (14”) | 16 U (28”) |
Devices per Rack | 6 | 3 |
Two types of IOCs are available, both of which consist of four Packet Forwarding Engines and enable a throughput of 10 Gbps:
- A 40-port Gigabit Ethernet IOC with SFP connectors (1000 Mbit copper and fiber only)
- A 4-port 10-Gigabit Ethernet IOC with XFP connectors
The SRX 5600 services gateway chassis provides redundancy and resiliency. The hardware system is fully redundant, including power supplies, fan trays, and SCBs.
Related Topics
- Known Limitations in JUNOS Software Release 9.4 for SRX-series Services Gateways
- Issues in JUNOS Software Release 9.4 for SRX-series Services Gateways
- Erratum in Documentation for JUNOS Software Release 9.4 for SRX-series Services Gateways
- Unsupported CLI Statements and Commands in JUNOS Software Release 9.4 for SRX-series Services Gateways
