SRX650 Services Gateway Software Features and Licenses

The services gateway provides the software features listed in Table 3. For information about features that require a license on this services gateway, see the Junos OS Administration Guide for Security Devices PDF Document.

Note: Some software features require the purchase of a separate license.

Table 3: Software Features and Licenses

Feature Category



Open Shortest Path First (OSPF)

Border Gateway Protocol (BGP)

Routing Information Protocol version 1 (RIPv1) and version 2 (RIPv2)

Static routes

Intermediate System-to-Intermediate System (IS-IS)

Connectionless Network Services (CLNS):

  • End System-to-Intermediate System (ES-IS) protocol
  • IS-IS extensions
  • BGP extensions
  • Static routes

Note: CLNS is available only in packet-based mode.

Multiprotocol Label Switching (MPLS):

  • Layer 2 and Layer 3 virtual private networks (VPNs)
  • VPN routing and forwarding (VRF) table labels
  • Traffic engineering protocols such as LDP and RSVP
  • virtual private LAN service
  • Multicast VLAN

Note: MPLS is available only in packet-based mode.

Note: Security features cannot be configured when MPLS or IPv6 is used.

Internet protocols

  • IPv4
  • IPv6 routing and forwarding

IP address management

  • Static addresses
  • Dynamic Host Configuration Protocol (DHCP) 8



  • Media access control (MAC) encapsulation
  • 802.1p tagging
  • Point-to-Point Protocol over Ethernet (PPPoE)
  • Circuit cross-connect (CCC)
  • Translational cross-connect (TCC)

Synchronous Point-to-Point Protocol (PPP)

Frame Relay

High-level Data Link Control (HDLC)

802.1Q filtering and forwarding

Multilink Frame Relay (MFR)

Multilink PPP

Ethernet switching

Line-rate Ethernet switching provided by XPIMs, including support for VLANs, spanning tree, link aggregation, and authentication


IPsec VPN for site-to-site or remote access encrypted tunneling

Antivirus filtering, including full antivirus file-based scanning or Express-AV packet-based scanning

Antispam and anti-phishing filtering

Web filtering

Content filtering based on file types and types of files within HTTP and HTTPS

Unified threat management (UTM)

Network attack detection

Denial-of-service (DoS) and distributed denial-of-service (DDoS) protection

Generic routing encapsulation (GRE), IP-over-IP, and IP Security (IPsec) tunnels

Advanced Encryption Standard (AES) 128-bit, 192-bit, and 256-bit

56-bit Data Encryption Standard (DES) and 168-bit 3DES encryption

MD5 and Secure Hash Algorithm (SHA-1) authentication

Stateful firewall and stateless packet filters

Network Address Translation (NAT)

System management

Junos XML protocol XML application programming interface (API)

J-Web browser interface—For services gateway configuration and management

Junos OS command-line interface (CLI)—For services gateway configuration and management through the console through Telnet, or SSH

Simple Network Management Protocol version 1 (SNMPv1), SNMPv2, and SNMPv3

Network and Security Manager (NSM)

J-Flow flow monitoring and accounting

Traffic analysis

Packet capture (PCAP)

Real-time performance monitoring (RPM)

System log

Activity logging and monitoring

J-Web event viewer


Supports the following external administrator databases:




Configuration rollback

Button-operated configuration rescue (CONFIG)

Confirmation of configuration changes

Software upgrades

Supports the following features for automating network operations and troubleshooting:

  • Commit scripts
  • Operation scripts
  • Event policies


All GPIMs and XPIMs are hot-swappable.

Bypass ports

Ports 0/4 and 0/5 are automatically connected together when the services gateway is powered off. This feature can be used to bypass the device in the event of a power failure.

Related Documentation