ON THIS PAGE
SRX550 High Memory (SRX550 HM) Services Gateway Overview
SRX550 High Memory Services Gateway Description
The SRX550 High Memory Services Gateway is a large branch office gateway that combines security, routing, switching, and WAN interfaces with next-generation firewall and advanced threat mitigation capabilities for cost-effective, secure connectivity across distributed enterprise locations. The services gateway simplifies network complexity, protects and prioritizes network resources, and improves user and application experience.
The SRX550 High Memory Services Gateway has a modular 2U chassis that fits a 19-inch rack with a depth of approximately 18.1 inches. The SRX550 High Memory Services Gateway comes with 4 GB of DRAM memory and 8 GB of flash memory.
Figure 1 shows the SRX550 High Memory Services Gateway.
SRX550 High Memory Services Gateway Hardware Features
The SRX550 High Memory Services Gateway provides the following features:
Symmetric Multiprocessing-based data forwarding.
Hardware-based control and data plane separation.
Six on-board 10/100/1000Base-T Gigabit Ethernet ports.
Four on-board SFP Gigabit Ethernet ports.
Support for dual AC or dual DC power supplies with a redundant configuration in the chassis. 645 W AC and DC power supplies with or without Power over Ethernet (PoE) support. The AC and DC power supplies are hot-swappable.
Junos OS support for advanced security and routing services on the Services and Routing Engine (SRE).
The services gateway supports Gigabit-Backplane Physical Interface Modules (GPIMs) and also Mini Physical Interface Modules (Mini-PIMs).
SRX550 High Memory Services Gateway Software Features and Licenses
The services gateway provides the software features listed in Table 1.
Some software features require the purchase of a separate license.
For information about features that require a license on this services gateway, see the Installation and Upgrade Guide for Security Devices.
Table 1: Software Features and Licenses
Routing Information Protocol version 1 (RIPv1) and version 2 (RIPv2)
Intermediate System-to-Intermediate System (IS-IS)
Connectionless Network Service (CLNS):
Note: CLNS is available only in packet-based mode.
Note: MPLS is available in both packet-based mode and selective packet mode.
IP address management
Synchronous Point-to-Point Protocol (PPP)
High-Level Data Link Control (HDLC)
802.1Q filtering and forwarding
Multilink Frame Relay (MLFR)
Line-rate Ethernet switching provided by XPIMs, including support for VLANs, spanning tree, link aggregation, and authentication
IPsec VPN for site-to-site or remote access encrypted tunneling
Antivirus filtering, including full antivirus file-based scanning or Express-AV packet-based scanning
Antispam and anti-phishing filtering
Content filtering based on file types and types of files within HTTP and HTTPS
Unified threat management (UTM)
Network attack detection
Denial of service (DoS) and distributed denial of service (DDoS) protection
Generic routing encapsulation (GRE), IP-over-IP, and IP Security (IPsec) tunnels
Advanced Encryption Standard (AES) 128-bit, 192-bit, and 256-bit
56-bit Data Encryption Standard (DES) and 168-bit 3DES encryption
MD5 and Secure Hash Algorithm 1 (SHA-1) authentication
Stateful firewall and stateless packet filters
Network Address Translation (NAT)
Junos XML protocol XML application programming interface (API)
The J-Web browser interface—For services gateway configuration and management
Junos OS command-line interface (CLI)—For services gateway configuration and management through the console through Telnet, or SSH
Simple Network Management Protocol version 1 (SNMPv1), SNMPv2, and SNMPv3
Network and Security Manager (NSM)
J-Flow flow monitoring and accounting
Real-time performance monitoring (RPM)
Activity logging and monitoring
The J-Web interface event viewer
Supports the following external administrator databases:
Button-operated configuration rescue (the CONFIG button)
Confirmation of configuration changes
Supports the following features for automating network operations and troubleshooting:
GPIMs and XPIMs are not hot-swappable on the SRX550 High Memory Services Gateway.
LAN bypass ports are not supported on the SRX Series Services Gateways.
SRX550 High Memory Services Gateway Power over Ethernet
Power over Ethernet (PoE) supports the implementation of the IEEE802.3 af and IEEE802.3 at standards, which allow both data and electric power to pass over a copper Ethernet LAN cable.
The SRX550 High Memory Services Gateway provides PoE ports, which supply electric power over the same ports that are used to connect network devices. PoE ports allow you to plug in devices that require both network connectivity and electric power, such as Voice over IP (VoIP) and IP phones and wireless access points.
The PoE ports for the SRX550 High Memory Services Gateway reside on the individual XPIMs. The SRX550 High Memory Services Gateway supports the 16-Port Gigabit Ethernet XPIM with PoE.
The Services and Routing Engine (SRE) manages the overall system PoE power. You can configure the services gateway to act as power sourcing equipment to supply the power to the GPIMs connected on the designated PoE ports.
Table 2 lists the SRX550 High Memory Services Gateway PoE specifications.
Table 2: SRX550 High Memory Services Gateway PoE Specifications
Power Management Schemes
PoE is supported on the following front panel slots:
For more information, see SRX550 High Memory Services Gateway Front Panel.
Total PoE power sourcing capacity
The 645 W AC and 645 W DC power supplies support the following capacities:
Per-port power limit
Power management modes
Accessing the SRX550 High Memory Services Gateway
The services gateway runs Junos OS. You can use two user interfaces to monitor, configure, troubleshoot, and manage the services gateway:
The J-Web interface: A Web-based graphical interface that allows you to operate a services gateway without commands. The J-Web interface provides access to all Junos OS functionality and features.
Junos OS command-line interface (CLI): Juniper Networks command shell that runs on top of a UNIX-based operating system kernel. The CLI is a straightforward command interface. On a single line, you type commands that are executed when you press the Enter key. The CLI provides command help and command completion.
In addition, you can also use Junos Space Security Director to define and manage security policies on the services gateway.
SRX550 High Memory Services Gateway Boot Devices and Dual-Root Partitioning Scheme
By default, the SRX550 High Memory Services Gateway boots from the following storage media (in order of priority):
- Internal CompactFlash card (default; always present)
- USB storage key (alternate)
When you explicitly boot the services gateway using the CLI and the services gateway has two USBs installed (one in slot 0 and the second in slot 1), if the USB in slot 0 fails, the booting sequence will not boot from the second USB installed in slot 1. Instead, the device will boot using the next storage media in its storage media booting priority list, the internal CompactFlash card.
The dual-root partitions allow the services gateways to remain functional if there is file system corruption and facilitate easy recovery of the corrupted file system.
The dual-root partitioning scheme keeps the primary and backup Junos OS images in two independently bootable root partitions. If the primary root partition is corrupted, the system will be able to boot from the backup Junos OS image located in the other root partition and remain fully functional.
When the services gateway powers up, it tries to boot Junos OS from the default storage media. If the device fails to boot from the default storage media, it tries to boot from the alternate storage media. With the dual-root partitioning scheme, the device first tries to boot Junos OS from the primary root partition and then from the backup root partition on the default storage media. If both primary and backup root partitions of a media fail to boot, then the device tries to boot Junos OS from the next available type of storage media. The services gateway remains fully functional even if it boots the Junos OS from the backup root partition of storage media.
Benefits of the SRX550 High Memory Services Gateway
Threat protection—The SRX550 High Memory services gateway supports next-generation firewall capabilities such as IPS and unified threat management (UTM) features including antivirus, antispam, and enhanced Web filtering.
Simplified deployment with minimal manual intervention—The Zero Touch Provisioning (ZTP) feature enables you to provision and configure the SRX550 High Memory services gateway automatically, thereby reducing operational complexity and simplifying the provisioning of new sites.