Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

SRX5400 Firewall System Overview

SRX5400 Firewall Description

The SRX5400 Firewall is a high-performance, highly scalable, carrier-class security device with multiprocessor architecture.

The SRX5400 Firewall is 5 rack units (U) tall. You can stack eight firewalls in a rack that is at least 48 U (89.3 in. or 2.24 m) in height if it has a 1 in. cap between for increased port density per unit of floor space.

The firewall provides four slots that you can populate with one Switch Control Board (SCB) and up to three additional cards of the following types:

  • Services Processing Cards (SPCs) provide the processing capacity to run integrated services such as firewall, IPsec, and IDP.

    Note:

    The SRX5400 Firewall supports only the SRX5K-SPC-4-15-320 (SPC2) and does not support the SRX5K-SPC-2-10-40 (SPC1).

  • Modular Port Concentrators (MPCs) provide Ethernet interfaces that connect the firewall to your network.

    Note:

    The SRX5400 Firewall only supports the SRX5K-MPC (MPC2), and does not support older SRX5000 line I/O cards (IOCs) or Flex IOCs cards such as:

    • SRX5K-40GE-SFP

    • SRX5K-4XGE-XFP

    • SRX5K-FPC-IOC

    Devices configured with SRX5K-SCBE (SCB2) and SRX5K-RE-1800X4 (RE2) only support SPC2.

    Devices configured with SRX5K-SCB3 (SCB3) and RE2, or SRX5K-SCBE (SCB2) and RE2 also support IOC3s (SRX5K-MPC3-100G10G and SRX5K-MPC3-40G10G).

Note:

The SRX5400 firewalls configured with SRX5K-SCB (SCB1) and SRX5K-RE-13-20 (RE1) only support Junos OS Release 12.1X46-D10 and later. Devices configured with SCB2 and RE2 only support Junos OS Release 12.1X47-D15 and later, and devices configured with SCB3 and RE2 only support Junos OS Release 15.1X49-D10 and later.

For detailed information about the cards supported by the firewall, see the SRX5400, SRX5600, and SRX5800 Firewall Card Reference at www.juniper.net/documentation/.

Benefits of the SRX5400 Firewall

  • The SRX5400 Firewall is a small footprint but high-performance gateway which supports 285 Gbps IMIX firewall throughput, 90 million concurrent sessions, and 230 Gbps IPS.The ability to support unique security policies per zone with a compelling performance, makes the SRX5400 an optimal solution for the edge or data center services in large enterprise, service provider, or mobile operator environments.

  • IPS Capabilities - Juniper Networks IPS capabilities offer several unique features such as Protocol decodes, Zero-day protection, Active/active traffic monitoring, and packet capture logging per rule assure the highest level of network security.

  • Content Security Content Security Capabilities - The Content Security services offered on the SRX5000 line of firewalls include industry-leading antivirus, antispam, content filtering, and additional content security services.

    The Content Security services provide sophisticated protection from:

    • Antivirus experts against malware attacks that can lead to data breaches and lost productivity.

    • Advanced persistent threats perpetrated through social networking attacks and the latest phishing scams with sophisticated e-mail filtering and content blockers.

    • Lost productivity and the impact of malicious URLs and extraneous or malicious content on the network to help maintain bandwidth.

  • Advanced Threat Prevention (ATP) - Juniper ATP Cloud, a SaaS-based service, and the Juniper ATP Appliance, an on-premises solution:

    • Protects enterprise users from a spectrum of advanced malware that exploits “zero-day” vulnerabilities.

    • Proactively blocks malware communication channels.

    • The Juniper ATP Appliance includes support for cloud-based e-mail services such as Office 365 and Google Mail, and detects threats in SMB traffic.

    • Single pane-of-glass management with Security Director and JSA Series integration.

SRX5400 Firewall FRUs

Field-replaceable units (FRUs) are firewall components that can be replaced at the customer site. The firewall uses the following types of FRUs:

Table 1 lists the FRUs of the firewall and the action to perform to install, remove, or replace an FRU.

Table 1: Field-Replaceable Units

Field-Replaceable Units (FRUs)

Action

Air filter

You need not power off the firewall to install, remove, or replace any of these FRUs.

Fan tray

Craft interface

AC and DC power supplies (if redundant)

Interface transceivers

Routing Engine

Power off the firewall to install, remove, or replace any of these FRUs.

SCBs

SPCs

MPCs

MICs

SRX5400 Firewall Component Redundancy

The following major hardware components are redundant:

  • Power supplies—The firewall is configurable with two, three, or four AC power supplies at the rear of the chassis in slots PEM0 through PEM3 (left to right)or two DC power supplies in slots PEM0 and PEM2.

    • In the low-line (110VAC input) configurations, two power supplies are required to support the firewall electrical requirements. By default, the AC powered firewalls are configured with three AC (2+1) power supplies, you can add a fourth power supply for fault tolerance. The fourth power supply is used when one of the power supplies in the 2+1 configuration fails.

    • In the high-line (220VAC input) configurations, two power supplies are required to support the firewall electrical requirements. By default, the AC powered firewalls are configured with three AC (2+1) power supplies and this configuration supports PEM redundancy only. You can add a fourth power supply (2+2) for both PEM and feed redundancy.

    • In the DC powered firewalls two DC (1+1) power supplies are required to support the firewall electrical requirements. The minimum power supplies requirement is one and the second power supply provides redundancy. If one power supply fails the second power supply instantly assume the entire electrical load without interruption. Two power supplies provide the maximum configuration with full power for as long as the device is operational.

    Redundant power supplies are hot-removable and hot-insertable. When you remove a power supply from a firewall that uses a nonredundant power supply configuration, the firewall might shut down depending on your configuration.

  • Cooling system—The cooling system has redundant components, which are controlled by the host subsystem. If one of the fans fails, the host subsystem increases the speed of the remaining fans to provide sufficient cooling for the firewall indefinitely.