Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

SRX5400 Services Gateway System Overview

SRX5400 Services Gateway Description

The SRX5400 Services Gateway is a high-performance, highly scalable, carrier-class security device with multiprocessor architecture.

The SRX5400 Services Gateway is 5 rack units (U) tall. You can stack eight services gateways in a rack that is at least 48 U (89.3 in. or 2.24 m) in height if it has a 1 in. cap between for increased port density per unit of floor space.

The services gateway provides four slots that you can populate with one Switch Control Board (SCB) and up to three additional cards of the following types:

  • Services Processing Cards (SPCs) provide the processing capacity to run integrated services such as firewall, IPsec, and IDP.

    Note:

    The SRX5400 Services Gateway supports only the SRX5K-SPC-4-15-320 (SPC2) and does not support the SRX5K-SPC-2-10-40 (SPC1).

  • Modular Port Concentrators (MPCs) provide Ethernet interfaces that connect the services gateway to your network.

    Note:

    The SRX5400 Services Gateway only supports the SRX5K-MPC (MPC2), and does not support older SRX5000 Series I/O cards (IOCs) or Flex IOCs cards such as:

    • SRX5K-40GE-SFP

    • SRX5K-4XGE-XFP

    • SRX5K-FPC-IOC

    Devices configured with SRX5K-SCBE (SCB2) and SRX5K-RE-1800X4 (RE2) only support SPC2.

    Devices configured with SRX5K-SCB3 (SCB3) and RE2, or SRX5K-SCBE (SCB2) and RE2 also support IOC3s (SRX5K-MPC3-100G10G and SRX5K-MPC3-40G10G).

Note:

The SRX5400 Services Gateways configured with SRX5K-SCB (SCB1) and SRX5K-RE-13-20 (RE1) only support Junos OS Release 12.1X46-D10 and later. Devices configured with SCB2 and RE2 only support Junos OS Release 12.1X47-D15 and later, and devices configured with SCB3 and RE2 only support Junos OS Release 15.1X49-D10 and later.

For detailed information about the cards supported by the services gateway, see the SRX5400, SRX5600, and SRX5800 Services Gateway Card Reference at www.juniper.net/documentation/.

Benefits of the SRX5400 Services Gateway

  • The SRX5400 Services Gateway is a small footprint but high-performance gateway which supports 285 Gbps IMIX firewall throughput, 90 million concurrent sessions, and 230 Gbps IPS.

    The ability to support unique security policies per zone with a compelling performance, makes the SRX5400 an optimal solution for the edge or data center services in large enterprise, service provider, or mobile operator environments.

  • IPS Capabilities - Juniper Networks IPS capabilities offer several unique features such as Protocol decodes, Zero-day protection, Active/active traffic monitoring, and packet capture logging per rule assure the highest level of network security.

  • Content Security UTM Capabilities - The UTM services offered on the SRX5000 line of Services Gateways include industry-leading antivirus, antispam, content filtering, and additional content security services.

    The UTM services provide sophisticated protection from:

    • Antivirus experts against malware attacks that can lead to data breaches and lost productivity.

    • Advanced persistent threats perpetrated through social networking attacks and the latest phishing scams with sophisticated e-mail filtering and content blockers.

    • Lost productivity and the impact of malicious URLs and extraneous or malicious content on the network to help maintain bandwidth.

  • Advanced Threat Prevention (ATP) - Juniper Sky ATP, a SaaS-based service, and the Juniper ATP Appliance, an on-premises solution:

    • Protects enterprise users from a spectrum of advanced malware that exploits “zero-day” vulnerabilities.

    • Proactively blocks malware communication channels.

    • The Juniper ATP Appliance includes support for cloud-based e-mail services such as Office 365 and Google Mail, and detects threats in SMB traffic.

    • Single pane-of-glass management with Security Director and JSA Series integration.

SRX5400 Services Gateway FRUs

Field-replaceable units (FRUs) are services gateway components that can be replaced at the customer site. The services gateway uses the following types of FRUs:

Table 1 lists the FRUs of the services gateway and the action to perform to install, remove, or replace an FRU.

Table 1: Field-Replaceable Units

Field-Replaceable Units (FRUs)

Action

Air filter

You need not power off the services gateway to install, remove, or replace any of these FRUs.

Fan tray

Craft interface

AC and DC power supplies (if redundant)

Interface transceivers

Routing Engine

Power off the services gateway to install, remove, or replace any of these FRUs.

SCBs

SPCs

MPCs

MICs

SRX5400 Services Gateway Component Redundancy

The following major hardware components are redundant:

  • Power supplies—The services gateway is configurable with two or three AC power supplies at the rear of the chassis in slots PEM0 through PEM3 (left to right)or two DC power supplies in slots PEM0 and PEM2.

    • In the low-line (110VAC input) or the high-line (220VAC input) configurations, two power supplies are required to support the services gateway electrical requirements. By default, the AC powered services gateways are configured with three AC (2+1) power supplies, you can add a fourth power supply for fault tolerance. The fourth power supply is used when one of the power supplies in the 2+1 configuration fails.

    • In the DC powered services gateways two DC (1+1) power supplies are required to support the services gateway electrical requirements. The minimum power supplies requirement is one and the second power supply provides redundancy. If one power supply fails the second power supply instantly assume the entire electrical load without interruption. Two power supplies provide the maximum configuration with full power for as long as the device is operational.

    Redundant power supplies are hot-removable and hot-insertable. When you remove a power supply from a services gateway that uses a nonredundant power supply configuration, the services gateway might shut down depending on your configuration.

  • Cooling system—The cooling system has redundant components, which are controlled by the host subsystem. If one of the fans fails, the host subsystem increases the speed of the remaining fans to provide sufficient cooling for the services gateway indefinitely.