Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

SRX550 High Memory (SRX550 HM) Services Gateway Overview

SRX550 High Memory Services Gateway Description

The SRX550 High Memory Services Gateway is a large branch office gateway that combines security, routing, switching, and WAN interfaces with next-generation firewall and advanced threat mitigation capabilities for cost-effective, secure connectivity across distributed enterprise locations. The services gateway simplifies network complexity, protects and prioritizes network resources, and improves user and application experience.

Note:

The SRX550 High Memory Services Gateway is also called as SRX550 HM or SRX550M.

The SRX550 High Memory Services Gateway has a modular 2U chassis that fits a 19-inch rack with a depth of approximately 18.1 inches. The SRX550 High Memory Services Gateway comes with 4 GB of DRAM memory and 8 GB of flash memory.

Figure 1 shows the SRX550 High Memory Services Gateway.

Figure 1: SRX550 High Memory Services GatewaySRX550 High Memory Services Gateway

SRX550 High Memory Services Gateway Hardware Features

The SRX550 High Memory Services Gateway provides the following features:

  • Symmetric Multiprocessing-based data forwarding.

  • Hardware-based control and data plane separation.

  • Six on-board 10/100/1000Base-T Gigabit Ethernet ports.

  • Four on-board SFP Gigabit Ethernet ports.

  • Support for dual AC or dual DC power supplies with a redundant configuration in the chassis. 645 W AC and DC power supplies with or without Power over Ethernet (PoE) support. The AC and DC power supplies are hot-swappable.

  • Junos OS support for advanced security and routing services on the Services and Routing Engine (SRE).

  • The services gateway supports Gigabit-Backplane Physical Interface Modules (GPIMs) and also Mini Physical Interface Modules (Mini-PIMs).

SRX550 High Memory Services Gateway Software Features and Licenses

The services gateway provides the software features listed in Table 1.

Note:

Some software features require the purchase of a separate license.

For information about features that require a license on this services gateway, see the Installation and Upgrade Guide for Security Devices.

Table 1: Software Features and Licenses

Feature Category

Feature

Routing

OSPF

BGP

Routing Information Protocol version 1 (RIPv1) and version 2 (RIPv2)

Static routes

Intermediate System-to-Intermediate System (IS-IS)

Connectionless Network Service (CLNS):

  • End System-to-Intermediate System (ES-IS) protocol

  • IS-IS extensions

  • BGP extensions

  • Static routes

Note:

CLNS is available only in packet-based mode.

MPLS:

  • Layer 2 and Layer 3 virtual private networks (VPNs)

  • VPN routing and forwarding (VRF) table labels

  • Traffic engineering protocols such as LDP and RSVP

  • Virtual private LAN service (VPLS)

  • Multicast VLAN

Note:

MPLS is available in both packet-based mode and selective packet mode.

Internet protocols

  • IPv4

  • IPv6 routing and forwarding

IP address management

  • Static addresses

  • Dynamic Host Configuration Protocol (DHCP) 8

Encapsulation

Ethernet:

  • Media access control (MAC) encapsulation

  • 802.1p tagging

  • Point-to-Point Protocol over Ethernet (PPPoE)

  • Circuit cross-connect (CCC)

  • Translational cross-connect (TCC)

Synchronous Point-to-Point Protocol (PPP)

Frame Relay

High-Level Data Link Control (HDLC)

802.1Q filtering and forwarding

Multilink Frame Relay (MLFR)

Multilink PPP

Ethernet switching

Line-rate Ethernet switching provided by XPIMs, including support for VLANs, spanning tree, link aggregation, and authentication

Security

IPsec VPN for site-to-site or remote access encrypted tunneling

Antivirus filtering, including full antivirus file-based scanning or Express-AV packet-based scanning

Antispam and anti-phishing filtering

Web filtering

Content filtering based on file types and types of files within HTTP and HTTPS

Unified threat management (UTM)

Network attack detection

Denial of service (DoS) and distributed denial of service (DDoS) protection

Generic routing encapsulation (GRE), IP-over-IP, and IP Security (IPsec) tunnels

Advanced Encryption Standard (AES) 128-bit, 192-bit, and 256-bit

56-bit Data Encryption Standard (DES) and 168-bit 3DES encryption

MD5 and Secure Hash Algorithm 1 (SHA-1) authentication

Stateful firewall and stateless packet filters

Network Address Translation (NAT)

System management

Junos XML protocol XML application programming interface (API)

The J-Web browser interface—For services gateway configuration and management

Junos OS command-line interface (CLI)—For services gateway configuration and management through the console through Telnet, or SSH

Simple Network Management Protocol version 1 (SNMPv1), SNMPv2, and SNMPv3

Network and Security Manager (NSM)

J-Flow flow monitoring and accounting

Traffic analysis

Packet capture

Real-time performance monitoring (RPM)

System log

Activity logging and monitoring

The J-Web interface event viewer

Traceroute

Supports the following external administrator databases:

  • RADIUS/AAA

  • TACACS+

Administration

Autoinstallation

Configuration rollback

Button-operated configuration rescue (the CONFIG button)

Confirmation of configuration changes

Software upgrades

Supports the following features for automating network operations and troubleshooting:

  • Commit scripts

  • Operation scripts

  • Event policies

Hot-swappable

GPIMs and XPIMs are not hot-swappable on the SRX550 High Memory Services Gateway.

Bypass ports

LAN bypass ports are not supported on the SRX Series Services Gateways.

SRX550 High Memory Services Gateway Power over Ethernet

Power over Ethernet (PoE) supports the implementation of the IEEE802.3 af and IEEE802.3 at standards, which allow both data and electric power to pass over a copper Ethernet LAN cable.

The SRX550 High Memory Services Gateway provides PoE ports, which supply electric power over the same ports that are used to connect network devices. PoE ports allow you to plug in devices that require both network connectivity and electric power, such as Voice over IP (VoIP) and IP phones and wireless access points.

The PoE ports for the SRX550 High Memory Services Gateway reside on the individual XPIMs. The SRX550 High Memory Services Gateway supports the 16-Port Gigabit Ethernet XPIM with PoE.

The Services and Routing Engine (SRE) manages the overall system PoE power. You can configure the services gateway to act as power sourcing equipment to supply the power to the GPIMs connected on the designated PoE ports.

Table 2 lists the SRX550 High Memory Services Gateway PoE specifications.

Table 2: SRX550 High Memory Services Gateway PoE Specifications

Power Management Schemes

Values

Supported standards

  • IEEE802.3 af

  • IEEE802.3 at

  • Legacy

Supported slots

PoE is supported on the following front panel slots:

  • 3

  • 4

  • 6

  • 8

For more information, see SRX550 High Memory Services Gateway Front Panel.

Total PoE power sourcing capacity

The 645 W AC and 645 W DC power supplies support the following capacities:

  • 255 W PoE on a single power supply, or with redundancy using the two power supply option

  • 510 W PoE using the two power supply option operating as nonredundant

Per-port power limit

31.2 W

Power management modes

  • Static: Power allocated for each interface can be configured

  • Class: Power allocation for interfaces is decided based on the class of powered device connected

Accessing the SRX550 High Memory Services Gateway

The services gateway runs Junos OS. You can use two user interfaces to monitor, configure, troubleshoot, and manage the services gateway:

  • The J-Web interface: A Web-based graphical interface that allows you to operate a services gateway without commands. The J-Web interface provides access to all Junos OS functionality and features.

  • Junos OS command-line interface (CLI): Juniper Networks command shell that runs on top of a UNIX-based operating system kernel. The CLI is a straightforward command interface. On a single line, you type commands that are executed when you press the Enter key. The CLI provides command help and command completion.

In addition, you can also use Junos Space Security Director to define and manage security policies on the services gateway.

SRX550 High Memory Services Gateway Boot Devices and Dual-Root Partitioning Scheme

By default, the SRX550 High Memory Services Gateway boots from the following storage media (in order of priority):

  1. Internal CompactFlash card (default; always present)

  2. USB storage key (alternate)

Note:

When you explicitly boot the services gateway using the CLI and the services gateway has two USBs installed (one in slot 0 and the second in slot 1), if the USB in slot 0 fails, the booting sequence will not boot from the second USB installed in slot 1. Instead, the device will boot using the next storage media in its storage media booting priority list, the internal CompactFlash card.

The dual-root partitions allow the services gateways to remain functional if there is file system corruption and facilitate easy recovery of the corrupted file system.

The dual-root partitioning scheme keeps the primary and backup Junos OS images in two independently bootable root partitions. If the primary root partition is corrupted, the system will be able to boot from the backup Junos OS image located in the other root partition and remain fully functional.

When the services gateway powers up, it tries to boot Junos OS from the default storage media. If the device fails to boot from the default storage media, it tries to boot from the alternate storage media. With the dual-root partitioning scheme, the device first tries to boot Junos OS from the primary root partition and then from the backup root partition on the default storage media. If both primary and backup root partitions of a media fail to boot, then the device tries to boot Junos OS from the next available type of storage media. The services gateway remains fully functional even if it boots the Junos OS from the backup root partition of storage media.

Benefits of the SRX550 High Memory Services Gateway

  • Threat protection—The SRX550 High Memory services gateway supports next-generation firewall capabilities such as IPS and unified threat management (UTM) features including antivirus, antispam, and enhanced Web filtering.

  • Simplified deployment with minimal manual intervention—The Zero Touch Provisioning (ZTP) feature enables you to provision and configure the SRX550 High Memory services gateway automatically, thereby reducing operational complexity and simplifying the provisioning of new sites.