SRX5600 Firewall System Overview

The SRX5600 Firewall is a high-performance, highly scalable, carrier-class security device with multi-processor architecture.

The SRX5600 Firewall is 8 rack units (U) tall. Three of these devices can be stacked in a single floor-to-ceiling rack, for increased port density per unit of floor space.

The firewall provides eight slots that you can populate with two Switch Control Boards (SCBs) and six other cards of the following types:

• Services Processing Cards (SPCs) provide the processing capacity to run integrated services such as firewall, IPsec, and IDP.

• Modular PIC Concentrators (MPCs) provide Ethernet interfaces that connect the firewall to your network.

• I/O cards (IOCs) provide Ethernet interfaces that connect the firewall to your network.

• Flex IOCs are similar to IOCs, but have slots for port modules that allow you greater flexibility in adding different types of Ethernet ports to your firewall.

For detailed information about the cards supported by the firewall, see the SRX5400, SRX5600, and SRX5800 Firewall Card Reference at www.juniper.net/documentation/.

• The next generation SPCs and IOCs on the SRX5600 Firewall support up to 570 IMIX Gbps firewall throughput, 180 million concurrent sessions, and 460 Gbps IPS.The ability to support unique security policies per zone and ability to scale with the growth of the network infrastructure, makes the SRX5600 an ideal deployment for consolidation of services in large enterprise, service provider, or mobile operator environments.

• IPS Capabilities - Juniper Networks IPS capabilities offer several unique features such as Protocol decodes, Zero-day protection, Active/active traffic monitoring, and packet capture logging per rule assure the highest level of network security.

• Content Security Content Security Capabilities - The Content Security services offered on the SRX5000 line of firewalls include industry-leading antivirus, antispam, content filtering, and additional content security services.

  The Content Security services provide sophisticated protection from:

  • Antivirus experts against malware attacks that can lead to data breaches and lost productivity.

  • Advanced persistent threats perpetrated through social networking attacks and the latest phishing scams with sophisticated e-mail filtering and content blockers.

  • Lost productivity and the impact of malicious URLs and extraneous or malicious content on the network to help maintain bandwidth.

• Advanced Threat Prevention (ATP) - Juniper ATP Cloud, a SaaS-based service, and the Juniper ATP Appliance, an on-premises solution:

  • Protects enterprise users from a spectrum of advanced malware that exploits “zero-day” vulnerabilities.

  • Proactively blocks malware communication channels.

  • The Juniper ATP Appliance includes support for cloud-based e-mail services such as Office 365 and Google Mail, and detects threats in SMB traffic.

  • Single pane-of-glass management with Security Director and JSA Series integration.

Field-replaceable units (FRUs) are firewall components that can be replaced at the customer site. The Firewall uses the following types of FRUs:

Table 1 lists the FRUs of the firewall and the action to perform to install, remove, or replace an FRU.

The following major hardware components are redundant:

• SCBs—The host subsystem consists of a Routing Engine installed in an SCB. The device must have one host subsystem installed. You can install a second SCB for redundancy. If a second SCB is installed, the host subsystem SCB functions as the primary and the other functions as the backup. If the SCB of the host subsystem fails, the other SCB takes over as the primary.

• Power supplies—In the low-line (110 V) AC power configuration, the device contains three or four AC power supplies, located horizontally at the rear of the chassis in slots PEM0 through PEM3 (left to right). Each AC power supply provides power to all components in the device. When three power supplies are present, they share power almost equally within a fully populated system. Four AC power supplies provide full power redundancy. If one power supply fails or is removed, the remaining power supplies instantly assume the entire electrical load without interruption. Three power supplies provide the maximum configuration with full power for as long as the device is operational.

  In the high-line (220 V) AC power configuration, the device contains two or four AC power supplies located horizontally at the rear of the chassis in slots PEM0 through PEM3 (left to right). Each AC power supply provides power to all components in the device. When two or more power supplies are present, they share power almost equally within a fully populated system. Four AC power supplies provide full power redundancy. If one power supply fails or is removed, the remaining power supplies instantly assume the entire electrical load without interruption. Two power supplies provide the maximum configuration with full power for as long as the device is operational.

  In the DC configuration, two power supplies are required to supply power to a fully configured device. One power supply supports approximately half of the components in the device, and the other power supply supports the remaining components. The addition of two power supplies provides full power redundancy. If one power supply fails or is removed, the remaining power supplies instantly assume the entire electrical load without interruption. Two power supplies provide the maximum configuration with full power for as long as the device is operational.

• Cooling system—The cooling system has redundant components, which are controlled by the host subsystem. If one of the fans fails, the host subsystem increases the speed of the remaining fans to provide sufficient cooling for the firewall indefinitely.