- play_arrow Site Planning, Preparation, and Specifications
- play_arrow Initial Installation and Configuration
- play_arrow Maintaining Components
- play_arrow Troubleshooting Hardware
- play_arrow Contacting Customer Support and Returning the Chassis or Components
- play_arrow Safety and Compliance Information
- General Safety Guidelines and Warnings
- Definitions of Safety Warning Levels
- Restricted Access Area Warning
- Fire Safety Requirements
- Qualified Personnel Warning
- Warning Statement for Norway and Sweden
- Installation Instructions Warning
- Chassis and Component Lifting Guidelines
- Ramp Warning
- Rack-Mounting and Cabinet-Mounting Warnings
- Grounded Equipment Warning
- Laser and LED Safety Guidelines and Warnings
- Radiation from Open Port Apertures Warning
- Maintenance and Operational Safety Guidelines and Warnings
- General Electrical Safety Guidelines and Warnings
- Prevention of Electrostatic Discharge Damage
- AC Power Electrical Safety Guidelines
- AC Power Disconnection Warning
- DC Power Electrical Safety Guidelines
- DC Power Disconnection Warning
- DC Power Grounding Requirements and Warning
- DC Power Wiring Sequence Warning
- DC Power Wiring Terminations Warning
- Multiple Power Supplies Disconnection Warning
- TN Power Warning
- Action to Take After an Electrical Accident
- SRX5800 Firewall Agency Approvals
- SRX5800 Firewall Compliance Statements for EMC Requirements
SRX5800 Firewall System Overview
SRX5800 Firewall Description
The SRX5800 Firewall is a high-performance, highly scalable, carrier-class security device with multi-processor architecture.
The firewall provides 12 slots that you can populate with 2 or 3 Switch Control Boards (SCBs) and up to 12 additional cards of the following types:
Services Processing Cards (SPCs) provide the processing capacity to run integrated services such as firewall, IPsec, and IDP.
Modular PIC Concentrators (MPCs) provide Ethernet interfaces that connect the firewall to your network.
I/O cards (IOCs) provide Ethernet interfaces that connect the firewall to your network.
Flex IOCs are similar to IOCs, but have slots for port modules that allow you greater flexibility in adding different types of Ethernet ports to your firewall.
For detailed information about the cards supported by the firewall, see the SRX5400, SRX5600, and SRX5800 Firewall Card Reference at www.juniper.net/documentation/.
Benefits of the SRX5800 Firewall
The SRX5800 Firewall is the market-leading security solution supporting up to 1.2 Tbps firewall throughput and latency as low as 32 microseconds for stateful firewall, 395 million concurrent sessions, and 1 Tbps IPS.Equipped with the full range of advanced security services, massive performance, scalability, and flexibility make the SRX5800 ideal for securing large enterprise, hosted, or colocated data centers, mobile operator environments, densely consolidated processing environments, cloud and managed service providers.
IPS Capabilities - Juniper Networks IPS capabilities offer several unique features such as Protocol decodes, Zero-day protection, Active/active traffic monitoring, and packet capture logging per rule assure the highest level of network security.
Content Security Content Security Capabilities - The Content Security services offered on the SRX5000 line of Firewalls include industry-leading antivirus, antispam, content filtering, and additional content security services.
The Content Security services provide sophisticated protection from:
Antivirus experts against malware attacks that can lead to data breaches and lost productivity.
Advanced persistent threats perpetrated through social networking attacks and the latest phishing scams with sophisticated e-mail filtering and content blockers.
Lost productivity and the impact of malicious URLs and extraneous or malicious content on the network to help maintain bandwidth.
Advanced Threat Prevention (ATP) - Juniper ATP Cloud, a SaaS-based service, and the Juniper ATP Appliance, an on-premises solution:
Protects enterprise users from a spectrum of advanced malware that exploits “zero-day” vulnerabilities.
Proactively blocks malware communication channels.
The Juniper ATP Appliance includes support for cloud-based e-mail services such as Office 365 and Google Mail, and detects threats in SMB traffic.
Single pane-of-glass management with Security Director and JSA Series integration.
SRX5800 Firewall Field-Replaceable Units
Field-replaceable units (FRUs) are firewall components that can be replaced at the customer site. The firewall uses the following types of FRUs:
Table 1 lists the FRUs of the firewall and the action to perform to install, remove, or replace an FRU.
Field-Replaceable Units (FRUs) | Action |
|---|---|
Air filter | You need not power off the firewall to install, remove, or replace any of these FRUs. |
Fan tray | |
Craft interface | |
AC and DC power supplies (if redundant) | |
SFP and XFP transceivers | |
IOCs | Power off the firewall to install, remove, or replace any of these FRUs. |
Flex IOCs | |
Port modules of the Flex IOCs | |
Routing Engine | |
SCBs | |
SPCs | |
MPCs | |
MICs |
SRX5800 Firewall Component Redundancy
The following major hardware components are redundant:
Switch Control Boards (SCBs)—The SRX5800 Firewall has two SCBs installed and you can install a third SCB for switch fabric redundancy. The SCB of the host subsystem functions as the primary and the others function as backup. If the SCB of the host subsystem fails, one of the other SCBs takes over as the primary.
Note:The SRX5800 Firewall supports a redundant SCB, provided the SCB is a SRX5K-SCBE (SCB2) running Junos OS Release 12.1X47-D15 and later, or a SRX5K-SCB3 (SCB3) running Junos OS Release 15.1X49-D10 and later.The SRX5800 Firewall does not support a redundant SCB (third SCB) card if SRX5K-SPC-4-15-320 (SPC2) is installed with SCB1 (SRX5K-SCB). If you have installed a SPC2 on a SRX5800 Firewall with a redundant SCB1 card, make sure to remove the redundant SCB1 card.
Power supplies—When powered by standard-capacity AC power supplies, a minimum of three power supplies are required to supply power to a fully configured firewall. All AC power supplies share the load evenly. The addition of a fourth power supply provides full power redundancy. If one power supply fails in a redundant configuration, the three remaining power supplies provide full power.
When powered by DC power supplies or high-capacity AC power supplies, two power supplies are required to supply power to a fully configured firewall. One power supply supports approximately half of the components in the firewall, and the other power supply supports the remaining components. The installation of two additional power supplies provides full power redundancy. If one or two power supplies fail, the remaining power supplies can provide full power to the firewall.
Cooling system—The cooling system has redundant components, which are controlled by the host subsystem. If one of the fans fails, the host subsystem increases the speed of the remaining fans to provide sufficient cooling for the firewall indefinitely.