Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

SRX5800 Firewall System Overview

SRX5800 Firewall Description

The SRX5800 Firewall is a high-performance, highly scalable, carrier-class security device with multi-processor architecture.

The firewall provides 12 slots that you can populate with 2 or 3 Switch Control Boards (SCBs) and up to 12 additional cards of the following types:

  • Services Processing Cards (SPCs) provide the processing capacity to run integrated services such as firewall, IPsec, and IDP.

  • Modular PIC Concentrators (MPCs) provide Ethernet interfaces that connect the firewall to your network.

  • I/O cards (IOCs) provide Ethernet interfaces that connect the firewall to your network.

  • Flex IOCs are similar to IOCs, but have slots for port modules that allow you greater flexibility in adding different types of Ethernet ports to your firewall.

For detailed information about the cards supported by the firewall, see the SRX5400, SRX5600, and SRX5800 Firewall Card Reference at www.juniper.net/documentation/.

Benefits of the SRX5800 Firewall

  • The SRX5800 Firewall is the market-leading security solution supporting up to 1.2 Tbps firewall throughput and latency as low as 32 microseconds for stateful firewall, 395 million concurrent sessions, and 1 Tbps IPS.Equipped with the full range of advanced security services, massive performance, scalability, and flexibility make the SRX5800 ideal for securing large enterprise, hosted, or colocated data centers, mobile operator environments, densely consolidated processing environments, cloud and managed service providers.

  • IPS Capabilities - Juniper Networks IPS capabilities offer several unique features such as Protocol decodes, Zero-day protection, Active/active traffic monitoring, and packet capture logging per rule assure the highest level of network security.

  • Content Security Content Security Capabilities - The Content Security services offered on the SRX5000 line of Firewalls include industry-leading antivirus, antispam, content filtering, and additional content security services.

    The Content Security services provide sophisticated protection from:

    • Antivirus experts against malware attacks that can lead to data breaches and lost productivity.

    • Advanced persistent threats perpetrated through social networking attacks and the latest phishing scams with sophisticated e-mail filtering and content blockers.

    • Lost productivity and the impact of malicious URLs and extraneous or malicious content on the network to help maintain bandwidth.

  • Advanced Threat Prevention (ATP) - Juniper ATP Cloud, a SaaS-based service, and the Juniper ATP Appliance, an on-premises solution:

    • Protects enterprise users from a spectrum of advanced malware that exploits “zero-day” vulnerabilities.

    • Proactively blocks malware communication channels.

    • The Juniper ATP Appliance includes support for cloud-based e-mail services such as Office 365 and Google Mail, and detects threats in SMB traffic.

    • Single pane-of-glass management with Security Director and JSA Series integration.

SRX5800 Firewall Field-Replaceable Units

Field-replaceable units (FRUs) are firewall components that can be replaced at the customer site. The firewall uses the following types of FRUs:

Table 1 lists the FRUs of the firewall and the action to perform to install, remove, or replace an FRU.

Table 1: Field-Replaceable Units

Field-Replaceable Units (FRUs)

Action

Air filter

You need not power off the firewall to install, remove, or replace any of these FRUs.

Fan tray

Craft interface

AC and DC power supplies (if redundant)

SFP and XFP transceivers

IOCs

Power off the firewall to install, remove, or replace any of these FRUs.

Flex IOCs

Port modules of the Flex IOCs

Routing Engine

SCBs

SPCs

MPCs

MICs

SRX5800 Firewall Component Redundancy

The following major hardware components are redundant:

  • Switch Control Boards (SCBs)—The SRX5800 Firewall has two SCBs installed and you can install a third SCB for switch fabric redundancy. The SCB of the host subsystem functions as the primary and the others function as backup. If the SCB of the host subsystem fails, one of the other SCBs takes over as the primary.

    Note:

    The SRX5800 Firewall supports a redundant SCB, provided the SCB is a SRX5K-SCBE (SCB2) running Junos OS Release 12.1X47-D15 and later, or a SRX5K-SCB3 (SCB3) running Junos OS Release 15.1X49-D10 and later.The SRX5800 Firewall does not support a redundant SCB (third SCB) card if SRX5K-SPC-4-15-320 (SPC2) is installed with SCB1 (SRX5K-SCB). If you have installed a SPC2 on a SRX5800 Firewall with a redundant SCB1 card, make sure to remove the redundant SCB1 card.

  • Power supplies—When powered by standard-capacity AC power supplies, a minimum of three power supplies are required to supply power to a fully configured firewall. All AC power supplies share the load evenly. The addition of a fourth power supply provides full power redundancy. If one power supply fails in a redundant configuration, the three remaining power supplies provide full power.

    When powered by DC power supplies or high-capacity AC power supplies, two power supplies are required to supply power to a fully configured firewall. One power supply supports approximately half of the components in the firewall, and the other power supply supports the remaining components. The installation of two additional power supplies provides full power redundancy. If one or two power supplies fail, the remaining power supplies can provide full power to the firewall.

  • Cooling system—The cooling system has redundant components, which are controlled by the host subsystem. If one of the fans fails, the host subsystem increases the speed of the remaining fans to provide sufficient cooling for the firewall indefinitely.