Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


Supported Features in CSDS

SUMMARY Read this topic to know about the various features supported in the CSDS Architecture to help you prepare for the deployment.

The solution offers carrier class security services such as:

  • Stateful Firewall (Stateful FW)
  • IPsec VPN
  • Carrier-grade NAT (CGNAT)

Stateful Firewall Services

The solution provides stateful firewall services offering an extra layer of security by using state information derived from past communications and other applications to make dynamic control decisions for new communication attempts. The stateful firewall service flow is identified by—source address, source port, destination address, destination port and protocol. The SRX Series Firewall enforces security policies to control transit traffic in terms of the traffic that can pass through the firewall, and the actions that need to take place on the traffic as it passes through the firewall.

See Security Policies User Guide for Security Devices for more details.


The SRX Series Firewalls offer high-performance network security gateway solutions such as IPsec VPN with CSDS Architecture. As part of the IPsec VPN service, the solution offers encrypted tunnels for secure communications with IKE gateways. The solution supports the following features:

  • Route based VPNs
  • NAT-T
  • AutoVPN
  • Remote Access VPN using Juniper Secure Connect
  • Dead Peer Detection (DPD)
  • Power Mode IPsec VPN
  • Initiator Mode VPN without load balancing/scale-out support. Ensure that the initiator and the responder do not coexist on the same SRX Series Firewalls group.

See IPsec VPN User Guide for more details.

Carrier-Grade NAT

The CSDS Architecture provides carrier-grade NAT and Network Address Port Translation (NAPT) functionality for translating IP and port addresses. The solution supports the following features:

  • NAPT44
  • NAPT44 with Persistent-NAT
  • NAPT44 with Address-Persistent
  • Deterministic NAT44
  • NAT with Policy
  • NAT with Port-Overloading
  • NAT with Hairpinning
  • NAT with ALGs

See Network Address Translation User Guide for more details.