Hardware
-
New SRX1600 Firewall—Starting in Junos OS Release 23.4R1, we introduce the SRX1600 Firewall. The SRX1600 Firewall is an entry-level firewall that consolidates firewall and security features. The SRX1600 is ideal for small-medium enterprise edge, campus edge, data center edge, and secure VPN router deployments for distributed enterprise use cases.
Table 1: Features Supported on SRX1600 Firewall Feature
Description
Chassis
-
Chassis and FRU management support, including:
-
Temperature threshold monitoring using sensors
-
Power supply unit
-
PIC detection
-
Fabric management
-
Fan speed adjustment as per EM policy
[See Chassis-Level User Guide.]
-
-
Resiliency support for the following hardware components:
-
CPU
-
PCI
-
Memory
-
I2C (Inter-Integrated Circuit)
-
Temperature sensor
-
Two power supply units (PSUs) in 1+1 redundancy mode
-
Fan
Hardware resiliency monitors hardware devices periodically, performs alarm management, and takes corrective actions if an anomaly is persistently encountered.
[See Chassis-Level User Guide.]
-
Chassis Cluster
-
Chassis cluster support, including:
-
Dual redundant fabric ports
-
Redundant interfaces (reth) and redundancy groups for failovers
-
Monitoring process (flowd and chassisd)
-
Management of control link (HLd, JSRPd)
-
Configuration synchronization, Routing Engine kernel synchronization, and session data synchronization (RTO)
-
Fault monitors, event registers, and failover facilities
-
-
Support for dual control links with MACsec
[See Media Access Control Security (MACsec) on Chassis Cluster
-
Support for In-Service Software Upgrade (ISSU).
[See Upgrading Both Devices in a Chassis Cluster Using ISSU.]
Class of service (CoS)
-
Support for CoS.
Flow monitoring -
Support for strict packet order for multicast.
[See flow (Security Flow).]
-
Increased flow session capacity of 5 million sessions. You can enable the increased flow session capacity using the
set security forwarding-process scaled-l4-firewall-mode
CLI command.[See Flow-Based Performance.]
Hardware -
The SRX1600 is a 1-U chassis with the following ports and supports both AC and DC variants:
-
Sixteen 1Gigabit-Ethernet (GbE) BASE-T ports
-
Four 10GbE SFP+ MACsec ports
-
Two 25GbE SFP28 MACsec ports
-
Two 1GbE SFP HA MACsec ports
To install the SRX1600 hardware and perform initial software configuration, routine maintenance, and troubleshooting, see SRX1600 Firewall Hardware Guide.
[See Feature Explorer https://apps.juniper.net/feature-explorer/ for the complete list of features for any platform.]
-
High availability (HA) and resiliency
-
Support for BFD:
-
Support up to 3 x 300 msec failure detection time
-
Support up to 100 BFD sessions
[See Understanding BFD for Static Routes for Faster Network Failure Detection and Understanding How BFD Detects Network Failures.]
-
-
Support for Multinode High Availability:
[See Multinode High Availability.]
Interfaces
-
Supports three PICs (PIC 0, PIC 1, and PIC 2) with 1 Gbps, 25 Gbps, and 10 Gbps speeds:
- PIC 1 supports three different speed modes; 1 Gbps, 10 Gbps, and 25 Gbps.
-
PIC 2 supports mixed speed of 1 Gbps or 10 Gbps.
Junos OS creates the PIC 0 by default.
- The Junos OS creates PIC 1 and PIC 2 interfaces once you install the Optics module.
[See SRX1600 Port Speed Overview.]
Junos Telemetry Interface
Junos telemetry interface (JTI) streaming support for the following sensors:
-
System log messages (/junos/events/)
-
Memory utilization for routing protocol tasks (/junos/task-memory-information/)
-
Interfaces (/interfaces/)
-
Hardware operational states for Routing Engine, power supply units (PSUs), switch fabric boards, control boards, switch interface boards, MICs, and PICs (/components/)
-
Sensor for flow sessions (/junos/security/spu/flow/)
Layer 2 features
-
Support for Layer 2 transparent mode.
[See Ethernet Switching and Layer 2 Transparent Mode Overview.]
-
Support for secure wire.
-
Support for 802.1X authentication protocol in transparent mode.
[See 802.1X Authentication.]
Layer 7 security features -
Support for advanced policy-based routing (APBR) .
-
Support for application identification (APPID).
[See APPID Overview.]
-
Support for application quality of experience (AppQoE).
-
Support for application quality of service (AppQoS).
[See Application QoS.]
-
Support for Content Security.
[See Content Security Overview.]
-
Support for intrusion detection and prevention (IDP).
-
Support for Juniper Advanced Threat Prevention (ATP) Cloud.
[See File Scanning Limits and Troubleshooting Juniper Advanced Threat Prevention Cloud: Checking the application-identification License.]
-
Support for Juniper Networks Deep Packet Inspection-Decoder (JDPI).
[See Overview.]
-
Support for SSL proxy.
[See SSL Proxy.]
MACsec
-
Support for Media Access Control Security (MACsec) in static CAK mode with GCM-AES-128, GCM-AES-256, GCM-AES-XPN-128, and GCM-AES-XPN-256 encryption.
Network management and monitoring
-
Support for the filter based packet capture which captures the real-time data packets traveling over the network.
[See Example: Configure a Firewall Filter for Packet Capture.]
Remote access
-
Support for remote access using Juniper Secure Connect Client.
Routing policy and firewall filters
-
Support for firewall filters.
[See Firewall Filters Overview.]
Routing protocol
Support for the following routing protocols:
-
RIPv1, RIPv2, and RIPng
[See RIP and RIPng Overview.]
-
OSPFv2 and OSPFv3
[See Introduction to OSPF.]
-
BGP
[See BGP Overview.]
-
Multicast, IGMP, and PIM
[See Multicast Overview, Configuring IGMP, and PIM Overview.]
-
Virtual Routers
[See Understanding VRRP.]
-
Static Route
-
LACP
-
VLAN tagging
[See Configuring VLAN Tagging.]
Services applications
-
Support for Application Layer Gateway (ALG).
[See ALG Overview.]
-
Support for Domain Name System (DNS)
[See Understanding and Configuring DNS, DNS ALG, DNS Proxy Overview, DNS Names in Address Books, and DNSSEC Overview.]
-
Support for user authentication.
[See User Authentication Overview.]
-
Support for security policies.
-
Support for security zones.
[See Security Zones.]
-
Support for Network Address Translation (NAT).
[See NAT Configuration Overview.]
-
Support for screens options for attack detection and prevention.
-
Support for traffic processing.
-
Support for integrated user firewall.
-
Support for IPsec VPN with iked process. Support for the Policy-based VPN and Group VPN is not yet available.
-
Support for PowerMode IPsec (PMI).
[See PowerMode IPsec.]
-
Support for DHCP.
[See DHCP Overview.]
-
Support for GPRS Tunneling Protocol (GTP) and Stream Control Transmission Protocol (SCTP).
[See Monitoring GTP Traffic and SCTP Overview.]
-
Support for on-box reporting.
[See report (Security Log).]
-
Support for inline active flow monitoring
-
Support for Two-Way Active Measurement Protocol (TWAMP)
-
Support for real-time performance monitoring (RPM).
-
Support for logical systems.
[See Logical Systems Overview.]
Software installation and upgrade
-
Support for BIOS, Secure Boot and Bootloader.
[See Secure Boot.]
-
Support for Jfirmware.
[See request system firmware upgrade and show system firmware.]
-
Support for NVMe SSD Software.
[See Upgrading the SSD Firmware on Routing Engines with VM Host Support.]
-
Support for secure ZTP.
-
Support for switching between secure ZTP and ZTP on secure platforms.
[See Switching between Secure Zero Touch Provisioning and Zero Touch Provisioning.]
User access and authentication administration
-
Support for trusted platform module
[See Overview.]
-
-
New SRX2300 Firewall—Starting in Junos OS Release 23.4R1, we introduce the mid-range SRX2300 Firewall. The SRX2300 Firewall provides next-generation firewall capabilities and advanced threat detection and mitigation. This firewall is ideal for small-medium enterprise edge, campus edge, data center edge firewall and secure VPN router deployments for distributed enterprise use-cases.
Table 2: Features Supported on SRX2300 Firewall Feature
Description
Chassis
-
Support for chassis management and temperature monitoring infrastructure
[See Chassis-Level User Guide.]
Chassis Cluster
-
Support for ISSU and dual control links with MACsec
[See Upgrading a Chassis Cluster Using In-Service Software Upgrade and Media Access Control Security (MACsec) on Chassis Cluster.]
Class of service (CoS)
-
Support for CoS
Hardware
-
The SRX2300 is a 1-U chassis with the following ports. All the ports are MACsec capable ports:
-
Eight 10Gigabit-Ethernet (GbE) BASE-T ports
-
Eight 10GbE SFP+ ports
-
Four 25GbE SFP28 ports
-
Two 100GbE QSFP28 ports
-
Two 1GbE SFP HA ports
To install the SRX2300 hardware and perform initial software configuration, routine maintenance, and troubleshooting, see SRX2300 Firewall Hardware Guide.
[See Feature Explorer https://apps.juniper.net/feature-explorer/ for the complete list of features for any platform.]
-
High availability (HA) and resiliency
-
Support for BFD
-
Support up to 3 x 300 msec failure detection time
-
Support up to 100 BFD sessions
[See Understanding BFD for Static Routes for Faster Network Failure Detection and Understanding How BFD Detects Network Failures.]
-
-
Support for Multinode High Availability
[See Multinode High Availability.]
Interfaces
Supports four PICs (PIC 0, PIC 1, PIC 2, and PIC 3) with the following interfaces:
-
PIC 0 has eight Base-T interfaces
-
PIC 1 has eight SFP+ interfaces
-
PIC 2 has four SFP28 interfaces
-
PIC 3 has two QSFP28 interfaces
The Junos OS creates PIC 0 ports by default. You can channelize the QSFP28 (PIC 3) ports into 4x25 Gbps and 4x10 Gbps.
[See SRX2300 Port Speed Overview.]
Junos Telemetry Interface
Junos telemetry interface (JTI) streaming support for the following sensors:
-
System log messages (/junos/events/)
-
Memory utilization for routing protocol tasks (/junos/task-memory-information/)
-
Interfaces (/interfaces/)
-
Hardware operational states for Routing Engine, power supply units (PSUs), switch fabric boards, control boards, switch interface boards, MICs, and PICs (/components/)
-
Sensor for flow sessions (/junos/security/spu/flow/)
Layer 7 security features
-
Support for advanced policy-based routing (APBR)
-
Support for application identification (APPID)
[See APPID Overview.]
-
Support for application quality of experience (AppQoE)
-
Support for application quality of service (AppQoS)
[See Application QoS.]
-
Support for Content Security
[See Content Security Overview.]
-
Support for intrusion detection and prevention (IDP)
-
Support for Juniper Advanced Threat Prevention (ATP) Cloud
[See File Scanning Limits.]
-
Support for Juniper Networks Deep Packet Inspection-Decoder (JDPI)
[See Overview.]
-
Support for SSL proxy
[See SSL Proxy.]
MACsec
-
Support for Media Access Control Security (MACsec)
Network management and monitoring
-
Support for the filter based packet capture which captures the real-time data packets traveling over the network. Support for data path debugging is not yet available.
[See Example: Configure a Firewall Filter for Packet Capture.]
Services applications
-
Support for Application Layer Gateway (ALG)
[See ALG Overview.]
-
Support for Domain Name System (DNS)
[See Understanding and Configuring DNS, DNS ALG, DNS Proxy Overview, DNS Names in Address Books, and DNSSEC Overview.]
-
Support for user authentication
[See User Authentication Overview.]
-
Support for security policies
-
Support for security zones
[See Security Zones.]
-
Support for Network Address Translation (NAT)
[See NAT Configuration Overview.]
-
Support for screens options for attack detection and prevention
-
Support for traffic processing
-
Support for integrated user firewall
- Support for IPsec VPN with iked process. Support for the Policy-based VPN and Group VPN is not yet available.
-
Support for PowerMode IPsec (PMI)
[See PowerMode IPsec.]
-
Support for DHCP
[See DHCP Overview.]
-
Support for GPRS Tunneling Protocol (GTP) and Stream Control Transmission Protocol (SCTP)
[See Monitoring GTP Traffic and SCTP Overview.]
-
Support for on-box reporting
[See report (Security Log).]
-
Support for inline active flow monitoring
-
Support for Two-Way Active Measurement Protocol (TWAMP)
-
Support for real-time performance monitoring (RPM)
-
Support for logical systems
[See Logical Systems Overview.]
Software Installation and Upgrade
-
Support for BIOS, Secure Boot and boot loader
[See Secure Boot.]
-
Support for Jfirmware
[See request system firmware upgrade and show system firmware.]
-
Support for secure ZTP
User access and authentication administration
-
Support for trusted platform module
[See Overview.]
-
-
New AC PSU and Active Blank for MX Series Routers—Starting in Junos OS Release 23.4R1, we introduce a new AC Power Supply Unit or PSU (JNPR10K-PWR-AC3), and active blank (JNP10K-PWR-BLN3) for MX10004 and MX10008 routers.
The new JNP10K-PWR-AC3 power supply is a high capacity model that is designed to support AC systems in a 15-A and 20-A mode.
The JNP10K-PWR-BLN3 active blank, as part of the power supply, helps in airflow and cooling in the MX router.
[See MX10004 Power System and MX10008 Power System.]