Hardware

New SRX4700 Firewall—The SRX4700 is a 1-RU fixed form-factor firewall offering next-generation firewall capabilities. The SRX4700 targets medium to large enterprise edge, campus edge, data center edge firewall, data center core firewall, and secure VPN concentrator or router for distributed enterprise use cases. These use cases include SD-WAN, and service provider roaming firewall, N6/Gi firewall, distributed security gateway, and core security gateway.

Table 1: SRX4700 Firewall Feature Support
Feature	Description
Chassis	Chassis management support. The SRX4700 supports chassis management features, such as: Facilitate maintenance and system upgrades. Manage voltage and temperature sensors to improve system reliability and stability. Offer clear visual indicators through LED control for system components, aiding quick diagnostics and status evaluations. Optimize thermal management by adjusting fan speeds based on conditions, extending hardware lifespan, and assuring optimal operating conditions. Use the `show chassis enhanced-temperature-thresholds` command to view the temperature threshold values. [See show chassis enhanced-temperature-thresholds and Chassis-Level User Guide.]
Class of service (CoS)	Support for CoS [See Understanding Class of Service.]
Hardware	The SRX4700 is a compact 1-RU form factor, high-performance, next generation firewall offering scalable security services. The firewall supports 1.4-Tbps Internet mix (IMIX) throughput, making it ideal for service providers, cloud providers, and large enterprises. In addition, enterprises can deploy the SRX4700 as data center core and data center edge firewalls and as a secure SD-WAN hub. The SRX4700 is a 1-U chassis with the following ports: Two 400GbE QSFP-DD ports Ten 100GbE QSFP28 ports Sixteen 50GbE SFP56 ports Two 1GbE SFP HA ports [See SRX4700 Firewall Hardware Guide.]
High availability (HA) and resiliency	Support for BFD Support up to 3 x 300-millisecond (ms) failure detection time Support up to 100 BFD sessions [See Understanding BFD for Static Routes for Faster Network Failure Detection and Understanding How BFD Detects Network Failures.] Support for Multinode High Availability (MNHA) in active/backup mode in routing, hybrid, and default gateway deployments. [See Multinode High Availability.] Support for IPsec VPN tunnels in an MNHA setup [See IPsec VPN Support in Multinode High Availability.] Resiliency support for platform components on SRX4700 devices [See Resiliency.]
Install and Upgrade	Support for firmware (`jfirmware`) [See Installing and Upgrading Firmware, request system firmware upgrade, and show system firmware.] Support for BIOS, Secure Boot, and bootloader [See Upgrading the Boot Loader on SRX Series Devices and Junos OS Overview.] Support for secure zero-touch provisioning (SZTP) [See Secure Zero Touch Provisioning and Generate Secure ZTP Vouchers.] Support for switching between SZTP and ZTP [See Switching between Secure Zero Touch Provisioning and Zero Touch Provisioning.]
Interfaces	Port configuration and supported speeds. SRX4700 features a Packet Forwarding Engine logically divided into two identical Physical Interface Cards (PICs). Each PIC provides 14 front-panel ports configured with a mix of high-speed interfaces (1x400GbE, 5x100GbE, and 8x50GbE) ensuring a high-density networking solution for various high-throughput applications. [See Port Speed on SRX Series Firewalls.]
Junos telemetry interface	Support for telemetry streaming with operational state sensors under the following resource paths: /junos/events /junos/task-memory-information/ /interfaces/ /components/ /network-instances/network-instance/protocols/protocol/bgp/ /network-instances/network-instance/protocols/protocol/isis/levels/level/ /network-instances/network-instance/protocols/protocol/isis/interfaces/interface/ /network-instances/network-instance/mpls /lacp/ /lldp/ /arp-information/ /nd6-information/ /ipv6-ra/ [See Junos YANG Data Model Explorer.]
J-Web	J-Web support. You can monitor, configure, troubleshoot, and manage SRX4700 Firewalls using J-Web. [See The J-Web Setup Wizard, Dashboard Overview, Monitor Interfaces, and About Reports.]
Layer 7 security features	Support for advanced policy-based routing (APBR) [See Advanced Policy-Based Routing.] Support for application identification (AppID) [See Application Identification.] Support for application quality of experience (AppQoE) [See Application Quality of Experience.] Support for application quality of service (AppQoS) [See Application QoS.] Support for Content Security [See Content Security Overview.] Support for intrusion detection and prevention (IDP) [See Intrusion Detection and Prevention Overview.] Support for Juniper ATP Cloud [See File Scanning Limits.] Support for Juniper Networks Deep Packet Inspection-Decoder (JDPI-Decoder) [See Juniper Networks Deep Packet Inspection-Decoder (JDPI-Decoder).] Support for SSL proxy [See SSL Proxy.]
MACsec	Support for Media Access Control Security (MACsec) on physical interfaces for Layer 3 traffic. This implementation of MACsec supports: Alignment with IEEE 802.1AE and IEEE 802.1X-2010 standards Static connectivity association key (CAK) mode with preshared keys (PSKs) Switch-to-switch port protection The encryption types GCM-AES-128, GCM-AES-256, GCM-AES-XPN-128, and GCM-AES-XPN-256 Revenue port in standalone mode [See Configuring MACsec.]
Optics	Select your product in the Hardware Compatibility Tool to view supported transceivers, optical interfaces, and direct attach copper (DAC) cables for your platform or interface module. We update the HCT and provide the first supported release information when the optic becomes available [See Hardware Compatibility Tool.]
Services applications	Express Path [See Express Path Overview and enhanced-mode.] Support for Application Layer Gateway (ALG) [See ALG Overview.] Support for DNS [See Understanding and Configuring DNS, DNS ALG, DNS Proxy Overview, DNS Names in Address Books, and DNSSEC Overview.] Support for user authentication [See User Authentication Overview.] Support for security policies [See Configuring Security Policies.] Support for security zones [See Security Zones.] Support for Network Address Translation (NAT) [See NAT Configuration Overview.] Support for screens options for attack detection and prevention [See Screens Options for Attack Detection and Prevention.] Support for traffic processing [See Traffic Processing on SRX Series Firewalls Overview.] Support for integrated user firewall [See Configure Integrated User Firewall.] Support for PowerMode IPsec (PMI) [See PowerMode IPsec.] Support for DHCP [See DHCP Overview.] Support for GTP and SCTP [See Monitoring GTP Traffic and SCTP Overview.] Support for on-box reporting [See report (Security Log).] Support for inline active flow monitoring [See Understand Inline Active Flow Monitoring.] Support for TWAMP [See Understand Two-Way Active Measurement Protocol.] Support for RPM [See Real-Time Performance Monitoring for SRX Devices.] Support for logical systems [See Logical Systems Overview.]