Hardware

New SRX4120 Firewall—The SRX4120 Firewall provides next-generation firewall capabilities and advanced threat detection and mitigation. This firewall is ideal for small-medium enterprise edge, campus edge, data center edge firewall and secure VPN router deployments for distributed enterprise use-cases.

Table 1: Features Supported on SRX4120 Firewall
Feature	Description
Chassis	Support for chassis management and temperature monitoring infrastructure [See Chassis-Level User Guide.]
Chassis Cluster	Support for ISSU and dual control links with MACsec [See Upgrading a Chassis Cluster Using In-Service Software Upgrade and Media Access Control Security (MACsec) on Chassis Cluster.]
Class of service (CoS)	Support for CoS [See Understanding Class of Service.]
Hardware	The SRX4120 is a 1-U chassis with the following ports. All the ports are MACsec capable ports: Eight 10Gigabit-Ethernet (GbE) BASE-T ports Eight 10GbE SFP+ ports Four 1/10/25GbE SFP28 ports Two 40/100GbE QSFP28 ports Two 1GbE SFP HA ports To install the SRX4120 hardware and perform initial software configuration, routine maintenance, and troubleshooting, see SRX4120 Firewall Hardware Guide. [See Feature Explorer for the complete list of features for any platform.]
High availability (HA) and resiliency	Support for BFD Support up to 3 x 300 msec failure detection time Support up to 100 BFD sessions [See Understanding BFD for Static Routes for Faster Network Failure Detection and Understanding How BFD Detects Network Failures.] Support for Multinode High Availability [See Multinode High Availability.]
Interfaces	Supports four PICs (PIC 0, PIC 1, PIC 2, and PIC 3) with the following interfaces: PIC 0 has eight Base-T interfaces PIC 1 has eight SFP+ interfaces PIC 2 has four SFP28 interfaces PIC 3 has two QSFP28 interfaces The Junos OS creates PIC 0 ports by default. You can channelize the QSFP28 (PIC 3) ports into 4x25 Gbps and 4x10 Gbps. [See Port Speed on SRX Series Firewalls.]
Junos Telemetry Interface	Junos telemetry interface (JTI) streaming support for the following sensors: System log messages (/junos/events/) Memory utilization for routing protocol tasks (/junos/task-memory-information/) Interfaces (/interfaces/) Hardware operational states for Routing Engine, power supply units (PSUs), switch fabric boards, control boards, switch interface boards, MICs, and PICs (/components/) Sensor for flow sessions (/junos/security/spu/flow/) [See Junos YANG Data Model Explorer.]
Layer 7 security features	Support for advanced policy-based routing (APBR) [See Advanced Policy-Based Routing.] Support for application identification (APPID) [See Application Identification.] Support for application quality of experience (AppQoE) [See Application Quality of Experience.] Support for application quality of service (AppQoS) [See Application QoS.] Support for Content Security [See Content Security Overview.] Support for intrusion detection and prevention (IDP) [See Intrusion Detection and Prevention Overview.] Support for Juniper Advanced Threat Prevention (ATP) Cloud [See File Scanning Limits.] Support for Juniper Networks Deep Packet Inspection-Decoder (JDPI) [See Overview.] Support for Cloud Access Security Broker (CASB) [See Cloud Access Security Broker (CASB).] Support for SSL proxy [See SSL Proxy.]
MACsec	Support for Media Access Control Security (MACsec) [See Understanding Media Access Control Security (MACsec).]
Network management and monitoring	Support for the filter based packet capture which captures the real-time data packets traveling over the network. Support for data path debugging is not yet available. [See Example: Configure a Firewall Filter for Packet Capture.]
Services applications	Support for Application Layer Gateway (ALG) [See ALG Overview.] Support for Domain Name System (DNS) [See Understanding and Configuring DNS, DNS ALG, DNS Proxy Overview, DNS Names in Address Books, and DNSSEC Overview.] Support for user authentication [See User Authentication Overview.] Support for security zones [See Security Zones.] Support for Network Address Translation (NAT) [See NAT Overview.] Support for screens options for attack detection and prevention [See Screens Options for Attack Detection and Prevention.] Support for traffic processing [See Traffic Processing on SRX Series Firewalls Overview.] Support for user identity [See Identity Aware Firewall.] Support for PowerMode IPsec (PMI) [See PowerMode IPsec.] Support for DHCP [See DHCP Overview.] Support for GPRS Tunneling Protocol (GTP) and Stream Control Transmission Protocol (SCTP) [See Monitoring GTP Traffic and SCTP Overview.] Support for on-box reporting [See report (Security Log).] Support for inline active flow monitoring [See Understand Inline Active Flow Monitoring.] Support for Two-Way Active Measurement Protocol (TWAMP) [See Understand Two-Way Active Measurement Protocol.] Support for real-time performance monitoring (RPM) [See Real-Time Performance Monitoring for SRX Devices.] Support for logical systems [See Logical Systems Overview.]
Software Installation and Upgrade	Support for BIOS, Secure Boot and boot loader [See Secure Boot.] Support for Jfirmware [See request system firmware upgrade and show system firmware.] Support for secure ZTP [See Secure Zero Touch Provisioning.]
User access and authentication administration	Support for trusted platform module [See SZTP Infrastructure Components.]