Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
ON THIS PAGE
 

Interface Types and Configurations

This topic describes how to configure the core system settings and management interfaces required for the initial setup of the device.

Overview

The SRX4700 Firewall features two identical logical Packet Forwarding Engine (PFE) PICs (FPC 0 PIC 0 and FPC 0 PIC 1). Each PIC provides 14 front‑panel ports—comprising one 400GbE, five 100GbE, and eight 50GbE ports—for a total of 28 network ports, along with dedicated management and high‑availability (HA) ports.

The SRX4700 Firewall features high-speed network interfaces including:

  • Two 400GbE QSFP56-DD

  • Ten 100GbE QSFP28

  • Sixteen 50GbE SFP56 ports

  • Two 1GbE SFP high availability ports

  • 1GbE RJ-45 management port (fxp0/MGMT)

  • RJ-45 console port (CON).

Ports are organized by type and configured using PIC modes or profiles (A–E), with PIC mode C as the default at boot. Each profile defines the initial port‑speed layout per PIC (for example, Profile C provides 6×100GbE QSFP28 ports and 2×50GbE SFP56 ports). Once a profile is applied, individual port speeds can be fine‑tuned manually.

For more information see, SRX4700 - Port Checker and SRX4700 - Transceivers

PIC Mode and Port Profile Support by Junos OS Release

  • PIC Mode is supported starting with Junos OS Release 24.4R1‑S2.

  • Port Profiles (predefined profiles A–E with configurable port speeds) are introduced in Junos OS Release 24.4R1‑S3.

    Port Profiles are not available in Junos OS Release 24.4R1‑S2 but supported in Junos OS Release 24.4R1‑S3, 24.4R2, and 25.2R1.

  • 4×10G channelization is supported starting with Junos OS Release 25.4R1.

Port Speed on SRX4700 Firewall

SRX4700 Firewalls have two identical logical PICs with 14 front panel ports consisting of 1x400G, 5x100G, and 8x50G ports.

Table 1: Port Speed Details and Description
PIC Port Number Port Speeds Supported Default Speed and Details
PIC 0 0 (QSFP56-DD) One 100 Gbps or one 400 Gbps The default speed of port 0 on both PICs depends on the PIC mode. For example: If you select PIC mode A, the default speed is 400 Gbps. If you select PIC mode C, the default speed is 100 Gbps.

40 Gbps to 4x10 Gbps breakout using Port Profile D on PIC port 0.

Use port-profile D on PIC port 0 to enable 4x10G channelization. This splits a single 40GbE port into four 10GbE interfaces. Channelization support is with a fixed configuration of 1–4 subport range.
1–5 (QSFP28) 100 Gbps 100 Gbps
6–13 (SFP56) 50 Gbps 50 Gbps
25Gbps, 10Gbps, and 1Gbps in port profile mode 25Gbps, 10Gbps, and 1Gbps
PIC 1 0 (QSFP56-DD) One 100 Gbps or one 400 Gbps The default speed of port 0 on both PICs depends on the PIC mode. For example: If you select PIC mode A, the default speed is 400 Gbps. If you select PIC mode C, the default speed is 100 Gbps.

40 Gbps to 4x10 Gbps breakout using Port Profile D on PIC port 0

Use port-profile D on PIC port 0 to enable 4x10G channelization. This splits a single 40GbE port into four 10GbE interfaces. Channelization support is with a fixed configuration of 1–4 subport range.
1–5 (QSFP28) 100 Gbps 100 Gbps
6–13 (SFP56) 50 Gbps 50 Gbps
25 Gbps, 10 Gbps, and 1 Gbps in port profile mode 25Gbps, 10Gbps, and 1Gbps

To view the supported transceivers, optical interfaces, and DAC cables on SRX4700 Firewalls, see Hardware Compatibility Matrix.

Table 2: Port Speed Support on Each Port in a PIC
Speed/Port 0 1 2 3 4 5 6 7 8 9 10 11 12 13
400 G Y                          
100 G Y Y Y Y Y Y                
40 G Y                          
50 G             Y Y Y Y Y Y Y Y
25 G             Y Y Y Y Y Y Y Y
10 G             Y Y Y Y Y Y Y Y
1 G             Y Y Y Y Y Y Y Y
Table 3: Interface Naming Conventions
PIC Transceiver Type Speeds Supported Interface Name
PIC 0/PIC 1 QSFP56-DD 100 Gbps or 400 Gbps et-1/0/0 or et-1/1/0
40Gbps to 4x10Gbps channelization is supported only on port 0 in port-profile D
QSFP28 100 Gbps et-1/0/1 to et-1/0/5

or

et-1/1/1 to et-1/1/5
SFP56 50 Gbps et-1/0/6 to et-1/0/13

or

et-1/1/6 to et-1/1/13
25Gbps in Port Profile Mode. et-1/0/6 to et-1/0/13

or

et-1/1/6 to et-1/1/13
10Gbps in Port Profile Mode. xe-1/0/6 to xe-1/0/13

or

xe-1/1/6 to xe-1/1/13
1Gbps in Port Profile Mode. ge-1/0/6 to ge-1/0/13

or

ge-1/1/6 to ge-1/1/13

Configuration of PIC Mode

The PIC mode allows ports to be configured with default speeds. The PIC mode allows the following five port speed combinations:

  • A:1x400G-1x100G-4x50G

  • B:1x400G-2x100G-2x50G

  • C:6x100G-2x50G

  • D:3x100G-8x50G

  • E:4x100G-6x50G

When the SRX4700 system does not have any PIC mode configuration, the system creates ports and port speeds based on the PIC mode configuration C (6x100G–2x50G).

Use the following command to configure the PIC mode:

set chassis fpc <fpc-slot> pic <pic-slot > pic-mode <possible-mode>

Example:

Reboot the device using the request vmhost reboot command as soon as you configure, delete, or change PIC mode on a PIC.

Configuration of Port Profile Mode

Port profile mode allows you to activate a set of ports based on predefined profiles (A to E). Each profile includes default port speeds. Port profile allows ports to be configured with all the supported speeds other than the default speed. You can adjust the speed of individual ports after activation, enhancing the flexibility compared with the PIC mode.

The following are the pre-defined port profiles:

  • A: 1x400G (QSFP56-DD), 1x100G (QSFP28), 4x50G (SFP56)
  • B: 1x400G (QSFP56-DD), 2x100G (QSFP28), 2x50G (SFP56)
  • C: 6x100G (QSFP28), 2x50G (SFP56)
  • D: 3x100G (QSFP28), 8x50G (SFP56)
  • E: 4x100G (QSFP28), 6x50G (SFP56)
Table 4: Configurable PIC Port Speeds Based on Port Profiles
Port Number Profile A Profile B Profile C Profile D Profile E
Default Speed Configurable Speed Configurable Speed Configurable Speed Configurable Speed Configurable Speed
0 (400 G) (400 G/100 G/40 G) (400 G/100 G/40 G) (100 G) (100G /40G / 4X10G) (100G)
1 (100 G)     (100G) (100G) (100G)
2 (100 G) (100G) (100G) (100G) (100G) (100G)
3 (100 G)     (100G)   (100G)
4 (100 G)   (100G) (100G)    
5 (100 G)     (100G)    
6 (50 G) (50 G/25 G/10 G/1 G) (50 G/25 G/10 G/1G)   (50 G/25 G/10 G/1 G)  
7 (50 G) (50 G/25 G/10 G/1 G)     (50 G/25 G/10 G/1 G) (50 G/25 G/10 G/1 G)
8 (50 G) (50 G/25 G/10 G/1 G) (50 G/25 G/10 G/1 G)   (50 G/25 G/10 G/1 G)  
9 (50 G) (50 G/25 G/10 G/1 G)     (50 G/25 G/10 G/1 G) (50 G/25 G/10 G/1 G)
10 (50 G)     (50 G/25 G/10 G/1 G) (50 G/25 G/10 G/1 G) (50 G/25 G/10 G/1 G)
11 (50 G)       (50 G/25 G/10 G/1 G) (50 G/25 G/10 G/1 G)
12 (50 G)     (50 G/25 G/10 G/1 G) (50 G/25 G/10 G/1 G) (50 GbE/25 GbE/10 GbE/1 G)
13 (50 G)       (50 GbE/25 GbE/10 GbE/1 G) (50 GbE/25 GbE/10 GbE/1 G)
Example

  • Configure the port profile from A to E:

    set chassis fpc < fpc-slot > pic < pic-slot > port-profile < A-E profile >user@host# set chassis fpc 1 pic 0 port-profile A-1X400G-1X100G-4X50G

  • Configure port profile and specific port speed:

    set chassis fpc < fpc-slot > pic < pic-slot > port-profile < A-E profile > port-num <port-number> speed <port-speed>

    Note:

    Paired ports (6,8) and (7,9) must be configured to the same speed.

    user@host# set chassis fpc 1 pic 0 port-profile A-1X400G-1X100G-4X50G port-num 6 speed 10g

    user@host# set chassis fpc 1 pic 0 port-profile A-1X400G-1X100G-4X50G port-num 8 speed 10g

  • Delete speed of port:

    delete chassis fpc < fpc-slot > pic < pic-slot > port-profile < A-E profile > port-num <port-number>

  • Delete port profile and configured port speed:

    delete chassis fpc < fpc-slot > pic < pic-slot > port-profile < A-E profile >

  • To show the current port profile:

    show chassis pic port-profile fpc-slot <1> pic-slot < 0/1 >

Follow the guidelines below while configuring the port profile mode on a PIC:

  • Restart chassis-control using the operational mode command restart chassis-control as soon as you configure, delete, or switch to the port profile or PIC mode on a PIC.

  • You can configure only one port profile on a PIC at a time.

  • You need not reboot or restart chassis-control when a port speed is configured, switched, or deleted within a port profile.

  • PIC and port profile modes are mutually exclusive. You cannot configure both PIC mode and port profile mode on a PIC simultaneously.

4x10G Channelization on SRX4700 Firewall

SRX4700 Firewall supports channelization on port 0 in port-profile configuration D. Channelization support is with a fixed configuration of 1–4 subport range.

Note the following about port channelization on port 0 of 1x400G/4x100G/8x50G PIC:

  • 4x10G port channelization is supported only on port 0 in port-profile D.

  • Port channelization is supported with a fixed configuration of range 1–4 subports.

  • Perform a single commit for:

    • Configuration or deletion of port 0 to 4x10G, 3x10G, 2x10G, or 1x10G.

    • Configuration or deletion of port unused port on port 1.

Use the following command to configure channelization:

  • To configure the port-profile and specific port speed and number of subports:

    set chassis fpc < fpc-slot > pic < pic-slot > port-profile < D profile > port-num <port-number> speed <port-speed> number-of-subports < number-of-sub-ports>

  • To configure the port-profile and port unused:

    set chassis fpc < fpc-slot > pic < pic-slot > port-profile < D profile > port <port-number> unused

  • To delete the port-profile and its configured port speed:

    delete chassis fpc < fpc-slot > pic < pic-slot > port-profile < D profile > port <port-number>

Example:

  • Port profile configuration

    Paired ports (6,8), (7,9), (10,12), (11,13) must be configured to the same speed.

  • 4x10G port channelization

  • Configuration deletion