SRX1500 Services Gateway

Next-Generation Firewall for the Distributed Enterprise

Download Datasheet

Product Overview

The SRX1500 Services Gateway is a next-generation firewall and security services gateway offering outstanding protection, performance, scalability, availability, and security service integration. Designed for port density, a high-performance security services architecture, and seamless integration of networking and security in a single platform, the SRX1500 is best suited for client protection in enterprise campus, regional headquarters, or cloud-based security solutions with a focus on application visibility and control, intrusion prevention, and advanced threat protection. The SRX1500 is powered by Junos OS, the industry-leading operating system that keeps the world’s largest and most mission-critical enterprise networks secure.

Product Description

The Juniper Networks® SRX1500 Services Gateway is a high-performance next-generation firewall and security services gateway that protects mission-critical networks at campuses and regional headquarters. The SRX1500 provides best-in-class security and threat detection and mitigation capabilities, integrating carrier-class routing and feature-rich switching in a single platform.

The SRX1500 delivers a next-generation security solution that supports the changing needs of cloud-enabled enterprise networks. Whether rolling out new services in an enterprise campus, connecting to the cloud, complying with industry standards, or achieving operational efficiency, the SRX1500 helps organizations realize their business objectives while providing scalable, easy-to-manage, secure connectivity and advanced threat detection and mitigation capabilities. The SRX1500 protects critical corporate assets as a next-generation firewall, acts as an enforcement point for cloud-based security solutions, and provides application visibility and control to improve the user and application experience.

A combination of hardware and software architectures on the SRX1500 add significant performance improvements to a small 1 U form factor. The key to the SRX1500 hardware is the security flow accelerator, a programmable high-speed Layer 4 firewall chip, and a robust x86-based security compute engine for advanced security services like application visibility, intrusion prevention, and threat mitigation capabilities. The SRX1500 software architecture leverages these programmable hardware components and virtualization to deliver high-speed firewall performance, application visibility, and intrusion prevention while lowering total cost of ownership (TCO).

The SRX1500 is purpose-built to protect 10GbE network environments, consolidating multiple security services and networking functions in a highly available appliance. It supports up to 9 Gbps of firewall performance, 4 Gbps of intrusion prevention, and 1.3 Gbps of IPsec VPN in enterprise campus, regional headquarters, and data center deployments.

SRX1500 Highlights

The SRX1500 Services Gateway delivers a full complement of next-generation firewall capabilities that use advanced application identification and classification to enable greater visibility, enforcement, control, and protection over the network. It provides a detailed analysis of application volume and usage, fine-grained application control policies to allow or deny traffic based on dynamic application name or group names, and prioritization of traffic based on application information and context.

The SRX1500 recognizes more than 3,500 applications and nested applications in plain-text or SSL encrypted transactions. The SRX1500 also integrates with Microsoft Active Directory and combines user information with application data to provide network-wide application and user visibility and control.

For the perimeter, the SRX1500 Services Gateway offers a comprehensive suite of application security services, threat defenses, and intelligence services to protect networks from the latest content-borne threats. Integrated threat intelligence via Juniper Networks ATP Cloud offers adaptive threat protection against command and control (C&C)-related botnets and policy enforcement based on GeoIP. Integrating the Juniper Networks Advanced Threat Prevention Cloud solution, or working with the Juniper Networks ATP Appliance, the SRX1500 detects and enforces automated protection against known malware and zero-day threats with an extremely high degree of accuracy.

The SRX1500 enables agile SecOps through automation capabilities that support Zero Touch Deployment, Python scripts for orchestration, and event scripting for operational management.

The SRX1500 delivers fully automated SD-WAN to both enterprises and service providers. A Zero-Touch Provisioning (ZTP) capability simplifies branch network connectivity for initial deployment and ongoing management. Due to its high performance and scale, the SRX1500 acts as a VPN hub and terminates VPN/secure overlay connections in the various SD-WAN topologies.

The SRX1500 Services Gateway runs Juniper Networks Junos® operating system, a proven, carrier-hardened network OS that powers the top 100 service provider networks worldwide. These rigorously tested carrier-class routing features of IPv4/IPv6, OSPF, BGP, and multicast have been proven in over 15 years of worldwide deployments.

Features and Benefits

Business Requirement Feature/Solution SRX1500 Advantages
High performance Up to 9 Gbps of firewall performance
  • Best suited for enterprise campus and data center edge deployments
  • Addresses future needs for scale and feature capacity 
High quality end-user experience Application visibility and control
  • Detects 3,500+ Layer 3-7 applications, including Web 2.0
  • Controls and prioritizes traffic based on application and user role
  • Inspects and detects applications inside the SSL encrypted traffic
Threat protection IPS, antivirus, anti-spam, enhanced web filtering, Juniper Advanced Threat Prevention Cloud, Encrypted Traffic Insights, Threat Intelligence Feeds, and Juniper ATP Appliance
  • Provides real-time updates to IPS signatures and protects against exploits
  • Implements industry-leading antivirus and URL filtering
  • Delivers open threat intelligence platform that integrates with third-party feeds
  • Protects against zero-day attacks
  • Restores visibility lost due to encryption, without the heavy burden of full TLS/SSL decryption
Professional-grade networking services Routing, switching, and secure wire
  • Supports carrier-class advanced routing, quality of service (QoS), and services
  • Offers flexible deployment modes (L1/L2/L3)
Highly secure IPsec VPN, remote access/SSL VPN, secure boot
  • Provides high-performance IPsec VPN with dedicated crypto engine
  • Simplifies large VPN deployments with auto VPN and group VPN
  • Offers secure and flexible remote access SSL VPN with Juniper Secure Connect
  • Verifies binaries that execute on the hardware with secure boot
High reliability Chassis cluster, redundant power supply
  • Provides stateful configuration and session synchronization
  • Supports active/active and active/backup deployment scenarios
  • Offers highly available hardware with dual PSU, redundant fans
Easy to manage and scale On-box GUI, Security Director
  • Enables centralized management for auto-provisioning, firewall policy management, Network Address Translation (NAT), and IPsec VPN deployments
  • Includes simple easy-to-use on-box GUI for local management
Lower TCO Junos OS
  • Integrates routing, switching, and security in a single device
  • Reduces OpEx with Junos OS automation capabilities

SRX1500 Services Gateway Specifications

Software Specifications

Firewall Services

  • Stateful and stateless firewall
  • Zone-based firewall
  • Screens and distributed denial of service (DDoS) protection
  • Protection from protocol and traffic anomalies
  • Integration with Pulse Unified Access Control (UAC)
  • Integration with Aruba Clear Pass Policy Manager
  • User role-based firewall
  • SSL Inspection

Network Address Translation (NAT)

  • Source NAT with Port Address Translation (PAT)
  • Bidirectional 1:1 static NAT
  • Destination NAT with PAT
  • Persistent NAT
  • IPv6 address translation

VPN Features

  • Tunnels: Site-to-Site, Hub and Spoke, Dynamic Endpoint, AutoVPN, ADVPN, Group VPN (IPv4/IPv6/Dual Stack)
  • Juniper Secure Connect: Remote access/SSL VPN
  • Configuration payload: Yes
  • IKE Encryption algorithms: Prime, DES-CBC, 3DES-CBC, AEC-CBC, AES-GCM, SuiteB
  • IKE authentication algorithms: MD5, SHA-1, SHA-128, SHA-256, SHA-384
  • Authentication: Pre-shared key and public key infrastructure (PKI) (X.509)
  • IPsec (Internet Protocol Security): Authentication Header (AH)/Encapsulating Security Payload (ESP) protocol
  • IPsec Authentication Algorithms: hmac-md5, hmac-sha-196
  • IPsec Encryption Algorithms: Prime, DES-CBC, 3DES-CBC, AEC-CBC, AES-GCM, SuiteB
  • Perfect forward secrecy, anti-reply
  • Internet Key Exchange: IKEv1, IKEv2
  • Monitoring: Standard-based dead peer detection (DPD) support, VPN monitoring
  • VPNs GRE, IP-in-IP, and MPLS

High Availability Features

  • Virtual Router Redundancy Protocol (VRRP)
  • Stateful high availability
    • Dual box clustering
    • Active/passive
    • Active/active
    • Configuration synchronization
    • Firewall session synchronization
    • Device/link detection
    • In-Service Software Upgrade (ISSU)
  • IP monitoring with route and interface failover

Application Security Services1

  • Application visibility and control
  • Application-based firewall
  • Application QoS
  • Advanced/application policy-based routing (APBR)
  • Application Quality of Experience (AppQoE)
  • Application-based multipath routing

Threat Defense and Intelligence Services1

  • Intrusion prevention
  • Antivirus
  • Antispam
  • Category/reputation-based URL filtering
  • Protection from botnets (command and control)
  • Adaptive enforcement based on GeoIP
  • Juniper Advanced Threat Prevention, a cloud-based SaaS offering, to detect and block zero-day attacks
  • Juniper ATP Appliance, a distributed, on-premises advanced threat prevention solution to detect and block zero-day attacks
  • Adaptive Threat Profiling
  • Encrypted Traffic Insights
  • SecIntel to provide threat intelligence

1Offered as advanced security subscription license

Routing Protocols

  • IPv4, IPv6
  • Static routes
  • RIP v1/v2
  • OSPF/OSPF v3
  • BGP with Route Reflector
  • IS-IS
  • Multicast: Internet Group Management Protocol (IGMP) v1/v2; Protocol Independent Multicast (PIM) sparse mode (SM)/dense mode (DM)/source-specific multicast (SSM); Session Description Protocol (SDP); Distance Vector Multicast Routing Protocol (DVMRP); Multicast Source Discovery Protocol (MSDP); Reverse Path Forwarding (RPF)
  • Encapsulation: VLAN, Point-to-Point Protocol over Ethernet (PPPoE)
  • Virtual routers
  • Policy-based routing, source-based routing
  • Equal-cost multipath (ECMP)

QoS Features

  • Support for 802.1p, DiffServ code point (DSCP), EXP
  • Classification based on VLAN, data-link connection identifier (DLCI), interface, bundles, or multifield filters
  • Marking, policing, and shaping
  • Classification and scheduling
  • Weighted random early detection (WRED)
  • Guaranteed and maximum bandwidth
  • Ingress traffic policing
  • Virtual channels
  • Hierarchical shaping and policing

Switching Features

  • ASIC-based Layer 2 forwarding
  • MAC address learning
  • VLAN addressing and integrated routing and bridging (IRB) support
  • Link aggregation and LACP
  • LLDP and LLDP-MED
  • STP, RSTP, MSTP
  • MVRP
  • 802.1X authentication

Network Services

  • Dynamic Host Configuration Protocol (DHCP) client/server/relay
  • Domain Name System (DNS) proxy, dynamic DNS (DDNS)
  • Juniper real-time performance monitoring (RPM) and IP monitoring
  • Juniper flow monitoring (J-Flow)
  • Bidirectional Forwarding Detection (BFD)
  • Two-Way Active Measurement Protocol (TWAMP)
  • IEEE 802.3ah Link Fault Management (LFM)
  • IEEE 802.1ag Connectivity Fault Management (CFM)

Advanced Routing Services

  • Packet mode
  • MPLS (RSVP, LDP)
  • Circuit cross-connect (CCC), translational cross-connect (TCC)
  • L2/L2 MPLS VPN, pseudo-wires
  • Virtual private LAN service (VPLS), next-generation multicast VPN (NG-MVPN)
  • MPLS traffic engineering and MPLS fast reroute

Management, Automation, Logging, and Reporting

  • SSH, Telnet, SNMP
  • Smart image download
  • Juniper CLI and Web UI
  • Juniper Networks Junos Space and Security Director
  • Python
  • Junos OS event, commit and OP scripts
  • Application and bandwidth usage reporting
  • Auto installation
  • Debug and troubleshooting tools

Hardware Specifications

 
2Performance numbers based on UDP packets and RFC2544 test methodology.
3Performance numbers based on HTTP traffic with 44 KB transaction size.
Specification SRX1500
Connectivity
Total onboard ports 16x1GbE and 4x10GbE
Onboard RJ-45 ports 12x1GbE
Onboard small form-factor pluggable (SFP) transceiver ports 4x1GbE
Onboard SFP+ ports 4x10GbE
Out-of-Band (OOB) management ports 1x1GbE
Dedicated high availability (HA) ports 1x1GbE (SFP)
PIM slots 2
Console (RJ-45 + miniUSB) 1
USB 2.0 ports (type A) 1
Memory and Storage
System memory (RAM) 16 GB
Primary boot storage (mSATA) 16 GB
Secondary storage (SSD) 100 GB
Dimensions and Power
Form factor 1 U
Size (WxHxD) 17.5 x 1.75 x 18.2 in (44.45 x 4.44 x 46.22 cm)
Weight (device and PSU) 16.1 lb (7.30 kg)
Redundant PSU 1+1
Power supply AC/DC (external)
Average power consumption 150 W
Average heat dissipation 512 BTU / hour
Maximum current consumption 2.5A (for AC PSU);
6.2A (for DC PSU)
Maximum inrush current 50A by 1 AC cycle
Acoustic noise level 66.5dBA
Airflow/cooling Front to back
Operating temperature 32° to 104° F (0° to 40° C)
Nonoperating temperature 4° to 158° F (-20° to 70° C)
Operating humidity 10% to 90% noncondensing
Nonoperating humidity 5% to 95% noncondensing
Meantime between failures (MTBF) 9.78 years (85,787 hours)
FCC classification Class A
RoHS compliance RoHS 2
FIPS 140-2 Level 2 (Junos 19.2)
Performance and Scale
Routing/firewall (IMIX packet size) Gbps2 5
Routing/firewall (1,518 B packet size) Gbps2 9
IPsec VPN (IMIX packet size) Gbps2 1.3
IPsec VPN (1400 B packet size) in Gbps2 4.5
Application visibility and control in Gbps3 7
Recommended IPS in Gbps3 4
Next-generation firewall in Gbps3 1.7
Route table size (RIB/FIB) (IPv4) 2 million / 1 million
Maximum concurrent sessions (IPv4 or IPv6) 2,000,000
Maximum security policies 16,000
Connections per second 90,000
NAT rules 8,000
Media access control (MAC) table size 64,000 (standalone mode)
IPsec VPN tunnels 2,000
Number of remote access/SSL VPN (concurrent) users 2,000
GRE tunnels 2,048
Maximum security zones 512
Maximum virtual router 512
Maximum VLANs 3,900

Juniper Networks Services and Support

Juniper Networks is the leader in performance-enabling services designed to accelerate, extend, and optimize your high-performance network. Our services allow you to maximize operational efficiency while reducing costs and minimizing risk, achieving a faster time to value for your network. Juniper Networks ensures operational excellence by optimizing the network to maintain required levels of performance, reliability, and availability. For more details, please visit www.juniper.net/us/en/products-services.

Ordering Information

To order Juniper Networks SRX Series Services Gateways, and to access software licensing information, please visit the How to Buy page at https://www.juniper.net/us/en/how-to-buy/

4Based on concurrent users; two free licenses included.
  SRX1500- SYS-JB
Hardware Included
Management (CLI, JWEB, SNMP, Telnet, SSH) Included
Ethernet switching (L2 Forwarding, IRB, LACP) Included
L2 Transparent, Secure Wire Included
Routing (RIP, OSPF, BGP, Virtual router) Included
Multicast (IGMP, PIM, SSDP, DMVRP) Included
Packet Mode Included
Overlay (GRE, IP-IP) Included
Network Services (J-Flow, DHCP, QoS, BFD) Included
Stateful Firewall, Screens, ALGs Included
NAT (static, SNAT, DNAT) Included
IPSec VPN (Site-Site VPN, Auto VPN, Group VPN) Included
Remote access/SSL VPN (concurrent users) Optional4
Firewall policy enforcement (UAC, Aruba CPPM) Included
Chassis Cluster, VRRP, ISSU Included
Automation (Junos scripting, auto-installation) Included
MPLS, LDP, RSVP, L3 VPN, pseudo-wires, VPLS Included
Application Security (AppID, AppFW, AppQoS, AppQoE, AppRoute)  Optional

Base System Model Numbers

Product Number Description
SRX1500-SYS-JB-AC SRX1500 Services Gateway includes hardware (16GbE, 4x10GbE, 16G RAM, 16G Flash, 100G SSD, AC PSU, cable and RMK) and Junos Software Base (firewall, NAT, IPSec, routing, MPLS and switching)
SRX1500-SYS-JB-DC SRX1500 Services Gateway includes hardware (16GbE, 4x10GbE, 16G RAM, 16G Flash, 100G SSD, DC PSU, cable and RMK) and Junos Software Base (firewall, NAT, IPSec, routing, MPLS and switching)

Accessories

Product Number Description
JPSU-400W-AC Juniper Power Supply Unit, 400W AC, Slim 1RU Form Factor
JPSU-650W-DC-AFO Juniper 650W DC Power Supply (Port Side to FRU Side Air Flow)
SRX1500-RMK SRX1500 rack mount kit – rail

Advanced Security Services Subscription Licenses

Product Number Description
S-SRX1500-A1-1 SW, A1, IPS, AppSecure, content security, 1 year
S-SRX1500-A2-1 SW, A2, IPS, AppSecure, URL filtering, cloud anti-virus/anti-spam, content security, 1 year
S-SRX1500-A3-1 SW, A3, IPS, AppSecure, URL filtering, on box anti-virus, content security, 1 year
S-SRX1500-A1-3 SW, A1, IPS, AppSecure, content security, 3 year
S-SRX1500-A2-3 SW, A2, IPS, AppSecure, URL filtering, cloud anti-virus/anti-spam, content security, 3 year
S-SRX1500-A3-3 SW, A3, IPS, AppSecure, URL filtering, on box anti-virus, content security, 3 year
S-SRX1500-A1-5 SW, A1, IPS, AppSecure, content security, 5 year
S-SRX1500-A2-5 SW, A2, IPS, AppSecure, URL filtering, cloud anti-virus/anti-spam, content security, 5 year
S-SRX1500-A3-5 SW, A3, IPS, AppSecure, URL filtering, on box anti-virus, content security, 5 year
S-SRX1500-P1-1 SW, P1, IPS, AppSecure, ATP, content security, 1 year
S-SRX1500-P2-1 SW, P2, IPS, AppSecure, URL filtering, cloud anti-virus/anti-spam, ATP, content security, 1 year
S-SRX1500-P3-1 SW, P3, IPS, AppSecure, URL filtering, on box anti-virus, ATP, content security, 1 year
S-SRX1500-P1-3 SW, P1, IPS, AppSecure, ATP, content security, 3 year
S-SRX1500-P2-3 SW, P2, IPS, AppSecure, URL filtering, cloud anti-virus/anti-spam, ATP, content security, 3 year
S-SRX1500-P3-3 SW, P3, IPS, AppSecure, URL filtering, on box anti-virus, ATP, content security, 3 year
S-SRX1500-P1-5 SW, P1, IPS, AppSecure, ATP, content security, 5 year
S-SRX1500-P2-5 SW, P2, IPS, AppSecure, URL filtering, cloud anti-virus/anti-spam, ATP, content security, 5 year
S-SRX1500-P3-5 SW, P3, IPS, AppSecure, URL filtering, on box anti-virus, ATP, content security, 5 year

Remote Access / Juniper Secure Connect VPN Licenses

Product Number Description
S-RA3-5CCU-S-1 SW, Remote Access VPN - Juniper, 5 Concurrent Users, Standard, with SW support, 1 Year
S-RA3-25CCU-S-1 SW, Remote Access VPN - Juniper, 25 Concurrent Users, Standard, with SW support, 1 Year
 S-RA3-50CCU-S-1 SW, Remote Access VPN - Juniper, 50 Concurrent Users, Standard, with SW support, 1 Year
 S-RA3-100CCU-S-1 SW, Remote Access VPN - Juniper, 100 Concurrent Users, Standard, with SW support, 1 Year
S-RA3-250CCU-S-1 SW, Remote Access VPN - Juniper, 250 Concurrent Users, Standard, with SW support, 1 Year
S-RA3-500CCU-S-1 SW, Remote Access VPN - Juniper, 5 Concurrent Users, Standard, with SW support, 3 Year
S-RA3-1KCCU-S-1 SW, Remote Access VPN - Juniper, 1000 Concurrent Users, Standard, with SW support, 1 Year
S-RA3-5CCU-S-3 SW, Remote Access VPN - Juniper, 5 Concurrent Users, Standard, with SW support, 3 Year
S-RA3-25CCU-S-3 SW, Remote Access VPN - Juniper, 25 Concurrent Users, Standard, with SW support, 3 Year
S-RA3-50CCU-S-3 SW, Remote Access VPN - Juniper, 50 Concurrent Users, Standard, with SW support, 3 Year
S-RA3-100CCU-S-3 SW, Remote Access VPN - Juniper, 100 Concurrent Users, Standard, with SW support, 3 Year
S-RA3-250CCU-S-3 SW, Remote Access VPN - Juniper, 250 Concurrent Users, Standard, with SW support, 3 Year
S-RA3-500CCU-S-3 SW, Remote Access VPN - Juniper, 500 Concurrent Users, Standard, with SW support, 3 Year

About Juniper Networks

Juniper Networks brings simplicity to networking with products, solutions and services that connect the world. Through engineering innovation, we remove the constraints and complexities of networking in the cloud era to solve the toughest challenges our customers and partners face daily. At Juniper Networks, we believe that the network is a resource for sharing knowledge and human advancement that changes the world. We are committed to imagining groundbreaking ways to deliver automated, scalable and secure networks to move at the speed of business.