JUNIPER SRX340-SYS-JE FIREWALL
$2,398
$5,200
Properties
| Properties | Juniper SRX340-SYS-JE Firewall |
| Description | SRX340 Services Gateway includes hardware (16GbE, 4x MPIM slots, 4G RAM, 8G Flash, power supply, cable and RMK) and Junos Software Enhanced (firewall, NAT, IPSec, routing, MPLS, switching and application security) |
| Product Family | SRX300 LINE OF FIREWALLS |
| Product Type | Firewall |
| SRX300 Highlights | The SRX300 line of firewalls consists of secure SD-WAN routers that bring high performance and proven deployment capabilities to enterprises that need to build a worldwide network of thousands of remote sites. WAN or Internet connectivity and Wi Fi module options include: • Ethernet, T1/E1, ADSL2/2+, and VDSL • 3G/4G LTE wireless • 802.11ac Wave 2 Wi-Fi |
| SRX340 | Securely connecting midsize distributed enterprise branch offices, the SRX340 firewall consolidates security, routing, switching, and WAN connectivity in a 1 U form factor. The SRX340 supports up to 4.7 Gbps firewall and 733 Mbps IPsec VPN in a single, cost-effective networking and security platform. |
| Up to 20 Gbps of routing and firewall performance |
• Best suited for small, medium and large branch office deployments • Addresses future needs for scale and feature capacity |
| Stateful high availability (HA), IP monitoring |
• Uses stateful HA to synchronize configuration and firewall sessions • Supports multiple WAN interfaces with dial-on-demand backup • Route/link failover based on real-time link performance |
| Better end-user application and cloud experience and lower operational costs |
• ZTP simplifies remote device provisioning • Advanced Policy-Based Routing (APBR) orchestrates business intent policies across the enterprise WAN • Application quality of experience (AppQoE) measures application SLAs and improves the end-user experience • Controls and prioritizes traffic based on application and user role |
| WAN assurance | • Complements the Juniper Secure SD-WAN solution with AI-powered automation and service levels • Provides visibility and insights into users, applications, WAN links, control, data plane, and CPU for proactive remediation |
| IPsec VPN, Remote Access/SSL VPN, Media Access Control Security (MACsec) |
• Creates secure, reliable, and fast overlay links over public internet • Employs anti-counterfeit features to protect from unauthorized hardware spares • Includes high-performance CPU with built-in hardware to assist IPsec acceleration • Provides TPM-based protection of device secrets such as passwords and certificates • Offers secure and flexible remote access SSL VPN with Juniper Secure Connect |
| IPS, antivirus, anti-spam, enhanced web filtering, Juniper Advanced Threat Prevention Cloud, Encrypted Traffic Insights, and Threat Intelligence Feeds |
• Provides real-time updates to IPS signatures and protects against exploits • Protects from zero-day attacks • Implements industry-leading antivirus and URL filtering • Integrates open threat intelligence platform with third-party feeds • Restores visibility that was lost due to encryption without the heavy burden of full TLS/SSL decryption |
| On-box GUI, Security Director | • Application updates are provided continually provided by Juniper Threat Labs • Inspects and detects applications inside the SSL-encrypted traffic |
| On-box GUI, Security Director | • Includes centralized management for auto-provisioning, firewall policy management, Network Address Translation (NAT), and IPsec VPN deployments, or simple, easy-to-use on-box GUI for local management |
| Junos OS | • Integrates routing, switching, and security in a single device • Reduces operation expense with Junos automation capabilities |
Specifications
| Specifications | Juniper SRX340-SYS-JE Firewall |
| Software Specifications | |
| Routing Protocols | • IPv4, IPv6, ISO, Connectionless Network Service (CLNS) • Static routes • RIP v1/v2 • OSPF/OSPF v3 • BGP with Route Reflector • IS-IS • Multicast: Internet Group Management Protocol (IGMP) v1/v2, Protocol Independent Multicast (PIM) sparse mode (SM)/dense mode (DM)/source-specific multicast (SSM), Session Description Protocol (SDP), Distance Vector Multicast Routing Protocol (DVMRP), Multicast Source Discovery Protocol (MSDP), Reverse Path Forwarding (RPF) • Encapsulation: VLAN, Point-to-Point Protocol (PPP), Frame Relay, High-Level Data Link Control (HDLC), serial, Multilink Point-to-Point Protocol (MLPPP), Multilink Frame Relay (MLFR), and Point-to-Point Protocol over Ethernet (PPPoE) • Virtual routers • Policy-based routing, source-based routing • Equal-cost multipath (ECMP) |
| QoS Features | • Support for 802.1p, DiffServ code point (DSCP), EXP • Classification based on VLAN, data-link connection identifier (DLCI), interface, bundles, or multifield filters • Marking, policing, and shaping • Classification and scheduling • Weighted random early detection (WRED) • Guaranteed and maximum bandwidth • Ingress traffic policing • Virtual channels • Hierarchical shaping and policing |
| Switching Features | • ASIC-based Layer 2 Forwarding • MAC address learning • VLAN addressing and integrated routing and bridging (IRB) support • Link aggregation and LACP • LLDP and LLDP-MED • STP, RSTP, MSTP • MVRP • 802.1X authentication |
| Firewall Services | • Stateful and stateless firewall • Zone-based firewall • Screens and distributed denial of service (DDoS) protection • Protection from protocol and traffic anomaly • Integration with Pulse Unified Access Control (UAC) • Integration with Aruba Clear Pass Policy Manager • User role-based firewall • SSL Inspection (Forward-proxy) |
| Network Address Translation (NAT) | • Source NAT with Port Address Translation (PAT) • Bidirectional 1:1 static NAT • Destination NAT with PAT • Persistent NAT • IPv6 address translation |
| VPN Features | • Tunnels: Site-to-Site, Hub and Spoke, Dynamic Endpoint, AutoVPN, ADVPN, Group VPN (IPv4/ IPv6/ Dual Stack) • Juniper Secure Connect: Remote access / SSL VPN • Configuration payload: Yes • IKE Encryption algorithms: Prime, DES-CBC, 3DES-CBC, AECCBC, AES-GCM, SuiteB • IKE authentication algorithms: MD5, SHA-1, SHA-128, SHA-256, SHA-384 • Authentication: Pre-shared key and public key infrastructure (PKI) (X.509) • IPsec (Internet Protocol Security): Authentication Header (AH) / Encapsulating Security Payload (ESP) protocol • IPsec Authentication Algorithms: hmac-md5, hmac-sha-196, hmac-sha-256 • IPsec Encryption Algorithms: Prime, DES-CBC, 3DES-CBC, AEC-CBC, AES-GCM, SuiteB • Perfect forward secrecy, anti-reply • Internet Key Exchange: IKEv1, IKEv2 • Monitoring: Standard-based dead peer detection (DPD) support, VPN monitoring • VPNs GRE, IP-in-IP, and MPLS • Application and bandwidth usage reporting • Auto installation • Debug and troubleshooting tools • Zero-Touch Provisioning with Contrail Service Orchestration |
| Network Services | • Dynamic Host Configuration Protocol (DHCP) client/server/ relay • Domain Name System (DNS) proxy, dynamic DNS (DDNS) • Juniper real-time performance monitoring (RPM) and IPmonitoring • Juniper flow monitoring (J-Flow)1 • Bidirectional Forwarding Detection (BFD) • Two-Way Active Measurement Protocol (TWAMP) • IEEE 802.3ah Link Fault Management (LFM) • IEEE 802.1ag Connectivity Fault Management (CFM) |
| High Availability Features | • Virtual Router Redundancy Protocol (VRRP) • Stateful high availability • Dual box clustering • Active/passive • Active/active • Configuration synchronization • Firewall session synchronization • Device/link detection • In-Band Cluster Upgrade (ICU) • Dial on-demand backup interfaces • IP monitoring with route and interface failover |
| Management, Automation, Logging, and Reporting | • SSH, Telnet, SNMP • Smart image download • Juniper CLI and Web UI • Mist AI - Simplified management - WAN Assurance • Security Director • Security Director Cloud • Juniper Secure Edge • Python • Junos OS event, commit, and OP script |
| Advanced Routing Services | • Packet mode • MPLS (RSVP, LDP) • Circuit cross-connect (CCC), translational cross-connect (TCC) • L2/L3 MPLS VPN, pseudowires • Virtual private LAN service (VPLS), next-generation multicast VPN (NG-MVPN) • MPLS traffic engineering and MPLS fast reroute |
| Application Security Services (Offered as advanced security services subscription licenses. ) | • Application visibility and control • Application-based advanced policy-based routing • Application-based advanced policy-based routing (APBR) • Application-based link monitoring and switchover with Application quality of experience (AppQoE) |
| Threat Defense and Intelligence Services | • Intrusion prevention • Antivirus • Antispam • Category/reputation-based URL filtering • Protection from botnets (command and control) • Adaptive enforcement based on GeoIP • Juniper Advanced Threat Prevention to detect and block zeroday attacks • Adaptive Threat Profiling • Encrypted Traffic Insights • SecIntel to provide threat intelligence |
| WAN and Wi-Fi Interface | |
| 1 port T1/E1 MPIM (SRX-MP-1T1E1-R) | YES |
| 1 port VDSL2 Annex A/M MPIM (SRX-MP-1VDSL2-R) | YES |
| 4G / LTE MPIM (SRX-MP-LTE-AA and SRX-MP-LTE-AE) | YES |
| 802.11ac Wave 2 Wi-Fi MPIM | YES |
| Hardware Specifications | |
| Connectivity | |
| Total onboard ports | 16x1GbE |
| Onboard RJ-45 ports | 8x1GbE |
| Onboard small form-factor pluggable (SFP) transceiver ports | 8x1GbE |
| MACsec-capable ports | 16x1GbE |
| Out-of-band (OOB) management ports | 1x1GbE |
| Mini PIM (WAN) slots | 4 |
| Console (RJ-45 + miniUSB) | 1 |
| USB 3.0 ports (type A) | 1 |
| PoE+ ports | 0 |
| Memory and Storage | |
| System memory (RAM) | 4 GB |
| Storage | 8 GB |
| SSD slots | 1 |
| Dimensions and Power | |
| Form factor | 1U |
| Size (WxHxD) | 17.36 x 1.72 x 14.57 in. (44.09 x 4.36 x 37.01 cm) |
| Weight (device and PSU) | 10.80 lb (4.90 kg) |
| Redundant PSU | No |
| Power supply | AC (internal) |
| Rated DC voltage range | N/A |
| Rated DC operating voltage range | N/A |
| Maximum PoE power | N/A |
| Average power consumption | 122 W |
| Average heat dissipation | 420 BTU/h |
| Maximum current consumption | 1.496 A |
| Acoustic noise level | 45.5 dBA |
| Airflow/cooling | Front to back |
| Environmental, Compliance, and Safety Certification | |
| Operational temperature | 32° to 104° F (0° to 40° C) |
| Nonoperational temperature | (-4° to 158° F (-20° to 70° C) |
| Operating humidity | 10% to 90% noncondensing |
| Nonoperating humidity | 5% to 95% non-condensing |
| Meantime between failures (MTBF) | 27 years |
| FCC classification | Class A |
| RoHS compliance | RoHS 2 |
| FIPS 140-2 | Level 2 (Junos 19.2R1) |
| Common Criteria certification | NDPP, VPNEP, FWEP, IPSEP (based on Junos 19.2R1) |
| Performance and Scale | |
| Parameter | |
| Routing with packet mode (64 B packet size) in Mbps | 550 |
| Routing with packet mode (IMIX packet size) in Mbps | 1,600 |
| Routing with packet mode (1,518 B packet size in Mbps | 3,000 |
| Stateful firewall (64 B packet size) in Kpps | 350 |
| Stateful firewall (IMIX packet size) in Mbps | 1,100 |
| Stateful firewall (1,518 B packet size) in Mbps | 4,700 |
| IPsec VPN (IMIX packet size) in Mbps | 239 |
| IPsec VPN (1,400 B packet size) in Mbps | 733 |
| Application visibility and control in Mbps | 1,000 |
| Recommended IPS in Mbps | 400 |
| Next-generation firewall in Mbps | 420 |
| Secure Web Access firewall in Mbps | 280 |
| Route table size (RIB/FIB) (IPv4 or IPv6) | 1 million/600,000 (Route scaling numbers are with enhanced route-scale features turned on.) |
| Maximum concurrent sessions (IPv4 or IPv6) | 256,000 |
| Maximum security policies | 2,000 |
| Connections per second | 10,000 |
| NAT rules | 2,000 |
| MAC table size | 15,000 |
| IPsec VPN tunnels | 1,024 |
| Number of remote access/SSL VPN (concurrent) users | 150 |
| GRE tunnels | 512 |
| Maximum number of security zones | 64 |
| Maximum number of virtual routers | 64 |
| Maximum number of VLANs | 2,000 |
| AppID sessions | 64,000 |
| IPS sessions | 64,000 |
| URLF sessions | 64,000 |