JUNIPER NFX350-S3-DC FIREWALL
$45,360
$64,800
Description
Juniper NFX350 is our most powerful universal CPE platform. Ideal for your large branch deployments, it delivers secure SD-WAN and tremendous x86 horsepower, with ample storage and memory that supports adjacent virtual network functions (VNFs) and other branch-local applications
Properties
Properties | Juniper NFX350-S3-DC |
Description | NFX350-S3, 16-core Skylake Xeon-D, QAT, 128GB RAM, 50GB SSD, 2xM2 slots, Dual DC PS capable, single 450W AC PSU, LTE module (2nd PS and LTE module are optional accessories). Includes Junos standard security software license for Layer 2 and Layer 3 services, Network Address Translation (NAT), IP Security (IPsec), and stateful firewall |
Product Family | NFX350 Series |
Product Type | Security Firewall |
Interface Specifications | |
Integrated network interfaces | 8 x 10/100/1000BASE-T RJ-45 LAN or WAN ports 8 x 1GbE/10GbE SFP+ LAN or WAN ports 1 x 10/100/1000BASE-T RJ-45 management port |
Network interface module | Not Available |
ADSL2/VDSL2 Interface | ADSL2/ADSL2+/VDSL SFP |
Out-of-band interfaces | RJ-45 console port Mini USB console port 2 x USB 3.0 port |
Footprint | Rack mount |
Rack units (U) | 1 U |
Dimensions (WxHxD) | 1.72 x 17.32 x 20.86 in (4.37 x 44.0 x 53.0 cm) |
Weight | 18.6 lb (8.45 kg) |
Power supply | 650W hot-swappable DC-DC |
Airflow/cooling | Front-to-back (AFO) forced cooling |
Acoustic noise level | 61 dBA |
Specifications
Specifications | NFX350-S3-DC |
CPU | Intel 16 Core SKYLAKE |
Memory | 128 GB DDR4 |
Storage | 100 GB SSD |
Software | Wind River Linux 8 |
Managed Secure Router | 30 Gbps |
Managed Security | 30 Gbps |
IPSec | 7.5 Gbps |
Maximum number of VNFs | 12 |
Wireless/LTE Module option | LTE Module |
LTE antenna support | LTE Module |
LTE chipset | Sierra Wireless Modem MC7430 MC7455 |
LTE bands/regions supported | LTE modem with support for 1-5, 7-8, 12-13, 30, 25-26, 29-30, 41 LTE bands (for North America and Europe) |
Software Specifications | |
Packet Switching Capacities | Packet Forwarding Engine (PFE) capacity: 64 Gbps VNF capacity: 20 Gbps full-duplex path to CPU for VNF traffic Throughput via VNFs will vary depending on network function and acceleration technologies supported |
Layer 2 Switching | Maximum media access control (MAC) addresses in hardware: up to 16,000‡ Jumbo frames: 9216 bytes‡ Number of VLANs: up to 1024 (VLAN IDs: 4096)‡ Port-based VLAN MAC-based VLAN Voice VLAN Private VLAN (PVLAN) Number of MST instances supported: 64 Compatible with Per-VLAN Spanning Tree Plus (PVST+) Routed VLAN interface (RVI)‡ Link Layer Discovery Protocol–Media Endpoint Discovery (LLDP-MED) with VoIP integration |
Routing Protocols | IPv4, IPv6, ISO, Connectionless Network Service (CLNS) Static routes RIP v1/v2 OSPF/OSPF v3 BGP with Route Reflector Multicast: Internet Group Management Protocol (IGMP) v1/v2, Protocol Independent Multicast (PIM) sparse mode (SM)/dense mode (DM)/source-specific multicast (SSM), Session Description Protocol (SDP), Distance Vector Multicast Routing Protocol (DVMRP), Multicast Source Discovery Protocol (MSDP), Reverse Path Forwarding (RPF) Encapsulation: VLAN, Point-to-Point Protocol (PPP), Frame Relay, High-Level Data Link Control (HDLC), serial, Multilink Point-to-Point Protocol (MLPPP), Multilink Frame Relay (MLFR), and Point-to-Point Protocol over Ethernet (PPPoE) Virtual routers Policy-based routing, source-based routing Equal-Cost Multipath (ECMP) |
Threat Defense and Intelligence Services | Intrusion prevention Antivirus Antispam Category/reputation-based URL filtering SecIntel to provide threat intelligence Protection from botnets (command and control) Adaptive enforcement based on GeoIP Juniper Cloud Advanced Threat Prevention to detect and block zeroday malware attacks |
High Availability | VRRP Backup link via 3G/4G LTE wireless or other WAN (NFX150) Stateful failover and dual CPE clustering‡ Active/active—L3 mode Active/passive—L3 mode Configuration synchronization Session synchronization firewall and VPN Session failover for routing change Device failure detection, link failure detection IP monitoring with route and interface failover |
VPN Features | Tunnels: Generic routing encapsulation (GRE)3, IP-IP3, IPsec Site-site IPsec VPN IPsec crypto algorithms: Data Encryption Standard (DES), triple DES (3DES), Advanced Encryption Standard (AES-256), AES-GCM IPsec authentication algorithms: MD5, SHA-1, SHA-128, SHA-256 Perfect forward secrecy, anti-reply IPv4 and IPv6 IPsec VPN Multiproxy ID for site-site VPN Internet Key Exchange (IKEv1, IKEv2), NAT-T Virtual router and quality-of-service (QoS) aware Standard-based dead peer detection (DPD) support VPN monitoring |
Quality of Service (QoS) | Layer 2 QoS Layer 3 QoS Ingress policing: 1 rate 2 color Hardware queues per port: 8 Scheduling methods (egress): Strict priority (SP), shaped-deficit weighted round-robin (SDWRR) 802.1p: DiffServ code point (DSCP)/IP precedence trust and marking L2-L4 classification criteria: Interface, MAC address, Ethertype, 802.1p, VLAN, IP address, DSCP/IP precedence TCP/UDP port numbers Congestion avoidance capabilities: Tail drop |
Multicast | Internet Group Management Protocol (IGMP) snooping entries: 1000 IGMP: v1, v2, v3 IGMP snooping PIM-SM |
Services and Manageability | Junos OS CLI Web interface (J-Web) Out-of-band management: Serial, 10/100BASE-T Ethernet ASCII configuration Rescue configuration Configuration rollback Simple Network Management Protocol (SNMP): v1, v2c, v3 Remote monitoring (RMON) (RFC 2819) Groups 1, 2, 3, 9 Network Time Protocol (NTP) DHCP server DHCP client and DHCP proxy DHCP relay and helper RADIUS authentication TACACS+ authentication SSHv2 Secure copy HTTP/HTTPs Domain Name System (DNS) resolver System logging Temperature sensor Configuration backup via FTP/secure copy Interface range |
Advanced Routing Services | MPLS (RSVP, LDP) Circuit cross-connect (CCC), translational cross-connect (TCC) L2/L3 MPLS VPN Virtual private LAN service (VPLS), next-generation multicast VPN (NG-MVPN) MPLS traffic engineering and MPLS fast reroute |
Application Security Services | Application visibility and control Application-based firewall Application QoS Application-based advanced policy-based routing Application quality of experience (AppQoE) |
Access Control Lists (Junos OS Firewall Filters) | Port-based ACL (PACL)—ingress VLAN-based ACL (VACL)—ingress and egress Router-based ACL (RACL)—ingress and egress ACL entries (ACE) in hardware per system: 1500 ACL counter for denied packets ACL counter for permitted packets Ability to add/remove/change ACL entries in middle of list (ACL editing) L2-L4 ACL |
Security | MAC limiting Allowed MAC addresses—configurable per port Sticky MAC (persistent MAC address learning) Dynamic ARP inspection (DAI) Proxy ARP Static ARP support Dynamic Host Configuration Protocol (DHCP) snooping |
Troubleshooting | Debugging: CLI via console, telnet, or SSH Diagnostics: Show and debug command statistics Traffic mirroring (port) Traffic mirroring (VLAN) ACL-based mirroring Mirroring destination ports per system: 1 LAG port monitoring Multiple destination ports monitored to 1 mirror (N:1) Maximum number of mirroring sessions: 1 Mirroring to remote destination (over L2): 1 destination VLAN IP tools: Extended ping and trace Juniper Networks commit and rollback |
Optics | EX-SFP-10GE-USR EX-SFP-10GE-DAC-1M EX-SFP-1GE-SX EX-SFP-1GE-SX-ET EX-SFP-1GE-LX EX-SFP-10GE-SR EX-SFP-10GE-LR EX-SFP-10GE-DAC-3M EX-SFP-10GE-DAC-5M EX-SFP-10GE-ER EX-SFP-10GE-ZR EX-SFP-1GE-LH EX-SFP-1GE-LX40K EX-SFP-GE10KT13R14 EX-SFP-GE10KT14R13 EX-SFP-GE10KT13R15 EX-SFP-GE10KT15R13 EX-SFP-GE40KT13R15 EX-SFP-GE40KT15R13 EX-SFP-GE80KCW1470 EX-SFP-GE80KCW1490 EX-SFP-GE80KCW1510 EX-SFP-GE80KCW1530 EX-SFP-GE80KCW1550 EX-SFP-GE80KCW1570 EX-SFP-GE80KCW1590 EX-SFP-GE80KCW1610 |
Operating temperature | 32° to 104° F (0° to 40° C) |
Storage temperature | -40° to 158° F (-40° to 70° C) |
Operating altitude | Up to 6500 ft. (2000 m) |
Relative humidity operating | 5% to 90% (noncondensing) |
Relative humidity non-operating | 5% to 90% (noncondensing) |
Seismic | Designed to meet Zone 4 earthquake requirements |
Safety | cNRTL-UL60950-1 (Second Edition) C-UL to CAN/CSA 22.2 No.60950-1 (Second Edition) TUV/GS to EN 60950-1 (Second Edition) CB-IEC60950-1 (Second Edition with all country deviations) EN 60825-1 (Second Edition) |
Electromagnetic Compatibility | FCC 47CFR Part 15 Class A EN 55022 Class A ICES-003 Class A VCCI Class A AS/NZS CISPR 32 Class A CISPR 22 Class A, CISPR 32 Class A EN 55024 EN 300386 CE |
Environmental Compliance | Restriction of Hazardous Substances (ROHS) 6/6 ROHS 7a exemption for power supply components acceptable Registration, Evaluation, Authorisation and Restriction of Chemicals (REACH) Waste Electronics and Electrical Equipment (WEEE) |
IEEE Standards | IEEE 802.1AB: Link Layer Discovery Protocol (LLDP) IEEE 802.1ag: Connectivity Fault Management (CFM) IEEE 802.1ak: Multiple VLAN Registration Protocol (MVRP) IEEE 802.1D: Spanning Tree Protocol IEEE 802.1p: CoS prioritization IEEE 802.1Q: VLAN tagging IEEE 802.1Q-in-Q: VLAN Stacking IEEE 802.1w: Rapid Spanning Tree Protocol (RSTP) IEEE 802.1s: Multiple Spanning Tree Protocol (MSTP) IEEE 802.1X: Port Access Control IEEE 802.3: 10BASE-T IEEE 802.3u: 100BASE-T IEEE 802.3ab: 1000BASE-T IEEE 802.3z: 1000BASE-X IEEE 802.3x: Pause Frames/Flow Control IEEE 802.3ad: Link Aggregation Control Protocol (LACP) IEEE 802.3ah: Ethernet in the First Mile |
Supported RFCs | RFC 768 UDP RFC 783 Trivial File Transfer Protocol (TFTP) RFC 791 IP RFC 792 ICMP RFC 793 TCP RFC 826 ARP RFC 894 IP over Ethernet RFC 903 Reverse ARP (RARP) RFC 906 TFTP Bootstrap RFC 951, 1542 BootP RFC 1058 Routing Information Protocol RFC 1112 IGMP v1 RFC 1122 Host requirements RFC 1256 IPv4 ICMP Router Discovery (IRDP) RFC 1492 TACACS+ RFC 1519 Classless Interdomain Routing (CIDR) RFC 1587 OSPF not-so-stubby area (NSSA) Option RFC 1591 Domain Name System (DNS) RFC 1812 Requirements for IP Version 4 routers RFC 2030 SNTP, Simple Network Time Protocol RFC 2068 HTTP server RFC 2131 BOOTP/DHCP relay agent and dynamic host RFC 2138 RADIUS authentication RFC 2139 RADIUS accounting RFC 2267 Network ingress filtering RFC 2338 Virtual Router Redundancy Protocol (VRRP) RFC 2362 PIM-SM (edge mode) RFC 2453 RIP v2 RFC 2474 Definition of the Differentiated Services Field in the IPv4 and IPv6 Headers RFC 2597 Assured Forwarding PHB (per-hop behavior) Group RFC 2598 An Expedited Forwarding PHB RFC 2925 MIB for remote ping, trace RFC 3176 sFlow RFC 3569 SSM RFC 5176 Dynamic Authorization Extensions to RADIUS RFC 5880 Bidirectional Forwarding Detection (BFD) |
Supported MIBs | RFC 1155 SMI RFC 1157 SNMPv1 RFC 1212, RFC 1213, RFC 1215 MIB-II, Ethernet-Like MIB and TRAPs RFC 1901 Introduction to Community-based SNMPv2 RFC 2011 SNMPv2 for Internet protocol using SMIv2 RFC 2012 SNMPv2 for transmission control protocol using SMIv2 RFC 2013 SNMPv2 for user datagram protocol using SMIv2 RFC 2233 The Interfaces Group MIB using SMIv2 RFC 2287 System Application Packages MIB RFC 2570 Introduction to Version 3 of the Internet-standard Network Management Framework RFC 2571 An Architecture for describing SNMP Management Frameworks (read-only access) RFC 2572 Message Processing and Dispatching for the SNMP (read-only access) RFC 2576 Coexistence between SNMP Version 1, Version 2, and Version 3 RFC 2578 SNMP Structure of Management Information MIB RFC 2579 SNMP Textual Conventions for SMIv2 RFC 2580 Conformance Statements for SMIv2 RFC 2665 Ethernet-like interface MIB RFC 2787 VRRP MIB RFC 2790 Host Resources MIB RFC 2819 RMON MIB RFC 2863 Interface Group MIB RFC 3410 Introduction and Applicability Statements for Internet Standard Management Framework RFC 3411 An architecture for describing SNMP Management Frameworks RFC 3412 Message Processing and Dispatching for the SNMP RFC 3413 Simple Network Management Protocol (SNMP)—(all MIBs supported except the Proxy MIB) RFC 3414 User-based Security Model (USM) for version 3 of SNMPv3 RFC 3415 View-based Access Control Model (VACM) for the SNMP RFC 3416 Version 2 of the Protocol Operations for the SNMP RFC 3417 Transport Mappings for the SNMP RFC 3418 Management Information Base (MIB) for the SNMP RFC 4188 Definitions of Managed Objects for Bridges RFC 4318 Definitions of Managed Objects for Bridges with Rapid Spanning Tree Protocol RFC 4363b Q-Bridge VLAN MIB |
Accessories
Accessories | |
JPSU-650W-DC-AO** | Single 650W DC PSU |
JNP-SSD-M2-800GB** | JNP-SSD-M2-800GB |
*Optional modules are applicable to NFX150-S1 and NFX150-S1E products only. The NFX-LTE-AE and NFX-LTE- AA occupy two expansion slots. The NFX-EM-6T2SFP occupies one expansion slot and cannot be combined with the LTE Modules. |
**Optional modules are applicable to NFX350-S1, NFX350-S2, NFX350-S3 products only. The NFX-LTE-AE and NFX-LTE-AA occupy two expansion slots and are supported on NFX35
|