JUNIPER NFX350-S3-DC FIREWALL

$45,360 $64,800

Description

Juniper NFX350 is our most powerful universal CPE platform. Ideal for your large branch deployments, it delivers secure SD-WAN and tremendous x86 horsepower, with ample storage and memory that supports adjacent virtual network functions (VNFs) and other branch-local applications

Properties

Properties Juniper NFX350-S3-DC
Description NFX350-S3, 16-core Skylake Xeon-D, QAT, 128GB RAM, 50GB SSD, 2xM2 slots, Dual DC PS capable, single 450W AC PSU, LTE module (2nd PS and LTE module are optional accessories). Includes Junos standard security software license for Layer 2 and Layer 3 services, Network Address Translation (NAT), IP Security (IPsec), and stateful firewall
Product Family NFX350 Series
Product Type Security Firewall
Interface Specifications
Integrated network interfaces 8 x 10/100/1000BASE-T RJ-45 LAN or WAN ports
8 x 1GbE/10GbE SFP+ LAN or WAN ports
1 x 10/100/1000BASE-T RJ-45 management port
Network interface module Not Available
ADSL2/VDSL2 Interface ADSL2/ADSL2+/VDSL SFP
Out-of-band interfaces RJ-45 console port
Mini USB console port
2 x USB 3.0 port
Footprint Rack mount
Rack units (U) 1 U
Dimensions (WxHxD) 1.72 x 17.32 x 20.86 in (4.37 x 44.0 x 53.0 cm)
Weight 18.6 lb (8.45 kg)
Power supply 650W hot-swappable DC-DC
Airflow/cooling Front-to-back (AFO) forced cooling
Acoustic noise level 61 dBA

 

Specifications

Specifications NFX350-S3-DC
CPU Intel 16 Core SKYLAKE
Memory 128 GB DDR4
Storage 100 GB SSD
Software Wind River Linux 8
Managed Secure Router 30 Gbps
Managed Security 30 Gbps
IPSec 7.5 Gbps
Maximum number of VNFs 12
Wireless/LTE Module option LTE Module
LTE antenna support LTE Module
LTE chipset Sierra Wireless Modem
MC7430
MC7455
LTE bands/regions supported LTE modem with support for 1-5, 7-8, 12-13, 30, 25-26, 29-30, 41 LTE bands (for North America and Europe)
Software Specifications
Packet Switching Capacities Packet Forwarding Engine (PFE) capacity: 64 Gbps
VNF capacity: 20 Gbps full-duplex path to CPU for VNF traffic
Throughput via VNFs will vary depending on network function and acceleration technologies supported
Layer 2 Switching Maximum media access control (MAC) addresses in hardware: up to 16,000‡
Jumbo frames: 9216 bytes‡
Number of VLANs: up to 1024 (VLAN IDs: 4096)‡
Port-based VLAN
MAC-based VLAN
Voice VLAN
Private VLAN (PVLAN)
Number of MST instances supported: 64
Compatible with Per-VLAN Spanning Tree Plus (PVST+)
Routed VLAN interface (RVI)‡
Link Layer Discovery Protocol–Media Endpoint Discovery (LLDP-MED) with VoIP integration
Routing Protocols IPv4, IPv6, ISO, Connectionless Network Service (CLNS)
Static routes
RIP v1/v2
OSPF/OSPF v3
BGP with Route Reflector
Multicast: Internet Group Management Protocol (IGMP) v1/v2, Protocol Independent Multicast (PIM) sparse mode (SM)/dense mode (DM)/source-specific multicast (SSM), Session Description Protocol (SDP), Distance Vector Multicast Routing Protocol (DVMRP), Multicast Source Discovery Protocol (MSDP), Reverse Path Forwarding (RPF)
Encapsulation: VLAN, Point-to-Point Protocol (PPP), Frame Relay, High-Level Data Link Control (HDLC), serial, Multilink Point-to-Point Protocol (MLPPP), Multilink Frame Relay (MLFR), and Point-to-Point Protocol over Ethernet (PPPoE)
Virtual routers
Policy-based routing, source-based routing
Equal-Cost Multipath (ECMP)
Threat Defense and Intelligence Services Intrusion prevention
Antivirus
Antispam
Category/reputation-based URL filtering
SecIntel to provide threat intelligence
Protection from botnets (command and control)
Adaptive enforcement based on GeoIP
Juniper Cloud Advanced Threat Prevention to detect and block zeroday malware attacks
High Availability VRRP
Backup link via 3G/4G LTE wireless or other WAN (NFX150)
Stateful failover and dual CPE clustering‡
Active/active—L3 mode
Active/passive—L3 mode
Configuration synchronization
Session synchronization firewall and VPN
Session failover for routing change
Device failure detection, link failure detection
IP monitoring with route and interface failover
VPN Features Tunnels: Generic routing encapsulation (GRE)3, IP-IP3, IPsec
Site-site IPsec VPN
IPsec crypto algorithms: Data Encryption Standard (DES), triple DES (3DES), Advanced Encryption Standard (AES-256), AES-GCM
IPsec authentication algorithms: MD5, SHA-1, SHA-128, SHA-256
Perfect forward secrecy, anti-reply
IPv4 and IPv6 IPsec VPN
Multiproxy ID for site-site VPN
Internet Key Exchange (IKEv1, IKEv2), NAT-T
Virtual router and quality-of-service (QoS) aware
Standard-based dead peer detection (DPD) support
VPN monitoring
Quality of Service (QoS) Layer 2 QoS
Layer 3 QoS
Ingress policing: 1 rate 2 color
Hardware queues per port: 8
Scheduling methods (egress): Strict priority (SP), shaped-deficit weighted round-robin (SDWRR)
802.1p: DiffServ code point (DSCP)/IP precedence trust and marking
L2-L4 classification criteria: Interface, MAC address, Ethertype, 802.1p, VLAN, IP address, DSCP/IP precedence
TCP/UDP port numbers
Congestion avoidance capabilities: Tail drop
Multicast Internet Group Management Protocol (IGMP) snooping entries: 1000
IGMP: v1, v2, v3
IGMP snooping
PIM-SM
Services and Manageability Junos OS CLI
Web interface (J-Web)
Out-of-band management: Serial, 10/100BASE-T Ethernet
ASCII configuration
Rescue configuration
Configuration rollback
Simple Network Management Protocol (SNMP): v1, v2c, v3
Remote monitoring (RMON) (RFC 2819) Groups 1, 2, 3, 9
Network Time Protocol (NTP)
DHCP server
DHCP client and DHCP proxy
DHCP relay and helper
RADIUS authentication
TACACS+ authentication
SSHv2
Secure copy
HTTP/HTTPs
Domain Name System (DNS) resolver
System logging
Temperature sensor
Configuration backup via FTP/secure copy
Interface range
Advanced Routing Services MPLS (RSVP, LDP)
Circuit cross-connect (CCC), translational cross-connect (TCC)
L2/L3 MPLS VPN
Virtual private LAN service (VPLS), next-generation multicast VPN (NG-MVPN)
MPLS traffic engineering and MPLS fast reroute
Application Security Services Application visibility and control
Application-based firewall
Application QoS
Application-based advanced policy-based routing
Application quality of experience (AppQoE)
Access Control Lists (Junos OS Firewall Filters) Port-based ACL (PACL)—ingress
VLAN-based ACL (VACL)—ingress and egress
Router-based ACL (RACL)—ingress and egress
ACL entries (ACE) in hardware per system: 1500
ACL counter for denied packets
ACL counter for permitted packets
Ability to add/remove/change ACL entries in middle of list (ACL editing)
L2-L4 ACL
Security MAC limiting
Allowed MAC addresses—configurable per port
Sticky MAC (persistent MAC address learning)
Dynamic ARP inspection (DAI)
Proxy ARP
Static ARP support
Dynamic Host Configuration Protocol (DHCP) snooping
Troubleshooting Debugging: CLI via console, telnet, or SSH
Diagnostics: Show and debug command statistics
Traffic mirroring (port)
Traffic mirroring (VLAN)
ACL-based mirroring
Mirroring destination ports per system: 1
LAG port monitoring
Multiple destination ports monitored to 1 mirror (N:1)
Maximum number of mirroring sessions: 1
Mirroring to remote destination (over L2): 1 destination
VLAN
IP tools: Extended ping and trace
Juniper Networks commit and rollback
Optics EX-SFP-10GE-USR
EX-SFP-10GE-DAC-1M
EX-SFP-1GE-SX
EX-SFP-1GE-SX-ET
EX-SFP-1GE-LX
EX-SFP-10GE-SR
EX-SFP-10GE-LR
EX-SFP-10GE-DAC-3M
EX-SFP-10GE-DAC-5M
EX-SFP-10GE-ER
EX-SFP-10GE-ZR
EX-SFP-1GE-LH
EX-SFP-1GE-LX40K
EX-SFP-GE10KT13R14
EX-SFP-GE10KT14R13
EX-SFP-GE10KT13R15
EX-SFP-GE10KT15R13
EX-SFP-GE40KT13R15
EX-SFP-GE40KT15R13
EX-SFP-GE80KCW1470
EX-SFP-GE80KCW1490
EX-SFP-GE80KCW1510
EX-SFP-GE80KCW1530
EX-SFP-GE80KCW1550
EX-SFP-GE80KCW1570
EX-SFP-GE80KCW1590
EX-SFP-GE80KCW1610
Operating temperature 32° to 104° F (0° to 40° C)
Storage temperature -40° to 158° F (-40° to 70° C)
Operating altitude Up to 6500 ft. (2000 m)
Relative humidity operating 5% to 90% (noncondensing)
Relative humidity non-operating 5% to 90% (noncondensing)
Seismic Designed to meet Zone 4 earthquake requirements
Safety cNRTL-UL60950-1 (Second Edition)
C-UL to CAN/CSA 22.2 No.60950-1 (Second Edition)
TUV/GS to EN 60950-1 (Second Edition)
CB-IEC60950-1 (Second Edition with all country deviations)
EN 60825-1 (Second Edition)
Electromagnetic Compatibility FCC 47CFR Part 15 Class A
EN 55022 Class A
ICES-003 Class A
VCCI Class A
AS/NZS CISPR 32 Class A
CISPR 22 Class A, CISPR 32 Class A
EN 55024
EN 300386
CE
Environmental Compliance Restriction of Hazardous Substances (ROHS) 6/6
ROHS 7a exemption for power supply components acceptable
Registration, Evaluation, Authorisation and Restriction of Chemicals (REACH) Waste Electronics and Electrical Equipment (WEEE)
IEEE Standards IEEE 802.1AB: Link Layer Discovery Protocol (LLDP)
IEEE 802.1ag: Connectivity Fault Management (CFM)
IEEE 802.1ak: Multiple VLAN Registration Protocol (MVRP)
IEEE 802.1D: Spanning Tree Protocol
IEEE 802.1p: CoS prioritization
IEEE 802.1Q: VLAN tagging
IEEE 802.1Q-in-Q: VLAN Stacking
IEEE 802.1w: Rapid Spanning Tree Protocol (RSTP)
IEEE 802.1s: Multiple Spanning Tree Protocol (MSTP)
IEEE 802.1X: Port Access Control
IEEE 802.3: 10BASE-T
IEEE 802.3u: 100BASE-T
IEEE 802.3ab: 1000BASE-T
IEEE 802.3z: 1000BASE-X
IEEE 802.3x: Pause Frames/Flow Control
IEEE 802.3ad: Link Aggregation Control Protocol (LACP)
IEEE 802.3ah: Ethernet in the First Mile
Supported RFCs RFC 768 UDP
RFC 783 Trivial File Transfer Protocol (TFTP)
RFC 791 IP
RFC 792 ICMP
RFC 793 TCP
RFC 826 ARP
RFC 894 IP over Ethernet
RFC 903 Reverse ARP (RARP)
RFC 906 TFTP Bootstrap
RFC 951, 1542 BootP
RFC 1058 Routing Information Protocol
RFC 1112 IGMP v1
RFC 1122 Host requirements
RFC 1256 IPv4 ICMP Router Discovery (IRDP)
RFC 1492 TACACS+
RFC 1519 Classless Interdomain Routing (CIDR)
RFC 1587 OSPF not-so-stubby area (NSSA) Option
RFC 1591 Domain Name System (DNS)
RFC 1812 Requirements for IP Version 4 routers
RFC 2030 SNTP, Simple Network Time Protocol
RFC 2068 HTTP server
RFC 2131 BOOTP/DHCP relay agent and dynamic host
RFC 2138 RADIUS authentication
RFC 2139 RADIUS accounting
RFC 2267 Network ingress filtering
RFC 2338 Virtual Router Redundancy Protocol (VRRP)
RFC 2362 PIM-SM (edge mode)
RFC 2453 RIP v2
RFC 2474 Definition of the Differentiated Services Field in the IPv4 and IPv6 Headers
RFC 2597 Assured Forwarding PHB (per-hop behavior) Group
RFC 2598 An Expedited Forwarding PHB
RFC 2925 MIB for remote ping, trace
RFC 3176 sFlow
RFC 3569 SSM
RFC 5176 Dynamic Authorization Extensions to RADIUS
RFC 5880 Bidirectional Forwarding Detection (BFD)
Supported MIBs RFC 1155 SMI
RFC 1157 SNMPv1
RFC 1212, RFC 1213, RFC 1215 MIB-II, Ethernet-Like MIB and TRAPs
RFC 1901 Introduction to Community-based SNMPv2
RFC 2011 SNMPv2 for Internet protocol using SMIv2
RFC 2012 SNMPv2 for transmission control protocol using SMIv2
RFC 2013 SNMPv2 for user datagram protocol using SMIv2
RFC 2233 The Interfaces Group MIB using SMIv2
RFC 2287 System Application Packages MIB
RFC 2570 Introduction to Version 3 of the Internet-standard Network Management Framework
RFC 2571 An Architecture for describing SNMP Management Frameworks (read-only access)
RFC 2572 Message Processing and Dispatching for the SNMP (read-only access)
RFC 2576 Coexistence between SNMP Version 1, Version 2, and Version 3
RFC 2578 SNMP Structure of Management Information MIB
RFC 2579 SNMP Textual Conventions for SMIv2
RFC 2580 Conformance Statements for SMIv2
RFC 2665 Ethernet-like interface MIB
RFC 2787 VRRP MIB
RFC 2790 Host Resources MIB
RFC 2819 RMON MIB
RFC 2863 Interface Group MIB
RFC 3410 Introduction and Applicability Statements for Internet Standard Management Framework
RFC 3411 An architecture for describing SNMP Management Frameworks
RFC 3412 Message Processing and Dispatching for the SNMP
RFC 3413 Simple Network Management Protocol (SNMP)—(all MIBs supported except the Proxy MIB)
RFC 3414 User-based Security Model (USM) for version 3 of SNMPv3
RFC 3415 View-based Access Control Model (VACM) for the SNMP
RFC 3416 Version 2 of the Protocol Operations for the SNMP
RFC 3417 Transport Mappings for the SNMP
RFC 3418 Management Information Base (MIB) for the SNMP
RFC 4188 Definitions of Managed Objects for Bridges
RFC 4318 Definitions of Managed Objects for Bridges with Rapid Spanning Tree Protocol
RFC 4363b Q-Bridge VLAN MIB

Accessories

Accessories
JPSU-650W-DC-AO** Single 650W DC PSU
JNP-SSD-M2-800GB** JNP-SSD-M2-800GB
*Optional modules are applicable to NFX150-S1 and NFX150-S1E products only. The NFX-LTE-AE and NFX-LTE- AA occupy two expansion slots. The NFX-EM-6T2SFP occupies one expansion slot and cannot be combined with the LTE Modules.
**Optional modules are applicable to NFX350-S1, NFX350-S2, NFX350-S3 products only. The NFX-LTE-AE and NFX-LTE-AA occupy two expansion slots and are supported on NFX35

Domestic Shipping

All products from Gaia Consulting Services are shipped Monday through Friday via trusted carriers such as UPS, FedEx, or USPS. We are pleased to offer free delivery on all orders over $100 within the United States. Orders typically take 1-6 business days to arrive, depending on your location. For orders that do not qualify for free delivery, shipping rates are calculated based on factors such as the shipping carrier, method, package weight, and destination. Please note that additional surcharges may apply for shipments to Hawaii, Alaska, Puerto Rico, and APO/FPO addresses. While we strive to ship orders on the same day they are placed, any delays or cancellations will be promptly communicated to you.

International Shipping

Gaia Consulting Services also offers international shipping to customers worldwide. However, please be aware that we adhere to all international trade laws and regulations and do not ship to countries currently under embargo by the United States.

Shipping Carriers and Transit Times

For international shipments, we utilize reliable carriers such as UPS, FedEx, and DHL to ensure your orders arrive safely and on time. Transit times typically range between 7-15 business days, depending on the destination and chosen shipping method. Please note that customs clearance processes may cause delays, which are beyond our control.

Customs, Duties, and Taxes

Customers outside the United States are responsible for any customs duties, taxes, or additional fees imposed by their country's customs authorities. Gaia Consulting Services cannot predict or control these charges and advises customers to familiarize themselves with their country's import regulations before placing an order. Please note that these charges are not included in the item price or shipping costs.

Order Processing

We strive to process and ship orders quickly and efficiently. If any issues arise with your order, we will notify you promptly to keep you informed of its status.

Shipping Addresses

To ensure smooth delivery, please provide an accurate and complete shipping address during checkout. Gaia Consulting Services cannot be held liable for orders shipped to incorrect addresses due to customer error. If you need to modify your shipping address after placing an order, please contact us immediately. Please note that we may be unable to change the shipping address if your order has already been processed.

You may also like