JUNIPER SRX550-645AP-M FIREWALL
$10,111
$14,444
Properties
Properties | Juniper SRX550-645AP-M |
Description | SRX550M Firewall with 4 GB DRAM and 8 GB CF, 2 U height, 6 GPIM slots, 2 Mini-PIM slots, 6 10/100/1000BASE-T ports, 4GbE SFP ports, dual PS slots, and fans; ships with one 645 W AC power supply with 247 W PoE power (power cord and rack-mount kit included). |
Product Family | SRX550 Series |
Product Type | Security Firewall |
Connectivity Specification | |
Fixed I/O | 6 x 10/100/1000 BASE-T + 4 small form-factor pluggable transceivers (SFP transceivers) |
I/O slots | 2 x SRX Series Mini-PIM, 6 x Gigabit-Backplane Physical Interface Module (GPIM) or multiple GPIM and XPIM combinations |
Services and Routing Engine slots | No |
Maximum number of PoE ports | Up to 40 ports of 802.3af/at with maximum 247 W |
USB | 2 |
Rack-mountable | Yes, 2 U |
Dimensions (WxHxD) | 17.5 x 3.5 x 18.2 in (44.4 x 8.8 x 46.2 cm) |
Weight (device and PSU) | 21.96 lb (9.96 kg) (no interface modules, 1 power supply) |
Power | |
Power supply (AC) | 100-240 VAC, single 645 W or dual 645 W |
Redundant power supply (hot swappable) | Yes (up to maximum capacity of single PSU) |
Average heat dissipation | 238 BTU/hr |
Maximum heat dissipation | 1449 BTU/hr |
Maximum PoE power | 247 W redundant, or 494 W non-redundant |
Average power consumption | 85 W |
Input frequency | 50-60 Hz |
Maximum current consumption | 7.5 A @ 100 VAC with single PSU with PoE, 10.5 A @ 100 VAC with dual PSU with PoE |
Maximum inrush current | 45 A for half-cycle |
Acoustic noise level | 51.8 Db |
Specifications
Specifications | SRX550-645AP-M |
System memory (DRAM) | 4 GB |
Memory slots | 2 DIMM |
Flash Memory | 8 GB, CF internal |
USB port for external storage | Yes |
Firewall performance (max) | 5.5 Gbps |
AES256+SHA-1 / 3DES+SHA-1 VPN performance | 1.0 Gbps |
New sessions/second (sustained, TCP, 3-way) | 27,000 |
Firewall performance (large packets) | 7 Gbps |
Firewall performance (IMIX) | 2 Gbps |
Firewall + routing pps (64 Byte) | 700 Kpps |
Firewall performance (HTTP) | 2 Gbps |
IPsec VPN throughput (large packets) | 1 Gbps |
IPsec VPN tunnels | 2000 |
Application firewall | 2.0 Gbps |
Intrusion prevention system (IPS) | 800 Mbps |
Antivirus | 300 Mbps (Sophos antivirus) |
Connections per second | 27,000 |
Maximum concurrent sessions | 375,000 |
Maximum security policies | 8000 |
Maximum users supported | Unrestricted |
Route table size (RIB/FIB) (IPv4 or IPv6) | 1.5 million/750,000 |
NAT rules | 6144 |
MAC table size | 15,000 |
Number of remote access/SSL VPN (concurrent) users | 500 |
GRE tunnels | 1500 |
Maximum number of security zones | 96 |
Maximum number of virtual routers | 128 |
Maximum number of VLANs | 3967 |
AppID sessions | 65,000 |
IPS sessions | 64,000 |
URL filtering (URLF) sessions | 64,000 |
Software Specifications | |
Routing Protocols | IPv4, IPv6, ISO, Connectionless Network Service (CLNS) Static routes RIP v1/v2 OSPF/OSPF v3 BGP with route reflector IS-IS Multicast: Internet Group Management Protocol (IGMP) v1/v2, Protocol Independent Multicast (PIM) sparse mode (SM)/dense mode (DM)/source-specific multicast (SSM), Session Description Protocol (SDP), Distance Vector Multicast Routing Protocol (DVMRP), Multicast Source Discovery Protocol (MSDP), Reverse Path Forwarding (RPF) Encapsulation: VLAN, Point-to-Point Protocol (PPP), Frame Relay, High-Level Data Link Control (HDLC), serial, Multilink Point-to-Point Protocol (MLPPP), Multilink Frame Relay (MLFR), and Point-to-Point Protocol over Ethernet (PPPoE) Virtual routers Policy-based routing, source-based routing Equal-cost multipath (ECMP) |
QoS Features | Support for 802.1p, DiffServ code point (DSCP), EXP Classification based on VLAN, data-link connection identifier (DLCI), interface, bundles, or multifield filters Marking, policing, and shaping Classification and scheduling Weighted random early detection (WRED) Guaranteed and maximum bandwidth Ingress traffic policing Virtual channels Hierarchical shaping and policing |
Switching Features | ASIC-based Layer 2 forwarding MAC address learning VLAN addressing and integrated routing and bridging (IRB) support Link aggregation and LACP Link Layer Discovery Protocol (LLDP) and Link Layer Discovery Protocol–Media Endpoint Discovery (LLDP-MED) Spanning Tree Protocol (STP), Rapid Spanning Tree Protocol (RSTP), Multiple Spanning Tree Protocol (MSTP) Multiple VLAN Registration Protocol (MVRP) 802.1X authentication |
Firewall Services | Stateful and stateless firewall Zone-based firewall Screens and distributed denial of service (DDoS) protection Protection from protocol and traffic anomaly Integration with Pulse Unified Access Control (UAC) Integration with Aruba Clear Pass Policy Manager User role-based firewall SSL Inspection (forward-proxy) |
Network Address Translation (NAT) | Source NAT with Port Address Translation (PAT) Bidirectional 1:1 static NAT Destination NAT with PAT Persistent NAT IPv6 address translation |
VPN Features | Tunnels: Site-to-Site, Hub and Spoke, Dynamic Endpoint, AutoVPN, ADVPN, Group VPN (IPv4/IPv6/Dual Stack) Juniper Secure Connect: Remote access/SSL VPN Configuration payload: Yes IKE Encryption algorithms: Prime, DES-CBC, 3DES-CBC, AEC-CBC, AES-GCM, SuiteB IKE authentication algorithms: MD5, SHA-1, SHA-128, SHA-256, SHA-384 Authentication: Pre-shared key and public key infrastructure (PKI) (X.509) IPsec (Internet Protocol Security): Authentication Header (AH)/Encapsulating Security Payload (ESP) protocol IPsec Authentication Algorithms: hmac-md5, hmac-sha-196, hmac-sha-256 IPsec Encryption Algorithms: Prime, DES-CBC, 3DES-CBC, AEC-CBC, AES-GCM, SuiteB Perfect forward secrecy, anti-reply Internet Key Exchange: IKEv1, IKEv2 Monitoring: Standard-based dead peer detection (DPD) support, VPN monitoring VPNs GRE, IP-in-IP, and MPLS |
Network Services | Dynamic Host Configuration Protocol (DHCP) client/server/relay Domain Name System (DNS) proxy, dynamic DNS (DDNS) Juniper real-time performance monitoring (RPM) and IP-monitoring Juniper flow monitoring (J-Flow) Bidirectional Forwarding Detection (BFD) Two-Way Active Measurement Protocol (TWAMP) IEEE 802.3ah Link Fault Management (LFM) IEEE 802.1ag Connectivity Fault Management (CFM) |
High Availability Features | Virtual Router Redundancy Protocol (VRRP) Stateful high availability Dual box clustering Active/passive Active/active Configuration synchronization Firewall session synchronization Device/link detection In-Band Cluster Upgrade (ICU) Dial on-demand backup interfaces IP monitoring with route and interface failover |
Management, Automation, Logging, and Reporting | SSH, Telnet, SNMP Smart image download Juniper CLI and Web UI Mist AI Simplified management WAN Assurance Junos Space and Security Director Python, PyEz, and Ansible modules Junos OS event, commit, and OP script Application and bandwidth usage reporting Auto installation Debug and troubleshooting tools ZTP with Contrail Service Orchestration |
Advanced Routing Services | Packet mode MPLS (RSVP, LDP) Circuit cross-connect (CCC), translational cross-connect (TCC) L2/L3 MPLS VPN, pseudowires Virtual private LAN service (VPLS), next-generation multicast VPN (NG-MVPN) MPLS traffic engineering and MPLS fast reroute |
Application Security Services | Application visibility and control Application-based firewall Application QoS |
Enhanced SD-WAN Services | Application-based advanced policy-based routing (APBR) Application quality of experience (AppQoE) Application-based link monitoring and switchover with AppQoE |
Threat Defense and Intelligence Services | Intrusion prevention system (IPS) Antivirus Antispam Category/reputation-based URL filtering Protection from botnets (command and control) Adaptive enforcement based on GeoIP Juniper Advanced Threat Prevention to detect and block zero-day attacks Adaptive Threat Profiling Encrypted Traffic Insights Juniper SecIntel to provide threat intelligence |
Operating temperature | 32° to 104° F (0° to 40° C) |
Storage temperature | 4° to 158° F, (-20° to 70° C) |
Relative humidity operating | 10% to 90% (noncondensing) |
Relative humidity non-operating | 5% to 95% (noncondensing) |
Meantime between failures (MTBF) | 9.6 years with redundant power |
FCC classification | Class A |
RoHS compliance | Yes |
Accessories
Accessories | |
SRX600-PWR-645AC-POE | Spare 645 W AC PoE power supply unit for SRX550M systems; one is included in SRX550M base system (SRX550M-645AC) |
SRX550-CHAS-M | SRX550M Firewall, 2 U height, 6 GPIM slots, 2 Mini-PIM slots, 6 10/100/1000BASE-T ports, 4 GbE SFP ports, dual PS slots, and fans (power supply not included) |
Software Licenses | |
SRX550-IDP | One-year subscription for intrusion detection and prevention (IDP) updates on SRX550M |
SRX550-S2-AS | One-year subscription for Juniper-Sophos antispam updates on SRX550M |
SRX550-W-EWF | One-year subscription for Juniper Web filtering updates on SRX550M |
SRX550-S-SMB4-CS | One-year security subscription for enterprise; includes Sophos antivirus, enhanced Web filtering, Sophos antispam, AppSecure, and IDP on SRX550M |
SRX550-ATP-1 | One-year subscription for Advanced Threat Prevention Cloud for SRX550M |
SRX550-S-AV-3 | Three-year subscription for Juniper-Sophos antivirus updates on SRX550M |
SRX550-IDP-3 | Three-year subscription for IDP updates on SRX550M |
SRX550-S2-AS-3 | Three-year subscription for Juniper-Sophos antispam updates on SRX550M |
SRX550-W-EWF-3 | Three-year subscription for Juniper Web filtering updates on SRX550M |
SRX550-S-SMB4-CS-3 | Three-year subscription for enterprise-includes Sophos antivirus, enhanced Web filtering, Sophos antispam, AppSecure, and IDP on SRX550M |