JUNIPER SRX4200-SYS-JE-AC FIREWALL
$97,902
$139,860
Properties
Properties | Juniper SRX4200-SYS-JE-AC |
Description |
SRX4200 Services Gateway includes hardware (8x10GE, two AC PSU, four FAN Trays, cables and RMK) and Junos Software Enhanced (Firewall, NAT, IPSec, Routing, MPLS and Application Security) |
Product Family | SRX4200 Series |
Product Type | Security Firewall |
Connectivity Specification | |
Total onboard ports | 8x1GbE/10GbE |
Onboard small form-factor pluggable plus (SFP+) transceiver ports | 8x1GbE/10GbE |
Out-of-Band (OOB) management ports | 1x1GbE |
Dedicated high availability (HA) ports | 2x1GbE/10GbE (SFP/SFP+) |
Console (RJ-45) | 1 |
USB 2.0 ports (type A) | 2 |
Form factor | 1 U |
Dimensions (WxHxD) | 17.48 x 1.7 x 25 in (44.39 x 4.31 x 63.5 cm) |
Weight (device and PSU) | Chassis with two AC power supplies: 29 lb (13.15 kg) Chassis with package for shipping: 47.5 lb (21.54 kg) |
Power | |
Power supply | 2x 650 W redundant AC-DC PSU |
Redundant PSU | 1+1 |
Average power consumption | 200 W |
Average heat dissipation | 685 BTU / hour |
Maximum current consumption | 4A (for 110 V AC power) 2A (for 220 V AC power) |
Maximum inrush current | 50 A by 1 AC cycle |
Airflow/cooling | Front to back |
Acoustic noise level | 70 dBA |
Specifications
Specifications | SRX4200-SYS-JE-AC |
System memory (RAM) | 64 GB |
Secondary storage (SSD) | 240 GB with 1+1 RAID |
Firewall throughput | 80 Gbps |
Firewall throughput—IMIX | 44 Gbps |
Firewall throughput with application security | 39.8 Gbps |
IPsec VPN throughput-IMIX | 29.6 Gbps |
Intrusion prevention | 27.7 Gbps |
NGFW throughput | 18 Gbps |
Secure Web Access throughput | 13.3 Gbps |
Connections per second | 500,000 |
Maximum session | 10 million |
Routing/firewall (IMIX packet size) throughput Gbps | 44 |
Routing/firewall (1,518 B packet size) throughput Gbps | 80 |
IPsec VPN (IMIX packet size) Gbps | 29.6 |
Application visibility and control in Gbps | 39.8 |
Recommended IPS in Gbps | 27.7 |
Next-generation firewall in Gbps | 18 |
Secure Web Access firewall in Gbps | 13.3 |
Connections per second (CPS) | 500,000 |
Maximum security policies | 60,000 |
Maximum concurrent sessions (IPv4 or IPv6) | 10 million |
Route table size (RIB/FIB) (IPv4) | 2 million/1.2 million |
IPsec tunnels | 7500 |
Number of remote access/SSL VPN (concurrent) users | 7500 |
Multitenancy (LSYS/TSYS) | 32/200 |
Software Specifications | |
Routing Protocols | IPv4, IPv6, static routes, RIP v1/v2 OSPF/OSPF v3 BGP with route reflector IS-IS Multicast: Internet Group Management Protocol (IGMP) v1/v2; Protocol Independent Multicast (PIM) sparse mode (SM)/source-specific multicast (SSM); Session Description Protocol (SDP); Distance Vector Multicast Routing Protocol (DVMRP); Multicast Source Discovery Protocol (MSDP); reverse path forwarding (RPF) Encapsulation: VLAN, Point-to-Point Protocol over Ethernet (PPPoE) Virtual routers Policy-based routing, source-based routing Equal-cost multipath (ECMP) |
QoS Features | Support for 802.1p, DiffServ code point (DSCP), EXP Classification based on VLAN, data-link connection identifier (DLCI), interface, bundles, or multifield filters Marking, policing, and shaping Classification and scheduling Weighted random early detection (WRED) Guaranteed and maximum bandwidth Ingress traffic policing Virtual channels |
Firewall Services | Stateful and stateless firewall Zone-based firewall Screens and distributed denial of service (DDoS) protection Protection from protocol and traffic anomalies Unified Access Control (UAC) |
Network Address Translation (NAT) | Source NAT with Port Address Translation (PAT) Bidirectional 1:1 static NAT Destination NAT with PAT Persistent NAT IPv6 address translation |
VPN Features | Tunnels: Site-to-site, hub and spoke, dynamic endpoint, AutoVPN, ADVPN, Group VPN (IPv4/ IPv6/Dual Stack) Juniper Secure Connect: Remote access/SSL VPN Configuration payload: Yes IKE Encryption algorithms: Prime, DES-CBC, 3DES-CBC, AEC-CBC, AES-GCM, Suite B IKE authentication algorithms: MD5, SHA-1, SHA-128, SHA-256, SHA-384 Authentication: Pre-shared key and public key infrastructure (PKI) (X.509) IPsec (Internet Protocol Security): Authentication Header (AH) / Encapsulating Security Payload (ESP) protocol IPsec Authentication Algorithms: hmac-md5, hmac-sha-196, hmac-sha-256 IPsec Encryption Algorithms: Prime, DES-CBC, 3DES-CBC, AEC-CBC, AES-GCM, Suite B Perfect forward secrecy, anti-reply Internet Key Exchange: IKEv1, IKEv2 Monitoring: Standard-based dead peer detection (DPD) support, VPN monitoring VPNs GRE, IP-in-IP, and MPLS |
Network Services | Dynamic Host Configuration Protocol (DHCP) client/server/relay Domain Name System (DNS) proxy, dynamic DNS (DDNS) Juniper real-time performance monitoring (RPM) and IP monitoring Juniper flow monitoring (J-Flow) |
High Availability Features | Virtual Router Redundancy Protocol (VRRP) – IPv4 and IPv6 Stateful high availability: -Dual box clustering -Active/passive -Active/active -Configuration synchronization -Firewall session synchronization -Device/link detection -In-Service Software Upgrade (ISSU) IP monitoring with route and interface failover |
Management, Automation, Logging, and Reporting | SSH, Telnet, SNMP Smart image download Juniper CLI and Web UI Juniper Networks Junos Space Security Director Python Junos events, commit and OP scripts Application and bandwidth usage reporting Debug and troubleshooting tools |
Advanced Routing Services | Packet Mode MPLS (RSVP, LDP) Circuit cross-connect (CCC), translational cross-connect (TCC) L2/L2 MPLS VPN, pseudo-wires Virtual private LAN service (VPLS), next-generation multicast VPN (NG-MVPN) MPLS traffic engineering and MPLS fast re-route |
Application Security Services | Application visibility and control Application-based firewall Application QoS Advanced/application policy-based routing (APBR) Application Quality of Experience (AppQoE) Application-based multipath routing User-based firewall |
Threat Defense and Intelligence Services | Intrusion prevention system Antivirus Antispam Category/reputation-based URL filtering SSL proxy/inspection Protection from botnets (command and control) Adaptive enforcement based on GeoIP Juniper Advanced Threat Prevention, a cloud-based SaaS offering, to detect and block zero-day attacks Adaptive Threat Profiling Encrypted Traffic Insights SecIntel to provide threat intelligence Juniper ATP Appliance, a distributed, on-premises advanced threat prevention solution to detect and block zero-day attacks |
Operating temperature | 32° to 104° F (0° to 40° C) |
Operating humidity | 5% to 90% noncondensing |
Meantime between failures (MTBF) | 221,729 hours (about 25.3 years) |
FCC classification | Class A |
RoHS compliance | RoHS 2 |
Accessories
Transceivers | |
CTP-SFP-1GE-LX | Small Form Factor Pluggable 1000Base-LX Gigabit Ethernet Optic Module, CTP1000 |
CTP-SFP-1GE-SX | Small Form Factor Pluggable 1000Base-SX Gigabit Ethernet Optic Module, CTP1000 |
CTP-SFP-1GE-T | Small Form Factor Pluggable 1000Base-T Gigabit Ethernet Module (uses Cat 5 cable) |
EX-SFP-1GE-LH | Small Form Factor Pluggable 1000Base-LH Gigabit Ethernet Optics |
EX-SFP-1GE-LX | Small Form Factor Pluggable 1000Base-LX Gigabit Ethernet Optics |
EX-SFP-1GE-SX | Small Form Factor Pluggable 1000Base-SX Gi |