SRX4100 and SRX4200 Firewalls Datasheet

Download Datasheet

Product Overview

The SRX4100 and SRX4200 Firewalls offer industry-leading threat protection, performance, scalability, high-availability, and integrated security services. Designed for high-performance throughput while preventing exploits, malware, and malicious traffic, the SRX4100 and SRX4200 are best suited for enterprise data centers, campuses, and regional headquarters, with a focus on adopting a zero trust architecture.

The SRX4100 and SRX4200 seamlessly integrate networking and security in single platform fixed form-factor firewall. Both firewalls are powered by Junos OS,  and managed by Security Director Cloud, which helps organizations operationalize zero trust and enable architectural transformation through a unified management experience and single-policy framework.

 

SRX4200 front top image

Product Description

The Juniper Networks® SRX4100 and SRX4200 Firewalls are high-performance, next-generation firewalls with hardware-acceleration that protects mission-critical data center networks, enterprise campuses, and regional headquarters. The SRX4100 and SRX4200 are an integral part of the Juniper Connected Security framework, which extends security to every point of connection on the network to safeguard users, data, and the infrastructure from advanced threats. 

The SRX4100 and SRX4200 integrate networking and security in a single platform to deliver industry-leading intrusion prevention and malware protection with, high-performance throughput, IPSec VPN, and easy policy management to reliably secure the network. Advanced application identification and classification enables greater visibility, enforcement, control, and protection over network traffic, application access, and data. . These next-generation firewalls provide detailed analyses of application volume and usage, fine-grained application control policies, and prioritization of traffic based on application information and context to reduce complexity across traditional, cloud, and hybrid IT networks. 

The SRX4100 and SRX4200 deliver fully automated  to both enterprises and service providers. Their high performance and scale allow the SRX4100 and SRX4200 to act as VPN hubs, terminating VPN/secure overlay connections in various SD-WAN topologies.

1000254-partnerlogos

Both SRX4100 and SRX4200 Firewalls are managed by Juniper Networks Security Director Cloud, a unified management experience that connects the organization’s current deployments with future architectural rollouts. Security Director Cloud uses a single policy framework enabling consistent security policies across any environment and expanding zero trust to all parts of the network from the edge into the data center. This provides unbroken visibility, policy configuration, administration, and collective threat intelligence all in one place. The SRX4100 and SRX4200 comply with industry standards, delivering scalability, ease of management, secure connectivity, and advanced threat mitigation capabilities that businesses need.

 

Architecture and Key Components

The SRX4100 and SRX4200 hardware and software architecture provides cost-effective security performance in a small 1 RU form factor. Purpose-built to protect up to 44 Gbps Internet Mix (IMIX) firewall throughput network environments, the SRX4100 and SRX4200 incorporate multiple security services and networking functions on top of the industry- leading Juniper Networks Junos® operating system.

The SRX4100 supports up to 22 Gbps (IMIX) of firewall performance, 13.9 Gbps of IPS throughput , and 14.8 Gbps of IPsec VPN in data center, enterprise campus, and regional headquarters deployments with IMIX traffic patterns. The SRX4200 supports up to 44 Gbps of firewall performance, 27.7 Gbps of IPS throughput, and up to 29.6 Gbps of IPsec VPN in data center, enterprise campus, and regional headquarters deployments with IMIX traffic patterns.

 

Table 1. SRX4100 and SRX4200 Statistics¹
  SRX4100 SRX4200
Firewall throughput 40 Gbps 80 Gbps
Firewall throughput—IMIX 22 Gbps 44 Gbps
Firewall throughput with application security 19.9 Gbps 39.8 Gbps
IPsec VPN throughput-IMIX 14.8 Gbps 29.6 Gbps
Intrusion prevention 13.9 Gbps 27.7 Gbps
Next-generation firewall2 throughput 9 Gbps 18 Gbps
Secure Web Access3 throughput 6.7 Gbps 13.3 Gbps
Connections per second 250,000 500,000
Maximum session 5 million 10 million

1Performance, capacity and features listed are measured under ideal testing conditions. Actual results may vary based on Junos OS releases and by deployments.

2Next-Generation Data Center Firewall performance is measured with Firewall, Application Security and IPS enabled using 64KB transactions

3Secure Web Access Firewall performance is measured with Firewall, Application Security, IPS, SecIntel, and URL Filtering enabled using 64KB transactions

The SRX4100 and SRX4200 recognize more than 4,275 applications and nested applications in plain-text or SSL-encrypted transactions. The firewalls also integrate with Microsoft Active Directory and combine user information with application data to provide network-wide application and user visibility and control.

 

Features and Benefits

Table 2. SRX4100 and SRX4200 Features and Benefits
Business Requirement Feature/Solution SRX4100/SRX4200 Advantages 
High performance Up to 80 Gbps of firewall throughput (up to 40 Gbps of IMIX firewall throughput)
  • Best suited for enterprise campus and data center edge deployments
  • Ideal for next-generation firewall deployments at the head office
  • Scalability and feature capacity meets future needs
High-quality end-user experience Application visibility and control
  • Continuous application updates provided by Juniper Threat Labs
  • Controls and prioritizes traffic based on application and use role
  • Inspects and detects applications inside SSL-encrypted traffic
Advanced threat protection  IPS, antivirus, antispam, enhanced web filtering, Juniper Advanced Threat Prevention Cloud sandboxing, Encrypted Traffic Insights, and SecIntel Threat Intelligence Feeds
  • Provides IPS capabilities and real-time updates to signatures that effectively protect against exploits, proven most effective in the industry by multiple third-party testing companies
  • Protects against malware and malicious web traffic
  • Delivers an open threat intelligence platform that  provides a single point for all operational intelligence feeds
  • Protects against zero-day attacks
  • Stops rogue and compromised devices from disseminating malware
  • Restores visibility lost due to encryption without the heavy burden of full TLS/SSL decryption
Zero-day prevention AI-Predictive Threat Prevention
  • Predicts and prevents malware at line rate by using AI to effectively identify threats from packet snippets
  • Eliminates patient-zero infections
  • Provides protection that lasts for the full attack lifecycle—not merely 24 hours—so the network is safe from reinfection from subsequent attacks
Advanced networking services Routing, secure wire
  • Supports carrier-class advanced routing and quality of service (QoS)
Highly secure IPsec VPN, Remote Access/SSL VPN
  • Provides high-performance IPsec VPN with dedicated crypto engine
  • Offers diverse VPN options for various network designs, including remote access and dynamic site-to-site communications
  • Simplifies large VPN deployments with auto VPN 
  • Includes hardware-based crypto acceleration
  • Secure and flexible remote access SSL VPN with Juniper Secure Connect
Embedded security in data center fabric EVPN-VXLAN Type 5 routes
  • Enhances tunnel inspection for VXLAN encapsulated traffic with Layer 4 to Layer 7 security services
  • Eases operations with Type 5 support through BGP
  • Does not require decapsulation of EVPN-VXLAN traffic
Highly reliable Chassis cluster, redundant power supplies
  • Provides stateful configuration and session state synchronization
  • Supports active/active and active/backup deployment scenarios
  • Offers highly available hardware with redundant power supply unit (PSU) and redundant fans
  • Delivers dedicated control and fabric link with seamless high availability
Easy to manage and scale On-box GUI, Juniper Security Director Cloud
  • Enables centralized management from Juniper’s unified management experience with unbroken visibility, zero-touch provisioning, intelligent firewall policy management and scalability, Network Address Translation (NAT), and IPsec VPN deployments
  • Includes simple, easy-to-use on-box GUI for local management
Low TCO Junos OS
  • Integrates routing and security in a single device
  • Reduces OpEx with Junos OS automation capabilities

 

SRX4100 and SRX4200 front top image

SRX4100 and SRX4200 Firewalls Specifications

Software Specifications

Firewall Services

  • Stateful firewall services
  • Zone-based firewall
  • Screens and distributed denial of service (DDoS) protection
  • Protection from protocol and traffic anomalies
  • Unified Access Control (UAC)
 

Network Address Translation (NAT)

  • Source NAT with Port Address Translation (PAT)
  • Bidirectional 1:1 static NAT
  • Destination NAT with PAT
  • Persistent NAT
  • IPv6 address translation
 

VPN Features

  • Tunnels: Site-to-site, hub and spoke, dynamic endpoint, AutoVPN, ADVPN, Group VPN (IPv4/ IPv6/Dual Stack)
  • Juniper Secure Connect: Remote access/SSL VPN
  • Configuration payload: Yes
  • IKE Encryption algorithms: Prime, DES-CBC, 3DES-CBC, AEC-CBC, AES-GCM, Suite B
  • IKE authentication algorithms: MD5, SHA-1, SHA-128, SHA-256, SHA-384
  • Authentication: Pre-shared key and public key infrastructure (PKI) (X.509)
  • IPsec: Authentication Header (AH) / Encapsulating Security Payload (ESP) protocol
  • IPsec Authentication Algorithms: hmac-md5, hmac-sha-196, hmac-sha-256
  • IPsec Encryption Algorithms: Prime, DES-CBC, 3DES-CBC, AEC-CBC, AES-GCM, Suite B
  • Perfect forward secrecy, anti-reply
  • Internet Key Exchange: IKEv1, IKEv2
  • Monitoring: Standard-based dead peer detection (DPD) support, VPN monitoring
  • VPNs GRE, IP-in-IP, and MPLS

 

High Availability Features

  • Virtual Router Redundancy Protocol (VRRP) – IPv4 and IPv6
  • Stateful high availability:
    • Dual box clustering
    • Active/passive
    • Active/active
    • Configuration synchronization
    • Firewall session synchronization
    • Device/link detection
    • In-Service Software Upgrade (ISSU)
  • IP monitoring with route and interface failover
 

Application Security Services3

  • Application visibility and control
  • Application QoS
  • Advanced/application policy-based routing (APBR)
  • Application Quality of Experience (AppQoE)
  • Application-based multipath routing
  • User-based firewall

Threat Defense and Intelligence Services3

  • Intrusion prevention system
  • Antivirus
  • Antispam
  • Category/reputation-based URL filtering
  • SSL proxy/inspection
  • Protection from botnets (command and control)
  • Adaptive enforcement based on GeoIP
  • Juniper Advanced Threat Prevention, a cloud-based SaaS offering, to detect and block zero-day attacks
  • Adaptive Threat Profiling
  • Encrypted Traffic Insights
  • SecIntel threat intelligence
  • Juniper ATP virtual Appliance, a distributed, on-premises advanced threat prevention solution to detect and block zero-day attacks
  • AI-Predictive Threat Prevention

3Offered as advanced security subscription license.

Routing Protocols

  • IPv4, IPv6, static routes, RIP v1/v2
  • OSPF/OSPF v3
  • BGP with route reflector
  • EVPN-VXLAN
  • IS-IS
  • Multicast: Internet Group Management Protocol (IGMP) v1/v2; Protocol Independent Multicast (PIM) sparse mode (SM)/source-specific multicast (SSM); Session Description Protocol (SDP); Distance Vector Multicast Routing Protocol (DVMRP); Multicast Source Discovery Protocol (MSDP); reverse path forwarding (RPF)
  • Encapsulation: VLAN, Point-to-Point Protocol over Ethernet (PPPoE)
  • Virtual routers
  • Policy-based routing, source-based routing
  • Equal-cost multipath (ECMP)

 

QoS Features

  • Support for 802.1p, DiffServ code point (DSCP), EXP
  • Classification based on VLAN, data-link connection identifier (DLCI), interface, bundles, or multifield filters
  • Marking, policing, and shaping
  • Classification and scheduling
  • Weighted random early detection (WRED)
  • Guaranteed and maximum bandwidth
  • Ingress traffic policing
  • Virtual channels

Network Services

  • Dynamic Host Configuration Protocol (DHCP) client/server/relay
  • Domain Name System (DNS) proxy, dynamic DNS (DDNS)
  • Juniper real-time performance monitoring (RPM) and IP monitoring
  • Juniper flow monitoring (J-Flow)
 

Advanced Routing Services

  • Packet Mode
  • MPLS (RSVP, LDP)
  • Circuit cross-connect (CCC), translational cross-connect (TCC)
  • L2/L2 MPLS VPN, pseudo-wires
  • Virtual private LAN service (VPLS), next-generation multicast VPN (NG-MVPN)
  • MPLS traffic engineering and MPLS fast re-route
 

Management, Automation, Logging, and Reporting

  • SSH, Telnet, SNMP
  • Smart image download
  • Juniper CLI and Web UI
  • Juniper Networks  Security Director Cloud
  • Python
  • Junos events, commit and OP scripts
  • Application and bandwidth usage reporting
  • Debug and troubleshooting tools
 

Hardware Specifications

Table 3. SRX4100 and SRX4200 Hardware Specifications
4Throughput numbers based on UDP packets and RFC2544 test methodology
5Performance, capacity and features listed are measured under ideal testing conditions. Actual results may vary based on Junos OS releases and by deployments.
6Next-Generation Data Center Firewall performance is measured with Firewall, Application Security and IPS enabled using 64KB transactions.
7Secure Web Access Firewall performance is measured with Firewall, Application Security, IPS, SecIntel, and URL Filtering enabled using 64KB transactions
Specifications SRX4100 SRX4200
Connectivity
Total onboard ports 8x1GbE/10GbE 8x1GbE/10GbE
Onboard small form-factor pluggable plus (SFP+) transceiver ports 8x1GbE/10GbE 8x1GbE/10GbE
Out-of-Band (OOB) management ports 1x1GbE 1x1GbE
Dedicated high availability (HA) ports 2x1GbE/10GbE (SFP/SFP+) 2x1GbE/10GbE (SFP/SFP+)
Console (RJ-45) 1 1
USB 2.0 ports (type A) 2 2
Memory and Storage
System memory (RAM) 64 GB 64 GB
Secondary storage (SSD) 240 GB with 1+1 RAID 240 GB with 1+1 RAID
Dimensions and Power
Form factor 1 U 1 U
Size (WxHxD) 17.48 x 1.7 x 25 in
(44.39 x 4.31 x 63.5 cm)		 17.48 x 1.7 x 25 in
(44.39 x 4.31 x 63.5 cm)
Weight (device and PSU) Chassis with two AC power supplies: 29 lb (13.15 kg)
Chassis with two DC power supplies: 28.9 lb (13.06 kg)
Chassis with package for shipping: 47.5 lb (21.54 kg)		 Chassis with two AC power supplies: 29 lb (13.15 kg)
Chassis with two DC power supplies: 28.9 lb (13.06 kg)
Chassis with package for shipping: 47.5 lb (21.54 kg)
Redundant PSU 1+1 1+1
Power supply 2x 650 W redundant
AC-DC/DC-DC PSU		 2x 650 W redundant
AC-DC/DC-DC PSU
Average power consumption 200 W 200 W
Average heat dissipation 685 BTU / hour 685 BTU / hour
Maximum current consumption 4A (for 110 V AC power)
2A (for 220 V AC power)
9A (for -48 V DC power)		 4A (for 110 V AC power)
2A (for 220 V AC power)
9A (for -48 V DC power)
Maximum inrush current 50 A by 1 AC cycle 50 A by 1 AC cycle
Environmental and Regulatory Compliance
Acoustic noise level 70 dBA 70 dBA
Airflow/cooling Front to back Front to back
Operating temperature 32° to 104° F
(0° to 40° C)		 32° to 104° F
(0° to 40° C)
Operating humidity 5% to 90% noncondensing 5% to 90% noncondensing
Meantime between failures (MTBF) 221,729 hours (about 25.3 years) 221,729 hours (about 25.3 years)
FCC classification Class A Class A
RoHS compliance RoHS 2 RoHS 2
Performance and Scale
Routing/firewall (IMIX packet size) throughput Gbps4 22.5 44
Routing/firewall (1,518 B packet size) throughput Gbps4 40 80
IPsec VPN (IMIX packet size) Gbps4 14.8 29.6
Application visibility and control in Gbps5 19.9 39.8
Recommended IPS in Gbps5 13.9 27.7
Next-generation firewall in Gbps6 9 18
Secure Web Access firewall in Gbps7 6.7 13.3
Connections per second (CPS) 250,000 500,000
Maximum security policies 60,000 60,000
Maximum concurrent sessions (IPv4 or IPv6) 5 million 10 million
Route table size (RIB/FIB) (IPv4) 2 million/1.2 million 2 million/1.2 million
IPsec tunnels 7500 7500
Number of remote access/SSL VPN (concurrent) users 7500 7500
Multitenancy (LSYS/TSYS) 32/200 32/200

 

Juniper Networks Services and Support

Juniper Networks is the leader in performance-enabling services designed to accelerate, extend, and optimize your high-performance network. Our services allow you to maximize operational efficiency while reducing costs and minimizing risk, achieving a faster time to value. Juniper Networks ensures operational excellence by optimizing the network to maintain required levels of performance, reliability, and availability. For more details, please visit https://www.juniper.net/us/en/products.html.

 

Ordering Information

To order Juniper Networks SRX Series Firewalls, and to access software licensing information, please visit the How to Buy page at https://www.juniper.net/us/en/how-to-buy/form.html.

 

About Juniper Networks

At Juniper Networks, we are dedicated to dramatically simplifying network operations and driving superior experiences for end users. Our solutions deliver industry-leading insight, automation, security and AI to drive real business results. We believe that powering connections will bring us closer together while empowering us all to solve the world’s greatest challenges of well-being, sustainability and equality.

 

1000600 - 022 - EN OCTOBER 2023