EN
11(1)
home Products Network device Juniper

PRODUCT CATEGORIES

follow us

SRX5400, SRX5600, SRX5800 firewalls
SRX5400, SRX5600, SRX5800 firewalls
SRX5400, SRX5600, SRX5800 firewalls
SRX5400, SRX5600, SRX5800 firewalls
SRX5400, SRX5600, SRX5800 firewalls
SRX5400, SRX5600, SRX5800 firewalls

SRX5400, SRX5600, SRX5800 firewalls

share to:

The SRX5800 Firewall is the market-leading security solution supporting up to 3.36 Tbps firewall throughput and latency as low as 32 microseconds for the stateful firewall. The SRX5800 also supports 638 Gbps IPS and 338 million concurrent sessions. The SRX5800 is equipped with the full range of advanced security services and is ideally suited for securing large enterprise, hosted, or colocated data centers, service provider core and cloud provider infrastructures, and mobile operator environments. The massive performance, scalability, and flexibility of the SRX5800 make it ideal for densely consolidated processing environments, and the service density makes it ideal for cloud and managed service providers.

The SRX5600 Firewall uses the same SPCs and IOCs as the SRX5800 and can support up to 1.44 Tbps firewall throughput, 182 million concurrent sessions, and 245 Gbps IPS. The SRX5600 is ideally suited for securing enterprise data centers as well as aggregating various security solutions. The capability to support unique security policies per zone and its ability to scale with the growth of the network infrastructure make the SRX5600 an ideal deployment for consolidation of services in large enterprise, service provider, or mobile operator environments.

The SRX5400 Firewall uses the same SPCs and IOCs as the SRX5800 and can support up to 960 Gbps firewall throughput, 90 million concurrent sessions, and 172 Gbps IPS. The SRX5400 is a small footprint, high-performance firewall ideally suited for securing large enterprise campuses as well as data centers, either for edge or core security deployments. The ability to support unique security policies per zone and a compelling price/performance/footprint ratio make the SRX5400 an optimal solution for edge or data center services in large enterprise, service provider, or mobile operator environments.

Contact
Introduction Gallery Related Products

Introduction

  SRX5400 SRX5600 SRX5800
Maximum Performance and Capacity1
Junos OS version tested Junos OS 21.2 Junos OS 21.2 Junos OS 21.2
Firewall Performance, IMIX 960 Gbps 1.44 Tbps 3.36 Tbps
Maximum performance per chassis 960 Gbps 1440 Tbps 3.36 Tbps
Next-Generation Datacenter Firewall Performance2 136 Gbps 194 Gbps 504 Gbps
Secure Web Access Firewall Performance3 75 Gbps 107 Gbps 277 Gbps
Latency (stateful firewall) ~11µsec ~11µsec ~11µsec
IPsec VPN AES-256-GCM (IMIX) 188 Gbps 269 Gbps 699 Gbps
Maximum IPS performance 172 Gbps 245 Gbps 638 Gbps
Maximum concurrent sessions 91 Million 182 Million 338 Million
New sessions/second (sustained, tcp, 3way, firewall NAT) 1.7/1 Million 3.4/2 Million 6.3/4 Million
Maximum users supported Unrestricted Unrestricted Unrestricted
Network Connectivity
IOC4 options (SRX5K-IOC4-MRAT; SRX5K-IOC4-10G) 40x1GbE SFP+ and 40x10GbE SFP+ or 12xQSFP+/QSFP28 multirate
IOC3 options (SRX5K-MPC3-100G10G; SRX5K-MPC3-40G10G) 2x100GbE CFP2 and 4x10GbE SFP+ or 6x40GbE QSFP+ and 24x10GbE SFP+
Firewall
Network attack detection Yes Yes Yes
DoS and distributed denial of service (DDoS) protection Yes Yes Yes
TCP reassembly for fragmented packet protection Yes Yes Yes
Brute force attack mitigation Yes Yes Yes
SYN cookie protection Yes Yes Yes
Zone-based IP spoofing Yes Yes Yes
Malformed packet protection Yes Yes Yes
IPsec VPN 
Site-to-site tunnels 15,000 15,000 15,000
Tunnel interfaces 15,000 15,000 15,000
Number of remote access / SSL VPN (concurrent) users 25,000 40,000 50,000
Tunnels Site-to-Site, Hub and Spoke, Dynamic Endpoint, AutoVPN, ADVPN, Group VPN (IPv4 / IPv6 / Dual Stack)
 Internet Key Exchange IKEv1, IKEv2
Configuration Payload Yes Yes Yes
IKE Authentication Algorithms MD5, SHA1, SHA-256, SHA-384, SHA-512
IKE Encryption Algorithms Prime, DES-CBC, 3DES-CBC, AEC-CBC, AES-GCM, SuiteB
Authentication Pre-shared key and public key infrastructure (PKI X.509)
IPsec (Internet Protocol Security) Authentication Header (AH) / Encapsulating Security Payload (ESP) protocol
Perfect forward secrecy Yes
IPsec Authentication Algorithms hmac-md5, hmac-sha-196, hmac-sha-256, hmac-sha-384, hmac-sha-512
IPsec Encryption Algorithms Prime, DES-CBC, 3DES-CBC, AEC-CBC, AES-GCM, SuiteB
Monitoring Standard-based Dead peer detection (DPD), VPN monitoring
Prevent replay attack Yes Yes Yes
VPNs (GRE, IP-in-IP, MPLS) Yes Yes Yes
Redundant VPN gateways Yes Yes Yes
Intrusion Prevention System (IPS)
Signature-based and customizable (via templates) Yes Yes Yes
Active/active traffic monitoring Yes Yes Yes
Stateful protocol signatures Yes Yes Yes
Attack detection mechanisms Stateful signatures, protocol anomaly detection (zero-day coverage), application identification Stateful signatures, protocol anomaly detection (zero-day coverage), application identification Stateful signatures, protocol anomaly detection (zero-day coverage), application identification
Attack response mechanisms Drop connection, close connection, session packet log, session summary, e-mail Drop connection, close connection, session packet log, session summary, e-mail Drop connection, close connection, session packet log, session summary, e-mail
Attack notification mechanisms Structured system logging Structured system logging Structured system logging
Worm protection Yes Yes Yes
Simplified installation through recommended policies Yes Yes Yes
Trojan protection Yes Yes Yes
Spyware/adware/keylogger protection Yes Yes Yes
Advanced malware protection Yes Yes Yes
Protection against attack proliferation from infected systems Yes Yes Yes
Reconnaissance protection Yes Yes Yes
Request and response side attack protection Yes Yes Yes
Compound attacks—combines stateful signatures and protocol anomalies Yes Yes Yes
Custom attack signatures creation Yes Yes Yes
Contexts accessible for customization 600+ 600+ 600+
Attack editing (port range, other) Yes Yes Yes
Stream signatures Yes Yes Yes
Protocol thresholds Yes Yes Yes
Stateful protocol signatures Yes Yes Yes
Frequency of updates Daily and emergency Daily and emergency Daily and emergency
Content Security
Antivirus Yes Yes Yes
Content filtering Yes Yes Yes
Enhanced Web filtering Yes Yes Yes
Redirect Web filtering Yes Yes Yes
Antispam Yes Yes Yes
AppSecure
AppTrack (application visibility and tracking) Yes Yes Yes
AppFirewall (policy enforcement by application name) Yes Yes Yes
AppQoS (network traffic prioritization by application name) Yes Yes Yes
User-based application policy enforcement Yes Yes Yes
GPRS Security
GPRS stateful firewall Yes Yes Yes
Destination Network Address Translation
Destination NAT with Port Address Translation (PAT) Yes Yes Yes
Destination NAT within same subnet as ingress interface IP Yes Yes Yes
Destination addresses and port numbers to one single address and a specific port number (M:1P) Yes Yes Yes
Destination addresses to one single address (M:1) Yes Yes Yes
Destination addresses to another range of addresses (M:M) Yes Yes Yes
Source Network Address Translation
Static Source NAT—IP-shifting Dynamic Internet Protocol (DIP) Yes Yes Yes
Source NAT with PAT—port translated Yes Yes Yes
Source NAT without PAT—fix port Yes Yes Yes
Source NAT—IP address persistency Yes Yes Yes
Source pool grouping Yes Yes Yes
Source pool utilization alarm Yes Yes Yes
Source IP outside of the interface subnet Yes Yes Yes
Interface source NAT—interface DIP Yes Yes Yes
Oversubscribed NAT pool with fallback to PAT when the address pool is exhausted Yes Yes Yes
Symmetric NAT Yes Yes Yes
Allocate multiple ranges in NAT pool Yes Yes Yes
Proxy Address Resolution Protocol (ARP) for physical port Yes Yes Yes
Source NAT with loopback grouping—DIP with loopback grouping Yes Yes Yes
User Authentication and Access Control
Built-in (internal) database Yes Yes Yes
RADIUS accounting Yes Yes Yes
Web-based authentication Yes Yes Yes
Public Key Infrastructure (PKI) Support
PKI certificate requests (PKCS 7, PKCS 10, and CMPv2) Yes Yes Yes
Automated certificate enrollment (SCEP) Yes Yes Yes
Certificate authorities supported Yes Yes Yes
Self-signed certificates Yes Yes Yes
Virtualization
Maximum custom routing instances with data plane separation 2000 2000 2000
Maximum security zones 2000 2000 2000
Maximum virtual firewalls with data plane and administrative separation (logical/tenant systems) 500 500 500
Additional off-platform virtual firewall option with Juniper Networks vSRX Virtual Firewall (VM based) Unlimited Unlimited Unlimited
Maximum number of VLANs 4096 4096 4096
Routing
BGP instances 1000 1000 1000
BGP peers 2000 2000 2000
BGP routes 1 Million 1 Million 1 Million
OSPF instances 400 400 400
OSPF routes 1 Million 1 Million 1 Million
RIP v1/v2 instances 50 50 50
RIP v2 table size 30,000 30,000 30,000
Dynamic routing Yes Yes Yes
Static routes Yes Yes Yes
Source-based routing Yes Yes Yes
Policy-based routing Yes Yes Yes
Equal cost multipath (ECMP) Yes Yes Yes
Reverse path forwarding (RPF) Yes Yes Yes
Multicast Yes Yes Yes
IPv6
Firewall/stateless filters Yes Yes Yes
Dual-stack IPv4/IPv6 firewall Yes Yes Yes
RIPng Yes Yes Yes
BFD, BGP Yes Yes Yes
ICMPv6 Yes Yes Yes
OSPFv3 Yes Yes Yes
Class of service (CoS) Yes Yes Yes
Mode of Operation
Layer 2 (transparent) mode Yes Yes Yes
Layer 3 (route and/or NAT) mode Yes Yes Yes
IP Address Assignment
Static Yes Yes Yes
Dynamic Host Configuration Protocol (DHCP) Yes Yes Yes
Internal DHCP server Yes Yes Yes
DHCP relay Yes Yes Yes
Traffic Management Quality of Service (QoS)
Maximum bandwidth Yes Yes Yes
RFC2474 IP Diffserv in IPv4 Yes Yes Yes
Firewall filters for CoS Yes Yes Yes
Classification Yes Yes Yes
Scheduling Yes Yes Yes
Shaping Yes Yes Yes
Intelligent Drop Mechanisms (WRED) Yes Yes Yes
Three-level scheduling Yes Yes Yes
Weighted round robin for each level of scheduling Yes Yes Yes
Priority of routing protocols Yes Yes Yes
Traffic management/policing in hardware Yes Yes Yes
High Availability (HA)
Active/passive, active/active Yes Yes Yes
Unified in-service software upgrade (unified ISSU) Yes Yes Yes
Configuration synchronization Yes Yes Yes
Session synchronization for firewall and IPsec VPN Yes Yes Yes
Session failover for routing change Yes Yes Yes
Device failure detection Yes Yes Yes
Link and upstream failure detection Yes Yes Yes
Dual control links Yes Yes Yes
Interface link aggregation/Link Aggregation Control Protocol (LACP) Yes Yes Yes
Redundant fabric links Yes Yes Yes
Management
WebUI (HTTP and HTTPS) Yes Yes Yes
Command line interface (console, telnet, SSH) Yes Yes Yes
Juniper Security Director Cloud Yes Yes Yes
Administration
Local administrator database support Yes Yes Yes
External administrator database support Yes Yes Yes
Restricted administrative networks Yes Yes Yes
Root admin, admin, and read-only user levels Yes Yes Yes
Software upgrades Yes Yes Yes
Configuration rollback Yes Yes Yes
Logging/Monitoring
Structured syslog Yes Yes Yes
SNMP (v2 and v3) Yes Yes Yes
Traceroute Yes Yes Yes
Certifications
Safety certifications Yes Yes Yes
Electromagnetic Compatibility (EMC) certifications Yes Yes Yes
RoHS2 Compliant (European Directive 2011/65/EU) Yes Yes Yes
NIST FIPS-140-2 Level 2 Yes Yes Yes
Common Criteria NDPP+TFFW EP + VPN EP Yes Yes Yes
USGv6 Yes Yes Yes
Dimensions and Power
Dimensions (W x H x D) 17.45 x 8.7 x 24.5 in 17.5 x 14 x 23.8 in 17.5 x 27.8 x 23.5 in
(44.3 x 22.1 x 62.2 cm) (44.5 x 35.6 x 60.5 cm) (44.5 x 70.5 x 59.7 cm)
Weight Fully configured 128 lb Fully Configured: 180 lb Fully Configured: 334 lb
(58.1 kg) (81.7 kg) (151.6 kg)
Power supply (AC) 100 to 240 VAC 100 to 240 VAC 200 to 240 VAC
Power supply (DC) -40 to -60 VDC -40 to -60 VDC -40 to -60 VDC
Maximum power 4,100 watts 4,100 watts (AC high capacity) 8,200 watts (AC high capacity)
(AC high capacity)
Typical Power 1540 watts 2440 watts 5015 watts, 10200 Watts (AC/DC), 200-305 VAC, 200-410 VDC
Environmental
Operating temperature – long term 41° to 104° F (5° to 40° C) 41° to 104° F (5° to 40° C) 41° to 104° F (5° to 40° C
Humidity – long term 5% to 85% noncondensing 5% to 85% noncondensing 5% to 85% noncondensing
Humidity – short term 5% to 93% noncondensing but not to exceed 0.026 kg water/kg of dry air 5% to 93% noncondensing but not to exceed 0.026 kg water/kg of dry air 5% to 93% noncondensing but not to exceed 0.026 kg water/kg of dry air
WeChat
Hover Image
WhatsApp Skype