Professional Documents
Culture Documents
SRX1500 Highlights
The SRX1500 Services Gateway delivers a full complement of next-generation firewall
capabilities that use advanced application identification and classification to enable
greater visibility, enforcement, control, and protection over the network. It provides detailed
analysis on application volume and usage, fine-grained application control policies to allow
or deny traffic based on dynamic application name or group names, and prioritization of
traffic based on application information and contexts.
The SRX1500 recognizes more than 3,500 applications and nested applications in plain-
text or SSL encrypted transactions. The SRX1500 also integrates with Microsoft Active
Directory and combines user information with application data to provide network-wide
application and user visibility and control.
1
SRX1500 Services Gateway Data Sheet
For the perimeter, the SRX1500 Services Gateway offers a The SRX1500 enables agile SecOps through automation
comprehensive suite of application security services, threat capabilities that support Zero Touch Deployment, Python scripts
defenses, and intelligence services to protect networks from for orchestration, and event scripting for operational management.
the latest content-borne threats. Integrated threat intelligence
The SRX1500 Services Gateway runs Juniper Networks Junos®
via Juniper Networks Spotlight Secure offers adaptive threat
operating system, a proven, carrier-hardened network OS that
protection against command and control (C&C)-related botnets
powers the top 100 service provider networks around the world.
and policy enforcement based on GeoIP. Integrating the Juniper
The rigorously tested carrier-class routing features of IPv4/IPv6,
Networks Sky Advanced Threat Protection solution, the SRX1500
OSPF, BGP, and multicast have been proven in over 15 years of
detects and enforces automated protection against known
worldwide deployments.
malware and zero-day threats with a very high degree of accuracy.
VPN Features
SRX1500 Services Gateway Specifications • Tunnels: Generic routing encapsulation (GRE), IP-IP, IPsec
Software Specifications • Site-site IPsec VPN, auto VPN, group VPN
Firewall Services • IPsec crypto algorithms: Data Encryption Standard (DES),
• Stateful and stateless firewall triple DES (3DES), Advanced Encryption Standard (AES-
256)
• Zone-based firewall
• IPsec authentication algorithms: MD5, SHA-1, SHA-128,
• Screens and distributed denial of service (DDoS) protection
SHA-256
• Protection from protocol and traffic anomalies
• Pre-shared key and public key infrastructure (PKI) (X.509)
• Unified Access Control (UAC)
• Perfect forward secrecy, anti-reply
• IPv4 and IPv6 IPsec VPN
• Multi-proxy ID for site-site VPN
2
SRX1500 Services Gateway Data Sheet
• Internet Key Exchange (IKEv1, IKEv2), NAT-T • Marking, policing, and shaping
• Virtual router and quality-of-service (QoS) aware • Classification and scheduling
• Standard-based dead peer detection (DPD) support • Weighted random early detection (WRED)
-- Configuration synchronization • Domain Name System (DNS) proxy, dynamic DNS (DDNS)
• OSPF/OSPF v3 Connectivity
Total onboard ports 16x1GbE and 4x10GbE
• BGP with Route Reflector
Onboard RJ-45 ports 12x1GbE
• IS-IS
Onboard small form-factor pluggable
• Multicast: Internet Group Management Protocol (IGMP) 4x1GbE
(SFP) transceiver ports
v1/v2; Protocol Independent Multicast (PIM) sparse mode
Onboard SFP+ ports 4x10GbE
(SM)/dense mode (DM)/source-specific multicast (SSM);
Session Description Protocol (SDP); Distance Vector Out-of-Band (OOB) management ports 1x1GbE
Multicast Routing Protocol (DVMRP); Multicast Source Dedicated high availability (HA) ports 1x1GbE (SFP)
Discovery Protocol (MSDP); Reverse Path Forwarding (RPF) PIM slots 2
• Encapsulation: VLAN, Point-to-Point Protocol over Ethernet Console (RJ-45 + miniUSB) 1
(PPPoE)
USB 2.0 ports (type A) 1
• Virtual routers
Memory and Storage
• Policy-based routing, source-based routing System memory (RAM) 16 GB
• Equal-cost multipath (ECMP) Primary boot storage (mSATA) 16 GB
QoS Features Secondary storage (SSD) 120 GB
• Support for 802.1p, DiffServ code point (DSCP), EXP
• Classification based on VLAN, data-link connection
identifier (DLCI), interface, bundles, or multifield filters
3
SRX1500 Services Gateway Data Sheet
Dimensions and Power Route table size (RIB/FIB) (IPv4 or IPv6) 2 million / 1 million
Form factor 1U Maximum concurrent sessions 2,000,000
(IPv4 or IPv6)
Size (WxHxD) 17.5 x 1.75 x 18.2 in
(44.45 x 4.44 x 46.22 Maximum security policies 16,000
cm)
Connections per second 50,000
Weight (device and PSU) 16.1 lb (7.30 kg)
NAT rules 8,000
Redundant PSU 1+1
Media access control (MAC) table size 64,000
Power supply AC/DC (external)
IPsec VPN tunnels 2,000
Average power consumption 150 W
GRE tunnels 2,000
Average heat dissipation 614 BTU / hour
Maximum security zones 512
Maximum current consumption 8A (for AC PSU);
Maximum virtual router 512
20A (for DC PSU)
Maximum VLANs 3,900
Maximum inrush current 50A by 1 AC cycle
AppID sessions 512,000
Acoustic noise level 66.5dBA
IPS sessions 512,000
Airflow/cooling Front to back
URL filtering sessions 512,000
Operating temperature 32° to 104° F
(0° to 40° C)
Nonoperating temperature 4° to 158° F Juniper Networks Services and Support
(-20° to 70° C) Juniper Networks is the leader in performance-enabling services
Operating humidity 10% to 90% that are designed to accelerate, extend, and optimize your
noncondensing
high-performance network. Our services allow you to maximize
Nonoperating humidity 5% to 95%
noncondensing operational efficiency while reducing costs and minimizing
Meantime between failures (MTBF) 9.78 years risk, achieving a faster time to value for your network. Juniper
(85,787 hours) Networks ensures operational excellence by optimizing the
FCC classification Class A network to maintain required levels of performance, reliability,
RoHS compliance RoHS 2 and availability. For more details, please visit www.juniper.net/us/
Performance and Scale en/products-services.
Parameter SRX1500
Ordering Information
Routing/firewall (64 B packet size) Mpps 1
1.7
To order Juniper Networks SRX Series Services Gateways, and for
Routing/firewall (IMIX packet size) Gbps1 5
software licensing information, please visit the How to Buy page
Routing/firewall (1,518 B packet size) Gbps1 9
or refer to the SRX Series Ordering Guide
IPsec VPN (IMIX packet size) Gbps1 1.3
IPsec VPN (1,400 B packet size) Gbps1 4 About Juniper Networks
Application visibility and control in Gbps2 5 Juniper Networks is in the business of network innovation. From
Recommended IPS in Gbps2 3 devices to data centers, from consumers to cloud providers,
Next-generation firewall in Gbps2 1.5 Juniper Networks delivers the software, silicon and systems that
transform the experience and economics of networking. The
company serves customers and partners worldwide. Additional
1
Throughput numbers based on UDP packets and RFC2544 test methodology
information can be found at www.juniper.net.
2
Throughput numbers based on HTTP traffic with 44 KB transaction size
Copyright 2016 Juniper Networks, Inc. All rights reserved. Juniper Networks, the Juniper Networks logo, Junos
and QFabric are registered trademarks of Juniper Networks, Inc. in the United States and other countries.
All other trademarks, service marks, registered marks, or registered service marks are the property of their
respective owners. Juniper Networks assumes no responsibility for any inaccuracies in this document. Juniper
Networks reserves the right to change, modify, transfer, or otherwise revise this publication without notice.