The document is a datasheet describing the Juniper Networks SRX3400 and SRX3600 Services Gateways. The SRX3400 and SRX3600 are next-generation security platforms that deliver high performance and scalability through a modular design. They are suited for securing enterprise, public sector, and service provider networks. The platforms use flexible processing cards and I/O cards to scale performance and ports based on network requirements.
SoftLayer provides global, on-demand data center and hosting services from facilities across the U.S. We leverage best-in-class connectivity and technology to innovate industry leading, fully automated solutions that empower enterprises with complete access, control, security, and scalability.
The Meraki MR16 is an enterprise class, dual-concurrent 802.11n
access point designed for high-density deployments in large offices,
schools, hospitals, hotels and large retail stores. The MR16 features
dual-concurrent, dual-band operation and advanced 802.11n
technologies such as MIMO and beam forming, delivering the high
throughput and reliable coverage required by the most demanding
business applications like voice and video.
SoftLayer provides global, on-demand data center and hosting services from facilities across the U.S. We leverage best-in-class connectivity and technology to innovate industry leading, fully automated solutions that empower enterprises with complete access, control, security, and scalability.
The Meraki MR16 is an enterprise class, dual-concurrent 802.11n
access point designed for high-density deployments in large offices,
schools, hospitals, hotels and large retail stores. The MR16 features
dual-concurrent, dual-band operation and advanced 802.11n
technologies such as MIMO and beam forming, delivering the high
throughput and reliable coverage required by the most demanding
business applications like voice and video.
Ronnie Scott
Consulting CSE
Presented at the Cybera/CANARIE National Summit 2009, as part of the session "What's Next: Key Areas of Emerging Cyberinfrastructure."
This session explored some of the up-and-coming areas of cyberinfrastructure and why they are increasingly being considered as essential elements to innovative research and development.
Alvarion is answering carrier’s needs for a complete, end-to-end WiMAX solution for personal broadband services by leveraging its advanced base station, BreezeMAX, while incorporating IP mobility core components
and a wide range of end user devices to create its 4Motion™ solution.
Cisco Catalyst 2960-X, 2960-CX, and 3560-CX Platforms - The Greenest Catalyst...Cisco Enterprise Networks
Cisco Catalyst 2960-X, 2960-CX, and 3560-CX Series Switches reduce TOC in a unique way by lowering power
consumption by up to 82 percent, with power usage reduced to 6.3W from 33.1W in the Cisco Catalyst 2960X-
24TD-L Switch when in hibernation mode, for example. Other models in the Cisco Catalyst 2960-X, 2960-CX, and
3560-CX Series Switches show significant power savings with the use of Cisco EnergyWise hibernation mode and
Energy Efficient Ethernet (EEE). These are the greenest Cisco Catalyst switches ever.
Ronnie Scott
Consulting CSE
Presented at the Cybera/CANARIE National Summit 2009, as part of the session "What's Next: Key Areas of Emerging Cyberinfrastructure."
This session explored some of the up-and-coming areas of cyberinfrastructure and why they are increasingly being considered as essential elements to innovative research and development.
Alvarion is answering carrier’s needs for a complete, end-to-end WiMAX solution for personal broadband services by leveraging its advanced base station, BreezeMAX, while incorporating IP mobility core components
and a wide range of end user devices to create its 4Motion™ solution.
Cisco Catalyst 2960-X, 2960-CX, and 3560-CX Platforms - The Greenest Catalyst...Cisco Enterprise Networks
Cisco Catalyst 2960-X, 2960-CX, and 3560-CX Series Switches reduce TOC in a unique way by lowering power
consumption by up to 82 percent, with power usage reduced to 6.3W from 33.1W in the Cisco Catalyst 2960X-
24TD-L Switch when in hibernation mode, for example. Other models in the Cisco Catalyst 2960-X, 2960-CX, and
3560-CX Series Switches show significant power savings with the use of Cisco EnergyWise hibernation mode and
Energy Efficient Ethernet (EEE). These are the greenest Cisco Catalyst switches ever.
Biytc is USA based service provider of all kind of cisco products like routers, switches, cloud services, wireless networks. Increase the power of network and optimize on a single platform, while gaining a superior user experience.
A breakthrough campus core switch that extends intelligence from the edge to the core.
The Aruba 8400 campus core and aggregation switch series provide a game-changing solution, offering a flexible and innovative approach to dealing with the new application, security and scalability demands of the mobile-cloud and IoT era.
Combines a modern, fully programmable OS with carrier-grade hardware, leading performance, and incorporates the industry-first Network Analytics Engine to monitor and troubleshoot network, system, application and security related issues easily.
By enabling faster automation and network insights, the operating system reduces the time spent on manual tasks and addresses current and future demands driven by Mobility and IoT.
Switch Cisco Catalyst 9300 Datasheet (2022).pdfSAM Romania
Cisco® Catalyst® 9300 Series switches are Cisco’s lead stackable enterprise access switching platform and as part of the Catalyst 9000 family, are build to transform your network to handle a hybrid world where the workplace is anywhere, endpoints could be anything, and applications are hosted all over the place.Datasheet.
https://www.sam-romania.ro/
Follow các Trang của Sunmedia Corporation để cập nhật những Video, CTKM và bản tin công nghệ mới nhất từ chúng tôi.
﹏﹏﹏﹏﹏﹏﹏﹏﹏﹏﹏﹏﹏﹏﹏﹏﹏﹏﹏﹏﹏
● Website : www.smediavn.com
● Youtube : www.youtube.com/c/smediavncorp
● Google+ : www.google.com/+Smediavncorp
● Facebook : www.facebook.com/smediavncorp
﹏﹏﹏﹏﹏﹏﹏﹏﹏﹏﹏﹏﹏﹏﹏﹏﹏﹏﹏﹏﹏
Hotline: 1900636437
Email: marketing@smediavn.com
Network Configuration Example: Deploying Scalable Services on an MX Series Ro...Juniper Networks
This document provides information about scalable services available on your Juniper Networks® MX Series 3D Universal Edge Router. Scalable services help you reduce operational and capital overhead. This document explains multiple services that run on the MX Series router, such as PPPoE subscribers, carrier grade NAT (CGN) with dual-stack lite (DS-Lite) subscribers, and dynamic application awareness with deep packet inspection (DPI).
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Removing Uninteresting Bytes in Software FuzzingAftab Hussain
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.
Essentials of Automations: The Art of Triggers and Actions in FMESafe Software
In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation.
We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios.
Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
Climate Impact of Software Testing at Nordic Testing DaysKari Kakkonen
My slides at Nordic Testing Days 6.6.2024
Climate impact / sustainability of software testing discussed on the talk. ICT and testing must carry their part of global responsibility to help with the climat warming. We can minimize the carbon footprint but we can also have a carbon handprint, a positive impact on the climate. Quality characteristics can be added with sustainability, and then measured continuously. Test environments can be used less, and in smaller scale and on demand. Test techniques can be used in optimizing or minimizing number of tests. Test automation can be used to speed up testing.
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
Srx3000
1. DATASHEET
SRX3400 AND
SRX3600 SERVICES
GATEWAYS
Product Description
Product Overview
Juniper Networks® SRX3400 Services Gateway and SRX3600 Services Gateway are next-
generation security platforms that deliver market-leading performance, scalability and
Juniper Networks SRX3000 line of
service integration in a mid-sized form factor. These devices are ideally suited for medium
services gateways is the next-generation
to large enterprise, public sector and service provider networks, including:
solution for securing the ever-increasing
network infrastructure and applications • Enterprise server farms/data centers
requirements for both enterprise and • Securing mobile operator environments
service provider environments. Designed • Aggregation of departmental or segmented security solutions
from the ground up to provide flexible • Cloud and hosting provider data centers
processing scalability, I/O scalability, • Managed services deployments
and high integration, the SRX3000 Based on an innovative mid-plane design and Juniper’s dynamic services architecture,
line can meet the network and security the SRX3000 line resets the bar in price/performance for enterprise and service
requirements of data center hyper- provider environments. Each services gateway can support near linear scalability with
consolidation, rapid managed services each additional Services Processing Card (SPC), enabling the SRX3600 to support up
deployments, and aggregation of to 30 Gbps of firewall throughput. The SPCs are designed to support a wide range of
security solutions. Incorporating the services enabling future support of new capabilities without the need for service-specific
routing heritage and service provider hardware. Using SPCs on all services ensures that there are no idle resources based on
reliability of Junos OS with the rich specific services in operation—maximizing hardware utilization.
security heritage of ScreenOS, the
Market leading flexibility and price/performance of the SRX3000 line comes from the
SRX3000 line offers the high-feature/
modular architecture. Based on Juniper’s dynamic services architecture, the gateway
service integration necessary to secure
can be equipped with a flexible number of I/O cards (IOCs), network processing cards
modern network infrastructure and
(NPCs) and service processing cards (SPCs)—allowing the system to be configured to
applications.
support the ideal balance of performance and port density enabling each deployment
of the Juniper Networks SRX Series Services Gateways to be tailored to specific network
requirements. With this flexibility, the SRX3600 can be configured to support more than
100 Gbps interfaces with choices of Gigabit Ethernet or 10-Gigabit Ethernet ports; firewall
performance from 10 to 30 Gbps; and services processing to match specific business needs.
The switch fabric employed in the SRX3000 line enables the scalability of SPCs, NPCs
and IOCs. Supporting up to 320 Gbps of data transfer, the fabric enables the realization
of maximum processing and I/O capability available in any particular configuration. This
level of scalability and flexibility facilitates future expansion and growth of the network
infrastructure, providing unrivaled investment protection.
1
2. The flexibility of the SRX3000 line extends beyond the innovation SRX3000 Line Service Processing Cards*
and proven benefit of the dynamic services architecture. Enabling As the “brains” behind the SRX3000 line, SPCs are designed to
the installation of SPCs on both the front and the back of the process all available services on the platform. By eliminating the
SRX3000 line, the mid-plane design delivers market-leading need for dedicated hardware for specific services or capabilities,
flexibility and scalability. By doubling the number of SPCs there are no instances in which any piece of hardware is taxed
supported in half the rack space needed, the SRX3000 line offers to the limit while other hardware sits idle. SPCs are designed
not only underlying architectural innovation but also an innovative to be pooled together, allowing the SRX3000 line to expand
physical design. performance and capacities with the introduction of additional
The tight service integration on SRX Series Services Gateways SPCs, drastically reducing management overhead and complexity.
is enabled by Juniper Networks Junos® operating system. By The same SPCs are supported on both the SRX3600 and
combining the routing heritage of Junos OS and the security SRX3400. (Note: A minimum of one NPC and one SPC is required
heritage of ScreenOS®, the SRX Series Services Gateways are for proper system functionality.)
equipped with a robust list of features that include firewall,
intrusion prevention system (IPS), denial of service (DoS),
SRX3000 Line I/O Cards*
application security, Network Address Translation (NAT), and In addition to supporting an ideal mix of built-in copper, small
quality of service (QoS). In addition, incorporating multiple form-factor pluggable transceiver (SFP) and high availability (HA)
networking and security services under a single OS greatly ports, the SRX3000 line allows the greatest I/O port density of any
optimizes the flow of traffic through the platform. With Junos OS, comparable offering in the same class. Each services gateway in
the SRX Series enjoys the benefit of a single source OS, single the SRX3000 line can be equipped with one or several IOCs, each
release train, and one architecture that is also available across supporting either 16-gigabit interfaces (16 x 1 copper or fiber Gigabit
Juniper’s carrier-class routers and switches. Ethernet), or 20-gigabit interfaces (2 x 10 Gigabit XFP Ethernet).
With the flexibility to provide multiple IOCs, the SRX3000 line can
SRX3600 be equipped to support an ideal balance between interfaces and
The SRX3600 Services Gateway is a market-leading security processing capabilities. (Note: A minimum of one NPC and one SPC
solution supporting up to 30 Gbps firewall, 10 Gbps firewall is required for proper system functionality.)
and IPS, or 10 Gbps of IPsec VPN along with up to 175,000 new
connections per second. Equipped with the full range of security
SRX3000 Line Network Processing Cards*
services, the SRX3600 is ideally suited for securing medium to To ensure maximum processing performance and flexibility, the
large enterprise data centers, hosted or co-located data centers, SRX3000 line utilizes NPCs to distribute inbound and outbound
or securing next-generation enterprise services/applications. It traffic to the appropriate SPCs and IOCs, apply QoS, and
can also be deployed to secure cloud provider infrastructures enforce DoS/distributed denial of service (DDoS) protections.
where multi-tenancy is a requirement or to secure mobile The SRX3600 can be configured to support one to three NPCs,
operator environments. The scalability and flexibility of the while the SRX3400 can be configured to support one or two
services gateway makes it ideal for consolidating legacy security NPCs. Providing additional NPCs to the SRX3000 line allows
appliances in densely populated data centers, and the service organizations to tailor the solution to fit their specific performance
density makes it ideal for cloud or mobile providers. The SRX3600 requirements. (Note: A minimum of one NPC and one SPC is
Services Gateway is managed by Juniper Networks Network and required for proper system functionality.)
Security Manager; the single application used to manage all *The Juniper Networks SRX3000 line utilizes the same market
Juniper Networks firewall, IPS, Secure Sockets Layer (SSL), Juniper leading, high-performance dynamic architecture as the SRX5000
Networks Unified Access Control (UAC), and EX Series Ethernet line, but in a mid-plane form factor. The SRX3000 line SPCs, IOCs,
Switch products. and NPCs are based on a common form-factor module (CFM)
design and are not compatible with the SRX5000 line. Likewise, all
SRX3400 SRX5000 line modules are not compatible with the SRX3000 line.
The SRX3400 Services Gateway uses the same SPCs, IOCs and
NPCs as the SRX3600 and can support up to 20 Gbps firewall,
6 Gbps firewall and IPS, or 6 Gbps of IPsec VPN, along with up
to 175,000 new connections per second. The SRX3400 is ideally
suited for securing and segmenting enterprise data centers/
network infrastructure as well as aggregation of various security
solutions. The capability to support unique security policies per
zones and its ability to scale with the growth of the network
makes the SRX3400 an ideal deployment for small to midsized
server farms , hosting sites, or mobile operators. The SRX3400
Services Gateway is also managed by Juniper Networks Network
and Security Manager.
2
3. Features and Benefits
Networking and Security
The SRX3000 line has been designed from the ground up to offer robust networking and security services.
FeatuReS FeatuRe DeSCRIPtION BeNeFItS
Purpose-built platform Built from the ground up on dedicated hardware— Delivers unrivaled performance and flexibility to protect
designed for networking and security services. high-speed network environments.
Scalable performance Offers scalable processing based on the Dynamic Services Provides a simple and cost-effective solution to leverage
Architecture. new services with appropriate processing.
System and network Provides carrier-class hardware design and proven OS. Offers reliability needed for any critical high-speed
resiliency network deployments.
High availability (HA) Active/passive and active/active HA configurations using Achieve availability and resiliency necessary for critical
dedicated HA-control interfaces. networks.
Interface flexibility Offers flexible I/O options including on-board ports and Offers flexible I/O configuration and independent I/O
modular CFM I/O cards. scalability to meet the port density requirements of
multiple network environments.
Network segmentation Provides security zones, VLANs, and virtual routers that Features the capability to tailor unique security and
allow administrators to deploy security policies to isolate networking policies for various internal, external, and DMZ
guests and regional servers or databases. subgroups.
Robust routing engine Dedicated routing engine that provides physical and Enables deployment of consolidated routing and
logical separation to data and control planes. security devices, as well as ensuring the security of
routing infrastructure—all via a dedicated management
environment.
Comprehensive threat Tightly integrated services on Junos OS including multi- Offers unmatched integration, ensuring network security
protection gigabit firewall, IPsec VPN, IPS, DoS, application security, against all level of attacks.
and other networking and security services.
Stateful GPRS inspection Support for GPRS firewall in mobile operator networks. Enables the SRX3000 line to provide stateful firewall
capabilities for protecting key GPRS nodes within mobile
operator networks.
Role-based/identity-based Secure access to data center resources via tight Enables user- and identity-based security services for
access control enforcement integration of Juniper Networks Unified Access Control enterprise data centers by integrating the SRX3000 line
and SRX3000 line. with the standards-based access control capabilities of
Juniper Networks Unified Access Control.
traffic Inspection Methods
The SRX Series supports various detection methods to accurately identify the application and traffic flow through the network.
FeatuReS FeatuRe DeSCRIPtION BeNeFItS
Protocol anomaly detection Protocol usage against published RFCs is verified to detect Proactively protect network from undiscovered
any violations or abuse. vulnerabilities.
Traffic anomaly detection Heuristic rules detect unexpected traffic patterns that may Proactively prevent reconnaissance activities or block
suggest reconnaissance or attacks. DDoS attacks.
IP spoofing detection Validate IP addresses by checking allowed addresses Permit only authentic traffic while blocking disguised
inside and outside the network. sources.
DoS detection Protection against SYN flood, IP, ICMP, and application Protect your key network assets from being overwhelmed
attacks. by denial of service attacks.
3
4. appSecure
Juniper Networks AppSecure is a suite of next-generation security capabilities that utilize advanced application identification and
classification to deliver greater visibility, enforcement, control and protection over the network.
FeatuReS FeatuRe DeSCRIPtION BeNeFItS
AppTrack Detailed analysis on application volume/usage throughout Provides the ability to track application usage to help
the network based on bytes, packets and sessions. identify high-risk applications and analyze traffic patterns
for improved network management and control.
AppFW Fine grained application control policies to allow or deny Enhances security policy creation and enforcement based
traffic based on dynamic application name or group on applications and user roles rather than traditional port
names. and protocol analysis.
AppQoS* Set prioritization of traffic based on application Provides the ability to prioritize traffic as well as limit and
information and contexts. shape bandwidth based on application information and
contexts for improved application and overall network
performance.
AppDoS Multi-stage detection methods used to identify and Prevent service disruptions due to targeted attacks at
mitigate distributed denial of service attacks targeting applications by filtering and blocking malicious traffic
applications. while allowing legitimate traffic.
Application signatures More than 700 signatures for identifying applications and Applications are accurately identified and the resulting
nested applications. information can be used for visibility, enforcement, control
and protection.
SSL inspection Inspection of HTTP traffic encrypted in SSL on any TCP/ Combined with application identification, provides
UDP port. visibility and protection against threats embedded in SSL
encrypted traffic.
IPS Capabilities
Juniper Networks IPS capabilities offer several unique features that assure the highest level of network security.
FeatuReS FeatuRe DeSCRIPtION BeNeFItS
Stateful signature Signatures are applied only to relevant portions of the Minimize false positives and offer flexible signature
inspection network traffic determined by the appropriate protocol development.
context.
Protocol decodes More than 65 protocol decodes are supported along Accuracy of signatures is improved through precise
with more than 500 contexts to enforce proper usage of contexts of protocols.
protocols.
Signatures1 There are more than 6,000 signatures for identifying Attacks are accurately identified and attempts at
anomalies, attacks, spyware, and applications. exploiting a known vulnerability are detected.
Traffic normalization Reassembly, normalization, and protocol decoding are Overcome attempts to bypass other IPS detections by
provided. using obfuscation methods.
Zero-day protection Protocol anomaly detection and same-day coverage for Your network is already protected against any new
newly found vulnerabilities are provided. exploits.
Recommended policy Group of attack signatures are identified by Juniper Installation and maintenance are simplified while ensuring
Networks Security Team as critical for the typical the highest network security.
enterprise to protect against.
Active/active traffic IPS monitoring on active/active SRX3000 line chassis Support for active/active IPS monitoring including
monitoring clusters. advanced features such as low impact chassis cluster
upgrades.
As of May 2010, there are 6,200 signatures with approximately 10 new signatures added every week. Subscription to signature update service is required to receive new signatures.
1
*AppQoS is targeted for 2H2011
4
5. Centralized Management
Network and Security Manager—the common management solution for all Juniper Networks firewall, IDP Series, SA Series SSL VPN
Appliances, UAC, and EX Series—manages the SRX Series Services Gateways.
FeatuReS FeatuRe DeSCRIPtION BeNeFItS
Role-based administration More than 100 different activities can be assigned as Streamline business operations by logically separating
unique permissions for different administrators. and enforcing roles of various administrators.
Scheduled security update SRX Series Services Gateways can be automatically Get up-to-the-minute security coverage without manual
updated with new attack objects/signatures. intervention.
Domains Logical separation of devices, policies, reports, and other Conform to business operations by grouping devices
management activities are permitted. based on business practices.
Object locking Safe concurrent modification to the management settings Avoid incorrect configuration due to overwritten
is allowed. management settings.
Scheduled database Automatic backup of NSM database is provided. Provide configuration redundancy.
backup
Job manager View pending and completed jobs. Simplify update of multiple devices.
SRX3400 SRX3600
5
6. Specifications
SRX3400 SRX3600
Maximum Performance and Capacity 2
Tested configuration to achieve performance, capacities and features listed below:
SRX3400 chassis equipped with four (4) SPCs, one (1) IOC, two (2) NPCs, and AC power supplies
SRX3600 chassis equipped with seven (7) SPCs, two (2) IOCs, three (3) NPCs, and AC power supplies
Junos OS version tested Junos OS 10.4 Junos OS 10.4
Firewall performance (max) 20 Gbps 30 Gbps
Firewall performance (IMIX) 8 Gbps 18 Gbps
Firewall packets per second (64 bytes) 3 Mpps 6/6.5 Mpps5
Maximum AES256+SHA-1 VPN performance 6 Gbps 10 Gbps
Maximum 3DES+SHA-1 VPN performance 6 Gbps 10 Gbps
Maximum IPS performance (NSS 4.2.1) 6 Gbps 10 Gbps
Maximum AppTrack performance 16 Gbps 25 Gbps
Maximum concurrent sessions 2.25/3 million5 2.25/6 million5
New sessions/second, (sustained, TCP, three-way) 175,000 175,000/300,0005
Maximum security policies 40,000 40,000
Maximum user supported Unrestricted Unrestricted
Network Connectivity
Fixed I/O 8 10/100/1000 + 4 SFP 8 10/100/1000 + 4 SFP
16 x 1 10/100/1000 copper 16 x 1 10/100/1000 copper
LAN interface options 16 x 1-Gigabit Ethernet SFP 16 x 1-Gigabit Ethernet SFP
2 x 10-Gigabit Ethernet XFP 2 x 10-Gigabit Ethernet XFP
Maximum available slots for IOCs Four (front slots) Six (front slots)
Processing Scalability
Up to four SPCs supported per chassis4 Up to seven SPCs supported per chassis
Maximum available slots for SPCs3
(any slot) (any slot)
Up to two NPCs supported per chassis4 Up to three NPCs supported per chassis
Maximum available slots for NPCs3
(three rear slots) (three rear-right slots)
Firewall
Network attack detection Yes Yes
DoS and DDoS protection Yes Yes
TCP reassembly for fragmented packet protection Yes Yes
Brute-force attack mitigation Yes Yes
SYN cookie protection Yes Yes
Zone-based IP spoofing Yes Yes
Malformed packet protection Yes Yes
IPsec VPN
Site-to-site tunnels 10,000 10,000
Tunnel interfaces 10,000 10,000
DES (56-bit), 3DES (168-bit), and AES encryption Yes Yes
MD5 and SHA-1 authentication Yes Yes
Manual key, IKE, PKI (X.509) Yes Yes
Perfect forward secrecy (DH groups) 1,2,6 1,2,6
Prevent replay attack Yes Yes
Remote access VPN Yes Yes
Redundant VPN gateways Yes Yes
2
Performance, capacity, and features listed are based upon systems running Junos OS 10.4 and are measured under ideal testing conditions. Actual results may vary based on Junos OS releases and
by deployment. For a complete list of supported Junos OS versions for the SRX Series Services Gateways, please visit the Juniper Customer Support Center (www.juniper.net/customers/support/).
3
Each SRX3000 line of Services Gateways employ multiple common form-factor module (CFM) expansion slots on the front and rear of the chassis to allow custom configurations of I/O and
processing capacities based on customer requirements. SPCs and NPCs are supported on all available CFM slots. However, for proper system functionality and allowing for I/O expansion, the
SRX3400 supports a maximum of up to four SPCs and two NPCs per chassis, and the SRX3600 supports a maximum of up to seven SPCs and three NPCs per chassis. Please refer to the respective
hardware guides for more information on SPCs and NPCs as well as for guidelines on placements.
4
Refer to user guide for guidelines when using DC power supplies.
5
Additional Extreme License required for 3 million and 6 million sessions.
6
7. SRX3400 SRX3600
Intrusion Prevention System
Modes of operation: In-line and in-line tap Yes Yes
Active/active traffic monitoring Yes Yes
Stateful protocol signatures Yes Yes
Stateful signatures, protocol anomaly Stateful signatures, protocol anomaly
Attack detection mechanisms detection (zero-day coverage), application detection (zero-day coverage), application
identification identification
Drop connection, close connection, session Drop connection, close connection, session
Attack response mechanisms packet log, session summary, email, packet log, session summary, email,
custom session custom session
Attack notification mechanisms Structured Syslog Structured Syslog
Worm protection Yes Yes
Simplified installation through recommended policies Yes Yes
Trojan protection Yes Yes
Spyware/adware/keylogger protection Yes Yes
Other malware protection Yes Yes
Application denial of service protection Yes Yes
Protection against attack proliferation from infected systems Yes Yes
Reconnaissance protection Yes Yes
Request and response-side attack protection Yes Yes
Compound attacks—combines stateful signatures and protocol anomalies Yes Yes
Create custom attack signatures Yes Yes
Access contexts for customization 500+ 500+
Attack editing (port range, other) Yes Yes
Stream signatures Yes Yes
Protocol thresholds Yes Yes
Stateful protocol signatures Yes Yes
Approximate number of attacks covered 6,000+ 6,000+
Detailed threat descriptions and remediation/patch info Yes Yes
Create and enforce appropriate application-usage policies Yes Yes
Attacker and target audit trail and reporting Yes Yes
Frequency of updates Daily and emergency Daily and emergency
GPRS Security
GPRS stateful firewall Yes Yes
GTP tunnels 250,000 500,000
Destination Network address translation
Destination NAT with PAT Yes Yes
Destination NAT within same subnet as ingress interface IP Yes Yes
Destination addresses and port numbers to one single address and a
Yes Yes
specific port number (M:1P)
Destination addresses to one single address (M:1) Yes Yes
Destination addresses to another range of addresses (M:M) Yes Yes
Source Network address translation
Static Source NAT – IP-shifting DIP Yes Yes
Source NAT with PAT – port-translated Yes Yes
Source NAT without PAT – fix-port Yes Yes
Source NAT – IP address persistency Yes Yes
Source pool grouping Yes Yes
Source pool utilization alarm Yes Yes
6
Maximum number of supported L3 subinterfaces in HA configuration is 1,000.
7
Maximum number of BGP and OSPF routes recommended is 100,000.
7
8. SRX3400 SRX3600
Source Network address translation (continued)
Source IP outside of the interface subnet Yes Yes
Interface source NAT – interface DIP Yes Yes
Oversubscribed NAT pool with fallback to PAT when the address pool is
Yes Yes
exhausted
Symmetric NAT Yes Yes
Allocate multiple ranges in NAT pool Yes Yes
Proxy ARP for physical port Yes Yes
Source NAT with loopback grouping – DIP loopback grouping Yes Yes
user authentication and access Control
Built-in (internal) database Yes Yes
RADIUS accounting Yes Yes
Web-based authentication Yes Yes
UAC enforcement point Yes Yes
Public Key Infrastructure (PKI) Support
PKI certificate requests (PKCS 7 and PKCS 10) Yes Yes
Automated certificate enrollment (SCEP) Yes Yes
Certificate authorities supported Yes Yes
Self-signed certificates Yes Yes
Virtualization
Maximum number of security zones 256 256
Maximum number of virtual routers 256 256
Maximum number of VLANs per interface 4,096 4,096
Maximum number of L3 subinterfaces 16,384 6
16,3846
Routing
BGP instances 128 128
BGP peers 2,000 2,000
BGP routes 1,000,0007 1,000,0007
OSPF instances 256 256
OSPF routes 1,000,000 7
1,000,0007
RIP v1/v2 instances 50 50
RIP v2 table size 30,000 30,000
Dynamic routing Yes Yes
Static routes Yes Yes
Filter-based forwarding (FBF) Yes Yes
Equal-cost multipath (ECMP) Yes Yes
Reverse path forwarding (RPF) Yes Yes
Multicast Yes Yes
IPv6
Firewall/stateless filters Yes Yes
Dual stack IPv4/IPv6 firewall Yes Yes
RIPng Yes Yes
BFD, BGP Yes Yes
ICMPv6 Yes Yes
OSPFv3 Yes Yes
Class of service Yes Yes
8
9. SRX3400 SRX3600
Mode of Operation
Layer 2 (transparent) mode Yes Yes
Layer 3 (route and/or NAT) mode Yes Yes
IP address assignment
Static Yes Yes
Dynamic Host Configuration Protocol (DHCP) Yes Yes
Internal DHCP server Yes Yes
DHCP relay Yes Yes
traffic Management QoS
Maximum bandwidth Yes Yes
RFC2474 IP DiffServ in IPv4 Yes Yes
Filters for CoS Yes Yes
Classification Yes Yes
Scheduling Yes Yes
Shaping Yes Yes
Intelligent Drop Mechanisms (WRED) Yes Yes
Three-level scheduling Yes Yes
Weighted round-robin for each level of scheduling Yes Yes
Priority of routing protocols Yes Yes
High availability
Active/passive, active/active Yes Yes
Low impact chassis cluster upgrades Yes Yes
Configuration synchronization Yes Yes
Session synchronization for firewall and IPsec VPN Yes Yes
Session failover for routing change Yes Yes
Device failure detection Yes Yes
Link and upstream failure detection Yes Yes
Interface link aggregation/LACP Yes Yes
Redundant data and control links* Yes Yes
Management
WebUI (HTTP and HTTPS) Yes Yes
Command-line interface (console) Yes Yes
Command-line interface (telnet) Yes Yes
Command-line interface (SSH) Yes Yes
Network and Security Manager version 2008.2 or later Yes Yes
administration
Local administrator database support Yes Yes
External administrator database support Yes Yes
Restricted administrative networks Yes Yes
Root admin, admin, and read-only user levels Yes Yes
Software upgrades Yes Yes
Configuration rollback Yes Yes
* To enable dual control links on the SRX3000 line, the SRX3K CRM module must be installed on each cluster member.
9
10. SRX3400 SRX3600
Logging/Monitoring
Structured System Log Yes Yes
SNMP (v2/v3) Yes Yes
Traceroute Yes Yes
Dimensions and Power
Dimensions (W x H x D) 17.5 x 5.25 x 25.5 in 17.5 x 8.75 x 25.5 in
(44.5 x 13.3 x 64.8 cm) (44.5 x 22.2 x 64.8 cm)
Weight Chassis: 32.3 lb (14.7 kg) Chassis: 43.6 lb (19.8 kg)
Fully configured: 75 lb (34.1 kg) Fully configured: 115.7 lb (52.6 Kg)
Power supply (AC) 100 to 240 VAC 100 to 240 VAC
Power supply (DC) -40 to -72 VDC -40 to -72 VDC
Maximum power draw 1,100 W (AC power) 1,750 W (AC power)
1,050 W (DC power) 1,850 W (DC power)
Power supply redundancy 1+1 2+1/2+2
Certifications
Safety certifications Yes Yes
Electromagnetic compatibility (EMC) certifications Yes Yes
NEBS level 3 Yes Yes
Security Certifications
Common Criteria: EAL3 Yes Yes
3GPP tS 20.060 Compliance**
R6: 3GPP TS 29.060 version 6.21.0 Yes Yes
R7: 3GPP TS 29.060 version 7.3.0 Yes Yes
R8: 3GPP TS 29.060 version 8.3.0 Yes Yes
Operating environment
Operating temperature 32° to 104° F (0° to 40° C) 32° to 104° F (0° to 40° C)
Humidity 5% to 90% noncondensing 5% to 90% noncondensing
** SRX3000 line gateways operating with Junos OS release 10.0 and later are compliant with the R6, R7, and R8 releases of 3GPP TS 20.060 with the following exceptions
(not supported on the SRX3000 line) :
- Section 7.5A Multimedia Broadcast and Multicast Services (MBMS) messages
- Section 7,5B Mobile Station (MS) info change messages
- Section 7.3.12 Initiate secondary PDP context from GGSN
Juniper Networks Services and Support
Juniper Networks is the leader in performance-enabling services and support, which are designed to accelerate, extend, and optimize
your high-performance network. Our services allow you to bring revenue-generating capabilities online faster so you can realize bigger
productivity gains and faster rollouts of new business models and ventures. At the same time, Juniper Networks ensures operational
excellence by optimizing your network to maintain required levels of performance, reliability, and availability. For more details, please
visit www.juniper.net/us/en/products-services/.
10
11. Ordering Information
MODeL NuMBeR DeSCRIPtION MODeL NuMBeR DeSCRIPtION
Base System appSecure Subscription
SRX3400BASE-AC SRX3400 chassis, midplane, fan, routing SRX3400-APPSEC-A-1 One year subscription for Application Security
engine, SFB-12 Gigabit Ethernet, AC PEM8 - and IPS updates for SRX3400
no power cord - no SPC - no NPC SRX3400-APPSEC-A-3 Three year subscription for Application Security
SRX3400BASE-DC SRX3400 chassis, midplane, fan, routing and IPS updates for SRX3400
engine, SFB-12 Gigabit Ethernet, DC PEM - SRX3600-APPSEC-A-1 One year subscription for Application Security
no SPC - no NPC and IPS updates for SRX3600
SRX3400BASE-DC2 SRX3400 chassis, midplane, fan, routing SRX3600-APPSEC-A-3 Three year subscription for Application Security
engine, SFB-12 Gigabit Ethernet, DC2 PEM - and IPS updates for SRX3600
no SPC - no NPC
SRX5600-APPSEC-A-1 One year subscription for Application Security
SRX3600BASE-AC SRX3600 chassis, midplane, fan, routing and IPS updates for SRX5600
engine, SFB-12 Gigabit Ethernet, 2xAC PEM8 -
SRX5600-APPSEC-A-3 Three year subscription for Application Security
no power cords - no SPC - no NPC
and IPS updates for SRX5600
SRX3600BASE-DC SRX3600 chassis, midplane, fan, routing
SRX5800-APPSEC-A-1 One year subscription for Application Security
engine, SFB-12 Gigabit Ethernet, 2xDC PEM -
and IPS updates for SRX5800
no SPC - no NPC
SRX5800-APPSEC-A-3 Three year subscription for Application Security
SRX3600BASE-DC2 SRX3600 chassis, midplane, fan, routing
and IPS updates for SRX5800
engine, SFB-12 Gigabit Ethernet, 2xDC PEM -
no SPC - no NPC IPS Subscription
SRX3K-PWR-DC2 Enhanced DC power entry module for SRX3K-IDP One year IPS signature subscription for
SRX3000 line SRX3000 line
SRX3000 Line Components SRX3K-IDP-3 Three year IPS signature subscription for
SRX3000 line
SRX3K-SPC-1-10-40 SRX3000 line Services Processing Card with
1 GHz processor and 4 GB memory extreme Ltu
SRX3K-NPC SRX3000 line Network Processing Card SRX3K-EXTREME-LTU Expanded performance and capacity Extreme
License for SRX3000 line
SRX3K-16GE-TX 16 x 1 10/100/1000 Copper CFM I/O Card for
SRX3000 line C19 Straight Power Cables
SRX3K-16GE-SFP 16 x 1 Gigabit SFP Ethernet I/O Card for CBL-PWR-C19S-132-UK Power cord, AC, Great Britain & Ireland, C19 at
SRX3000 line, no transceivers 70-80 mm, 13 A/250 V, 2.5 mm, straight
SRX3K-2XGE-XFP 2 x 10 Gigabit XFP Ethernet I/O Card for CBL-PWR-C19S-151-US15 Power cord, AC, Japan/US, NEMA 5-15 to C19
SRX3000 line, no transceivers at 70-80 mm, 15 A/125 V, 2.5 m, straight
SRX3K-CRM Clustering module for the SRX3000 line CBL-PWR-C19S-152-AU Power cord, AC, Australia/New Zealand, C19 at
to enable redundant control links in high- 70-80 mm, 15 A/250 V, 2.5 m, straight
availability clusters
CBL-PWR-C19S-162-CH Power cord, AC, China, C19, 16 A/250 V,
2.5 m, straight
transceivers
CBL-PWR-C19S-162-EU Power cord, AC, Continental Europe, C19,
SRX-SFP-1GE-LH Small form factor pluggable 1000BASE-LH
16 A/250 V, 2.5 m, RA
Gigabit Ethernet optic module
CBL-PWR-C19S-162-IT Power cord, AC, Italy, C19 at 70-80 mm,
SRX-SFP-1GE-LX Small form-factor pluggable 1000BASE-LX
16 A/250 V, 2.5 m, straight
Gigabit Ethernet optic module
CBL-PWR-C19S-162-JP Power cord, AC, Japan, NEMA 6-20 to C19,
SRX-SFP-1GE-SX Small form-factor pluggable 1000BASE-SX
16 A/250 V, 2.5 m, straight
Gigabit Ethernet optic module
CBL-PWR-C19S-162-JPL Power cord, AC, Japan/US, C19 at
SRX-SFP-1GE-T Small form-factor pluggable 1000BASE-T
70-80 mm, 16 A/250 V, 2.5 m, straight,
Gigabit Ethernet module
locking plug
SRX-XFP-10GE-SR 10-Gigabit Ethernet pluggable transceiver,
CBL-PWR-C19S-162-US Power cord, AC, Japan/US, NEMA 6-20 to C19
short reach multimode
at 70-80 mm, 16 A/250 V, 2.5 m, straight
SRX-XFP-10GE-LR 10-Gigabit Ethernet pluggable transceiver,
CBL-PWR-C19S-162-USL Power cord, AC, US, NEMA L6-20 to C19,
10 Km, single mode
16 A/250 V, 2.5 m, straight, locking plug
SRX-XFP-10GE-ER 10-Gigabit Ethernet pluggable transceiver,
8
AC power cords are not included. One C19-Straight cable with appropriate wall-plug for the
40 Km, single mode
final destination of the system is required for each power supply.
about Juniper Networks
Juniper Networks is in the business of network innovation. From
devices to data centers, from consumers to cloud providers,
Juniper Networks delivers the software, silicon and systems that
transform the experience and economics of networking. The
company serves customers and partners worldwide. Additional
information can be found at www.juniper.net.
11
12. Corporate and Sales Headquarters aPaC Headquarters eMea Headquarters To purchase Juniper Networks solutions,
Juniper Networks, Inc. Juniper Networks (Hong Kong) Juniper Networks Ireland please contact your Juniper Networks
1194 North Mathilda Avenue 26/F, Cityplaza One Airside Business Park representative at 1-866-298-6428 or
Sunnyvale, CA 94089 USA 1111 King’s Road Swords, County Dublin, Ireland
authorized reseller.
Phone: 888.JUNIPER (888.586.4737) Taikoo Shing, Hong Kong Phone: 35.31.8903.600
or 408.745.2000 Phone: 852.2332.3636 EMEA Sales: 00800.4586.4737
Fax: 408.745.2100 Fax: 852.2574.7803 Fax: 35.31.8903.601
www.juniper.net
Copyright 2011 Juniper Networks, Inc. All rights reserved. Juniper Networks, the Juniper Networks logo, Junos,
NetScreen, and ScreenOS are registered trademarks of Juniper Networks, Inc. in the United States and other
countries. All other trademarks, service marks, registered marks, or registered service marks are the property of
their respective owners. Juniper Networks assumes no responsibility for any inaccuracies in this document. Juniper
Networks reserves the right to change, modify, transfer, or otherwise revise this publication without notice.
1000267-011-EN June 2011 Printed on recycled paper
12