Home > Products > Juniper Networks > SRX Series > SRX3400

SRX3400 Gateway | Juniper Networks SRX3400 Routers | Juniper SRX 3400 Firewalls

Get your Juniper Networks SRX3400 Routers with the Power of Vology. Buy New Today! The SRX3400 is a Gateway that performs as a router and firewall!

The Juniper SRX3400 Services Gateways are designed for medium to large enterprise, public sector and service provider networks. To be more specific, the SRX3400 is ideal for small to midsized server farms, hosting sites, or mobile operators.

The best part about the SRX3400 router and the SRX product line is its functionality to act as a router and a firewall, cutting the cost and space of having two seperate devices. The SRX 3400 checks the validity of the traffic before its distributed in your network on a much larger scale compared to the branch SRX series. Why on earth would you not want to secure your data center from hacking, have bandwidth reduction, and a overall load reduction on your network?

As Juniper drives a more dynamic services architecture, the SRX3400 gateway can be populated with a flexible number of I/O cards (IOCs), network processing cards (NPCs) and service processing cards (SPCs). This allows the servicing system to be configured to support the ideal balance of performance and port density enabling each deployment of the Juniper Networks SRX Series Services Gateways to be tailored to specific network requirements.

SRX3400 Firewall Networking and Security Features

Purpose-built platform that provides unmatched performance and flexibility to protect high-speed network environments.
Scalable performance allows a simple and cost-effective solution to leverage new services with appropriate processing.
Network and system sesilience, having a carrier-class design, offers reliability constantly in-demand for any critical high-speednetwork deployments.
High availability can be set Active/passive and active/active HA configurations using dedicated HA-control interfaces. Highly important if one device fails.
Interface flexibility diegned for I/O options including on-board ports and modular CFM I/O cards which allows for scalability for required port densities.
Network segmentation provides security zones, VLANs, and virtual routers that allow admins to deploy security policies to isolate guests, regional servers or databases. This segmentation distributes unique security and networking policies for various internal, external, and DMZ subgroups.
Robust routing engine provides logical and physical separation to data and control planes. This ensures deployment of consolidated routing and security devices, as well as ensuring the security of routing infrastructure for all dedicated management environments.
Comprehensive threat protection is powered by services on Junos OS including multi-gigabit firewall, IPsec VPN, IPS, DoS, application security, and other networking and security services to ensure your are protected at every angle from attack.
Stateful GPRS inspection enables the SRX3000 line to provide stateful firewall capabilities for protecting key GPRS nodes within mobileoperator networks.
Role-based/identity-based access control enforcement secures access to data center resources via tight integration of Juniper Networks Unified Access Control and SRX3000 line.

SRX3400 Routing Traffic Inspection Methods

DoS detection provides protection against denial of service attacks including SYN flood, IP, ICMP, and application attacks.
IP spoofing detection validates IP addresses by checking allowed addresses inside and outside the network to permit only authentic traffic while blocking potentially harmful sources.
Traffic anomaly detection picks up patterns that will alert you in the possiblity of network attack.
Protocol anomaly detection is protocol usage against published RFCs is verified to detect any violations or abuse.

SRX3400 ISP Capabilities

Stateful signatures are applied only to relevant portions of the network traffic determined by the appropriate protocol context.
More than 65 protocol decodes are supported along with more than 500 contexts to enforce proper usage of protocols, which provides accuracy of signatures through precise contexts of protocols.
There are more than 6,000 signatures for identifying anomalies, attacks, spyware, and applications. This allows attacks to be quickly and accurately identified.
Active/active IP traffic monitoring supported.
Reassembly, normalization, and protocol decoding are provided.

SRX3400 Application Security

Stateful signatures are applied only to relevant portions of the network traffic determined by the appropriate protocol context.
With application identification and awareness, context, protocol information, and signatures are used to identify applications on any TCP or UDP port. Enable rules and policies based on application traffic rather than ports—protect or police standard applications on non-standard ports. (This also applies for applications that do not have protocol decoders.)
Inspection of HTTP traffic encrypted in SSL on any TCP/UDP port to protect from attacks.
Multi-stage detection methods used to identify and mitigate distributed denial of service attacks targeting applications.

SRX3400 Centralized Management

Job Manager view pending and completed jobs which simplies modifications to multiple devices.
The ability to schedule database backups
Object locking avoids incorrect configuration due to overwritten management settings.
Logical separation of devices, policies, reports, and other management activities are permitted for domains.
The ability to schedule security updates to the device automatically.
With role-based administration you can allow more than 100 different activities can be assigned as unique permissions for different administrators.

Your new Juniper SRX3400 router comes with a standard one-year manufacturer warranty. Contact Vology now to find out how we can help you power up with quality new Juniper SRX series routers.

Specifications

JUNOS Software Version Tested

JUNOS 10.1

Firewall Performance (MAX)

20 Gbps

IPS performance (NSS 4.2.1)

6 Gbps

AES256+SHA-1 / 3DES+SHA-1 VPN Performance

6 Gbps

Maximum concurrent Sessions

2.25 Million

New Sessions/Second (Sustained, TCP, 3-Way)

175,000

Dimensions and Power

Dimensions (W x H x D): 17.5 x 5.25 x 25.5 in (44.5 x 13.3 x 64.8 cm)
Weight: Chassis: 32.3 lb (14.7 kg), Fully Configured: 75 lb (34.1 kg)
Power supply (AC): 100 to 240 V AC
Power supply (DC): -40 to -72 V DC
Maximum power draw: 1,100 W (AC power), 1,050 W (DC power)
Power supply redundancy: 1 + 1

Maximum Security Policies

40,000

Maximum Users Supported

Unrestricted

Maximum Available Slots for IOCs

4 front slots

Fixed I/O Ports

8 x 10/100/1000 + 4 SFP

CX111 3G Bridge Support

Not Available

Internal 3G Express Card Slot support

Not Available

LAN Interface Options

16 x 1 10/100/1000 copper
16 x 1 Gigabit Ethernet small form-factor pluggable transceivers (SFP)
2 x 10 Gigabit Ethernet XFP

High-availability Support

Active/Passive, Active/Active
Low impact chassis cluster
Interface aggregation groups across chassis cluster

Firewall Features

Network attack detection: Yes
DoS and DDoS protection: Yes
TCP reassembly for fragmented packet protection: Yes
Brute force attack mitigation: Yes
SYN cookie protection: Yes
Zone-based IP spoofing: Yes
Malformed packet protection: Yes
GPRS stateful inspection: Yes

Intrusion Detection and Prevention

Stateful protocol signatures: Yes
Attack detection mechanisms: Stateful signatures, protocol anomaly detection (zero-day coverage), application identification
Attack response mechanisms: Drop connection, close connection, session packet log, session summary, email, custom session
Attack notification mechanisms: Structured syslog
Worm protection: Yes
Application identification: Yes
Application Denial of Service protection: Yes
SSL encrypted traffic inspection: Yes
Simplified installation through recommended policies: Yes
Trojan protection: Yes
Spyware/adware/keylogger protection: Yes

Other malware protection: Yes
Protection against attack proliferation from infected systems: Yes
Reconnaissance protection: Yes
Request and response side attack protection: Yes
Compound attacks — combines stateful signatures and protocol anomalies: Yes
Create custom attack signatures: Yes
Access contexts for customization: 500+

Attack editing (port range, other): Yes
Stream signatures: Yes
Protocol thresholds: Yes
Stateful protocol signatures: Yes
Approximate number of attacks covered: 6,000+
Detailed threat descriptions and remediation/patch info: Yes
Create and enforce appropriate application-usage policies: Yes
Attacker and target audit trail and reporting: Yes
Deployment modes: Inline or TAP

SRX3400 System Configuration Guidelines

7 slots for common form-factor modules (CFMs):
4 in the front for IOCs and SPCs
3 in the rear for NPCs and SPCs
4 SPCs max (1 min)
2 NPCs max (1 min)
4 IOCs max

Ordering by Part Numbers

Base System
SRX3400BASE-AC	Juniper SRX3400 chassis, midplane, fan, RE, SFB-12GE, AC PEM4 - no power cord - no SPC - no NPC
SRX3400BASE-DC	Juniper SRX3400 chassis, midplane, fan, RE, SFB-12GE, DC PEM - no SPC - no NPC
SRX 3000 Line Components
SRX3K-SPC-1-10-40	Juniper SRX3000 services processing card with 1Ghz processor and 4GB memory
SRX3K-NPC	Juniper SRX3000 network processing card
SRX3K-16GE-TX	Juniper 16x1 10/100/1000 copper CFM I/O card for SRX3000
SRX3K-16GE-SFP	Juniper 16x1 Gigabit SFP Ethernet I/O card for SRX3000, no transceivers
SRX3K-2XGE-XFP	Juniper 2x10 Gigabit XFP Ethernet I/O card for SRX3000, no transceivers
Transceivers
SRX-SFP-1GE-LH	Juniper Small form factor pluggable 1000BASE-LH Gigabit Ethernet optic module
SRX-SFP-1GE-LX	Juniper Small form-factor pluggable 1000BASE-LX Gigabit Ethernet optic module
SRX-SFP-1GE-SX	Juniper Small form-factor pluggable 1000BASE-SX Gigabit Ethernet optic module
SRX-SFP-1GE-T	Juniper Small form-factor pluggable 1000BASE-T Gigabit Ethernet module
SRX-XFP-10GE-SR	Juniper 10 Gigabit Ethernet pluggable transceiver, short reach multimode
SRX-XFP-10GE-LR	Juniper 10 Gigabit Ethernet pluggable transceiver, 10 Km, single mode
SRX-XFP-10GE-ER	Juniper 10 Gigabit Ethernet pluggable transceiver, 40 Km, single mode