Juniper SRX220H Ficha De Dados
2
Architecture and Key Components
Key Hardware Features of the Branch SRX Series Products
PrODuCt
DesCriPtiOn
SRX100 Services
Gateway
Gateway
• 8 10/100 Ethernet LAN ports
• Full UTM
• Full UTM
2,
; antivirus
2
, antispam
2
, Web filtering
2
, intrusion prevention system
2
(with high memory version)
• Unified Access Control (UAC) and content filtering
• 1 GB
• 1 GB
8
DRAM, 1 GB flash default (512 MB DRAM accessible in low memory version)
SRX210 Services
Gateway
Gateway
• 2 10/100/1000 Ethernet and 6 10/100 Ethernet LAN ports, 1 Mini-PIM slot, 1 ExpressCard slot and 2 USB ports
• Factory option of 4 dynamic Power over Ethernet (PoE) ports 802.3af
• Support for T1/E1, serial, ADSL/2/2+, VDSL, G.SHDSL, DOCSIS3, Ethernet small form-factor pluggable transceiver (SFP), and
• Factory option of 4 dynamic Power over Ethernet (PoE) ports 802.3af
• Support for T1/E1, serial, ADSL/2/2+, VDSL, G.SHDSL, DOCSIS3, Ethernet small form-factor pluggable transceiver (SFP), and
Gigabit Ethernet interfaces
• Content Security Accelerator hardware for faster performance of IPS and ExpressAV
• Full UTM
• Full UTM
2
; antivirus
2
, antispam
2
, Web filtering
2
, intrusion prevention system
2
(with high memory version)
• Unified Access Control (UAC) and content filtering
• 512 MB DRAM default, optional factory 1 GB DRAM, 1 GB flash default
• 512 MB DRAM default, optional factory 1 GB DRAM, 1 GB flash default
SRX220 Services
Gateway
Gateway
• 8 10/100/1000 Ethernet LAN ports, 2 Mini-PIM slots
• Factory option of 8 PoE ports; PoE+ 803.3at, backwards compatible with 802.3af
• Support for T1/E1, serial, ADSL2/2+, VDSL, G.SHDSL, DOCSIS3, Ethernet SFP
• Factory option of 8 PoE ports; PoE+ 803.3at, backwards compatible with 802.3af
• Support for T1/E1, serial, ADSL2/2+, VDSL, G.SHDSL, DOCSIS3, Ethernet SFP
11
, and Gigabit Ethernet interfaces
• Content Security Accelerator hardware for faster performance of IPS and ExpressAV
• Full UTM
• Full UTM
2
; antivirus
2
, antispam
2
, Web filtering
2
, intrusion prevention system
2
(with high memory version)
• Unified Access Control and content filtering
• 1 GB DRAM, 1 GB flash default
• 1 GB DRAM, 1 GB flash default
SRX240 Services
Gateway
Gateway
• 16 10/100/1000 Ethernet LAN ports, 4 Mini-PIM slots
• Factory option of 16 PoE ports; PoE+ 803.3at, backwards compatible with 802.3af
• Support for T1/E1, serial, ADSL2/2+, VDSL, G.SHDSL, DOCSIS3, Ethernet SFP
• Factory option of 16 PoE ports; PoE+ 803.3at, backwards compatible with 802.3af
• Support for T1/E1, serial, ADSL2/2+, VDSL, G.SHDSL, DOCSIS3, Ethernet SFP
11
, and Gigabit Ethernet interfaces
• Content Security Accelerator hardware for faster performance of IPS and ExpressAV
• Full UTM
• Full UTM
2
; antivirus
2
, antispam
2
, Web filtering
2
, intrusion prevention system
2
(with high memory version)
• Unified Access Control and content filtering
• 512 MB RAM default, optional factory 1 GB DRAM, 1 GB flash default
• 512 MB RAM default, optional factory 1 GB DRAM, 1 GB flash default
SRX650 Services
Gateway
Gateway
• 4 fixed ports 10/100/1000 Ethernet LAN ports, 8 GPIM slots or multiple GPIM and XPIM combinations
• Support for T1, E1, Gigabit Ethernet LAN ports; supports up to 48 ports switching with optional PoE including 802.3at, PoE+,
• Support for T1, E1, Gigabit Ethernet LAN ports; supports up to 48 ports switching with optional PoE including 802.3at, PoE+,
backwards compatible with 802.3af
• Content Security Accelerator hardware for faster performance of IPS and ExpressAV
• Full UTM
• Full UTM
2
; antivirus
2
, antispam
2
, Web filtering
2
, and intrusion prevention system
2
• Unified Access Control and content filtering
• Modular Services and Routing Engine; future internal failover and hot-swap
• 2 GB DRAM default, 2 GB compact flash default, external compact flash slot for additional storage
• Optional redundant AC power; standard AC power supply that is PoE-ready; PoE power up to 250 watts redundant, or 500
• Modular Services and Routing Engine; future internal failover and hot-swap
• 2 GB DRAM default, 2 GB compact flash default, external compact flash slot for additional storage
• Optional redundant AC power; standard AC power supply that is PoE-ready; PoE power up to 250 watts redundant, or 500
watts non-redundant
network Deployments
The SRX Series Services Gateways for the branch are deployed at
remote and branch locations in the network to provide all-in-one
secure WAN connectivity, IP telephony, and connection to local
PCs and servers via integrated Ethernet switching.
remote and branch locations in the network to provide all-in-one
secure WAN connectivity, IP telephony, and connection to local
PCs and servers via integrated Ethernet switching.
Features and Benefits
secure routing
Should you use a router and a firewall to secure your network?
By building the branch SRX Series with best-in-class routing and
firewall capabilities in one product, enterprises don’t have to make
that choice. Why forward traffic if it’s not legitimate?
By building the branch SRX Series with best-in-class routing and
firewall capabilities in one product, enterprises don’t have to make
that choice. Why forward traffic if it’s not legitimate?
SRX Series for the branch checks the traffic to see if it is
legitimate, and only forwards it on when it is. This reduces the load
on the network, allocates bandwidth for all other mission-critical
applications, and secures the network from hacking.
legitimate, and only forwards it on when it is. This reduces the load
on the network, allocates bandwidth for all other mission-critical
applications, and secures the network from hacking.
The main purpose of a secure router is to provide firewall
protection and apply policies. The firewall (zone) functionality
inspects traffic flows and state to ensure that originating and
protection and apply policies. The firewall (zone) functionality
inspects traffic flows and state to ensure that originating and
returning information in a session is expected and permitted for
a particular zone. The security policy determines if the session
can originate in one zone and traverse to another zone. This
architectural choice receives packets from a wide variety of clients
and servers and keeps track of every session, of every application,
and of every user. It allows the enterprise to make sure that only
legitimate traffic is on its network and that traffic is flowing in the
expected direction.
a particular zone. The security policy determines if the session
can originate in one zone and traverse to another zone. This
architectural choice receives packets from a wide variety of clients
and servers and keeps track of every session, of every application,
and of every user. It allows the enterprise to make sure that only
legitimate traffic is on its network and that traffic is flowing in the
expected direction.
Figure 1: Firewalls, zones and policies
“Untrust” Zone
“Trust” Zone
“Guest” Zone
“DMZ” Zone
Intranet
INTERNET