JUNIPER SRX3400

La passerelle de services SRX3400 prend en charge un pare-feu d'un débit maximal de 20 Gb/s, un pare-feu et un IPS d'un débit maximal de 6 Gb/s ou un VPN IPsec d'un débit maximal de 6 Gb/s et jusqu'à 175 000 nouvelles connexions par seconde. Cette passerelle de services est parfaitement adaptée à la sécurisation et à la segmentation d'infrastructures réseau de centres de données, à l'agrégation d'un ensemble de solutions de sécurité différentes et à la mise en place de stratégies de sécurité unique par zones dans les batteries de serveurs et les sites d'hébergement de taille moyenne.

 

 

 

 

Spécifications techniques

Firewall performance (max)
20 Gbps
 
 
IPS performance (NSS 4.2.1)
6 Gbps
 
 
AES256+SHA-1 / 3DES+SHA-1 VPN performance
6 Gbps
 
 
Maximum concurrent sessions
2.25/ 3 million sessions *
* Additional Extreme License required for 3M sessions
 
 
New sessions/second (sustained, TCP, 3-way)
180,000
 
 
Maximum security policies
40,000
 
 
Maximum users supported
Unrestricted
 
 
Maximum available slots for IOCs
4 (front slots)
 
 
Fixed I/O ports
8 10/100/1000 + 4 SFP
 
 
CX111 3G Bridge support
N/A
 
 
Internal 3G Express Card Slot support
N/A
 
 
Centralized Management
Junos Space Security Design
 
 
LAN interface options
  • 16 x 1 10/100/1000 copper
  • 16 x 1 Gigabit Ethernet small form-factor pluggable transceivers (SFP)
  • 2 x 10 Gigabit Ethernet XFP

 

High-availability support
  • Active/Passive, Active/Active
  • Low impact chassis cluster
  • Interface aggregation groups across chassis cluster

 

AppSecure Services
  • Application Identification: yes
  • Application Denial of Service Protection (AppDoS): yes
  • AppTrack: yes
  • AppQoS: yes
  • AppFW: yes

 

Dimensions and Power
  • Dimensions (W x H x D): 17.5 x 5.25 x 25.5 in (44.5 x 13.3 x 64.8 cm)
  • Weight: Chassis: 32.3 lb (14.7 kg), Fully Configured: 75 lb (34.1 kg)
  • Power supply (AC): 100 to 240 V AC
  • Power supply (DC): -40 to -72 V DC
  • Maximum power draw: 1,100 W (AC power), 1,050 W (DC power)
  • Power supply redundancy: 1 + 1

 

Firewall
  • Network attack detection: Yes
  • DoS and DDoS protection: Yes
  • TCP reassembly for fragmented packet protection: Yes
  • Brute force attack mitigation: Yes
  • SYN cookie protection: Yes
  • Zone-based IP spoofing: Yes
  • Malformed packet protection: Yes
  • GPRS stateful inspection: Yes

 

Intrusion Prevention System
  • Stateful protocol signatures: Yes
  • Attack detection mechanisms: Stateful signatures, protocol anomaly detection (zero-day coverage), application identification
  • Attack response mechanisms: Drop connection, close connection, session packet log, session summary, email, custom session
  • Attack notification mechanisms: Structured syslog
  • Worm protection: Yes
  • SSL encrypted traffic inspection: Yes
  • Simplified installation through recommended policies: Yes
  • Trojan protection: Yes
  • Spyware/adware/keylogger protection: Yes
  • Other malware protection: Yes
  • Protection against attack proliferation from infected systems: Yes
  • Reconnaissance protection: Yes
  • Request and response side attack protection: Yes
  • Compound attacks — combines stateful signatures and protocol anomalies: Yes
  • Create custom attack signatures: Yes
  • Access contexts for customization: 500+
  • Attack editing (port range, other): Yes
  • Stream signatures: Yes
  • Protocol thresholds: Yes
  • Stateful protocol signatures: Yes
  • Approximate number of attacks covered: 6,000+
  • Detailed threat descriptions and remediation/patch info: Yes
  • Create and enforce appropriate application-usage policies: Yes
  • Attacker and target audit trail and reporting: Yes
  • Deployment modes: Inline or TAP

 

Documentation