Spec Sheet

ManualsBrandsJuniper ManualsEthernet SwitchSRX220 Ethernet Switch

Data SheetSRX Series Services Gateways for the Branch

Speciﬁcations

Protocols

• IPv4, IPv6, ISO Connectionless Network Service (CLNS)

Routing and Multicast

• Static routes

• RIPv2 +v1

• OSPF/OSPFv3

• BGP

• BGP Router Reﬂector

• IS-IS

• Multicast (Internet Group Management Protocol

(IGMPv1/2/3), PIM-SM/DM/SSM, Session Description

Protocol (SDP), Distance Vector Multicast Routing Protocol

(DVMRP), source-speciﬁc, Multicast inside IPsec tunnel),

MSDP

• MPLS (RSVP, LDP, Circuit Cross-connect (CCC), Translational

Cross-connect (TCC), Layer 2 VPN (VPLS), Layer 3 VPN,

VPLS, NGMVPN)

IP Address Management

• Static

• DHCP, PPPoE client

• Internal DHCP server, DHCP Relay

Address Translation

• Source NAT with Port Address Translation (PAT)

• Static NAT

• Destination NAT with PAT

• Persistent NAT, NAT64

Encapsulations

• Ethernet (MAC and VLAN tagged)

• Point-to-Point Protocol (PPP) (synchronous)

- Multilink Point-to-Point Protocol (MLPPP)

• Frame Relay

- Multilink Frame Relay (MLFR) (FRF.15, FRF.16), FRF.12, LFI

• High-Level Data Link Control (HDLC)

• Serial (RS-232, RS-449, X.21, V.35, EIA-530)

• 802.1q VLAN support

• Point-to-Point Protocol over Ethernet (PPPoE)

L2 Switching

• 802.1Q, 802.1D, RSTP, MSTP, 802.3ad (LACP)

• 802.1x, LLDP, 802.1ad (Q-in-Q), IGMP Snooping

• Layer 2 switching with high availability

Trac Management Quality of Service (QoS)

• 802.1p, DSCP, EXP

• Marking, policing, and shaping

• Class-based queuing with prioritization

• Weighted random early detection (WRED)

• Queuing based on VLAN, data-link connection identiﬁer

(DLCI), interface, bundles, or multi-ﬁeld (MF) ﬁlters

• Guaranteed bandwidth

• Maximum bandwidth

• Ingress trac policing

• Priority-bandwidth utilization

• DiServ marking

• Virtual channels

Security

Firewall

• Firewall, zones, screens, policies

• Stateful ﬁrewall, stateless ﬁlters

• Network attack detection

• Screens denial of service (DoS) and provides distributed

denial of service (DDoS) protection (anomaly-based)

• Prevent replay attack; Anti-Replay

• Uniﬁed Access Control

- TCP reassembly for fragmented packet protection

- Brute force attack mitigation

- SYN cookie protection

- Zone-based IP spooﬁng

- Malformed packet protection

NGFW/UTM

• Intrusion Prevention System (IPS)

- Protocol anomaly detection

- Stateful protocol signatures

- Intrusion prevention system (IPS) attack pattern

obfuscation

- User role-based policies

• Customer signatures creation

• Multiple times a week and emergency updates

• AppSecure

- AppTrack (application visibility and tracking)

- AppFirewall (policy enforcement by application name)

- Custom signatures

- AppQoS (network trac prioritization and bandwidth

management)

- Dynamic signature updates

- User-based application policy enforcement

• Antivirus

- Express AV (stream-based AV, not available on SRX100

and SRX110)

- File-based antivirus

• Signature database

• Protocols scanned: POP3, HTTP, SMTP, IMAP, FTP

BGP Route Reflector supported on SRX550 and SRX650. See ordering section for more information.

As of Junos 15.1X49-D40, the SRX550 High Memory unit does not support xSTP, LLDP, 802.1x, Q-in-Q, IGMP Snooping and L2 switching with HA

Unified Threat Management – antivirus, antispam, Web filtering, AppSecure, and IPS require individual subscription license. UTM is not supported on the low memory version. Please see the

ordering section for options.