Juniper Networks SRX4700 is a high-performance, next-generation firewall (NGFW) designed for service providers, cloud providers, and large enterprises. In addition, enterprises can deploy the SRX4700 as data center core and data center edge firewalls and as a secure SD-WAN hub. Combining industry-leading security effectiveness and carrier-grade routing with state-of-the-art switching, this platform delivers robust network security, effective threat protection, and comprehensive automation and mitigation capabilities.
Juniper Networks SRX4700 next-generation firewall is integral to this new architecture, and it empowers organizations to operationalize security across their networks. This 1U, power-efficient firewall features built-in zero-trust, Ethernet VPN-Virtual Extensible LAN (EVPN-VXLAN) fabric integration and AI-Predictive Threat Prevention to secure your network. The SRX4700 firewall delivers the industry’s highest throughput, per rack unit, at up to 1.4 Tbps, and supports 400 Gbps interfaces with wire speed MACsec.
Table 1. SRX4700 Firewall Features and Benefits
Business Requirement | Feature/Solution | SRX4700 Advantages |
High performance | Express Path+ | l Provides automatic offload of all eligible flows for line-rate forwarding without additional configuration l Delivers full inspection services to all flows regardless of size l Requires no trade-offs between performance and security l Meets requirements for enterprise campus and data center edge deployments l Addresses diverse needs and scales for service provider deployments |
High-quality, end-user experience | Application visibility and control | l Updates application continuously and decodes custom applications l Controls and prioritizes traffic based on application and user role l Inspects and detects applications inside SSL-encrypted traffic, including Web and SaaS |
Advanced threat protection | NGFW Services: IPS, antivirus, antispam, Web filtering | l Prevents exploits with 99.9% effectiveness; signatures update in real time l Protects against known malware and malicious Web and DNS traffic l Sandboxing for unknown malware across multiple OS types, including iOS, Windows, Android, and CentOS l Delivers threat intelligence in an open platform to accommodate for third-party and custom threat feeds l Detects threats hidden inside encrypted traffic without decrypting |
Zero-day protection | Juniper’s AI-Predictive Threat Prevention | l Predicts and prevents malware at line rate by using AI to effectively identify threats from packet snippets l Eliminates patient-zero infections l Auto-generates protective signatures that remain active for the full attack lifecycle, keeping the network safe from subsequent attacks |
Secure data transactions | Juniper Secure Connect: IPsec VPN, remote access/SSL VPN | l Provides high-performance IPsec VPN with dedicated crypto engine l Offers diverse VPN options for various network designs, including remote access and dynamic site-to-site communications l Simplifies large VPN deployments with auto-VPN l Includes hardware-based crypto acceleration l Secure and flexible remote access SSL VPN |
Advanced networking services | Routing, secure wire | l Supports carrier-class advanced routing and quality of service (QoS) |
Security embedded into the data center fabric | EVPN-VXLAN (EVPN Type 5 route) | l Enhances tunnel inspection for VXLAN encapsulated traffic with Layer 4-7 security services l Eases operations with Type 5 support through BGP l Does not require decapsulation for EVPN-VXLAN traffic |
Reliability | Chassis cluster, redundant power supplies | l Provides stateful configuration and session state synchronization l Supports active/active and active/backup deployment scenarios l Offers highly available hardware with redundant power supply unit (PSU) and fans |
Easy to manage and scale | Juniper Security Director Cloud, on-box GUI | l Provides centralized management via Juniper’s unified management experience, including zero-touch provisioning (ZTP), unbroken visibility, intelligent rule placement, and simplified policy configuration and automation l Supports Network Address Translation (NAT), and automated IPsec VPN deployments via wizards l Supports on-box GUI |
Built-in zero trust capabilities | DevID with TPM 2.0 Module | l Verifies the device’s trust posture easily l Provides cryptographically signed device ID that supports RFC-compliant sZTP for hardware and software attestation l Mitigates the risks of supply chain attacks |
Low TCO | Junos OS | l Integrates routing and security capabilities into a single device l Reduces OpEx with Junos OS automation capabilities l Automates integration with other devices running Junos OS, such as MX, PTX, and ACX routers, and EX and QFX switches |
Table 1. SRX4700 Firewall Hardware Specifications
Specification | SRX4700 |
Connectivity | |
Total onboard I/O ports | 2 x 400 GbE (QSFP56-DD) |
Out-of-Band (OOB) management ports | 1 Gbps (RJ-45) |
Dedicated high availability (HA) ports | 1 x 1 GbE (SFP) Control |
Console | 1 (RJ-45) |
USB 3.0 ports (Type A) | 1 |
Storage | |
Storage (SSD) | 2x1TB M.2 SSD or 1 x 1TB M.2 SSD + 1 x 2TB M.2 SSD |
Dimensions and Power | |
Form factor | 1U |
Size (W x H x D) | 17.4 x 1.7 x 26.5 in (44.19 x 4.32 x 67.31 cm) |
Weight (device and PSU) | Chassis with AC power supplies: 40 lb (18.2 kg) |
Redundant PSU | 1+1 |
Power supply | 2 x 2200 W AC PSU redundant |
Maximum current consumption | 8.2 A (for 220 V AC power) |
Environment and Regulatory Compliance | |
Acoustic noise level | 78 dBA at normal fan speed, 92 dBA at full fan speed |
Airflow/cooling | Front to back |
Operating temperature | 32° to 104° F (0° to 40° C at 6000 ft altitude) |
Operating humidity | 5% to 85% non-condensing |
Meantime between failures (MTBF) | 133,440 hours (15.23 years) |
FCC classification | Class A |
RoHS compliance | RoHS 6 |
FCC classification | Class A |
NEBS compliance | Designed for NEBS Level 3 |
Performance and Scale | |
Routing/firewall (IMIX packet size) throughput Tbps | 1.4 Tbps |
Routing/firewall throughput Tbps | 1.4 Tbps |
IPsec VPN (IMIX packet size) Gbps | 90 Gbps |
Application security performance in Gbps | 150 Gbps |
Recommended IPS in Gbps | 110 Gbps |
Next-generation firewall in Gbps | 100 Gbps |
Connections per second (CPS) | 600,000 |
Maximum security policies | 100,000 |
Maximum concurrent sessions (IPv4 or IPv6) | 60 million |
Route table size (RIB/FIB) (IPv4 or IPv6) | 4 million/1.2 million |
IPsec tunnels | 15,000 |
Number of remote access/SSL VPN (concurrent) users | 7,500 |
Table 1. SRX4700 Firewall Ordering Information
Product Number | Description |
SRX4700-AC | SRX4700 Services Gateway includes hardware, AC PSU, cable, RMK and Junos Software Base (Firewall, NAT, IPsec, Routing, MPLS and Switching) |
SRX4700-DC | SRX4700 Services Gateway includes hardware, DC PSU, cable, RMK and Junos Software Base (Firewall, NAT, IPsec, Routing, MPLS and Switching) |
