The Juniper SRX4600 Firewall protects mission-critical data center and campus networks for enterprises, service providers, and cloud providers. The SRX4600 is an integral part of the Juniper Connected Security portfolio, which extends security to every point on the network to safeguard users, data, and infrastructure against advanced threats.
The SRX4600 next-generation firewall (NGFW) integrates networking and security into a single platform, delivering high-performance, scalable intrusion detection/prevention and dynamically protecting against malware. Centrally managed by Juniper Security Director Cloud software, the SRX4600 delivers IPsec VPN, fully automated SD-WAN, and easy policy management capabilities for reliable network security.
Table 1. SRX4600 Firewall Features and Benefits
Business Requirement | Feature/Solution | SRX4600 Advantages |
High performance | Express Path + | l Provides automatic offload of all eligible flows for line-rate forwarding without additional configuration l Delivers full inspection services to all flows regardless of size l Demands no trade offs between performance and security l Meets requirements for enterprise campus and data center edge deployments l Addresses diverse needs and scales for service provider deployments |
High-quality, end-user experience | Application visibility and control | l Continuous application updates provided by Juniper Threat Labs l Controls and prioritizes traffic based on application and use role l Inspects and detects applications inside the SSL-encrypted traffic |
Advanced threat protection | IPS, antivirus, antispam, enhanced web filtering, Juniper Advanced Threat Prevention Cloud sandboxing, Encrypted Traffic Insights, SecIntel, and Threat Intelligence Feeds | l Provides IPS capabilities and real-time updates to signatures that effectively protect against exploits, proven most effective in the industry by multiple third-party testing companies l Protects against malware and malicious web traffic l Delivers an open threat intelligence platform that provides a single point for all operational intelligence feeds l Protects against zero-day attacks l Stops rogue and compromised devices from disseminating malware l Restores visibility lost due to encryption without the heavy burden of full TLS/SSL decryption |
Zero-day prevention | AI-Predictive Threat Prevention | l Predicts and prevents malware at line rate by using AI to effectively identify threats from packet snippets l Eliminates patient-zero infections l Provides protection that lasts for the full attack lifecycle—not merely 24 hours—so the network is safe from reinfection from subsequent attacks |
Professional-grade networking services | Routing, secure wire | l Supports carrier-class advanced routing and quality of service (QoS) |
Highly secure | IPsec VPN, Remote access/SSL VPN | l Provides high-performance IPsec VPN with dedicated crypto engine l Offers diverse VPN options for various network designs, including remote access and dynamic site-to-site communications l Simplifies large VPN deployments with auto VPN l Includes hardware-based crypto acceleration l Secure and flexible remote access SSL VPN with Juniper Secure Connect |
Embedded security in data center fabric | EVPN-VXLAN Type 5 routes | l Enhances tunnel inspection for VXLAN encapsulated traffic with Layer 4 to Layer 7 security services l Eases operations with Type 5 support through BGP l Does not require decapsulation of EVPN-VXLAN traffic |
Highly reliable | Chassis cluster, redundant power supplies | l Provides stateful configuration and session state synchronization l Supports active/active and active/backup deployment scenarios l Offers highly available hardware with redundant power supply unit (PSU) and fans |
Easy to manage and scale | On-box GUI, Juniper Security Director Cloud | l Enables centralized management from Juniper’s unified management experience with unbroken visibility, zero-touch provisioning, intelligent firewall policy management and scalability. l Supports Network Address Translation (NAT), and IPsec VPN deployments l Includes simple, easy-to-use on-box GUI for local management |
Low TCO | Junos OS | l Integrates routing and security in a single device l Reduces OpEx with Junos OS automation capabilities |
Table 1. SRX4600 Firewall Hardware Specifications
Specification | SRX4600 |
Total onboard I/O ports | Up to 24x1GbE/10GbE (SFP+)4 |
Out-of-Band (OOB) management ports | RJ-45 (1 Gbps) |
Dedicated high availability (HA) ports | 2x1GbE/10GbE (SFP+) Control |
Console | RJ-45 (RS232) |
USB 2.0 ports (Type A) | 1 |
Memory and Storage | |
System memory (RAM) | 256 GB |
Secondary storage (SSD) | 2x 1 TB M.2 SSD |
Dimensions and Power | |
Form factor | 1 U |
Size (WxHxD) | 17.4 x 1.7 x 26.5 in (44.19 x 4.32 x 67.31 cm) |
Weight (system and 2 power entry modules) | With AC PEMs: 38 lb (17.24 kg) |
Redundant PSU | 1+1 |
Power supply | 2x 1600 W AC-DC PSU redundant |
Average power consumption | 650 W |
Average heat dissipation | 2218 BTU/hour |
Maximum current consumption | 12 A (for 110 V AC power) |
Precision Time Protocol Timing Ports | |
Time of day – RS-232 (EIA-23) | 1xRJ-45 |
BITS clock | 1xRJ-48 |
10-MHz timing connector (GNSS) | 1xInput (COAX) |
Pulse per second connection (1-PPS) | 1xInput (COAX) |
Environmental and Regulatory Compliance | |
Acoustic noise level | 69 dBA at normal fan speed,87 dBA at full fan speed |
Airflow/cooling | Front to back |
Operating temperature | 32° to 104° F (0° to 40° C) |
Operating humidity | 5% to 90% non-condensing |
Meantime between failures (MTBF) | 111,626 hours (12.75 years) |
FCC classification | Class A |
RoHS compliance | RoHS 2 |
NEBS compliance | Designed for NEBS Level 3 |
Performance | |
Routing/firewall (64 B packet size) throughput Gbps4 | 104 Gbps |
Routing/firewall (IMIX packet size) throughput Gbps4 | 400 Gbps |
Routing/firewall throughput Gbps4 | 400 Gbps |
IPsec VPN (IMIX packet size) Gbps4 | 44.4 Gbps |
IPsec VPN (1400 B packet size) Gbps4 | 69.6 Gbps |
Application security performance in Gbps5 | 75.5 Gbps |
Recommended IPS in Gbps6 | 45.5 Gbps |
Next-generation firewall in Gbps6 | 33 Gbps |
Secure Web Access firewall in Gbps 7 | 22.6 Gbps |
Connections per second (CPS) | 600,000 |
Maximum security policies | 80,000 |
Maximum concurrent sessions (IPv4 or IPv6) | 60 million |
Route table size (RIB/FIB) (IPv4 or IPv68) | 4 million/1.2 million |
IPsec tunnels | 7500 |
Number of remote access/SSL VPN (concurrent) users | 7500 |
4There are eight dedicated 1GbE/10GbE ports. The four 40GbE/100GbE ports can use breakout cables to create 4x10GbE (SFP+) ports each, resulting in a total of 24x 10GbE ports.
5Throughput numbers based on UDP packets and RFC2544 test methodology.
6Next-Generation Data Center firewall performance is measured with Firewall, Application Security, and IPS enabled using 64KB transactions.
7Secure Web Access firewall performance is measured with Firewall, Application Security, IPS, SecIntel, and URL Filtering enabled using 64KB transactions.
8IPv6 FIB scale is with 32-bit mask.
Table 1. SRX4600 Firewall Ordering Information
Product Number | Description |
SRX4600-CHAS | SRX4600 Chassis Spare, no fans, no PEMs |
SRX4600-AC | SRX4600 Services Gateway with 8x10GE and 4x40GE ports, AC |
SRX4600-AC-TAA | SRX4600 Services Gateway, AC, TAA |
SRX4600-DC | SRX4600 Services Gateway with 8x10GE and 4x40GE ports, DC |
SRX4600-DC-TAA | SRX4600 Services Gateway, DC, TAA |
SRX4600-SYS-JB-AC | SRX4600 Services Gateway includes hardware (4x100GE, 8x10GE, two AC PSU, five FAN Trays, cables and RMK) and Junos Software Base (Firewall, NAT, IPSec, Routing, MPLS) |
SRX4600-SYS-JB-DC | SRX4600 Services Gateway includes hardware (4x100GE, 8x10GE, two DC PSU, five FAN Trays, cables and RMK) and Junos Software Base (Firewall, NAT, IPSec, Routing, MPLS) |
