The SRX4300 next-generation firewall (NGFW) protects small and midsized campus, data center, and regional headquarters networks. The 1 U, power-efficient device delivers up to 90 Gbps firewall throughput per rack unit and supports 100 Gbps interfaces with wire speed MACsec encryption to safeguard data in motion.
The SRX4300 integrates networking and security into a single platform. It features built-in zero-trust capabilities, EVPN-VXLAN fabric integration, and AI Predictive Threat Prevention for ultra-high security efficacy. Centrally managed by Juniper Security Director Cloud, the SRX4300 delivers high-performance IPsec VPN and unified policy management for securing your network reliably.
Table 1. SRX4300 Firewall Features and Benefits
Business Requirement | Feature/Solution | SRX4300 Advantages |
High performance | Hardware accelerated encryption/decryption | l Offloads CPU intensive encryption/decryption tasks l Improves performance for SSL and IPsec |
High-quality, end-user experience | Application visibility and control | l Updates application continuously and decodes custom applications l Controls and prioritizes traffic based on application and user role l Inspects and detects applications inside SSL-encrypted traffic, including Web and SaaS |
Advanced threat protection | NGFW Services: IPS, antivirus, antispam, Web filtering | l Prevents exploits with 99.9% effectiveness2; signatures update in real time l Protects against known malware and malicious Web and DNS traffic l Sandboxing for unknown malware across multiple OS types, including iOS, Windows, Android, and CentOS l Delivers threat intelligence in an open platform to accommodate for third-party and custom threat feeds l Detects threats hidden inside encrypted traffic without decrypting |
Zero-day protection | Juniper’s AI-Predictive Threat Prevention | l Predicts and prevents malware at line rate by using AI to effectively identify threats from packet snippets l Eliminates patient-zero infections l Auto-generates protective signatures that remain active for the full attack lifecycle, keeping the network safe from subsequent attacks |
Secure data transactions | Juniper Secure Connect: IPsec VPN, remote access/SSL VPN | l Provides high-performance IPsec VPN with dedicated crypto engine l Offers diverse VPN options for various network designs, including remote access and dynamic site-to-site communications l Simplifies large VPN deployments with auto-VPN l Includes hardware-based crypto acceleration l Secure and flexible remote access SSL VPN |
Advanced networking services | Routing, secure wire | l Supports carrier-class advanced routing and quality of service (QoS) |
Security embedded into the data center fabric | EVPN-VXLAN (EVPN Type 5 route) | l Enhances tunnel inspection for VXLAN encapsulated traffic with Layer 4-7 security services l Eases operations with Type 5 support through BGP l Does not require decapsulation for EVPN-VXLAN traffic |
Reliability | Chassis cluster, redundant power supplies | l Provides stateful configuration and session state synchronization l Supports active/active and active/backup deployment scenarios l Offers highly available hardware with redundant power supply unit (PSU) and fans |
Easy to manage and scale | Juniper Security Director Cloud, on-box GUI | l Provides centralized management via Juniper’s unified management experience, including zero-touch provisioning (ZTP), unbroken visibility, intelligent rule placement, and simplified policy configuration and automation l Supports Network Address Translation (NAT), and automated IPsec VPN deployments via wizards l Supports on-box GUI |
Built-in zero trust capabilities | DevID with TPM 2.0 Module | l Verifies the device’s trust posture easily l Provides cryptographically signed device ID that supports RFC-compliant sZTP for hardware and software attestation l Mitigates the risks of supply chain attacks |
Low TCO | Junos OS | l Integrates routing and security capabilities into a single device l Reduces OpEx with Junos OS automation capabilities l Automated integration with other devices running Junos OS, such as Juniper MX, PTX, and ACX routers, EX and QFX switches, and Cloud-Native Contrail Networking (CN2) |
Table 1. SRX4300 Firewall Hardware Specifications
Specifications | SRX4300 |
Connectivity | |
Onboard ports | 8 x 1 GbE/2.5 GbE/5 GbE/10 GbE BASE-T |
Onboard small form-factor pluggable plus (SFP+) transceiver ports | 8 x 1 GbE/10 GbE SFP+ |
Out-of-Band (OOB) management ports | 1 x 1 GbE G (RJ-45) |
Dedicated high availability (HA) ports | 2 x 1 GbE SFP |
Console | 1 (RJ-45) |
USB 3.0 ports (Type A) | 1 |
Storage | |
Storage (SSD) | 1 x 120 GB (primary), 1 x 960 GB (secondary + logging disk) |
Dimensions and Power | |
Form factor | 1U |
Size (W x H x D) | 17.28 x 1.74 x 18.20 in |
Weight (device and PSU) | Chassis with two AC PSU: 20.2 lb (9.2 kg) |
Redundant PSU | 1+1 |
Power supply | 2 x 850W AC PSU redundant |
Average heat dissipation | 1 x DC PSU (40V): 1221.5 BTU/h |
Maximum current consumption | 4.67 A (for 110 V AC PSM) |
Maximum inrush current | 40 A for 1 cycle of AC (AC PSM) |
Environment and Regulatory Compliance | |
Airflow/cooling | Front to back |
Operating temperature | 32° to 104° F (0° to 40° C at 6000 ft altitude) |
Operating humidity | 5% to 90% non-condensing |
Meantime between failures (MTBF) | Over 100,000 hours (12 years) |
FCC classification | Class A |
RoHS compliance | RoHS 6 |
Performance and Scale | |
Firewall throughput (IMIX) | 50 Gbps |
Firewall throughput (1518B) | 90 Gbps |
IPsec VPN throughput (IMIX) | 30 Gbps |
IPsec VPN throughput (1400B) | 75 Gbps |
Application security performance (TPS#) | 60 Gbps |
Next-generation firewall (TPS) | 45 Gbps |
Secure Web Access Firewall (CPS**) | 45 Gbps |
Advanced Threat (CPS**) | 15 Gbps |
Connections per second (64B) | 550,000 |
Maximum concurrent sessions (IPv4 or IPv6) | 10 Million |
Route table size (RIB/FIB) (IPv4) | 2 Million/1 Million |
IPsec VPN tunnels | 8,000 |
Table 1. SRX4300 Firewall Ordering Information
Product Number | Description |
SRX4300-AC | SRX4300 Services Gateway includes hardware, AC PSU, cable, RMK and Junos Software Base (Firewall, NAT, IPsec, Routing, MPLS and Switching) |
SRX4300-DC | SRX4300 Services Gateway includes hardware, DC PSU, cable, RMK and Junos Software Base (Firewall, NAT, IPsec, Routing, MPLS and Switching) |
