The SRX4200 Firewall is a high-performance, next-generation firewall (NGFW) that protects small and midsized enterprise campus, data center, and regional headquarters networks. It’s an integral part of the Juniper Connected Security portfolio, which extends security to every connection point on the network to safeguard users, data, and infrastructure against advanced threats.
The SRX4200 integrates networking and security in a single platform that provides high-performance, scalable intrusion detection/prevention and dynamically protects against malware. Centrally managed by Juniper Security Director Cloud software, it delivers IPsec VPN, fully automated SD-WAN, and easy policy management capabilities for reliable network security.
Table 1. SRX4100 and SRX4200 Statistics
Model | SRX4100 | SRX4200 |
Firewall throughput | 40 Gbps | 80 Gbps |
Firewall throughput—IMIX | 22 Gbps | 44 Gbps |
Firewall throughput with application security | 19.9 Gbps | 39.8 Gbps |
IPsec VPN throughput-IMIX | 14.8 Gbps | 29.6 Gbps |
Intrusion prevention | 13.9 Gbps | 27.7 Gbps |
Next-generation firewall2 throughput | 9 Gbps | 18 Gbps |
Secure Web Access3 throughput | 6.7 Gbps | 13.3 Gbps |
Connections per second | 250,000 | 500,000 |
Maximum session | 5 million | 10 million |
Table 2. SRX4100 and SRX4200 Features and Benefits
Business Requirement | Feature/Solution | SRX4100/SRX4200 Advantages |
High performance | Up to 80 Gbps of firewall throughput (up to 40 Gbps of IMIX firewall throughput) | l Best suited for enterprise campus and data center edge deployments l Ideal for next-generation firewall deployments at the head office l Scalability and feature capacity meets future needs |
High-quality end-user experience | Application visibility and control | l Continuous application updates provided by Juniper Threat Labs l Controls and prioritizes traffic based on application and use role l Inspects and detects applications inside SSL-encrypted traffic |
Advanced threat protection | IPS, antivirus, antispam, enhanced web filtering, Juniper Advanced Threat Prevention Cloud sandboxing, Encrypted Traffic Insights, and SecIntel Threat Intelligence Feeds | l Provides IPS capabilities and real-time updates to signatures that effectively protect against exploits, proven most effective in the industry by multiple third-party testing companies l Protects against malware and malicious web traffic l Delivers an open threat intelligence platform that provides a single point for all operational intelligence feeds l Protects against zero-day attacks l Stops rogue and compromised devices from disseminating malware l Restores visibility lost due to encryption without the heavy burden of full TLS/SSL decryption |
Zero-day prevention | AI-Predictive Threat Prevention | l Predicts and prevents malware at line rate by using AI to effectively identify threats from packet snippets l Eliminates patient-zero infections l Provides protection that lasts for the full attack lifecycle—not merely 24 hours—so the network is safe from reinfection from subsequent attacks |
Advanced networking services | Routing, secure wire | l Supports carrier-class advanced routing and quality of service (QoS) |
Highly secure | IPsec VPN, Remote Access/SSL VPN | l Provides high-performance IPsec VPN with dedicated crypto engine l Offers diverse VPN options for various network designs, including remote access and dynamic site-to-site communications l Simplifies large VPN deployments with auto VPN l Includes hardware-based crypto acceleration l Secure and flexible remote access SSL VPN with Juniper Secure Connect |
Embedded security in data center fabric | EVPN-VXLAN Type 5 routes | l Enhances tunnel inspection for VXLAN encapsulated traffic with Layer 4 to Layer 7 security services l Eases operations with Type 5 support through BGP l Does not require decapsulation of EVPN-VXLAN traffic |
Highly reliable | Chassis cluster, redundant power supplies | l Provides stateful configuration and session state synchronization l Supports active/active and active/backup deployment scenarios l Offers highly available hardware with redundant power supply unit (PSU) and redundant fans l Delivers dedicated control and fabric link with seamless high availability |
Easy to manage and scale | On-box GUI, Juniper Security Director Cloud | l Enables centralized management from Juniper’s unified management experience with unbroken visibility, zero-touch provisioning, intelligent firewall policy management and scalability, Network Address Translation (NAT), and IPsec VPN deployments l Includes simple, easy-to-use on-box GUI for local management |
Low TCO | Junos OS | l Integrates routing and security in a single device l Reduces OpEx with Junos OS automation capabilities |
Table 1. SRX4100 and SRX4200 Hardware Specifications
Specifications | SRX4100 | SRX4200 |
Connectivity | ||
Total onboard ports | 8x1GbE/10GbE | 8x1GbE/10GbE |
Onboard small form-factor pluggable plus (SFP+) transceiver ports | 8x1GbE/10GbE | 8x1GbE/10GbE |
Out-of-Band (OOB) management ports | 1x1GbE | 1x1GbE |
Dedicated high availability (HA) ports | 2x1GbE/10GbE (SFP/SFP+) | 2x1GbE/10GbE (SFP/SFP+) |
Console (RJ-45) | 1 | 1 |
USB 2.0 ports (type A) | 2 | 2 |
Memory and Storage | ||
System memory (RAM) | 64 GB | 64 GB |
Secondary storage (SSD) | 240 GB with 1+1 RAID | 240 GB with 1+1 RAID |
Dimensions and Power | ||
Form factor | 1 U | 1 U |
Size (WxHxD) | 17.48 x 1.7 x 25 in | 17.48 x 1.7 x 25 in |
Weight (device and PSU) | Chassis with two AC power supplies: 29 lb (13.15 kg) | Chassis with two AC power supplies: 29 lb (13.15 kg) |
Redundant PSU | 1+1 | 1+1 |
Power supply | 2x 650 W redundant | 2x 650 W redundant |
Average power consumption | 200 W | 200 W |
Average heat dissipation | 685 BTU / hour | 685 BTU / hour |
Maximum current consumption | 4A (for 110 V AC power) | 4A (for 110 V AC power) |
Maximum inrush current | 50 A by 1 AC cycle | 50 A by 1 AC cycle |
Environmental and Regulatory Compliance | ||
Acoustic noise level | 70 dBA | 70 dBA |
Airflow/cooling | Front to back | Front to back |
Operating temperature | 32° to 104° F | 32° to 104° F |
Operating humidity | 5% to 90% noncondensing | 5% to 90% noncondensing |
Meantime between failures (MTBF) | 221,729 hours (about 25.3 years) | 221,729 hours (about 25.3 years) |
FCC classification | Class A | Class A |
RoHS compliance | RoHS 2 | RoHS 2 |
Performance and Scale | ||
Routing/firewall (IMIX packet size) throughput Gbps4 | 22.5 | 44 |
Routing/firewall (1,518 B packet size) throughput Gbps4 | 40 | 80 |
IPsec VPN (IMIX packet size) Gbps4 | 14.8 | 29.6 |
Application visibility and control in Gbps5 | 19.9 | 39.8 |
Recommended IPS in Gbps5 | 13.9 | 27.7 |
Next-generation firewall in Gbps6 | 9 | 18 |
Secure Web Access firewall in Gbps7 | 6.7 | 13.3 |
Connections per second (CPS) | 250,000 | 500,000 |
Maximum security policies | 60,000 | 60,000 |
Maximum concurrent sessions (IPv4 or IPv6) | 5 million | 10 million |
Route table size (RIB/FIB) (IPv4) | 2 million/1.2 million | 2 million/1.2 million |
IPsec tunnels | 7500 | 7500 |
Number of remote access/SSL VPN (concurrent) users | 7500 | 7500 |
Multitenancy (LSYS/TSYS) | 32/200 | 32/200 |
Table 1. SRX4200 Firewall Ordering Information
Product Number | Description |
SRX4200-AC | SRX4200 SERVICES GATEWAY, AC |
SRX4200-CHAS | SRX4200 CHASSIS; NO PSU AND NO FAN |
SRX4200-DC | SRX4200 SERVICES GATEWAY, DC |
SRX4200-FAN | SRX4100/SRX4200 FAN UNIT |
SRX4200-IPS-1 | IPS UPDATES, 1 YR, SRX4200 |
SRX4200-IPS-3 | IPS UPDATES, 3 YR, SRX4200 |
SRX4200-IPS-5 | IPS UPDATES, 5 YR, SRX4200 |
SRX4200-JSB | SRX4200 JUNOS SOFTWARE BASE |
SRX4200-JSE | SRX4200 JUNOS SOFTWARE ENHANCED |
SRX-4200-LSYS-1 | SRX4200 1 INCREMENTAL LOGICAL SYS LIC |
SRX-4200-LSYS-25 | SRX4200 25 INCREMENTAL LOGICAL SYS LIC |
SRX-4200-LSYS-5 | SRX4200 5 INCREMENTAL LOGICAL SYS LIC |
SRX4200-RMK | SRX4100/SRX4200 RACK MOUNT KIT – RAIL |
SRX4200-S-AS-1 | ANTI-SPAM 1-YR SRX4200 |
SRX4200-S-AS-3 | ANTI-SPAM 3-YR SRX4200 |
SRX4200-S-AV-1 | AV 1-YR SRX4200 |
SRX4200-S-AV-3 | AV 3-YR SRX4200 |
SRX4200-SYS-JB-AC | SRX4200-AC HW & JUNOS BASE (JSB) |
SRX4200-SYS-JB-DC | SRX4200-DC HW & JUNOS BASE (JSB) |
SRX4200-SYS-JE-AC | SRX4200-AC HW & JUNOS ENHANCED (JSE) |
SRX4200-SYS-JE-DC | SRX4200-DC HW & JUNOS ENHANCED (JSE) |
SRX4200-THRTFEED-1 | SKY ATP FEEDS ONLY SRX4200 – 1YR |
SRX4200-THRTFEED-3 | SKY ATP FEEDS ONLY SRX4200 – 3YR |
SRX4200-THRTFEED-5 | SKY ATP FEEDS ONLY SRX4200 – 5YR |
SRX4200-W-EWF-1 | EWF 1-YR SRX4200 |
SRX4200-W-EWF-3 | EWF 3-YR SRX4200 |
SRX4200-W-EWF-5 | EWF 5-YR SRX4200 |
