The SRX1600 Firewall protects enterprise campus networks and serves as a perimeter firewall in small and midsized data centers. The 1 U, power-efficient device delivers up to 24 Gbps firewall throughput per rack unit and supports 25 Gbps interfaces with wire speed MACsec to safeguard data in motion.
The next-generation firewall (NGFW) has built-in zero-trust capabilities, EVPN-VXLAN fabric integration, AI Predictive Threat Prevention, and high port density to secure your network reliably. Centrally managed by Juniper Security Director Cloud, the SRX1600 supports intrusion detection and prevention, application visibility and control, and content security features that include antivirus, antispam, and web filtering.
Table 1. SRX1600 Features and Benefits
Business Requirement | Feature/Solution | SRX1600 Advantages |
High performance | Hardware accelerated encryption/decryption | l Offloads CPU intensive encryption/decryption tasks l Improves performance for SSL and IPsec |
High-quality, end-user experience | Application visibility and control | l Updates application continuously and decodes custom applications l Controls and prioritizes traffic based on application and user role l Inspects and detects applications inside SSL-encrypted traffic, including Web and SaaS |
Advanced threat protection | NGFW Services: IPS, antivirus, antispam, Web filtering, Juniper Advanced Threat Prevention Cloud: sandboxing, Encrypted Traffic Insights, SecIntel threat intelligence feeds | l Prevents exploits with 99.9% effectiveness2; signatures update in real time l Protects against known malware and malicious Web and DNS traffic l Sandboxing for unknown malware across multiple OS types, including iOS, Windows, Android, and CentOS l Delivers threat intelligence in an open platform to accommodate for third-party and custom threat feeds l Detects threats hidden inside encrypted traffic without decrypting |
Zero-day protection | Juniper’s AI-Predictive Threat Prevention | l Predicts and prevents malware at line rate by using AI to effectively identify threats from packet snippets l Eliminates patient-zero infections l Auto-generates protective signatures that remain active for the full attack lifecycle, keeping the network safe from subsequent attacks |
Secure data transactions | Juniper Secure Connect: IPsec VPN, remote access/SSL VPN | l Provides high-performance IPsec VPN with dedicated crypto engine l Offers diverse VPN options for various network designs, including remote access and dynamic site-to-site communications l Simplifies large VPN deployments with auto-VPN l Includes hardware-based crypto acceleration l Ensures secure and flexible remote access SSL VPN |
Advanced networking services | Routing, secure wire | l Supports carrier-class advanced routing and quality of service (QoS) |
Security embedded into the data center fabric | EVPN-VXLAN (EVPN Type 5 routes) | l Enhances tunnel inspection for VXLAN encapsulated traffic with Layers 4-7 security services l Eases operations with Type 5 support through BGP l Does not require decapsulation for EVPN-VXLAN traffic |
Reliability | Chassis cluster, redundant power supplies | l Provides stateful configuration and session state synchronization l Supports active/active and active/backup deployment scenarios l Offers highly available hardware with redundant power supply unit (PSU) and fans |
Easy to manage and scale | Juniper Security Director Cloud, on-box GUI | l Provides centralized management via Juniper’s unified management experience, including zero-touch provisioning (ZTP), unbroken visibility, intelligent rule placement, and simplified policy configuration and automation l Supports Network Address Translation (NAT), and automated IPsec VPN deployments via wizards l Supports on-box GUI |
Built-in zero trust capabilities | DevID with TPM 2.0 Module | l Verifies the devices’ trust posture easily l Provides cryptographically signed device ID that supports RFC8572-compliant sZTP for hardware and software attestation l Mitigates the risks of supply chain attacks |
Low TCO | Junos OS | l Integrates routing and security capabilities into a single device l Reduces OpEx with Junos OS automation capabilities l Automates integration with Cloud-Native Contrail Networking (CN2) and other devices running Junos OS, such as Juniper MX, PTX, and ACX routers, and EX and QFX switches |
Table 1. SRX1600 Hardware Specifications
Specifications | SRX1600 |
Connectivity | |
Onboard ports | 16 x 1 GbE 10/100/1000 BASE-T |
Onboard small form-factor pluggable plus (SFP+) transceiver ports | 4 x 1 GbE/10 GbE SFP+ |
Out-of-Band (OOB) management ports | 1 x 1 GbE G (RJ-45) |
Dedicated high availability (HA) ports | 2 x 1 GbE SFP |
Console | 1 (RJ-45) |
USB 3.0 ports (Type A) | 1 |
Storage | |
Storage (SSD) | 1 x 120 GB |
Dimensions and Power | |
Form factor | 1U |
Size (W x H x D) | 17.28 x 1.74 x 18.20 in |
Weight (device and PSU) | Chassis with two AC power supplies: 15.7 lb (7.1 kg) |
Redundant PSU | 1+1 |
Power supply | 2 x 450 W AC PSU redundant |
Average heat dissipation | 1 x DC PSU (40V): 487.9 BTU/h |
Maximum current consumption | 2 A (for 110 V AC PSM) |
Maximum inrush current | 50 A for 1 cycle of AC (AC PSM) |
Environment and Regulatory Compliance | |
Acoustic noise level | 58 dB (max) |
Airflow/cooling | Front to back |
Operating temperature | 32° to 104° F (0° to 40° C at 6000 ft altitude) |
Operating humidity | 5% to 90% non-condensing |
Meantime between failures (MTBF) | Over 100,000 hours (12 years) |
FCC classification | Class A |
RoHS compliance | RoHS 6 |
Performance and Scale | |
Firewall throughput (IMIX) | 9 Gbps |
Firewall throughput (1518B) | 24 Gbps |
IPsec VPN throughput (IMIX) | 5.5 Gbps |
IPsec VPN throughput (1400B) | 18 Gbps |
Application security performance (TPS#/CPS**) | 21.5 Gbps/5.3 Gbps |
Next-generation firewall (TPS#/CPS**)4 | 21 Gbps/2.75 Gbps |
Secure Web Access Firewall (CPS**) | 2.5 Gbps |
Advanced Threat (CPS) | 1.3 Gbps |
Connections per second (64B) | 95,000 |
SSL connections per second | 2,400 |
Maximum concurrent sessions (IPv4 or IPv6) | 2 Million |
Route table size (RIB/FIB) (IPv4) | 2 Million/1 Million |
IPsec VPN tunnels | 2,000 |
Table 1. SRX1600 Firewall Ordering Information
Product Number | Description |
SRX1600-AC | SRX1600 Services Gateway includes hardware, AC PSU, cable, RMK and Junos Software Base (Firewall, NAT, IPsec, Routing, MPLS and Switching) |
SRX1600-AC-TAA | SRX1600 Services Gateway includes hardware, AC PSU, cable, RMK and Junos Software Base (Firewall, NAT, IPsec, Routing, MPLS and Switching), TAA Compliant |
SRX1600-DC | SRX1600 Services Gateway includes hardware, DC PSU, cable, RMK and Junos Software Base (Firewall, NAT, IPsec, Routing, MPLS and Switching) |
SRX1600-DC-TAA | SRX1600 Services Gateway includes hardware, DC PSU, cable, RMK and Junos Software Base (Firewall, NAT, IPsec, Routing, MPLS and Switching), TAA Compliant |
