SRX4700 Firewall Datasheet

The SRX4700 delivers NGFW features that support the changing needs of cloud-enabled enterprise networks and data centers. Whether rolling out new services on an enterprise campus, connecting to the cloud seamlessly, complying with industry standards, or achieving operational efficiency, the SRX4700 empowers organizations to operationalize Zero Trust principles at scale while realizing business objectives. It protects critical corporate assets with features such as intrusion prevention system (IPS), follow-the-user and follow-the-application access policies, and Juniper’s AI-Predictive Threat Prevention. Furthermore, the SRX4700 works with Juniper’s cloud security solutions to secure hybrid-cloud environments with networkwide visibility and control, providing consistently secure on-premises and cloud environments.

For cloud providers, service providers, and enterprises, the hardware acceleration in the SRX4700 protects data center core and edge workloads at Layer 7 at wirespeed with industry-leading security efficacy. It also adheres to industry-standard EVPN Type 5 and VXLAN protocols within these data centers, enabling the SRX4700 to act as a secure, fabric-aware leaf in the spine-leaf architecture and uniquely streamlining security workflows within the data center. Plus, the SRX4700 does all this while delivering the highest firewall performance per rack unit of any data center firewall available today.

Service providers offering 4G and 5G services can take advantage of the SRX4700’s proven software, which secures dozens of Tier 1 service providers around the world. Use cases supported with high-performance hardware acceleration include security gateway, Gi / N6 firewall, CGNAT, and roaming firewall. Service providers with power and space constraints can deploy the SRX4700 in both distributed and centralized locations and secure their networks at terabit speeds while consuming only a single rack unit within their data centers.

The SRX4700 participates in Juniper’s Connected Security Distributed Services Architecture, enabling organizations to scale both horizontally and elastically while simplifing operational management of large-scale firewall networks. With this architecture, several SRX4700 platforms can work together as a single large logical firewall to provide security at higher performance and scale.

The SRX4700 is powered by Junos^® operating system, the OS that underpins and helps secure the world’s largest mission-critical enterprise and service provider networks. It is managed by Juniper Security Director, Juniper’s unified management experience that connects the organization’s current deployments with future architectural rollouts. Security Director uses a single policy framework enabling consistent security policies across any environment and expanding Zero Trust to all parts of the network-from the edge into the data center. This provides unbroken visibility, policy configuration, administration, and collective threat intelligence all in one place.

The SRX4700 leverages Juniper's innovative architecture to deliver its high performance and robust security services:

• Juniper Trio ASIC: At its core, the SRX4700 is powered by Juniper's purpose-built Trio ASIC, designed for predictable, high-performance security processing. This specialized silicon ensures consistent throughput even when multiple advanced security services are enabled simultaneously
• EVPN-VXLAN integration: With native support for EVPN Type 5 and VXLAN protocols, the SRX4700 seamlessly integrates into modern, automated data center fabrics. This allows for security policy enforcement at the fabric edge without needing to break tunnels, simplifying configuration and enhancing agility
• AI-Predictive Threat Prevention: The SRX4700 features AI-Predictive Threat Prevention, which uses machine learning to generate custom signatures and provide line-rate anti-malware performance. This ensures high security efficacy and proactive defense against evolving threats
• Multinode High Availability (MNHA): The SRX4700 supports advanced Multinode High Availability, offering a resilient HA design that ensures continuous availability and simplified operations, minimizing downtime and operational complexity. MNHA deployments include Layer 2, hybrid, and Layer 3, including geo redundancy across different geographic locations
• Juniper Security Director: Centralized management of the SRX4700 is provided by Juniper Security Director, offering unified policy management, automation, and end-to-end visibility across your security infrastructure

To increase trust and streamline operations, the SRX4700 features several built-in Zero Trust device capabilities, including an embedded Trusted Platform Module (TMP) 2.0 and cryptographically signed device ID. The SRX4700 supports RFC compliant Secure Zero Touch Provisioning (sZTP) to deploy products in your network efficiently, expediently, and remotely. Additionally, the SRX4700 supports MACsec at wire speed on all ports, ensuring data integrity, and confidentiality.

The SRX4700 is part of Juniper’s Connected Security Distributed Services Architecture, which revolutionizes data center security. With this architecture, firewall performance can scale horizontally by interconnecting traffic forwarding and security services across multiple geographic locations. It also provides automated failover and backup nodes for both forwarding and inspection components. In addition to redundancy and load balancing, Juniper Connected Security Distributed Services Fabric simplifies how large-scale data center firewall networks are managed and operated. Regardless of how many firewall engines across the various form factors (physical, virtual, containerized) are added, they can all be managed as one logical unit. The centralized management eliminates the complexity that has been an unintended consequence of a traditional scale-out approach.

• Stateful firewall services
• Zone-based firewall
• Screens and distributed denial of service (DDoS) protection
• Protection from protocol and traffic anomalies
• Unified Access Control (UAC)
• Integration with Juniper^® Access Assurance

• Carrier-grade Network Address Translation (Large-scale NAT)
• IPv4 and IPv6 address translation NAT44, NAPT44, NAT66, NAPT66, NAT64, NAT46
• Static and dynamic 1-1 translation
• Source NAT with Port Address Translation (PAT)
• Destination NAT with Port Address Translation (PAT)
• Port Block Allocation (PBA)
• Deterministic NAT (DetNAT)
• Port overload
• Persistent NAT (enables EIM/EIF)
• Twice-NAT44
• DS-lite

• Tunnels: Site-to-site, hub and spoke, dynamic endpoint, AutoVPN, ADVPN, Group VPN (IPv4/ IPv6/Dual Stack)
• Juniper^® Secure Connect: Remote access/SSL VPN
• Configuration payload: Yes
• IKE encryption algorithms: Prime,3DES-CBC, AEC-CBC, AES-GCM, Suite B
• Authentication: Pre-shared key and public key infrastructure (PKI) (X.509)
• Post Quantum Authentication: Post-quantum Pre-shared Key (PPK), Quantum Key Distribution (QKD), Symmetric Key Exchange (SKE)
• Security Payload (ESP) protocol
• IPsec authentication algorithms: hmac-md5, hmac-sha-196, hmac-sha-256
• IPsec encryption algorithms: Prime, DES-CBC, 3DES-CBC, AEC-CBC, AES-GCM, Suite B
• Perfect Forward Secrecy (PFS), DH-group support (group14-16, 19-21, 24), anti-replay
• Internet Key Exchange: IKEv1, IKEv2
• Monitoring: Standards-based dead peer detection (DPD) support, VPN monitoring
• VPNs GRE, IP-in-IP, and MPLS
• Hardware acceleration: Inline IPsec (AES-GCM), QAT

• Virtual Router Redundancy Protocol (VRRP): IPv4 and IPv6
• Stateful high availability:
  • HA clustering
    • Active/active
    • Active/passive
  • Configuration synchronization
  • Firewall session synchronization
  • Device/link detection
  • Unified in-service software upgrade (unified ISSU)
• IP monitoring with route and interface failover
• Multinode HA (MN-HA)

• Application visibility and control
• Application QoS
• Advanced/application policy-based routing (APBR)
• Application Quality of Experience (AppQoE)
• Application-based multipath routing
• User-based firewall

• Intrusion prevention system
• AI-Predictive Threat Prevention
• Antivirus
• Antispam
• Category/reputation-based URL filtering
• SSL proxy/inspection
• Protection from botnets (command and control)
• Adaptive enforcement based on GeoIP
• Juniper ATP, a cloud-based SaaS offering to detect and block zero-day attacks
• Adaptive Threat Profiling
• Encrypted Traffic Insights
• SecIntel threat intelligence
• Juniper ATP virtual appliance, a distributed, on-premises advanced threat prevention solution to detect and block zero-day attacks

• IPv4, IPv6, static routes, RIP v1/v2
• OSPF/OSPF v3
• BGP with route reflector
• IS-IS
• Multicast: Internet Group Management Protocol (IGMP) v1/v2, Protocol Independent Multicast (PIM) sparse mode (SM)/dense mode (DM)/source-specific multicast (SSM), Session Description Protocol (SDP), Distance Vector Multicast Routing Protocol (DVMRP), Multicast Source Discovery Protocol (MSDP), reverse path forwarding (RPF)
  • Encapsulation: VLAN, Point-to-Point Protocol over Ethernet (PPPoE)
  • Virtual routers
  • Policy-based routing, source-based routing
  • Equal-cost multipath (ECMP)
• EVPN-VXLAN (EVPN Type 5 route)

• Support for 802.1p, DiffServ code point (DSCP)
• Classification based on interface, bundles, or multifield filters
• Marking, policing, and shaping
• Classification and scheduling
• Weighted random early detection (WRED)
• Guaranteed and maximum bandwidth
• 8 queues per port

• Dynamic Host Configuration Protocol (DHCP) client/server/ relay
• Domain Name System (DNS) proxy, dynamic DNS (DDNS)
• Juniper real-time performance monitoring (RPM) and IP monitoring
• Juniper flow monitoring (J-Flow)

• SSH, Telnet, SNMP-MIBs and Traps
• Smart image download
• Juniper CLI, Web UI, NetCONF, XML APIs, RMON
• Juniper Security Director Cloud
• Python
• Junos OS events, commit, and OP scripts
• Application and bandwidth usage reporting
• Debug and troubleshooting tools

Juniper Networks is the leader in performance-enabling services that are designed to accelerate, extend, and optimize your high-performance network. Our services allow you to maximize operational efficiency while reducing costs and minimizing risk, achieving a faster time to value for your network. Juniper Networks ensures operational excellence by optimizing the network to maintain required levels of performance, reliability, and availability. For service-specific information specific to SRX Series Firewalls, please read the Firewall Conversion Service or the SRX Series QuickStart Service datasheets. For more details, please visit https://www.juniper.net/us/en/products.html.

To order Juniper Networks SRX Series Firewalls and to access software licensing information, please visit the How to Buy page at https://www.juniper.net/us/en/how-to-buy/form.html.

Juniper Networks is leading the convergence of AI and networking. Juniper’s Mist^™ AI-native networking platform is purpose-built to run AI workloads and simplify IT operations assuring exceptional secure user and application experiences—from the edge, to the data center, to the cloud. Additional information can be found at www.juniper.net, X, LinkedIn, and Facebook.

Statement of Product Direction

The information on this page may contain Juniper's development and plans for future products, features, or enhancements (“SOPD Information”). SOPD Information is subject to change at any time, without notice. Juniper provides no assurances, and assumes no responsibility, that future products, features, or enhancements will be introduced. In no event should any purchase decision be based upon reliance of timeframes or specifics outlined as part of SOPD Information, because Juniper may delay or never introduce the future products, features, or enhancements.

Any SOPD Information within, or referenced or obtained from, this website by any person does not give rise to any reliance claim, or any estoppel, against Juniper in connection with, or arising out of, any representations set forth in the SOPD Information.  Juniper is not liable for any loss or damage (howsoever incurred) by any person in connection with, or arising out of, any representations set forth in the SOPD Information.

1000780 - 003 - EN OCTOBER 2025