SRX4600 Firewall Datasheet
Download DatasheetProduct Overview
The SRX4600 is an industry-leading threat protection next-generation firewall that supports the changing needs of enterprise, cloud, and service provider networks. The SRX4600 is best suited for organizations focusing on Zero-Trust architecture and is designed for high performance throughput while preventing exploits, malware, and malicious traffic.
The SRX4600 seamlessly integrates networking and security in a single platform. It is managed by Security Director Cloud, which helps organizations operationalize Zero Trust and enable architectural transformation through a unified management experience and single policy framework.
Product Description
The Juniper Networks® SRX4600 Firewall protects mission-critical data center and campus networks for enterprises, service providers, and cloud providers. This Next-Generation Firewall (NGFW) is an integral part of the Juniper® Connected Security framework, which extends security to every point on the network to safeguard users, data, and infrastructure from advanced threats. The SRX4600 Firewall integrates networking and security in a single platform to deliver industry-leading intrusion prevention and malware protection with high-performance throughput, IPSEC VPN, high scalability, and easy policy management to secure the network reliably.
Advanced application identification and classification enables greater visibility, enforcement, control, and protection over network traffic, application access, and data. The firewall provides a detailed analysis of application volume and usage and fine-grained application control policies to allow or deny traffic based on dynamic application names or group names. Traffic is prioritized based on application information and context to reduce complexity across traditional, cloud, and hybrid IT networks.
The SRX4600 also delivers fully automated SD-WAN to both enterprises and service providers. Due to its high performance and scale, the SRX4600 acts as a VPN hub and terminates VPN/secure overlay connections in various SD-WAN topologies.
The firewall is managed by Juniper Security Director Cloud, a unified management experience that connects the organization’s current deployments with future architectural rollouts. Security Director Cloud uses a single policy framework, enabling consistent security policies across any environment and expanding zero trust to all parts of the network from the edge into the data center. This provides unbroken visibility, policy configuration, administration, and collective threat intelligence all in one place, enabling organizations to ensure secure architectures and experiences.
Powering the SRX4600 is Junos®, the industry’s leading operating system responsible for keeping the world’s largest mission-critical enterprise and service provider networks secure.
Architecture and Key Components
The SRX4600 hardware and software architecture provides cost-effective security in a small 1 RU form factor. The purpose-built firewall protects network environments and provides Internet Mix (IMIX) firewall throughput of up to 400 Gbps, and it incorporates multiple security services and networking functions on top of Junos OS. Best-in-class security and advanced threat mitigation capabilities on the SRX4600 are offered with intrusion prevention system (IPS) capabilities and IPsec VPN in the data center, enterprise campus, and regional headquarters deployments with IMIX traffic patterns.
Features and Benefits
Business requirement | Feature/Solution | SRX4600 Advantages |
High performance | Express Path + |
|
High-quality, end-user experience | Application visibility and control |
|
Advanced threat protection | IPS, antivirus, antispam, enhanced web filtering, Juniper Advanced Threat Prevention Cloud sandboxing, Encrypted Traffic Insights, SecIntel, and Threat Intelligence Feeds |
|
Zero-day prevention | AI-Predictive Threat Prevention |
|
Professional-grade networking services | Routing, secure wire |
|
Highly secure | IPsec VPN, Remote access/SSL VPN |
|
Embedded security in data center fabric | EVPN-VXLAN Type 5 routes |
|
Highly reliable | Chassis cluster, redundant power supplies |
|
Easy to manage and scale | On-box GUI, Juniper Security Director Cloud, Security Director, powerful CLI and automation |
|
Low TCO | Junos OS |
|
Software Specifications
Firewall Services
- Stateful firewall services
- Zone-based firewall
- Screens and distributed denial of service (DDoS) protection
- Protection from protocol and traffic anomalies
- Unified Access Control (UAC)
Network Address Translation (NAT)
- Source NAT with Port Address Translation (PAT)
- Bidirectional 1:1 static NAT
- Destination NAT with PAT
- Persistent NAT
- IPv6 address translation
- Port Block Allocation method for carrier-grade NAT
- Deterministic NAT
- Port overloading, pool pairing, NAPT, NAT44, NAT66, NAPT, NAP-PT, NAT46, NAT64, Dual Stack Lite
VPN Features
- Tunnels: Site-to-site, hub and spoke, dynamic endpoint, AutoVPN, ADVPN, Group VPN (IPv4/ IPv6/Dual Stack)
- Juniper Secure Connect: Remote access/SSL VPN
- Configuration payload: Yes
- IKE Encryption algorithms: Prime, DES-CBC, 3DES-CBC, AEC-CBC, AES-GCM, Suite B
- IKE authentication algorithms: MD5, SHA-1, SHA-128, SHA-256, SHA-384, SHA-512
- Authentication: Pre-shared key and public key infrastructure (PKI) (X.509)
- IPsec: Authentication Header (AH) / Encapsulating Security Payload (ESP) protocol
- IPsec Authentication Algorithms: hmac-md5, hmac-sha-196, hmac-sha-256, hmac-sha-512
- IPsec Encryption Algorithms: Prime, DES-CBC, 3DES-CBC, AEC-CBC, AES-GCM, Suite B
- Perfect forward secrecy, anti-reply
- Diffie Hellmann groups from group14 to group24
- Internet Key Exchange: IKEv1, IKEv2
- Monitoring: Standard-based dead peer detection (DPD) support, VPN monitoring
- VPNs GRE, IP-in-IP and MPLS
High Availability Features
- Virtual Router Redundancy Protocol (VRRP)—IPv4 and IPv6
- Stateful high availability:
- HA clustering
- Active/active
- Active/passive
- Dual MACsec-enabled HA control ports (10GbE)
- Dual MACsec-enabled HA fabric ports (10GbE)
- Configuration synchronization
- Firewall session synchronization
- Device/link detection
- Unified in-service software upgrade (unified ISSU)
- Multi-Node HA (MNHA)
- HA clustering
- IP monitoring with route and interface failover
Application Security Services1
- Application visibility and control
- Application QoS
- Advanced/application policy-based routing (APBR)
- Application Quality of Experience (AppQoE)
- Application-based multipath routing
- User-based firewall
Threat Defense and Intelligence Services1
- IPS
- Antivirus
- Antispam
- Category/reputation-based URL filtering
- SSL proxy/inspection
- Protection from botnets (command and control)
- Adaptive enforcement based on GeoIP
- Juniper ATP Cloud, a cloud-based SaaS offering, detects and blocks zero-day attacks
- Adaptive Threat Profiling
- Encrypted Traffic Insights
- SecIntel threat intelligence
- Juniper ATP virtual appliance, a distributed, on-premises advanced threat prevention solution to detect and block Zero-Day attacks
- AI-Predictive Threat Prevention
Routing Protocols
- IPv4, IPv6, static routes, RIP v1/v2
- OSPF/OSPF v3
- BGP with route reflector
- BFD for quick detection
- EVPN-VXLAN
- IS-IS
- Multicast: Internet Group Management Protocol (IGMP) v1/v2; Protocol Independent Multicast (PIM) sparse mode (SM)/dense mode (DM)/source-specific multicast (SSM); Session Description Protocol (SDP); Distance Vector Multicast Routing Protocol (DVMRP); Multicast Source Discovery Protocol (MSDP); reverse path forwarding (RPF)
- Encapsulation: VLAN, Point-to-Point Protocol over Ethernet (PPPoE)
- Virtual routers
- Policy-based routing, source-based routing
- Equal-cost multipath (ECMP)
QoS Features
- Support for 802.1p, DiffServ code point (DSCP)
- Classification based on interface, bundles, or multifield filters
- Marking, policing, and shaping
- Classification and scheduling
- Weighted random early detection (WRED)
- Guaranteed and maximum bandwidth
Network Services
- Dynamic Host Configuration Protocol (DHCP) client/server/relay
- Domain Name System (DNS) proxy, dynamic DNS (DDNS)
- Juniper real-time performance monitoring (RPM) and IP monitoring
- Juniper flow monitoring (J-Flow)
Management, Automation, Logging, and Reporting
- SSH, Telnet, SNMP
- Smart image download
- Juniper CLI and Web UI
- Juniper Security Director Cloud
- Python
- Junos OS events, commit, and OP scripts
- Application and bandwidth usage reporting
- gRPC telemetry
- Debug and troubleshooting tools
Hardware Specifications
Specification | SRX4600 |
Total onboard I/O ports | Up to 24x1GbE/10GbE (SFP+) 4x40GbE/100GbE (QSFP28) |
Out-of-Band (OOB) management ports | RJ-45 (1 Gbps) |
Dedicated high availability (HA) ports | 2x1GbE/10GbE (SFP+) Control 2x1GbE/10GbE (SFP+) Data |
Console | RJ-45 (RS232) |
USB 2.0 ports (Type A) | 1 |
Memory and Storage | |
System memory (RAM) | 256 GB |
Secondary storage (SSD) | 2x 1 TB M.2 SSD |
Dimensions and power | |
Form factor | 1 U |
Size (WxHxD) | 17.4 x 1.7 x 26.5 in (44.19 x 4.32 x 67.31 cm) With AC PEMs: 17.4 x 1.7 x 27.29 in (44.19 x 4.32 x 69.32 cm) With DC PEMs: 17.4 x 1.7 x 29.20 in (44.19 x 4.32 x 74.17 cm) |
Weight (system and 2 power entry modules) | With AC PEMs: 38 lb (17.24 kg) Shipping weight: 45.47 lb (20.62 kg) With DC PEMs: 40 lb (18.14 kg) Shipping weight: 47.47 lb (21.53 kg) |
Redundant PSU | 1+1 |
Power supply | 2x 1600 W AC-DC PSU redundant 2x 1100 W DC-DC PSU redundant |
Average power consumption | 650 W |
Average heat dissipation | 2218 BTU/hour |
Maximum current consumption | 12 A (for 110 V AC power) 6 A (for 220 V AC power) 24 A (for -48 V DC power) |
Precision time protocol timing ports | |
Time of day – RS-232 (EIA-23) | 1xRJ-45 |
BITS clock | 1xRJ-48 |
10-MHz timing connector (GNSS) | 1xInput (COAX) 1xOutput (COAX) |
Pulse per second connection (1-PPS) | 1xInput (COAX) 1xOutput (COAX) |
Environmental and regulatory compliance | |
Acoustic noise level | 69 dBA at normal fan speed,87 dBA at full fan speed |
Airflow/cooling | Front to back |
Operating temperature | 32° to 104° F (0° to 40° C) |
Operating humidity | 5% to 90% non-condensing |
Meantime between failures (MTBF) | 111,626 hours (12.75 years) |
FCC classification | Class A |
RoHS compliance | RoHS 2 |
NEBS compliance | Designed for NEBS Level 3 |
Performance | |
Firewall (IMIX) throughput in Gbps2 | 400 |
Firewall throughput (1518 B) in Gbps2 | 400 |
IPsec VPN throughput (IMIX) in Gbps2 | 44 |
IPsec VPN throughput (1400 B) in Gbps2 | 71 |
Application security performance (TPS##/CPS**) in Gbps3 | 92/41 |
Next-generation firewall (TPS##/CPS**) in Gbps4 | 90/21 |
Secure Web Access firewall (CPS**) in Gbps5 | 19 |
Advanced Threat (CPS**) Gbps6 | 10.5 |
Connections per second (64B) | 570,000 |
SSL connections per second | 16,000 |
Maximum concurrent sessions (IPv4 or IPv6) | 60 million |
Route table size (RIB/FIB) (IPv4) | 4 million/1.2 million |
IPsec VPN tunnels | 7,500 |
Security Director Cloud
Security Director Cloud is Juniper’s simple and seamless management experience delivered in a single UI to connect customers’ current deployments with their future architectural rollouts. Management is at the center of the Juniper Connected Security strategy and helps organizations secure every point of connection on their network to safeguard users, data, and infrastructure.
Organizations can secure their architecture with consistent security policies across any environment—on-premises, cloud-based, cloud-delivered, and hybrid. At the same time, they can expand Zero Trust from the edge all the way into the data center and to the applications and microservices. With Security Director Cloud, organizations have unbroken visibility, policy configuration, administration, and collective threat intelligence all in one place.
Juniper meets customers where they are on their journey, helps them leverage their existing investments, and empowers them to transition to their preferred architecture at a pace that is best for business by automating their transition with Security Director Cloud.
Juniper Mist WAN Assurance and AI-Native Operations
Alternatively, the SRX4600 firewall can be operated and orchestrated through the Juniper Mist Cloud. Mist AI delivers unprecedented automation using a combination of artificial intelligence, machine learning algorithms, and data science techniques to save time, maximize IT productivity, and deliver the best experience to digital users.
Juniper Mist WAN Assurance is built on the Juniper Mist Cloud and delivers full lifecycle management and operations, including AI‑Native insights, automated speed tests, dynamic packet capture (dPCAP), anomaly detection, and root cause identification that focuses on end users’ experience. For Day 0 and Day 1 operations, WAN Assurance also provides orchestration, administration, and ZTP for SRX4600. See the WAN Assurance Datasheet for more information.
Juniper Networks Services and Support
Juniper Networks is the leader in performance-enabling services that are designed to accelerate, extend, and optimize your high-performance network. Our services allow you to maximize operational efficiency while reducing costs and minimizing risk, achieving a faster time to value for your network. Juniper Networks ensures operational excellence by optimizing the network to maintain the required levels of performance, reliability, and availability. For service-specific information specific to SRX Series Firewalls, please read the Firewall Conversion Service or the SRX Series QuickStart Service datasheets. For more details, please visit https://www.juniper.net/gb/en/products.html.
Ordering Information
To order Juniper Networks SRX Series Firewalls, and to access software licensing information, please visit the How to Buy page at https://www.juniper.net/gb/en/how-to-buy/form.html.
About Juniper Networks
Juniper Networks believes that connectivity is not the same as experiencing a great connection. Juniper's AI-Native Networking Platform is built from the ground up to leverage AI to deliver exceptional, highly secure, and sustainable user experiences from the edge to the data center and cloud. Additional information can be found at juniper.net or connect with Juniper on X (formerly Twitter), LinkedIn, and Facebook.
1000628 - 027 - EN OCTOBER 2024