DATASHEET

SRX5600 AND SRX5800 SERVICES GATEWAYS

Product Overview
Juniper Networks SRX5000 line of services gateways is the nextgeneration solution for securing the ever increasing network infrastructure and applications requirements for both enterprise and service provider environments. Designed from the ground up to provide flexible processing scalability, I/O scalability, and services integration, the SRX5000 line can meet the network and security requirements of data center hyper-consolidation, rapid managed services deployments, and aggregation of security solutions. Incorporating the routing heritage and service provider reliability of Junos OS with the rich security heritage of ScreenOS. The SRX Series also offers the high feature/service integration necessary to secure modern network infrastructure and applications.

Product Description
The Juniper Networks SRX5600 and SRX5800 Services Gateways are next-generation security platforms based on a revolutionary new architecture that provides market-leading performance, scalability, and service integration. These devices are ideally suited for service provider, large enterprise and public sector networks including: Cloud and hosting provider data centers Securing mobile operator environments Managed service providers Securing core service provider infrastructure Large enterprise data centers Aggregation of departmental and segmented security solutions Based on Junipers dynamic services architecture, the SRX5000 line provides unrivaled scalability and performance. Each services gateway can support near linear scalability, with the addition of services processing cards (SPC) enabling a fully equipped SRX5800 to support more than 200 Gbps firewall throughput. The SPCs are designed to support a wide range of services enabling future support of new capabilities without the need for service-specific hardware. Using SPCs on all services ensures that there are no idle resources based on specific services being usedmaximizing hardware utilization. The scalability and flexibility of the SRX5000 line is supported by equally robust interfaces. The SRX5000 line employs a modular approach to interfaces where each platform can be equipped with a flexible number of input/output cards (IOCs). With the IOCs sharing the same interface slot as the SPCs, the gateway can be configured as needed to support the ideal balance of processing and I/O. Hence, each deployment of the SRX Series can be tailored to specific network requirements. With this flexibility, the SRX5800 can be configured to support more than 400 Gigabit Ethernet ports or 88 10-Gigabit Ethernet ports. The scalability of both SPCs and IOCs in the SRX5000 line is enabled by the custom designed switch fabric. Supporting up to 960 Gbps of data transfer, the fabric enables realization of maximum processing and I/O capability available in any particular configuration. This level of scalability and flexibility facilitates future expansion and growth of the network infrastructure, providing unrivaled investment protection.

The tight service integration on the SRX Series is enabled by Juniper Networks Junos operating system. By combining the routing heritage of Junos OS and the security heritage of ScreenOS, the SRX Series is equipped with a robust list of services that include firewall, intrusion prevention system (IPS), denial of service (DoS), application security, Network Address Translation (NAT), and quality of service (QoS). In addition to the benefit of individual services, incorporating multiple security and networking services within one OS greatly optimizes the flow of traffic through the platform. Network traffic no longer needs to be routed across multiple data paths/cards or even disparate operating systems within a single gateway. Junos OS also delivers carrier-class reliability to the already redundant SRX Series. The SRX Series enjoys the benefit of a single source OS, single release train, and single integrated architecture traditionally available on Junipers carrier-class routers and switches.

Service Processing Cards

As the brains behind the SRX5000 line, SPCs are designed to process all available services on the platform. Without the need for dedicated hardware for specific services or capabilities, there are no instances in which a piece of hardware is taxed to the limit while other hardware is sitting idle. SPCs are designed to be pooled together, allowing the SRX5000 line to expand performance and capacities with the introduction of additional SPCs, drastically reducing management overhead and complexity. The same SPCs are supported on both SRX5600 and SRX5800 Services Gateways. And now, Juniper is featuring next-generation SPCs (NG-SPC) with superior performance and scale. These cards also feature in-service software and in-service hardware upgrades to ensure that security is always-on. Also, NG-SPC is backwards compatible with the SRX5000 chassis as well as the current SPCs and IOCs to ensure that your investment is protected.

SRX5800
The SRX5800 Services Gateway is the market-leading security solution supporting up to 200 Gbps firewall, 100 Gbps IPS and 400,000 connections per second. Equipped with the full range of security services, SRX5800 is ideally suited for securing large enterprise, hosted or co-located data centers, service provider core and cloud provider infrastructures, and mobile operator environments. The massive performance, scalability and flexibility of the SRX5800 makes it ideal for densely consolidated processing environments, and the service density makes it ideal for cloud and managed service providers.

Input Output Cards

To provide the most flexible solution, the SRX5000 line employs the same modular architecture for SPCs and IOCs. The SRX5000 line can be equipped with one or several IOCs, supporting the ideal mix of interfaces (either Gigabit Ethernet or 10-Gigabit Ethernet). With the flexibility to install an IOC or an SPC on any available slot, the SRX5000 line can be equipped to support the perfect blend of interfaces and processing capabilities to meet the needs of the most demanding environments.

SRX5600
The SRX5600 Services Gateway uses the same SPCs and IOCs as the SRX5800 and can support up to 100 Gbps rewall and 50 Gbps IPS. The SRX5600 is ideally suited for securing enterprise data centers as well as aggregation of various security solutions. The capability to support unique security policies per zones and its ability to scale with the growth of the network infrastructure makes the SRX5600 an ideal deployment for consolidation of services in large enterprise, service provider or mobile operator environments.

Features and Benets

Networking and Security
Juniper Networks SRX5000 line has been designed from the ground up to offer robust networking and security services.

Feature
Purpose-built platform Scalable performance System and network resiliency High availability (HA) Interface exibility

Feature Description
Built from the ground up on dedicated hardware designed for networking and security services. Offers scalable processing based on the Dynamic Services Architecture. Provides carrier-class hardware design and proven OS. Active/passive and active/active HA congurations using dedicated high availability interfaces. Offers exible I/O options with modular cards based on the Dynamic Services Architecture. Security zones, virtual LANs (VLANs), and virtual routers that allow administrators to deploy security policies to isolate subnetworks and use overlapping IP address ranges. Dedicated routing engine that provides physical and logical separation to data and control planes.

Benefits
Delivers unrivaled performance and exibility to protect high-speed network environments. Simple and cost-effective solution to leverage new services with appropriate processing. Offers the reliability needed for any critical high-speed network deployments without service interruption. Achieve availability and resiliency necessary for critical networks. Offers exible I/O conguration and independent I/O scalability to meet the port density requirements of demanding network environments. Features the capability to tailor unique security and networking policies for various internal, external, and demilitarized zone (DMZ) subgroups. Enables deployment of consolidated routing and security devices, as well as ensuring the security of routing infrastructureall via a dedicated management environment. Unmatched integration ensuring network security against all level of attacks. Enables the SRX5000 line to provide stateful rewall capabilities for protecting key GPRS nodes within mobile operator networks. Enables agent-based and agentless identity security services for enterprise data centers by integrating the SRX5000 line with the standards-based access control capabilities of Junos Pulse Access Control Service. This integration enables administrative exibility to manage a variety of user access, including corporate, guest, and mobile. Delivers always-on security resiliency to meet your growing network performance needs.

Network segmentation

Robust routing engine

AppSecure

Tightly integrated services on Junos OS including multigigabit application rewall, IPS, DoS, application traffic control, and other networking and security services. Support for GPRS rewall in mobile operator networks.

Stateful GPRS inspection

User identity-based access control enforcement

Secure access to data center resources via tight integration of standards-based access control capabilities of Juniper Networks Junos Pulse Access Control Service and SRX5000 line.

Next-Generation SPC

Enables performance and scale with full, backwards compatibility to SRX5000 chassis and cards. Like current SPCs, these cards support in-service software and in-service hardware upgrades One time hub conguration for site-to-site VPN for all spokes, even newly added ones. Conguration options include: routing, interfaces, IKE, and IPsec.

AutoVPN

Enables IT administrative time and cost savings with easy, no-touch deployment for IPsec VPN networks.

Traffic Inspection Methods

Juniper Networks SRX Series Services Gateways support various detection methods to accurately identify the application and traffic flow through the network.

Feature
Application identication Protocol anomaly detection Traffic anomaly detection IP spoong detection DoS detection

Feature Description
Identies applications and tunneled applications independent of protocol and port numbers. Protocol usage against published RFCs is veried to detect any violations or abuse. Heuristic rules detect unexpected traffic patterns that may suggest reconnaissance or attacks. The validity of allowed addresses inside and outside the network are checked. Protection against SYN ood, IP, ICMP, and application attacks.

Benefits
Granular control over application traffic through smart FW policies. Proactively protect network from undiscovered vulnerabilities. Proactively prevent reconnaissance activities or block distributed denial of service (DDoS) attacks. Permit only authentic traffic while blocking disguised source. Protect your key network assets from being overwhelmed by denial of service attacks.

AppSecure
Juniper Networks AppSecure is a suite of next-generation security capabilities that utilize advanced application identification and classification to deliver greater visibility, enforcement, control and protection over the network.

Feature
AppTrack

Feature Description
Detailed analysis on application volume/usage throughout the network based on bytes, packets and sessions. Fine grained application control policies to allow or deny traffic based on dynamic application name or group names. Set prioritization of traffic based on application information and contexts. Multi-stage detection methods used to identify and mitigate targeted attacks from disrupting critical applications and services. More than 900 signatures for identifying applications and nested applications. Inspection of HTTP traffic encrypted in SSL on any TCP/UDP port.

Benefits
Provides the ability to track application usage to help identify high-risk applications and analyze traffic patterns for improved network management and control. Enhances security policy creation and enforcement based on applications and user roles rather than traditional port and protocol analysis. Provides the ability to prioritize traffic as well as limit and shape bandwidth based on application information and contexts for improved application and overall network performance. Identies attacking botnet traffic against legitimate client traffic to prevent distributed denial of service attacks targeting applications. Applications are accurately identied and the resulting information can be used for visibility, enforcement, control and protection. Combined with application identication, provides visibility and protection against threats embedded in SSL encrypted traffic.

AppFW

AppQoS

AppDoS

Application signatures SSL inspection

IPS Capabilities
Juniper Networks IPS capabilities offer several unique features that assure the highest level of network security.

Feature
Stateful signature inspection Protocol decodes Signatures Traffic normalization Zero-day protection Recommended policy

Feature Description
Signatures are applied only to relevant portions of the network traffic determined by the appropriate protocol context. More than 65 protocol decodes are supported along with more than 500 contexts to enforce proper usage of protocols. There are more than 8,500 signatures for identifying anomalies, attacks, spyware, and applications. Reassembly, normalization, and protocol decoding are provided. Protocol anomaly detection and same-day coverage for newly found vulnerabilities are provided. Group of attack signatures are identied by Juniper Networks Security Team as critical for the typical enterprise to protect against. IPS monitoring on active/active SRX5000 line chassis clusters. IPS policy supports packet capture logging per rule.

Benefits
Minimize false positives and offer exible signature development. Accuracy of signatures are improved through precise contexts of protocols. Attacks are accurately identied and attempts to exploit a known vulnerability are detected. Overcome attempts to bypass other IPS detections by using obfuscation methods. Your network is already protected against any new exploits. Installation and maintenance are simplied while ensuring the highest network security. Support for active/active IPS monitoring including advanced features such as in-service software upgrade. Conduct further analysis of surrounding traffic and determine further steps to protect target.

Active/active traffic monitoring Packet capture

Centralized Management
Juniper Networks Junos Space Security Director delivers scalable and responsive security management that improves the reach, ease, and accuracy of security policy administration. It lets administrators manage all phases of the security policy lifecycle through a single Web-based interface, accessible via standard browsers. Junos Space Security Director centralizes application identification, firewall, IPS, NAT, and VPN security management for intuitive and quick policy administration. Junos Space Security Director runs on the Junos Space Network Management Platform for highly extensible, network-wide management functionality, including ongoing access to Juniper and third-party Junos Space ecosystem innovations.

SRX5600 Services Gateway

SRX5800 Services Gateway

Specications
SRX5600 SRX5800

Maximum Performance and Capacity

Junos OS version tested Firewall performance (max) Firewall performance (IMIX) Firewall packets per second (64 bytes) Maximum AES256+SHA-1 VPN performance Maximum 3DES+SHA-1 VPN performance Maximum IPS performance Maximum AppFW performance Maximum concurrent sessions New sessions/second (sustained, tcp, 3way) Maximum security policies Maximum user supported

Junos OS 12.1X44 100 Gbps 65 Gbps 20 Mpps 75 Gbps 75 Gbps 50 Gbps 80 Gbps 60 Million 400,000 80,000 Unrestricted

Junos OS 12.1X44 200 Gbps 130 Gbps 50 Mpps 150 Gbps 150 Gbps 100 Gbps 160 Gbps 60 Million 400,000 80,000 Unrestricted

Network Connectivity
Maximum available slots for IOCs LAN interface options 5 40 x 1-Gigabit Ethernet SFP 4 x 10-Gigabit Ethernet XFP (SR or LR) 16 x 1-Gigabit Ethernet Flex IOC 4 x 10-Gigabit Ethernet XFP Flex IOC 11 40 x 1- Gigabit Ethernet SFP 4 x 10-Gigabit Ethernet XFP (SR or LR) 16 x 1-Gigabit Ethernet Flex IOC 4 x 10-Gigabit Ethernet XFP Flex IOC

Processing Scalability
Maximum available slots for SPCs SPC options 5 Dual CPU with 8 GB total memory 11 Dual CPU with 8 GB total memory

Performance, capacity and features listed are based on systems running Junos OS 12.1X44 and are measured under ideal testing conditions. Actual results may vary based on Junos OS releases and by deployments.

Specications (continued)
SRX5600 SRX5800

Firewall
Network attack detection DoS and DDoS protection TCP reassembly for fragmented packet protection Brute force attack mitigation SYN cookie protection Zone-based IP spoong Malformed packet protection Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes

IPsec VPN
Site-to-site tunnels Tunnel interfaces DES (56-bit), 3DES (168-bit), and AES encryption MD5 and SHA-1 authentication Manual key, IKE, PKI (X.509) Perfect forward secrecy (DH groups) Prevent replay attack Remote access VPN Redundant VPN gateways 15,000 15,000 Yes Yes Yes 1, 2, 5 Yes Yes Yes 15,000 15,000 Yes Yes Yes 1, 2, 5 Yes Yes Yes

Intrusion Prevention System

Modes of operation: In-line and in-line tap Active/active traffic monitoring Stateful protocol signatures Attack detection mechanisms Yes Yes Yes Stateful signatures, protocol anomaly detection (zero-day coverage), application identication Drop connection, close connection, session packet log, session summary, email Structured syslog Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes 500+ Yes Yes Yes Yes 8,000+ Yes Yes Yes Daily and emergency Yes Yes Yes Stateful signatures, protocol anomaly detection (zero-day coverage), application identication Drop connection, close connection, session packet log, session summary, email Structured syslog Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes 500+ Yes Yes Yes Yes 8,000+ Yes Yes Yes Daily and emergency

Attack response mechanisms Attack notication mechanisms Worm protection Simplied installation through recommended policies Trojan protection Spyware/adware/keylogger protection Other malware protection Application denial of service protection Protection against attack proliferation from infected systems Reconnaissance protection Request and response side attack protection Compound attackscombines stateful signatures and protocol anomalies Create custom attack signatures Access contexts for customization Attack editing (port range, other) Stream signatures Protocol thresholds Stateful protocol signatures Approximate number of attacks covered Detailed threat descriptions and remediation/patch info Create and enforce appropriate application-usage policies Attacker and target audit trail and reporting Frequency of updates

Specications (continued)
SRX5600 SRX5800

GPRS Security
GPRS stateful rewall GTP tunnels Yes 1,000,000 Yes 1,000,000

Destination Network Address Translation

Destination NAT with PAT Destination NAT within same subnet as ingress interface IP Destination addresses and port numbers to one single address and a specic port number (M:1P) Destination addresses to one single address (M:1) Destination addresses to another range of addresses (M:M) Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes

Source Network Address Translation

Static Source NAT - IP-shifting DIP Source NAT with PAT - port-translated Source NAT without PAT - x-port Source NAT - IP address persistency Source pool grouping Source pool utilization alarm Source IP outside of the interface subnet Interface source NAT - interface DIP Oversubscribed NAT pool with fallback to PAT when the address pool is exhausted Symmetric NAT Allocate multiple ranges in NAT pool Proxy ARP for physical port Source NAT with loopback grouping - DIP with loopback grouping Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes

User Authentication and Access Control

Built-in (internal) database RADIUS accounting Web-based authentication Yes Yes Yes Yes Yes Yes

Public Key Infrastructure (PKI) Support

PKI certicate requests (PKCS 7 and PKCS 10) Automated certicate enrollment (SCEP) Certicate authorities supported Self-signed certicates Yes Yes Yes Yes Yes Yes Yes Yes

Virtualization
Maximum number of security zones Maximum number of virtual routers Maximum number of VLANs Logical Systems 2,000 2,000 4,096 32 2,000 2,000 4,096 32

Routing
BGP instances BGP peers BGP routes OSPF instances OSPF routes RIP v1/v2 instances RIP v2 table size Dynamic routing
2

1,000 2,000 1,000,0002 400 1,000,000 50 30,000 Yes

2

1,000 2,000 1,000,0002 400 1,000,0002 50 30,000 Yes

Maximum number of BGP and OSPF routes recommended is 100,000.

Specications (continued)
SRX5600 SRX5800

Routing

(continued)
Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes

Static routes Source-based routing Policy-based routing Equal cost multipath (ECMP) Reverse path forwarding (RPF) Multicast

IPv6
Firewall/stateless lters Dual stack IPv4/IPv6 rewall RIPng BFD, BGP ICMPv6 OSPFv3 Class of service Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes

Mode of Operation
Layer 2 (transparent) mode Layer 3 (route and/or NAT) mode Yes Yes Yes Yes

IP Address Assignment
Static Dynamic Host Conguration Protocol (DHCP) Internal DHCP server DHCP relay Yes Yes Yes Yes Yes Yes Yes Yes

Traffic Management Quality of Service (QoS)

Maximum bandwidth RFC2474 IP Diffserv in IPv4 Firewall lters for COS Classication Scheduling Shaping Intelligent Drop Mechanisms (WRED) Three level scheduling Weighted round robin for each level of scheduling Priority of routing protocols Traffic management/policing in hardware Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes

High Availability (HA)

Active/passive, active/active In-Service Software Upgrade (ISSU)3 Conguration synchronization Session synchronization for rewall and IPsec VPN Session failover for routing change Device failure detection Link and upstream failure detection Dual control links Interface link aggregation/LACP Redundant data and control links4 Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes

3 4

Please check the technical publication documents and release notes for the list of compatible features for ISSU. To enable dual control links on the SRX5000 line, two SRX5K-RE-13-20 modules must be installed on each cluster member.

Specications (continued)
SRX5600 SRX5800

Management
WebUI (HTTP and HTTPS) Command line interface (console) Command line interface (telnet) Command line interface (SSH) Junos Space Security Director Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes

Administration
Local administrator database support External administrator database support Restricted administrative networks Root admin, admin, and read only user levels Software upgrades Conguration rollback Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes

Logging/Monitoring
Structured syslog SNMP (v2) Traceroute Yes Yes Yes Yes Yes Yes

Dimensions and Power

Dimensions (W x H x D) Weight Power supply (AC) Power supply (DC) Maximum power draw 17.5 x 14 x 23.8 in (44.5 x 35.6 x 60.5 cm) Fully Congured: 180 lb / 81.7 kg 100 to 240 VAC -40 to -60 VDC 2,800 watts 17.5 x 27.8 x 23.5 in (44.5 x 70.5 x 59.7 cm) Fully Congured: 334 lb / 151.6 kg 200 to 240 VAC -40 to -60 VDC 5,100 watts

Certications
Safety certications Electromagnetic Compatibility (EMC) certications NEBS Level 3 Yes Yes Yes Yes Yes Yes

Security Certications
Common Criteria : EAL3 Yes
5

Yes

3GPP TS 20.060 Compliance

R6: 3GPP TS 29.060 version 6.21.0 R7: 3GPP TS 29.060 version 7.3.0 R8: 3GPP TS 29.060 version 8.3.0 Operating temperature Humidity
5

Yes Yes Yes 32 to 104 F 0 to 40 C 5% to 90% noncondensing

Yes Yes Yes 32 to 104 F 0 to 40 C 5% to 90% noncondensing

SRX5000 line of gateways operating with Junos OS release 10.0 and later are compliant with the R6, R7, and R8 releases of 3GPP TS 20.060 with the following exceptions (not supported on the SRX5000 line): - Section 7.5A Multimedia Broadcast and Multicast Services (MBMS) messages - Section 7,5B Mobile Station (MS) info change messages - Section 7.3.12 Initiate secondary PDP context from GGSN

Juniper Networks Services and Support

Juniper Networks is the leader in performance-enabling services that are designed to accelerate, extend, and optimize your highperformance network. Our services allow you to maximize operational efficiency while reducing costs and minimizing risk, achieving a faster time to value for your network. Juniper Networks ensures operational excellence by optimizing the network to maintain required levels of performance, reliability, and availability. For more details, please visit www.juniper.net/us/en/products-services.

Ordering Information
Model Number Description Model Number Description

Base Systems
SRX5600BASE-AC SRX5600BASE-DC SRX5800BASE-AC SRX5800BASE-DC SRX5800BASE-HC-AC AC SRX5600 chassis, includes RE, SCB, 2 AC power supplies DC SRX5600 chassis, includes RE, SCB, 2 DC power supplies AC SRX5800 chassis, includes RE, 2xSCB, 3 AC power supplies DC SRX5800 chassis, includes RE, 2xSCB, 2 DC power supplies HC AC SRX5800 chassis, includes RE, 2xSCB, 2x HC AC, 2x HC fan

Logical Systems License

SRX-5600-LSYS-1 SRX-5600-LSYS-5 SRX-5600-LSYS-25 SRX-5800-LSYS-1 SRX-5800-LSYS-5 SRX-5800-LSYS-25 1 incremental Logical Systems License for SRX5600 5 incremental Logical Systems License for SRX5600 25 incremental Logical Systems License for SRX5600 1 incremental Logical Systems License for SRX5800 5 incremental Logical Systems License for SRX5800 25 incremental Logical Systems License for SRX5800

SRX5000 Line Components

SRX5K-SCB SRX5K-RE-13-20 SRX5K-SPC-4-15-320 SCB SRX5000 line Switch Control Board SRX5000 line Routing Engine, 1.3 GHz, 2 GB DRAM SRX5000 line Next Generation Service Processing Card (featuring 20 million sessions) SRX5000 line Service Processing Card 4x10 Gigabit XFP Ethernet I/O Card for the SRX5000 line, no transceivers 40x1 Gigabit SFP Ethernet I/O Card for the SRX5000 line, no transceivers SRX5000 line Flex IOC supports two pluggable port modules SRX5000 line Flex IOC 16-port 10/100/1000 Ethernet module SRX5000 line Flex IOC 16-port SFP Ethernet module, no transceivers SRX5000 line Flex IOC 4x10 Gigabit XFP Ethernet module, no transceivers Blank Panel for SRX5K-FPC-IOC

IPS Subscription
SRX5K-IDP SRX5K-IDP-3 SRX5K-IDP-3-R SRX5K-IDP-R One year IPS signature subscription Three year IPS signature subsciption Three year IPS signature subscription renewal One year IPS signature subscription renewal

SRX5K-SPC-2-10-40 SRX5K-4XGE-XFP SRX5K-40GE-SFP SRX5K-FPC-IOC SRX-IOC-16GE-TX SRX-IOC-16GE-SFP SRX-IOC-4XGE-XFP SRX5K-IOC-BLANK

Power Cords
CBL-M-PWR-RA-AU CBL-M-PWR-RA-CH CBL-M-PWR-RA-EU CBL-M-PWR-RA-IT CBL-M-PWR-RA-JP CBL-M-PWR-RA-TWLKUS CBL-M-PWR-RA-UK CBL-M-PWR-RA-US CBL-PWR-RA-JP15 CBL-PWR-RA-TWLKUS15 CBL-PWR-RA-US15 AC power cord, Australia (SAA/3/15), C19, 15 A/250 V, 2.5 m, Right Angle AC power cord, China (GB 2099.1-1996, Angle), C19, 16 A/250 V, 2.5 m, Right Angle AC power cord, Cont. Europe (VII), C19, 16 A/250 V, 2.5 m, Right Angle AC power cord, Italy (I/3/16), C19, 16 A/250 V, 2.5 m, Right Angle AC power cord, Japan (NEMA LOCKING), C19, 20 A/250 V, 2.5 m, Right Angle AC power cord, US (NEMA LOCKING), C19, 20 A/250 V, 2.5 m, Right Angle AC power cord, UK (BS89/13), C19, 13 A/250 V, 2.5 m, Right Angle AC power cord, USA/Canada (N6/20), C19, 20 A/250 V, 2.5 m, Right Angle AC power cable, JIS 8303 15 A/125 V 2.5 m length for Japan, Right Angle AC power cable, NEMA L5-15P (twist lock) 15 A/125 V 2.5 m length for U.S., Canada, and Mexico, Right Angle AC power cable, NEMA 5-15 15 A/125 V, 2.5 m length for North America, parts of South America, parts of Central America, parts of Africa, and parts of Asia, Right Angle

Transceivers
SRX-SFP-1GE-LH SRX-SFP-1GE-LX SRX-SFP-1GE-SX SRX-SFP-1GE-T SRX-XFP-10GE-SR SRX-XFP-10GE-LR SRX-XFP-10GE-ER Small form factor pluggable 1000BASE-LH Gigabit Ethernet optic module Small form-factor pluggable 1000BASE-LX Gigabit Ethernet Optic Module Small form-factor pluggable 1000BASE-SX Gigabit Ethernet Optic Module Small form-factor pluggable 1000BASE-T Gigabit Ethernet Module (uses Cat 5 cable) 10-Gigabit Ethernet pluggable transceiver, short reach multimode 10-Gigabit Ethernet pluggable transceiver, 10 Km, single mode 10-Gigabit Ethernet pluggable transceiver, 40 Km, single mode

AppSecure Subscription
SRX5600-APPSEC-A-1 SRX5600-APPSEC-A-3 SRX5800-APPSEC-A-1 SRX5800-APPSEC-A-3 One year subscription for Application Security and IPS updates for SRX5600 Three year subscription for Application Security and IPS updates for SRX5600 One year subscription for Application Security and IPS updates for SRX5800 Three year subscription for Application Security and IPS updates for SRX5800

About Juniper Networks

Juniper Networks is in the business of network innovation. From devices to data centers, from consumers to cloud providers, Juniper Networks delivers the software, silicon and systems that transform the experience and economics of networking. The company serves customers and partners worldwide. Additional information can be found at www.juniper.net.

Services Offload License

SRX5K-SVCS-OFFLOADRTU Services offload license for SRX5000 line; this is not an annual license subscription

10

11

Corporate and Sales Headquarters Juniper Networks, Inc. 1194 North Mathilda Avenue Sunnyvale, CA 94089 USA Phone: 888.JUNIPER (888.586.4737) or 408.745.2000 Fax: 408.745.2100 www.juniper.net

APAC and EMEA Headquarters Juniper Networks International B.V. Boeing Avenue 240 1119 PZ Schiphol-Rijk Amsterdam, The Netherlands Phone: 31.0.207.125.700 Fax: 31.0.207.125.701

To purchase Juniper Networks solutions, please contact your Juniper Networks representative at 1-866-298-6428 or authorized reseller.

Copyright 2013 Juniper Networks, Inc. All rights reserved. Juniper Networks, the Juniper Networks logo, Junos, NetScreen, and ScreenOS are registered trademarks of Juniper Networks, Inc. in the United States and other countries. All other trademarks, service marks, registered marks, or registered service marks are the property of their respective owners. Juniper Networks assumes no responsibility for any inaccuracies in this document. Juniper Networks reserves the right to change, modify, transfer, or otherwise revise this publication without notice.

1000254-012-EN Apr 2013

Printed on recycled paper

12