SRX产品介绍 Y1003

效能卓越毫不妥协
—— SRX 产品介绍
1 | Copyright © 2009 Juniper Networks, Inc. | www.juniper.net

目标
 学习本教程后，应掌握以下内容：
– SRX 有那些产品？各具有什么特性？
– SRX 与 SSG 、 J 系列有那些主要区别？
– SRX 有那些竞争优势？

产品介绍

SRX 产品家族概览
120G
SRX5800
60G
SRX5600
30G
SRX3600
20G
SRX3400
7G
NSM
SRX650
Centrally
1.5G
managed
SRX240 by NSM
750M
SRX210
600M
SRX100
分布式企业数据中心
基于动态服务架构 DSA 加速新服务的应用

产品定位

SRX100
 8 x FE （桌面式）
 固定配置
 全 UTM 特性 (1G 高内存 )
– IDP\Antivirus\Anti-spam\Web filtering
 性能
– 防火墙吞吐率 ( 大包 ) – 600 Mbps
– 并发连接数– 16/32K
 SOHO 用户 (1-25U)
Model Description
SRX100B base memory (512MB RAM)
SRX100H high memory (1GB RAM)
*Q3 2009 开始供货

SRX100 Q3 2009
Features SRX100 (target)
 Ideal for micro-branch, On-board Ethernet 8 x FE
managed telecommuters, SOHO Power over Ethernet (802.3af, 802.3at) None

None
 Fixed I/O—8 x 10/100 Ethernet ports WAN slots
USB ports 1
 Full UTM features 3G Future
– IDP Intrusion Prevention System No
– Antivirus JUNOS Software version support JUNOS 9.6
– Anti-spam Routing performance 60 Kpps
– Web filtering Firewall performance (Large Packets) 600 Mbps
– UAC Enforcement Firewall performance (IMIX) 175 Mbps
– UTM requires High Memory model Firewall performance
65 Kpps
(UTM, license), no CSA (Firewall + Routing PPS 64byte)
VPN Performance—AES256+SHA-1 65 Mbps
VPN Performance —3DES+SHA 1 50 Mbps
Connections Per Second (CPS) 2K
Maximum Concurrent Sessions
(512MB/1GB RAM)
16 K / 32K
IPS performance TBD

High Availability A/A or A/P

SRX210
 2 x GE + 6 x FE （桌面式）
 1 x 扩展插槽 ( 非热插拔 )
– Serial / T1E1 / ADSL2+ / SFP
– IDP / Antivirus / Anti-spam / Web filtering
 内容安全加速器
 4* 端口支持 POE 供电 (802.3af / at)
 支持 3G 接入
 性能
– 防火墙吞吐率 ( 大包 ) – 750 Mbps
– 并发连接数– 32/ 64K
 小型分支用户 (20-200U)
Model Description
SRX210H-POE high memory (1GB RAM), w/ 4 Ports POE (50W)
*Q3 2009 支持语音

SRX210 Q2 2009
Features SRX210
 Ideal for Small branches On-board Ethernet 2 x GE + 6 x FE
 Full UTM features Power over Ethernet (802.3af, 802.3at) 4 ports—50 W total
– IDP, Antivirus, Anti-spam, Web WAN slots 1 x mini PIM
filtering, Content filtering 3G wireless (ExpressCard slot) Yes
– UAC Enforcement USB ports (flash) 2
– UTM requires High Memory model Content Security Accelerator—ExpressAV
Yes
and Intrusion Detection and Prevention
 Available Voice version with JUNOS Software version support JUNOS 9.5
mini-PIM options Routing performance 80 Kpps
– Factory-configured voice model Firewall performance (Large Packets) 750 Mbps
Firewall performance (IMIX) 250 Mbps

Firewall performance
75 Kpps
(Firewall + Routing PPS 64byte)
Connections Per Second (CPS) 2K CPS
32K / 64K
(512MB/1GB RAM)
IPS performance 80 Mbps
High Availability A/A or A/P

SRX240
 16 x GE （ 1U 机架）
– Serial / T1E1 / ADSL2+ / SFP
 16* 端口支持 POE 供电 (802.3af / at)
 性能
– 防火墙吞吐率 ( 大包 ) – 1.5Gbps
– 并发连接数– 64/128K
 中型分支用户 (100-500U)
Model Description
SRX240H-POE high memory (1GB RAM), w/ 16 ports POE (150W).
*Q4 2009 支持语音、 3G

SRX240 Q2 2009
Features SRX240
 Ideal for small–medium branches On-board Ethernet 16 x GE
Power over Ethernet (802.3af, 802.3at) 16 ports GE, 150 W

 Full UTM features
WAN slots 4 x SRX mini PIM
– IDP, Antivirus, Anti-spam, Web
USB ports (flash) 2
filtering, Content filtering
3G Future
– UAC Enforcement
Content Security Accelerator—ExpressAV
– UTM requires High Memory model and Intrusion Detection and Prevention
Yes
JUNOS Software version support JUNOS 9.5

 Available Voice version with
Routing performance 200 Kpps
mini-PIM options
Firewall performance (Large Packets) 1.5 Gbps
– Factory-configured voice model
Firewall performance (IMIX) 500 Mbps
Firewall performance
150 Kpps
64K / 128K
(512MB/1GB RAM)
High Availability A/A* or A/P
* Supported in JUNOS 9.6

SRX650
 4 x GE （ 2U 机架）
– 2T1E1 / 4T1E1 / 16GE / 24GE
 多核架构
 独立的硬件控制及转发面板
 电源冗余 ( 热插拔 )
 支持 POE 供电 (802.3af / at)
 全 UTM 特性
 性能
– 防火墙吞吐率 ( 大包 ) – 7Gbps
– 并发连接数– 512K
Model Description
 大型分支用户 (200-1000U)
with SRE 6, 645W-AC-POE PSU. Includes 2GB
SRX650-BASE-
DRAM, 2GB CF, Fan Tray and Power Cord. Incl 4
SRE6-645AP
onbd 10/100/1000Base-T ports,
* Junos9.6SRE 支持冗余 , 2010 支持语音 ,ACE

SRX650 Q2 2009
Features SRX650
 Ideal for regional sites, large branches
On-board Ethernet 4 x GE
 Modular- 48 ports GE, 250 or
Power over Ethernet (802.3af, 802.3at)
– LAN switching 500 W
– Services Routing Processors with optional WAN slots 8 x GPIM
redundancy (future) USB ports (flash) 2 per processor
– power supplies with optional redundancy 3G Future
(at FRS)
Content Security Accelerator—ExpressAV
– voice configurations (field upgradable via and Intrusion Detection and Prevention
Yes
PIMs in 2010)
JUNOS Software version support JUNOS 9.5
 Full UTM features Routing performance 900 Kpps
– IDP, Antivirus, Anti-spam, Web filtering,
Firewall performance (Large Packets) 7.0 Gbps
Content filtering
– UAC Enforcement Firewall performance (IMIX) 2.5 Gbps
 Max Gig E 52 ports Firewall performance

900 Kpps
(2 x 24 GE PIM + 4 integrated ports)
VPN Performance—AES256+SHA-1 1.5 Gbps
VPN Performance —3DES+SHA 1 1.5 Gbps
512 K
(512MB/1GB RAM)
A/A* or A/P
High Availability
* Supported in JUNOS 9.6 Hot swap GPIMs,
Dual processors*, Dual power
13 | Copyright © 2009 Juniper Networks, Inc. | www.juniper.net *Supported in JUNOS 9.6

SRX 分布企业系列参数汇总
FEATURES SRX100 (target) SRX210 SRX240 SRX650

On-board Ethernet 8 x FE 2 x GE + 6 x FE 16 x GE 4 x GE
4 ports—50 W 16 ports GE, 48 ports GE,
Power over Ethernet (802.3af, 802.3at) None
total 150 W 250 W or 500 W
4 x SRX mini
WAN slots None 1 x mini PIM 8 x GPIM
PIM
3G wireless (ExpressCard slot) Yes Yes Yes Yes (in 2010)
Content Security Acceleration—
ExpressAV and Intrusion Detection and Prevention
Yes YES YES YES
Firewall performance (Large Packets) 600 Mbps 750 Mbps 1.5 Gbps 7.0 Gbps
Firewall performance (IMIX) 175 Mbps 250 Mbps 500 Mbps 2.5 Gbps
Firewall performance (Firewall + Routing PPS
64byte)
65 Kpps 75 Kpps 150 Kpps 900Kpps
VPN Performance—AES256+SHA-1 3DES+SHA 1 65 Mbps 75 Mbps 250 Mbps 1.5 Gbps

Intrusion Prevention System 50 Mbps 80 Mbps 250 Mbps 900 Mbps
Connections Per Second (CPS) 2K 2K 9K 35K
Maximum Concurrent Sessions (512MB/1GB RAM) 16 K / 32K 32K / 64K 64K / 128K 512 K
Antivirus TBD 30 Mbps 85 Mbps 350 Mbps
A/A* or A/P,
High Availability A/A or A/P A/A or A/P A/A* or A/P Hot swap GPIMs,
Dual processors*,
Dual power

SRX210 with
Integrated Convergence Services Q3 2009
FXS ports – connect E1/T1 or FXOs for carrier trunk

your analog phone or FXO ports – connect to or FXS for additional analog
FAX machine here your wall phone socket phones/ fax machines
Target No. Base Base Expansion

Branch Slots DSP No. of Slots
SRX Voice Elements Size (# Channels Ports
users)
 Survivable SIP server
1 8–16 2 FXO,
SRX210 2–25 T1/E1
 SIP Media Gateway mPIM
(codec
dependent)
2FXS 4 FXO
2 FXS + 2
 SIP Security SRX240 10–50
4
30–48
2 FXO,
FXO
mPIMs 2 FXS
 Base and expandable voice ports T1/E1
Dual T1/E1
 PoE Ports SRX650 50–200
8 Requires
0 6 FXO + 2
gPIMs gPIM FXS
 PoE Ports scaling with EX switch 2 FXO + 6
FXS

Juniper Integrated Convergence Services
Stage 1: Survivable Media Gateway 2H 2009
SERVICE
PROVIDER
VOIP
SIP Trunking to Failover to PSTN
Corporate to Local PSTN Local PSTN
5
PSTN (typical)
3 SIP
Soft Switch
SIP Trunking
Channelized
CORPORATE OFFICE 4 “VoIP to PSTN” S.P. VoIP
T-1 / E1/ FXO
SIP VoIP
X
INTERNET 4
SRX210 / SRX240
5
handset
SIP Server 4
3 3
2
X
WAN
MPLS
3
2 2
SIP VoIP
1
SIP Trunking handset to
1 digital or
“Toll bypass”, “extension”
analog
PBX, phone
Key System
Analog
FAX Soft Phones SIP VoIP
handset
Digital
Enterprise choice  SIP standards  Choice of sip phones,  SIP Server and SIP
Soft switch
and flexibility call servers and
applications
3G Wireless WAN 2H 2009
Deployments-
 Primary connection where
wired broadband is not Datacenter HQ
available
 Back up connectivity with
wired primary.
 Out of band management, INTERNET
remote deployment.
 Available on SRX210 3G Wireless
Dynamic VPN Services
 支持的是 Verizon 的
CDMA/EVDO 3G SRX210
Retail Branch Regional

Branch Wireless AP Solution
 Juniper 802.11n indoor Solution
– Backwards compatible to .11a/b/g
– Dual mode radio support 300Mbps (Aggregate)
– Single radio 200Mbps (160Mbps typical)
– Spatial Streams: 2x2:2, 2x3:2, 3x3:2
– UL2043 Plenum rated for over ceiling mounting.
– 50 Meter range (indoor)
– Unit can be mounted on ceiling or wall
– Virtual AP technology – Support of up to 16 simultaneous SSIDs
– 802.11e WMM capable
 1 Gigabit Ethernet POE support
 Optional External Power Supply
 Serial Consol Support
 L2 Managed by SRX Branch Products
 Additional licensing cost for Branch SRX to manage multiple access points – Clusters of 4,8,16 APs.
 SRX 在不增加 AP 软件许可的情况下最多可以管理 2 个 AP 设备
 目前只在 SRX210 （ 4 个 AP ）、 240 （ 8 个 AP ）、 650 （ 16 个 AP ）上支持无线 AP

Ethernet Switching
SRX100 SRX210 SRX240

SRX650
Software Features Hardware (Onboard Ethernet)

 802.1Q VLAN support
 SRX100
– Up to 4,096 VLAN support (platform dependent)
– 8 Fixed 10/100 (Switched or Routed)
– Routed VLAN Interface (RVI)
 SRX210
– GARP VLAN Registration Protocol (GVRP)
– Fixed 2 10/100/1000 + 6 10/100 (Switched or Routed)
– QOS on VLAN interface
 L3 Strict priority queuing (LLQ) – 802.3af optional POE (2FE + 2GE)
 L3 Smoothed Deficit Weighted Round Robin (SDWRR)  SRX240
 L3 Weighted Random Early Discard (WRED) – Fixed 16 Ports 10/100/1000 (Switched or Routed)
 L3 Per port and per queue shaping
– Power over Ethernet (optional all ports)
 802.1x Port based Authentication
– 802.3af, 802.3at
 802.3ad (AX) link aggregation*
 SRX650
 STP, Spanning Tree Protocol
– Fixed 4 ports 10/100/1000 (Routed)
– 802.1D Spanning Tree Protocol
– 802.1S Multiple STP Hardware Ethernet PIMs
– 802.1w Rapid STP  SRX Mini-PIM (SRX210/SRX240)
 Jumbo Frame Support (9,216 Byte)* – 1 Port SFP
 16 port GigE XPIM for SRX650
– Double-high
– Full-duplex 20 Gbps backplane
– 16 port GE and optional PoE
 24 port GigE including 4 SFP slots XPIM for SRX650
– Double-high - double-wide
– Optional POE - 24 port GE with PoE incl 4 SFP slots
– Full-duplex 20 Gbps backplane
 Optics
– SRX GE SFP LH | SRX GE SFP LX | SRX GE SFP SX |
SRX GE SFP 1000 Base-T | SRX FE FX SFP
* Not supported on SRX100
SRX Series—Firewall, Zones, and Policies
ZONE “UNTRUST”
Originating Zone
INTERNET
Default Policy—Allow All Default Policy—Deny All
SRX
Originating Zone
ZONE “TRUST” ZONE “TRUST”

Unified Threat Management (UTM) Features
External Internal
INTERNET Threats Threats
IPS Juniper IDP detects/stops Worms, Trojans,

Juniper IDP detects/stops Worms, Trojans,
DoS (L4 & L7), Scans DoS (L4 & L7), Scans
Web Filtering Websense to block to unapproved site

access
Antivirus Kaspersky Lab AV stops viruses, file-

Kaspersky Lab AV stops Viruses, file-based based trojans or spread of spyware,
Trojans, Spyware, Adware, Keyloggers adware, keyloggers
Anti-spam
Symantec stops Spam / Phishing
Content Filtering SRX Series blocks transmission of files

for Data Loss Prevention
Core Security
Firewall, VPN, Unified Access Control Firewall, VPN, Unified Access Control

Juniper Networks Unified
Access Control (UAC)
POLICY SERVER
1
IC Series
Identity
Authenticate User, Stores
Profile Endpoint,
Determine Location 1 2 Dynamically
Provision 2
Policy APPLICATIONS
Enforcement
3
Control Data App Internet

ISG
UAC Agent EX Series Access to
L2 Switch
Protected
Resources SRX
SSG NS
802.1X Switches & Juniper Firewall
Access Points Platforms
UAC Enforcement Points
Comprehensive, vendor-agnostic, standards-based access control across

heterogeneous environments delivering investment protection
Remote Access Q2 2009
Dynamic VPN Service –

Access Manager Client
 A dynamic IPSEC Client that is
automatically downloaded Wireless Wired
 5-user, 10-user, 25-user, 50-user

(SRX240) license option with
simultaneous tunnel enforcement
3G Wireless
 Supported on the SRX100,
SRX210, and SRX240 INTERNET
 Not supported on SRX650
 Automatic client upgrade capabilities
Dynamic VPN Services
 Self-provisioning from SRX210,
SRX240
 IPSec with TCP-based fallback for
NAT traversal
 Initial release to support Windows SRX210
platforms—XP, Vista, Win 2000

SRX 功能特性
IPSec VPN
防火墙加密通信
细腻的访问控制 UTM
IDP 、防病毒、防垃圾邮
件、网页过滤
Stateful Firewall UTM
IPSec VPN
Switch Voice
Routing 语音
VoIP
交换
VLAN,STP,LAG…
路由
RIP,OSPF,BGP,PBR…

对比 SSG & J Serial 产品
SRX
SSG Family  Unified Threat Management J Series
 FW, VPN, NAT, UAC – Full IDP—Juniper  FW, VPN, NAT, UAC
 IPv6 Security – Antivirus—Kaspersky  Routing, Switching, QOS, MPLS
 Wireless (WLAN) – Web filtering—Websense  WX—ISM 200 Application
– Anti-spam—Symantec Acceleration
 Unified Threat
 VoIP—Avaya Integ. Gway
Management
 VoIP  Unified Threat Management
– Intrusion Prevention: DI
– Juniper OpenCommunications – Full IDP—Juniper
– Antivirus—Kaspersky – Power over Ethernet – Antivirus—Kaspersky
– Web filtering—Websense
 FW, VPN, NAT, UAC – Web filtering—Websense
– Anti-spam—Symantec – Anti-spam—Symantec
SSG20 Wireless SRX 100 J2320

SSG5 Wireless
SSG140 SRX 210 J2350
SSG320M
SSG520 SRX 240

SSG520M J4350
SSG350M
SSG550 SRX 650 J6350

SSG550M

典型部署
连接安全管理
 SRX240 可提供高达 16 个千兆以太网端  内置 IDP, FW 的功能  NSM, STRM, J-Web and CLI
口，支持高达 16 个 POE 设备 (IP 电话，  通过许可证，支持防病毒，防垃圾邮 mgmt
无线 AP) 件，网页过滤等，实现全面的 UTM  JUNOS Software
 支持 8 个无线 AP 功能  Unified Open Management
 提供 4 个 E1 捆绑的广域网连接  和 Juniper UAC 全面融合
 冗余电源提高稳定性
 使用 EX4200 的集群技术 (virtual
chassis) 支持设备的增加
NOC
Access NSM Express
Point
POE STRM
Private WAN
SRX Virtual
EX4200 Chassis Local
Printer
DATA CENTER
Internet
DC SRX
POE
PSTN WX Client

竞争优势

总体竞争优势
 集成服务
– 交换、路由、防火墙、 VPN 、 UTM 、 VoIP 、 PoE 、 WLAN…
 高性能
– 业界性能最高的防火墙（ SRX5800 ）
– 大幅提高防火墙、防病毒、 VPN 、 IDP 性能
– 更高的新建连接数
 更先进的架构
– Junos 系统（久经验证的模块化系统）
– 控制层面与转发层面分离
 更低的 TCO
– 更高性价比
– 更易部署、管理
– 更灵活的配置
– 更易扩展、保护用户投资

SRX Vs SSG
Feature SRX100 SSG 5 / 20 SRX210 SSG 140 SRX240 SSG 320 SSG 350
7 x 10/100 /
固定 I/O 8 x FE
5 x 10/100
2 x GE + 6 x FE 2 x GE + 6 x FE 16 x GE 4 x GE 4 x GE
防火墙性能 650 Mbps 160 Mbps 750 Mbps 350 Mbps 1.5 Gbps 450bps 550bps
防火墙 + 路由 PPS 60K PPS 30K PPS 80K PPS 100K PPS 200K PPS 175Kpps 225Kpps
VPN 性能 65Mbps 40Mbps 75Mbps 100Mbps 250Mbps 175Mbps 225Mbps

并发 IPsec VPN 隧道
256 25/45 256 125 1,000 500 500
数
并发会话数 16K / 32K 8K /16K 32K / 64K 48K 64K / 128K 64K 128K
每秒新建会话数 2,000 2,800 2,000 8,000/15,000 9,000 8,000 12,500
附加插槽 0 0/2 1 4 4 3 5
IPS 性能 60M bps 80M bps 250M bps
支持
无线 AP 支持不支持不支持支持不支持不支持不支持
支持支持
VoIP 支持不支持不支持不支持不支持不支持
12,600 65,978
RMB List 15,378/20,878
/16,200
24,178/29,678 48,600/57,600
/81,378
77,000/88,000 110,000

SRX Vs SSG
Feature SSG 320 SSG 350 SRX240 SSG 520 SSG 550 SRX650 ISG 1000
固定 I/O 4 x GE 4 x GE 16 x GE 4 x GE 4 x GE 4 x GE 4 x GE
防火墙性能 450bps 550bps 1.5 Gbps 650bps 1Gbps 7.0 Gbps 2Gbps
防火墙 + 路由 PPS 175Kpps 225Kpps 200K PPS 300Kpps 600Kpps 900K PPS 1.5Mpps
VPN 性能 175Mbps 225Mbps 250Mbps 300Mbps 500Mbps 1.5Gbps 1Gbps

500 500 1,000 500 1,000 3,000 2,000
数
并发会话数 64K 128K 64K / 128K 128K 256K 512K 500K
每秒新建会话数 8,000 12,500 9,000 10,000 15,000 30,000 20,000
附加插槽 3 5 4 6 6 8 2
IPS 性能 250M bps 900M bps
RMB List 88,000 110,000 65,978 /81,378 143,000 231,000 352,000 800,000

SRX Vs ISG & NS
Feature ISG 2000 SRX3400 SRX3600 NS 5200 NS 5400 SRX5600 SRX5800
8 x GE + 4 8 x GE + 4
固定 I/O 4 x GE
xSFP xSFP
0 0 0 0
防火墙性能 4Gbps 10/20Gbps 10/20/30Gbps 10G bps 30G bps 60Gbps 120Gbps
防火墙 + 路由 PPS 3Mpps 3M PPS 6M PPS 6M PPS 18M PPS 7M PPS 15M PPS
VPN 性能 2Gbps 6Gbps 10Gbps 5G bps 15G bps 15Gbps 30Gbps

10,000 10,000 20,000 25,000 25,000 40,000 100,000
数
并发会话数 1M 2.25M 2.25M 1M 2M 9M 10M
每秒新建会话数 23K 175K 175K 26.5K 26.5K 350K 350K
附加插槽 4 4 6 2 4 5 11
IDP 性能 6Gbps 10Gbps 15Gbps 30Gbps
RMB List

SRX Vs Cisco
Cisco ASA Cisco ASA Cisco ASA
Feature SRX100
5505
SRX210
5510
SRX240
5520
固定 I/O 8 x 10/100 8 x 10/100 2 x GE + 6 x 10/100 3 x 10/100 16 x GE 4 x GE
防火墙性能 650 Mbps 150 Mbps 750 Mbps 300 Mbps 1.5 Gbps 450 Mbps
RIP/OSPF/BGP 支持不支持 BGP 80K PPS 不支持 BGP 200K PPS 不支持 BGP
VPN 性能 65Mbps 100Mbps 75Mbps 170M bps 250Mbps 250M bps

256 25 256 256 1,000 750
数
并发会话数 16K / 32K 25K 32K / 64K 130K 64K / 128K 280K
每秒新建会话数 2,000 3,000 2,000 6,000 9,000 9,000
附加插槽 0 0 1 1 4 1
IPS 性能 60M bps n/a 80M bps 150M bps 250M bps 225M bps
支持
无线 AP 支持不支持不支持支持不支持不支持
支持支持
VoIP 支持不支持不支持不支持不支持
主动 / 主动，主不支持；主用 / 主动 / 主动，主不支持；主用 /

不支持；无状态主动 / 主动，主动 / 被
高可用性动 / 被动，会话
主用 / 备用动，会话和配置同步
主用和主用 / 动 / 被动，会话主用和主用 /
和配置同步备用和配置同步备用
32 | Copyright © 200915,378/20,878
MSRP Juniper Networks, Inc. | www.juniper.net
24,178/29,678 65,978 /81,378
SRX Vs H3C
SecPath SecPath SecPath SecPath
Feature SRX100
F100-S F100-A-SI
SRX210
F100-E
SRX240
F1000-S
固定 I/O 8 x FE 4 x 10/100 2 x 10/100 2 x GE + 6 x FE 4 x 10/100 16 x GE 4 x GE
防火墙性能 650 Mbps 80 Mbps 185 Mbps 750 Mbps 400 Mbps 1.5 Gbps 1Gbps
防火墙 + 路由 PPS 60K PPS n/a n/a 80K PPS n/a 200K PPS n/a
10 / 60M
VPN 性能 65Mbps 30Mbps bps( 软 / 硬 75Mbps 200M bps 250Mbps 600Mbps
件)
256 n/a n/a 256 n/a 1,000 Na
数
并发会话数 16K / 32K 25 万 50 万 32K / 64K 50 万 64K / 128K 100 万
每秒新建会话数 2,000 1,000 3,000 2,000 10,000 9,000 10,000
附加插槽 0 0 1 1 1 4 1
IPS 性能 60M bps 80M bps 250M bps
支持
无线 AP 支持不支持不支持不支持支持不支持不支持
支持支持
VoIP 支持不支持不支持不支持不支持不支持
MSRP 15,378/20,878 36,089 90,000 24,178/29,678 116,978 65,978 /81,378 220,000

其他厂家安全产品和 Juniper 相对应的产品
SRX SRX SRX SSG SRX SRX SRX SRX SRX

Juniper
100 210 240 550 650 3400 3600 5600 5800
ASA 5505
ASA 5510 ASA 5520 ASA 5540 N/A N/A
Cisco PIX 501/ ASA 5550
PIX 515 PIX 525 PIX 535
506
FG50B FG60 FG200A FG110C N/A N/A

Fortinet FG800A FG310B FG620B
FG60 FG100A FG300A FG400A
Check UTM-1 UTM-1 UTM-1 UTM-1 UTM-1 UTM-1 N/A

N/A N/A
Point Edge 130/170 570 1070 2070 3070
SecPath F100- SecPath SecPath SecPath SecPath SecPath N/A

H3C N/A
M / F100 -A F100-E F1000-S F1000-E F5000-A F5000-A

场景—降低分支机构的 TCO
 60 台 PC 的小型分支机构，通过两条 E1 线路与总部连
接，互为备份。本地有服务器，通过 Web 对总部进行
业务访问
 要求：
– 设备之间进行高速通讯
– 要配置一定的安全措施，如防火墙
– 防火墙的吞吐量要求要达到 200Mbps+
 预计：
– PC 机的数量在 1-2 年之内增长一倍
– 移动办公需要使用 POE 端口支持 5-6 个 802.11n AP 的接入
– 安全扩展到全面的 UTM 功能

Juniper Vs. Cisco
开始阶段
1 x Cisco 2821 1 x SRX240H

1 x VWIC2-2MFT-T1/E1 2 x SRX-MP-1T1E1
1 x IOS advanced security 1 x EX3200-48T
1 x WS-C2960G-48TC-L
1 x WS-C2960G-24TC-L
Note:
SRX 机箱还提供 IDP 功能
EX3200 还有 8 个 POE 端口
Juniper Vs. Cisco
实现 UTM, POE 功能 , 网络扩容
新增 switch 新增 switch
1 x WS-C2960G-48TC-L 2 x EX3200-48T
1 x WS-C3560G-24PS-S 实现 UTM
实现 UTM 功能 1 x SRX240-SMB-CS
1 x ASA5520-CSC10-K9
1 x ASA-CSC10-PLUS
1 x NME-IPS 模块
Note: 未来 EX2200 非 POE 的交换机 +SRX240H-
POE 的解决方案更经济
SRX 高端系列
SRX 3400/3600/5600/5800

SRX3400
 机箱式设计 (3U)
– 7 个插槽 ( 前 4 后 3)
– 最大 4 块 IOC;4 块 SPC;2 块 NPC
 固定接口 (SCB)
– 8-10/100/1000 + 4-SFP
 模块化接口（ IOC ）
– 16-10/100/1000;16-SFP;2-XFP
 多核架构
 2 电源冗余 (N+1)
 性能
– 防火墙吞吐率 ( 大包 ) – 10 /20 Gbps
– 并发连接数– 2.25M
Model Description
SRX 3400 Chassis, Midplane, Fan, RE, SFB-12GE,
SRX3400BASE-AC
AC PEM - no power cord - no SPC - no NPC
SRX3400BASE-DC
DC PEM - no SPC - no NPC
* 最少需配 1SPC,1NPC

SRX3600
 机箱式设计 (5U)
– 12 个插槽 ( 前 6 后 6)
– 最大 7 块 IOC;7 块 SPC;3 块 NPC
 固定接口 (SCB)
– 8-10/100/1000 + 4-SFP
 模块化接口
– 16-10/100/1000;16-SFP;2-XFP
 多核架构
 4 电源冗余 (N+1)
 性能
– 防火墙吞吐率 ( 大包 ) – 10/20/30 Gbps
– 并发连接数– 2.25M
Model Description
SRX3600BASE-AC
2xAC PEM - no power cords - no SPC - no NPC
SRX3600BASE-DC
2xDC PEM - no SPC - no NPC
* 最少需配 1SPC,1N

Component Review
Dual-height SFB
option cover
(SRX 3600 only)
Switch Fabric
Air Board (SFB)
Intake
IOC 16xSFP
IOC 2x10GE
IOC 16xCopper Services Processing
Card (SPC)
Front
Slot guide
Fan tray
door
Services Processing
Cards (SPC)
Network Processing
Cards (NPC)
Routing Engine [ or SPCs ]
(RE) Rear
Slot guide
SRX 3x00 SFB – Switch Fabric Board
Control
Panel Virtual
IOC HA-control
HA-control
Port 1
Port 0
BITS
clock^
Single Stoli chip provides 16 10Gbps full-duplex, non-blocking

endpoints (320Gbps).
Note ^: BITS clock support will require daughter-card

SRX 3x00 SFB - Control Panel
SFB status
LED
Aggregated RE0 Master RE^
CFM status LEDs Console AUX/USB
Yellow
Alarm
LED
Red
Alarm
LED
Power
RE1^ RE0 RE1^
HA status Button
Console Ethernet Ethernet
LED
Note ^: Only RE in slot 0 supported at FRS. For future use.

SRX 3x00 SFB – Virtual IOC
Port 0/0/0 Port 0/0/6
Port 0/0/1 Port 0/0/7 Port 0/0/8 Port 0/0/11
Note: these “built-in” ports will not work unless an NPC and an SPC are installed in the system.

Total System Capacity
 SRX 3400 maximum capacities at FRS 1 NPC 2 NPCs
– AC (1000W – C19 straight) 1 SPC 4 IOCs 4 IOCs
 4 SPCs, 2 NPCs, 1 IOCs: 2 SPCs 4 IOCs 3 IOCs
– 20 Gbps Stateful Firewall
3 SPCs 3 IOCs 2 IOCs
– 1M total sessions
– 120K Sessions / Second 4 SPCs 2 IOCs 1 IOCs
– 6 Gbps IDP
– 8 Gbps IPSEC VPN
1 NPC 2 NPCs
– DC (850W) 1 SPC 4 IOCs 4 IOCs
 3 SPCs, 2 NPCs, 1 IOCs (optimized for FW performance): 2 SPCs 4 IOCs 3 IOCs
– 20 Gbps Stateful Firewall
– 1M total sessions 3 SPCs 2 IOCs 1 IOCs
– 120K Sessions / Second 4 SPCs 0 IOCs ---------
– 4 Gbps IDP
– 6 Gbps IPSEC VPN
1 NPC 2 NPCs 3 NPCs
 SRX3600 Maximum capacities at FRS 1 SPC 6 IOCs 6 IOCs 6 IOCs
 7 SPCs, 3 NPCs, 2 IOCs 2 SPCs 6 IOCs 6 IOCs 6 IOCs
– 30 Gbps Stateful Firewall 3 SPCs 6 IOCs 6 IOCs 5 IOCs
– 2M total sessions
4 SPCs 6 IOCs 5 IOCs 4 IOCs
– 120K Sessions / Second
– 11 Gbps IDP 5 SPCs 5 IOCs 4 IOCs 3 IOCs
– 14 Gbps IPSEC VPN 6 SPCs 4 IOCs 3 IOCs 2 IOCs
7 SPCs 3 IOCs 2 IOCs 1 IOCs
SRX 3400-DC limited by power supply capacity. No HA limitations.

Combo-CP
 Unlike the SRX 5Ks, the first SPC installed on an

SRX 3K splits its resources between CP and FLOW
duty.
 The first SPC only contributes to FLOW:
– 50% of its memory – 500K sessions instead of 1M
– ~85% of its CPU if only one SPC in the system
– ~67% of its CPU if two or more SPCs in the system
 Initially, weighted round-robin distribution 2:1 with
other SPUs.
 This session/CPU imbalance leads test tools to
underrate performance in approximately 50% of an
SPU.

SRX 3000 with JUNOS 9.4
Performance / Scalability
1 SPU 2 SPUs 3 SPUs* 4 SPUs* 5 SPUs° 6 SPUs° 7 SPUs°

1 NPC / 0+ IOCs
CPS 2 NPCs / 1+ IOCs ^ 40 85 140 180 180 180 180
3 NPCs / 2+ IOCs ^^
1 NPC / 0+ IOCs 10 10 10 10 10 10
FW Gbps 2 NPCs / 1+ IOCs ^ 10 15 20 20 20 20 20
3 NPCs / 2+ IOCs ^^ 15 25 30 30 30 30
1 NPC / 0+ IOCs 10
IDP Gbps 2 NPCs / 1+ IOCs ^ 1 2.5 4 6 7.5 9 11
3 NPCs / 2+ IOCs ^^ 11
1 NPC / 0+ IOCs 10 10
IPSEC Gbps 2 NPCs / 1+ IOCs ^ 2.5 4 6 8 10 12 14
3 NPCs / 2+ IOCs ^^ 12 14
1 NPC / 0+ IOCs
FW M Sessions 2 NPCs / 1+ IOCs ^ 0.5 1 / 1.5** 1 / 2** 1 / 2** 2 2 2
3 NPCs / 2+ IOCs ^^
1 NPC / 0+ IOCs 5 5
Mpps 2 NPCs / 1+ IOCs ^ 1 1.5 2.5 3.5 4.5 5.5 6.5
3 NPCs / 2+ IOCs ^^ 5.5 6.5
1 NPC / 0+ IOCs 10 10 10 10
FW IMIX Gbps 2 NPCs / 1+ IOCs ^ 2.5 5 8 11 14 17 20
3 NPCs / 2+ IOCs ^^ 11 14 17 20
Note ^: 2 NPCs are not cost effective without 1 or more IOCs.

Note ^^: 3 NPCs are supported only on SRX 3600, and are not cost effective without 2 or more IOCs.
Note °: 5+ SPCs supported only on SRX 3600. SRX 3400-AC highlighted in blue. SRX 3400-DC limits listed below.
Note *: SRX 3400-DC limited by power budget to (NPC/SPC/IOC) max: 1/4/1, 1/3/3, 2/3/1. No HA limits.
Note **: only SRX 3600 supports > 1M sessions [2M]
Note +: Most values are common to SRX 3400 and SRX 3600, except certain capacities that are show as "<SRX 3400> / <SRX 3600>".
Note ++: Values are calculated based off of estimates but close to current QA tested performance.

SRX5600
 水平式机箱 (8U)
– 8 个插槽
– 最多 6 块 SPC / IOC
– 最多 2 块 SCB （冗余）
 模块化接口
– 40-SFP; 4-10Gig
 多核架构
 4 电源冗余 (N+n/N+1)
 性能
– 防火墙吞吐率 ( 大包 ) – 60 Gbps
– 并发连接数– 9M
Model Description
SRX5600 chassis, includes RE, SCB, 2 AC power
SRX5600BASE-AC supplies. Country specific power cords purchased
separately, see below.
SRX5600 chassis, includes RE, SCB, 2 DC power
SRX5600BASE-DC
supplies
* 最少需配 1SPC

SRX5800
 垂直式机箱 (16U)
– 14 个插槽
– 最多 11 块 SPC / IOC
– 最多 3 块 SCB （冗余）
 模块化接口
– 40-SFP; 4-10Gig
 多核架构
 4 电源冗余 (N+n/N+1)
 性能
– 防火墙吞吐率 ( 大包 ) – 120 Gbps
– 并发连接数– 10M
Model Description
SRX5800 chassis, includes RE, 2xSCB, 3 AC power
SRX5800BASE-AC supplies. Country specific power cords purchased
separately, see below.
SRX5800 chassis, includes RE, 2xSCB, 2 DC power
SRX5800BASE-DC
supplies
* 最少需配 1SPC

Component Review
Control Panel
Upper Fan tray
Switch Control
IOC 40x1GE Boards (SCB)
IOC 4x10GE
Route Engine Service Processing

(RE) Cards (SPC)
Lower Fan tray
Air
Intake

SRX5800 Front Panel
Power Supply Indications

Fan Tray Indications
Routing Engine 0 Indications
Routing Engine 1 Indications
Yellow Red Alarm
Alarm Alarm Cut- Alarm
LED LED off Relays
Slot Online/Offline Buttons
Note: SRX5600 is basically the same

SRX 5x00 SCB/RE Configuration
 SRX 5800
– Redundant fabric configuration
 3 SCBs in SCB slot 0 (with RE), SCB slot 1 and SCB slot 2
 11 IOC/SPC with IOC/SPC slots 0-5 and slots 7-11
– Non redundant fabric configuration
 2 SCBs in SCB slot 0 (with RE) and SCB slot 1
 12 IOC/SPC with IOC/SPC slots 0-5 and slots 6-11
 SRX 5600
– Redundant fabric configuration
 2 SCBs in SCB slot 0 (with RE), SCB slot 1
 6 IOC/SPC with IOC/SPC slots 0-5
– Non redundant fabric configuration
 1 SCB in SCB slot 0 (with RE)
 6 IOC/SPC with IOC/SPC slots 0-5
 Only single RE currently supported per chassis

SRX 5x00 Switch Control Board
 SCBs are the Switch and

Control Boards
But:
 SCB acts as RE carrier
 SCB in slot 2 does not
 Each SCB has two fabric support RE (though it can
chips be plugged in)
 Control part and switch part
on SCB are operating
independently
 switch part can operate
without RE being inserted

SRX5K-RE-13-20
 SRX5K-RE-13-20
– 1.3 GHz Celeron-M
– 2 GB DDR2-400 SDRAM (2 DIMMs).
– 1GB internal CF
– USB 2.0 flash drive support
– 30GB HD
 RE is NOT involved in traffic processing
– Handles all routing
– Handles chassis management

Service Processing Card (SPC)
Features & Capacities
 High Throughput
– 20Gbps
 2M Sessions
 2.2Mpps
 100K new sessions / second
 Flexible networking and security processing
– Advanced Routing
– Stateful Firewall
– IDP
– NAT
– DoS/DDoS

Service Processing Card
 What is an HD-CPU?
– High Density CPU
– Characterized by:
 Multiple core
 Multiple thread
– #cores x #threads = #‘virtual CPUs’
 High bandwidth interfaces & memory bus
 Specialized acceleration (crypto, etc)
 Easily programmable
 Based on ‘standard’ CPU architectures

Block Diagram
Service Processing Card
•Stateful Firewall
•IPSec VPN processing
•IDP Processing
•NAT, DoS, etc…
Switch Fabric SPC
SCB
I HD-CPU
SCB
I HD-CPU
SCB
Fabric Service
Interface Processing

IOC
Features & Capacities
 High Density Ethernet

– 40xGig SFP Interfaces
– 4x10Gig XFP Interfaces
 2M entry session cache per NP
 40Gbps throughput
 Flow load balancing
 Security screens
 Rich, fine grained QoS

Major Functions: Ingress IOC
•Flow lookup
•Screens
•SPC load balancing
IOC
Ingress IOC
Switch Fabric
I SCB
NP I
NP I
NP I SCB
Network Fabric SCB

Processor Interface

Major Functions: Egress IOC
•Rich QoS
•Queuing
•Shaping
Switch Fabric IOC
SCB
I ESE
SCB I ESE
I ESE
I NP
SCB
Fabric Shaping
Interface Queuing

Chassis Cluster Architecture – SRX 5K
Device 1 Device 2
SCB 1 Route SCB 2 Route SCB 1 Route SCB 2

Engine Engine Engine
GE
switch
 Device wide:
– Independent Control and
Data planes
– Redundant power and fan
I I I I – A/B Control plane I I I I
– A/B Data plane
I I I I I I I I
 System wide:
I I I I – Independent and I I I I
redundant Control and
Data plane paths
I I I I I I I I
– A/B control plane
IO IO SP SP – A/B data plane IO IO SP SP
C C C C C C C C
PEM 2 PEM 4 PEM 2 PEM 4
PEM 1 PEM 3 FAN 1 FAN 2 FAN 1 FAN 2 PEM 1 PEM 3

Total System Capacity
 Given the preceding capacities:

– SRX5800 maximum capacities at FRS
 assume 4 IOC, 8 SPC
 150Gbps Stateful Firewall
 8M total sessions*
 350K Sessions / Second
– SRX5600 Maximum capacities at FRS
 assume 2 IOC, 4 SPC
 70Gbps Stateful Firewall
 8M total sessions*
 350K Sessions / Second
* JUNOS 9.2 limited to 4M sessions. JUNOS 9.4 plans 8M session support

I/O Cards 1 2 3 4 5 6 7 8 9 10 11
SPCs CPS-K 80 80 80 80 80 80 80 80 80 80 80
FW-Gbps 20 20 20 20 20 20 20 20 20 20 20
1 MPPS 1.8 1.8 1.8 1.8 1.8 1.8 1.8 1.8 1.8 1.8 1.8
M Sessions 1.5 1.5 1.5 1.5 1.5 1.5 1.5 1.5 1.5 1.5 1.5
IDP-Gbps 3.5 3.5 3.5 3.5 3.5 3.5 3.5 3.5 3.5 3.5 3.5
CPS-K 150 150 150 150 150 150 150 150 150 150
FW-Gbps 30 30 30 30 30 30 30 30 30 30
2 MPPS 3 3 3 3 3 3 3 3 3 3
M Sessions 3 3 3 3 3 3 3 3 3 3
IDP-Gbps 5 5 5 5 5 5 5 5 5 5
CPS-K 250 250 250 250 250 250 250 250 250
FW-Gbps 40 50 50 50 50 50 50 50 50
3 MPPS 5 5 5 5 5 5 5 5 5
M Sessions 5 5 5 5 5 5 5 5 5
IDP-Gbps 9 9 9 9 9 9 9 9 9
CPS-K 350 350 350 350 350 350 350 350
FW-Gbps 40 70 70 70 70 70 70 70
4 MPPS 7 7 7 7 7 7 7 7
M Sessions 7 7 7 7 7 7 7 7
IDP-Gbps 12 12 12 12 12 12 12 12
CPS-K 350 350 350 350 350 350 350
FW-Gbps 40 80 90 90 90 90 90
5 MPPS 9 9 9 9 9 9 9
M Sessions 8 8 8 8 8 8 8
IDP-Gbps 16 16 16 16 16 16 16
CPS-K 350 350 350 350 350 350
FW-Gbps 40 80 110 110 110 110
6 MPPS 11 11 11 11 11 11
M Sessions 8 8 8 8 8 8
IDP-Gbps 19 19 19 19 19 19
CPS-K 350 350 350 350 350
FW-Gbps 40 80 120 130 130
7 MPPS 13 13 13 13 13
M Sessions 8 8 8 8 8
IDP-Gbps 23 23 23 23 23
CPS-K 350 350 350 350 800
FW-Gbps 40 80 120 150
8 MPPS 15 15 15 15
M Sessions 8 8 8 8
IDP-Gbps 26 26 26 26
CPS-K 350 350 350 800 800
FW-Gbps 40 80 120
9 MPPS 17 17 17
M Sessions 8 8 8
IDP-Gbps 30 30 30
CPS-K 350 350 800 800 800
FW-Gbps 40 80 CPS-K (thousands of new and sustained TCP connections per second)
10 MPPS 19 19 FW-Gbps (full-duplex firewall throughput)
M Sessions 8 8 MPPS (millions of packets per second at 64B)
IDP-Gbps 34 34 M Sessions (millions of maximum concurrent TCP or UDP sessions)
CPS-K 350 800 IDP-Gbps (full-duplex IDP throughput using HTTP)
FW-Gbps 40
11 MPPS 21
M Sessions 8
IDP-Gbps 38

SRX 数据中心系列参数汇总
FEATURES SRX3400 SRX3600 SRX5600 SRX5800

Interfaces 8 GE+4 SFP 8 GE+4 SFP / /
Slots 7 12 8 14
16 SFP, 16 GE, 2
IOC 16 SFP, 16 GE, 2 XFP 40 SFP ， 4 XFP 40 SFP ， 4 XFP
XFP
Maximum IOC 4 7 6 11
Maximum SPC 4 7 6 11
Maximum NPC 2 3 / /
Maximum SCB/Redundant 1/No 2/Yes 2/Yes 3/Yes
Maximum RE/Redundant 1/No 1/No 1/No 1/No
Firewall performance (Large Packets) 10/20 Gbps 10/2030 Gbps 60 Gbps 120 Gbps
Firewall performance (IMIX) 8 Gbps 18 Gbps 20 Gbps 45 Gbps
Firewall performance (Firewall + Routing PPS
64byte)
3 Mpps 6 Mpps 7 Mpps 15 Mpps
VPN Performance—AES256+SHA-1 6 Gbps 10 Gbps 15 Gbps 30 Gbps

Intrusion Prevention System 6 Gbps 10 Gbps 15 Gbps 30 Gbps
Connections Per Second (CPS) 175K 175K 350K 350K
Maximum Concurrent Sessions 2.25M 2.25M 9M 10M
High Availability A/P A/P A/P A/P

THANK YOU

SRX产品介绍 Y1003

Uploaded by

Copyright:

Available Formats

SRX产品介绍 Y1003

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

SRX产品介绍 Y1003

Uploaded by

Copyright:

Available Formats

效能卓越 毫不妥协

1 | Copyright © 2009 Juniper Networks, Inc. | www.juniper.net

2 | Copyright © 2009 Juniper Networks, Inc. | www.juniper.net

3 | Copyright © 2009 Juniper Networks, Inc. | www.juniper.net

4 | Copyright © 2009 Juniper Networks, Inc. | www.juniper.net

5 | Copyright © 2009 Juniper Networks, Inc. | www.juniper.net

SRX100H high memory (1GB RAM)

*Q3 2009 开始供货

6 | Copyright © 2009 Juniper Networks, Inc. | www.juniper.net

Features SRX100 (target)

 Ideal for micro-branch, On-board Ethernet 8 x FE

managed telecommuters, SOHO Power over Ethernet (802.3af, 802.3at) None

IPS performance TBD

7 | Copyright © 2009 Juniper Networks, Inc. | www.juniper.net

SRX210H high memory (1GB RAM)

SRX210H-POE high memory (1GB RAM), w/ 4 Ports POE (50W)

*Q3 2009 支持语音

8 | Copyright © 2009 Juniper Networks, Inc. | www.juniper.net

Firewall performance (IMIX) 250 Mbps

9 | Copyright © 2009 Juniper Networks, Inc. | www.juniper.net

SRX240H high memory (1GB RAM)

SRX240H-POE high memory (1GB RAM), w/ 16 ports POE (150W).

*Q4 2009 支持语音、 3G

10 | Copyright © 2009 Juniper Networks, Inc. | www.juniper.net

 Ideal for small–medium branches On-board Ethernet 16 x GE

Power over Ethernet (802.3af, 802.3at) 16 ports GE, 150 W

JUNOS Software version support JUNOS 9.5

* Supported in JUNOS 9.6

* Junos9.6SRE 支持冗余 , 2010 支持语音 ,ACE

12 | Copyright © 2009 Juniper Networks, Inc. | www.juniper.net

 Max Gig E 52 ports Firewall performance

13 | Copyright © 2009 Juniper Networks, Inc. | www.juniper.net *Supported in JUNOS 9.6

FEATURES SRX100 (target) SRX210 SRX240 SRX650

VPN Performance—AES256+SHA-1 3DES+SHA 1 65 Mbps 75 Mbps 250 Mbps 1.5 Gbps

14 | Copyright © 2009 Juniper Networks, Inc. | www.juniper.net

FXS ports – connect E1/T1 or FXOs for carrier trunk

Target No. Base Base Expansion

15 | Copyright © 2009 Juniper Networks, Inc. | www.juniper.net

Dynamic VPN Services

Retail Branch Regional

17 | Copyright © 2009 Juniper Networks, Inc. | www.juniper.net

18 | Copyright © 2009 Juniper Networks, Inc. | www.juniper.net

SRX100 SRX210 SRX240

Software Features Hardware (Onboard Ethernet)

Default Policy—Allow All Default Policy—Deny All

ZONE “TRUST” ZONE “TRUST”

IPS Juniper IDP detects/stops Worms, Trojans,

Web Filtering Websense to block to unapproved site

Antivirus Kaspersky Lab AV stops viruses, file-

Content Filtering SRX Series blocks transmission of files

21 | Copyright © 2009 Juniper Networks, Inc. | www.juniper.net

Control Data App Internet

UAC Enforcement Points

Comprehensive, vendor-agnostic, standards-based access control across

Dynamic VPN Service –

 5-user, 10-user, 25-user, 50-user

23 | Copyright © 2009 Juniper Networks, Inc. | www.juniper.net

Stateful Firewall UTM

24 | Copyright © 2009 Juniper Networks, Inc. | www.juniper.net

效能卓越毫不妥协

主动 / 主动，主不支持；主用 / 主动 / 主动，主不支持；主用 /