Data Sheet

Security Products Comparison Chart

SRX and vSRX (formerly Firefly Perimeter) Performance and Features Matrix SRX100 SRX110 SRX210 SRX220 SRX240 SRX550 SRX650
Branch / Office Branch / Office Branch / Office Branch / Office Branch / Office Branch / Office Large Office
Performance Firewall throughput (large packets) 700 Mbps 700 Mbps 850 Mbps 950 Mbps 1.8 Gbps 5.5 Gbps 7 Gbps
Firewall throughput (IMIX) 200 Mbps 200 Mbps 250 Mbps 300 Mbps 600 Mbps 1.7 Gbps 2.5 Gbps
IPsec VPN 3DES/AES throughput (large packets) 65 Mbps 65 Mbps 85 Mbps 100 Mbps 300 Mbps 1.0 Gbps 1.5 Gbps
IPS throughput 75 Mbps 75 Mbps 65 Mbps 80 Mbps 230 Mbps 800 Mbps 1 Gbps
Antivirus (Sophos AV) throughput 25 Mbps 25 Mbps 30 Mbps 35 Mbps 85 Mbps 300 Mbps 350 Mbps
Maximum concurrent sessions1 32K 32K 64K 96K 256K 375K 512K
Connections/Sec 1.8K 1.8K 2.2K 2.8K 8.5K 27K 35K
Interfaces 8x10/100 8x10/100 + 2 10/100/1000 8 10/100/1000, 16 10/100/1000, 6 10/100/1000 + 4 10/100/1000, 8
1xVDSL + 6 10/100, optional optional 4 SFP, 8 I/O I/O slots
optional PoE, 1 PoE, 2 I/O slots PoE, 4 1/O slots slots supporting supporting GbE,
I/O slot suporting supporting supporting GbE, PoE, PoE, SFP,
SFP, ADSL, SFP, ADSL, SFP, ADSL, SFP, ADSL, T1, E1, Serial,
ADSL2, ADSL2+, ADSL2, ADSL2+, ADSL2, ADSL2+, ADSL2, ADSL2+, DS3, E3
Serial, T1, E1,
Serial, T1, E1, Serial, T1, E1, Serial, T1, E1,
VDSL
VDSL VDSL VDSL, DS3, E3
Firewall DoS and DDoS protection (Layers 3 and 4) X X X X X X X
TCP reassembly for fragmented packet protection X X X X X X X
Brute force attack mitigation X X X X X X X
SYN cookie protection X X X X X X X
Zone-based IP spoofing X X X X X X X
Malformed packet protection X X X X X X X
VPN IPsec VPN X X X X X X X
Security Intelligence Integration with Spotlight Secure for protection from Command and N/A N/A N/A N/A X X X
for advanced threat Control related bots, Web application threats, and policy enforcement based
protection on GeoIP
NGFW/L7 Security Intrusion Prevention System (IPS) X X X X X X X
Services AppTrack2 X X X X X X X
AppFirewall3 X X X X X X X
AppQoS4 X X X X X X X
AppID (Application Awareness)5 X X X X X X X
User Firewall: On-box6 X X X X X X X
User Firewall: Integrated w/Juniper’s Unified Access Control (UAC) X X X X X X X
SSL Forward Proxy7 N/A N/A N/A N/A X X X
SSL Reverse Proxy
UTM9 Antivirus X X X X X X X
Antispam X X X X X X X
Web filtering X X X X X X X
Content filtering X X X X X X X
Networking Routing OSPF, BGP, OSPF, BGP, OSPF, BGP, OSPF, BGP, OSPF, BGP, OSPF, BGP, OSPF, BGP,
RIPv1/v2, MPLS, RIPv1/v2, MPLS, RIPv1/v2, MPLS, RIPv1/v2, MPLS, RIPv1/v2, MPLS, RIPv1/v2, MPLS, RIPv1/v2, MPLS,
Multicast Multicast Multicast Multicast Multicast Multicast Multicast
Multiple WAN, WLAN, LAN options X X X X X X X
Availability High Availability (A/P, A/A)11 X N/A X X X X X
Separate Control and Data Planes N/A N/A N/A N/A N/A N/A N/A
In-Service SW & HW Upgrade N/A N/A N/A N/A N/A N/A N/A
NAT NAT X X X X X X X
Management Centralized management X X X X X X X

1
Security Products Comparison Chart Data Sheet

SRX and vSRX (formerly Firefly Perimeter) Performance and Features Matrix SRX1400 SRX3400 SRX3600 SRX5400 SRX5600 SRX5800 vSRX*
Virtual DC/
Small / med Med / large data Med / large data High-perf data High-perf data High-perf data
Public or Private
data center center center center center center
Cloud
Performance Firewall throughput (large packets) / Express Path 10 Gbps 30 Gbps 55 Gbps 65 Gbps / 130 Gbps / 320 Gbps / UDP 1514B pkts:
240 Gbps 480 Gbps 2 Tbps VMware: 17 Gbps;
KVM: 13.5 Gbps
Firewall throughput (IMIX) 5 Gbps 10 Gbps 20 Gbps 30 Gbps 65 Gbps 130 Gbps VMware: 4 Gbps;
KVM: 3 Gbps
IPsec VPN 3DES/AES throughput (large packets) 4 Gbps 8 Gbps 15 Gbps 43 Gbps 75 Gbps 150 Gbps AES+SHA1,
VMware: 800
Mbps; KVM:
700 Mbps
IPS throughput 3 Gbps 8 Gbps 15 Gbps 22 Gbps 50 Gbps 100 Gbps VMware: 1.8
Gbps; KVM:
1.4 Gbps
Antivirus (Sophos AV) throughput 10 1.29 Gbps 2.5 Gbps 4.5 Gbps Coming soon 5.8 Gbps 13.5 Gbps VMware:
490 Mbps; KVM:
380 Mbps
Maximum concurrent sessions 1.5M 2.25M/3M (add'l 2.25M/6M (add'l 28M 100M 100M 520K
Extreme License Extreme License
required) required)
Connections/Sec 70K 150K 150K/270K 450K 450K 450K VMware: 54K;
(add'l license KVM: 36K
required)
Interfaces 6 10/100/1000 + 8 10/100/1000 + 8 10/100/1000 + Multiple options: Multiple options: Multiple options: Virtual NICs:
6 SFP or 4 SFP 4 SFP 1 GbE 1 GbE 1 GbE VMware: 10;
6 10/100/1000 + (on-board) plus (on-board) plus 10 GbE 10 GbE 10 GbE KVM: 8
3 SFP and optional 16 SFP optional 16 SFP 40 GbE 40 GbE 40 GbE
3 10GbE (on GbE, 16 GbE, 16
100 GbE 100 GbE 100 GbE
board) plus 10/100/1000, or 10/100/1000, or
optional 16 SFP 2 XFP 10 GB 2 XFP 10 GB
GbE, 16
10/100/1000,
or 2
XFP 10GbE
Firewall DoS and DDoS protection (Layers 3 and 4) X X X X X X X
TCP reassembly for fragmented packet protection X X X X X X X
Brute force attack mitigation X X X X X X X
SYN cookie protection X X X X X X X
Zone-based IP spoofing X X X X X X X
Malformed packet protection X X X X X X X
VPN IPsec VPN X X X X X X X
Security Intelligence Integration with Spotlight Secure for protection from Command and X X X X X X N/A
for advanced threat Control related bots, Web application threats, and policy enforcement
protection based on GeoIP

*Performance, capacity and features listed are based on the vSRX running Junos OS 15.1X49-D15 and are measured under ideal testing conditions. Actual results may vary based on Junos OS releases and by deployments. For vSRX, the reference platform for performance was
a Dell PowerEdge R920, 12 Core, 3.4 Ghz CPUs, SR-IOV enabled. VMware tests were based on ESXi5.5; KVM tests were based on Ubuntu-14.04. Actual performance will depend on the underlying hardware configuration (some server configurations may perform better).

2
Security Products Comparison Chart Data Sheet

SRX and vSRX (formerly Firefly Perimeter) Performance and Features Matrix SRX1400 SRX3400 SRX3600 SRX5400 SRX5600 SRX5800 vSRX
Virtual DC/
Small / med Med / large data Med / large data High-perf data High-perf data High-perf data
Public or Private
data center center center center center center
Cloud
NGFW/L7 Security Intrusion Prevention System (IPS) X X X X X X X
Services AppTrack X X X X X X X
AppFirewall X X X X X X X
AppQoS4 X X X X X X X
AppID (Application Awareness) X X X X X X X
User Firewall: On-box6 X X X X X X N/A
User Firewall: Integrated w/Juniper’s Unified Access Control (UAC)13 X X X X X X N/A
SSL Forward Proxy X X X X X X N/A
SSL Reverse Proxy8 X X X X X X N/A
UTM9 Antivirus X X X X X X X
Antispam X X X X X X X
Web filtering X X X X X X X
Content filtering X X X X X X X
Networking Routing OSPF, BGP, OSPF, BGP, OSPF, BGP, OSPF, BGP, OSPF, BGP, OSPF, BGP, X
RIPv1/v2, RIPv1/v2, RIPv1/v2, RIPv1/v2, RIPv1/v2, RIPv1/v2,
Multicast Multicast Multicast Multicast Multicast Multicast
Multiple WAN, WLAN, LAN options N/A N/A N/A N/A N/A N/A N/A
Availability High Availability (A/P, A/A)11, 12 X X X X X X X
Separate Control and Data Planes X X X X X X N/A
In-Service SW & HW Upgrade X X X X X X N/A
NAT NAT X X X X X X X

Management Centralized management X X X X X X X

1. Maximum concurrent sessions for SRX100->SRX240: Based on 2 GbE memory models, which require Junos OS 12.1X44-D15 (exception: Junos OS 11.4r5 for SRX240 only).
2. AppTrack for SRX100->SRX650 currently supported for IPv4 and also IPv6 L3 (roadmap for L2 support).
3. AppFirewall for SRX100->SRX650 currently supported for IPv4 and also IPv6 L3 (roadmap for L2 support).
4. AppQoS for SRX100->SRX650 currently supported for IPv4 (roadmap for IPv6 support). AppQoS for SRX1400->SRX5800 currently supported for IPv4 and also IPv6 L3 (IPv6 L2 in QA).
5. AppID for SRX100->SRX650 currently supported for IPv4 and also IPv6 L3 (roadmap for L2 support).
6. User FW for SRX100->SRX5800 currently supported for IPv4 only.
7. SSL Forward Proxy for SRX100->SRX650 currently supported for IPv4 (roadmap for IPv6 support).
8. SSL Reverse Proxy for SRX1400->SRX5800 currently supported for IPv4 only.
9. Unified Threat Management for SRX100->SRX650 currently supported for IPv4 only. Unified Threat Management for SRX1400->SRX5800 currently supported for IPv4 L3 only.
10. For SRX series, the performance numbers are with current generation SPCs. Numbers will be higher with next generation SPCs (to be published in 2H2014).
11. High availability definitions: A/P = Active / Passive mode, A/A = Active / Active mode.
12. High Availability - For SRX1400, Active/Active is not supported in Junos OS 10.4. For vSRX (formerly Firefly Perimeter), High Availability is currently supported on VMware; KVM support is planned for 12.1X47D15 release.
13. For vSRX, Determinist User FW with Juniper’s UAC – we do support L3 enforcement in UAC deployments

This table has been published for Q3-2015.

Juniper Networks Service and Support

Juniper Networks is the leader in performance-enabling services that are designed to
accelerate, extend, and optimize your high-performance network. Our services allow you to
maximize operational efficiency while reducing costs and minimizing risk, achieving a faster
time to value for your network. Juniper Networks ensures operational excellence by optimizing
the network to maintain required levels of performance, reliability, and availability. For more
details, please visit www.juniper.net/us/en/products-services.

3
Security Products Comparison Chart Data Sheet

About Juniper Networks

Juniper Networks is in the business of network innovation. From devices to data centers, from
consumers to cloud providers, Juniper Networks delivers the software, silicon and systems that
transform the experience and economics of networking. The company serves customers and
partners worldwide. Additional information can be found at www.juniper.net.

Corporate and Sales Headquarters APAC and EMEA Headquarters Copyright 2015 Juniper Networks, Inc. All rights reserved. Juniper Networks,
the Juniper Networks logo, Junos and QFabric are registered trademarks
Juniper Networks, Inc. Juniper Networks International B.V.
of Juniper Networks, Inc. in the United States and other countries. All other
1133 Innovation Way Boeing Avenue 240 trademarks, service marks, registered marks, or registered service marks
are the property of their respective owners. Juniper Networks assumes
Sunnyvale, CA 94089 USA 1119 PZ Schiphol-Rijk
no responsibility for any inaccuracies in this document. Juniper Networks
Phone: 888.JUNIPER (888.586.4737) Amsterdam, The Netherlands reserves the right to change, modify, transfer, or otherwise revise this
or +1.408.745.2000 Phone: +31.0.207.125.700 publication without notice.

Fax: +1.408.745.2100 Fax: +31.0.207.125.701

www.juniper.net

1000265-016-EN Sep 2015