Tuesday, 9 October 2012

Juniper SRX Hardware Overview - Branch

Some posts will not be directly related to topics on the JNCIE-SEC exam blue print. This post "Juniper SRX Hardware Overview - Branch" is one of them. I find taking the approach of working bottom up works best so that more complex topics have a good foundation to spring from.

The purpose of this post is to highlight the major differences within the product family, not to list every specification of every model number. For that simply visit the Juniper website to compare SRX device specifications.
Juniper Branch SRX Spec Comparison
Juniper Data Centre SRX Spec Comparison

The Juniper SRX portfolio is divided into two main categories/families; Branch SRX Series & Data Centre SRX Series. This post will focus on the Branch SRX Series.

Branch SRX Series

This group consists of SRX model numbers which are 3 digits long (SRX100, SRX110, SRX210, SRX220, SRX240, SRX550, SRX650).

All of these models share the same distribution of Junos. For example, at the time of this writing the most current version of 11.1 Junos available for the branch SRX series was 11.1R6.4 [junos-srxsme-11.1R6.4-domestic.tgz]. In the file name "srxsme" identifies this version of Junos as the Branch SRX Series.

Memory Options
The SRX100, SRX210 and SRX240 come in base memory and high memory options. Base memory versions have 512MB of memory and the high memory versions have 1GB of memory. The SRX100 is unique in that the high memory option is a licensed feature. This means that SRX100-B (Base memory) units can be upgraded to SRX100-H (high memory) units with the purchase of a license key. The other branch models cannot be upgraded to high memory units with a license key as the hardware is slightly different. They are specifically purchased as base  or high memory units. In addition to this the SRX110, SRX220, SRX550 and SRX650 only come in high memory versions.

UTM (Unified Threat Management)
UTM consists of the following features (IPS, Antivirus, Web Filtering, Content Filtering and AppSecure). UTM features are only available on the high memory versions of the SRX Branch platform as they are designed to work with 1GB of memory. Most UTM features are licensed, for details see the Branch SRX Series Data Sheet.
Correction: IPS is not included in the UTM features. See full list here, UTM features for Junos 11.1AppSecure is not a UTM feature. AppSecure support on Branch SRX is limited and details can be found here, AppSecure details for Junos 11.1. Current versions of Junos support more AppSecure features and details can be found here, AppSecure details for current Junos.
Thanks to KW for finding this additional information.

Expandable Interface options
The SRX210, SRX220 and SRX240 support Mini-PIM I/O modules.
The SRX550 supports Mini-PIM, GPIM and XPIM modules.
The SRX650 supports GPIM and XPIM modules.
For further details regarding I/O interfaces options and supportability on specific SRX models please see the Physical Interface Module (PIM) Compatibility Matrix PDF.

The hardware architecture used for the Branch models is single multi-core CPU. Parallel processing is used so that many services can be executed on a single hardware CPU. Running the data plane and forwarding plane on different CPU cores provides some separation.

The exception to this is the CSA (content security accelerator) which provides some hardware pattern matching for UTM features. CSA's are a separate internal hardware module. They are present in the following models (SRX210-H, SRX220, SRX240-H, SRX550 and SRX650). Note that they are not present in the base memory versions or in the SRX100-H model.

1 comment:

  1. Hi Stefan - great post.

    UTM doesn't include IPS as per this URL (http://www.juniper.net/techpubs/en_US/junos12.1/topics/reference/general/security-feature-utm-support.html )

    Also is AppSecure part of UTM, or is it more like a security services software for IDP group, as it includes (AppId, AppTrack, AppDDoS, AppFW) as per (http://www.juniper.net/techpubs/en_US/junos12.1/topics/reference/general/security-feature-application-identification-junos-os-support.html)