Data Sheet

SRX4600 SERVICES GATEWAY

Product Description
The Juniper Networks® SRX4600 Services Gateway protects mission-critical data center
and campus networks for enterprises, mobile service providers, and cloud service providers.
Designed for high-performance security services architectures, the SRX4600 protects key
corporate IT assets as a next-generation firewall, acts as an enforcement point for cloud-
based security solutions, and provides application visibility and control to improve the user
and application experience.
Product Overview
Integrating networking and security in a single platform, the SRX4600 features multiple
The SRX4600 Services Gateway high-speed interfaces, intrusion prevention, advanced threat protection, and authentication,
is a high-performance, next- along with high-performance IPsec VPN and Internet gateway capabilities. It also offers
generation firewall and high scalability, high availability, robust protection, application visibility, user identification,
hardware-accelerated security and deep content inspection to provide unparalleled control over the security
gateway offering up to 400 infrastructure.
Gbps of firewall performance
The SRX4600 also acts as a central enforcement point in the Juniper Connected Security
that supports the changing
framework, leveraging strong automation and actionable intelligence to protect users in a
needs of cloud-enabled
multivendor network environment.
enterprise and service provider
networks. Whether rolling out The SRX4600 is powered by Juniper Networks Junos® operating system, the industry-
new services in an enterprise leading OS that keeps the world’s largest mission-critical enterprise and service provider
data center or campus, networks secure.
connecting to the cloud,
complying with industry
Architecture and Key Components
standards, deploying distributed The SRX4600 hardware and software architecture provides cost-effective security in a
security gateways, or offering small 1 U form factor. Purpose-built to protect network environments and provide Internet
high-scale multitenant security Mix (IMIX) firewall throughput up of 75 Gbps, the SRX4600 incorporates multiple security
services, the SRX4600 helps services and networking functions on top of Junos OS. Best-in-class security and advanced
organizations realize their threat mitigation capabilities on the SRX4600 are offered as 60 Gbps of next-generation
business objectives while firewall, 65 Gbps of intrusion prevention system (IPS), and up to 16 Gbps of IPsec VPN in
providing scalability, high data center, enterprise campus, and regional headquarter deployments with IMIX traffic
availability, ease of
patterns.
management, secure
Table 1. SRX4600 Statistics¹
connectivity, and advanced
threat mitigation capabilities. Performance SRX4600
Firewall throughput 95 Gbps
Firewall throughput – IMIX with Express Path 400 Gbps
Firewall throughput—IMIX 75 Gbps
Firewall throughput with application security 90 Gbps
IPsec VPN throughput—IMIX/1400 B 16/55 Gbps
Intrusion prevention system (IPS) 65 Gbps
NGFW2 throughput 60 Gbps
Connections per second 600,000
Maximum session 60 million
1
Performance, capacity, and features listed are based on systems running Junos OS 19.3R1 and are measured under ideal testing conditions. Actual results may
vary based on Junos OS releases and by deployments.
2
Next-generation firewall (NGFW) is a combination of advanced features such as application security, IPS, and URLF in addition to the foundational services such
as logging and stateful firewall.

1
 SRX4600 Services Gateway

The SRX4600 recognizes more than 3500 applications and nested applications in plain text or SSL-encrypted transactions. The firewall also
integrates with Microsoft Active Directory and combines user information with application data to provide network-wide application and
user visibility and control.

Features and Benefits

Table 2. SRX4600 Features and Benefits

Business Requirement Feature/Solution SRX4600 Advantages

High performance Up to 95 Gbps of firewall • Best suited for enterprise campus and data center edge deployments
throughput (up to 75 Gbps of IMIX • Ideal for secure router/VPN concentrator deployments at the head office
firewall throughput)
• Addresses diverse needs and scale for service provider deployments

High-quality end-user Application visibility and control • Detects 3500+ L3-L7 applications, including Web 2.0
experience • Controls and prioritizes traffic based on application and use role
• Inspects and detects applications inside SSL-encrypted traffic

Advanced threat IPS, antivirus, antispam, enhanced • Provides real-time updates to IPS signatures and protects against exploits
protection web filtering, Juniper Advanced • Implements industry-leading antivirus and URL filtering
Threat Prevention Cloud, Encrypted
Traffic Insights, Threat Intelligence • Delivers open threat intelligence platform that integrates with third-party feeds
Feeds, and Juniper ATP Appliance • Protects against zero-day attacks
• Stops rogue and compromised devices to disseminate malware
• Restores visibility that was lost due to encryption, without the heavy burden of full TLS/SSL decryption

Professional-grade Routing, secure wire • Supports carrier-class advanced routing and quality of service (QoS)
networking services
Highly secure IPsec VPN, Remote access/SSL VPN • Provides high-performance IPsec VPN with dedicated crypto engine
• Offers diverse VPN options for various network designs, including remote access and dynamic site-to-site
communications
• Simplifies large VPN deployments with auto VPN
• Includes hardware-based crypto acceleration
• Secure and flexible remote access SSL VPN with Juniper Secure Connect

Highly reliable Chassis cluster, redundant power • Provides stateful configuration and session synchronization
supplies • Supports active/active and active/backup deployment scenarios
• Offers highly available hardware with redundant power supply unit (PSU) and fans

Easy to manage and On-box GUI, Juniper Networks • Enables centralized management for autoprovisioning, firewall policy management, Network Address Translation (NAT),
scale Junos Space® Security Director and IPsec VPN deployments
• Includes simple, easy-to-use on-box GUI for local management

Low TCO Junos OS • Integrates routing and security in a single device

• Reduces OpEx with Junos OS automation capabilities

Software Specifications VPN Features

Firewall Services • Tunnels: Site-to-site, hub and spoke, dynamic endpoint,
• Stateful and stateless firewall AutoVPN, ADVPN, Group VPN (IPv4/ IPv6/Dual Stack)
• Zone-based firewall • Juniper Secure Connect: Remote access/SSL VPN
• Screens and distributed denial of service (DDoS) protection • Configuration payload: Yes
• Protection from protocol and traffic anomalies • IKE Encryption algorithms: Prime, DES-CBC, 3DES-CBC, AEC-
• Unified Access Control (UAC) CBC, AES-GCM, SuiteB
• IKE authentication algorithms: MD5, SHA-1, SHA-128,
Network Address Translation (NAT)
SHA-256, SHA-384
• Source NAT with Port Address Translation (PAT) • Authentication: Pre-shared key and public key infrastructure
• Bidirectional 1:1 static NAT (PKI) (X.509)
• Destination NAT with PAT • IPsec (Internet Protocol Security): Authentication Header
• Persistent NAT (AH) / Encapsulating Security Payload (ESP) protocol
• IPv6 address translation • IPsec Authentication Algorithms: hmac-md5, hmac-sha-196,
• Port Block Allocation method for CGNAT hmac-sha-256
• Deterministic NAT • IPsec Encryption Algorithms: Prime, DES-CBC, 3DES-CBC,
AEC-CBC, AES-GCM, SuiteB
• Perfect forward secrecy, anti-reply

2
 SRX4600 Services Gateway

• Internet Key Exchange: IKEv1, IKEv2 Routing Protocols

• Monitoring: Standard-based dead peer detection (DPD) • IPv4, IPv6, static routes, RIP v1/v2
support, VPN monitoring • OSPF/OSPF v3
• VPNs GRE, IP-in-IP, and MPLS • BGP with route reflector
High Availability Features • IS-IS
• Virtual Router Redundancy Protocol (VRRP)—IPv4 and IPv6 • Multicast: Internet Group Management Protocol (IGMP) v1/v2;
• Stateful high availability: Protocol Independent Multicast (PIM) sparse mode (SM)/dense
- HA clustering mode (DM)/source-specific multicast (SSM); Session
- Active/passive Description Protocol (SDP); Distance Vector Multicast Routing
- Active/passive Protocol (DVMRP); Multicast Source Discovery Protocol
- Dual MACsec-enabled HA control ports (10GbE) (MSDP); reverse path forwarding (RPF)
- Dual MACsec-enabled HA fabric ports (10GbE) - Encapsulation: VLAN, Point-to-Point Protocol over
- Configuration synchronization Ethernet (PPPoE)
- Firewall session synchronization - Virtual routers
- Device/link detection - Policy-based routing, source-based routing
- Unified in-service software upgrade (unified ISSU) - Equal-cost multipath (ECMP)
• IP monitoring with route and interface failover QoS Features
Application Security Services3 • Support for 802.1p, DiffServ code point (DSCP)
• Application visibility and control • Classification based on interface, bundles, or multifield filters
• Application-based firewall • Marking, policing, and shaping
• Application QoS • Classification and scheduling
• Advanced/application policy-based routing (APBR) • Weighted random early detection (WRED)
• Application Quality of Experience (AppQoE) • Guaranteed and maximum bandwidth
• Application-based multipath routing Network Services
• User-based firewall • Dynamic Host Configuration Protocol (DHCP) client/server/
Threat Defense and Intelligence Services3 relay
• IPS • Domain Name System (DNS) proxy, dynamic DNS (DDNS)
• Antivirus • Juniper real-time performance monitoring (RPM) and IP
• Antispam monitoring
• Category/reputation-based URL filtering • Juniper flow monitoring (J-Flow)
• SSL proxy/inspection Management, Automation, Logging, and Reporting
• Protection from botnets (command and control) • SSH, Telnet, SNMP
• Adaptive enforcement based on GeoIP • Smart image download
• Juniper ATP, a cloud-based SaaS offering, to detect and block • Juniper CLI and Web UI
zero-day attacks • Junos Space Security Director
• Adaptive Threat Profiling • Python
• Encrypted Traffic Insights • Junos OS events, commit, and OP scripts
• SecIntel to provide threat intelligence • Application and bandwidth usage reporting
• Juniper ATP Appliance, a distributed, on-premises advanced • Debug and troubleshooting tools
threat prevention solution to detect and block zero-day attacks

3
Offered as advanced security subscription license

3
 SRX4600 Services Gateway

Hardware Specifications
Table 3. SRX4600 Hardware Specifications Specification SRX4600
Specification SRX4600 Application security performance in Gbps5 90 Gbps
Total onboard I/O ports Up to 24x1GbE/10GbE (SFP+)4 Recommended IPS in Gbps6 65 Gbps
4x40GbE/100GbE (QSFP28)
Next-generation firewall in Gbps6 60 Gbps
Out-of-Band (OOB) management ports RJ-45 (1 Gbps)
Connections per second (CPS) 600,000
Dedicated high availability (HA) ports 2x1GbE/10GbE (SFP+) Control
2x1GbE/10GbE (SFP+) Data Maximum security policies 80,000

Console RJ-45 (RS232) Maximum concurrent sessions (IPv4 or 60 million

IPv6)
USB 2.0 ports (Type A) 1
Route table size (RIB/FIB) (IPv4 or IPv67) 4 million/1.2 million
Memory and Storage
IPsec tunnels 7500
System memory (RAM) 256 GB
Number of remote access/SSL VPN 7500
Secondary storage (SSD) 2x 1 TB M.2 SSD (concurrent) users
Formatted as 960 GB 4
There are eight dedicated 1GbE/10GbE ports. The four 40GbE/100GbE ports can use breakout cables to create
4x1GbE/10GbE (SFP+) ports each, resulting in a total of 24x 1GbE/10GbE ports.
Dimensions and Power 5
Throughput numbers based on UDP packets and RFC2544 test methodology
Form factor 1U 6
Throughput numbers based on HTTP traffic with 44 KB transaction size and up to the numbers captured here
7
IPv6 FIB scale is with 32 bit mask
Size (WxHxD) 17.4 x 1.7 x 26.5 in (44.19 x 4.32 x 67.31 cm)
With AC PEMs: 17.4 x 1.7 x 27.29 in (44.19 x
4.32 x 69.32 cm) Juniper Networks Services and Support
With DC PEMs: 17.4 x 1.7 x 29.20 in (44.19 x
4.32 x 74.17 cm) Juniper Networks is the leader in performance-enabling services
Weight (system and 2 power entry With AC PEMs: 38 lb (17.24 kg)
modules) Shipping weight: 45.47 lb (20.62 kg)
that are designed to accelerate, extend, and optimize your high-
With DC PEMs: 40 lb (18.14 kg) performance network. Our services allow you to maximize
Shipping weight: 47.47 lb (21.53 kg)
operational efficiency while reducing costs and minimizing risk,
Redundant PSU 1+1
Power supply 2x 1600 W AC-DC PSU redundant
achieving a faster time to value for your network. Juniper Networks
2x 1100 W DC-DC PSU redundant ensures operational excellence by optimizing the network to
Average power consumption 650 W maintain required levels of performance, reliability, and availability.
Average heat dissipation 2218 BTU/hour
For services information specific to SRX Series Services Gateways,
Maximum current consumption 12 A (for 110 V AC power)
6 A (for 220 V AC power) please read the Firewall Conversion Service or the SRX Series
24 A (for -48 V DC power) QuickStart Service datasheets. For more details, please visit
Precision Time Protocol Timing Ports www.juniper.net/us/en/products-services.
Time of day - RS-232 (EIA-23) 1xRJ-45
BITS clock 1xRJ-48
10-MHz timing connector (GNSS) 1xInput (COAX)
1xOutput (COAX)
Pulse per second connection (1-PPS) 1xInput (COAX)
1xOutput (COAX)

Environmental and Regulatory Compliance

Acoustic noise level 69 dBA at normal fan speed,87 dBA at full fan
speed
Airflow/cooling Front to back
Operating temperature 32° to 104° F (0° to 40° C)
Operating humidity 5% to 90% noncondensing
Meantime between failures (MTBF) 112,000 hours
FCC classification Class A
RoHS compliance RoHS 2
NEBS compliance Designed for NEBS Level 3

Performance
Routing/firewall (64 B packet size) 16 Gbps
throughput Gbps4
Routing/firewall (IMIX packet size) 75 Gbps
throughput Gbps4
Routing/firewall (1518 B packet size) 95 Gbps
throughput Gbps4
IPsec VPN (IMIX packet size) Gbps4 16 Gbps
IPsec VPN (1400 B packet size) Gbps4 55 Gbps

4
 SRX4600 Services Gateway

Advanced Security Services Subscription Licenses

Ordering Information
Product Number Description
To order Juniper Networks SRX Series Services Gateways, and to S-SRX4600-A1-1 SW, A1, IPS, AppSecure, content security, 1 year
access software licensing information, please visit the How to Buy S-SRX4600-A2-1 SW, A2, IPS, AppSecure, URL filtering, cloud anti-virus/anti-spam,
page at https://www.juniper.net/us/en/how-to-buy/. content security, 1 year
S-SRX4600-A3-1 SW, A3, IPS, AppSecure, URL filtering, on box anti-virus, content
Description SRX4600-SYS-JB security, 1 year
Hardware Included S-SRX4600-A1-3 SW, A1, IPS, AppSecure, content security, 3 year
Management (CLI, J-Web, SNMP, Telnet, SSH) Included S-SRX4600-A2-3 SW, A2, IPS, AppSecure, URL filtering, cloud anti-virus/anti-spam,
content security, 3 year
L2 transparent, secure wire Included
S-SRX4600-A3-3 SW, A3, IPS, AppSecure, URL filtering, on box anti-virus, content
Routing (RIP, OSPF, BGP, virtual router) Included security, 3 year
Multicast (IGMP, PIM, SSDP, DMVRP) Included S-SRX4600-A1-5 SW, A1, IPS, AppSecure, content security, 5 year
Packet mode Included SW, A2, IPS, AppSecure, URL filtering, cloud anti-virus/anti-spam,
S-SRX4600-A2-5
Overlay (GRE, IP-IP) Included content security, 5 year

Network services (J-Flow, DHCP, QoS, BFD) Included S-SRX4600-A3-5 SW, A3, IPS, AppSecure, URL filtering, on box anti-virus, content
security, 5 year
Stateful firewall, screens, application-level gateways (ALGs) Included
S-SRX4600-P1-1 SW, P1, IPS, AppSecure, ATP, content security, 1 year
NAT (static, SNAT, DNAT) Included
S-SRX4600-P2-1 SW, P2, IPS, AppSecure, URL filtering, cloud anti-virus/anti-spam, ATP,
IPsec VPN (site-site VPN, auto VPN, group VPN) Included content security, 1 year
Remote access/SSL VPN (concurrent users)7 Optional S-SRX4600-P3-1 SW, P3, IPS, AppSecure, URL filtering, on box anti-virus, ATP, content
Firewall policy enforcement (UAC, Aruba CPPM) Included security, 1 year

Chassis cluster, VRRP, unified ISSU Included S-SRX4600-P1-3 SW, P1, IPS, AppSecure, ATP, content security, 3 year

Automation (Junos OS scripting, auto-installation) Included S-SRX4600-P2-3 SW, P2, IPS, AppSecure, URL filtering, cloud anti-virus/anti-spam, ATP,
content security, 3 year
General Packet Radio Service (GPRS)/GPRS tunneling protocol (GTP)/ Included
Stream Control Transmission Protocol (SCTP) S-SRX4600-P3-3 SW, P3, IPS, AppSecure, URL filtering, on box anti-virus, ATP, content
security, 3 year
Application security (AppID, AppFW, AppQoS, AppQoE, AppRoute) Optional
S-SRX4600-P1-5 SW, P1, IPS, AppSecure, ATP, content security, 5 year
7
Based on concurrent users; two free licenses included
S-SRX4600-P2-5 SW, P2, IPS, AppSecure, URL filtering, cloud anti-virus/anti-spam, ATP,
content security, 5 year
Base Systems
S-SRX4600-P3-5 SW, P3, IPS, AppSecure, URL filtering, on box anti-virus, ATP, content
Product Number Description security, 5 year
SRX4600-SYS-JB- SRX4600 Services Gateway includes hardware (4x100GbE, 8x10GbE,
AC two AC power supply units, five fan trays, cables, and rack mount kit) Service Spares
and Junos Software Base (Firewall, NAT, IPsec, routing, MPLS)
Product Number Description
SRX4600-SYS-JB- SRX4600 Services Gateway includes hardware (4x100GbE, 8x10GbE,
DC two DC power supply units, five fan trays, cables, and rack mount kit) JNP-FAN-1RU Universal fan, 1 U chassis
and Junos Software Base (Firewall, NAT, IPsec, routing, MPLS)
JNP-PWR1600-AC Universal AC power supply, 1600 W
JNP-PWR1100-DC Universal DC power supply, 1100 W
All systems include dual (redundant) AC or DC power supplies, five
JNP-SSD-M2-1TB Universal 1 TB SSD, in carrier, no Junos OS
(4+1) redundant fans, country-specific power cords, dual
SRX4600-4PST-RMK Rack mount kit, 4-post adjustable for SRX4600
(redundant) solid-state drives, rack mount kit, and core Junos OS
software (stateful firewall, NAT, IPsec, and routing).

5
 SRX4600 Services Gateway

Remote Access/Juniper Secure Connect VPN Licenses About Juniper Networks

Product Number Description Juniper Networks brings simplicity to networking with products,
S-RA3-5CCU-S-1 SW, Remote Access VPN - Juniper, 5 Concurrent Users, Standard, with solutions and services that connect the world. Through engineering
SW support, 1 Year
S-RA3-25CCU-S-1 SW, Remote Access VPN - Juniper, 25 Concurrent Users, Standard,
innovation, we remove the constraints and complexities of
with SW support, 1 Year networking in the cloud era to solve the toughest challenges our
S-RA3-50CCU-S-1 SW, Remote Access VPN - Juniper, 50 Concurrent Users, Standard, customers and partners face daily. At Juniper Networks, we believe
with SW support, 1 Year
S-RA3-100CCU-S-1 SW, Remote Access VPN - Juniper, 100 Concurrent Users, Standard,
that the network is a resource for sharing knowledge and human
with SW support, 1 Year advancement that changes the world. We are committed to
S-RA3-250CCU-S-1 SW, Remote Access VPN - Juniper, 250 Concurrent Users, Standard, imagining groundbreaking ways to deliver automated, scalable and
with SW support, 1 Year
S-RA3-500CCU-S-1 SW, Remote Access VPN - Juniper, 5 Concurrent Users, Standard, with
secure networks to move at the speed of business.
SW support, 3 Year
S-RA3-1KCCU-S-1 SW, Remote Access VPN - Juniper, 1000 Concurrent Users, Standard,
with SW support, 1 Year
S-RA3-5KCCU-S-1 SW, Remote Access VPN - Juniper, 5000 Concurrent Users, Standard,
with SW support, 1 Year
S-RA3-5CCU-S-3 SW, Remote Access VPN - Juniper, 5 Concurrent Users, Standard, with
SW support, 3 Year
S-RA3-25CCU-S-3 SW, Remote Access VPN - Juniper, 25 Concurrent Users, Standard,
with SW support, 3 Year
S-RA3-50CCU-S-3 SW, Remote Access VPN - Juniper, 50 Concurrent Users, Standard,
with SW support, 3 Year
S-RA3-100CCU-S-3 SW, Remote Access VPN - Juniper, 100 Concurrent Users, Standard,
with SW support, 3 Year
S-RA3-250CCU-S-3 SW, Remote Access VPN - Juniper, 250 Concurrent Users, Standard,
with SW support, 3 Year
S-RA3-500CCU-S-3 SW, Remote Access VPN - Juniper, 500 Concurrent Users, Standard,
with SW support, 3 Year
S-RA3-1KCCU-S-3 SW, Remote Access VPN - Juniper, 1000 Concurrent Users, Standard,
with SW support, 3 Year
S-RA3-5KCCU-S-3 SW, Remote Access VPN - Juniper, 5000 Concurrent Users, Standard,
with SW support, 3 Year

Corporate and Sales Headquarters APAC and EMEA Headquarters

Juniper Networks, Inc. Juniper Networks International B.V. Boeing

1133 Innovation Way Avenue 240 1119 PZ Schiphol-Rijk

Sunnyvale, CA 94089 USA Amsterdam, The Netherlands

Phone: 888.JUNIPER (888.586.4737) Phone: +31.0.207.125.700

or +1.408.745.2000

www.juniper.net

Copyright 2020 Juniper Networks, Inc. All rights reserved. Juniper Networks, the Juniper Networks logo, Juniper, and Junos are registered trademarks of Juniper Networks, Inc. in the United
States and other countries. All other trademarks, service marks, registered marks, or registered service marks are the property of their respective owners. Juniper Networks assumes no
responsibility for any inaccuracies in this document. Juniper Networks reserves the right to change, modify, transfer, or otherwise revise this publication without notice.

1000628-012-EN Nov 2020 6