Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

header-navigation

Solutions

Featured solutions AI Campus and branch Data center WAN Security Service provider Cloud operator Industries
Campus and Branch

Welcome to the NOW Way to Wi-Fi

Take your networking performance to new heights with a modern, cloud-native, AI-Native architecture. Only Juniper can help you unleash the full potential of Wi-Fi 7 with our AI-Native platform for innovation.
Prepare for liftoff
Business intelligence analyst dashboard on virtual screen. Big data Graphs Charts.

AI Data Center Networking

Juniper’s AI data center solution is a quick way to deploy high performing AI training and inference networks that are the most flexible to design and easiest to manage with limited IT resources.
Find out more
Enterprise AI-Native Networking

Enterprise AI‑Native Routing

Juniper's Ai-Native routing solution delivers robust 400GbE and 800GbE capabilities for unmatched performance, reliability, and sustainability at scale.
Explore enterprise routing
Zero trust security

Ops4AI Lab

Visit our lab in Sunnyvale, CA and see our AI data center solution for yourself. You can try out your own model’s functionality and performance, too.
Visit the lab
Enterprise AI-Native Networking

Enterprise AI‑Native Routing

Juniper's Ai-Native routing solution delivers robust 400GbE and 800GbE capabilities for unmatched performance, reliability, and sustainability at scale.
Explore enterprise routing
Higher Education

Shaping Student Experiences: The NOW Way to Build Higher Education Networks

Juniper Networks CIO Sharon Mandell and a virtual summit of C-level IT leaders from prestigious institutions discuss ongoing efforts to support digital transformation on campus.
Watch now
Hand on tablet with healthcare overlay of graphics

Security in healthcare

In this IDC Spotlight report, discover how AI networking can automate and strengthen a healthcare ecosystem to defeat criminals and prevent loss. 
Gain insights into ecosystem security
Retail

The Future of In-Store Technologies

Retail experts Kevin McCartan, Senior IT Service Delivery Engineer at Musgrave; Jack Stratten of Insider Trends; and Christian Gilby, Senior Director of Product Marketing at Juniper Networks, discuss customer experiences.
See the future

Products

Wireless access Wired access SD-WAN / SASE Routing and switching Security Mist AI™ Management software Network operating system Blueprint for AI-Native Acceleration Optics
  • Operations
ACX7020 router

Juniper ACX7020 Cloud Metro Access Router

Legacy networks simply cannot meet the demands of today’s rapidly evolving metro landscape. Unlock a new generation of highly scalable architectures and automated operations with the Juniper ACX7020. 
Learn more
EX4000 Ethernet Switch

Next-gen AI-Native EX4000 line of switches

Lack of AI innovation from your current networking vendor slowing you down? Embrace Juniper’s cloud-native, AI-Native access switches that support every level and layer, across nearly every deployment.
Discover how
The Q and AI text with an image of Bob Friday and Kedar Dhuru.

The Q&AI Podcast

Delivering practical solutions and enriching discussions, this podcast series is a vital resource for those seeking an in-depth exploration of AI's transformative potential.
Catch the latest episode

Services

Services
Services AI Care

Juniper AI Care Services Revolutionize Your Service Experience

Our industry-first AI-Native services couple AIOps with our deep expertise across the full network life cycle. You can move from reactive response to proactive insight and action.
Explore AI Care Services
Services AI Data Center

Juniper AI Data Center Deployment Services Optimize Your AI Model Runs

We use our expertise and validated designs to help design, deploy, validate and tune networks, including GPUs and storage, to get the most from your AI infrastructure operation.
Learn about AI Data Center Deployment Services

Partners

Partners

Support and Documentation

Support and Documentation

Learn

About Juniper Training Events The Feed Resources Technology learning topics Thought leadership and insights
Audience raising hands up while businessman is speaking in training at the office.

Juniper certification and training news

See the latest
Ringing of the bell

All global events

See the latest
AI-native-now

AI-Native NOW event series

Explore events
AINN AI Innovation Impact Virtual Event

AI-Native NOW: AI Innovation and Impact

Register NOW
Juniper's Christina Hendrix at the head of a conference table. With the text "The NOW Way to Network" overlayed, with "NOW" emphasizing the "O" in green color.

The NOW Way to Network

Watch the video series
AI Native Now

Executive insights

Dive deep with leading experts and thought leaders on all the topics that matter most to your business, from AI to network security to driving rapid, relevant transformation for your business.
Learn more
A keynote speaker giving a presentation at a conference. There are dozens of people sitting around them. The presentation is displayed via projector on all the walls in the room.

Leadership voices

Juniper Networks’ leaders operate on the front lines of creating the network of the future. Take a look around to see what’s on their minds.
Watch now
Bob Friday and Jessica Garrison speaking

Bob Friday Talks

Join Bob as he ventures into all the knowns -- and -- unknowns -- of AI.
Catch the latest episode
Documentation
Menu
License Guide
Quick Starts
Validated Designs
Home Documentation cSRX cSRX Container Firewall Deployment Guide for Private and Public Cloud Platforms Introduction to cSRX Container Firewall

cSRX Container Firewall Deployment Guide for Private and Public Cloud Platforms

keyboard_arrow_up
close
keyboard_arrow_left
cSRX Container Firewall Deployment Guide for Private and Public Cloud Platforms
Table of Contents Expand all
list Table of Contents
file_download PDF
{ "lLangCode": "en", "lName": "English", "lCountryCode": "us", "transcode": "en_US" }
English
ON THIS PAGE
keyboard_arrow_right

Overview

date_range 17-Oct-24
arrow_backward
arrow_forward

In this topic you learn about cSRX Container Firewall and its benefits.

cSRX Container Firewall

The Containerized SRX (cSRX) Container Firewall is a containerized version of the Juniper Networks ® SRX Series Firewall built based on a Docker container, delivering agile, elastic, and cost-saving security services. Integrated into many networking services, the cSRX virtual security solution provides advanced security services, including AppSecure, and Content Security in the form of a container.

The use of a Docker container substantially reduces the overhead as each container shares the Linux host’s OS kernel. Regardless of the number of containers a Linux server hosts, only one OS instance can be in use.

With its small footprint and Docker as a container management system, the cSRX enables deployment of agile, high-density security services.

The cSRX runs on Linux bare-metal server as the hosting platform for the Docker container environment. The cSRX package comprises all the dependent processes (or daemons) and libraries to support the different Linux host distribution methods (Ubuntu, Red Hat Enterprise Linux, or CentOS).

Figure 1: cSRX Container Firewall Architecture cSRX Container Firewall Architecture

When the cSRX is active, several processes (or daemons) inside the docker container launch automatically. Some daemons support Linux features, providing the same service that they provide when running on a Linux host (for example, sshd, rsyslogd, and monit). You can port and compile other daemons from Junos OS to perform configuration and control jobs for security service (for example, mgd, nsd, Content Security, IDP, and AppID). The SRX PFE is the data plane daemon that receives and sends packets from the revenue ports of a cSRX. The cSRX uses SRX PFE for Layer 2 to Layer 3 forwarding functions and for Layer 4 through Layer 7 network security services.

The cSRX solution provides the following capabilities:

  • Layer 7 security services such as firewall, intrusion prevention system (IPS), and AppSecure
  • Automated service provisioning and orchestration
  • Distributed and multitenant traffic securing
  • Centralized management with Junos Space® Security Director, including dynamic policy and address update, remote log collections, and security events monitoring
  • Scalable security services with small footprints

For more information on building containers with docker, see Day One: Building Containers with cSRX

Benefits of cSRX Container Firewall

The cSRX has many benefits that demonstrate its value in securing containerized workloads and ensuring robust protection against cybersecurity threats in dynamic container environments.

  • Efficient resource utilization–Avoids the need for separate guest OS instances that significantly reduces memory and CPU usage, allowing more applications to run on the same hardware.

  • Content Security and threat prevention–Offers robust protection against a wide array of network threats, enhancing the overall security posture of the environment with integrated Layer 7 security services such as firewall, intrusion prevention system (IPS), and AppSecure.

  • Enhanced security and isolation–Provides a secure environment where multiple applications can run independently, reducing the risk of interference and security breaches.

  • Simplified dependency management–Different containers with conflicting dependencies run concurrently on the same host, streamlining application management.

  • Optimized for High-Density Environments–With small footprint and efficient resource utilization enables higher density deployments, which is particularly advantageous for environments with limited resources. Also, provides security services deployment without significant hardware investments.

  • Rapid deployment and upgrades–Faster spin-up time compared to traditional virtual machines, enabling quick deployment and seamless upgrades of applications.

  • Cost savings–Optimized resource usage translates to reduced hardware and energy costs, making container virtualization a cost-effective solution for running multiple applications.
  • Scalability and flexibility–Rapid scale up and down makes cSRX highly suitable for dynamic environments, including public, private, and hybrid clouds.

Use Cases

With the cSRX, extending security to workloads running in containers is just another benefit provided by Juniper Connected Security that safeguards users, applications, and cloud workloads to all connection points throughout the network.

  • You can apply the cSRX in use cases such as microsegmentation that provides threat detection for east-west traffic within a Kubernetes cluster.

  • You can deploy cSRX as an application protection gateway for north-south traffic; this controls the applications that are allowed to interact with the apps running in the container.

  • The cSRX offers easy, flexible, and scalable deployment options. These options address various customer use cases such as application protection, microsegmentation, and secure IoT deployments as an edge gateway through a Docker container management solution.

  • The cSRX supports Software-defined networking (SDN) through Contrail® Enterprise Multicloud, OpenContrail, and other third-party solutions. The cSRX also integrates with other next-generation cloud orchestration tools such as Kubernetes.

  • You can configure and manage the cSRX centrally through Security Director from the CLI with the same Junos OS syntax or using Network Configuration Protocol (NETCONF). Like other Juniper firewalls, the cSRX follows zero-trust principles, where traffic is not allowed to pass through unless explicitly permitted by a configured policy.

Container Overview

A container provides an OS-level virtualization approach for an application and associated dependencies that allow the application to run on a specific platform. Containers are not VMs, rather they are isolated virtual environments with dedicated CPU, memory, I/O, and networking.

A container image is a lightweight, standalone, executable package of a piece of software that includes everything required to run it: code, runtime, system tools, system libraries, settings, and so on. Also, because of the light weight of the containers, a server can host many more container instances than that by virtual machines (VMs), yielding tremendous improvements in utilization.

The main features of containers are:

  • Includes all dependencies for an application, multiple containers with conflicting dependencies can run on the same Linux distribution.
  • Use the host OS Linux kernel features, such as groups and namespace isolation, to allow multiple containers to run in isolation on the same Linux host OS.
  • An application in a container can have a small memory footprint because the container does not require a guest OS, which is required with VMs, because it shares the kernel of its Linux host’s OS.
  • Have a high spin-up speed and can take much less time to boot up as compared to VMs. This enables you to install, run, and upgrade applications quickly and efficiently.

License for cSRX Container Firewall

The cSRX software features require a license to activate the feature. To understand more about cSRX licenses, see Supported Features on cSRX, Juniper Agile Licensing Guide, and Managing cSRX Licenses.

arrow_backward PREVIOUS cSRX Container Firewall Deployment Guide for Private and Public Cloud Platforms
NEXT arrow_forward Requirements for cSRX Container Firewall
footer-navigation

© 1999 - 2025 Juniper Networks, Inc. All rights reserved.

Scroll to top