SRX2300 Firewall Datasheet
Download DatasheetProduct Overview
The firewall's role must expand as data centers evolve from traditional architectures to distributed ones. Rather than being a perimeter technology, firewalls need to be part of a security fabric woven throughout the network. A security fabric ensures that security is maintained at every point of connection.
Juniper's Connected Security Distributed Services Architecture, managed by Juniper Security Director Cloud, offers a high-performance, scalable, and easy-to-manage firewall solution to secure today’s distributed data centers. The Juniper Networks SRX2300 firewall is integral to this new architecture and empowers organizations to operationalize security across their networks. This 1 U, power-efficient firewall features built-in Zero Trust, Ethernet VPN-Virtual Extensible LAN (EVPN-VXLAN) fabric integration, and AI-Predictive Threat Prevention to secure your network.
Product Description
The Juniper Networks® SRX2300 firewall is a high-performance, next-generation firewall (NGFW) designed to provide reliable network protection for your enterprise campus edge and data center edge. It also supports roaming, SD-WAN large branch, and SD-WAN secure hub use cases. Combining carrier-grade routing with state-of-the-art switching, this platform delivers robust security, effective threat detection, and comprehensive automation and mitigation capabilities.
The SRX2300 firewall delivers NGFW features that support the changing needs of cloud-enabled enterprise networks and data centers. Whether rolling out new services within an enterprise campus, connecting to the cloud seamlessly, complying with industry standards, or achieving operational efficiency, the SRX2300 empowers organizations to operationalize Zero Trust principles at scale while realizing their business objectives. The SRX2300 protects critical corporate assets with intrusion prevention system (IPS), follow-the-user and follow-the-application access policies, and Juniper’s AI-Predictive Threat Prevention. Furthermore, the SRX2300 works with Juniper cloud security solutions to secure hybrid cloud environments with networkwide visibility and control, providing consistently secure on-premises and cloud environments.
As network architectures become more distributed and decentralized, Juniper Networks SRX Series firewalls ensure seamless integration with other Juniper and third-party networking platforms. At the same time, the NGFWs facilitate architectural transformation, taking organizations from on‑premises to hybrid cloud environments seamlessly and cost‑effectively. SRX Series firewalls are the first to implement industry‑standard Ethernet VPN (EVPN) Type 5 and Virtual Extensible LAN (VXLAN) protocols within data center environments, enabling the SRX2300 to act as a secure, fabric‑aware leaf in the data center spine‑leaf architecture.
The SRX2300 participates in the industry-first Connected Security Distributed Services Architecture, enabling organizations to scale horizontally and elastically and simplify the operational management of large-scale firewall networks. With this architecture, several SRX2300 platforms can work together as a single large logical firewall to provide higher performance and scale security.
The SRX2300 is powered by Juniper’s industry-leading Junos® operating system that underpins and helps secure the world’s largest mission-critical enterprise and service provider networks. It is managed by Juniper Security Director Cloud, Juniper’s unified management experience that connects the organization’s current deployments with future architectural rollouts. Security Director Cloud uses a single policy framework, enabling consistent security policies across any environment and expanding Zero Trust to all parts of the network—from the edge into the data center. This provides unbroken visibility, policy configuration, administration, and collective threat intelligence all in one place.
Architecture and Key Components
The SRX2300 hardware and software architecture provides cost‑effective security in a compact, scalable 1U form factor. Purpose built to protect network environments, the SRX2300 incorporates multiple security services and networking functions on top of Junos OS, providing highly customizable threat protection, automation, and integration capabilities. Best‑in‑class advanced security capabilities on the SRX2300 are offered in the data center, enterprise campus, and regional headquarters deployments with IMIX traffic patterns.
Built-In Zero Trust
To increase trust and streamline operations, the SRX2300 features several built-in Zero Trust device capabilities, including an embedded Trusted Platform Module (TPM) 2.0 and cryptographically signed device ID. The SRX2300 supports RFC-compliant secure Zero-Touch Provisioning (sZTP) to efficiently, expediently, and remotely deploy products in your network. Additionally, the SRX2300 supports MACsec at wire speed, ensuring data integrity and confidentiality.
Connected Security Distributed Services Architecture
The SRX2300 firewall is part of Juniper's Connected Security Distributed Services Architecture, revolutionizing data center security. With Juniper's Connected Security Distributed Services Architecture, firewall performance can scale horizontally by interconnecting traffic forwarding and security services across multiple locations. The Juniper solution also provides automated failover and backup nodes for forwarding and inspection components. In addition to redundancy and load balancing, Juniper's Connected Security Distributed Services Architecture simplifies how large-scale data center firewall networks are managed and operated. Regardless of how many additional firewall engines across the various form factors (physical, virtual, containerized) are added, they can all be managed as one logical unit. This centralized management eliminates the complexity that has been an unintended consequence of a traditional scale-out approach.
Features and Benefits
Business Requirement | Feature/Solution | SRX2300 Advantages |
High performance | Hardware-accelerated encryption/decryption |
|
High-quality end user experience | Application visibility and control |
|
Advanced threat protection | NGFW Services: IPS, antivirus, antispam, Web filtering Juniper Advanced Threat Prevention Cloud: sandboxing, Encrypted Traffic Insights, SecIntel threat intelligence feeds |
|
Zero-day protection | Juniper’s AI-Predictive Threat Prevention |
|
Secure data transactions | Juniper Secure Connect: IPsec VPN, remote access/SSL VPN |
|
Advanced networking services | Routing, secure wire |
|
Security embedded into the data center fabric | EVPN-VXLAN (EVPN Type 5 route) |
|
Reliability | Chassis cluster, MNHA, redundant power supplies |
|
Easy to manage and scale | Juniper Security Director Cloud, on-box GUI |
|
Built-in Zero Trust capabilities | DevID with TPM 2.0 Module |
|
Low TCO | Junos OS |
|
Software Specifications
Firewall Services
- Stateful firewall services
- Zone-based firewall
- Screens and distributed denial of service (DDoS) protection
- Protection from protocol and traffic anomalies
- Unified Access Control (UAC)
- Integration with Juniper Mist™ Access Assurance
Carrier-Grade Network Address Translation (CGNAT)
- Carrier-grade Network Address Translation (Large-scale NAT)
- IPv4 and IPv6 address translation NAT44, NAPT44, NAT66, NAPT66, NAT64, NAT46
- Static and dynamic 1-1 translation
- Source NAT with Port Address Translation (PAT)
- Destination NAT with Port Address Translation (PAT)
- Persistent NAT (EIM/EIF)
- Port Block Allocation (PBA)
- Deterministic NAT (DetNAT)
- Port overload
- Twice-NAT44
- DS-lite and Port Control Protocol (PCP)
VPN Features
- Tunnels: Site-to-site, hub and spoke, dynamic endpoint, AutoVPN, ADVPN, Group VPN (IPv4/ IPv6/Dual Stack)
- Juniper Secure Connect: Remote access IPsec/SSL VPN
- Configuration payload: Yes
- IKE encryption algorithms: Prime, 3DES-CBC, AEC-CBC, AES-GCM, Suite B
- Authentication: Pre-shared key and public key infrastructure (PKI) (X.509)
- IPsec: Authentication Header (AH) / Encapsulating Security Payload (ESP) protocol
- IPsec authentication algorithms: hmac-md5, hmac-sha-196, hmac-sha-256
- IPsec encryption algorithms: Prime, DES-CBC, 3DES-CBC, AEC-CBC, AES-GCM, Suite B
- Perfect forward secrecy, anti-replay
- Internet Key Exchange: IKEv1, IKEv2
- Monitoring: Standard-based dead peer detection (DPD) support, VPN monitoring
- VPNs GRE, IP-in-IP, and MPLS
High Availability Features
- Virtual Router Redundancy Protocol (VRRP)–IPv4 and IPv6
- Stateful high availability: Dual box clustering
- Active/passive
- Active/active
- Configuration synchronization
- Firewall session synchronization
- Device/link detection
- In-Service Software Upgrade (ISSU)
- IP monitoring with route and interface failover
- BFD monitoring
- Chassis cluster HA and Multinode HA (MNHA)
Application Security Services (offered as advanced security subscription license)
- Application visibility and control
- Application QoS
- Advanced/application policy-based routing (APBR)
- Application Quality of Experience (AppQoE)
- Application-based multipath routing
- User-based firewall
Threat Defense and Intelligence Services (offered as an advanced security subscription license)
- Intrusion prevention system
- AI-Predictive Threat Prevention
- Antivirus
- Antispam
- Category/reputation-based URL filtering
- SSL proxy/inspection
- Protection from botnets (command and control)
- Adaptive enforcement based on GeoIP
- Juniper Advanced Threat Prevention, a cloud-based SaaS offering to detect and block zero-day attacks
- Adaptive Threat Profiling
- Encrypted Traffic Insights
- SecIntel threat intelligence
- Juniper ATP virtual appliance, a distributed, on‑premises advanced threat prevention solution to detect and block zero‑day attacks
Routing Protocols
- IPv4, IPv6, static routes, RIP v1/v2
- OSPF/OSPF v3
- BGP with route reflector
- IS-IS
- Multicast: Internet Group Management Protocol (IGMP) v1/v2, Protocol Independent Multicast (PIM) sparse mode (SM)/source‑specific multicast (SSM), Session Description Protocol (SDP), Distance Vector Multicast Routing Protocol (DVMRP), Multicast Source Discovery Protocol (MSDP), reverse path forwarding (RPF)
- Encapsulation: VLAN, Point-to-Point Protocol over Ethernet (PPPoE)
- Virtual routers
- EVPN-VXLAN (EVPN Type 5 route)
- Policy-based routing, source-based routing
- Equal-cost multipath (ECMP)
QoS Features
- Support for 802.1p, DiffServ code point (DSCP), EXP
- Classification based on VLAN, data-link connection identifier (DLCI), interface, bundles, or multifield filters
- Marking, policing, and shaping
- Classification and scheduling
- Weighted random early detection (WRED)
- Guaranteed and maximum bandwidth
- Ingress traffic policing
- Virtual channels
Network Services
- Dynamic Host Configuration Protocol (DHCP) client/server/relay
- Domain Name System (DNS) proxy, dynamic DNS (DDNS)
- Juniper real-time performance monitoring (RPM) and IP monitoring
- Juniper flow monitoring (J-Flow)
Advanced Routing Services
- MPLS (RSVP, LDP)
- Circuit cross-connect (CCC), translational cross-connect (TCC)
- L2/L2 MPLS VPN, pseudo-wires
- Virtual private LAN service (VPLS), next-generation multicast
- VPN (NG-MVPN)
- MPLS traffic engineering and MPLS fast re-route
Management, Automation, Logging, and Reporting
- SSH, Telnet, SNMP-MIBs, Traps
- Smart image download
- Juniper CLI, Web UI, NetCONF, XML APIs, RMON
- Juniper Networks Security Director Cloud
- Python
- Junos OS events, commit and OP scripts
- Application and bandwidth usage reporting
- Debug and troubleshooting tools
Hardware Specifications
Specifications | SRX2300 |
Connectivity | |
Onboard ports | 8 x 1 GbE/2.5 GbE/5 GbE/10 GbE BASE-T |
Onboard small form-factor pluggable plus (SFP+) transceiver ports | 8 x 1 GbE/10 GbE SFP+ 4 x 1 GbE/10 GbE/25 GbE SFP28 2 x 40 GbE/100 GbE QSFP28 |
Out-of-Band (OOB) management ports | 1 x 1 GbE (RJ-45) |
Dedicated high availability (HA) ports | 2 x 1 GbE SFP |
Console | 1 (RJ-45) |
USB 3.0 ports (Type A) | 1 |
Storage | |
Storage (SSD) | 1 x 120 GB (primary), 1 x 120 GB (secondary) |
Dimensions and Power | |
Form factor | 1U |
Size (W x H x D) | 17.28 x 1.74 x 18.20 in (43.89 x 4.42 x 46.23 cm) |
Weight (device and PSU) | Chassis with two AC power supplies: 19 lb (8.6 kg) Chassis with two DC power supplies: 19.3 lb (8.8 kg) Chassis with package for shipping: 35.6 lb (16.2 kg) |
Redundant PSU | 1+1 |
Power supply | 2 x 450 W AC PSU redundant 2 x 650 W DC PSU redundant |
Average heat dissipation | 1 x DC PSU (40V): 653.4 BTU/h 2 x DC PSU (40V): 737 BTU/h 1 x AC PSU (110V): 682 BTU/h 1 x AC PSU (230V): 662 BTU/h 2 x AC PSU (110V): 703 BTU/h 2 x AC PSU (230V): 682 BTU/h |
Environment and Regulatory Compliance | |
Airflow/cooling | Front to back |
Operating temperature | 32° to 104° F (0° to 40° C at 6000 ft altitude) |
Operating humidity | 5% to 90% non-condensing |
Meantime between failures (MTBF) | Over 100,000 hours (12 years) |
FCC classification | Class A |
RoHS compliance | RoHS 6 |
Performance and Scale | |
Firewall throughput3 (IMIX) | 28 Gbps |
Firewall throughput3 (1518B) | 39 Gbps |
IPsec VPN throughput3 (IMIX) | 18 Gbps |
IPsec VPN throughput3 (1400B) | 36 Gbps |
Application security performance (TPS#/CPS**) | 36 Gbps/23 Gbps |
Next-generation firewall (TPS#/CPS**)4 | 35 Gbps/12 Gbps |
Secure Web Access Firewall (CPS**)5 | 11 Gbps |
Advanced Threat (CPS**)6 | 6 Gbps |
Connections per second (64B) | 450,000 |
SSL connections per second | 8,000 |
Maximum concurrent sessions (IPv4 or IPv6) | 5 Million |
Route table size (RIB/FIB) (IPv4) | 2 Million/1.2 Million |
IPsec VPN tunnels | 4,000 |
Juniper Mist WAN Assurance and AI-Native Operations
Alternatively, the SRX2300 firewall can be operated and orchestrated through the Juniper Mist Cloud. Mist AI delivers unprecedented automation using a combination of artificial intelligence, machine learning algorithms, and data science techniques to save time, maximize IT productivity, and deliver the best experience to digital users.
Juniper Mist WAN Assurance is built on the Juniper Mist Cloud and delivers full life cycle management and operations, including AI‑Native insights, automated speed tests, dynamic packet capture (dPCAP), anomaly detection, and root cause identification that focuses on end users’ experience. For Day 0 and Day 1 operations, WAN Assurance also provides orchestration, administration, and ZTP for the SRX2300. See the WAN Assurance datasheet for more information.
Juniper Networks Services and Support
Juniper Networks is the leader in performance-enabling services designed to accelerate, extend, and optimize your high-performance network. Our services allow you to maximize operational efficiency while reducing costs and minimizing risk, achieving a faster time to value. Juniper Networks ensures operational excellence by optimizing the network to maintain required levels of performance, reliability, and availability. For more details, please visit https://www.juniper.net/us/en/products.html.
Ordering Information
To order Juniper Networks SRX Series firewalls, and to access software licensing information, please visit the How to Buy page at https://www.juniper.net/us/en/how-to-buy/form.html.
About Juniper Networks
Juniper Networks believes that connectivity is not the same as experiencing a great connection. Juniper's AI-Native Networking Platform is built from the ground up to leverage AI to deliver exceptional, highly secure, and sustainable user experiences from the edge to the data center and cloud. Additional information can be found at juniper.net or connect with Juniper on X (formerly Twitter), LinkedIn, and Facebook.
1000778 - 005 - EN OCTOBER 2024