Data Sheet

SRX1500 SERVICES GATEWAY

Next-Generation Firewall For The Distributed Enterprise

Product Description
The Juniper Networks® SRX1500 Services Gateway is a high-performance next-generation
firewall and security services gateway that protects mission-critical networks at campuses
and regional headquarters. The SRX1500 provides best-in-class security and threat
detection and mitigation capabilities, integrating carrier-class routing and feature-rich
switching in a single platform.
Product Overview The SRX1500 delivers a next-generation security solution that supports the changing
needs of cloud-enabled enterprise networks. Whether rolling out new services in an
The SRX1500 Services Gateway
is a next-generation firewall and enterprise campus, connecting to the cloud, complying with industry standards, or
security services gateway achieving operational efficiency, the SRX1500 helps organizations realize their business
offering outstanding protection, objectives while providing scalable, easy-to-manage, secure connectivity and advanced
performance, scalability, threat detection and mitigation capabilities. The SRX1500 protects critical corporate assets
availability, and security service as a next-generation firewall, acts as an enforcement point for cloud-based security
integration. Designed for port solutions, and provides application visibility and control to improve the user and application
density, a high-performance experience.
security services architecture,
A combination of hardware and software architectures on the SRX1500 add significant
and seamless integration of
performance improvements to a small 1 U form factor. The key to the SRX1500 hardware
networking and security in a
is the security flow accelerator, a programmable high-speed Layer 4 firewall chip, and a
single platform, the SRX1500 is
best suited for client protection robust x86-based security compute engine for advanced security services like application
in enterprise campus, regional visibility, intrusion prevention, and threat mitigation capabilities. The SRX1500 software
headquarters, or cloud-based architecture leverages these programmable hardware components and virtualization to
security solutions with a focus deliver high-speed firewall performance, application visibility, and intrusion prevention
on application visibility and while lowering total cost of ownership (TCO).
control, intrusion prevention, The SRX1500 is purpose-built to protect 10GbE network environments, consolidating
and advanced threat protection.
multiple security services and networking functions in a highly available appliance. It
The SRX1500 is powered by
supports up to 9 Gbps of firewall performance, 4 Gbps of intrusion prevention, and 1.3
Junos OS, the industry-leading
Gbps of IPsec VPN in enterprise campus, regional headquarters, and data center
operating system that keeps the
deployments.
world’s largest and most
mission-critical enterprise
networks secure. SRX1500 Highlights
The SRX1500 Services Gateway delivers a full complement of next-generation firewall
capabilities that use advanced application identification and classification to enable greater
visibility, enforcement, control, and protection over the network. It provides a detailed
analysis of application volume and usage, fine-grained application control policies to allow
or deny traffic based on dynamic application name or group names, and prioritization of
traffic based on application information and context.
The SRX1500 recognizes more than 4,275 applications and nested applications in plain-
text or SSL encrypted transactions. The SRX1500 also integrates with Microsoft Active
Directory and combines user information with application data to provide network-wide
application and user visibility and control.

1
SRX1500 Services Gateway

For the perimeter, the SRX1500 Services Gateway offers a The SRX1500 delivers fully automated SD-WAN to both
comprehensive suite of application security services, threat enterprises and service providers. A Zero-Touch Provisioning (ZTP)
defenses, and intelligence services to protect networks from the capability simplifies branch network connectivity for initial
latest content-borne threats. Integrated threat intelligence via deployment and ongoing management. Due to its high performance
Juniper Networks ATP Cloud offers adaptive threat protection and scale, the SRX1500 acts as a VPN hub and terminates VPN/
against command and control (C&C)-related botnets and policy secure overlay connections in the various SD-WAN topologies.
enforcement based on GeoIP. Integrating the Juniper Networks The SRX1500 Services Gateway runs Juniper Networks
Advanced Threat Prevention Cloud solution, or working with the Junos® operating system, a proven, carrier-hardened network OS
Juniper Networks ATP Appliance, the SRX1500 detects and that powers the top 100 service provider networks worldwide.
enforces automated protection against known malware and zero- These rigorously tested carrier-class routing features of IPv4/IPv6,
day threats with an extremely high degree of accuracy. OSPF, BGP, and multicast have been proven in over 15 years of
The SRX1500 enables agile SecOps through automation capabilities worldwide deployments.
that support Zero Touch Deployment, Python scripts for
orchestration, and event scripting for operational management.

Features and Benefits

Business Requirement Feature/Solution SRX1500 Advantages
High performance Up to 9 Gbps of firewall • Best suited for enterprise campus and data center edge deployments
performance • Addresses future needs for scale and feature capacity

High quality end-user Application visibility and control • Detects 4,275 Layer 3-7 applications, including Web 2.0
experience • Controls and prioritizes traffic based on application and user role
• Inspects and detects applications inside the SSL encrypted traffic

Threat protection IPS, antivirus, anti-spam, enhanced • Provides real-time updates to IPS signatures and protects against exploits
web filtering, Juniper Advanced • Implements industry-leading antivirus and URL filtering
Threat Prevention Cloud, Encrypted
Traffic Insights, Threat Intelligence • Delivers open threat intelligence platform that integrates with third-party feeds
Feeds, and Juniper ATP Appliance • Protects against zero-day attacks
• Restores visibility lost due to encryption, without the heavy burden of full TLS/SSL decryption

Professional-grade Routing, switching, and secure wire • Supports carrier-class advanced routing, quality of service (QoS), and services
networking services • Offers flexible deployment modes (L1/L2/L3)

Highly secure IPsec VPN, remote access/SSL VPN, • Provides high-performance IPsec VPN with dedicated crypto engine
secure boot • Simplifies large VPN deployments with auto VPN and group VPN
• Offers secure and flexible remote access SSL VPN with Juniper Secure Connect
• Verifies binaries that execute on the hardware with secure boot

High reliability Chassis cluster, redundant power • Provides stateful configuration and session synchronization
supply • Supports active/active and active/backup deployment scenarios
• Offers highly available hardware with dual PSU, redundant fans

Easy to manage and On-box GUI, Security Director • Enables centralized management for auto-provisioning, firewall policy management, Network Address Translation (NAT),
scale and IPsec VPN deployments
• Includes simple easy-to-use on-box GUI for local management

Lower TCO Junos OS • Integrates routing, switching, and security in a single device
• Reduces OpEx with Junos OS automation capabilities

2
SRX1500 Services Gateway

High Availability Features

• Virtual Router Redundancy Protocol (VRRP)
• Stateful high availability
- Dual box clustering
SRX1500 Services Gateway Specifications - Active/passive
Software Specifications - Active/active
Firewall Services - Configuration synchronization
- Firewall session synchronization
• Stateful and stateless firewall
- Device/link detection
• Zone-based firewall
- In-Service Software Upgrade (ISSU)
• Screens and distributed denial of service (DDoS) protection
• IP monitoring with route and interface failover
• Protection from protocol and traffic anomalies
• Integration with Pulse Unified Access Control (UAC)
• Integration with Aruba Clear Pass Policy Manager Application Security Services1
• User role-based firewall
• Application visibility and control
• SSL Inspection
• Application-based firewall
• Application QoS
Network Address Translation (NAT) • Advanced/application policy-based routing (APBR)
• Application Quality of Experience (AppQoE)
• Source NAT with Port Address Translation (PAT)
• Application-based multipath routing
• Bidirectional 1:1 static NAT
• Destination NAT with PAT
• Persistent NAT Threat Defense and Intelligence Services1
• IPv6 address translation
• Intrusion prevention
• Antivirus
VPN Features • Antispam
• Category/reputation-based URL filtering
• Tunnels: Site-to-Site, Hub and Spoke, Dynamic Endpoint,
• Protection from botnets (command and control)
AutoVPN, ADVPN, Group VPN (IPv4/IPv6/Dual Stack)
• Adaptive enforcement based on GeoIP
• Juniper Secure Connect: Remote access/SSL VPN
• Juniper Advanced Threat Prevention, a cloud-based SaaS
• Configuration payload: Yes
offering, to detect and block zero-day attacks
• IKE Encryption algorithms: Prime, DES-CBC, 3DES-CBC, AEC-
• Juniper ATP Appliance, a distributed, on-premises advanced
CBC, AES-GCM, SuiteB
threat prevention solution to detect and block zero-day attacks
• IKE authentication algorithms: MD5, SHA-1, SHA-128,
• Adaptive Threat Profiling
SHA-256, SHA-384
• Encrypted Traffic Insights
• Authentication: Pre-shared key and public key infrastructure
• SecIntel to provide threat intelligence
(PKI) (X.509)
• IPsec (Internet Protocol Security): Authentication Header (AH)/
Encapsulating Security Payload (ESP) protocol 1
Offered as advanced security subscription license

• IPsec Authentication Algorithms: hmac-md5, hmac-sha-196

• IPsec Encryption Algorithms: Prime, DES-CBC, 3DES-CBC,
AEC-CBC, AES-GCM, SuiteB
• Perfect forward secrecy, anti-reply
• Internet Key Exchange: IKEv1, IKEv2
• Monitoring: Standard-based dead peer detection (DPD)
support, VPN monitoring
• VPNs GRE, IP-in-IP, and MPLS

3
SRX1500 Services Gateway

Routing Protocols Network Services

• IPv4, IPv6 • Dynamic Host Configuration Protocol (DHCP) client/server/
• Static routes relay
• RIP v1/v2 • Domain Name System (DNS) proxy, dynamic DNS (DDNS)
• OSPF/OSPF v3 • Juniper real-time performance monitoring (RPM) and IP
• BGP with Route Reflector monitoring
• IS-IS • Juniper flow monitoring (J-Flow)
• Multicast: Internet Group Management Protocol (IGMP) v1/v2; • Bidirectional Forwarding Detection (BFD)
Protocol Independent Multicast (PIM) sparse mode (SM)/dense • Two-Way Active Measurement Protocol (TWAMP)
mode (DM)/source-specific multicast (SSM); Session • IEEE 802.3ah Link Fault Management (LFM)
Description Protocol (SDP); Distance Vector Multicast Routing • IEEE 802.1ag Connectivity Fault Management (CFM)
Protocol (DVMRP); Multicast Source Discovery Protocol
(MSDP); Reverse Path Forwarding (RPF)
• Encapsulation: VLAN, Point-to-Point Protocol over Ethernet Advanced Routing Services
(PPPoE) • Packet mode
• Virtual routers • MPLS (RSVP, LDP)
• Policy-based routing, source-based routing • Circuit cross-connect (CCC), translational cross-connect (TCC)
• Equal-cost multipath (ECMP) • L2/L2 MPLS VPN, pseudo-wires
• Virtual private LAN service (VPLS), next-generation multicast
VPN (NG-MVPN)
QoS Features • MPLS traffic engineering and MPLS fast reroute
• Support for 802.1p, DiffServ code point (DSCP), EXP
• Classification based on VLAN, data-link connection identifier
(DLCI), interface, bundles, or multifield filters Management, Automation, Logging, and Reporting
• Marking, policing, and shaping • SSH, Telnet, SNMP
• Classification and scheduling • Smart image download
• Weighted random early detection (WRED) • Juniper CLI and Web UI
• Guaranteed and maximum bandwidth • Juniper Networks Junos Space and Security Director
• Ingress traffic policing • Python
• Virtual channels • Junos OS event, commit and OP scripts
• Hierarchical shaping and policing • Application and bandwidth usage reporting
• Auto installation
• Debug and troubleshooting tools
Switching Features
• ASIC-based Layer 2 forwarding
• MAC address learning
• VLAN addressing and integrated routing and bridging (IRB)
support
• Link aggregation and LACP
• LLDP and LLDP-MED
• STP, RSTP, MSTP
• MVRP
• 802.1X authentication

4
SRX1500 Services Gateway

Hardware Specifications

Specification SRX1500 Specification SRX1500

Connectivity IPsec VPN tunnels 2,000
Total onboard ports 16x1GbE and 4x10GbE Number of remote access/SSL VPN (concurrent)
2,000
users
Onboard RJ-45 ports 12x1GbE
GRE tunnels 2,048
Onboard small form-factor pluggable (SFP)
4x1GbE
transceiver ports Maximum security zones 512
Onboard SFP+ ports 4x10GbE Maximum virtual router 512
Out-of-Band (OOB) management ports 1x1GbE Maximum VLANs 3,900
Dedicated high availability (HA) ports 1x1GbE (SFP)
2
Performance numbers based on UDP packets and RFC2544 test methodology.
PIM slots 2 3
Performance numbers based on HTTP traffic with 44 KB transaction size.
Console (RJ-45 + miniUSB) 1
USB 2.0 ports (type A) 1

Memory and Storage Juniper Networks Services and Support

System memory (RAM) 16 GB
Juniper Networks is the leader in performance-enabling services
Primary boot storage (mSATA) 16 GB
designed to accelerate, extend, and optimize your high-
Secondary storage (SSD) 100 GB
performance network. Our services allow you to maximize
Dimensions and Power
operational efficiency while reducing costs and minimizing risk,
Form factor 1U
Size (WxHxD) 17.5 x 1.75 x 18.2 in (44.45 x 4.44 x
achieving a faster time to value for your network. Juniper Networks
46.22 cm) ensures operational excellence by optimizing the network to
Weight (device and PSU) 16.1 lb (7.30 kg) maintain required levels of performance, reliability, and availability.
Redundant PSU 1+1
For more details, please visit https://www.juniper.net/us/en/
Power supply AC/DC (external)
products.html.
Average power consumption 150 W
Average heat dissipation 512 BTU / hour
Maximum current consumption 2.5A (for AC PSU); Ordering Information
6.2A (for DC PSU)
Maximum inrush current 50A by 1 AC cycle To order Juniper Networks SRX Series Services Gateways, and to
Acoustic noise level 66.5dBA access software licensing information, please visit the How to Buy
Airflow/cooling Front to back page at https://www.juniper.net/us/en/how-to-buy/form.html.
Operating temperature 32° to 104° F (0° to 40° C)
SRX1500- SYS-JB
Nonoperating temperature 4° to 158° F (-20° to 70° C)
Hardware Included
Operating humidity 10% to 90% noncondensing
Management (CLI, JWEB, SNMP, Telnet, SSH) Included
Nonoperating humidity 5% to 95% noncondensing
Ethernet switching (L2 Forwarding, IRB, LACP) Included
Meantime between failures (MTBF) 9.78 years (85,787 hours)
L2 Transparent, Secure Wire Included
FCC classification Class A
Routing (RIP, OSPF, BGP, Virtual router) Included
RoHS compliance RoHS 2
Multicast (IGMP, PIM, SSDP, DMVRP) Included
FIPS 140-2 Level 2 (Junos 19.2)
Packet Mode Included
Performance and Scale Overlay (GRE, IP-IP) Included
Routing/firewall (IMIX packet size) Gbps2 5 Network Services (J-Flow, DHCP, QoS, BFD) Included
Routing/firewall (1,518 B packet size) Gbps2 9 Stateful Firewall, Screens, ALGs Included
IPsec VPN (IMIX packet size) Gbps2 1.3 NAT (static, SNAT, DNAT) Included
IPsec VPN (1400 B packet size) in Gbps2 4.5 IPSec VPN (Site-Site VPN, Auto VPN, Group VPN) Included
Application visibility and control in Gbps3 7 Remote access/SSL VPN (concurrent users) Optional4
Recommended IPS in Gbps3 4 Firewall policy enforcement (UAC, Aruba CPPM) Included
Next-generation firewall in Gbps3 1.7 Chassis Cluster, VRRP, ISSU Included
Route table size (RIB/FIB) (IPv4) 2 million / 1 million Automation (Junos scripting, auto-installation) Included
Maximum concurrent sessions (IPv4 or IPv6) 2,000,000 MPLS, LDP, RSVP, L3 VPN, pseudo-wires, VPLS Included
Maximum security policies 16,000 Application Security (AppID, AppFW, AppQoS, AppQoE, AppRoute) Optional
Connections per second 90,000 4
Based on concurrent users; two free licenses included.
NAT rules 8,000
Media access control (MAC) table size 64,000 (standalone mode)

5
SRX1500 Services Gateway

Base System Model Numbers Remote Access / Juniper Secure Connect VPN Licenses
Product Number Description Product Number Description
SRX1500-SYS-JB- SRX1500 Services Gateway includes hardware (16GbE, 4x10GbE, S-RA3-5CCU-S-1 SW, Remote Access VPN - Juniper, 5 Concurrent Users, Standard,
AC 16G RAM, 16G Flash, 100G SSD, AC PSU, cable and RMK) and Junos with SW support, 1 Year
Software Base (firewall, NAT, IPSec, routing, MPLS and switching)
S-RA3-25CCU-S-1 SW, Remote Access VPN - Juniper, 25 Concurrent Users, Standard,
SRX1500-SYS-JB- SRX1500 Services Gateway includes hardware (16GbE, 4x10GbE, with SW support, 1 Year
DC 16G RAM, 16G Flash, 100G SSD, DC PSU, cable and RMK) and Junos
Software Base (firewall, NAT, IPSec, routing, MPLS and switching) S-RA3-50CCU-S-1 SW, Remote Access VPN - Juniper, 50 Concurrent Users, Standard,
with SW support, 1 Year
S-RA3-100CCU-S-1 SW, Remote Access VPN - Juniper, 100 Concurrent Users, Standard,
with SW support, 1 Year

Accessories S-RA3-250CCU-S-1 SW, Remote Access VPN - Juniper, 250 Concurrent Users, Standard,
with SW support, 1 Year
Product Number Description
S-RA3-500CCU-S-1 SW, Remote Access VPN - Juniper, 5 Concurrent Users, Standard,
JPSU-400W-AC Juniper Power Supply Unit, 400W AC, Slim 1RU Form Factor with SW support, 3 Year
JPSU-650W-DC-AFO Juniper 650W DC Power Supply (Port Side to FRU Side Air Flow) S-RA3-1KCCU-S-1 SW, Remote Access VPN - Juniper, 1000 Concurrent Users, Standard,
with SW support, 1 Year
SRX1500-RMK SRX1500 rack mount kit – rail
S-RA3-5CCU-S-3 SW, Remote Access VPN - Juniper, 5 Concurrent Users, Standard,
with SW support, 3 Year
S-RA3-25CCU-S-3 SW, Remote Access VPN - Juniper, 25 Concurrent Users, Standard,
Advanced Security Services Subscription Licenses with SW support, 3 Year
S-RA3-50CCU-S-3 SW, Remote Access VPN - Juniper, 50 Concurrent Users, Standard,
Product Number Description with SW support, 3 Year
S-SRX1500-A1-1 SW, A1, IPS, AppSecure, content security, 1 year S-RA3-100CCU-S-3 SW, Remote Access VPN - Juniper, 100 Concurrent Users, Standard,
S-SRX1500-A2-1 SW, A2, IPS, AppSecure, URL filtering, cloud anti-virus/anti-spam, with SW support, 3 Year
content security, 1 year S-RA3-250CCU-S-3 SW, Remote Access VPN - Juniper, 250 Concurrent Users, Standard,
S-SRX1500-A3-1 SW, A3, IPS, AppSecure, URL filtering, on box anti-virus, content with SW support, 3 Year
security, 1 year S-RA3-500CCU-S-3 SW, Remote Access VPN - Juniper, 500 Concurrent Users, Standard,
S-SRX1500-A1-3 SW, A1, IPS, AppSecure, content security, 3 year with SW support, 3 Year

S-SRX1500-A2-3 SW, A2, IPS, AppSecure, URL filtering, cloud anti-virus/anti-spam,

content security, 3 year
S-SRX1500-A3-3 SW, A3, IPS, AppSecure, URL filtering, on box anti-virus, content
security, 3 year
S-SRX1500-A1-5 SW, A1, IPS, AppSecure, content security, 5 year
S-SRX1500-A2-5 SW, A2, IPS, AppSecure, URL filtering, cloud anti-virus/anti-spam,
content security, 5 year
S-SRX1500-A3-5 SW, A3, IPS, AppSecure, URL filtering, on box anti-virus, content
security, 5 year
S-SRX1500-P1-1 SW, P1, IPS, AppSecure, ATP, content security, 1 year
S-SRX1500-P2-1 SW, P2, IPS, AppSecure, URL filtering, cloud anti-virus/anti-spam, ATP,
content security, 1 year
S-SRX1500-P3-1 SW, P3, IPS, AppSecure, URL filtering, on box anti-virus, ATP, content
security, 1 year
S-SRX1500-P1-3 SW, P1, IPS, AppSecure, ATP, content security, 3 year
S-SRX1500-P2-3 SW, P2, IPS, AppSecure, URL filtering, cloud anti-virus/anti-spam, ATP,
content security, 3 year
S-SRX1500-P3-3 SW, P3, IPS, AppSecure, URL filtering, on box anti-virus, ATP, content
security, 3 year
S-SRX1500-P1-5 SW, P1, IPS, AppSecure, ATP, content security, 5 year
S-SRX1500-P2-5 SW, P2, IPS, AppSecure, URL filtering, cloud anti-virus/anti-spam, ATP,
content security, 5 year
S-SRX1500-P3-5 SW, P3, IPS, AppSecure, URL filtering, on box anti-virus, ATP, content
security, 5 year

6
 SRX1500 Services Gateway

About Juniper Networks

At Juniper Networks, we are dedicated to dramatically simplifying
network operations and driving superior experiences for end users.
Our solutions deliver industry-leading insight, automation, security
and AI to drive real business results. We believe that powering
connections will bring us closer together while empowering us all to
solve the world’s greatest challenges of well-being, sustainability
and equality.

Corporate and Sales Headquarters APAC and EMEA Headquarters

Juniper Networks, Inc. Juniper Networks International B.V. Boeing

1133 Innovation Way Avenue 240 1119 PZ Schiphol-Rijk

Sunnyvale, CA 94089 USA Amsterdam, The Netherlands

Phone: 888.JUNIPER (888.586.4737) Phone: +31.207.125.700

or +1.408.745.2000

www.juniper.net

Copyright 2022 Juniper Networks, Inc. All rights reserved. Juniper Networks, the Juniper Networks logo, Juniper, and Junos are registered trademarks of Juniper Networks, Inc. in the United
States and other countries. All other trademarks, service marks, registered marks, or registered service marks are the property of their respective owners. Juniper Networks assumes no
responsibility for any inaccuracies in this document. Juniper Networks reserves the right to change, modify, transfer, or otherwise revise this publication without notice.

1000551-018-EN Feb 2022 7