JUNOS® Software

Feature Support Reference for SRX Series and J Series Devices

Release 10.1

Juniper Networks, Inc.
1194 North Mathilda Avenue Sunnyvale, California 94089 USA 408-745-2000

www.juniper.net
Revision 01 Published: 2010-01-19

JUNOS Software Feature Support Reference for SRX Series and J Series Devices Release 10.1 Copyright © 2010, Juniper Networks, Inc. All rights reserved. Printed in USA. Revision History January 2010—Revision 01 The information in this document is current as of the date listed in the revision history. YEAR 2000 NOTICE Juniper Networks hardware and software products are Year 2000 compliant. The JUNOS Software has no known time-related limitations through the year 2038. However, the NTP application is known to have some difficulty in the year 2036. SOFTWARE LICENSE The terms and conditions for using this software are described in the software license contained in the acknowledgment to your purchase order or, to the extent applicable, to any reseller agreement or end-user purchase agreement executed between you and Juniper Networks. By using this software, you indicate that you understand and agree to be bound by those terms and conditions. Generally speaking, the software license restricts the manner in which you are permitted to use the software and may contain prohibitions against certain uses. The software license may state conditions under which the license is automatically terminated. You should consult the license for further details. For complete product documentation, please see the Juniper Networks website at www.juniper.net/techpubs.

ii

END USER LICENSE AGREEMENT
READ THIS END USER LICENSE AGREEMENT (“AGREEMENT”) BEFORE DOWNLOADING, INSTALLING, OR USING THE SOFTWARE. BY DOWNLOADING, INSTALLING, OR USING THE SOFTWARE OR OTHERWISE EXPRESSING YOUR AGREEMENT TO THE TERMS CONTAINED HEREIN, YOU (AS CUSTOMER OR IF YOU ARE NOT THE CUSTOMER, AS A REPRESENTATIVE/AGENT AUTHORIZED TO BIND THE CUSTOMER) CONSENT TO BE BOUND BY THIS AGREEMENT. IF YOU DO NOT OR CANNOT AGREE TO THE TERMS CONTAINED HEREIN, THEN (A) DO NOT DOWNLOAD, INSTALL, OR USE THE SOFTWARE, AND (B) YOU MAY CONTACT JUNIPER NETWORKS REGARDING LICENSE TERMS. 1. The Parties. The parties to this Agreement are (i) Juniper Networks, Inc. (if the Customer’s principal office is located in the Americas) or Juniper Networks (Cayman) Limited (if the Customer’s principal office is located outside the Americas) (such applicable entity being referred to herein as “Juniper”), and (ii) the person or organization that originally purchased from Juniper or an authorized Juniper reseller the applicable license(s) for use of the Software (“Customer”) (collectively, the “Parties”). 2. The Software. In this Agreement, “Software” means the program modules and features of the Juniper or Juniper-supplied software, for which Customer has paid the applicable license or support fees to Juniper or an authorized Juniper reseller, or which was embedded by Juniper in equipment which Customer purchased from Juniper or an authorized Juniper reseller. “Software” also includes updates, upgrades and new releases of such software. “Embedded Software” means Software which Juniper has embedded in or loaded onto the Juniper equipment and any updates, upgrades, additions or replacements which are subsequently embedded in or loaded onto the equipment. 3. License Grant. Subject to payment of the applicable fees and the limitations and restrictions set forth herein, Juniper grants to Customer a non-exclusive and non-transferable license, without right to sublicense, to use the Software, in executable form only, subject to the following use restrictions: a. Customer shall use Embedded Software solely as embedded in, and for execution on, Juniper equipment originally purchased by Customer from Juniper or an authorized Juniper reseller. b. Customer shall use the Software on a single hardware chassis having a single processing unit, or as many chassis or processing units for which Customer has paid the applicable license fees; provided, however, with respect to the Steel-Belted Radius or Odyssey Access Client software only, Customer shall use such Software on a single computer containing a single physical random access memory space and containing any number of processors. Use of the Steel-Belted Radius or IMS AAA software on multiple computers or virtual machines (e.g., Solaris zones) requires multiple licenses, regardless of whether such computers or virtualizations are physically contained on a single chassis. c. Product purchase documents, paper or electronic user documentation, and/or the particular licenses purchased by Customer may specify limits to Customer’s use of the Software. Such limits may restrict use to a maximum number of seats, registered endpoints, concurrent users, sessions, calls, connections, subscribers, clusters, nodes, realms, devices, links, ports or transactions, or require the purchase of separate licenses to use particular features, functionalities, services, applications, operations, or capabilities, or provide throughput, performance, configuration, bandwidth, interface, processing, temporal, or geographical limits. In addition, such limits may restrict the use of the Software to managing certain kinds of networks or require the Software to be used only in conjunction with other specific Software. Customer’s use of the Software shall be subject to all such limitations and purchase of all applicable licenses. d. For any trial copy of the Software, Customer’s right to use the Software expires 30 days after download, installation or use of the Software. Customer may operate the Software after the 30-day trial period only if Customer pays for a license to do so. Customer may not extend or create an additional trial period by re-installing the Software after the 30-day trial period. e. The Global Enterprise Edition of the Steel-Belted Radius software may be used by Customer only to manage access to Customer’s enterprise network. Specifically, service provider customers are expressly prohibited from using the Global Enterprise Edition of the Steel-Belted Radius software to support any commercial network access services. The foregoing license is not transferable or assignable by Customer. No license is granted herein to any user who did not originally purchase the applicable license(s) for the Software from Juniper or an authorized Juniper reseller. 4. Use Prohibitions. Notwithstanding the foregoing, the license provided herein does not permit the Customer to, and Customer agrees not to and shall not: (a) modify, unbundle, reverse engineer, or create derivative works based on the Software; (b) make unauthorized copies of the Software (except as necessary for backup purposes); (c) rent, sell, transfer, or grant any rights in and to any copy of the Software, in any form, to any third party; (d) remove any proprietary notices, labels, or marks on or in any copy of the Software or any product in which the Software is embedded; (e) distribute any copy of the Software to any third party, including as may be embedded in Juniper equipment sold in the secondhand market; (f) use any ‘locked’ or key-restricted feature, function, service, application, operation, or capability without first purchasing the applicable license(s) and obtaining a valid key from Juniper, even if such feature, function, service, application, operation, or capability is enabled without a key; (g) distribute any key for the Software provided by Juniper to any third party; (h) use the Software in any manner that extends or is broader than the uses purchased by Customer from Juniper or an authorized Juniper reseller; (i) use Embedded Software on non-Juniper equipment; (j) use Embedded Software (or make it available for use) on Juniper equipment that the Customer did not originally purchase from Juniper or an authorized Juniper reseller; (k) disclose the results of testing or benchmarking of the Software to any third party without the prior written consent of Juniper; or (l) use the Software in any manner other than as expressly provided herein. 5. Audit. Customer shall maintain accurate records as necessary to verify compliance with this Agreement. Upon request by Juniper, Customer shall furnish such records to Juniper and certify its compliance with this Agreement.

iii

6. Confidentiality. The Parties agree that aspects of the Software and associated documentation are the confidential property of Juniper. As such, Customer shall exercise all reasonable commercial efforts to maintain the Software and associated documentation in confidence, which at a minimum includes restricting access to the Software to Customer employees and contractors having a need to use the Software for Customer’s internal business purposes. 7. Ownership. Juniper and Juniper’s licensors, respectively, retain ownership of all right, title, and interest (including copyright) in and to the Software, associated documentation, and all copies of the Software. Nothing in this Agreement constitutes a transfer or conveyance of any right, title, or interest in the Software or associated documentation, or a sale of the Software, associated documentation, or copies of the Software. 8. Warranty, Limitation of Liability, Disclaimer of Warranty. The warranty applicable to the Software shall be as set forth in the warranty statement that accompanies the Software (the “Warranty Statement”). Nothing in this Agreement shall give rise to any obligation to support the Software. Support services may be purchased separately. Any such support shall be governed by a separate, written support services agreement. TO THE MAXIMUM EXTENT PERMITTED BY LAW, JUNIPER SHALL NOT BE LIABLE FOR ANY LOST PROFITS, LOSS OF DATA, OR COSTS OR PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES, OR FOR ANY SPECIAL, INDIRECT, OR CONSEQUENTIAL DAMAGES ARISING OUT OF THIS AGREEMENT, THE SOFTWARE, OR ANY JUNIPER OR JUNIPER-SUPPLIED SOFTWARE. IN NO EVENT SHALL JUNIPER BE LIABLE FOR DAMAGES ARISING FROM UNAUTHORIZED OR IMPROPER USE OF ANY JUNIPER OR JUNIPER-SUPPLIED SOFTWARE. EXCEPT AS EXPRESSLY PROVIDED IN THE WARRANTY STATEMENT TO THE EXTENT PERMITTED BY LAW, JUNIPER DISCLAIMS ANY AND ALL WARRANTIES IN AND TO THE SOFTWARE (WHETHER EXPRESS, IMPLIED, STATUTORY, OR OTHERWISE), INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NONINFRINGEMENT. IN NO EVENT DOES JUNIPER WARRANT THAT THE SOFTWARE, OR ANY EQUIPMENT OR NETWORK RUNNING THE SOFTWARE, WILL OPERATE WITHOUT ERROR OR INTERRUPTION, OR WILL BE FREE OF VULNERABILITY TO INTRUSION OR ATTACK. In no event shall Juniper’s or its suppliers’ or licensors’ liability to Customer, whether in contract, tort (including negligence), breach of warranty, or otherwise, exceed the price paid by Customer for the Software that gave rise to the claim, or if the Software is embedded in another Juniper product, the price paid by Customer for such other product. Customer acknowledges and agrees that Juniper has set its prices and entered into this Agreement in reliance upon the disclaimers of warranty and the limitations of liability set forth herein, that the same reflect an allocation of risk between the Parties (including the risk that a contract remedy may fail of its essential purpose and cause consequential loss), and that the same form an essential basis of the bargain between the Parties. 9. Termination. Any breach of this Agreement or failure by Customer to pay any applicable fees due shall result in automatic termination of the license granted herein. Upon such termination, Customer shall destroy or return to Juniper all copies of the Software and related documentation in Customer’s possession or control. 10. Taxes. All license fees payable under this agreement are exclusive of tax. Customer shall be responsible for paying Taxes arising from the purchase of the license, or importation or use of the Software. If applicable, valid exemption documentation for each taxing jurisdiction shall be provided to Juniper prior to invoicing, and Customer shall promptly notify Juniper if their exemption is revoked or modified. All payments made by Customer shall be net of any applicable withholding tax. Customer will provide reasonable assistance to Juniper in connection with such withholding taxes by promptly: providing Juniper with valid tax receipts and other required documentation showing Customer’s payment of any withholding taxes; completing appropriate applications that would reduce the amount of withholding tax to be paid; and notifying and assisting Juniper in any audit or tax proceeding related to transactions hereunder. Customer shall comply with all applicable tax laws and regulations, and Customer will promptly pay or reimburse Juniper for all costs and damages related to any liability incurred by Juniper as a result of Customer’s non-compliance or delay with its responsibilities herein. Customer’s obligations under this Section shall survive termination or expiration of this Agreement. 11. Export. Customer agrees to comply with all applicable export laws and restrictions and regulations of any United States and any applicable foreign agency or authority, and not to export or re-export the Software or any direct product thereof in violation of any such restrictions, laws or regulations, or without all necessary approvals. Customer shall be liable for any such violations. The version of the Software supplied to Customer may contain encryption or other capabilities restricting Customer’s ability to export the Software without an export license. 12. Commercial Computer Software. The Software is “commercial computer software” and is provided with restricted rights. Use, duplication, or disclosure by the United States government is subject to restrictions set forth in this Agreement and as provided in DFARS 227.7201 through 227.7202-4, FAR 12.212, FAR 27.405(b)(2), FAR 52.227-19, or FAR 52.227-14(ALT III) as applicable. 13. Interface Information. To the extent required by applicable law, and at Customer's written request, Juniper shall provide Customer with the interface information needed to achieve interoperability between the Software and another independently created program, on payment of applicable fee, if any. Customer shall observe strict obligations of confidentiality with respect to such information and shall use such information in compliance with any applicable terms and conditions upon which Juniper makes such information available. 14. Third Party Software. Any licensor of Juniper whose software is embedded in the Software and any supplier of Juniper whose products or technology are embedded in (or services are accessed by) the Software shall be a third party beneficiary with respect to this Agreement, and such licensor or vendor shall have the right to enforce this Agreement in its own name as if it were Juniper. In addition, certain third party software may be provided with the Software and is subject to the accompanying license(s), if any, of its respective owner(s). To the extent portions of the Software are distributed under and subject to open source licenses obligating Juniper to make the source code for such portions publicly available (such as the GNU General Public License (“GPL”) or the GNU Library General Public License (“LGPL”)), Juniper will make such source code portions (including Juniper modifications, as appropriate) available upon request for a period of up to three years from the date of distribution. Such request can be made in writing to Juniper Networks, Inc., 1194 N. Mathilda Ave., Sunnyvale, CA 94089, ATTN: General Counsel. You may obtain a copy of the GPL at http://www.gnu.org/licenses/gpl.html, and a copy of the LGPL at http://www.gnu.org/licenses/lgpl.html. 15. Miscellaneous. This Agreement shall be governed by the laws of the State of California without reference to its conflicts of laws principles. The provisions of the U.N. Convention for the International Sale of Goods shall not apply to this Agreement. For any disputes arising under this Agreement, the Parties hereby consent to the personal and exclusive jurisdiction of, and venue in, the state and federal courts within Santa Clara County, California. This Agreement constitutes the entire and sole agreement between Juniper and the Customer with respect to the Software, and supersedes all prior and contemporaneous

iv

agreements relating to the Software, whether oral or written (including any inconsistent terms contained in a purchase order), except that the terms of a separate written agreement executed by an authorized Juniper representative and Customer shall govern to the extent such terms are inconsistent or conflict with terms contained herein. No modification to this Agreement nor any waiver of any rights hereunder shall be effective unless expressly assented to in writing by the party to be charged. If any portion of this Agreement is held invalid, the Parties agree that such invalidity shall not affect the validity of the remainder of this Agreement. This Agreement and associated documentation has been written in the English language, and the Parties agree that the English version will govern. (For Canada: Les parties aux présentés confirment leur volonté que cette convention de même que tous les documents y compris tout avis qui s'y rattaché, soient redigés en langue anglaise. (Translation: The parties confirm that this Agreement and all related documentation is and will be in the English language)).

v

vi ■ .

.........................................24 Multicast VPN .................32 Session Logging .....................................................................................................................................................7 Chassis Management ............................................................33 Stateless Firewall Filters .....28 Public Key Infrastructure (PKI) ...........................13 Flow-Based and Packet-Based Processing .............................................................................................................................................................................................3 Alarms ...............................20 Layer 2 Mode ..........................................................33 SNMP ...................30 Routing ...........................................................................23 Multicast ..26 Network Operations and Troubleshooting ...............................................................................................9 Class of Service (CoS) ..12 GPRS ...........................................11 File Management .........................................................................................................................14 Integrated Convergence Services ............................................................13 Infranet Authentication ...............................................27 Packet Capture ......34 Table of Contents ■ vii ......................................................22 MPLS ..........................4 Attack Detection and Prevention ................................................28 Real-Time Performance Monitoring (RPM) Probe ..............................................................................................................................................................................................................................................................................................................................................................................19 IPsec ............................................................................................16 Intrusion Detection and Prevention (IDP) ............................................................................................................30 Remote Device Access .......................................................................31 Security Policy ............................4 Application Layer Gateways (ALG) ......................................................................27 Power over Ethernet (PoE) .................9 Dynamic Host Configuration Protocol (DHCP) .................5 Autoinstallation .................................................................................................................................................................................7 Chassis Cluster ...................................10 Diagnostics Tools .......30 Secure Web Access ....................................................................................................................Table of Contents Chapter 1 Chapter 2 Overview Feature Support Tables 1 3 Administrator Authentication ................................................................................................................................................................................................................................................................................................................................25 Netscreen Remote .........................................26 Network Address Translation (NAT) .......................................................................................................15 Interfaces ..................................................................................................................21 Management ................................................................................................................................................................................................................................................................................................................................11 Firewall Authentication ..............................

.....................................................................................................................................................................................35 Unified Threat Management (UTM) ...........................................................................36 USB Modem .........37 Voice Over Internet Protocol (VoIP) with Avaya ................................................................39 J Series and SRX Series Documentation and Release Notes ............41 Opening a Case with JTAC ............................................................................................................34 Transparent Mode ....................................JUNOS Software Feature Support Reference for SRX Series and J Series Devices System Log Files ..............37 User Interfaces .................................................................................................................................................................................36 Upgrading and Rebooting ................40 Self-Help Online Tools and Resources .38 Wireless LAN (WLAN) .................................................................................39 Zones Support .40 Requesting Technical Support ..................................................................41 viii ■ Table of Contents ......................................................................................................................

Chapter 1 Overview This guide provides feature support information for SRX Series Services Gateways and J Series Services Routers and specifies which hardware devices support those features. including a stateful firewall with access control policies and screens to protect against attacks and intrusions. and server farms. J4350. The SRX Series Services Gateways include the SRX100. WAN and LAN connectivity. and J6350 devices. SRX210. JUNOS Software Interfaces and Routing Configuration Guide. J2350. and SRX5800 devices. NOTE: The material in this guide consolidates and updates the support information previously located in the JUNOS Software Administration Guide. Powered by JUNOS Software. Juniper Networks J Series Services Routers running JUNOS Software provide stable. SRX3400. These devices also provide network security features. and management services for small to medium-sized enterprise networks. Juniper Networks SRX Series Services Gateways provide robust networking and security services. SRX5600. The J Series Services Routers include the J2320. SRX650. SRX Series Services Gateways range from lower-end devices designed to secure small distributed enterprise locations to high-end devices designed to secure enterprise infrastructure. SRX3600. data centers. and IPsec VPNs. and JUNOS Software Security Configuration Guide. ■ 1 . reliable. SRX240. and efficient IP routing.

JUNOS Software Feature Support Reference for SRX Series and J Series Devices 2 ■ .

Table 1: Administrator Authentication Support SRX3400 SRX3600 SRX5600 SRX5800 Feature SRX100 SRX210 SRX240 SRX650 J Series Local authentication RADIUS TACACS+ Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Administrator Authentication ■ 3 . Both are distributed client/server systems—the RADIUS and TACACS+ clients run on the device.Chapter 2 Feature Support Tables This chapter provides an alphabetical list of all features supported by the SRX Series and J Series devices. you configure a password for each user allowed to log in to the device. Table 1 on page 3 lists the administrator authentication features that are supported on SRX Series and J Series devices. For more information about administrator authentication. RADIUS and TACACS+ are authentication methods for validating users who attempt to access the device using Telnet. and the server runs on a remote network system. see the JUNOS Software Administration Guide. Administrator Authentication JUNOS Software supports three methods of user authentication: ■ ■ ■ local password authentication Remote Authentication Dial-In User Service (RADIUS) Terminal Access Controller Access Control System Plus (TACACS+) With local password authentication.

JUNOS Software Feature Support Reference for SRX Series and J Series Devices Alarms JUNOS Software supports three types of alarms: ■ Chassis alarms indicate a failure on the device or one of its components. Table 3: ALG Support SRX3400 SRX3600 SRX5600 SRX5800 Feature SRX100 SRX210 SRX240 SRX650 J Series Avaya H. see the JUNOS Software Administration Guide. System alarms indicate a missing rescue configuration or software license. and defines dynamic policies to permit the traffic to pass securely through the Juniper Networks device. To enable interface alarms. System alarms are preset and cannot be modified. allocates resources.323 ALG Yes Yes No Yes 4 ■ Alarms . ■ ■ Table 2 on page 4 lists the alarm features that are supported on SRX Series and J Series devices. The ALG intercepts and analyzes the specified traffic. Table 3 on page 4 lists the ALG features that are supported on SRX Series and J Series devices. you must configure them. although you can configure them to appear automatically in the J-Web or CLI display. Chassis alarms are preset and cannot be modified. where valid. Interface alarms indicate a problem in the state of the physical links on fixed or installed PIMs. Table 2: Alarm Support SRX3400 SRX3600 SRX5600 SRX5800 Feature SRX100 SRX210 SRX240 SRX650 J Series Chassis alarms Interface alarms System alarms Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Application Layer Gateways (ALG) An ALG is a software component that is designed to manage specific protocols such as Session Initiation Protocol (SIP) or File Transfer Protocol (FTP) on SRX Series and J Series devices running JUNOS Software. see the JUNOS Software Security Configuration Guide. For more information about alarms. For more information about ALGs.

where no security zones are referenced) Attack Detection and Prevention ■ 5 .323 ALG Media Gateway Control Protocol (MGCP) ALG Point-to-Point Tunneling Protocol (PPTP) ALG Real-Time Streaming Protocol (RTSP) ALG Sun remote procedure call (SUNRPC) ALG Microsoft remote procedure call (MSRPC) ALG Remote shell (RSH) ALG Session Initiation Protocol (SIP) ALG Skinny Call Control Protocol (SCCP) ALG DNS Doctoring Support Structured Query Language (SQL) ALG TALK ALG Trivial File Transfer Protocol (TFTP) ALG DNS. An exploit can be either an information-gathering probe or an attack to compromise. or harm a network or network resource. Juniper Networks provides various detection methods and defense mechanisms at the zone and policy levels to combat exploits at all stages of their execution. also known as a stateful firewall. and super-zone policy levels (super-zone here means in global policies. and TFTP ALGs (Layer 2) with chassis clustering Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes No Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes No Yes Yes No No Yes Yes Yes Yes Yes No No Yes Yes Yes Yes SRX5600 and SRX5800 only Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes No Attack Detection and Prevention Attack detection and prevention. disable. intra-. detects and prevents attacks in network traffic. ■ ■ Screen options at the zone level Firewall policies at the inter-. FTP.Chapter 2: Feature Support Tables Table 3: ALG Support (continued) SRX3400 SRX3600 SRX5600 SRX5800 Feature SRX100 SRX210 SRX240 SRX650 J Series Domain Name System (DNS) ALG FTP ALG H. RTSP.

see the JUNOS Software Security Configuration Guide. For more information on IDP support.JUNOS Software Feature Support Reference for SRX Series and J Series Devices Table 4 on page 6 lists attack detection and prevention features (Screens) that are supported on SRX Series and J Series devices. see “Intrusion Detection and Prevention (IDP)” on page 19. For more information about attack detection and prevention. Table 4: Attack Detection and Prevention Support (Screens) SRX3400 SRX3600 SRX5600 SRX5800 Feature SRX100 SRX210 SRX240 SRX650 J Series Bad IP option Block fragment traffic FIN flag without ACK flag set protection ICMP flood protection ICMP fragment protection IP address spoof IP address sweep IP record route option IP security option IP stream option IP strict source route option IP timestamp option Land attack protection Large size ICMP packet protection Loose source route option Ping of death attack protection Port scan Source IP based session limit SYN-ACK-ACK proxy protection SYN and FIN flags set protection SYN flood protection SYN fragment protection Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes 6 ■ Attack Detection and Prevention .

Typically.Chapter 2: Feature Support Tables Table 4: Attack Detection and Prevention Support (Screens) (continued) SRX3400 SRX3600 SRX5600 SRX5800 Feature SRX100 SRX210 SRX240 SRX650 J Series Teardrop attack protection TCP packet without flag set protection Unknown protocol protection UDP flood protection WinNuke attack protection Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Autoinstallation Autoinstallation provides automatic configuration for a new device that you connect to the network and turn on. Autoinstallation ■ 7 . see the JUNOS Software Security Configuration Guide. or for a device configured for autoinstallation. Table 6 on page 8 lists chassis cluster features that are supported on SRX Series and J Series devices. The devices must be running JUNOS Software. Table 5: Autoinstallation Support SRX3400 SRX3600 SRX5600 SRX5800 Feature SRX100 SRX210 SRX240 SRX650 J Series Autoinstallation Yes Yes No Yes Chassis Cluster Chassis clustering provides network node redundancy by grouping a pair of the same kind of supported SRX Series devices or J Series devices into a cluster. For more information about autoinstallation. Table 5 on page 7 lists the autoinstallation support on SRX Series and J Series devices. see the JUNOS Software Administration Guide. The autoinstallation process begins anytime a device is powered on and cannot locate a valid configuration file in the CompactFlash card. a configuration file is unavailable when a device is powered on for the first time. The autoinstallation feature enables you to deploy multiple devices from a central location in the network. or if the configuration file is deleted from the CompactFlash card. For more information about chassis clusters.

cross-box data forwarding over the fabric interface) Application Layer Gateways (ALGs) Chassis cluster formation Control plane failover Dampening time between back-to-back redundancy group failovers Data plane failover Dual control links Yes Yes Yes Yes SRX100 and SRX210 only Yes No Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes No Yes No Yes SRX5600 and SRX5800 only Yes Yes No JUNOS flow-based routing functionality Low-impact cluster upgrade (ISSU light) Redundancy group 0 (backup for Routing Engine) Redundancy groups 1 through 128 Redundant Ethernet interfaces Redundant Ethernet interface link aggregation groups (LAGs) Upstream device IP address monitoring Upstream device IP address monitoring on a backup interface Yes Yes Yes No No Yes No Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes No No Yes No No No Yes No No No Yes No 8 ■ Chassis Cluster .JUNOS Software Feature Support Reference for SRX Series and J Series Devices Table 6: Chassis Cluster Support SRX3400 SRX3600 SRX5600 SRX5800 Feature SRX100 SRX210 SRX240 SRX650 J Series Active/active chassis cluster (that is.

For more information about CoS. Table 8 on page 9 lists the CoS features that are supported on SRX Series and J Series devices. Table 7 on page 9 lists the chassis management support on SRX Series and J Series devices. This allows packet loss to happen according to the rules you configure. For more information about chassis management. Table 7: Chassis Management Support SRX3400 SRX3600 SRX5600 SRX5800 Feature SRX100 SRX210 SRX240 SRX650 J Series Chassis management Yes Yes Yes Yes Class of Service (CoS) When a network experiences congestion and delay. some packets must be dropped.Chapter 2: Feature Support Tables Chassis Management The chassis properties include the status of hardware components on the device. see the JUNOS Software Administration Guide. Table 8: CoS Support SRX3400 SRX3600 SRX5600 SRX5800 Feature SRX100 SRX210 SRX240 SRX650 J Series Classifiers Code-point aliases Forwarding classes Ingress interface policer Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes SRX5600 and SRX5800 only Yes Yes Yes Yes Yes Policing Yes Yes Yes Chassis Management ■ 9 . see the JUNOS Software Interfaces and Routing Configuration Guide. JUNOS Software CoS allows you to divide traffic into classes and offer various levels of throughput and packet loss when congestion occurs.

Table 9: DHCP Support SRX3400 SRX3600 SRX5600 SRX5800 Feature SRX100 SRX210 SRX240 SRX650 J Series DHCP client DHCP relay agent Yes Yes Yes Yes Yes Yes Yes Yes 10 ■ Dynamic Host Configuration Protocol (DHCP) . Table 9 on page 10 lists the DHCP features that are supported on SRX Series and J Series devices. manage. DHCP provides two primary functions: ■ ■ Allocate temporary or permanent IP addresses to clients. and provide client configuration parameters. see the JUNOS Software Administration Guide. but provide additional capabilities beyond BOOTP. and the name of a bootstrap file. Store. the IP address of a server host.JUNOS Software Feature Support Reference for SRX Series and J Series Devices Table 8: CoS Support (continued) SRX3400 SRX3600 SRX5600 SRX5800 Feature SRX100 SRX210 SRX240 SRX650 J Series Schedulers: ■ Yes Yes Yes Yes Transmission Rate (no exact rate knob) Delay buffer size Shaping rate Red drop profiles No Yes Yes No Yes Yes Yes Yes No No Yes Yes ■ ■ ■ Simple filters Transmission queues Tunnels: ■ ■ ■ IP to IP IPsec GRE Yes Yes No Yes Virtual Channels Dynamic Host Configuration Protocol (DHCP) DHCP is based on BOOTP. For more information about DHCP. a bootstrap protocol that allows a client to discover its own IP address. DHCP servers can handle requests from BOOTP clients. such as the automatic allocation of reusable IP addresses and additional configuration options.

Table 11 on page 12 lists the file management features that are supported on SRX Series and J Series devices. For more information about diagnostics tools.Chapter 2: Feature Support Tables Table 9: DHCP Support (continued) SRX3400 SRX3600 SRX5600 SRX5800 Feature SRX100 SRX210 SRX240 SRX650 J Series DHCP server DHCP server address pools DHCP server static mapping Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Diagnostics Tools SRX Series and J Series devices support a suite of J-Web tools and CLI operational mode commands for evaluating system health and performance. Diagnostics Tools ■ 11 . For more information about file management. see the JUNOS Software Administration Guide. see the JUNOS Software Administration Guide. cleaning up temporary files and crash files. Table 10: Diagnostics Tools Support SRX3400 SRX3600 SRX5600 SRX5800 Feature SRX100 SRX210 SRX240 SRX650 J Series CLI terminal J-Flow versions 5 and 8 Ping host Ping MPLS Traceroute Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes No Yes Yes Yes Yes Yes Yes File Management You can use the J-Web interface to perform routine file management operations such as archiving log files and deleting unused log files. Table 10 on page 11 lists the diagnostics tools features that are supported on SRX Series and J Series devices. and downloading log files from the routing platform to your computer. Diagnostic tools and commands test the connectivity and reachability of hosts in the network. You can also encrypt the configuration files with the CLI configuration editor to prevent unauthorized users from viewing sensitive configuration information.

in this scenario. You are prompted for the username and password that are verified by the device. Subsequent traffic from the user or host to the protected resource is allowed or denied based on the result of this authentication. Table 12: Firewall Authentication Support SRX3400 SRX3600 SRX5600 SRX5800 Feature SRX100 SRX210 SRX240 SRX650 J Series LDAP authentication server Local authentication server Pass-through authentication RADIUS authentication server Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes 12 ■ Firewall Authentication . ■ Table 12 on page 12 lists firewall authentication features that are supported on SRX Series and J Series devices. or HTTP client to access the IP address of the protected resource and to get authenticated by the firewall. you do not use HTTP to get to the IP address of the protected resource. The device uses FTP. and subsequent traffic from the user or host is allowed or denied based on the result of this authentication. Telnet. Telnet. For more information about firewall authentication. see the JUNOS Software Security Configuration Guide. You must use an FTP.JUNOS Software Feature Support Reference for SRX Series and J Series Devices Table 11: File Management Support SRX3400 SRX3600 SRX5600 SRX5800 Feature SRX100 SRX210 SRX240 SRX650 J Series Clean up unnecessary files Delete backup software image Delete individual files Download system files Encrypt/decrypt configuration files Manage account files Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes No Yes Yes Yes Yes Yes Yes Firewall Authentication JUNOS Software supports the following two types of firewall user authentication: ■ Pass-through authentication—A host or a user from one zone tries to access resources on another zone. or HTTP to collect username and password information. Web authentication—Users try to connect. to an IP address on the device that is enabled for Web authentication. using HTTP.

see the JUNOS Software Security Configuration Guide. and using stateful inspection can eliminate a majority of the GTP’s security risks. the fundamental cause of security threats to an operator’s network is the inherent lack of security in GPRS tunneling protocol (GTP). Table 13: GPRS Support SRX3400 SRX3600 SRX5600 SRX5800 Feature SRX100 SRX210 SRX240 SRX650 J Series GPRS No No Yes No Flow-Based and Packet-Based Processing A packet undergoes flow-based processing after any packet-based filters and policers have been applied to it. Communication between different GPRS networks is not secure. or confidentiality protection. and Gi interfaces. Juniper Networks security devices mitigate a wide variety of attacks on the Gp. GPRS network operators face the challenge of protecting their network while providing and controlling access to and from these external networks. because GTP does not provide any authentication. Gn. For more information about GPRS. corporate customers. JUNOS Software treats packets belonging to the same flow in the same manner. Juniper Networks provides solutions to many of the security problems plaguing GPRS network operators. setting traffic rate limits.Chapter 2: Feature Support Tables Table 12: Firewall Authentication Support (continued) SRX3400 SRX3600 SRX5600 SRX5800 Feature SRX100 SRX210 SRX240 SRX650 J Series SecurID authentication server Web authentication Layer 2 authentication Yes Yes No Yes Yes No Yes Yes Yes Yes Yes No GPRS General Packet Radio Service (GPRS) networks connect to several external networks including those of roaming partners. In the GPRS architecture. Table 12 on page 12 lists GPRS features that are supported on SRX Series and J Series devices. and the public Internet. A flow is a stream of related packets that meet the same matching criteria and share the same characteristics. data integrity. GTP is the protocol used between GPRS support nodes (GSNs). GPRS ■ 13 . Implementing Internet Protocol security (IPsec) for connections between roaming partners. GPRS Roaming Exchange (GRX) providers. The GTP firewall features in JUNOS Software address key security issues in mobile operators’ networks.

For more information about flow-based and packet-based processing. Specifically. Table 15 on page 14 lists infranet authentication support on SRX Series and J Series devices.JUNOS Software Feature Support Reference for SRX Series and J Series Devices A packet undergoes packet-based processing when it is dequeued from its input (ingress) interface and before it is enqueued on its output (egress) interface. You can apply a firewall filter to an ingress or egress interface. or to both. see the JUNOS Software Security Configuration Guide. see the JUNOS Software Security Configuration Guide. infranet enforcers. an SRX Series or J Series device is called a JUNOS Enforcer. Table 14: Flow-based and Packet-Based Processing Support SRX3400 SRX3600 SRX5600 SRX5800 Feature SRX100 SRX210 SRX240 SRX650 J Series End-to-end packet debugging Flow-based processing Network processor bundling Yes Yes No Yes Yes No Yes Yes SRX5600 and SRX5800 only No No No Yes No Packet-based processing Selective stateless packet-based services Yes Yes Yes Yes Yes Yes Infranet Authentication A Unified Access Control (UAC) deployment uses infranet controllers. and infranet agents to secure a network and ensure that only qualified end users can access protected resources. it acts as a Layer 3 enforcement point. Packet-based processing applies stateless firewall filters and class-of-service (CoS) features to discrete packets. Table 15: Infranet Authentication Support SRX3400 SRX3600 SRX5600 SRX5800 Feature SRX100 SRX210 SRX240 SRX650 J Series JUNOS Enforcers in UAC deployments Yes Yes Yes Yes 14 ■ Infranet Authentication . Table 14 on page 14 lists flow-based and packet-based features that are supported on SRX Series and J Series devices. An SRX Series or J Series device can act as an Infranet Enforcer in a UAC network. When deployed in a UAC network. For more information about infranet authentication. controlling access by using IP-based policies pushed down from the Infranet Controller.

fax machines. and more. see the JUNOS Software Integrated Convergence Services Configuration and Administration Guide. Unlike traditional SIP architectures in which traffic is backhauled to headquarters. Table 16 on page 16 lists integrated convergence services support on SRX Series devices. (DSP). It integrates hardware and software on SRX Series devices to provide the following main features and functions: ■ A standards-based Session Initiation Protocol (SIP) media gateway (SRX Series MGW) that connects SIP and time-division multiplexing (TDM) networks so that calls can be made from and routed to local analog telephones. This solution results in large cost savings with dynamic pricing schemes made available by SIP trunking carriers. Supported features include class of restriction for stations. For more information about integrated convergence services. and more. Emergency call support with the ability to dedicate trunks for emergency calls or preempt existing calls to guarantee successful emergency call completion. auto-attendant. voicemail forwarding. and expansion cards to provide additional FXS and FXO interfaces. ■ A SIP survivable call server (SRX Series SCS) that provides local call handling and basic call routing for branch analog and IP phones when the centralized SIP call server. plain old telephone service (POTS) interfaces. and SIP phones within the branch and across PSTN or SIP trunks. SIP trunking from the branch integrated natively into the device to provide a secure. call forwarding. Integrated Convergence Services hardware on SRX Series Services Gateways includes a digital signal processor. referred to as the peer call server. T1/E1 interfaces. three-way calls. that provides them under normal conditions is unreachable.Chapter 2: Feature Support Tables Integrated Convergence Services Integrated Convergence Services optimizes and secures voice communication and applications running on Juniper Networks SRX Series Services Gateways. and reliable SIP-based solution. it serves as a circuit switch trunk replacement for TDM or analog PSTN lines from the branch. This approach provides customers with the flexibility to choose the best vendor for their unified communications requirements. call transfer. Integrated Convergence Services ■ 15 . robust. It interoperates with leading voice and unified communications vendor partners. legacy PBX (Key) systems. which includes optimized Quality of Service (QoS) and traffic engineering to route calls using the shortest path from the branch to the carrier POP. when a local SIP trunk is used. ■ ■ Integrated Convergence Services is designed with an open and standards-based approach.

Table 17: Interface Support SRX3400 SRX3600 SRX5600 SRX5800 Feature SRX100 SRX210 SRX240 SRX650 J Series 10–Gigabit Ethernet interface 3G wireless modem interface 3G wireless modem interface using the CX-111 external wireless bridge Asymmetric digital subscriber line (ADSL) interface Channelized E1/T1 interface Channelized ISDN PRI interface No No Yes No SRX210 only No No No Yes Yes No Yes SRX210 and SRX240 only No No Yes No No No Yes No No No Yes 16 ■ Interfaces . You must configure each network interface before it can operate on the device. Table 17 on page 16 lists the interface features that are supported on SRX Series and J Series devices. see the JUNOS Software Interfaces and Routing Configuration Guide. and XGPIMs. GPIMs. uPIMS. Each device interface has a unique name that follows a naming convention. while SRX650 devices support XPIMs. Configuring an interface can define both the physical properties of the link and the logical properties of a logical interface on the link. SRX100. For more information about interfaces. A connection takes place along media-specific physical wires through a port on a Physical Interface Module (PIMs. and SRX240 devices support mPIMs.JUNOS Software Feature Support Reference for SRX Series and J Series Devices Table 16: Integrated Convergence Services Support SRX3400 SRX3600 SRX5600 SRX5800 Feature SRX100 SRX210 SRX240 SRX650 J Series Integrated Convergence Services SRX210 and SRX240 only No No No Interfaces All Juniper Networks devices use network interfaces to connect to other devices. ePIMs) installed in the J Series Services Router or an Input/Output Card (IOC) in the SRX Series Services Gateway. SRX210.

100–Mbps.Chapter 2: Feature Support Tables Table 17: Interface Support (continued) SRX3400 SRX3600 SRX5600 SRX5800 Feature SRX100 SRX210 SRX240 SRX650 J Series Class-of-service support interface Copper Gigabit Ethernet (10–Mbps. or 1000–Mbps port) Data over Cable System Interface Specifications (DOCSIS) Mini-PIM interface Discard interface Ethernet interface E3 interface Fractional T1/E1 interface Fast Ethernet interface Frame Relay interface No No No Yes SRX210 and SRX240 only Yes Yes No SRX210 and SRX240 only No No No No Yes No SRX210 and SRX240 only Yes SRX210 and SRX240 only Yes No Yes No No No Yes No No Yes Yes Yes Yes Yes Yes Yes No Yes Yes Generic routing encapsulation (GRE) interface Gigabit Ethernet interface High-level Data Link Control (HDLC) interface Interleaving using MLFR Internally configured interface used by the system as a control path between the WXC Integrated Services Module and the Routing Engine Internally generated GRE interface Yes No Yes Yes Yes Yes Yes SRX210 and SRX240 only Yes No No No No No Yes No No No Yes Yes Yes No Yes Interfaces ■ 17 .

JUNOS Software Feature Support Reference for SRX Series and J Series Devices Table 17: Interface Support (continued) SRX3400 SRX3600 SRX5600 SRX5800 Feature SRX100 SRX210 SRX240 SRX650 J Series Internally generated link services interface Internally generated IP-over-IP interface Internally generated Protocol Independent Multicast de-encapsulation interface Internally generated Protocol Independent Multicast encapsulation interface IP-over-IP encapsulation interface ISDN BRI interface Link services interface Link Fragment Interleaved Loopback Interface Management interface Passive monitoring interface Point-to-Point Protocol (PPP) interface Point-to-Point Protocol over Ethernet (PPPoE) interface PPoE-based radio-to-router protocol Promiscuous mode on interfaces Protocol Independent Multicast de-encapsulation interface Yes Yes No Yes Yes Yes No Yes Yes No Yes Yes Yes Yes Yes Yes Yes Yes No Yes No Yes Yes No Yes Yes No No No Yes Yes No Yes Yes Yes Yes Yes Yes Yes Yes No Yes Yes Yes Yes Yes No Yes SRX210 and SRX240 only Yes No No Yes Yes Yes Yes No No Yes No Yes No No Yes 18 ■ Interfaces .

network. see the JUNOS Software Security Configuration Guide. Table 18: IDP Support SRX3400 SRX3600 SRX5600 SRX5800 Feature SRX100 SRX210 SRX240 SRX650 J Series Application identification Application-level distributed denial-of-service (DDoS) rulebase Differentiated Services code point (DSCP) marking Yes No Yes No Yes Yes Yes No Yes Yes Yes Yes Intrusion Detection and Prevention (IDP) ■ 19 . and application. For more information about IDP. It allows you to define policy rules to match traffic based on a zone. and then take active or passive preventive actions on that traffic. Table 18 on page 19 lists IDP features that are supported on SRX Series and J Series devices.SHDSL) interface T3 interface Universal serial bus (USB) model physical interface VDSL interface No No Yes No No Yes No Yes No No No No Yes Yes SRX210 and SRX240 No No No Intrusion Detection and Prevention (IDP) The JUNOS Software Intrusion Detection and Prevention (IDP) policy enables you to selectively enforce various attack detection and prevention techniques on network traffic passing through an IDP-enabled device.Chapter 2: Feature Support Tables Table 17: Interface Support (continued) SRX3400 SRX3600 SRX5600 SRX5800 Feature SRX100 SRX210 SRX240 SRX650 J Series Protocol Independent Multicast encapsulation interface Secure tunnel interface Serial interface Yes No No Yes Yes SRX210 and SRX240 only SRX210 and SRX240 only SRX210 and SRX240 only Yes No Yes No Yes Yes Symmetric high-speed DSL (SHDSL) interface Symmetric high-speed digital subscriber line (G.

all the attributes for which are gathered in a Domain of Interpretation (DOI). The IPsec DOI is a document containing definitions for all the security parameters required for the successful negotiation of a VPN tunnel—essentially. For more information about IPsec. IPsec also provides methods for the manual and automatic negotiation of security associations (SAs) and key distribution.JUNOS Software Feature Support Reference for SRX Series and J Series Devices Table 18: IDP Support (continued) SRX3400 SRX3600 SRX5600 SRX5800 Feature SRX100 SRX210 SRX240 SRX650 J Series Extended application identification IDP in an active/active chassis cluster IDP logging IDP monitoring and debugging IDP Policy IDP signature database IDP SSL Inspection IDP and UAC coordinated threat control Intrusion prevention system (IPS) rulebase Performance and capacity tuning for IDP SNMP MIB for IDP monitoring Yes No Yes Yes Yes Yes No No Yes No Yes Yes No Yes Yes Yes Yes No No Yes No Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes No Yes Yes Yes Yes No No Yes No Yes IPsec IP Security (IPsec) is a suite of related protocols for cryptographically securing communications at the IP Layer. Table 19: IPsec Support SRX3400 SRX3600 SRX5600 SRX5800 Feature SRX100 SRX210 SRX240 SRX650 J Series Antireplay (packet replay attack prevention) Authentication Header (AH) protocol Autokey management Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes 20 ■ IPsec . see the JUNOS Software Security Configuration Guide. Table 19 on page 20 lists IPsec features that are supported on SRX Series and J Series devices. all the attributes required for SA and IKE negotiations.

Table 20: Layer 2 Mode Support SRX3400 SRX3600 SRX5600 SRX5800 Feature SRX100 SRX210 SRX240 SRX650 J Series 802.1x port-based network authentication Flexible Ethernet services Yes Yes No Yes Yes Yes No Yes Layer 2 Mode ■ 21 . Table 20 on page 21 lists the Layer 2 features that are supported on SRX Series and J Series devices. Bridging and switching functions are performed in Layer 2 of the OSI reference model—the Data Link Layer. see the JUNOS Software Interfaces and Routing Configuration Guide.Chapter 2: Feature Support Tables Table 19: IPsec Support (continued) SRX3400 SRX3600 SRX5600 SRX5800 Feature SRX100 SRX210 SRX240 SRX650 J Series Dead peer detection (DPD) Dynamic IPsec VPNs Encapsulating Security Payload (ESP) protocol IKE phase 1 IKE phase 2 Manual key management Policy-based and route-based VPNs Tunnel mode UAC L3 Enforcement VPN monitoring External extended authentication (Xauth) to a Radius server for remote access connections Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes No Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes No Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes No Yes Yes Yes Yes Yes Yes Yes Yes Yes Layer 2 Mode Ethernet frames can be forwarded from one LAN segment or VLAN to another by bridging or switching functions on Juniper Networks devices. switching functions are typically performed in hardware in application-specific integrated circuits (ASICs) while bridging functions are usually performed in software. Though the terms bridging and switching are often used interchangeably. For more information about Layer 2 features.

we support an IRB interface where you can terminate management connections in transparent mode. NTP uses a returnable-time design in which a distributed subnet of time servers operating in a self-organizing. Table 21 on page 23 lists the management features that are supported on SRX Series and J Series devices. SRX3600. see the JUNOS Software System Basics Configuration Guide. Management The Network Time Protocol (NTP) provides the mechanisms to synchronize time and coordinate time distribution in a large. SRX5600. 22 ■ Management . you cannot route traffic on that interface or terminate IPsec VPNs. The servers also can redistribute reference time using local routing algorithms and time daemons.JUNOS Software Feature Support Reference for SRX Series and J Series Devices Table 20: Layer 2 Mode Support (continued) SRX3400 SRX3600 SRX5600 SRX5800 Feature SRX100 SRX210 SRX240 SRX650 J Series Generic VLAN registration protocol IGMP snooping Integrated routing and bridging (IRB) interface Integrated routing and bridging (IRB) Link aggregation Spanning Tree protocols Link Layer Discovery Protocol (LLDP) and Link Layer Discovery Protocol—Media Endpoint Discovery (LLDP-MED) Q-in-Q tunneling Yes Yes No Yes Yes Yes Yes Yes No Yes* Yes Yes Yes Yes No* Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes No Yes SRX210 and SRX240 only No Yes Yes No Yes VLAN retagging VLANs No Yes Yes Yes No Yes * On SRX3400. diverse network. For more information about NTP. hierarchical primary-secondary configuration synchronizes local clocks within the subnet and to national time standards by means of wire or radio. However. and SRX5800 devices.

VPN support includes Layer 2 and Layer 3 VPNs and Layer 2 circuits.Chapter 2: Feature Support Tables Table 21: Management Feature Support SRX3400 SRX3600 SRX5600 SRX5800 Feature SRX100 SRX210 SRX240 SRX650 J Series Network Time Protocol (NTP) Yes Yes Yes Yes MPLS MPLS provides a framework for controlling traffic patterns across a network. The MPLS framework supports traffic engineering and the creation of virtual private networks (VPNs). see the JUNOS Software Interfaces and Routing Configuration Guide. Traffic is engineered (controlled) primarily by the use of signaling protocols to establish label-switched paths (LSPs). Table 22 on page 23 lists the MPLS features that are supported on SRX Series and J Series devices. Table 22: MPLS Support SRX3400 SRX3600 SRX5600 SRX5800 Feature SRX100 SRX210 SRX240 SRX650 J Series Circuit cross-connect (CCC) and translational cross-connect (TCC) Connectionless Network Service (CLNS) Interprovider and carrier-of-carriers VPNs Layer 2 VPNs for Ethernet connections Layer 3 MPLS VPNs LDP MPLS virtual private networks (VPNs) with VPN routing and forwarding (VRF) tables on provider edge (PE) routers Multicast VPNs OSPF and IS-IS traffic engineering extensions Point-to-multipoint connections (P2MP LSPs) Yes Yes No Yes SRX240 only Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes No No No No No No Yes Yes Yes Yes Yes Yes Yes Yes Yes No Yes Yes No No No Yes Yes Yes MPLS ■ 23 . For more information about MPLS. The MPLS framework allows SRX Series and J Series devices to pass traffic through transit networks on paths that are independent of the individual routing protocols enabled throughout the network.

one destination) and broadcast (one source. and keep the flow of unwanted packets to a minimum. Standard multicast routing protocols provide most of these capabilities. all destinations). prevent routing loops. see the JUNOS Software Interfaces and Routing Configuration Guide. Multicast is a “one source. so the routers between source and destination must be able to determine the topology of the network from the unicast or multicast perspective to avoid routing traffic haphazardly.JUNOS Software Feature Support Reference for SRX Series and J Series Devices Table 22: MPLS Support (continued) SRX3400 SRX3600 SRX5600 SRX5800 Feature SRX100 SRX210 SRX240 SRX650 J Series RSVP Secondary and standby label-switched paths (LSPs) Standards-based fast reroute Virtual private LAN service (VPLS) Yes Yes Yes Yes Yes Yes Yes Yes No No No No Yes Yes Yes Yes Multicast Multicast traffic lies between the extremes of unicast (one source. meaning that the destinations needing to receive the information from a particular source receive the traffic stream. Table 23 on page 24 lists the multicast features that are supported on SRX Series and J Series devices. IP network destinations (clients) do not often communicate directly with sources (servers). For more information about multicasting. many destinations” method of traffic distribution. send out copies of packets on several interfaces. Table 23: Multicasting Support SRX3400 SRX3600 SRX5600 SRX5800 Feature SRX100 SRX210 SRX240 SRX650 J Series Filtering PIM Register Messages Internet Group Management Protocol (IGMP) PIM RPF Routing Table Primary routing mode: ■ ■ Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Dense mode Sparse mode Yes Yes Yes Yes Yes Yes Yes Yes Protocol Independent Multicast (PIM) Static RP Session Announcement Protocol (SAP) 24 ■ Multicast . The multicast router must find multicast sources on the network. connect interested destinations with the proper source.

■ ■ ■ Table 24 on page 25 lists the multicast VPN features that are supported on J Series devices. Hosts within the receiver site set should not be able to receive multicast traffic originated by any host that is not in the sender site set. A multicast VPN is defined by two sets of sites.P2MP LSP ping Point-to-multipoint (P2MP) LSPs support Reliable multicast VPN Routing Information Exchange No No No No No No No No No No No No No No No Yes Yes Yes Yes Yes Multicast VPN ■ 25 . These sites have the following properties: ■ Hosts within the sender site set can originate multicast traffic for receivers in the receiver site set. Table 24: Multicast VPN Support SRX3400 SRX3600 SRX5600 SRX5800 Feature SRX100 SRX210 SRX240 SRX650 J Series Basic multicast features in C-instance Multicast VPN membership discovery with BGP P2MP OAM . Receivers outside the receiver site set should not be able to receive this traffic.Chapter 2: Feature Support Tables Table 23: Multicasting Support (continued) SRX3400 SRX3600 SRX5600 SRX5800 Feature SRX100 SRX210 SRX240 SRX650 J Series Session Description Protocol (SDP) Yes Yes Yes Yes Multicast VPN MPLS multicast VPNs employ the intra-autonomous system (AS) next-generation (NGEN) BGP control plane and Protocol Independent Multicast (PIM) sparse mode as the data plane. For more information about multicast VPN. a sender site set and a receiver site set. Hosts within the receiver site set can receive multicast traffic originated by any host in the sender site set. see the JUNOS Software VPNs Configuration Guide.

For more information about NAT. see the JUNOS Software Security Configuration Guide. optionally. NAT has been found to be a useful tool for firewalls. port numbers in the packet are translated into different port numbers. see the JUNOS Software Security Configuration Guide. NetScreen-Remote client is certified by the International Computer Security Association (ICSA) as an IPsec-compliant VPN solution. traffic redirect. NAT is described in RFC 1631 to solve IP (version 4) address depletion problems. Table 25: NetScreen-Remote Support SRX3400 SRX3600 SRX5600 SRX5800 Feature SRX100 SRX210 SRX240 SRX650 J Series Netscreen Remote VPN Client No No No Yes Network Address Translation (NAT) Network Address Translation (NAT) is a method by which IP addresses in a packet are mapped from one group to another and. Since then. Table 26: NAT Support SRX3400 SRX3600 SRX5600 SRX5800 Feature SRX100 SRX210 SRX240 SRX650 J Series Proxy Address Resolution Protocol (ARP) Destination IP address translation Disabling source NAT port randomization Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes 26 ■ Netscreen Remote . and so on.JUNOS Software Feature Support Reference for SRX Series and J Series Devices Netscreen Remote The Juniper Networks NetScreen-Remote VPN client is a virtual private network (VPN) client that you can install on a PC or laptop computer to send and receive secure communications over the Internet. network migrations. Table 25 on page 26 lists the NetScreen-Remote support on SRX Series and J Series devices. For more information about Netscreen Remote. Table 26 on page 26 lists NAT features that are supported on SRX Series and J Series devices. load sharing.

and event policies to automate network operations and troubleshooting tasks. traveling over the network. for monitoring and logging. see the JUNOS Software Administration Guide. You can use commit scripts to enforce custom configuration rules. Table 27 on page 27 lists the network operations features that are supported on SRX Series and J Series devices. The packet capture tool captures real-time data packets. For more information about network operations. You can configure event policies that initiate self-diagnostic actions on the occurrence of specific events. operation scripts. Network Operations and Troubleshooting ■ 27 . Table 27: Network Operations and Troubleshooting Support SRX3400 SRX3600 SRX5600 SRX5800 Feature SRX100 SRX210 SRX240 SRX650 J Series Event policies Event scripts Extensible Stylesheet Language Transformations (XSLT) commit scripts Operation scripts Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Packet Capture Packet capture is a tool that helps you analyze network traffic and troubleshoot network problems.Chapter 2: Feature Support Tables Table 26: NAT Support (continued) SRX3400 SRX3600 SRX5600 SRX5800 Feature SRX100 SRX210 SRX240 SRX650 J Series Persistent NAT Removing persistent NAT query bindings Rule-based NAT Static NAT Source IP address translation Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Network Operations and Troubleshooting You can use commit scripts. Operation scripts allow you to automate network management and troubleshooting tasks.

PoE ports transfer electrical power and data to remote devices over standard twisted-pair cable in an Ethernet network. SRX5800 Feature SRX100. can be decrypted with the corresponding private key only. see the JUNOS Software Interfaces and Routing Configuration Guide. Table 29 on page 28 lists the PoE support on SRX Series and J Series devices. For more information about packet capture.3 AF standard. SRX210 (PoE model).3 AF standard SRX210.3 AT (draft) standard IEEE legacy (pre-standards) Yes Yes No No No No Public Key Infrastructure (PKI) In PKI.JUNOS Software Feature Support Reference for SRX Series and J Series Devices Packets are captured as binary data. 28 ■ Power over Ethernet (PoE) . see the JUNOS Software Administration Guide. and SRX240 SRX210 and SRX240 only SRX210 and SRX240 only Yes No No IEEE 802. SRX5600. which allows both data and electrical power to pass over a copper Ethernet LAN cable. such as VOIP and IP phones and wireless LAN access points. Table 28 on page 28 lists the packet capture support on SRX Series and J Series devices. which the owner keeps secret and protected. SRX240 SRX650 J Series IEEE 802. SRX3600. which the owner makes available to the public. Data encrypted with a public key. PoE ports allow you to plug in devices that require both network connectivity and electrical power. For more information about PoE. Table 28: Packet Capture Support SRX3400 SRX3600 SRX5600 SRX5800 Feature SRX100 SRX210 SRX240 SRX650 J Series Packet capture Yes Yes No Yes Power over Ethernet (PoE) PoE is the implementation of the IEEE 802. SRX210 (media gateway model). Table 29: PoE Support SRX3400. without modification. You can read the packet information offline with a packet analyzer such as Ethereal or tcpdump. a public-private key pair is used to encrypt and decrypt data. SRX210.

Microsoft. known as a certificate authority (CA). Public-Key Cryptography Standard 7 (PKCS7). Privacy-Enhanced Mail (PEM). A digital certificate is an electronic means for verifying your identity through a trusted third party. Table 30 on page 29 lists the PKI features that are supported on SRX Series and J Series devices. and X509 certificate encoding Entrust. This process is known as creating a digital signature.Chapter 2: Feature Support Tables The reverse process is also useful: encrypting data with a private key and decrypting it with the corresponding public key. see the JUNOS Software Security Configuration Guide. For more information about PKI. and Verisign certificate authorities (CAs) Internet Key Exchange (IKE) support Manual installation of DER-encoded and PEM-encoded CRLs Online certificate revocation list (CRL) retrieval through LDAP and HTTP Yes Yes No Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes No No No Yes Public Key Infrastructure (PKI) ■ 29 . Table 30: PKI Support SRX3400 SRX3600 SRX5600 SRX5800 Feature SRX100 SRX210 SRX240 SRX650 J Series Automated certificate enrollment using Simple Certificate Enrollment Protocol (SCEP) Automatic generation of self-signed certificates CRL update at user-specified interval Distinguished Encoding Rules (DER).

For more information about routing. round-trip time. Table 32: Remote Device Access Support SRX3400 SRX3600 SRX5600 SRX5800 Feature SRX100 SRX210 SRX240 SRX650 J Series Reverse Telnet No No No Yes Routing Routing is the transmission of data packets from a source to a destination address. Table 31 on page 30 lists the RPM probe support on SRX Series and J Series devices. and jitter. For more information about accessing remote devices. For more information about RPM probe. For packets to be correctly forwarded to the appropriate host address. see the JUNOS Software Administration Guide. the host must have a unique numeric identifier or IP address. Table 31: RPM Probe Support SRX3400 SRX3600 SRX5600 SRX5800 Feature SRX100 SRX210 SRX240 SRX650 J Series RPM probe Yes Yes No Yes Remote Device Access You can use the CLI telnet command to open a Telnet session to a remote device. With the RPM probe.JUNOS Software Feature Support Reference for SRX Series and J Series Devices Real-Time Performance Monitoring (RPM) Probe The RPM feature allows network operators and their customers to accurately measure the performance between two network endpoints. Table 32 on page 30 lists the remote device access support on SRX Series and J Series devices. 30 ■ Real-Time Performance Monitoring (RPM) Probe . you configure and send probes to a specified target and monitor the analyzed results to determine packet loss. Table 33 on page 31 lists the routing features that are supported on SRX Series and J Series devices. see the JUNOS Software Administration Guide. These entries are primarily responsible for determining the path that a packet traverses when transmitted from source to destination. The unique IP address of the destination host forms entries in the routing table. see the JUNOS Software Interfaces and Routing Configuration Guide.

To enable secure Web access. Secure Web Access ■ 31 . the Juniper Networks devices support Hypertext Transfer Protocol over Secure Sockets Layer (HTTPS).Chapter 2: Feature Support Tables Table 33: Routing Support SRX3400 SRX3600 SRX5600 SRX5800 Feature SRX100 SRX210 SRX240 SRX650 J Series BGP BGP extensions for IPv6 Compressed Real-Time Transport Protocol (CRTP) Internet Group Management Protocol (IGMP) Yes Yes Yes Yes Yes No Yes No No Yes Yes Yes SRX210 and SRX240 only Yes Yes Yes Yes Yes IPv4 options and broadcast Internet diagrams IPv6 routing. You can enable HTTP or HTTPS access on specific interfaces and ports as needed. the J-Web interface uses Hypertext Transfer Protocol (HTTP). To communicate with the device. forwarding. HTTP allows easy Web access but no encryption. For more information about secure web access. Table 34 on page 32 lists the secure web access features that are supported on SRX Series and J Series devices. The data that is transmitted between the Web browser and the device by means of HTTP is vulnerable to interception and attack. global address configuration. and Internet Control Message Protocol (ICMP) IS-IS Multiple virtual routers Neighbor Discovery Protocol and Secure Neighbor Discovery Protocol OSPF v2 OSPF v3 RIP next generation (RIPng) RIP v1. see the JUNOS Software Administration Guide. v2 Static routing Virtual Router Redundancy Protocol (VRRP) Yes Yes Yes No Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes No Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes No No Yes Yes Yes Yes Yes Yes Yes Yes Yes Secure Web Access You can manage a Juniper Networks device remotely through the J-Web interface.

the need for a secure network has become vital for businesses with an Internet connection. For more information about security policies. enabling them to implement network security for their organizations. a network security policy has to outline all the network resources within that business and identify the required security level for those resources.JUNOS Software Feature Support Reference for SRX Series and J Series Devices Table 34: Secure Web Access Support SRX3400 SRX3600 SRX5600 SRX5800 Feature SRX100 SRX210 SRX240 SRX650 J Series Certificate authorities (CAs) Hypertext Transfer Protocol (HTTP) Yes Yes Yes Yes Yes Yes Yes Yes Security Policy With the advent of the Internet. The network security policy also defines the security threats and the actions taken for such threats. JUNOS Software stateful firewall policy provides a set of tools to network administrators. see the JUNOS Software Security Configuration Guide. Table 35 on page 32 lists the security policy features that are supported on SRX Series and J Series devices. Table 35: Security Policy Support SRX3400 SRX3600 SRX5600 SRX5800 Feature SRX100 SRX210 SRX240 SRX650 J Series Address books Custom policy applications Dynamic routing protocols predefined policy applications Instant messaging predefined policy applications Internet Control Message Protocol (ICMP) predefined policy application Internet-related predefined policy applications IP-related predefined policy applications Mail predefined policy applications Management predefined policy applications Microsoft predefined policy applications Miscellaneous predefined policy applications Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes 32 ■ Security Policy . Before a network can be secured for a business.

see the JUNOS Software Security Configuration Guide. Session Logging ■ 33 . For more information about session logging.Chapter 2: Feature Support Tables Table 35: Security Policy Support (continued) SRX3400 SRX3600 SRX5600 SRX5800 Feature SRX100 SRX210 SRX240 SRX650 J Series Policy applications and application sets Policy application timeouts Schedulers Security and tunnel predefined policy applications Streaming video predefined policy applications Sun remote procedure protocol (RPC) predefined policy applications UNIX predefined policy applications Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Session Logging You can obtain information about the sessions and packet flows active on your device. Table 36: Session Logging Support SRX3400 SRX3600 SRX5600 SRX5800 Feature SRX100 SRX210 SRX240 SRX650 J Series Accelerating security and traffic logging Getting information about sessions Logging to a single server Session logging with NAT information Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes SNMP SNMP enables the monitoring of network devices from a central location. including detailed information about specific sessions.) You can display this information to observe activity and for debugging purposes. Table 36 on page 33 lists the session logging features that are supported on SRX Series and J Series devices. (The SRX Series device also displays information about failed sessions.

34 ■ Stateless Firewall Filters . The View Events page in the J-Web interface enables you to filter and view system log messages. or packets originating from. Table 38: Stateless Firewall Filters Support SRX3400 SRX3600 SRX5600 SRX5800 Feature SRX100 SRX210 SRX240 SRX650 J Series Stateless firewall filters (ACLs) Yes Yes Yes Yes System Log Files JUNOS Software supports configuring and monitoring of system log messages (also called syslog messages). see the JUNOS Software Interfaces and Routing Configuration Guide. A stateless firewall filter evaluates every packet. such as severity levels. v2.JUNOS Software Feature Support Reference for SRX Series and J Series Devices Use SNMP to determine where and when a network failure is occurring. to messages. a stateful firewall filter uses connection state information derived from past communications and other applications to make dynamic control decisions. the Routing Engine. You can configure files to log system messages and also assign attributes. A stateless firewall filter. v3 Yes Yes Yes Yes Stateless Firewall Filters A stateless firewall filter evaluates the contents of packets transiting the device from a source to a destination. Table 37: SNMP Support SRX3400 SRX3600 SRX5600 SRX5800 Feature SRX100 SRX210 SRX240 SRX650 J Series SNMP v1. or destined for. and to gather statistics about network performance in order to evaluate the overall health of the network and identify bottlenecks. For more information about stateless firewall filters. often called a firewall filter or access control list (ACL). statically evaluates packet contents. Stateless firewall filters applied to the Routing Engine interface protect the processes and resources owned by the Routing Engine. Table 38 on page 34 lists the stateless firewall filters support on SRX Series and J Series devices. For more information about SNMP. In contrast. Table 37 on page 34 lists the SNMP support on SRX Series and J Series devices. including fragmented packets. see the JUNOS Software Administration Guide.

For more information about transparent mode features. For more information about system log files. the SRX Series device filters packets that traverse the device without modifying any of the source or destination information in the IP packet headers. Table 39: System Log Files Support SRX3400 SRX3600 SRX5600 SRX5800 Feature SRX100 SRX210 SRX240 SRX650 J Series Archiving system logs Configuring system log messages Disabling system logs Filtering system log messages Multiple system log servers (control-plane logs) Sending system log messages to a file Sending system log messages to a user terminal Viewing data plane logs Viewing system log messages Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes No Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Transparent Mode In transparent mode. Transparent mode is useful for protecting servers that mainly receive traffic from untrusted sources because there is no need to reconfigure the IP settings of routers or protected servers. see the JUNOS Software Administration Guide. Table 40: Transparent Mode Support SRX3400 SRX3600 SRX5600 SRX5800 Feature SRX100 SRX210 SRX240 SRX650 J Series Bridge domain and transparent mode Chassis clusters Class of service No No Yes No No No No No Yes Yes No No Transparent Mode ■ 35 . Table 40 on page 35 lists the transparent mode features that are supported on SRX Series devices.Chapter 2: Feature Support Tables Table 39 on page 35 lists the system log files features that are supported on SRX Series and J Series devices. see the JUNOS Software Interfaces and Routing Configuration Guide.

protecting against multiple threat types. see the JUNOS Software Security Configuration Guide.JUNOS Software Feature Support Reference for SRX Series and J Series Devices Unified Threat Management (UTM) UTM is a term used to describe the consolidation of several security features into one device. When you power on the device. we recommend that you back up your primary boot device. it starts (boots) up using its primary boot device. As new features and software fixes become available. You can configure the primary or secondary boot device with a “snapshot” of the current configuration. you must upgrade your software to use them. or configure a boot device to receive core dumps for troubleshooting. You can also replicate the configuration for use on another device. 36 ■ Unified Threat Management (UTM) . see the JUNOS Software Administration Guide. default factory configuration. Table 41 on page 36 lists the UTM features that are supported on SRX Series and J Series devices. Table 41: UTM Support SRX3400 SRX3600 SRX5600 SRX5800 Feature SRX100 SRX210 SRX240 SRX650 J Series Antispam Antivirus Express Antivirus Full Content Filtering Web Filtering WELF Support Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes No No No No No No Yes Yes Yes Yes Yes Yes Upgrading and Rebooting J Series and SRX Series devices are delivered with JUNOS Software preinstalled. The advantage of UTM is streamlined installation and management of these multiple security capabilities. or rescue configuration. For more information about UTM. For more information about upgrading and rebooting. These devices also support secondary boot devices allowing you to back up your primary boot device and configuration. Before an upgrade. Table 42 on page 37 lists the upgrading and rebooting features that are supported on SRX Series and J Series devices.

configure. Table 44 on page 38 lists the user interfaces features that are supported on SRX Series and J Series devices. You can use Telnet or SSH to connect to the device from a remote location through two modems over a telephone network. Table 43 on page 37 lists the USB modem support on SRX Series devices. and manage your device—the J-Web interface and the command-line interface (CLI) for JUNOS Software. USB Modem ■ 37 . Table 43: USB Modem Support SRX3400 SRX3600 SRX5600 SRX5800 Feature SRX100 SRX210 SRX240 SRX650 J Series USB modem support Yes Yes No No User Interfaces You can use two user interfaces to monitor. see the JUNOS Software Administration Guide.Chapter 2: Feature Support Tables Table 42: Upgrading and Rebooting Support SRX3400 SRX3600 SRX5600 SRX5800 Feature SRX100 SRX210 SRX240 SRX650 J Series Boot device configuration Boot device recovery Chassis components control Chassis restart Software upgrades and downgrades Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes USB Modem SRX Series supports the use of USB modems for remote management. and a second modem is connected to a remote management device such as a PC or laptop computer. For more information about USB modem. For more information about user interfaces. troubleshoot. The USB modem is connected to the USB port on the device. see the JUNOS Software Administration Guide.

For more information about VoIP with Avaya. Table 45 on page 38 lists the VoIP with Avaya features that are supported only on J Series devices. J2350. Table 45: VoIP with Avaya Support SRX3400 SRX3600 SRX5600 SRX5800 Feature SRX100 SRX210 SRX240 SRX650 J Series Avaya Communication Manager Avaya VoIP Modules: ■ ■ ■ ■ ■ ■ ■ ■ No No No No No No Yes Yes TGM550 Telephony Gateway Module TIM508 Analog Telephony Interface Module TIM510 E1/T1 Telephony Interface Module TIM510 E1/T1 Telephony Interface Module TIM514 Analog Telephony Interface Module TIM516 Analog Telephony Interface Module TIM518 Analog Telephony Interface Module TIM521 BRI Telephony Interface Module No No No No No No Yes Yes Dynamic Call Admission Control Media Gateway Controller 38 ■ Voice Over Internet Protocol (VoIP) with Avaya . and J6350 Services Routers support VoIP connectivity for branch offices with the Avaya IG550 Integrated Gateway.JUNOS Software Feature Support Reference for SRX Series and J Series Devices Table 44: User Interfaces Support SRX3400 SRX3600 SRX5600 SRX5800 Feature SRX100 SRX210 SRX240 SRX650 J Series Command-line interface (CLI) J-Web user interface JUNOScript Network and Security Manager Session and Resource Control (SRC) application Yes Yes Yes Yes Yes Yes Yes Yes Yes No Yes Yes Yes Yes No Yes Yes Yes Yes Yes Voice Over Internet Protocol (VoIP) with Avaya J2320. see the JUNOS Software Interfaces and Routing Configuration Guide. J4350. The Avaya IG550 Integrated Gateway consists of four VoIP modules—a TGM550 Telephony Gateway Module and three types of Telephony Interface Modules (TIMs).

dividing the network into segments to which you can apply various security options to satisfy the needs of each segment. Table 46 on page 39 lists the WLAN support on SRX Series and J Series devices. Table 46: Wireless LAN Support SRX3400 SRX3600 SRX5600 SRX5800 Feature SRX100 SRX210 SRX240 SRX650 J Series Wireless LAN AX411 Access Point clustering SRX210 and SRX240 only SRX210 and SRX240 only Yes Yes No No No No NOTE: The maximum number of AX411 Access Points supported on an SRX Series Services Gateway is device dependent. you can configure multiple security zones. For more information about WLAN. which minimizes the need for wired connections. Wireless LAN (WLAN) ■ 39 . you must define two security zones. basically to protect one area of the network from the other. see the JUNOS Software WLAN Configuration and Administration Guide. Please see the release notes. Zones Support A security zone is a collection of one or more network segments requiring the regulation of inbound and outbound traffic through policies. On a single device.Chapter 2: Feature Support Tables Table 45: VoIP with Avaya Support (continued) SRX3400 SRX3600 SRX5600 SRX5800 Feature SRX100 SRX210 SRX240 SRX650 J Series VoIP interfaces: ■ ■ ■ ■ No No No Yes Analog telephone or trunk port T1 port E1 port ISDN BRI telephone or trunk port Wireless LAN (WLAN) A WLAN implements a flexible data communication system that frequently augments rather than replaces a wired LAN within a building. At a minimum. Security zones are logical entities to which one or more interfaces are bound.

review the JTAC User Guide located at http://www. JTAC Hours of Operation —The JTAC centers have resources available 24 hours a day. ■ JTAC policies—For a complete understanding of our JTAC procedures and policies. Product warranties—For product warranty information. For a list of related SRX Series documentation. ■ ■ 40 ■ J Series and SRX Series Documentation and Release Notes . visit http://www. Table 47: Zones Support SRX3400 SRX3600 SRX5600 SRX5800 Feature SRX100 SRX210 SRX240 SRX650 J Series Functional zone Security zone Yes Yes Yes Yes Yes Yes Yes Yes J Series and SRX Series Documentation and Release Notes For a list of related J Series documentation.juniper.net/techpubs/. If you are a customer with an active J-Care or JNASC support contract.net/customers/support/downloads/7100059-EN.net/support/warranty/ . or are covered under warranty. 7 days a week.html . 365 days a year.juniper.net/techpubs/hardware/srx-series-main.juniper. see http://www. If the information in the latest release notes differs from the information in the documentation.pdf .net/techpubs/software/junos-jseries/index-main. see the JUNOS Software Security Configuration Guide. To obtain the most current version of all Juniper Networks® technical documentation.JUNOS Software Feature Support Reference for SRX Series and J Series Devices JUNOS Software supports the following two types of zones: ■ ■ Functional zones Security zones Table 47 on page 40 lists the zones support on SRX Series and J Series devices. follow the JUNOS Software Release Notes.html . see the product documentation page on the Juniper Networks website at http://www. you can access our tools and resources online or open a case with JTAC.juniper. and need postsales technical support. For more information about user interfaces. see http://www. Requesting Technical Support Technical product support is available through the Juniper Networks Technical Assistance Center (JTAC).juniper.

Juniper Networks has designed an online self-service portal called the Customer Support Center (CSC) that provides you with the following features: ■ ■ ■ ■ Find CSC offerings: http://www.juniper.Chapter 2: Feature Support Tables Self-Help Online Tools and Resources For quick and easy problem resolution.juniper. Call 1-888-314-JTAC (1-888-314-5822 toll-free in the USA.net/cm/ To verify service entitlement by product serial number.net/company/communities/ ■ Open a case online in the CSC Case Management tool: http://www. Canada. use our Serial Number Entitlement (SNE) Tool: https://tools.net/support/requesting-support.net/kb/ Find product documentation: http://www.html Requesting Technical Support ■ 41 .juniper.juniper.net/ ■ Download the latest versions of software and review release notes: http://www.juniper. visit us at http://www. For international or direct-dial options in countries without toll-free numbers.juniper.net/alerts/ ■ Join and participate in the Juniper Networks Community Forum: http://www. and Mexico).juniper.net/techpubs/ Find solutions and answer questions using our Knowledge Base: http://kb.juniper.juniper. ■ ■ Use the Case Management tool in the CSC at http://www.juniper.net/cm/ .juniper.net/customers/support/ Search for known bugs: http://www2.net/SerialNumberEntitlementSearch/ Opening a Case with JTAC You can open a case with JTAC on the Web or by telephone.net/customers/csc/software/ ■ Search technical bulletins for relevant hardware and software notifications: https://www.

JUNOS Software Feature Support Reference for SRX Series and J Series Devices 42 ■ Requesting Technical Support .

Master your semester with Scribd & The New York Times

Special offer for students: Only $4.99/month.

Master your semester with Scribd & The New York Times

Cancel anytime.