Datasheet

SRX1500 FIREWALL DATASHEET

Next-Generation Firewall For The Distributed Enterprise

Product Description
The Juniper Networks® SRX1500 is a high-performance next-generation firewall and
security services gateway that protects mission-critical networks at campuses, regional
headquarters, and large branch offices. The SRX1500 provides best-in-class security, threat
detection, and mitigation capabilities, integrating carrier-class routing and feature-rich
switching in a single platform.
Product Overview The SRX1500 delivers a next-generation security solution that supports the changing
needs of cloud-enabled enterprise networks. Whether rolling out new services in an
The SRX1500 is a next-
generation firewall and security enterprise campus, connecting to the cloud, complying with industry standards, or
services gateway offering achieving operational efficiency, the SRX1500 helps organizations realize their business
outstanding protection, objectives while providing scalable, easy-to-manage, secure connectivity and advanced
performance, scalability, threat detection and mitigation capabilities. The SRX1500 protects critical corporate assets
availability, and security service as a next-generation firewall, acts as an enforcement point for cloud-based security
integration. Designed for port solutions, and provides application visibility and control to improve the user and application
density, a high-performance experience.
security services architecture,
Hardware and software architectures on the SRX1500 provide significant performance
and seamless integration of
improvements to a small 1 U form factor. The key to the SRX1500 hardware is the security
networking and security in a
flow accelerator and a robust x86-based security compute engine for advanced security
single platform, the SRX1500 is
best suited for client protection services like application visibility, intrusion prevention, and threat mitigation capabilities.
in enterprise campuses, regional The SRX1500 software architecture leverages these hardware components and
headquarters, or cloud-based virtualization to deliver high-speed firewall performance, application visibility, and intrusion
security solutions with a focus prevention while lowering the total cost of ownership (TCO).
on application visibility and The SRX1500 is purpose-built to protect 10GbE network environments, consolidating
control, intrusion prevention, multiple security services and networking functions in a highly available appliance.
and advanced threat prevention.
The SRX1500, powered by
Junos OS, is the industry-leading SRX1500 Highlights
operating system that keeps the The SRX1500 fully complements next-generation firewall capabilities that help secure your
world's largest and most network with an integrated solution that combines best-in-class application, content, and
mission-critical enterprise
threat classification with SD-WAN, local switching, and easy policy management. Advanced
networks secure.
application identification and classification enable greater visibility, enforcement, control,
and protection over the network as they are tied to users regardless of location or device.
It provides a detailed analysis of application volume and usage and fine-grained application
control policies to allow or deny traffic based on dynamic application names or group
names, and prioritization of traffic based on application information and context to reduce
complexity across traditional, cloud, and hybrid IT networks.
By combining perimeter defenses with segmentation, the SRX1500 firewall provides a
comprehensive suite of application security, threat defenses, and intelligence services to
protect networks from content-borne threats. Integrated threat intelligence via Juniper
Networks Advanced Threat Prevention (ATP) Cloud offers adaptive threat protection
against command and control (C&C) solutions that leverage automated protection. This

1
SRX1500 Firewall Datasheet

integration helps detect and enforce against known exploits, capabilities, including FWaaS, SWG, CASB with DLP, ZTNA, and
spyware, malware, and zero-day threats with an extremely high advanced threat protection to protect access to web, SaaS, and on-
degree of accuracy using advanced AI techniques developed in premises applications and provides users with security that follows
conjunction with Juniper Threat Labs. them wherever they go. Juniper meets customers where they are
The SRX1500 enables agile SecOps through automation capabilities and takes them where they want to go by leveraging what they
that support Zero Touch Deployment, Python scripts for have and extending their Zero Trust initiatives to a cloud-delivered
orchestration, and event scripting for operational management. architecture without breaking the bank or their ops team.

The SRX1500 delivers fully automated SD-WAN to both Juniper Secure Edge, managed by Security Director Cloud, uses a
enterprises and service providers. A Zero Touch Provisioning (ZTP) single policy framework that enables security policies to be created
capability simplifies branch network connectivity for initial once to follow users, devices, and data wherever they go.
deployment and ongoing management. Due to its high performance Customers don’t have to start from scratch when adopting cloud-
and scale, the SRX1500 acts as a VPN hub and terminates VPN/ delivered security. With our three-click wizard, customers can easily
secure overlay connections in the various SD-WAN topologies. leverage existing campus edge policies and translate them into an
The SRX1500 firewall runs Juniper Networks Junos® operating SSE policy. Because it uses a single policy framework regardless of
system, a proven, carrier-hardened network OS that powers the top the deployment model, Secure Edge applies existing security
100 service provider networks worldwide. These rigorously tested policies from traditional deployments to its cloud-delivered model in
carrier-class routing features of IPv, including IPv4/IPv6, OSPF, just a few clicks, reducing misconfigurations and risk.
BGP, and multicast, have been proven in over 15 years of Whether securing remote users, campus and branch locations,
worldwide deployments. private cloud, public cloud, or hybrid cloud data centers, Juniper
provides unified management and unbroken visibility across all
architectures. This makes it easy for ops teams to easily and
Juniper Security Director Cloud
effectively bridge their current investments with their future
Security Director Cloud is Juniper’s simple and seamless
architectural goals, including SASE. Customers can manage security
management experience, delivered in a single UI to connect
anywhere and everywhere, on-premises, in the cloud, and from the
customers’ current deployments with their future architectural
cloud, with security policies that follow users, devices, and data
rollouts. Management is at the center of Juniper’s security strategy
wherever they go, all from a single UI.
and helps organizations secure every point of connection on their
Users have fast, reliable, and secure access to the data and
network to safeguard users, data, and infrastructure.
resources they need, ensuring great user experiences. IT security
Organizations can secure their architecture with consistent security
teams gain seamless visibility across the entire network while
policies across any environment—on-premises, cloud-based, cloud-
leveraging their existing investments, helping them transition to a
delivered, and hybrid—and expand Zero Trust to all parts of the
cloud-delivered architecture at their own pace.
network, from the edge all the way into the data center and to the
Juniper Secure Edge provides consistent security policies that
applications and microservices. With Security Director Cloud,
follow the user, device, and data without having to copy over or
organizations have unbroken visibility, policy configuration,
recreate rule sets. It's easy to deploy cloud-delivered application
administration, and collective threat intelligence all in one place.
control, intrusion prevention, content and web filtering, and
Juniper meets our customers where they are on their journey, helps
effective threat prevention without breaking visibility or security
them leverage their existing investments, and empowers them to
enforcement. For the past five years, Juniper has consistently been
transition to their preferred architecture at a pace that is best for
validated by multiple third-party tests as the market's most effective
business by automating their transition with Security Director
security technology, with over 99% security efficacy across all use
Cloud.
cases.

Juniper Secure Edge

Juniper Secure Edge secures workforces anywhere with the fast,
reliable, and secure access they need. It delivers full-stack SSE

2
SRX1500 Firewall Datasheet

Features and Benefits

Business Requirement Feature/Solution SRX1500 Advantages
High performance High-performance firewall • Best suited for enterprise large branch and campus deployments
• Addresses future needs for scale and feature capacity

High-quality end user Application visibility and control • Continuous application updates provided by Juniper Threat Labs
experience • Controls and prioritizes traffic based on application and user role
• Inspects and detects applications inside the SSL-encrypted traffic

Threat protection IPS, antivirus, antispam, • Provides real-time updates to IPS signatures and protects against exploits
enhanced web filtering, Juniper • Implements industry-leading antivirus and URL filtering
Advanced Threat Prevention
Cloud, Encrypted Traffic Insights, • Delivers an open threat intelligence platform that provides a single point for all operational intelligence feeds
Threat Intelligence Feeds, and • Protects against zero-day attacks
Juniper ATP Appliance • Restores visibility lost due to encryption without the heavy burden of full TLS/SSL decryption

Zero-day prevention AI-Predictive Threat Prevention • Predicts and prevents malware at line rate by using AI to identify threats from packet snippets effectively
• Eliminates patient-zero infections
• Provides network protection throughout the entire attack lifecycle, preventing reinfection from subsequent attacks rather
than just for the first 24 hours of an attack.

Professional-grade Routing, switching, and secure • Supports carrier-class advanced routing, quality of service (QoS), and services
networking services wire • Offers flexible deployment modes (L1/L2/L3)

Highly secure IPsec VPN, remote access/SSL • Provides high-performance IPsec VPN with a dedicated crypto engine
VPN, secure boot • Simplifies large VPN deployments with auto VPN and group VPN
• Offers secure and flexible remote access SSL VPN with Juniper Secure Connect
• Verifies binaries that execute on the hardware with a secure boot

Embed security in data EVPN-VXLAN Type 5 routes • Enhances tunnel inspection for VXLAN encapsulated traffic with Layer 4 to Layer 7 security services
center fabric • Eases operations with Type 5 support through BGP
• Does not require decapsulation of EVPN-VXLAN traffic

High reliability Chassis cluster, redundant • Provides stateful configuration and state synchronization
power supply • Supports active/active and active/backup deployment scenarios
• Offers highly available hardware with dual PSU, redundant fans

Easy to manage and On-box GUI, Security Director, • Enables centralized management for auto-provisioning, firewall policy management, Network Address Translation (NAT), and
scale and Security Director Cloud IPsec VPN deployments
• Includes simple easy-to-use on-box GUI for local management

Lower TCO Junos OS • Integrates routing, switching, and security in a single device
• Reduces OpEx with Junos OS automation capabilities

Network Address Translation (NAT)

• Source NAT with Port Address Translation (PAT)
• Bidirectional 1:1 static NAT
• Destination NAT with PAT
• Persistent NAT
• IPv6 address translation
SRX1500 Firewall Specifications
Software Specifications
Firewall Services VPN Features
• Stateful firewall inspection • Tunnels: Site-to-Site, Hub and Spoke, Dynamic Endpoint,
• Zone-based firewall AutoVPN, ADVPN, Group VPN (IPv4/IPv6/Dual Stack)
• Screens and distributed denial of service (DDoS) protection • Juniper Secure Connect: Remote access/SSL VPN
• Protection from protocol and traffic anomalies • Configuration payload: Yes
• Integration with Pulse Unified Access Control (UAC) • IKE Encryption algorithms: Prime, DES-CBC, 3DES-CBC, AEC-
• Integration with Aruba Clear Pass Policy Manager CBC, AES-GCM, SuiteB
• User role-based firewall • IKE authentication algorithms: MD5, SHA-1, SHA-128,
• SSL Inspection SHA-256, SHA-384

3
SRX1500 Firewall Datasheet

• Authentication: Pre-shared key and public key infrastructure • AI-Predictive Threat Prevention
(PKI) (X.509)
• IPsec (Internet Protocol Security): Authentication Header (AH)/ 1
Offered as an advanced security subscription license
Encapsulating Security Payload (ESP) protocol
• IPsec Authentication Algorithms: hmac-md5, hmac-sha-196 Routing Protocols
• IPsec Encryption Algorithms: Prime, DES-CBC, 3DES-CBC,
• IPv4, IPv6
AEC-CBC, AES-GCM, SuiteB
• Static routes
• Perfect forward secrecy, anti-reply
• RIP v1/v2
• Internet Key Exchange: IKEv1, IKEv2
• OSPF/OSPF v3
• Monitoring: Standard-based dead peer detection (DPD)
• BGP with Route Reflector
support, VPN monitoring
• EVPN-VXLAN
• VPNs GRE, IP-in-IP, and MPLS
• IS-IS
• Multicast: Internet Group Management Protocol (IGMP) v1/v2;
Protocol Independent Multicast (PIM) sparse mode (SM)/dense
High Availability Features
mode (DM)/source-specific multicast (SSM); Session
• Virtual Router Redundancy Protocol (VRRP)
Description Protocol (SDP); Distance Vector Multicast Routing
• Stateful high availability
Protocol (DVMRP); Multicast Source Discovery Protocol
- Dual box clustering
(MSDP); Reverse Path Forwarding (RPF)
- Active/passive
• Encapsulation: VLAN, Point-to-Point Protocol over Ethernet
- Active/active
(PPPoE)
- Configuration synchronization
• Virtual routers
- Firewall session synchronization
• Policy-based routing, source-based routing
- Device/link detection
• Equal-cost multipath (ECMP)
- In-Service Software Upgrade (ISSU)
• IP monitoring with route and interface failover
QoS Features
• Support for 802.1p, DiffServ code point (DSCP), EXP
Application Security Services1
• Classification based on VLAN, data-link connection identifier
• Application visibility and control
(DLCI), interface, bundles, or multifield filters
• Application QoS
• Marking, policing, and shaping
• Advanced/application policy-based routing (APBR)
• Classification and scheduling
• Application Quality of Experience (AppQoE)
• Weighted random early detection (WRED)
• Application-based multipath routing
• Guaranteed and maximum bandwidth
• Ingress traffic policing
Threat Defense and Intelligence Services1 • Virtual channels
• Hierarchical shaping and policing
• Intrusion prevention
• Antivirus
• Antispam Switching Features
• Category/reputation-based URL filtering
• ASIC-based Layer 2 forwarding
• Protection from botnets (command and control)
• MAC address learning
• Adaptive enforcement based on GeoIP
• VLAN addressing and integrated routing and bridging (IRB)
• Juniper Advanced Threat Prevention, a cloud-based SaaS
support
offering to detect and block zero-day attacks
• Link aggregation and LACP
• Juniper ATP Appliance, a distributed, on-premises advanced
• LLDP and LLDP-MED
threat prevention solution to detect and block zero-day attacks
• STP, RSTP, MSTP
• Adaptive Threat Profiling
• MVRP
• Encrypted Traffic Insights
• 802.1X authentication
• SecIntel to provide threat intelligence

4
SRX1500 Firewall Datasheet

Network Services Specification SRX1500

• Dynamic Host Configuration Protocol (DHCP) client/server/ System memory (RAM) 16 GB

Primary boot storage (mSATA) 16 GB
relay
Secondary storage (SSD) 100 GB
• Domain Name System (DNS) proxy, dynamic DNS (DDNS)
Dimensions and Power
• Juniper real-time performance monitoring (RPM) and IP
Form factor 1U
monitoring
Size (WxHxD) 17.28 x 1.75 x 18.2 in (43.9 x 4.44 x
• Juniper flow monitoring (J-Flow) 46.22 cm)

• Bidirectional Forwarding Detection (BFD) Weight (device and PSU) 16.1 lb (7.30 kg)

• Two-Way Active Measurement Protocol (TWAMP) Redundant PSU 1+1

• IEEE 802.3ah Link Fault Management (LFM) Power supply AC/DC (external)
Average power consumption 150 W
• IEEE 802.1ag Connectivity Fault Management (CFM)
Average heat dissipation 512 BTU / hour
Maximum current consumption 2.5A (for AC PSU);
6.2A (for DC PSU)
Advanced Routing Services Maximum inrush current 50A by 1 AC cycle
• Packet mode Acoustic noise level 66.5dBA
• MPLS (RSVP, LDP) Airflow/cooling Front to back

• Circuit cross-connect (CCC), translational cross-connect (TCC) Operating temperature 32° to 104° F (0° to 40° C)

• L2/L2 MPLS VPN, pseudo-wires Nonoperating temperature 4° to 158° F (-20° to 70° C)

Operating humidity 10% to 90% non-condensing
• Virtual private LAN service (VPLS), next-generation multicast
Nonoperating humidity 5% to 95% non-condensing
VPN (NG-MVPN)
Meantime between failures (MTBF) 9.78 years (85,787 hours)
• MPLS traffic engineering and MPLS fast reroute
FCC classification Class A
RoHS compliance RoHS 2
FIPS 140-2 Level 2 (Junos 19.2)
Management, Automation, Logging, and Reporting
Performance and Scale
• SSH, Telnet, SNMP Firewall throughput (IMIX) Gbps2 4.5
• Smart image download Firewall throughput (1,518 B)2 9.0
• Juniper CLI and Web UI IPsec VPN throughput (IMIX) Gbps2 1.0
• Juniper Networks Security Director and Security Director IPsec VPN throughput (1400 B) in Gbps2 4.0
Cloud Application security performance (TPS#/CPS**) in
7.5 / 4.0
Gbps
• Python
Next-generation firewall (TPS#/CPS**) in Gbps3 7.0 / 2.0
• Junos OS event, commit and OP scripts
Secure Web Access firewall (CPS**) in Gbps4 2.0
• Application and bandwidth usage reporting Advanced Threat (CPS**) in Gbps5 1.0
• Auto installation Route table size (RIB/FIB) (IPv4) 2 million / 1 million
• Debug and troubleshooting tools Maximum concurrent sessions (IPv4 or IPv6) 2,000,000
Connections per second (64B) 90,000
SSL Connections per second 1,600
Hardware Specifications IPsec VPN tunnels 2,000
Specification SRX1500
2
Performance numbers based on UDP packets and RFC2544 test methodology
Connectivity 3
Next-Generation firewall performance is measured with firewall, application security and IPS enabled
4
Secure Web Access firewall performance is measured with firewall, application security, IPS, SecIntel, and URL Filtering
Total onboard ports 16x1GbE and 4x10GbE enabled
5
Advanced Threat performance is measured with firewall, application security, IPS, SecIntel, URL Filtering and malware
Onboard RJ-45 ports 12x1GbE protection enabled
#TPS Method: Throughput performance of average HTTP sessions
**
CPS Method: Short-lived sessions
Onboard small form-factor pluggable (SFP)
4x1GbE
transceiver ports
Onboard SFP+ ports 4x10GbE
Juniper Networks Services and Support
Out-of-Band (OOB) management ports 1x1GbE
Juniper Networks is the leader in performance-enabling services
Dedicated high availability (HA) ports 1x1GbE (SFP)
PIM slots 2
designed to accelerate, extend, and optimize your high-
Console (RJ-45 + miniUSB) 1 performance network. Our services allow you to maximize
USB 2.0 ports (type A) 1 operational efficiency while reducing costs and minimizing risk,
Memory and Storage achieving a faster time to value for your network. Juniper Networks

5
 SRX1500 Firewall Datasheet

ensures operational excellence by optimizing the network to

maintain required levels of performance, reliability, and availability.
For more details, please visit https://www.juniper.net/us/en/
products.html.

Ordering Information
To order Juniper Networks SRX Series Firewalls and access
software licensing information, please visit the How to Buy page at
https://www.juniper.net/us/en/how-to-buy/form.html.

About Juniper Networks

Juniper Networks believes that connectivity is not the same as
experiencing a great connection. Juniper's AI-Native Networking
Platform is built from the ground up to leverage AI to deliver
the best and most secure user experiences from the edge to the
data center and cloud. Additional information can be found at
Juniper Networks (www.juniper.net) or connect with Juniper on X
(Twitter), LinkedIn, and Facebook.

Corporate and Sales Headquarters APAC and EMEA Headquarters

Juniper Networks, Inc. Juniper Networks International B.V.

1133 Innovation Way Boeing Avenue 240 1119 PZ Schiphol-Rijk

Sunnyvale, CA 94089 USA Amsterdam, The Netherlands

Phone: 888.JUNIPER (888.586.4737) Phone: +31.207.125.700

or +1.408.745.2000

www.juniper.net

Copyright 2024 Juniper Networks, Inc. All rights reserved. Juniper Networks, the Juniper Networks logo, Juniper, and Junos are registered trademarks of Juniper Networks, Inc. in the United
States and other countries. All other trademarks, service marks, registered marks, or registered service marks are the property of their respective owners. Juniper Networks assumes no
responsibility for any inaccuracies in this document. Juniper Networks reserves the right to change, modify, transfer, or otherwise revise this publication without notice.

1000551-025-EN May 2024 6