Full Text

If the Guinness Book of World Records had an entry for "biggest firewall ever,' Juniper's SRX 5800 would qualify

In our exclusive Clear Choice test, this hulking brute of a machine sped traffic at rates approaching 140Gbps through its 16 lOGigabit Ethernet interfaces, making it by far the largest and fastest firewall anyone has ever tested.

But "biggest" isn't the same as "most capable." For example, enabling intrusion prevention caused forwarding rates to drop to 30Gbps,even when handling benign traffic.

And there were issues with security policy management. The Network and Security Manager (NSM) appliance Juniper supplied doesn't yet accept security alerts from the SRX. In other words, it's a security management platform that won't say how or even whether the network is under attack.

As a firewall, the SRX/NSM combo is fine, even for managers of the very largest networks. But because of the lack of security alerts and some serious usability drawbacks in the NSM, we can't yet recommend the system as a combined firewall/intrusion-prevention system (IPS).

The SRX 5800 is a chassis-based system. Pre-populated with two switch control boards to manage inter-card communications, it's up to the customer to insert I/O cards or Service Processing Cards (SPC) as needed. The I/O cards come in two flavors: four-port 10G Ethernet or 40-port 1gigabit Ethernet.You can mix and match I/O cards with the SPCs, which handle services such as firewall and IPS. (See how we conducted our test at www.nwdocfinder.com/8837.)

While this system is clearly aimed at nonstop environments, Juniper hasn't gotten all of its hot-swap technology in the single-chassis version. You can't insert or remove cards without interrupting traffic flow. Juniper's solution is chassis clustering - linking two of these monster boxes into a cluster that lets you take a chassis down for maintenance, upgrade or repairs, while still passing traffic.

The SRX's operating system is JunOS through-and-through, with firewall and IPS features from Juniper's NetScreen acquisition layered on top. If you like managing routers from the command line and have a modest firewall policy you'll take to the SRX 5800 right away It's got the JunOS you love, a rock-solid stateful firewall and the fastest performance of any firewall on Earth.

Performance metrics

When...