SRX320: 1 Gbps firewall with 300 Mbps IPsec VPN. This compact desktop device features high-performance security, routing, switching, and WAN connectivity for small, distributed enterprise locations with up to 50 users.
Features & Benefits:
Should you use a router and a firewall to secure your network? By building the branch SRX Series with best-in-class routing and firewall capabilities in one product, enterprises don’t have to make that choice. Why forward traffic if it’s not legitimate?
SRX Series for the branch checks the traffic to see if it is legitimate, and only forwards it on when it is. This reduces the load on the network, allocates bandwidth for all other mission-critical applications, and secures the network from hacking.
The main purpose of a secure router is to provide firewall protection and apply policies. The firewall (zone) functionality inspects traffic flows and state to ensure that originating and returning information in a session is expected and permitted for a particular zone. The security policy determines if the session can originate in one zone and traverse to another zone. This architectural choice receives packets from a wide variety of clients and servers and keeps track of every session, of every application, and of every user. It allows the enterprise to make sure that only legitimate traffic is on its network and that traffic is flowing in the expected direction.
To ease the configuration of a firewall, SRX Series for the branch uses two features—“zones” and “policies.” While these can be user-defined, the default shipping configuration contains, at a minimum, a trust and untrust zone. The trust zone is used for configuration and attaching the internal LAN to the branch SRX Series. The untrust zone is used for the WAN or untrusted Internet interface. To simplify installation and make configuration easier, a default policy is in place that allows traffic originating from the trust zone to flow to the untrust zone. This policy blocks all traffic originating from the untrust zone to the trust zone. A traditional router forwards all traffic without regard to a firewall (session awareness) or policy (origination and destination of a session).
By using the Web interface or CLI, enterprises can create a series of security policies that will control the traffic from within and in between zones by defining policies. At the broadest level, all types of traffic can be allowed from any source in security zones to any destination in all other zones without any scheduling restrictions. At the narrowest level, policies can be created that allow only one kind of traffic between a specified host in one zone and another specified host in another zone during a scheduled time period.