Review: The Juniper SRX300 Services Gateway Protects and Connects Federal Outposts

In terms of connectivity, the SRX300 can handle the routing and access functions for a small-to-midsized office. It can process up to 64,000 concurrent sessions, and it can optimize them through multiprotocol label-switching, directing each packet to the next node using short path labels instead of much longer network addresses. It’s also multiprotocol compatible and can work with almost any existing network technology.

For every federal agency, security is always one of the most important factors for any network. The SRX300 has got that built in, with IP security, unified threat management, proactive security through Juniper’s Spotlight Secure threat intelligence platform, intrusion protection, a full next-generation firewall and GeoIP locational-based access controls.

Users can add their own security policies as well, and the SRX300 can store and support up to 1,000 rules.

It’s not unusual to find advanced connectivity and security features in an enterprise gateway appliance. It’s rare, however, to have them included in a device designed for smaller offices. The Juniper SRX300 Services Gateway goes even beyond that with zero-touch installation, remote management and seamless integration with other networking equipment.

As such, the SRX300 is ready to offer smaller government offices the protection and connection assistance they need, right out of the box. 

The Juniper SRX300 Gateway is a tiny appliance — only about a foot wide and just over an inch tall — but it’s packed with advanced features. Naming all of them would take forever, but on the connectivity side alone it supports almost all network protocols, including Domain Name System, Dynamic DNS, Dynamic Host Configuration Protocol, Point-to-Point Protocol over Ethernet, and Resource Reservation. 

On the security side, you have a full next-generation firewall that can support up to 1,000 custom rules based on the IP security standard, unified threat management, security intelligence through Spotlight Secure, intrusion protection and GeoIP locational-based access control. That is a lot to ask of a small appliance designed to protect regional and branch federal offices.

To see how it could actually perform, we connected it between a traffic avalanche and reflector device to simulate real traffic coming in and going out of an agency’s network. 

Before the testing, we used the Junos operating system to program several custom security rules. Then we throttled up the simulated traffic close to the device’s maximum rating of 64,000 concurrent sessions and 256 IPSec VPN tunnels. In addition, we added traffic that broke our custom rules as well as several actual threats from our malware zoo.

The SRX300 performed well. There were no dropped connections or routing mistakes, even when running constantly at over 80 percent capacity for several hours. When traffic-breaking rules were inserted into the stream, those packets were stopped with the correct reasons given. 

Threats, including very modern polymorphing malware, also failed to sneak past the Juniper appliance, even though it was busy processing normal traffic at the same time.

In every test, the SRX300 performed right up to its rated level without so much as a hiccup. Based on this testing, there is little doubt that the Juniper SRX300 Gateway is ready to both protect and connect any small to midsized federal office.

Juniper SRX300 Services Gateway

Processor: Intel Core i7-865OU, 2.11GHz
Max Concurrent Sessions: 64,000
Supported Security Policies: 1,000
Max Firewall Throughput: 1Gbps
IPS Performance: 100Mbps
Dimensions: 12.6x7.5x1.4 inches
Weight: 4.4 pounds