Case 3:17-cv-05659-WHA Document 358-7 Filed 01/24/19 Page 1 of 20
`
` 
`
` 
`
` 
`
` 
`
` 
`
` 
`
`Exhibit 7
`
`

`

`Case 3:17-cv-05659-WHA Document 358-7 Filed 01/24/19 Page 2 of 20
`Case 3:17-cv-05659-WHA Document 358-7 Filed 01/24/19 Page 2 of 20
`
`SC) mioeeead
`
`SRX Series enc:
`
`
`
`on
`juct [
`i
`
`
`for the branch combine next
`The Juniper Networks® SRX Series Services Gateways
`
`generation firewall and ur:fied threat management (UTM)services with routing and
`
`swtching in a single, high-performance, cost-effective network device.
`
`
`
`+
`
`SRX Series for the branchruns Jun per Networks Juros® operating system, the proven
`OSthat is used by core Intemet routers ir all of the top 1005
`
`word. The rgorous y tested carrier-ciass routing features of IPv4/IPv6, OSPF,
`B
`
`multicast have beer proven in over 15 years of woridwide deployments.
`SRXSeries for the branch provides perimeter security, content security, applicat on
`visibility, tracking and policy enforcement, user role-based cortroi, threat inteliigence
`through integration wth Jun per Networks Spotlight Secure* and network-wdethreat
`
`visibility and contro!. Using zones and policies. network admin strators can configure
`and depioy brarch SRXSeries gateways quickiy and securely. Policy-based VPNs
`support more complex security architectures that require dynamic addressing and
`spi
`t tunneling. The SRX Ser es also ncludes wizardsfor firewa.|, IPsec VPN, Network
`
`Address
`arsiation (NA™), and init ai setup to simpi fy corfiguratians out of the bex
`
`:
`;
`SRX Senes Services Gatewaysfor
`the branch are next-gereratior
`security gateways that prov de
`essential Capabilities that
`
`onnect,
`secure, and manage
`workforce locations
`s
`d from
`
`handfuls tc hundreds cf users. By
`
`consolidating fast, highly
`able
`switching, routing, security,
`and next gereration firewa
`
`capabilities in a sngle device.
`enterprises can protect their
`reSOUICes a5 Well as economically
`
`de..ver newservices, safe
`connectivity, and a
`satisfying end-
`
`user experience. A.l
`SRX Series
`ciuding
`
`products
`cr Enterprise
`
`For content security, SRX Series for the branch offersacompiete su te of next
`
`
`ch, Enterprise edge, and
`d threat intel gence
`Le
`appicatiol
`
`are
`Center applications,
`are
`generaticn firewall, unified threat management (UTM
`
`
`
`powered byJuncs Hehe proven
`servic
`sisting of:
`intrusior prevent or system (IPS), application security
`operating system that provides
`(AppSecure), user role-basedfirewa.. cantro.s, on-box and cloud-based ant virus,
`Unmatchedconsistency, better
`antispam, and enhanced Webfiltering to protect your network from the latest
`performance with services, and
`contert-borne threats. Integrated threat intei\ugence via Spotlight Secure offers
` ated botnets and
`superior nfr
`nst command ard cortro! (C&C) re
`astructure protection
`adaptive threat protectior
`
`
`at a lowert
`
`
`cost of ownership.
`policy enforcement based on
`Geol? and attacker fingerprint re technology(the latter
`
`
`for Web app.ication protection)—a!!
`of which are basec
`on Juniper providedfeeds.
`
`Customers may
`>)
`.everage their own custom and third-party feeds for protection
`
`from advanced maiware and other threats. The branch SRX Series irteg!
`other Jun'per security products to de.ver enterprise-wide unified a
`(UAC) and adaptive threat management.
`
`SRXSeries for the branch are secure routers that bring h.gh performance and proven
`
`deployment capabiit es tc enterprises that need to bu id a worldwide network of
`
`thousands of sites. The wide variety of optionsailcwconfigurat on of performance,
`
`functional
`ty, and prce scaled ta asainfrom a handfu! to thousands of users
`
`Ethemet. serail, T1/E), 9S3/E3, xDSL, Wi-Fi, and 3G/AG LTE wirelessare all available
`options for WAN orInternet connectivity to securely .ink your sites. Multiple form factors
`allowyoutc make cost-effective chaices for mission-crtical deployments. Managing
`the network is easy using the proven Junos OS command-|ine interface (CLI), scripting
`
`capabilities,asimple-to-use Web-based GUI, or Juniper Networks Junos® Space
`Secunty Director for centralized management
`
`
`
`UNITED STATES DISTRICT COURT
`NORTHERN DISTRICT OF CALIFORNIA
`Trial Exhibit 17
`Case No. 17-CV-05659-WHA
`
`FINJAN-JN 005221
`
`Deputy Clerk
`
` Entered:
`
`By:
`
`

`

`Case 3:17-cv-05659-WHA Document 358-7 Filed 01/24/19 Page 3 of 20
`Case 3:17-cv-05659-WHA Document 358-7 Filed 01/24/19 Page 3 of 20
`
`
`
`Architecture and Key Components
`Key HardwareFeatures of the Branch SRX Series Products
`
`Product
`SRX100 Services
`Gateway
`
`SRXNIO Services
`Gateway
`
`SRX210 Services
`Gateway
`
`Description
`Fight 10/100 Ethernet LAN ports and 1 US8 port (support for 3G USB)
`Full UTM®: antivirus’, antispam’, enhanced Web filtering’ and content filtering
`intrusion prevention system'. AppSecure'
`2 GB DRAM.2 GBflash default
`VDSL/ADSL2+ and Ethernet WAN interfaces
`Fight 10/100 Ethernet LAN ports and two USB port (support for 3G USB)
`Full UTM: antivirus! antispam’, enhanced Webfiltering’ intrusion prevention system’, AppSecure’
`Unified Access Control (UAC) and contentfiltering
`2 GB DRAM. 2 GBCF default
`wo 10/100/1000 Fthernet and 610/100 Ethernet LAN ports. 1 Mini-PiM slot. and 2 USB ports (suppor: for 3G US3)
`Factory option of 4 dynamic Power over Ethernet (PoE) por:s 802.3af
`Support for TVE1. serial, ADSL/2/2+. VDSL, G.SHDSL. and Ethernet small form-factor pluggable transceiver (SFP)
`Content Security Accelerator hardware for faster performance of |PS and ExpressAV (with high memory version)
`Full UTM. antivirus) antispam’, enhanced Webfiltering’, and content filtering
`Intrusion prevention system', User role-basedfirewall, and AppSecure!
`2 GB DRAM,2 GBflash default
`
`SRX220 Services
`Gateway
`
`Fight 10/100/1000 Ethernet LAN ports, 2 Mini-PIM slots
`Factory option of 8 PoE ports: PoF+ 802.3at. backwards compatible with 802.3af
`Support for T1/E1, serial, ADSL2/2+, VDSL. G.SHDSL. and Ethernet SFP
`Content Security Accelerator hardware for faster performance of IPS and ExpressAV
`Full UTM®:antivirus'. antispam!. enhanced Webfiltering’ and content filtering
`intrusion prevention system’, User role-basedfirewall and AppSecure!
`2 GB DRAM, 2 GBCF default
`16 10/100/1000 Fthernet LAN ports, 4 Mini-P/M slots
`Factory option o/ 16 PoE ports: PoE+ 802.3at, backwards compatible with 802 3af
`Support for T1/F1, serial. ADSL2/2+, VOSL.G SHDSL, and Ethernet SFP
`Content Security Accelerator hardwarefor faster performance of |PS and ExpressAV
`Full UTM" antivirus], antispam’. enhanced Webfiltering’, and contentfiltering
`Intrusion prevention system'. AppSecure’
`Ten fixed Ethernet ports (6 10/100/1000 copper. 4 SFP), 2 Mini: P'M slots, 6 GPIM slots or multiple GP. M and XPiM
`combinations
`Support for TEI, serial. ADS.2/2-. VDSL. G SHDSL., DS3/E3. Gigabit Ethernet ports: supports up to 52 Ethernet
`ports including SFP. 40 switch ports with optional PoE including 802.3at, PoE+, backwards compatible with 602 3af
`{or 50 non-PoE 10/100/1000 copper ports)
`Content Security Accelerator hardware for faster performanceof IPS and FxpressAV
`Full UTM: antivirus', antispam', enhanced Web filtering’ and contentfiltering
`intrusion prevention system!. User role-basedfirewall, and AppSecure!
`Threatintelligence for protection from command and control (C&C) botnets, Web application threats. and advanced
`malware, and policy enforcement based on GeoilP data
`2 GB DRAM de“ault. 2 GB compact flash default (SRX550)
`4 GB DRAM default, 8 GB compact flash default (SRX550 High Memory)
`Optional redundant AC power: standard AC power supply that is PoE-+ready PoE power up to 250 watts single power
`supply or 500 watts dual power supply
`Four fixed ports 10/100/1000 Fthernet AN ports, 8 GPM slots or multiple GP/M and XPM combinations
`Support for 71. £1, DS3/E3. Ethernet ports. supports up to 52 Ethernet ports including SFP. 48 swiich ports with
`optional Po= including 802 3at, PoE+, backwards compatible with 802 3af (or 52 non-PoE 10/100/1000 copper ports
`Content Security Accelerator hardware for faster performance of iPS and ExpressAV
`Full UTM" antivirus', antispam! enhanced Webfiltering’, and contentfiltering
`Intrusion prevention system’. User role-basedfirewall. and AppSecure!
`Threatintelligence for protection from command and control (C&C) botnets. Web application threats, and advanced
`malware, and policy enforcement based on Geo!P data
`Modular Services and Routing Engine: future internalfailover and hot-swap
`2 GB DRAM default. 2 GB compact flash default. external compact ‘lash slot for additional storage
`Optional redundant AC power: standard AC power supply that 1s PoE-ready: PoE power up to 250 watts single power
`supply or 500 watts dual power supply
`
`SRX240 Services
`Gateway
`
`SRX550 Services
`Gateway
`
`SRX650 Services
`Gateway
`
`Network Deployments
`The SRX Series Services Gateways for the branch are deployed at remote, branch and Enterprise edge locations in the network to
`provide all-in-one secure WAN connectivity, and connection to local Cs and servers via integrated Ethernet switching.
`
`Unified Threat Management—antivirus antispam Webfiltering AppSecure and IPS require a subscnption .icerse opbon to use the feature UTM is not supported on the low memoryversion
`Please see the ordenng section for options ContentFiltering and UAC are part of the base software with no additonallicense
`
`
`FINJAN-JN 005222
`
`

`

`Case 3:17-cv-05659-WHA Document 358-7 Filed 01/24/19 Page 4 of 20
`Document 358-7 Filed 01/24/19 Page 4 of 20
`Case 3:17-cv-05659-WHA
`
`Features and Benefits
`Next Generation Firewall
`
`
`
`SRX Series Services Gateways deliver next generation firewal|
`protection with appl cation awareness and extensive user role-
`based control options pius best-
`of-breed UTM to protect and
`contro. your business assets.
`Next generation firewalls are
`able to perform full packet
`inspection and can apply
`security policies based on layer 7
`informatior. This means you car
`create security policies based cn
`the application running across
`your network, the user who 's
`receiving or sending netwerk
`traffic or the content thatis
`traveling across your network
`to protect your environment
`against threats, manage how
`your network bandwidth is allocated, and contro: who has access
`to what.
`
`Figure 1. Firewalls, zones
`and policies
`
`AppSecure 's a suite of appiication secunty capabil:ties for
`Juniper Networks S2X Ser es services Gateways that identifies
`app! Cations for greater visib lity, enforcement, control, and
`protection of the network.
`
`trusioy Prevention
`
`The intrusion prevention system (IPS) understands application
`behaviors and weaknesses tc prevent applicat:on-borne security
`threats that are difficult te detect and stop.
`nified
`ment
`(LITT)
`hreat [Management
`SRX Series can nciude comprehersive content security against
`malware, viruses, phishing attacks, intrusions, spam and other
`threats with unified threat management (JTM). Get a best-
`of-breed solution with anti-virus. art/-spam, webfilterng and
`content filtering at a great vaiue by easily adding these services
`to your SRX Ser-es Services Gateway. Cloud-based ard on-bex
`solutions are both ava: .ab.e.
`|
`re
`cer
`ew
`LSE
`ewall
`
`Fir
`
`Juniper offers a range of user role-based firewali control solutions
`that support dynamic security pol. cies. Jser ro.e-based f rewa!!
`capabilities are integrated with the SRX Series Services Gateways
`for standard next generation firewall controls. More extensive,
`scalable, grarular access controls for creating dynamic policies
`are aval.abie through the integration cf SRX with a Juniper
`Unified Access Contra. sciution.
`
`Adaptive Threat Intelligence
`To address the evo ving threat landscape that has made it
`mperative to integrate externa! threat intelligence into the
`frewail for thwarting advanced maiware and other threats, some
`SX Series Services Gateways inc.ude threat intelligence via
`integration with Spotiight Secure. The Spotlight Secure threat
`intelligence piatform aggregates threat feeds from muitip.e
`sources to de! ver aper, consolidated, actionable intelligence to
`SX Series Services Gateways across the organization for policy
`enforcement. These sources include Juniper threat feeds, third
`Partythreat feeds and threat detection technologies that the
`customercar deploy.
`
`Administrators are able to def ne enforcement policies from al.
`feeds via a singie, central zed maragement point, Juncs Space
`Security Director.
`
`Secure Routing
`Manyorgan zations use both a router and a firewa../VPNat ther
`network edgeto fu-fil! their networking and security needs. For
`manyorganizatiors. the SRX Series for the branch canfuif \
`both roles with one soivtior. Jun per built best-in-class routing.
`sw tching and firewall! capabil ties into one product.
`
`SX Series for the brarch checks the traffic to see if it s
`egitimate and permissible, and only forwards 't cn whenit s.
`This reduces the load on the network, al.ocates bandwidthfor al
`other mission-critical applications, and secures the network from
`Malicious USETS.
`
`The ma rp purpose of a secure routers to provide f.rewal!
`protection and apply policies. The frewal! (zone) functionaiity
`inspects traffic flows and state to ersure that originating and
`returning informat-on in a session s expected and permitted for
`a particuiar zone. The security pol cy determiresif the session
`can orginate in one zone and traverse tc another zone. Due to
`the architecture, SRX Ser es receives packets from a wide vanety
`of clients and servers and keeps track of every session, of every
`application, and of every user. “hs allows the enterprise to make
`sure that onlyleg timatetraffic s on its network and thattraffic is
`f.owing in the expected direction.
`
`High Availabitity
`Junos Services Redundancy Protoco. USRP) s a core feature
`of the SRX Series for the branch. JSR° erabies 4 pair cf SR2Xx
`Series systemsto be easily integrated nto a hgh ava labii ty
`network architecture, with redundant physica: connections
`between the systems and the adjacent network sw tches. With
`Link redundancy, Juniper Networks can address many common
`causes of system fai.ures. such as a phys cai port goirg bad
`or a cable getting disconnected, to ensure that a conrection
`S ava.ab:e without hav ng to fai over the entire system. This
`'5 consistent with a typica: active/standby nature of routing
`resiliency proteccis.
`
` w
`
`FINJAN-JN 005223
`
`
`
`

`

`Case 3:17-cv-05659-WHA Document 358-7 Filed 01/24/19 Page 5 of 20
`Case 3:17-cv-05659-WHA Document 358-7 Filed 01/24/19 Page 5 of 20
`
`nee
`
`Active/Standby
`
`
`
`
`
`exsena|>
`
`Figure 2. High availability
`
`
`
`the forwarding table along with a poirter to the next-hop route.
`Establshed sessions have a single table lookup to verify that the
`session has been permitted andto find the next hop. This efficient
`algorithm improves throughput and iowerslatency for session
`traffic when compared with a classic router that performs multiple
`table lookupsto verify session information and then to find a next-
`hop route.
`
`Figure 3 showsthe session-based forwarding algorithm. When a
`new session s established, the session-based architecture within
`Junos OSverifies that the session is allowed by the forwarding
`policies.If the session is allowed, Junos OS will lock up the next-
`hop revte in the routing table.It ther inserts the session and the
`rext-hop route into the sess:an and forwarding table and forwards
`the packet. Subsequent packets for the established session
`require a single table |ookupin the sessior and forwarding tabie,
`and are forwardedto the egressinterface.
`
`Wher SRXSeries Services Gateways for the branch are
`configured as an act ve/active HApair, traffic and configuration
`§ mirrored automatically to provide act ve firewa.! and VPN
`session maintenancein case ofa faiiure. The branch SRX Series
`synchronizes both configuration and runtime information. As a
`result, during failover, synchron zation of the follow:ng information
`s shared: connection/session state and fiow nformation, IPSec
`security associations, Network Address Translation (NAT)traffic,
`address book information, corfiguration changes, and more. In
`contrast to the typical router active/standbyresiliency protocols
`such as Virtual Router Redundancy Protocol! (VRRP), all dynamic
`ficw and session :nformation is lost and must be reestabiished
`nthe event of a failover. Someor all network sessions will have
`torestart depending on the convergence time of the links or
`nodes. By maintaining state, not only is the sessior preserved,
`but security is kept intact.
`In ar unstabie network, this act ve/
`active configuration also mitigateslink flapping affecting session
`performance.
`
`Session Based Forwarding Without the
`PerformanceHit
`
`In order to optimize the throughput and latency of the combined
`router and firewai., Junos OS implements session-based
`forwarding, an innovation that combines the session state
`nformation ofa traditional firewall! and the next-hop forwarding
`of a classic router into a singie operation. With Junos OS,a
`session that is permitted by the forwarding policy is added to
`
` Ingress
`
`Interface
`
`eee Mesae
`PoSvg aoe”
`Disallowed ny
`Policy: Dropped
`
`=o"
`
`Forwarding for ____, Egress
`Permitted Traffic
`Interface
`
`Figure 3: Session-based forwarding algorithm
`
` 4
`
`FINJAN-JN 005224
`
`

`

`Case 3:17-cv-05659-WHA Document 358-7 Filed 01/24/19 Page 6 of 20
`Case 3:17-cv-05659-WHA Document 358-7 Filed 01/24/19 Page 6 of 20
`
`sIP
`
`a.
`Server
`be
`Server
`- .
`Private Data Center
`
`uc
`
`Internet
`
`SF.com
`
` FEsbeck
`
`Private WAN
`
`Nia
`
`SRX110 “SS
`
`3G
`
`sss
`
`Com
`Va =, Connectivity
`Small Offi
`ma
`Ice
`
`VDSL
`
`-
`1|
`
`t
`te
`| SRX650.__
`
`T
`fe)
`> _SRX650__|
`
`| Ex4200/
`
`Ex4200
`
`= w
`
`Lcsoo
`
`Large HA Office
`
`Hosted
`Server
`
`Web
`Server
`
`TVEl
`
`VDSL
`
`ee
`
`TVE]
`
`SFP
`
`DS3/E3
`
`1.
`pele
`SRX210
`SRX240
`PE a
`ce... |e.
`cx
`(Bhs!
`SRXS5SO
`SRX550__
`
`raiseriH| [aaa [7] oN
`
`
`@ @ hi @
`os
`= f
`L ~— ja (al
`bie *’ ™ id
`SmallBranchwith
`
`WLC100
`
`EXx3300 |
`
`| Ex3300|
`
`as
`
`ee
`
`Mid-sized HA Branch
`
`Small, Link HA Branch
`
`Cellular Backup
`
`ead
`
`FINJAN-JN 005225
`
`

`

`
`
`Case 3:17-cv-05659-WHA Document 358-7 Filed 01/24/19 Page 7 of 20
`Case 3:17-cv-05659-WHA Document 358-7 Filed 01/24/19 Page 7 of 20
`
`
`
`Specifications
`Protocols
`IPv4, IPv6, ISO Connectioniess Network Service (CLNS)
`
`Routing and Multicast
`Static routes
`RIPv2 +v1
`OSPF/OSPFv3
`BGP
`BGP Router Reflector
`IS-IS
`
`Multicast (Internet Group ManagementProtocol!
`(IGMPVv1/273), PIM-SM/DM/SSM,Session Description
`Protocol (SDP), Distance Vector Muiticast Rout-ng Protocol
`(DVMRP), source-specific, Multicast inside IPsec tunnel),
`MSDP°
`
`MPLS (RSVP, LDP, Circuit Cross-connect (CCC), Translational
`Cross-connect (TCC), Layer 2 VPN (VPLS), Layer 3 VPN,
`VPLS, NGMVPN)
`
`IP Address Management
`
`DHCP, PPPoEclent
`Internal DHCP server, DHCP Relay
`
`Address Translation
`Source NAT with Port Address Transiation (PAT)
`Static NAT
`Destination NAT with PAT
`Persistent NAT, NAT64
`
`Encapsulations
`Ethernet (MAC and VLAN tagged)
`Point-to-Point Protoco! (PPP) (synchronous)
`- Multilink Point-to-Point Protocol (MLPPP)
`Frame Relay
`- Multilink Frame Relay (MLFR) (FRF15, FRF16), FRF2, Ll
`High-Level Data Link Contra! (HDLC)
`Serial (RS-232, RS-449,X.21, V.35, EIA-530)
`8C2.1q VLAN support
`Point-to-Point Protocol over Ethernet (PPPoE)
`
`L2 Switching:
`802.1Q, 802.1D, RSTP, MSTP, 802.3ad (LACP)
`802.1x, LLDP, 802.Jad (Q-in-Q), IGMP Snooping
`Layer 2 switching with high availability
`
`TrafficManagement Quality of Service (QoS)
`802.1p, DSCP, EXP
`
`+ Marking, policing, and shaping
`Class-based queuing wi
`ioritizatio
`BEER ULI WIN PEOUizanien
`
`Weighted random early detection (WRED)
`+ Queuing based on VLAN, data-iink connecton identifier
`(DLC), interface, burdies, or muiti-field (MF) fi'ters
`- Guaranteed bandwidth
`+ Maximum bandwdth
`
`:
`
`Ingress traffic policing
`Priority-bandwidth util/zation
`DiffServ marking
`+ Virtual chanreis
`
`Security
`Firewall
`Firewali, zones, screens, policies
`Stateful firewail, statelessfilters
`Network attack detection
`
`Screens denial of service (DoS) and provides distributed
`denia! of service (DDoS) protection (anomaly-based)
`Prevent replay attack: Anti-Replay
`Unified Access Control
`
`- TCP reassembly for fragmented packet protection
`- Brute force attack mitigation
`- SYN cookie protection
`- Zone-based IP spoofing
`- Malformed packet protection
`NGFW/UTM*
`Intrusion Prevention System (IPS)
`- Protocol anomaly detection
`- Statefu! protecol signatures
`-
`Intrusion prevention system (IPS) attack pattem
`obfuscation
`- User role-based po.icies
`+ Customer signatures creation
`Muitipie times a week and emergency updates
`+ AppSecure
`- AppTrack (application visibility and tracking)
`AppFirewall (policy enforcement by application name)
`- Custom signatures
`AppQoS(networktraffic prioritization and bandwidth
`management)
`- Dynamic signature updates
`User-based app! cation policy enforcement
`Antivirus
`
`- Express AV (stream-based AV, not available or SRX100
`and SRX11G)
`- File-based antivirus
`Ga
`Signature database
`- Protocols scanned: POP3, HTTP, SMTP, IMAP, FTP
`
`'GGP Route Reflector supported on SRX550 anc SRX650 See arderng section for Tore informatoan
`2 As af Junos 151X49-D40. the SRX550 High Memoryunit does not support xSTP LLDP BO2 Ix. Q-in-C IGMP Snooping and L2 svatcting witn HA
`Unified Threat Management — antivirus antispam Wet filtering ApoSecure. and IPS require ind vidual subscriptionlicense UTIis not supported on the low memory version Please see the
`ordenng section for options
`
`
`FINJAN-JN 005226
`
`

`

`
`
`Case 3:17-cv-05659-WHA Document 358-7 Filed 01/24/19 Page 8 of 20
`Case 3:17-cv-05659-WHA Document 358-7 Filed 01/24/19 Page 8 of 20
`
`Ant- spyware
`+ Ant-adware
`
`)
`
`> OSPFy3
`
`> Ant keylogger
`- Cloud-based antivirus
`Antispam
`Integrated enhanced Webfiltering
`- Category granularity (90+ categories)
`- Real time threat score
`Redirect Webfi'tering
`+ Content Security Accelerator in SRX210 high memory,
`SRX220, SRX240, SRX550, and SRX650*
`FExpressAV option in SRX210 high memory, SRX?20 high
`memory, SRX240, S2X550, and SRX650*
`Contentfiltering
`- Based on MIME type,file extension, ard protoco!
`commands
`
`VPN
`
`Auto VPN (Zero Touch Hub)
`
`urneis (GRE,IP-IP, IPsec)
`IPsec, Data Encryption Standard (DES) (56-bit), trpie Data
`Encryption Standard (3DES) (168-bit), Advanced Ercryptior
`Standard (AES) (128-bit+) encrypticr
`Message Digest 5 (MD5),SHA-) , SHA-128, SHA-2556
`authentication
`Junos Pulse Dynamic VPNclient: browser-based remote
`access feature requinng a license
`IPv4 and IPv6 VPN
`Mult!-Proxy ID for site-to-site VPN
`Multimedia Transport
`Compressed Real-Time Transport Protaco! (CRTP)
`
`HighAvaiiability
`VRRP
`JSRP
`
`Stateful failover and duai box ciustering
`SRX550/SRX650:
`
`- Redundant power (cptiona.)
`- GPIM hot swap
`
`+ 21Png
`+
`IPv6 Multicast Listener Discovery (MLD)
`+ BGP
`+
`ISIS*
`Wireless
`+ CX7 Cellular 3G/4G/LTE Broadband Data Bridge supported
`on ail branch SRX Series devices
`+ 3G USB modem support for SRX100, SRX110, and SRX210
`SLA, Measurement, and Monitoring
`+ Real-time performance monitoring (RPM)
`+ Sessions, packets, and bandwidth usage
`+
`Juniper J-Ficw monitcring and accounting services
`IP Monitoring
`
`- Sysiog
`Traceroute
`Extensive control- and data-plane structured and
`unstructured sysiog
`Administration
`Juniper Networks Network ard Secur ty Manager support
`(NSM)
`
`Lo
`
`-
`
`+
`
`Juniper NetworksJunos Space Security Director support
`Juniper Networks STRM Series Security ~hreat Response
`Managers support
`Juniper Networks Advanced Insight Solutions support
`=xterma! administrator database (RADIUS, | DAP, SecurelD)
`Auto-configuration
`+ Configuration rollback
`Rescue configuration with button
`Commit confirm for changes
`Auto-record fer diagnostics
`Software upgrades (USB Upgrade option)
`Juniper Networks J-Web
`Command-line interface
`Smart image downicad
`- Future interna! failover and SRF hot swap (OIR) or aT
`SRX650
`oe
`Backupiink via 3G/4G _TF wireless or other WAN
`NEBS Compliancefor SRX240, SRX650*
`Department of Defense (DcD) Cert ficatior for SRX Series
`Active/active—t.3 mode*
`Services Gateways, inciuding testing and certification by the
`Active/passive—i3 mode*
`Department of Defense Joint Interoperability Test Command
`QITC) for intercperability with DoD retworks and addition of
`Configurat on synchronization®
`the SRX Series Services Gatewaysto the Un fied Capabiiitres
`Session synchronizationforfirewall ard VPN®
`Approved Product List (UC APL)
`Session failover for routing change®
`Device failure detection®
`unk failure detection®
`
`IP Monitoring with route and interface fa over
`
`* Umfhed Threat Management-aotwirus antispam Webfiltenng AppSecure and IPS requireindwidial subscription ‘icense UTM s not Suppo'ted or the low memory version Please see the
`ordenng section for ortions
`
`> SRXINOR installed wth1GR ORAM with 512 MP accessible Optional upgrade tn) GA DRAMis available with nurchiase of memory software license key
`®>Caming seen for SR¥NO and SRX550.
`
`
`FINJAN-JN 005227
`
`

`

`Maximum Performance and Capacity
`Junos OS
`Junos OS
`Junos OS
`Junos OS
`Junos OS
`Junos OS
`Junos OS version tesit
`Junos OS
`
`121X44-DIS)—s-121X%44-DIS-—s“*121X%44-DI5.—s«*121X44-DIS-ssW4RS 2Vi57 N.4R5
`
`
`Case 3:17-cv-05659-WHA Document 358-7 Filed 01/24/19 Page 9 of 20
`Case 3:17-cv-05659-WHA Document 358-7 Filed 01/24/19 Page 9 of 20
`
`data Sheet
`
`
`Product Comparison
`
`SRX100
`
`SRXN10
`
`SRX210
`
`SRX220
`
`SRX240
`
`SRX550
`
`SRX650
`
`Firewall performance
`(large packets)
`Firewall performance (iMIX)
`Firewall + routing PPS (64 Byte)
`Firewall performance® (HTTP)
`(Psec VPN throughpu: (large
`packets)
`IPsec VPN tunnels
`
`760 Mbps
`
`700 Mbps
`
`850 Mbps
`
`950 Mbps
`
`18 Gbps
`
`7 Gbps
`
`7 Gbps
`
`200 Mbps
`70 Kpps
`100 Mbps
`65 Mbps
`
`200 Mbps
`70 Kpps
`100 Mbps
`65 Mbps
`
`250 Mbps
`95 Kpps
`290 Mbps
`85 Mbps
`
`300 Mbps
`125 Kpps
`350 Mbps
`100 Mbps
`
`600 Mbps
`200 Kpps
`830 Mbps
`300 Mbps
`
`2 Gbps
`700 Kpps
`2Gbps
`1.0 Gbps
`
`25 Gbps
`850 Kpps
`2 Gbps
`1.5 Gbps
`
`128
`
`128
`
`256
`
`512
`
`1.000
`
`2,000
`
`3,000
`
`
`
`
`
`
`
`
`AppSecurefirewall throughput®=90 Mbps 90 Mbps 250 Mbps 300 Mbps 750 Mbps 2.0 Ghps 19 Gbps
`
`IPS (intrusion prevention system)
`75 Mbps®
`75 Mbps
`65 Mbps
`80 Mbps
`230 Mbps
`800 Mbps
`1Gbps
`Antivirus
`25 Mops
`25 Mbps
`30 Mbps
`35 Mbps
`85 Mbps
`300 Mbps
`350 Mbps
`(Sophos AV)
`(Sophos AV)
`(Sophas AV)
`(SophosAV)
`(Sophos AV)
`(Sophos AV)
`(Sophos AV)
`1.800
`1,800
`2,200
`2.800
`8.500
`27.000
`35.000
`32K?
`32 7
`64 «7
`96K?
`256 K’
`375 K
`512 K
`
`Connections per second
`Maximum concurrent sessions
`
`DRAM options
`
`2 GB DRAM
`
`2 GB DRAM
`
`2GB DRAM
`
`2GBDRAM
`
`2GB DRAM
`
`2 GB/4 GB’
`DRAM
`
`2 GB DRAM
`
`Maximum security policies
`3B4
`384
`Sl2
`2,048
`4,096
`8.000
`8.192
`
`
`Maxirnum users supported Unrestricted=UnrestrictedUnrestricted Unrestricted Unrestricted Unrestricted Unrestricted
`
`
`
`
`
`Network Connectivity
`4x
`6x
`16 x
`Bx
`2x
`8 x 10/100
`8x 10/100
`Fixed (/O
`
`
`
`
`VDSL/ 10/100/1000=10/100/10001O/IGG/1IO00 =10/100/1000 =1O/NO0/1000
`ADSL2+
`BASE-T+6x
`BASE-T
`BASE-T
`BASE-T +4
`BASE-T
`
`WAN(Annex=10/100 SFP
`Aor 8)
`N/A
`
`\/O stots
`
`N/A
`
`1xSRXSenes 2x SRX
`Mini- PM
`Series
`Mini-PIM
`
`4x SRX
`Series
`Mini-PiM
`
`8x GPIM
`or multiple
`GPIM
`and XP/M
`cormbinations
`
`2x SRX
`Series
`Mint-PiM.
`6xGPIM
`or multiple
`GPIM
`and XP|M
`combinations
`
`Services and Routing Engine
`slots
`
`.
`:
`‘
`WAN/LANinterface options
`Maximum number of Pof ports
`(PoE optional on some SRX
`Series models)
`
`No
`
`Ne
`N/A
`
`No
`
`NA
`N/A
`
`No
`
`No
`
`No
`
`No
`
`20
`
`Seeordering
`Seeordering
`See ordering
`information
`information
`information
`Upto4¢ports UptoBports Uptolé
`of 8023af
`of 802.3af/
`parts of
`with
`at with
`802 3af/
`maximum
`maximurr
`at with
`50 W
`120 W
`maximum
`150 W
`
`Seeordenng
`information
`Up to 40
`ports of
`802 3af/
`at with
`maximurr
`247W
`
`See ordering
`information
`Up to 48
`ports of
`802 3af/
`at with
`maximum
`247 W
`
`
`us8
`1
`2
`2
`2
`2
`2
`2 per SRE
`
`’Basec on 2 GbE memory models wh:ch require Junos OS 121%44-D15 (exception. Junos OSV 4'5 for SRX240 cnly)
`® Throughput qumbers based on HTTP traffic with 44 kilobyte transaction size
`9 Use software based IPS engine which has gher performance anc less Capacity
`©SRX650 supports a single Senices and Routing Eng:ne (SRE) asof software reiease 114
`
`8
`
`FINJAN-JN 005228
`
`

`

`Case 3:17-cv-05659-WHA Document 358-7 Filed 01/24/19 Page 10 of 20
`Case 3:17-cv-05659-WHA Document 358-7 Filed 01/24/19 Page 10 of 20
`
`SRX100
`
`SRXNI0
`
`SRX210
`
`SRX220
`
`SRX240
`
`SRX550
`
`SRX650
`
`Routing
`JOOOKpps
`1000Kpps
`300Kprs
`200Kpps
`150Kpps
`100Kpps
`100Kpps
`Routing (Packe: Mode) PPS
`64
`56
`20
`16
`10
`5
`5
`BGPinstances
`256
`192
`32
`16
`16
`8
`8
`BG? peers
`800 «
`Nl2 «
`600 «
`32K
`16K
`8K
`8K
`BG? routes
`64
`56
`20
`16
`10
`4
`4
`OSPF instances
`200 K
`200 K
`200 K
`32K
`16 K
`aK
`BK
`OSPF toutes
`
`RIP v1/v2 instances 4 4 10 16 20 56 64
`
`
`
`
`
`
`RIP v2 routes
`8K
`BK
`16 K
`32K
`32K
`32K
`32 «
`Staticroutes
`8K
`BK
`16 K
`32K
`100 k
`100 K
`100 K
`Source-based rou7ing
`Yes
`Yes
`Yes
`Yes,
`Yes
`Yes
`Yes
`Policy-based routing
`Yes
`Yes
`Yes
`Yes
`Yes
`Yes
`Yes
`Equal cost multipath (ECMP)
`Yes
`Yes
`yes
`ves
`ves
`yes
`ves
`
`Reverse path forwarding (RPF}
`Yes
`Yes
`Yes
`yes
`Yes
`Yes
`Yes
`IPsec VPN
`Cancurrent VPN tunnels
`Tunnel interfaces
`DES (56-bit), 3DES (168-bit)
`and AES (256-bit}
`MD-5. SHA-1 and SHA-2
`authentication
`
`256
`64
`Yes
`
`Yes
`
`512
`64
`ves
`
`Yes
`
`1000
`28
`Yes
`
`Yes
`
`2.600
`456
`yes
`
`Yes
`
`3,000
`512
`Yes
`
`Yes
`
`128
`10
`Yes
`
`Yes
`
`8
`10
`Yes
`
`Yes
`
`Manual key. intermet Key
`Exchange (IKE vi+v2). public key
`infrastructure (PK!) (X. 509)
`Perfect forward secrecy (3H
`Groups}
`Yes
`Yes
`Yes
`Yes
`Yes
`Yes
`Ves
`Prevent replay atiack
`Yes
`Yes
`Yes
`yes
`Yes
`Yes
`Yes
`Dynamic remote access VPN
`Yes
`Yes
`yes
`ves
`Yes
`Yes
`Yes
`‘Psec NAT traversal
`Yes
`Yes
`Yes
`Yes
`Yes
`Yes
`yes
`Redundant VPN gateways
`
`Number of remote access users=25 users 25 users 50 users 500 users
`
`
`150 users
`250 users
`500 users
`
`Yes
`
`25
`
`Yes
`
`1.2.5
`
`Yes
`
`1.2.5
`
`Yes
`
`12.5
`
`Yes
`
`25
`
`Yes
`
`125
`
`yes
`
`2.5
`
`User Authentication and Access Control
`Third-party user authentication
` RADIUS.RSA
`RADIUS, RSA
`Secure!D,
`SecurelD
`LDAP
`LDAP
`Yes
`Yes
`Yes
`Yes
`
`RADIUS. RSA
`Secure!D.
`LDAP
`Yes
`yes
`
`RADIUS,RSA RADIUS RSA
`SecureiD
`Secure!D.
`LDAP
`LDAP.
`Yes
`Yes
`Yes
`Yes
`
`RADIUS. PSA RADIUS. RSA
`SecureiD.
`SecureiD.
`LDAP
`LBAP
`Yes
`Yes
`yes
`Yes
`
`Yes
`
`Yes
`
`Yes
`
`Yes
`
`Yes
`
`Yes
`
`Yes
`
`RADIUS accounting
`XAL7H VPN, Web-based, 802.X
`authentication
`PKi certificate requests (PKCS7
`and PKCS 10)
`
`
`Certificate Authorities supported=Yes Yes Yes Yes Yes Yes Yes
`
`
`
`
`
`Virtualization
`Maximumnumber of security
`zones
`
`10
`
`10
`
`12
`
`24
`
`64
`
`96
`
`128
`
`3
`
`3
`
`10
`
`15
`
`64
`
`128
`
`128
`
`
`
`
`
`
`
`
`
`
`
`Maximum number of virtual
`routers
`Maximum number of VLANs 3.967 16 16 64 128 2,000 3,967
`
`
`
`
`
`
`wo
`
`FINJAN-JN 005229
`
`

`

`Case 3:17-cv-05659-WHA Document 358-7 Filed 01/24/19 Page 11 of 20
`Case 3:17-cv-05659-WHA Document 358-7 Filed 01/24/19 Page 11 of 20
`
`Data Sheet
`
`
`SRX100
`
`SRX110
`
`SRX210
`
`SRX220
`
`SRX240
`
`SRX550
`
`SRX650
`
`Encapsulations
`PPP/MLPPP
`PPPoE
`PPPoA
`
`MLPPP maximum physical
`interfaces
`
`N/A
`Yes
`N/A
`
`N/A
`
`N/A
`Yes
`Yes
`
`N/A
`
`Yes
`Yes
`Yes
`
`1
`
`Yes
`Yes
`Yes
`
`2
`
`Yes
`Yes
`Yes
`
`4
`
`Yes
`Yes
`Yes
`
`12
`
`Yes
`Yes
`Yes
`
`12
`
`
`
`Frame Relay
`MLFR (FRF 15, FRF 16)
`MLFR maximum physical
`interfaces
`
`HDLC
`N/A
`N/A
`Yes
`yes
`Yes
`Yes
`Yes
`Wireless
`
`N/A
`N/A
`N/A
`
`N/A
`N/A
`NVA
`
`Yes
`Yes
`1
`
`Yes
`Yes
`2
`
`Yes
`Yes
`4
`
`Yes
`Yes
`12
`
`Yes
`Yes
`2
`
`
`CX3G /4G LTE Bridge support=Yes Yes Yes Yes Yes Yes yes
`
`
`
`
`
`oe Series Managemen:
`Yes
`Yes
`Yes
`Yes
`Yes
`Yes
`Ves
`
`Flash and Memory
`Memory (DRAM)
`
`Memory slots
`Flash memory
`
`26GB
`{SRXIOGH2)
`Fixed
`memory
`2G5
`
`2GB
` (SRXTIOH2)
`Fixed
`memory
`2GBCF,
`externally
`accessible
`
`268
`(SRX2IOHE2)
`Fixed
`memory
`2GB
`
`2GB
`(SRX220H2)
`Fixed
`memory
`2GBCF.
`extermally
`accessible
`
`2GB
`(SRXK240H2)
`Fixed
`memory
`2GB
`
`2 GB/ GB"
`
`;
`2DIMM
`2 GB/8 GB"
`CF internal
`
`2GB
`(SPRX650)
`eli
`401MM
`2GBCF
`internal on
`SRE,external
`slot empty.
`up to 2 GBCF
`supported
`
`US8 portfor external storage
`Yes
`Yes
`Yes
`Yes
`Yes
`yes
`Yes
`Dimensions and Power
`Dirnensions (W x H x D)
`
`B5x14x
`5.8 in (21.6 x
`36x147cm)
`
`Weight (device and power
`supply)
`
`25lib(.1kg)
`
`75x35x
`V5 x%3.5%
`175 X75 8
`18.2 in (44.4
`18.2 in (44.4
`lin (444
`xBBx 462
`x88 x 462
`x44x385
`cm)
`cm)
`cm)
`24.9\b
`21.96 Ib
`For LMand
`343lb
`33lb(5kg)
`(3 kg)
`(9.96 kg)
`HM-AC: 11.2
`(1.56 kg)
`non-PoE /
`Nointerface
`Nointerface
`Ib (5.1 kg)
`non- PoE
`44\b
`modules
` ForHM-DBC: modules
`Nointerface
`{2 kg) PoE
`
`Nointerface=modules 12.56 Ib (5.7 1 power 1 power
`
`
`modules
`kg) /12.3\b
`supply
`supply
`(56 kg) PoE
`No interface
`modules
`
`N02 x173 x
`712in(28.0x
`44x18lcem)
`
`1431x173x
`7Nin(363x
`44x1Blem)
`
`W.02 x 1.72 x
`8.385 in
`(28x437x
`21.3 cm)
`67\b
`(3.06 kg)
`
`Rack-mouniable
`Power supply (AC)
`
`Yes. 2 RU
`Yes, 2 RU
`Yes, TRU
`Yes. 1 RU
`Yes, 1RU
`Yes. 1 RU
`Yes, 1 RU
`100-240
`150 Wfori(M 100-240
`100-240
`100-240
`100-240
`100-240
`VAC,
`and HM
`VAC,
`VAC,
`VAC,
`VAC, 60 W
`VAC. 30 W
`
`
`
`60 Wnon- 190 W for HM©single 64560 W non- single 645
`PoE/
`PoE /
`with DC
`W or
`W or
`150 W PoF
`200 W PoE
`360 W for
`dual 645 W
`dual 645 W
`Por
`
`Maximum PoE power
`
`N/A
`
`247 W
`247\N
`redundant, or
`redundant, or
`494 W non-
`494 Wnon-
`
`redundant redundant
`
`N/A
`
`50 Ww
`
`120 W
`
`150 W
`
`‘7:4 GB DRA!and 6 GBCFis defauit on the SRX550 righ Memory SKUs
`
`
`FINJAN-JN 005230
`
`

`

`Case 3:17-cv-05659-WHA Document 358-7 Filed 01/24/19 Page 12 of 20
`Case 3:1