Juniper SRX Series Firewall Reviews

The primary use case is for protecting enterprise systems.

It allows users connecting from homes, who urgently need to log into the networks through a secure tunnel without using internet IP gateway, access using a SSL.

• It is highly scalable, stable, and can be easily updated.
• It protects from distributed denial-of-service attacks, DDoS attacks, with Screen Options.
• When you design your networks, you can put SSL Inspection as a gateway to make the systems secured, like IT systems.

The GUI needs to be easier and more helpful for users who don't have security experience.

They need to add WAF management to the tool, as competitors already have it as part of their offerings. This feature is future of protecting enterprise solutions.

It is very stable, but it needs an engineer on the system while it is running to monitor for attacks and when attacks are in process.

It is easy to expand.

The technical support is good, but there is a time delay between the support and attacks.

The initial setup was straightforward, but has since become straightforward with experience.

For example, with MX (not SRX), it needs to be specific when you export or import the subnetting or addresses that you want to block or filter out of your networks. This is why it is a complex process the first time and becomes subsequently easier

You have to be aware of Linux commands, which will make you able to use this device, like exporting file, saving file, monitoring your logs, and making a new script.

Firewall for a lab environment.

Before, we were handling everything with a Vyatta server until our network became more complex.

Stability.

The device could be more user-friendly.

It is a basic firewall that we have been using for six years. It is a  good solution.

The most valuable feature is the brand itself. From a protection perspective, it provides a network perimeter security function for our company. 

We are finding that the UTM features which is required (like an antivirus or URL filtering) are not available.  We are now looking for the "Next Generation" of firewall protection. We need to be less vulnerable to attacks. 

In addition, we would really like to see an automated policy feature added. 

We use it as a firewall at our head office and branches. We use its IDS solution at the head office too.

It did not improve our safety because the IDS does not detect some attacks, but our anti-virus software did.

• Correct the bugs in the current version. 
• Help customers more with its configuration so they can feel safer.

We tried configuring the IDS for more than four months, but it did not work properly.

Our primary use case is security. The performance has been okay. It's a bit of a change from the Ciscos in terms of the configuration syntax, from the CLI perspective. We use it just as a firewall. We don't use it for routing functionality.

The Juniper was a later model, later technology than we had, more horsepower than we had before. The performance is better, but it could have been any firewall in its peer group. The improvement was because our old firewalls were, well, old. So the performance has been an improvement. And the IDS, perhaps, is a little better than what the older firewalls had.

I'm not sure what the most valuable features are. I'm not really that impressed with the technical support. I'm not really that impressed with the product, to be honest with you. Throughput seems to be okay.

The CLI is verbose. You have to say a lot to do a little. I don't like that part of it. Cisco's command syntax seems to be a good bit more concise. When you're trying to get something done, you don't want to have to type a bunch. I wish there was a quicker way to configure through the CLI. I know all the tricks of hitting spacebar etc. to finish the command, and the context tricks of going further in. But it just reminds me of an older operating system, like VAX/VMS. It's just very verbose.

Maybe this is where the Space Security Director product comes in, but we aren't quite using the Security Director in Space to its fullest yet.

It seems stable. We haven't had too many failures. We have had some but, by and large, it's been pretty stable. It's not taxed, the way we're using it.

The model we have is very scalable. It's a fairly large firewall.

I have spoken with technical support 30 or 50 times. On a scale of one to 10, I would evaluate Juniper technical support at five. It's never resolved in one call. It's always a couple of calls. We're not being passed from one department to another, it's just that they don't seem to be answering the question you give them. It's very frustrating.

I migrated it from an ASA to the Juniper. It was a fairly straightforward process. There are things that are required on the Juniper that weren't required on the Cisco, like the global address book. Things have to be on there before you can do a lot of net and the like.

You need to know what your company's strategic vision is, and then map the security part of that. I don't just mean cost-related, but the strategy for profit-related future ventures. You need to know why you want a particular firewall. Don't ignore the functions and future growth and products on the horizon from each of the vendors.

What you go with has to meet your current needs but, more importantly, is the company a going concern - meaning if they're going to get better - then how do they complement your particular industry's growth? Are they going to be there to make remote access and extranets and research easier to deliver? The product has to be configurable, with lots of options should you need to subscribe to those options.

The most important criterion, for me, when selecting a vendor is that they have to rank high in industry ratings. Juniper has just not been there. I haven't seen the 2018 reports, but year after year Juniper is not only the least visionary but one of the least in terms of performance. I also don't like the fact that they spun off their VPN to Pulse Secure. I know that's a subsidiary, but I don't necessarily want to have a separate appliance for a light-duty VPN.

I would rate Juniper at seven out of 10. It's a little harder to configure from a VPN perspective, VPN Tunnels. Their tech support is the big problem for me. I don't want to be bounced around. I don't want to get half an answer when I ask a whole question. I would take an inferior product with better tech support, without question. If I have a responsive engineering team that will fix problems when they come in, with firmware releases, etc., I'd clearly take an inferior product with that better support. It's all about function.

I probably wouldn't have chosen the Juniper in this environment. We just don't need yet another knowledge base to learn. And it doesn't fold into some of our Cisco services. For example, the assets control doesn't integrate well with the Radius servers. Something like that could be downloadable ACLs, for instance.

We use it as a perimeter firewall, data center firewall, and as VPN concentrators for some companies. It protects the data behind our switches. Our company provides the switches, like the EX-Series. 

We are an elite partners for Juniper. We use the firewall for data protection.

It has a high security implementation.

It integrates well with Fortinet and Palo Alto.

It uses many applications, like antivirus blocking and web filtering. Also, defining routing on it is very easy along with netting. The high availability of the application is good. We use the IDS and IPsec VPN features.

I would like to see endpoint control and endpoint testing security.

The GUI needs to be easier to handle.

The stability is good.

The scalability is good.

When we face problems, it is a firmware or software update. We call Juniper for support and they have a very good team for technical support. They help us a lot, then we will find the solution in the upgraded version of software of unit. 

I think there was a problem before I came to the company with Cisco and their firewall, so they decided to switch to Juniper.

It is more complex than other vendors, but we have gotten used to it. So, we find it easy to implement and deploy.

It has a low price.

We are also using Fortinet and have a partnership with Palo Alto. In addition, we are looking into a partnership with Citrix.

Cisco and FortiGate were on original shortlist.

They can use the Juniper SRX as a data center firewall. Juniper needs to focus more on their perimeter firewalls.

Our most important criteria is to look for 24-hour support, prices, partnerships, and what they offer to partners. Also, we want to know if the product can function with Juniper.

The Juniper SRX that we have is being used as a firewall. Somehow, it is performing.

The product is a normal router with basic firewall capacity. We don't have a dedicated firewall. Therefore, I don't have high expectations from Juniper. 

It helps us perform our daily jobs.

We are using it as a normal type of firewall.

I would like them to add a dashboard because it's difficult to operate.

The product only has basic features.

The stability is normal.

The scalability is normal.

I haven't used technical support, just local support.

The initial setup was complex.

It is not that expensive.

We are evaluating Palo Alto, Barracuda, and Sophos because we need a Next-Gen firewall.

It crashed, and we could not change it for some reason. I don't want to keep Juniper within my network anymore.

Most important criteria when selecting a vendor: 

• Dedicated support team
• Easy configuration.

Theere has been no change to our organization. We replaced an older Cisco ASA. We intended to use some of the UTM features, but we have not yet. In some cases, it is worse. We can’t do remote access IPsec VPNs for users like we could with the Cisco ASA. Instead, we set up OpenVPN. As the Cisco ASA is the de facto standard, doing a site-to-site IPsec VPN to other companies takes more time (e.g., IKEv2 will not work connecting to Cisco gear because traffic selectors are not supported for IKEv2).

We mostly use the Layer 4 firewall functions: Access rules, NAT, and site-to-site IPsec VPN. We liked that it had additional features and was more modern than the Cisco ASA line.

It needs better interoperability with Cisco gear.

No stability issues.

No issue. We are only a 40 person company and only have 50Mbps of internet bandwidth.

Technical support is good, though we have not really used support much. Juniper has a decent knowledgebase.

Previously, we had a Cisco ASA 5510. It was old and needed to be replaced. We switched because the Cisco ASA is underpowered. If you try to do too many functions, like IDS/IPS, UTM, virus scanning, and Smart Net, support is expensive.

The initial setup is mostly straightforward. We are converting one of our site-to-site VPNs with another company where we have overlapping subnets. This took some doing because the Cisco ASA allowed us to do policy-based NAT and could NAT the same IP subnet two different ways depending on the destination address. We needed to exclude 10 IP addresses out of a 24 subnet from the static NAT rule which was needed to deal with the overlapping subnets and ended up having to do more than 240 individual 32 NAT rules on the Juniper SRX240H2.

Work with a consultant who has good JunOS knowledge if you have a complex setup (we host more than 20 servers for internet access used by over a 1000 users).

Pricing is good. Most of the costs are in the UTM (IDS/IPS, virus scanning, etc.) subscription. Palo Alto was nice, but much more expensive.

We looked at Juniper SRX vs FortiGate and Juniper SRX vs Palo Alto, as well as the newer Cisco ASAs.