Juniper SRX Series Firewall Reviews

Our main use case for Juniper SRX is for gateway level protection for all internet users and UTM and to control the user when accessing websites, applications and non-relevant sites.

Our main purpose for using the Juniper security solution is because we are also using Cisco routers, switches etc.. and we wanted unity in the OEM products so that we can maintain all the products in NMS.

The features that I have found valuable are the ones for the main purpose we are using Juniper - its firewall to protect our network for our internet access.

In terms of what could be improved, J-Web, Juniper Web, is sometimes not working great when users are increasing their internet use. Additionally, they need to improve the GUI, graphical user interface, and the firewall management needs to improve. Their CLI is good, but sometimes the GUI is very slow.

Also, the UTM, Unified Threat Management, feature needs to be improved.

We have been using Juniper SRX since January 2018.

Juniper SRX is stable. Stability is okay.

Juniper SRX has scalability. Its current site has 1500 users and we can upgrade to 2 K users.

Right now, we have around 500 - 600 total users, but I think some sections are still under deployment, so all the users are around the 1700 - 1800 range.

We connected with tech support seven or eight months ago. We got good support and a good response.

The initial setup is complex. It takes one week's time for deployment because we are also integrated with Active Directory and Radius Contactless.

We did it with our own team.

Before choosing Juniper, we compared it with two other solutions, but they were banned because they were Chinese products.

I suppose Juniper is a good solution for the railway and metro environment. These projects are very handy and work in the relevant environmental condition, because in this environment we have different climatic conditions. Suppose we require -5 to 55, -5 to 85 compression, some EMCMI specifications, such as EN501214 - Juniper is a good solution in the railway and metro environment, anywhere worldwide and domestic. It is relevant anywhere.

On a scale of one to ten, I would give Juniper SRX an eight.

We're using it as a primary firewall and UTM for the main lines coming into our offices and also for connecting our sub-offices around the world.

Previously, we had different routers for each of the incoming lines to the office, and we had other firewalls on the backend to manage them. Now, we have changed all of these, and we have all the lines coming into one single solution, which is SRX. We manage everything very easily from one single interface. Previously, we used to have 10 different devices to do that. Now, we have only one.

We like the fact that we can easily combine multiple internet links to the office and use them like one link.

It is very fast and very easy to maintain. Another nice part of it is that you can easily extract the logs and move them over to a security operations center.

Its logging is very good, but we would like to have an easier way of creating more reports. We would like to be able to manipulate the reports or manage the way the reports are coming out.

In terms of new features, we are using almost all of the features that it has, and there is nothing specific that it is lacking.

I have been using this solution for four years.

It is very stable.

It is scalable. We haven't used the scalability up till now, but we know that we can extend it.

We have 150 users here, and then we have around 30 to 40 users in different countries such as Singapore, Hong Kong, and Norway. They're using some parts of it. They are using some smaller units to connect to the main office.

We don't have any plans to increase its usage as of now. Any expansion would be in terms of getting new offices around the world. We may install more of those smaller ones, but for the time being, as far as I know, we will not expand it in the office because it is already performing as it should. It actually did a very good job when we were working remotely because it allows us to connect to the office very easily and work remotely.

They have been pretty good. In some cases, they took a little bit of time to give a response for the cases we were facing. However, in most of the cases, they were very fast in responding and providing full resolution to the cases we faced.

We had different routers for each of the incoming lines to the office, and we had other firewalls on the backend to manage them. We switched because it was too difficult to manage multiple solutions for each of those lines. We wanted to have one single place where we could manage everything. We also didn't want to have some people going out from one internet line and some from another internet line. We wanted to combine all those lines together and make them work as one, and that's what we achieved with SRX.

We were not so much involved in the setup because we had a security company to do that for us. It took us about two months.

We had a security company for its implementation. Our experience with them was very good.

For its maintenance, we have our IT department. There are three people for managing the maintenance of it. 

We evaluated many other options. We checked out Palo Alto, Fortinet, and Check Point.

I would advise others to do good planning in the beginning because that helps a lot in having a very little downtime. It took us two months to implement it, which might seem very long, but we had zero downtime. Nobody noticed anything during the switch. It was the best way to implement it. This is the most important part. When you are trying to do such changes in the organization, it is very important that you do it by using the right resources and from the right perspective.

I would rate Juniper SRX a 10 out of 10.

We use Juniper SRX for branch offices or for small office use.

The GUI is simple to use.

I have been using Juniper SRX for approximately 20 years.

Juniper SRX is stable, but it could improve. FortiGate has better stability than Juniper SRX.

Juniper SRX could improve the scalability to compete better with other solutions, such as 
FortiGate.

We have less than 10% of our customers using Juniper SRX.

We use FortiGate solutions and we have been deploying them more than Juniper SRX because of the benefits.

The installation is straightforward.

The time of the deployment depends on the complexity of the environment. If the customer requires HA deployment and the configuration could take longer time. On average, for a small-scale branch office, it can be completed within one day, which includes testing. If the customer does not have any special preference on the policy and they do not have any IP tunnels then it could be completed within half a day.

We have an in-house team of 10 engineers that do the implementation and maintenance of the solutions we provide.

I rate Juniper SRX a seven out of ten.

We had implemented two SRXs in high availability mode. They were used, generally, for firewall and NAT translation tables, for forwarding for services, and connecting branch offices. We have a constant internet connection, which is directly connected with the branch offices, in general. We didn't explicitly configure or use any specific SRX features regarding the filtering of URLs or something that a UTM could use, since Juniper has a more advanced configuration and, in general, a UI that's made for the customer.

The solution is mostly stable. 

We get technical support via the reseller, and they are very helpful. 

You can scale the solution. 

The solution works well for larger organizations. 

We've had some issues with the firmware. 

The solution is quite advanced. You need a lot of training to use it effectively.

When we bought the equipment, and we have more Juniper devices, not just SRX, they started to malfunction. I'm not sure why. All the devices that we bought were from the year 2018. We had the EX4600. Something was not working with this device. It was offline. We bought everything in twos so we could make a high availability with all of them. The current has malfunctioned, and all the warranties have also expired. We are, generally, expecting malfunctioning, maybe in the next few years. I was planning to switch the Juniper equipment with something else to avoid this.

It does not have a simple user interface. 

The warranty offered on the devices isn't long enough. it would be better if you could extend it out to five or eight years. Otherwise, you have to be very careful with the equipment. 

I'm not sure if Juniper SRX can filter emails or block viruses. I'm not familiar with these aspects as I haven't had that much experience using the SRX inside the UI. However, if they do not, it would be ideal if they did. I'm not sure if it can deflect any kind of DDoS attack. 

The one particular issue that I've seen on the SRX, is if you have SSH enabled and if there is a large number of SSH connections, when a brute force attack happens, the SRX, in general, tends to become unstable, or it resets by itself. That's one issue that's particularly making me angry, and I had to request the reseller to block the SSH permanently, or just to allow access, so only they can connect.

Juniper SRX was implemented in our company at the start of 2018.

While the solution has been running stable, one device has also malfunctioned. We had some issues with Juniper in general. It was regarding the firmware and some box, or something like that. We've needed to contact our reseller more frequently to fix the issues that are occurring when using the device.

Regarding stability, it's pretty much working in a stable way. I haven't had any issues regarding, let's say, speeds or connectivity or general day-to-day use, when users connected on the switches and accessing the internet, and so on. That said, sometimes with the devices, strange issues happen.

Regarding scalability, generally, it is simple, I would say, at least from my perspective. I wasn't the person that configured the devices, however. The reseller was. 

Before the Corona crisis, there were 250 users. Now we've got maybe 90 to 100 people.

We generally contact the reseller that sold us the device and also has a maintenance protocol. We have services on-demand when some issues arise and we need help.

The reseller was pretty good regarding ticket issues, management, or making modifications, even during the production time. They are really trusted people, and a trusted IT company, and they've expertly managed all the requirements that I've sent them or any other modification on the network that I wanted to have.

I've used Cyber and a Sophos UTM device. Juniper is, generally, more advanced. I haven't been able to get enough training to maintain the Juniper device.

The main reason we chose Juniper was the stability, and the number of concrete connections that users can make when, let's say, they going out to the internet, and accessing services over the internet. Also, regarding the network port-forwarding to internal servers, in services, the device that we had before was Cyberoam UTM, and it didn't quite handle the high load. I generally noticed that SRX can handle pretty high network loads when going in or out. It's proven itself to be stable in that regard.

The initial setup was generally handled by the reseller and they did the setup as described on the schematic and regarding core network configuration, high availability, security, firewalls, et cetera. It was, generally, out of the box when it was configured and set up from the ground up.

While the setup was planned in 2017, it was up and running in 2018. It took about six months or so.

We switched office buildings, the main office. The new office was built with this solution. Everything was migrated, including all the network devices, all the servers, all the ISP, internet connections, and so on. Everything was, generally, carefully planned when it was deployed.

Our reseller also handles the maintenance. Generally, that takes one or two people.

Our reseller partner handled the initial setup for the most part.

I can't speak to the licensing. It's not an aspect I handle directly. I can't say that there are extra costs involved beyond the licensing fee. 

We are currently using Juniper SRX, however, I was thinking about maybe changing the devices to FortiGate or a UTM device.

Lately I was thinking about simplifying. Maybe FortiGate might have something more user-friendly for the end-user or for the customer experience.

I'm just a customer and an end-user.

We are using the SRX Model 345. It's a physical device. It's not a virtual instance.

In general, I wouldn't recommend Juniper to, for example, a small business. I would maybe recommend it to a bigger company. We might have made a mistake taking Juniper. Maybe we should have used something more user-friendly.

I would recommend it to a company that has more than 250 people. Or maybe even over 300. For a smaller company, it's not financially, efficient in the long-term, in terms of subscriptions or maintenance costs and similar things. A company that uses high-grade enterprise equipment, should be really financially equipped to handle such things.

It's highly advanced, at least for me. I would really need some training to at least handle some basic things, or maintenance, or even Firmware upgrading or high availability configurations. It's too advanced for me. I would really need to have some kind of network specialist certificate to manage them.

I would be really worried about the warranty as a new user as well. You really need to keep the subscriptions up to date, or not to stop them. If you've stopped them, you also need to pay penalties for the years that the subscriptions weren't used. 

Regarding equipment, you really need to have them in twos, not one. You need to have high availability for all of them. The equipment tends to malfunction, specifically if there are any power issues inside the building, or if there isn't any generator or UPS underneath, and so on. The equipment really needs to be taken care of.

I'd rate the solution at an eight out of ten.

We use the solution for protection and security. We primarily use the solution for an internal firewall.

If you require any particular rule that needs to be modified, any particular rule that needs to be fine-tuned, the solution will give you all the details regarding how to fine-tune the policy, including the destination, IP, et cetera. You can easily fine-tune whatever you need to in Juniper. It's easy to implement and meets our patience threshold. 

The dashboard is very helpful. It's extremely useful in terms of putting the necessary policies in place.

I handle the operation part. I'm just putting policies, et cetera, on Juniper. For tasks such as those, it is very easy and it is a comfortable, straightforward process.

The solution has proven to be quite stable.

Technical support has been quite helpful.

I've noticed that the management interface could use some updates and upgrades.

The dashboard can be updated. 

The reporting could be more robust and in-depth.

I've looked into the Check Point firewall a bit and I've found that its anti-spoofing is a good feature. Juniper should consider adding that as a feature.

I've only just begun to really use the product. I only have one year of experience so far. It's still new to me. Therefore, it's hard to make any notes on any features or improvements, as I'm still familiarizing myself with everything. I need time to compare it to other firewalls, and I have not gone through the process of doing that just yet. I need more time.

I've been dealing with the solution for about one year. It hasn't been that long. 

It is really stable. I've seen Juniper work well in my other companies as well. It is very good, in terms of stability. There are no bugs or glitches. It doesn't crash or freeze. The performance is reliable.

Overall, the scalability is very good. A company should have no trouble with scaling if it would like to do so.

We have about 2,000 users currently. They cover various roles in our organization. It's not just used by a specific team.

The technical support on offer is very good. Whenever I would have some issues, they have responded on time and they have really good knowledge of the product. We've been quite satisfied overall.

We use a variety of solutions, including Cisco and Check Point.

I did not handle the initial implementation. That was handled by someone else. Therefore, I can't really share any insights on the process. I do not know if it was easy or difficult, or how long it really took to deploy.

I do not handle the licensing arrangements. That's handled by management. Therefore, I can't speak to how much it costs the organization or how often we pay a licensing fee.

We're just a customer and an end-user.

In general, on a scale from one to ten, I'd rate this product at a nine. We've been quite satisfied with its capabilities so far. 

I'd recommend the solution, however, it really depends on what an organization needs. There are various factors, like pricing, for example, that should be taken into account when looking at solutions.

We are using 300 series and 1500 series models.

It is a complete security bundle. The cloud-based Sky Advanced Threat Prevention feature is very valuable.

I am 100% satisfied with the performance of the Juniper firewall. It has a very good throughput. It works very fine. We use our firewall as a site-to-site VPN or Software-Defined Wide Area Network (SD-WAN). In both cases, it has a very good and optimum performance.

Their service support is very good in India. I get really good support from the Juniper team.

It must be 5G ready. The 5G network is rolling out soon in India, and Juniper must upgrade their firewall slot to the 5G network, or they must manufacture a 5G dongle card for the Juniper firewall. I want Juniper to upgrade their dongle from 4G to 5G. 

Presently, they have an expansion slot in the SRX 322 series and higher firewalls. In that expansion slot, they can put a 4G mobility SIM card so that whenever our primary link is down, it will automatically connect through this GSM network and form a tunnel.

I have been using this solution for three years.

It is 100% stable. They have a common operating system for firewalls, routers, and LAN switches.

Their technical support is excellent. As compared to any other company, Juniper has better support in India. We have a very good understanding, and I get good support from them.

I have worked with Sophos and SonicWall. As far as the real packet forwarding internet mix is concerned, Juniper is far better than SonicWall, FortiGate, Sophos, and Cisco.

The setup of any firewall is always complex because we have to customize features according to customer requirements.

Its price is reasonable. In India, most of the products have a similar price. There is only a 5% to 10% variation in the price of different brands.

I would recommend this solution to others. They can blindly go with Juniper. Juniper has very good after-sales support. Their technical team is very aggressive in support, and they give very good support to the customers.

I plan to keep using this solution. Currently, there is no plan to switch from Juniper to any other brand. I am 100% satisfied with Juniper. They provide a very good service to my customers. I don't have any concerns about after-sales support with Juniper.

I would rate Juniper SRX a ten out of ten.

We use the solution as a device to meet NTLS connections, a firewall, and we are thinking about using it for SD-WAN.

The firewall features and the routing capability are the most valuable. The interface is straightforward and we have not had any problems with integration.

Their models for service providers could improve. We are an MSP, we resell services and I think the company could have a better program for service providers because our needs are different from our regular customer that is buying it for.

More recently we started using the GUI interface and that looks pretty shameful and needs improvement.

Juniper has a different product line that has artificial intelligence capabilities. In the future, we would like to see that extended to the SRX line.

I have been using the solution for approximately two years.

We have found the solution to be very stable. We have had literally little to no hardware or device failures in the field and have not had any customer complaints. In the years we have been using the solution we have not had any issues using it.

The scalability is good. The solution is best for small to medium size businesses.

We had to use the support in a couple of instances. When we have used the support, it was good. They were responsive and able to resolve our issues. There is also some community support online that I have found to be helpful.

The installation difficulty depends on the setup. Initially, when we started using the solution, we were using the command line interface and it took us a while to learn the commands, eventually, it becomes straightforward. 

The full deployment took us approximately one month. We typically need only one person for deployment, and we have a service operation center that manages the devices and provides the maintenance.

The price could improve, it is a bit expensive. Our licensing cost is approximately $120.00 USD annually. There are some extra fees, for example, the GUI has an orchestrator that has its own fees. 

Some of our clients have also seen similar solutions from our competitors such as Cisco and Fortinet. I think technically they are all very good products. However, for us we were looking for a product that was stable and had good support, this is the reason we chose Juniper. We package Juniper as part of our managed service to our customers.

My advice would be, generally, it is a good product with helpful support. The one thing we would like to see changes in is the pricing could be better.

I rate Juniper SRX an eight out of ten.

We are a solution provider and we work closely with our clients to identify their requirements, and then we suggest a solution. Once they accept it, we implement it. The Juniper SRX is one of the models that our clients have chosen.

It is primarily used as a firewall.

The most valuable feature is robustness.

The training videos that are available need to be improved, and made more educative. This will help users to become more familiar with the product.

I have been using Juniper SRX for the past four years.

We had suggested an HA-based environment, or architecture in the majority of places that we have implemented Juniper. In these cases, it has been very stable. There have been other products that we couldn't upgrade to the latest format, but Juniper could always be upgraded. It always worked and never crashed.

I am not very sure about scalability, but I believe that we were able to migrate a few of the lower models to the high-end models and it worked perfectly well. There was no problem.

They have technical support over the phone as well as the online ticketing system and that has worked out pretty well. They have been able to solve problems for us, although I do not know all of the details because we direct our clients to them. When our clients get in touch with customer support to resolve their issues, they share the information with us later.

I sell other products from vendors such as F5, and they have a good training facility online. Juniper is behind in terms of video training that they have available.

The initial setup is not very easy. We had faced problems in the GUI, so we had to switch back to the CLI to get things done. While using the GUI, it was pretty easy and we could accomplish things by just clicking. However, for some reason, there were errors and we had to complete it using the CLI. I have no idea why this was the case, but we finally achieved what we wanted.

Our team implements this product for our clients.

This is an expensive product. The buying power of companies in my region is such that perhaps 5% of them are pretty good. The majority of them are very bad in terms of buying power, so they look at the cost of these solutions and Juniper is not able to match the price.

There are several options that we offer for our clients. These include Pala Alto, Cisco, Dell, SonicWall, F5, and FireEye. Some of our clients choosing Juniper, whereas others choose a solution from another vendor. The majority of our clients choose Cisco or FireEye.

Most of the companies that we deal with have a committee that takes care of purchases. We sit with the committee and they iterate through the various benefits of the solutions, after which the purchase is finalized. We are not biassed toward any particular product. We explain everything to our clients, show them the prices, and they come back to say what product they have chosen.

In summary, this is a good product, although it is a little bit expensive and the training could be improved. Training is something that is very important, and we were not able to get much information. For example, we couldn't get the best-recommended practices, which is something that we look at when implementing solutions. We were able to get a few of them, although not all of them have been updated. Consequently, we have a shortage of information about Juniper. Nonetheless, customer support has been able to help us in a big way.

Overall, things have been a bit slow, but we have been able to catch up.

I would rate this solution a seven out of ten.