We performed a comparison between Fortinet Fortigate and Juniper SRX based on our users’ reviews in four categories. After reading all of the collected data, you can find our conclusion below.
Comparison of Results: Based on the parameters we compared, Fortinet Fortigate seems to be a superior solution. All other things being more or less equal, our reviewers felt that Juniper SRX’s user interface as well as its pricing could be improved.
"The network security and cloud security are most valuable."
"Some of the key features of the solution is that it has good reporting, you can receive many details from the connection, for example, clients and website information."
"Its stability is the most valuable."
"The payment function for applications is good."
"It's inexpensive compared to some of the other technology out there."
"Fortinet FortiGate is stable. It's used across all the countries, this is the way most multinationals run their system."
"This product is definitely scalable."
"It blocks the vulnerabilities that can negatively impact us."
"I like the routing and firewall features."
"One of Juniper SRX's most valuable features is the site-to-site VPN."
"Most of our clients use it as a traditional firewall, blocking Layer 3 and Layer 4, blocking by transport."
"The command line in Juniper SRX is extremely powerful, in my opinion. It's one of the best command lines I've used in networking products."
"Technical support has been quite helpful."
"Performance is a strong point."
"I like the Junos OS, which has been very good for me. It's very clever."
"It uses many applications, like antivirus blocking and web filtering."
"The solution could be more evenly structured."
"I would like to see improvements in the product's application rules."
"It would be ideal if they had some sort of GUI interface for troubleshooting and diagnostics."
"The solution's framework needs to be frequently updated in order to have a stable solution."
"Due to its higher cost, Fortinet FortiGate can lead to increased operational expenses."
"In terms of what could be improved, the SD-WAN is quite difficult, because if you install the new box, 15 is okay, but if you change from an old configuration, if there is already configuration and a policy when you change to SD-WAN, you must change the whole policy that you see in the interface."
"The inability to scale the FortiAnalyzer to match our growth necessitates the purchase of new hardware."
"They can do more tests before they release new versions because I would like to be more assured. We had some experiences where they release something new and great, but some of the old features are disabled or they don't work well, which impacts the product satisfaction. The manufacturer should be able to prove that everything works or not only that it might work. This is applicable to most of the other services, software, and hardware companies. They all should work on this. We cannot trust every new release, such as a beta release, on the first day. We wait for some comments on the forums and from other companies that we know. We always wait a few weeks before we use the updated version. They should also extend the VPN client application, especially for Linux versions. Currently, it has an application for Linux devices, but it doesn't work the way we want to connect to the VPN. They use only the old connection, not the new one. They have VPN client applications for Windows and Mac, but they can add more useful features to better manage the devices and monitor the current health of each device. Such features would be helpful for our company."
"The GUI needs improvement."
"The interface could be more user-friendly."
"This solution needs to update for "Next Generation" needs."
"While the GUI is pretty good on the Juniper side, there can still be tweaks made to it that will make it even better."
"I would like to see endpoint control and endpoint testing security."
"The GUI needs to be easier to handle."
"Juniper SRX is stable, but it could improve. FortiGate has better stability than Juniper SRX."
"The product only has basic features."
Fortinet FortiGate is ranked 2nd in Firewalls with 306 reviews while Juniper SRX Series Firewall is ranked 18th in Firewalls with 86 reviews. Fortinet FortiGate is rated 8.4, while Juniper SRX Series Firewall is rated 7.8. The top reviewer of Fortinet FortiGate writes "It's a reliable solution that's easy to install and cheaper than competitors ". On the other hand, the top reviewer of Juniper SRX Series Firewall writes "Highly scalable, user-friendly UI, and easy to maintain". Fortinet FortiGate is most compared with Sophos XG, Cisco Secure Firewall, Netgate pfSense, Meraki MX and Sangfor NGAF, whereas Juniper SRX Series Firewall is most compared with Cisco Secure Firewall, Palo Alto Networks WildFire, Netgate pfSense, Palo Alto Networks NG Firewalls and Check Point NGFW. See our Fortinet FortiGate vs. Juniper SRX Series Firewall report.
See our list of best Firewalls vendors and best Firewalls vendors.
We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
Hello Fahrorozi,
From my point of view, I would rather choose SRX4200 solution over FortiGate1800.
Why?
1. SRX4200 is a compact 1U device equipped with ports you actually need for full firewall usage and not for datasheet specifications.
2. Juniper Networks started as a Network company so alongside with full NGFW functions of the SRX firewall you are also getting full L3 routing functionalities same ones that are working on Juniper routers with complete granular configuration.
3. All products from Juniper Networks are equipped with their JunOS Operating System which is built on FreeBSD with data and control plane separation. Main configuration and really fast troubleshooting power are provided with structured CLI where you can do everything you can imagine even get into FreeBDS for troubleshooting if needed. Also, a tool like MTR (My Traceroute) for troubleshooting is available. JunOS configuration is the same for every Juniper Networks device so when you will get used to it you can configure every platform the same way (except for stateful firewall functions dedicated only to the SRX platform).
4. Web management is also included on a device that simplifies day-to-day configuration. Web management historically was not quite great, but starting JunOS 21.x it was really improved and provided all you need for device configuration and troubleshooting, also Juniper is still working on quality-of-life improvements.
5. SSL VPN / Client VPN is fully integrated with Juniper SRX and also with a client application.
6. Regarding performance, FortiGate was and maybe is still not providing full packet sanity checks (IP protocol, SEQ number, etc.) in the default configuration. When you enable these features, FortiGate loses some performance because HW acceleration is not possible with these features.
7. Also when you are using NFS with source NAT then you will find a useful feature where you can set to NAT traffic with port number <1024.
8. Regarding C&C, antimalware, IPS, and centralized management it's all similar to all other vendors.
9. Juniper SRX also provides VRF-light routing table separation, and also Full separation with Logical systems that have separate processes for each LSYS. You can also allocate CPU resources for each LSYS.
10. Regarding HA Clustering you can use an active/active data plane (data traversing -> one node in a cluster is entrance and destination is on another node) in a special use case. You can also have free hands regarding failovers using separate interfaces/interfaces groups based on BFD, interface status, and IP reachability. You can also deploy a full L3 cluster.
This is only a subjective short summary, always depends on other factors (interfaces, budget, preferences, etc.). I would suggest you find the nearest partner (Forti or Juniper) to you, schedule a PoC and receive the solution you would prefer.
Instead of FortiGate, I would definitely choose SRX.
A different case is the native L7 firewall when I want to check all applications, then I would maybe consider Palo Alto vs SRX in some cases.
Hi Fahrorozi,
If I have to choose between these two, I will choose FG 1800.
Reasons:
1. More flexible ports to use from 1G to 40G
2. Includes SSL VPN / client VPN for users
3. Has better web management than SRX
4. From the datasheet, some of the throughputs are also larger (IPv4 FW throughput, Max Session, Max Policies, etc).
But you need to know what you need for your company.
- Maybe you only need a 10G interface instead of a 1G
- Maybe you don't need the SSL VPN / Client VPN
- You also don't need a large throughput.
Hope this helps.