We performed a comparison between Fortinet Fortigate and Juniper SRX based on our users’ reviews in four categories. After reading all of the collected data, you can find our conclusion below.
Comparison of Results: Based on the parameters we compared, Fortinet Fortigate seems to be a superior solution. All other things being more or less equal, our reviewers felt that Juniper SRX’s user interface as well as its pricing could be improved.
"It does a lot for you for intrusion protection and as an antivirus. The threat management bundle is worth the money. You don't need another company to monitor your web traffic for you. You can do everything yourself on the firewall. You restrict your own black list for people on the firewall. You don't need to pay some other company for another product to do that for you. The firewall can do that for you. So, it's an easy-to-use product for people to be independent. They don't need to rely on other vendors to do what the firewall can do. They can do everything."
"It's a firewall that secures our internal network. I have been using it since 2013, and I find that most of the features are advanced, and very user friendly."
"FortiGate has a very strong unified threat management system."
"The solution is very, very easy to use."
"The most valuable feature of Fortinet FortiGate is the simple configuration."
"SSL-VPN is very useful for us and has been very reliable."
"There are lots of features and most of them are deployed for internet security. Users are protected if they accidentally go to some malicious sites."
"Whenever I need something, Fortinet improves and updates the software for me."
"It protects the data behind our switches."
"Juniper supports their products very well."
"It is a complete security bundle. The cloud-based Sky Advanced Threat Prevention feature is very valuable. I am 100% satisfied with the performance of the Juniper firewall. It has a very good throughput. It works very fine. We use our firewall as a site-to-site VPN or Software-Defined Wide Area Network (SD-WAN). In both cases, it has a very good and optimum performance. Their service support is very good in India. I get really good support from the Juniper team."
"It's fine, and it's good. It's very stable."
"The solution is stable, inexpensive, and works well for medium size companies."
"We mostly use the Layer 4 firewall functions: Access rules, NAT, and site-to-site IPsec VPN."
"The solution's stability is very good."
"It is very fast and very easy to maintain. Another nice part of it is that you can easily extract the logs and move them over to a security operations center."
"They should make the rule sets more understandable for the end user. When you're trying to explain to somebody how a computer network is secured, sometimes it's difficult for an end user or customer to understand. If there was a way to make the terminology more accessible to the end user, the set up could be easier. They should translate the technical jargon to an easily relatable and understandable conversation for the end user, the customer, that would be brilliant. Particularly in an environment where the IT structure is audited regularly, there's always pressure from the auditor to up the standards and up the security and you get your USCERT's that come out and there's a warning about this and the customer will want to lock out so much and when you apply it they run into issue where they can't search the internet or print to their remote office. Of course they can't print to your remote office, they just locked it up. They should make the language more understandable for the customer. If there's a product out there that made the jargon understandable to John Q. Public, I would buy that."
"Performance and technical support are the main issues with this solution."
"Its reporting capabilities can be improved. It should have some out-of-the-box reporting capabilities and some degree of customization. The basic reporting that it currently has is not sufficient to create more usable reports. It needs some sort of out-of-the-box reporting. They try to make customers purchase FortiAnalyzer for this kind of reporting, which is an additional cost. Other firewall vendors, such as SonicWall and Sophos, provide this sort of reporting without any additional cost."
"Fortinet currently has many products bundled with FortiGate including the basic firewall and load balancer, and I think that that they need to have separate product portfolios for each of these specialized services."
"It would be ideal if they had some sort of GUI interface for troubleshooting and diagnostics."
"Application management can be improved."
"The support structure needs to be improved because every time we contact them, there is a delay in the response."
"It would be nice if FortiGate incorporated some built-in endpoint protection features. I would also like a built-in SOC dashboard for managing multiple Fortinet firewalls."
"The Juniper SRX product needs to improve in terms of innovation."
"Improvements can be made to the GUI. The GUI can be improved by creating policies to handle IPS requirements. The configuration should be a one-step process. This would make it easier to complete the setup to register the time of operation."
"This solution needs to update for "Next Generation" needs."
"The pricing strategy of the vendor could improve."
"Juniper SRX could improve by adding an IPX feature."
"In comparison to other enterprise-level firewalls, such as Cisco FTD, Cisco has improved significantly. In the past, I believed that Juniper SRX was superior, but after seeing the advancements in the FTD platform, Cisco has better functionality. I have not recently explored Juniper SRX's next-generation firewall capabilities as we only use basic firewall filtering in our enterprise network."
"It could improve areas which need high performance."
"It was very difficult to deal with and required a lot of support, and the UI is very poor."
Fortinet FortiGate is ranked 2nd in Firewalls with 306 reviews while Juniper SRX Series Firewall is ranked 19th in Firewalls with 86 reviews. Fortinet FortiGate is rated 8.4, while Juniper SRX Series Firewall is rated 7.8. The top reviewer of Fortinet FortiGate writes "It's a reliable solution that's easy to install and cheaper than competitors ". On the other hand, the top reviewer of Juniper SRX Series Firewall writes "Highly scalable, user-friendly UI, and easy to maintain". Fortinet FortiGate is most compared with Sophos XG, Cisco Secure Firewall, Netgate pfSense, Meraki MX and Sangfor NGAF, whereas Juniper SRX Series Firewall is most compared with Cisco Secure Firewall, Palo Alto Networks WildFire, Netgate pfSense, Palo Alto Networks NG Firewalls and Check Point NGFW. See our Fortinet FortiGate vs. Juniper SRX Series Firewall report.
See our list of best Firewalls vendors and best Firewalls vendors.
We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
Hello Fahrorozi,
From my point of view, I would rather choose SRX4200 solution over FortiGate1800.
Why?
1. SRX4200 is a compact 1U device equipped with ports you actually need for full firewall usage and not for datasheet specifications.
2. Juniper Networks started as a Network company so alongside with full NGFW functions of the SRX firewall you are also getting full L3 routing functionalities same ones that are working on Juniper routers with complete granular configuration.
3. All products from Juniper Networks are equipped with their JunOS Operating System which is built on FreeBSD with data and control plane separation. Main configuration and really fast troubleshooting power are provided with structured CLI where you can do everything you can imagine even get into FreeBDS for troubleshooting if needed. Also, a tool like MTR (My Traceroute) for troubleshooting is available. JunOS configuration is the same for every Juniper Networks device so when you will get used to it you can configure every platform the same way (except for stateful firewall functions dedicated only to the SRX platform).
4. Web management is also included on a device that simplifies day-to-day configuration. Web management historically was not quite great, but starting JunOS 21.x it was really improved and provided all you need for device configuration and troubleshooting, also Juniper is still working on quality-of-life improvements.
5. SSL VPN / Client VPN is fully integrated with Juniper SRX and also with a client application.
6. Regarding performance, FortiGate was and maybe is still not providing full packet sanity checks (IP protocol, SEQ number, etc.) in the default configuration. When you enable these features, FortiGate loses some performance because HW acceleration is not possible with these features.
7. Also when you are using NFS with source NAT then you will find a useful feature where you can set to NAT traffic with port number <1024.
8. Regarding C&C, antimalware, IPS, and centralized management it's all similar to all other vendors.
9. Juniper SRX also provides VRF-light routing table separation, and also Full separation with Logical systems that have separate processes for each LSYS. You can also allocate CPU resources for each LSYS.
10. Regarding HA Clustering you can use an active/active data plane (data traversing -> one node in a cluster is entrance and destination is on another node) in a special use case. You can also have free hands regarding failovers using separate interfaces/interfaces groups based on BFD, interface status, and IP reachability. You can also deploy a full L3 cluster.
This is only a subjective short summary, always depends on other factors (interfaces, budget, preferences, etc.). I would suggest you find the nearest partner (Forti or Juniper) to you, schedule a PoC and receive the solution you would prefer.
Instead of FortiGate, I would definitely choose SRX.
A different case is the native L7 firewall when I want to check all applications, then I would maybe consider Palo Alto vs SRX in some cases.
Hi Fahrorozi,
If I have to choose between these two, I will choose FG 1800.
Reasons:
1. More flexible ports to use from 1G to 40G
2. Includes SSL VPN / client VPN for users
3. Has better web management than SRX
4. From the datasheet, some of the throughputs are also larger (IPv4 FW throughput, Max Session, Max Policies, etc).
But you need to know what you need for your company.
- Maybe you only need a 10G interface instead of a 1G
- Maybe you don't need the SSL VPN / Client VPN
- You also don't need a large throughput.
Hope this helps.