We performed a comparison between Fortinet Fortigate and Juniper SRX based on our users’ reviews in four categories. After reading all of the collected data, you can find our conclusion below.
Comparison of Results: Based on the parameters we compared, Fortinet Fortigate seems to be a superior solution. All other things being more or less equal, our reviewers felt that Juniper SRX’s user interface as well as its pricing could be improved.
"The SD-WAN is the most valuable feature."
"The most valuable feature of Fortinet FortiGate is load balancing. It can provide central management and VPNA. Additionally, it has enhanced our security environment."
"Fortinet has a very good solution for Secure SD-WAN. One very good feature is that they have robust and simple FortiOS through which they provide all solutions. That's their strength. There's not much complexity involved with the Secure SD-WAN solution of Fortinet as compared to Cisco's solution, which has a lot of flexibility but complexity also comes with that flexibility."
"Fortigate's most valuable feature is that it doesn't need a push policy when writing rules."
"It works very well. It has a lot of different functionalities. Its cost is also fine for our customers."
"The stability and scalability of this solution are satisfactory. Its SD-WAN, VPN, and URL filtering features are very useful."
"User-friendly and affordable security solution that's recommended for SMB customers. This solution has good technical support."
"The simplicity of the configuration and the stability of the product are most valuable. The VPN concentrator is very useful."
"If we need to define our user system from an anti-spam perspective, we can constantly update the antivirus."
"The most valuable feature of Juniper SRX is that it is plug-and-play. Additionally, it has a lot of capabilities in one device."
"One of Juniper SRX's most valuable features is the site-to-site VPN."
"The features that I have found valuable are the ones for the main purpose we are using Juniper - its firewall to protect our network for our internet access."
"It is a part of the infrastructure when we're selling Juniper. That's what clients are familiar with and that's what they rely on."
"The technical support is quite good."
"The solution is stable, inexpensive, and works well for medium size companies."
"The setup is pretty straightforward."
"The support we receive when we need to upgrade is not satisfactory and has room for improvement."
"The support from Fortinet FortiGate could improve. They are not easily accessible when we need them. They could improve their response time."
"The renewal price and the availability could be improved."
"Fortinet FortiGate is a firewall solution and once it's deployed, you can rest assured that your system is secure."
"It is very expensive, and their support is not very good. I hope that their technical support will be better in the future."
"With the reports, you can see it, and you can get good feelings so upper management can go, "Oh, wow. That looks pretty." However, it's very basic."
"The solution could be more secure and stable."
"There can be more security in hybrid implementations. When a customer has a hybrid environment where some parts are in the cloud, we need a consistent security solution for such scenarios."
"I think improvement can be done to the security part, particularly the UDM, and the product should have a user-friendly interface similar to FortiGate. It should have the Azure RBAC in the next release."
"It would be ideal if the solution could use cloud services to help update signatures or threat prevention systems."
"It does have its nuances in terms of deployment. There are always areas to make something easier or more intuitive or make the system auto-negotiate more with existing hardware."
"The centralized management platform could be improved."
"Juniper SRX is stable, but it could improve. FortiGate has better stability than Juniper SRX."
"We'd like to improve the stability and the kill rate."
"I would like to have a better web UI for administration. Juniper could simplify the web UI and make it more compatible with mobile devices."
"In comparison to other enterprise-level firewalls, such as Cisco FTD, Cisco has improved significantly. In the past, I believed that Juniper SRX was superior, but after seeing the advancements in the FTD platform, Cisco has better functionality. I have not recently explored Juniper SRX's next-generation firewall capabilities as we only use basic firewall filtering in our enterprise network."
Fortinet FortiGate is ranked 1st in Firewalls with 108 reviews while Juniper SRX Series Firewall is ranked 13th in Firewalls with 22 reviews. Fortinet FortiGate is rated 8.4, while Juniper SRX Series Firewall is rated 7.8. The top reviewer of Fortinet FortiGate writes "Efficient, user-friendly, and affordable". On the other hand, the top reviewer of Juniper SRX Series Firewall writes "Useful telecom industry functionality, simple deployment, but lacking features". Fortinet FortiGate is most compared with Sophos XG, Cisco Secure Firewall, Netgate pfSense, Meraki MX and Fortinet FortiGate-VM, whereas Juniper SRX Series Firewall is most compared with Cisco Secure Firewall, Palo Alto Networks WildFire, Netgate pfSense, Meraki MX and Check Point NGFW. See our Fortinet FortiGate vs. Juniper SRX Series Firewall report.
See our list of best Firewalls vendors and best Firewalls vendors.
We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
Hello Fahrorozi,
From my point of view, I would rather choose SRX4200 solution over FortiGate1800.
Why?
1. SRX4200 is a compact 1U device equipped with ports you actually need for full firewall usage and not for datasheet specifications.
2. Juniper Networks started as a Network company so alongside with full NGFW functions of the SRX firewall you are also getting full L3 routing functionalities same ones that are working on Juniper routers with complete granular configuration.
3. All products from Juniper Networks are equipped with their JunOS Operating System which is built on FreeBSD with data and control plane separation. Main configuration and really fast troubleshooting power are provided with structured CLI where you can do everything you can imagine even get into FreeBDS for troubleshooting if needed. Also, a tool like MTR (My Traceroute) for troubleshooting is available. JunOS configuration is the same for every Juniper Networks device so when you will get used to it you can configure every platform the same way (except for stateful firewall functions dedicated only to the SRX platform).
4. Web management is also included on a device that simplifies day-to-day configuration. Web management historically was not quite great, but starting JunOS 21.x it was really improved and provided all you need for device configuration and troubleshooting, also Juniper is still working on quality-of-life improvements.
5. SSL VPN / Client VPN is fully integrated with Juniper SRX and also with a client application.
6. Regarding performance, FortiGate was and maybe is still not providing full packet sanity checks (IP protocol, SEQ number, etc.) in the default configuration. When you enable these features, FortiGate loses some performance because HW acceleration is not possible with these features.
7. Also when you are using NFS with source NAT then you will find a useful feature where you can set to NAT traffic with port number <1024.
8. Regarding C&C, antimalware, IPS, and centralized management it's all similar to all other vendors.
9. Juniper SRX also provides VRF-light routing table separation, and also Full separation with Logical systems that have separate processes for each LSYS. You can also allocate CPU resources for each LSYS.
10. Regarding HA Clustering you can use an active/active data plane (data traversing -> one node in a cluster is entrance and destination is on another node) in a special use case. You can also have free hands regarding failovers using separate interfaces/interfaces groups based on BFD, interface status, and IP reachability. You can also deploy a full L3 cluster.
This is only a subjective short summary, always depends on other factors (interfaces, budget, preferences, etc.). I would suggest you find the nearest partner (Forti or Juniper) to you, schedule a PoC and receive the solution you would prefer.
Instead of FortiGate, I would definitely choose SRX.
A different case is the native L7 firewall when I want to check all applications, then I would maybe consider Palo Alto vs SRX in some cases.
Hi Fahrorozi,
If I have to choose between these two, I will choose FG 1800.
Reasons:
1. More flexible ports to use from 1G to 40G
2. Includes SSL VPN / client VPN for users
3. Has better web management than SRX
4. From the datasheet, some of the throughputs are also larger (IPv4 FW throughput, Max Session, Max Policies, etc).
But you need to know what you need for your company.
- Maybe you only need a 10G interface instead of a 1G
- Maybe you don't need the SSL VPN / Client VPN
- You also don't need a large throughput.
Hope this helps.