We performed a comparison between Fortinet Fortigate and Juniper SRX based on our users’ reviews in four categories. After reading all of the collected data, you can find our conclusion below.
Comparison of Results: Based on the parameters we compared, Fortinet Fortigate seems to be a superior solution. All other things being more or less equal, our reviewers felt that Juniper SRX’s user interface as well as its pricing could be improved.
"Easy to implement, and it is also reliable."
"Fortinet FortiGate's ease of management is the most valuable feature."
"I think that the UTM features are the most value, as it truly protects my infrastructure."
"The most useful functionality of Fortinet FortiGate is the user interface, multiple engines, and their cloud with the latest integrations. Additionally, the Security Fabric tool is very good."
"Web filtering and two-factor authentication are great features."
"Fortinet FortiGate is scalable for our users. Right now, we have almost 70 users. We do not have any plan to increase our usage of FortiGate. For maintaining the firewall solution, one staff member is enough."
"This solution made it very easy to manage our bandwidth."
"Fortinet FortiGate is easy to use. Anyone can easily maintain it."
"Technical support has been quite helpful."
"The reason that we picked Juniper SRX is for the scalability, the fit for purpose, the tools that are available, the ongoing support and the ability to monitor, but particularly for the virtual routers in our data centers so that we can quickly upscale them when needed, when we need more throughput."
"The deployment is quite easy and fast."
"The IPSec configuration is going well."
"It's fine, and it's good. It's very stable."
"The solution has been good for fulfilling our basic needs."
"The product provides good performance and has features comparable to other leading products in the market."
"It is a part of the infrastructure when we're selling Juniper. That's what clients are familiar with and that's what they rely on."
"In the next release, I would like to see the interface simplified to be more user-friendly."
"They should make the rule sets more understandable for the end user. When you're trying to explain to somebody how a computer network is secured, sometimes it's difficult for an end user or customer to understand. If there was a way to make the terminology more accessible to the end user, the set up could be easier. They should translate the technical jargon to an easily relatable and understandable conversation for the end user, the customer, that would be brilliant. Particularly in an environment where the IT structure is audited regularly, there's always pressure from the auditor to up the standards and up the security and you get your USCERT's that come out and there's a warning about this and the customer will want to lock out so much and when you apply it they run into issue where they can't search the internet or print to their remote office. Of course they can't print to your remote office, they just locked it up. They should make the language more understandable for the customer. If there's a product out there that made the jargon understandable to John Q. Public, I would buy that."
"Fortinet already improved FortiGate, but in the current market, many brands of security devices have improved together. Fortinet still needs to catch up with market standards. Fortinet is lacking in features in comparison to competitors."
"One of the features that I would like to have is to do with endpoint production, it should be integrated. For example, the firewall gets notified of any kind of forensic event that needs to be done, such as if there is a ransomware attack and how it originated, all those records have to be available from the firewall, which is not."
"Fortinet Fortigate could benefit by simplifying some of their processes."
"The improvement is related to logs. Instead of the CLI, we should be able to have more insights into the logs of the firewall in the GUI."
"Fortinet FortiGate is a stable solution. However, my issue is the performance only. When I use all the profiles, this affects the performance. From the beginning, I should have had a better sizing of the box."
"The security of Fortinet FortiGate could improve."
"The technical support has room for improvement."
"The GUI needs to be easier and more helpful for users who don't have security experience."
"I think Juniper SRX should have a GUI. Some of the competitors are already implementing GUI for the firewall."
"Their models for service providers could improve."
"It does have its nuances in terms of deployment. There are always areas to make something easier or more intuitive or make the system auto-negotiate more with existing hardware."
"The range of devices should be expanded to include those suitable for a small implementation. Juniper does not have any lower-priced SRX models, useful perhaps for a single ATM or a single bank branch."
"It would be ideal if the solution could use cloud services to help update signatures or threat prevention systems."
"The web interface on Juniper SRX is just a short conversion from Junos OS CLI; this is not very suitable for users with little expertise/"
Fortinet FortiGate is ranked 2nd in Firewalls with 306 reviews while Juniper SRX Series Firewall is ranked 19th in Firewalls with 86 reviews. Fortinet FortiGate is rated 8.4, while Juniper SRX Series Firewall is rated 7.8. The top reviewer of Fortinet FortiGate writes "It's a reliable solution that's easy to install and cheaper than competitors ". On the other hand, the top reviewer of Juniper SRX Series Firewall writes "Highly scalable, user-friendly UI, and easy to maintain". Fortinet FortiGate is most compared with Sophos XG, Cisco Secure Firewall, Netgate pfSense, Meraki MX and Sangfor NGAF, whereas Juniper SRX Series Firewall is most compared with Cisco Secure Firewall, Palo Alto Networks WildFire, Netgate pfSense, Palo Alto Networks NG Firewalls and Check Point NGFW. See our Fortinet FortiGate vs. Juniper SRX Series Firewall report.
See our list of best Firewalls vendors and best Firewalls vendors.
We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
Hello Fahrorozi,
From my point of view, I would rather choose SRX4200 solution over FortiGate1800.
Why?
1. SRX4200 is a compact 1U device equipped with ports you actually need for full firewall usage and not for datasheet specifications.
2. Juniper Networks started as a Network company so alongside with full NGFW functions of the SRX firewall you are also getting full L3 routing functionalities same ones that are working on Juniper routers with complete granular configuration.
3. All products from Juniper Networks are equipped with their JunOS Operating System which is built on FreeBSD with data and control plane separation. Main configuration and really fast troubleshooting power are provided with structured CLI where you can do everything you can imagine even get into FreeBDS for troubleshooting if needed. Also, a tool like MTR (My Traceroute) for troubleshooting is available. JunOS configuration is the same for every Juniper Networks device so when you will get used to it you can configure every platform the same way (except for stateful firewall functions dedicated only to the SRX platform).
4. Web management is also included on a device that simplifies day-to-day configuration. Web management historically was not quite great, but starting JunOS 21.x it was really improved and provided all you need for device configuration and troubleshooting, also Juniper is still working on quality-of-life improvements.
5. SSL VPN / Client VPN is fully integrated with Juniper SRX and also with a client application.
6. Regarding performance, FortiGate was and maybe is still not providing full packet sanity checks (IP protocol, SEQ number, etc.) in the default configuration. When you enable these features, FortiGate loses some performance because HW acceleration is not possible with these features.
7. Also when you are using NFS with source NAT then you will find a useful feature where you can set to NAT traffic with port number <1024.
8. Regarding C&C, antimalware, IPS, and centralized management it's all similar to all other vendors.
9. Juniper SRX also provides VRF-light routing table separation, and also Full separation with Logical systems that have separate processes for each LSYS. You can also allocate CPU resources for each LSYS.
10. Regarding HA Clustering you can use an active/active data plane (data traversing -> one node in a cluster is entrance and destination is on another node) in a special use case. You can also have free hands regarding failovers using separate interfaces/interfaces groups based on BFD, interface status, and IP reachability. You can also deploy a full L3 cluster.
This is only a subjective short summary, always depends on other factors (interfaces, budget, preferences, etc.). I would suggest you find the nearest partner (Forti or Juniper) to you, schedule a PoC and receive the solution you would prefer.
Instead of FortiGate, I would definitely choose SRX.
A different case is the native L7 firewall when I want to check all applications, then I would maybe consider Palo Alto vs SRX in some cases.
Hi Fahrorozi,
If I have to choose between these two, I will choose FG 1800.
Reasons:
1. More flexible ports to use from 1G to 40G
2. Includes SSL VPN / client VPN for users
3. Has better web management than SRX
4. From the datasheet, some of the throughputs are also larger (IPv4 FW throughput, Max Session, Max Policies, etc).
But you need to know what you need for your company.
- Maybe you only need a 10G interface instead of a 1G
- Maybe you don't need the SSL VPN / Client VPN
- You also don't need a large throughput.
Hope this helps.