We performed a comparison between Juniper SRX and Palo Alto Networks VM-Series based on real PeerSpot user reviews.
Find out in this report how the two Firewalls solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.
"The solution offers very easy configurations."
"I have access to the web version of Cisco Talos to see the reputation of IP addresses. I find this very helpful. It provides important information for my company to obtain the reputation of IP addresses. The information in Talos is quite complete."
"The features I've found most valuable are the packet captures and packet traces because they help me debug connections. I like the logs because they help me see what's going on."
"The most important features are the intrusion prevention engine and the application visibility and control. The Snort feature in Firepower is also valuable."
"One of the nice things about Firepower is that you can set it to discover the environment. If that is happening, then Firepower is learning about every device, software operating system, and application running inside or across your environment. Then, you can leverage the discovery intelligence to get Firepower to select the most appropriate intrusion prevention rules to use for your environment rather than picking one of the base policies that might have 50,000 IPS rules in it, which can put a lot of overhead on your firewall. If you choose the recommendations, as long as you update them regularly, you might be able to get your rule set down to only 1,000 or 1,500, which is a significant reduction in a base rule set. This means that the firewall will give you better performance because there are less rules being checked unnecessarily. That is really useful."
"Another benefit has been user integration. We try to integrate our policies so that we can create policies based on active users. We can create policies based on who is accessing a resource instead of just IP addresses and ports."
"I like the firewall features, Snort, and the Intrusion Prevention System (IPS)."
"I'm a big fan of SecureX, Cisco's platform for tying together all the different security tools. It has a lot of flexibility and even a lot of third-party or non-Cisco integration. I feel like that's a really valuable tool."
"It is a part of the infrastructure when we're selling Juniper. That's what clients are familiar with and that's what they rely on."
"It is a complete security bundle. The cloud-based Sky Advanced Threat Prevention feature is very valuable. I am 100% satisfied with the performance of the Juniper firewall. It has a very good throughput. It works very fine. We use our firewall as a site-to-site VPN or Software-Defined Wide Area Network (SD-WAN). In both cases, it has a very good and optimum performance. Their service support is very good in India. I get really good support from the Juniper team."
"The features that I have found valuable are the ones for the main purpose we are using Juniper - its firewall to protect our network for our internet access."
"The most valuable feature is robustness."
"The solution has been good for fulfilling our basic needs."
"One of Juniper SRX's most valuable features is the site-to-site VPN."
"Technical support is good. They quickly respond, and they even have local help here. They can actually give you an answer very quickly."
"It's easily scalable."
"What I like about the VM-Series is that you can launch them in a very short time."
"The VM series has an advantage over the physical version because we are able to change the sources that the machine has, such as the amount of available RAM."
"The feature that I have found the most useful is that it meets all our requirements technically."
"The most valuable feature is the CLI."
"Palo Alto Networks VM-Series is very easy to use."
"The most valuable feature is that you can launch it in a very short time. You don't have to wait for the hardware to arrive and get it staged and installed. From that perspective, it is easy to launch. It is also scalable."
"It has excellent scalability."
"Palo Alto’s Panorama centralized management system simplifies our security posture based on our requirements. Instead of manually pulling logs, then generating them into readable formats, it gives us the console in a readable format to view."
"The Firepower FTD code is missing some old ASA firewalls codes. It's a small thing. But Firepower software isn't missing things that are essential, anymore."
"The performance should be improved."
"FlexConfig is there as a bridge for features that are not yet natively integrated into Firepower. It is a way of allowing you to be able to configure things that wouldn't otherwise be possible until the development team can add them into Firepower's native capability. There is still some work that needs to be done around FlexConfig. There are still quite a few complex things, like policy-based routing, that have to be done in FlexConfig, and it doesn't always work perfectly. Sometimes, there are some glitches. It is recommended that you configure FlexConfig policies with Cisco TAC. It would be good to see Cisco accelerate some of those configurations that you can only do in FlexConfig into the platform, so that they are there natively."
"Licensing is complex, and I'd like it to be simplified. This is an area for improvement."
"Report generation is an area that should be improved."
"I believe that the current feature set of the device is very good and the only thing that Cisco should work on is improving the user experience with the device."
"An area of improvement for this solution is the console visualization."
"FirePOWER does a good job when it comes to providing us with visibility into threats, but I would like to see a more proactive stance to it."
"It must be 5G ready. The 5G network is rolling out soon in India, and Juniper must upgrade their firewall slot to the 5G network, or they must manufacture a 5G dongle card for the Juniper firewall. I want Juniper to upgrade their dongle from 4G to 5G. Presently, they have an expansion slot in the SRX 322 series and higher firewalls. In that expansion slot, they can put a 4G mobility SIM card so that whenever our primary link is down, it will automatically connect through this GSM network and form a tunnel."
"The range of devices should be expanded to include those suitable for a small implementation. Juniper does not have any lower-priced SRX models, useful perhaps for a single ATM or a single bank branch."
"In the next release, I would like to have a better web interface. It needs to be more user-friendly. Right now, you can only access many features through the console."
"The solution is quite advanced. You need a lot of training to use it effectively."
"Sometimes committing configurations takes a lot of time in Juniper because of the connections, and it could be a little bit faster."
"It was very difficult to deal with and required a lot of support, and the UI is very poor."
"J-Web, Juniper Web, is sometimes not working great when users are increasing their internet use. Additionally, they need to improve the GUI, graphical user interface, and the firewall management needs to improve. Their CLI is good, but sometimes the GUI is very slow."
"Their models for service providers could improve."
"At the beginning of the implementation, we had some difficulties with the scripts, but Palo Alto Networks support together with a local partner finally fixed it."
"It would be helpful if we had a direct number for the support manager or the supporting engineer. That would be better than having to email every time because there would be less wait."
"It'll help if Palo Alto Networks provided better documentation."
"The one issue that I didn't like is that the SNMP integration with interfaces didn't record the interface counters."
"We feel that the setup was complex. So, we asked the tech team about the setup process. They explained how to deploy it in the right way, which made it very simple."
"Palo Alto is that it is really bad when it comes to technical support."
"The implementation should be simplified."
"It would be good if the common features work consistently in physical and virtual environments. There was an integration issue in the virtual deployment where it didn't report the interface counters, and we had to upgrade to the latest version, whereas the same thing has been working in the physical deployment for ages now. It seems that it was because of Azure. We were using VMware before, and we didn't have any such issues. We do see such small issues where we expect things to work, but they don't because of some incompatibilities. There also seems to be a limitation on how to do high availability in a virtualized environment. All features should be consistently available in physical and virtual environments. It is not always easy to integrate Palo Alto in the network management system. We would like to be able to compare two network management systems. They can maybe allow monitoring an interface through the GUI to create a reference or do a baseline check about whether your network monitoring system is actually giving you the correct traffic figures. You need traffic figures to be able to recognize the trends and plan the capacity."
Cisco Firepower Next-Generation Firewall (NGFW) is a firewall that provides capabilities beyond those of a standard firewall and delivers comprehensive, unified policy management of firewall functions, application control, threat prevention, and advanced malware protection from the network to the endpoint.
Cisco NGFW Firewalls include advanced threat defense capabilities to meet diverse needs, from small offices to high-performance data centers and service providers, and are deployed in leading private and public clouds. Available in a wide range of models, Cisco NGFW can be deployed as a physical or virtual appliance. Cisco NGFW firewalls are also available with clustering for increased performance, high availability configurations, and more.
Key Features of Cisco NGFW Firewalls
Reviews from Real Users
Cisco NGFW stands out among its competitors for a number of reasons. Two major ones are its extensive discovery abilities that enable you to constantly see what is happening on your network and take action when necessary, and the high level of protection it provides.
Mike B., a director of IT security at a wellness & fitness company, writes, "It is one of the fastest solutions, if not the fastest, in the security technology space. This gives us peace of mind knowing that as soon as a new attack comes online that we will be protected in short order. From that perspective, no one really comes close now to Firepower, which is hugely valuable to us from an upcoming new attack prevention perspective."
Zhulien K., the lead network security engineer at TechnoCore LTD, notes, " The most valuable feature that Cisco Firepower NGFW provides for us is the Intrusion policy. Again, with that being said, I cannot shy away from giving kudos to all of the other features such as AVC (Application Visibility and Control), SSL Decryption, Identity policy, Correlation policy, REST API, and more. All of the features that are incorporated in the Cisco Firepower NGFW are awesome and easy to configure if you know what you are doing. Things almost always work, unless you hit a bug, which is fixed with a simple software update. "
Juniper SRX is a next-generation security solution that enables users to expand and secure their networks without incurring heavy costs or sacrificing performance.
Benefits of Juniper SRX
Some of the benefits of using Juniper SRX include:
Reviews from Real Users
Juniper SRX stands out among their competitors for a number of reasons. Two major ones are their central management capabilities and the robustness of their suite of security features. Juniper SRX is designed to make it easy for users to take control of their network’s security. From one location, administrators can manage all aspects of their infrastructure’s security. The many features that it offers allows users to tailor their security to meet their specific needs.
Shashidhara N., director of technology solutions & services at Connectivity IT Services Private Limited, writes, “On the SRX box, it has what I call a one model concept for security. I work especially with hybrid environments. With an SRX we have a single management dashboard. We can manage the internal framework easily with the centralized management component. You can work with threat prevention, you can work with integration, you can work with traffic management. Another good part about SRX is that you have opportunities for automation. Another thing that is very good is that all the operating systems for all Juniper boxes are the same. You do not work on different operating systems using different boxes.”
Pradip J., the owner of Shree Atharva Sales Corporation, writes, “It is a complete security bundle. The cloud-based Sky Advanced Threat Prevention feature is very valuable. I am 100% satisfied with the performance of the Juniper firewall. It has a very good throughput. It works very fine. We use our firewall as a site-to-site VPN or Software-Defined Wide Area Network (SD-WAN). In both cases, it has a very good and optimum performance.Their service support is very good in India. I get really good support from the Juniper team."
The VM-Series is a virtualized form factor of our next-generation firewall that can be deployed in a range of private and public cloud computing environments based on technologies from VMware, Amazon Web Services, Microsoft, Citrix and KVM.
The VM-Series natively analyzes all traffic in a single pass to determine the application identity, the content within, and the user identity. These core elements of your business can then be used as integral components of your security policy, enabling you to improve your security efficacy through a positive control model and reduce your incident response time though complete visibility into applications across all ports.
In both private and public cloud environments, the VM-Series can be deployed as a perimeter gateway, an IPsec VPN termination point, and a segmentation gateway, protecting your workloads with application enablement and threat prevention policies.
Juniper SRX is ranked 16th in Firewalls with 38 reviews while Palo Alto Networks VM-Series is ranked 9th in Firewalls with 12 reviews. Juniper SRX is rated 7.8, while Palo Alto Networks VM-Series is rated 8.8. The top reviewer of Juniper SRX writes "Scalable with good technical support and works well for larger organizations". On the other hand, the top reviewer of Palo Alto Networks VM-Series writes "An excellent solution for the right situations and businesses". Juniper SRX is most compared with Fortinet FortiGate, Cisco ASA Firewall, Palo Alto Networks WildFire, pfSense and Sophos UTM, whereas Palo Alto Networks VM-Series is most compared with Azure Firewall, Cisco ASA Firewall, Fortinet FortiGate, Palo Alto Networks NG Firewalls and Check Point CloudGuard Network Security. See our Juniper SRX vs. Palo Alto Networks VM-Series report.
See our list of best Firewalls vendors.
We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.