Juniper SRX Series Firewall Reviews

Valuable features for us include:

• Routing: When firewalls can also perform full routing functionality, it helps to save cost on dedicated routing hardware.
• High Availability (clustering): This is important to ensure service availability in the event of a node failure. These firewalls in HA mode consist of a primary and backup node, and provide redundancy such that if one of the nodes fails, the other node will take over.
• Deep packet inspection (DPI) capabilities: Juniper SRX firewalls inspect packets as they traverse the firewalls and it goes beyond the traditional five tuples (source IP, destination IP, protocol, source port, and destination port) packet inspection by using the App-ID engine to inspect the protocol to correctly identify applications. It further rate-limits traffic, using the AppQoS features, based on specific types of applications.
• IPSec VPN: This is crucial because it provides secure site to site connectivity between the DC and remote locations. Traffic traversing the secure link is protected from the prying eyes of unauthorized intruders or the man-in-the-middle.

These features are valuable because they allow smooth operation of the business from a technology standpoint. Again, this is relative.

There was a business need to provide service high availability and system redundancy in addition to routing and firewalling at the internet edge and the datacenter core.

Having this design has greatly simplified the network and improved operational efficiency of support staffs.

The GUI needs improving.

We have been using the solution for seven years, providing design, implementation, support, and optimization.

We had a stability issue. Just like any other vendor, there are code stability issues on some of the platforms. However, there is always a recommended code version for each platform.

We did not encounter issues with scalability, but this depends on the environment. The DC class firewalls can scale vertically or horizontally.

They provide an awesome technical support.

We used Cisco and CheckPoint. Routing functionality and advanced security services were limited.

The setup was straightforward and simple once you understand the building blocks of Junos and firewalls.

Pricing and licensing are very reasonable.

We evaluated Palo Alto and Fortinet.

This product will offer maximum performance and capacity.

It is extremely reliable depending on the business need. It supports full routing functionality and advanced security services like Application Security, Unified Threat Management (UTM), IPS, and threat intelligence.

Advanced security services require a license.

Stateful inspection , IPSEC and NAT as per our customers' design. The boxes are used as SecGW, Gi and SGi Firewall, those are the features usually needed in 3G/4G context.

It improved in term of security.

Clustering fab interface doesn't support bandwidth aggregation. This limitation caused a huge design change in our network.

I've used the solution for eight years.

Yes, some bugs in module restart and cluster failover, but without outage.

Yes, fab interface doesn't support bandwidth aggregation

9 out of 10.

No, we didn't.

Not complex.

We didn’t use any other solutions so I can’t compare this to others.

No.

We are satisfied with its stability , but we don’t advise others to implement a cluster design other than Active/Passive.

• Form factor: It is small, very nimble, and can be deployed in very small environments which do not have wiring closets.
• Consolidation: It combines routing, switching, and firewall services in one device.
• Stable OS: There is a one Junos release training for all the Juniper products, thus minimizes the training needed and enhances interoperability.
• Open standards: The Juniper OS is based on the open standards and making it very interoperable in the mixed vendor environments.
• Superior performance: This can be achieved by true separation of control and data plane, hence data plane inefficiencies do not affect the control plane and vice versa.
• Cloud-enabled device: The SRX300 is cloud-ready and can be used to implement SDSN in micro-environments.

It has greatly reduced the network management functions by reducing the number of devices to manage (one vs three), and easy fault management using the new GUI.

Disaggregation (this is available in the box) should be improved to include software intelligence that is actionable.

I have used this solution for about four and a half years.

There were no stability issues. It is a very stable and reliable product. It can run for several years without a single glitch.

It is highly scalable for its target market.

The technical support team is very co-operative and gives quick responses for the logged cases. A hundred percent of the logged cases have been resolved within the SLA period.

We looked at MikroTik. However, more features such as the performance, scalability, and consolidation were available on the Juniper device.

The initial setup was simple and can be done 100% via the GUI.

The price per performance value is the best out there in the market. No licensing is needed for all the features apart from the security part, i.e., no licensing for extra services and VPN comes free in the base.

We evaluated the FortiGate 80 and 60 series and Cisco ASA 5500.

The Juniper SRX300 is a stable and very reliable product, packed with a lot of capabilities that are not available in the competing products of the same range. I would highly recommend this product to anyone interested in implementing it.

This box has it all and is more for the small-scale branch market. Packaged as an all-in-one routing, switching, and security solution, the SRX300 minimizes the need to deploy separate devices to perform these functions by leveraging on its consolidation, all coming with the carrier-grade capabilities.

One valuable feature is the reliability of the Junos OS. However, we did not make full use of the UTM functionality.

We have experienced more dependability.

Management: Junos Space Security Director is not great and there is no global database of objects.

We have been using the product for about six years.

We did not encounter any issues with stability.

The clustering of a maximum of two nodes limited some architectural options.

Support is what the end customer buys. Unfortunately, it's not always from Juniper.

We migrated from Juniper Screen OS to Junos. We are leaving Juniper now as their focus on security seems to have dropped.

The setup was no more difficult than switching to any other firewall implementation.

Be wary of Juniper's stake in the security realm. If they are ramping up again and are again competing with Check Point, Palo Alto, and FortiGate, then they are worthy of consideration. It is also worth your consideration if your network is Juniper based and you have a secondary firewall vendor.

As a firewall in general, it is good.

As we are a solution provider and not product oriented, we give the best solution for our customers, with a good price. We are the number one company in the region, BTC, and operate in Egypt, Iraq, Jordan, Lebanon, and Saudi Arabia.

I've used Juniper products for over 10 years. Alongside SRX I also use Netscreen, SSG, and WXC. As a UTM, Juniper is 5/10.

No issues encountered.

No issues encountered.

For me, the customer satisfaction, and awareness, is the most important thing. I usually train all my clients on their chosen system.

10/10

As we are a service provider, we offer various other products to our customer:

• Astaro ASG
• Avaya/Netscreen
• Fortinet
• HP Switches & WiFi
• Juniper SSG
• Juniper SRX 210 & 240
• Juniper WXC
• Sophos next generation SG, including RED, SG, and WiFi
• Telindus Crocus E1

For me, the installation and setup is simple. I work hard to do the simulation for the customer, and discuss all the requirements before implementation with the client.

Give us 10 minutes of your time, and we will show you the differences. When I do presentations, I give potential clients demo access to the solution(s) I am presenting.

• Unified OS - free BSD UNIX
• IDP

We’ve connected this product on a GSM core network for a 3G deployment project.

The GUI.

I've used it for one year.

No issues encountered.

No issues encountered.

No issues encountered.

It's good.

It's good.

Our customer decided to switch from Cisco to Juniper for their security deployment.

It was an in-house implementation.

• Traceoptions
• Commit check
• Route/IPSEC VPN

It provides us with easy options for troubleshooting.

• Switching
• Routing

I've used them for two years.

No issues encountered.

No issues encountered.

There were limited security zones with each model.

10/10.

9/10.

It's a straightforward setup for us as we have a configuration template.

It depends on our customers requirements.

Check the customer requirement first.

Fast packet mover, uptime.

Stability in a heavy Microsoft environment, RPC communication.

5 years.

Numerous deplyoment issues, very early product at the time.

Numerous deployment issues, very early product at the time.

No scalability issues at all, very good for scalability.

Very impressive, but you have to know the inner workings of JTAC.

Very impressive, but you have to know the inner workings of JTAC. Juniper has a very effective 24/7 Follow The Sun.

Juniper SSG, switched because of capacity and change of focus from Juniper.

Be aware if you need RPC. Out of 18 software versions only 2 has been without issues with RPC.