Juniper SRX Series Firewall Reviews

Thanks to the well-structured and organized security policies, we decreased operations time to create/update/delete our security policies.

Security policies in combination with zones: It is very easy to organize the security polices in a logical structure.

CLI: Junos CLI is very easy to use, and it is also very easy to find back items in the configuration and to change them.

Commit: You can update the whole configuration without affecting the production. The new configuration will be loaded once the command "Commit" is submitted. You can also do a Commit confirmed to automatically roll back to the previous config after X minutes. 

The visibility/reporting could be better. To see something, you have to export the log to a syslog and then process with another product.

We have used it for years without any stability issues.

We haven't encountered scalability issues.

Technical support is pretty good. I would rate it eight out of 10.

I previously used a Netscreen ISG1000 firewall. I switched because the ISG was end-of-life and Netscreen was bought by Juniper.

Initial setup was complex because Junos is totally different than ScreenOS. But with some introductory courses and some googling it becomes much easier.

I’m just the tech, I didn’t take part in the price negotiation. I would say about $20,000 for a SRX650 with IDP licence.

No, we didn't evaluate other options. This was a natural way for us to migrate from ISG to SRX.

Be sure you know what you are looking for. The SRX650 is a perfect product for a small datacenter, not for a branch office where you need lots of visibility.

Implement your structure (zones) first, on paper, before starting to configure it.

The greatest improvement we have seen is in operational performance and operational stability. There are no outages.

• It's a reliable firewall and very stable, for both the hardware and applications it is stable. 
• It's very powerful. 
• It's also a very secure device, it has good attack prevention capabilities using UTM.
• It's user-friendly with a good UI.
• It has powerful CLI.

It's not 100%, it's not a perfect product, some points need to be adjusted, need to be enhanced.

There have been no issues with this product.

It's a very scalable product.

I think they have professional support. Support is really good, they are professional engineers.

Customer support is very good.

I used Cisco, and Palo Alto, and used McAfee. As a consultant, a systems integrator, if customers go to SRX it's because of its features and the stability of the product. It's the most stable product.

It was very straightforward, very clear.

Other than Palo Alto, StrongSoft is very stable. Cisco Firepower is very unstable.

I can say for, that for a datacenter, and for price, first I appreciate Palo Alto and then I appreciate Juniper, more than the others.

Support for Juniper is best, better than Palo Alto, but Palo Alto is more powerful. And there is a big difference in pricing.

• Manipulation of rules
• Flexibility in day-by-day use

Junos is the best OS for networks. It is very powerful and flexible.

The rollback option and Commit Confirmed are great features. They give us the security to change configurations without downtime.

It would be good if Junos had "unique commands" between all hierarchical levels, discarding the use of the "Run" command.

The robustness of Linux on top of Junos can be more effective after power down.

No stability issues.

No scalability issues.

High level of technical support.

We used Fortinet, and changed to Juniper to use Junos.

Easy.

Pricing is very good, not expensive.

We use the SRX1500 with Junos 15.1X49-D75.5. 

I rate the product 10 out of 10. It is very strong and Junos is very powerful. The total throughput is very large.

One solution is data center Firewall and also we use this solution for protection our service GI + Triple Play

It provides good routing and high performance of the data center. It solves protecting our datacenter, separate networks and protect data center with FW policies + DPI

The routing feature is most valuable, because SRX is the best enterprise router. SRX has complete MPLS service features with L3VPN, VPLS, EVPN. You can also combine Router and FW in one box, with selective packet filter to bypass flow engine and set traffic to packet mode.

Web management needs to improve. The web interface on Juniper SRX is just a short conversion from Junos OS CLI; this is not very suitable for users with little expertise.

But Juniper has complete MGMT for managing SRX devices and other Juniper devices. it' s called Junos Space with APP security director for security devices. It's good, but there is space for improvment.

There were some stability issues.

There are not many scalability issues experienced.

I would give the technical support an eight out of 10 rating.

Previously, we were using the old Juniper ScreenOS, we switched due to end-of-support. I have also expertise with Cisco ASA, Cisco Firepower, Checkpoint R80.10, Dell Sonicwall, Fortinet.

The setup was very complex, e.g., if you are beginner.

We implement is by our self with team in-house.

The prices are very good as compared to other vendors.

We looked at Cisco, FortiGate, Palo Alto

It is a very good router with firewall.

Valuable features for us include:

• Routing: When firewalls can also perform full routing functionality, it helps to save cost on dedicated routing hardware.
• High Availability (clustering): This is important to ensure service availability in the event of a node failure. These firewalls in HA mode consist of a primary and backup node, and provide redundancy such that if one of the nodes fails, the other node will take over.
• Deep packet inspection (DPI) capabilities: Juniper SRX firewalls inspect packets as they traverse the firewalls and it goes beyond the traditional five tuples (source IP, destination IP, protocol, source port, and destination port) packet inspection by using the App-ID engine to inspect the protocol to correctly identify applications. It further rate-limits traffic, using the AppQoS features, based on specific types of applications.
• IPSec VPN: This is crucial because it provides secure site to site connectivity between the DC and remote locations. Traffic traversing the secure link is protected from the prying eyes of unauthorized intruders or the man-in-the-middle.

These features are valuable because they allow smooth operation of the business from a technology standpoint. Again, this is relative.

There was a business need to provide service high availability and system redundancy in addition to routing and firewalling at the internet edge and the datacenter core.

Having this design has greatly simplified the network and improved operational efficiency of support staffs.

The GUI needs improving.

We have been using the solution for seven years, providing design, implementation, support, and optimization.

We had a stability issue. Just like any other vendor, there are code stability issues on some of the platforms. However, there is always a recommended code version for each platform.

We did not encounter issues with scalability, but this depends on the environment. The DC class firewalls can scale vertically or horizontally.

They provide an awesome technical support.

We used Cisco and CheckPoint. Routing functionality and advanced security services were limited.

The setup was straightforward and simple once you understand the building blocks of Junos and firewalls.

Pricing and licensing are very reasonable.

We evaluated Palo Alto and Fortinet.

This product will offer maximum performance and capacity.

It is extremely reliable depending on the business need. It supports full routing functionality and advanced security services like Application Security, Unified Threat Management (UTM), IPS, and threat intelligence.

Advanced security services require a license.

Stateful inspection , IPSEC and NAT as per our customers' design. The boxes are used as SecGW, Gi and SGi Firewall, those are the features usually needed in 3G/4G context.

It improved in term of security.

Clustering fab interface doesn't support bandwidth aggregation. This limitation caused a huge design change in our network.

I've used the solution for eight years.

Yes, some bugs in module restart and cluster failover, but without outage.

Yes, fab interface doesn't support bandwidth aggregation

9 out of 10.

No, we didn't.

Not complex.

We didn’t use any other solutions so I can’t compare this to others.

No.

We are satisfied with its stability , but we don’t advise others to implement a cluster design other than Active/Passive.

• Form factor: It is small, very nimble, and can be deployed in very small environments which do not have wiring closets.
• Consolidation: It combines routing, switching, and firewall services in one device.
• Stable OS: There is a one Junos release training for all the Juniper products, thus minimizes the training needed and enhances interoperability.
• Open standards: The Juniper OS is based on the open standards and making it very interoperable in the mixed vendor environments.
• Superior performance: This can be achieved by true separation of control and data plane, hence data plane inefficiencies do not affect the control plane and vice versa.
• Cloud-enabled device: The SRX300 is cloud-ready and can be used to implement SDSN in micro-environments.

It has greatly reduced the network management functions by reducing the number of devices to manage (one vs three), and easy fault management using the new GUI.

Disaggregation (this is available in the box) should be improved to include software intelligence that is actionable.

I have used this solution for about four and a half years.

There were no stability issues. It is a very stable and reliable product. It can run for several years without a single glitch.

It is highly scalable for its target market.

The technical support team is very co-operative and gives quick responses for the logged cases. A hundred percent of the logged cases have been resolved within the SLA period.

We looked at MikroTik. However, more features such as the performance, scalability, and consolidation were available on the Juniper device.

The initial setup was simple and can be done 100% via the GUI.

The price per performance value is the best out there in the market. No licensing is needed for all the features apart from the security part, i.e., no licensing for extra services and VPN comes free in the base.

We evaluated the FortiGate 80 and 60 series and Cisco ASA 5500.

The Juniper SRX300 is a stable and very reliable product, packed with a lot of capabilities that are not available in the competing products of the same range. I would highly recommend this product to anyone interested in implementing it.

This box has it all and is more for the small-scale branch market. Packaged as an all-in-one routing, switching, and security solution, the SRX300 minimizes the need to deploy separate devices to perform these functions by leveraging on its consolidation, all coming with the carrier-grade capabilities.

One valuable feature is the reliability of the Junos OS. However, we did not make full use of the UTM functionality.

We have experienced more dependability.

Management: Junos Space Security Director is not great and there is no global database of objects.

We have been using the product for about six years.

We did not encounter any issues with stability.

The clustering of a maximum of two nodes limited some architectural options.

Support is what the end customer buys. Unfortunately, it's not always from Juniper.

We migrated from Juniper Screen OS to Junos. We are leaving Juniper now as their focus on security seems to have dropped.

The setup was no more difficult than switching to any other firewall implementation.

Be wary of Juniper's stake in the security realm. If they are ramping up again and are again competing with Check Point, Palo Alto, and FortiGate, then they are worthy of consideration. It is also worth your consideration if your network is Juniper based and you have a secondary firewall vendor.