Juniper SRX Series Firewall Reviews

We are using Juniper SRX for general protection. We are not using those next-generation features, we are using them as layer 4 protection only.

On the enterprise side, we are currently only using traditional firewalling and do not have extreme-level features, such as IPS or UTM. This is because the team overseeing this area has been handed over to us in the last few years.

When we were doing the migration from the CRBV to ERV ports, at that particular time, we were working on the Juniper SRX.

The IPS functionality of Juniper SRX is useful in the telecom industry.

In comparison to other enterprise-level firewalls, such as Cisco FTD, Cisco has improved significantly. In the past, I believed that Juniper SRX was superior, but after seeing the advancements in the FTD platform, Cisco has better functionality. I have not recently explored Juniper SRX's next-generation firewall capabilities as we only use basic firewall filtering in our enterprise network.

Cisco had a more organized deployment process for their IPS feature. They would put the IPS in sensing mode in the network for a certain period of time and then the firewall would recommend certain policies to the administrator based on the network activity during that time. On the other hand, when I was working with Juniper SRX in 2013, we had to coordinate with the end user to gather information, such as source and destination IP addresses, and then build templates using Juniper SRX's provided templates. Additionally, Cisco had a more useful functionality when it came to security visibility and monitoring, while Juniper's STRM was very good in the past but now it's not for our use case. We are using other team's solutions to monitor our firewalls.

I have been using Juniper SRX for approximately 10 years.

From a hardware stability point of view, Huawei is a much better solution.

The stability of Juniper SRX is good, but there have been instances where it did not perform well. However, when compared to another vendor, such as Huawei, it has been deployed in our backbone for many years without any issues. This does not mean that Huawei is better than Juniper, in terms of functionality, Juniper is superior.

We have approximately 2,000 to 3,000 users using this solution in the enterprise.

If the Juniper SRX is deployed in a location where there is not enough room for growth or where there is a high traffic volume, such as when replicating data between two data centers, we may have to bypass the firewall to avoid capacity challenges. In general, the capacity is sufficient when initially deployed. However, if there is a forecasted change in the network usage, such as a customer's increased usage, we may have to plan for a swap or replacement of equipment that is near its end-of-support or end-of-life.

I rate the scalability of Juniper SRX a seven out of ten.

We have previously used other solutions, such as Cisco.

I am not sure of the exact reason we switched as I was not involved in the decision-making process at that time. However, I know that the IT backbone network was transitioning from a Cisco or legacy network to an MPLS network. The Juniper SRX solution was already in the deployment phase when I joined, with phases one to four already completed and it was in phase seven. The last phase, security, was yet to be deployed in the network. It was likely pre-decided before I joined and it could have been due to the MPLS deployment and migration from legacy. It is possible that they had won an RFP and based on that they were part of the network. The choice to change could have been based on functionalities or other factors, but it was a competition between different vendors to deploy the IP backbone.

The initial setup of Juniper SRX was simple. It took approximately one to two months to fully deploy.

The first step for the deployment was to share the requirements with the local team. Based on this, they proposed firewalls with sessions, net, and IPsec throughput. After deciding on the firewall, we went through the ordering process, which took longer than usual due to the Covid-19 pandemic. Once the firewall was delivered, it took about a month or two to install it on site, this included doing some joint ventures and having a partner from Juniper come and install the firewall in the rack and power it up. The initial integration took approximately three or four working days. After that, we started the migration process, which took an additional two-plus months.

We had help from the vendor for the implementation of the solution. We used one to two people for the process.

When we are in the deployment phase, we contact Juniper and they provide a budget-free code for our budgetary work.

Juniper mentioned that right now it does not support the Apstra fabric which we currently have in the network. They said that in the next version, there will be support for Juniper SRX. We might have to upgrade the firewall.

We do preventative maintenance on the devices.

I didn't explore the next-generation side of the Juniper SRX to recommend it, but I would recommend Palo Alto and Fortinet solutions.

I rate Juniper SRX a six out of ten.

I work for a system integration company that partners with Juniper. Currently, I'm in a role akin to a technical consultant.

The SRX Series is often used by enterprise companies, typically in a cluster mode configuration, to enhance reliability. It's suitable for small to medium-sized enterprises as well.

Juniper recently announced a new SRX model that's very powerful, so I'm currently satisfied with the offerings.

The product provides good performance and has features comparable to other leading products in the market.

We typically use the SRX for VPN solutions and it supports next-generation features like antivirus, anti-spam, and IPS effectively.

There is room for improvement in scalability and performance. 

It's scalable and reliable, but when using next-generation firewall features, the performance decreases significantly for Juniper SRX. In Check Point and Cisco, the performance decrease is less.

I have been using it for ten years. I have good experience with Juniper SRX Series Firewall, especially in federal applications.

The branch model, being the smallest, sometimes has some bugs. However, the high-end and middle-end models are reliable and stable.

It is scalable, but unlike some vendors, like Check Point, which allows connecting more than two devices in a cluster, Juniper only supports configuring two devices in a cluster.

It's scalable and reliable, but when using next-generation firewall features, the performance decreases significantly for Juniper SRX. In Check Point and Cisco, the performance decrease is less.

I provide technical support myself.

Before, I found solutions myself. I don't usually need technical support for the SRX.

For me,  the initial setup is straightforward due to my experience. Juniper provides good documentation with example configurations, which should help even beginners.

I've handled installation services for service providers. I mostly work with on-premises versions, but sometimes I also install cloud-based solutions.

I start by preparing the configuration based on the customer's requirements, then upgrade to the Juniper-recommended version and install the configuration.

The deployment time depends on the number of SRX devices. Usually, I can handle it alone. It takes two to three hours to deploy one SRX firewall.

The maintenance is moderately challenging.

There is value for money. It offers a good solution at a good price. The price is normal for such a product.

I would recommend reading the documentation before beginning the configuration.

Overall, I would rate the solution an eight out of ten. 

We help the customers. In some cases, we recommend it. Based on the customer demand, if a customer feels that they have to go with Juniper Firewall because they have experience with that product, then we go with it. Otherwise, we generally recommend Meraki devices.

The threat intelligence capability in SRX is there. But for all of those things, we need to go for the configurations.

It is a good product. There are a lot of security features, like packet sniffing and malware protection. All of those features are available. For that, we need to take separate licenses.

There is room for improvement in customer service and support. The customer interaction is not up to par. 

It is also very delayed.

I have experience with this product. 

Juniper customer support, from the feedback side, is not as per my expectation level.

Neutral

Compared to Meraki, Meraki is very easy to handle. Even the L1 and L2 people can handle it very easily. We do not need so much expertise to use Meraki. 

Compared to Meraki, Juniper SRX firewall is complex. Configuration as well as managing the devices is complex.

Compared to Meraki, it’s expensive. Juniper products are more expensive.

Overall, I would rate it an eight out of ten because of the complexity of configurations and the maintenance.

I use Juniper SRX Series Firewall for research purposes.

You can be very specific with what you can put in the solution. I can have the solution as my management interface. The ports are really versatile for their application and don't always have to be used for the purpose for which they were made.

When I was going to upgrade the OS, the solution didn't accept certain USB devices. So, I had to put in the OS using a trivial FTP server. Otherwise, the solution is really advanced. It's really hard to get a hold of the firmware for it. Even if you applied for customer support, getting to the software side is a little harder.

If you want to upgrade the OS, you have to do this by special pauses. You can't just upgrade from an old version to the newest one. You have to make middle landings.

I have been using Juniper SRX Series Firewall for two weeks.

Juniper SRX Series Firewall is a stable solution, but it depends on how you set it up. You can make the solution unstable if you want to, but it will be stable if you set it up correctly.

Juniper SRX Series Firewall is really scalable, but it depends on how you set up the network topology.

The solution's initial setup depends on what interface you use. If you use the J-Web, it's quite easy. If you do it by console, it isn't always clear what order you should be doing things on when you apply the settings. When you first come into the console, you might not know they're in the FreeBSD shell but not the Juniper OS.

The solution's deployment is actually ongoing. I had it up for once, but I upgraded it because it was a really old version of the OS. Currently, the biggest hurdle is that when you cross over to a new version, you have to occupy one port for management. In the previous version, I could select an in-line management instead of dedicated out-of-band management.

Now, I have to sacrifice one port for the management. It's not needed for my application, but now I am forced into having a management interface. I also noticed that several vulnerabilities have been discovered lately in the Juniper OS.

Juniper SRX Series Firewall is worth its money.

You should read all the release notes before you change the OS because you don't know what you're giving up and what new features you're getting. It's not always that the newest OS is the best for you. So, select the OS based on your specific deployment needs and not just to have the newest one.

Overall, I rate Juniper SRX Series Firewall an eight out of ten.

Customers use the solution in a cluster configuration to secure the network.

The VPN feature is quite useful, as well as the IPS. The firewall is very good.

If we need to define our user system from an anti-spam perspective, we can constantly update the antivirus. We need a subscription for such updates. It helps improve our security generally.

The solution can scale.

It is stable and reliable.

It is reasonably priced.

It would be ideal if the solution could use cloud services to help update signatures or threat prevention systems. 

There might be limitations with the product, depending on the hardware we use. We need to ensure we choose the right hardware if we want more throughput. We'd like to have more control over certain parameters and over the hardware.

They could include some features that help prevent or fight DDoS attacks.

I've used the solution for more than five years. 

I'd rate the stability eight out of ten. It is stable enough. 

The solution is scalable. I'd rate the scalability seven out of ten. 

It depends on how big the project is and how many branch offices there are. We might need more devices if it is bigger. We'd also need to use templates for all branches so that it is configured uniformly. 

We tend to provide the solution for small and medium-sized companies. I've configured it for 30 or 40 clients. 

I haven't had any issues. I've only opened two or three tickets. It's a stable solution. I haven't used support too much. I'm able to solve issues myself mostly.

Sometimes there are delays in response or solving the issue.

Neutral

The initial setup is straightforward. I'd rate the process eight out of ten in terms of ease of implementation.

The deployment time depends on which features we use. Configuring the solution may take two to three hours; however, if more modifications are needed by the client, it may be longer. It depends on the technical requirements of the company.

Firstly, I needed to update the operating system. I checked the recommendations and prepared some configurations. 

The pricing is okay. It's moderate. I'd rate the pricing five out of ten. 

I'm more of a technical person, not in sales. I do not know the exact cost of the solution. I'm not sure if there are extra costs associated with the product beyond the licensing fees.

We're a Juniper partner.

I have used various versions of the solution, including the 300, 645, and 1500.

I'd recommend the solution to others.

I would rate the solution eight out of ten. It's a reliable solution. However, maybe, when we use the big box model, the pricing is reasonable.

Juniper is a highly flexible platform, and you get more bang for your buck compared to a Cisco product.

The centralized management platform could be improved.

Juniper devices are highly reliable. I haven't had to reboot some of these devices in five years. 

Juniper SRX firewalls are scalable. 

Compared to Cisco support, I would rate Juniper seven out of 10. It varies depending on who you get. 

Neutral

Setting up Juniper firewalls is straighforward if you have experience. You need some CLI experience. Configuring firewalls with a GUI is much easier than using the Juniper platform.

The deployment time depends on the size of the environment. I worked for a hospital system where we deployed a pair and used them as a firewall. It was relatively easy to deploy once we had a plan to bring the services in one by one as opposed to connecting the host of the hospital to us.

Juniper devices are more affordable than Cisco products. 

I rate Juniper SRX Series Firewalls nine out of 10. I recommend getting a centralized management solution because managing Juniper firewalls can be messy without it. 

The solution is used for security purposes.

The security features and the model collection are the most valuable.

I think improvement can be done to the security part, particularly the UDM, and the product should have a user-friendly interface similar to FortiGate.

It should have the Azure RBAC in the next release.

I have been using this solution for more than ten years.

The product is quite stable. I would give it a seven out of ten.

We are using a hardware appliance and we have to choose a size based on our business. It is not like a software application, like in a cloud model.

I would rate the scalability an eight out of ten.

The customer support team is good. I recommend contacting them if any support is needed.

We are using Verax and also FortiGate products. We use them simultaneously.

The installation was not very complex, it was rather easy. It took around one hour to complete the installation.

We evaluated the Cisco 1400 series.

I would give it a seven out of ten.

We have a lot of virtual access in the public or private cloud, as well as virtualization on hardware devices.

The most valuable features are the security cloud ACP and KPP features.

Juniper SRX Series Firewall is a primary network company, but its security portfolio is not a market leader. Their primary responsibility is the features that provide their products. Perhaps taking a leap and developing some features from scratch could be a way to improve.

The centralized management has room for improvement because it is outdated and not easy to integrate.

The technical support has room for improvement.

I have been using the solution for five years.

I give the stability an eight out of ten.

In my experience, Juniper SRX Series Firewall is the most stable compared to the primary Fortinet and Palo Alto that I am also used to working with.

When deploying the cluster, we cannot create it anywhere, such as in Palo Alto or Check Point. We must scale appropriately, adding more devices with a load balancer or similar. Depending on the size of the area, it can be highly scalable.

Our customers range from small all the way up to governments.

The technical support is not as good as it used to be, but it is comparable to that of other vendors such as Cisco. We have found that when we contact support, we often end up dealing with the same technician and have to repeat the same procedures before we can be referred to a higher level of technical support.

I also use Palo Alto and Fortinet. Juniper has better firewall-level network functionality.

The initial setup is dependent on how much experience one has with the command line. If one is familiar with the command line, the initial setup is relatively simple. However, if one is used to working in a management setting, the initial setup can be more challenging.

The implementation time depends on the number of clusters required.

The first step of implementation is to unplug and upgrade the devices, followed by configuration before moving into production.

We implement the solution for our customers.

I find the price to be reasonable for an enterprise-level solution. Juniper has recently changed its licensing model. The licenses are annual.

The advanced security functions are an additional fee.

I give the solution an eight out of ten.

I suggest not relying on the management and primary CLI.