Juniper SRX Series Firewall Reviews

The Juniper SRX is our edge firewall.

We have three in total. Two of them are set up in an HA pair, and the other is standalone in another city.

This product has definitely not improved the way our organization functions.

I am familiar with Cisco products and when we purchased the Juniper units, they told us that if you know Cisco IOS then Juniper SRX is really easy. It isn't. It would be like saying that if you know English, then Chinese is really easy. The reality is that it's completely different. There's no commonality and the philosophies are different. Everything is different.

We purchased it for the basic firewall features but added UTM a little bit later.

The reliability needs to be improved. We purchased three devices and all three have been replaced under RMA. We've had other problems where they have needed to be rebooted.

A couple of times I've run into the problems where they have to integrate with other systems. The Juniper support really doesn't have a clue about other systems. They know Juniper and if everything is Juniper then it's great. However, we have Windows RADIUS Servers and I need Juniper-specific settings for them. Unfortunately, they're having a real hard time telling me what those should be, and they keep referring back to it being Microsoft, which they don't support. When they say that I need to speak with Microsoft, I remind them that these are things that are defined in the Juniper configurations that I need to set up. They seem to forget that not everybody is exclusively Juniper.

We bought three Juniper SRX345s about four years ago, and we are still using them today.

We have had glitches that necessitating rebooting the device. For example, a couple of times, they just stop routing on certain VLANs, and one time, it was our server VLANs, so our DNS was down and no one could get to anything. People thought that our internet connection down but actually, it was the DNS and the routing to it had been stopped.

We're a relatively small organization so we didn't scale it.

All of the people in the organization are protected by the devices.

I have used technical support quite a bit, and they are really good. I would rate them an eight out of ten. There is almost always room for improvement.

Prior to the Juniper SRX devices, we had some Cisco ASAs. They were reaching end-of-life so we had to replace them.

At the time we were shopping, Cisco was behind in their technologies. Had they kept up with the technology and provided a comparable device at a competitive price, we would have stayed with Cisco.

We hired a contractor to set up the units.

The IT manager and I, being the network admin, are the only ones who touch it. We try to keep the software updated on all of our devices.

My advice to anybody who is implementing this product is to make sure that they fully understand Junos OS. Over the past four years, I have become moderately proficient with Juniper SRX. There still a lot to learn but I also have contractors that I can get assistance from if needed. For example, currently, I'm trying to set up RADIUS and I'm having some problems with it.

In summary, I think that their design philosophy is really good, but the execution leaves a bit to be desired.

I would rate this solution a six out of ten.

The GUI of the solution is quite good. It's also very different from other solutions. On others, if you need to configure anything, you can do it all from the default gateway. Cisco, for example, has a bit of a more difficult process. Juniper's GUI is easier and it makes configuration easier.

Troubleshooting with the solution is quite easy. If you compare the process to, for example, Fortigate, Juniper is much easier.

The speed of the solution is very good.

The initial setup is very easy.

While the GUI is pretty good on the Juniper side, there can still be tweaks made to it that will make it even better.

I've been using the solution for two years or so.

The stability has been good so far. We haven't had issues with bugs or glitches. It's not a solution that crashes a lot of freezes up. We find it very reliable.

The scalability potential depends on the customer. Some customers are working only on the edge with smaller systems and the other environment is connected to Cisco switches. Some clients mix up switches and use HP or Cisco. Some like ASA, however, that's more expensive. Many go with SRX as an affordable option. 

I have reached out to Juniper tech support a couple of times. I recall the experience being good. I got the answers I needed. I've used technical support from Sophos and Cisco in the past, and in comparison, I find Juniper to be quite good. I'd say we are satisfied with the level of support provided. 

I've used Cisco and Fortigate solutions, among others, in the past as well. I find Juniper easier to use from a GUI aspect. Cisco is better from a CLI perspective.

We did not find the initial setup to be complex. The implementation was straightforward and simple. It didn't really give us any trouble.

The pricing of the product is pretty good. It's less than Cisco, which can be expensive for some organizations.

Our client is a medium, small branch company. When they purchased this firewall, they understood that they could use it for a couple of years.

I have a client that works with Juniper 4200 and 4300 and they find the solution to be very user-friendly.

Overall, I would recommend the solution as it is easy to use and has a pretty good GUI. Customers really seem to like it.

In general, on a scale from one to ten, I would rate it at an eight.

For different customers, we use the product in different ways. In some cases, it is going to be an on-premises solution. In some cases, it is going to be a cloud-integrated solution. That is one of the best things about Juniper. We can use a single box and have the same unified policy structure if it is off the cloud or it is on-premises.  

Our primary use case is basically to use it like you would any other firewall. I do not call this a firewall anymore because it has functionality beyond what we traditionally think of as a firewall. Those days are gone where a firewall does just one thing. Today most of the firewall products are station firewalls. You have various options in each firewall station. In terms of comparison, you can compare Juniper with Cisco, with Fortinet, with Palo Alto and other leading products. It depends on what exactly you are planning to have it do.  

The most valuable feature for me over-all is that Juniper is simplified and can still do everything that is necessary to be effective. 

On the SRX box, it has what I call a one model concept for security. I work especially with hybrid environments. With an SRX we have a single management dashboard. We can manage the internal framework easily with the centralized management component. You can work with the threat prevention, you can work with the integration, you can work with traffic management. Another good part about SRX is that you have opportunities for automation. Another thing that is very good is that all the operating systems for all Juniper boxes are the same. You do not work on different operating systems using different boxes. 

It does user validation automatically and has automated threat detection and defense. It does threat analytics, which is integrated. So as a single box, it does not just address security, it does not just handle switching, it does not just work as a firewall. It addresses everything.  

I have not given a lot of thought as to what needs to be improved because so much of technology and capabilities are expanding.  

Probably Juniper could come up with their own dedicated endpoint security. Today they have an integration with Sophos. If you really look at what SRX has as far as antivirus capability, it is really only the integration with Sophos. Sophos is good, I am not saying Sophos is a bad solution. But Juniper having their own antivirus solution may be a batter idea to make it a stand-alone product.  

If you look at Check Point. They have a lot of experience in the area of security which is integrated with their product. In comparison, Juniper could start developing its own strong capabilities with antivirus and have its own security which may even surpass relying on Sophos. Sophos could improve more but it is definitely a wonderful architecture.  

I have around 22 years of experience with various similar products. My experience for the last 10 years has been on Juniper. I have worked on Cisco, on Foundry, and on Xstream. And you can make comparisons with products like Fortinet and Palo Alto next-generation firewalls.  

I would rate stability on a scale of one to ten. If ten is best, I would rate a nine-point-five. I would not rate anything a ten in this industry in any case because nothing is perfect and there is always room for improvement. It is very robust. Because the product is robust and very agile that carries over well into the potential for reliability.  

When it comes to scalability, basically Juniper is modular. The SRX architecture is very important. Say I am a small-time customer with 50 people in my company and I deploy on the SRX 300 Series. If my business grows exponentially and I now have 500 people in the company. My traffic has boosted significantly — say about ten times what it was. I do not have to really worry. Within one hour, I can just switch and get a new SRX box in place. Let's say I go with the 500 Series or the 4000 Series. This is my new capacity.

The change over is so simple, because the architecture is common. Whether you talk about SRX 300 or you talk about the service provider architecture, it is the same thing except for the capability to expand and handle the volume. That is very important from a technical perspective, which normally you only need one tech person to deploy.  

For mid-sized companies or even large-sized companies, you have a lot of clients from SRX 300 to SRX 5000 Series and the product line covers all the options. This is from a very basic server-level SRX box to the Next-Generation Firewall and advanced threat mitigation.  

But one thing that scalability should really take into account is that Juniper is an enterprise product. If you are really only talking about using the Sophos UTM or only want to use the product like a firewall, then you should consider a UTM box. If you then want to add an SD-WAN as an additional part of the architecture, the UTM is not the right choice. You just take an SRX box and you have SD-WAN on that. You can have a firewall on that. You can have a UTM on that. You can integrate with the cloud. You can integrate with Linux infrastructure. You can have network security.  

Today when we talk about Check Point, we talk about Next-Generation Firewalls. That includes the Palo Alto Next-Generation Firewall and Cisco Next-Generation. But no one talks about what the definition of Next-Gen is. The only difference about Next-Generation is that it has a staple firewall, by definition.  

If you are a small company and you only have five in your office, obviously you want a secure network. To do this you will buy a simple firewall. When you think of the most simple firewall, people buy a router. Then people buy a switch. Then people buy a firewall. Three devices. I would say, do not buy anything. Just buy one SRX box, which does all the three.  

Now I can also expand the same SRX 300 with a branch location. Let's say, I'm a bank customer. I have branches. Simple, I can now have the simplest of SRX 300 at all my branches or SRX 500. I just connect to my main SRX, let's say a 1500 Series with an SD-WAN topology. The project is done. Simple. I secure my network. I handle my routing. I handle my security. And I have an option for just enabling the license to get the latest threat mitigation.  

For comparison, let's take a very big enterprise network. Maybe I was the head of Informatica at APAC. I am in a situation where I have 6000 R&D developers in the organization. We monitor our total performance. Latency on the firewall should be as low as possible. This is especially critical with the current environment where people work from home. Everyone who is working from home now because of COVID has all their data still in the office and people come onto the network to get connected from home to the office.  

Imagine the load on my firewall in that situation. All the people from inside my organization are sitting outside of the office now accessing the data in the internal network through the firewall. Imagine all the data tracking is coming from all over like an external traffic base. You need to have the proper solution to handle the change in traffic and scalability is the most important factor in this case for successfully running a demanding environment.  

Juniper support is very good. But more than the technical support, their documentation is awesome. You can just Google a solution right now by stating your problem. You get into the juniper.net and there is wonderful documentation. As a technical person, I have never seen any technical documentation that is as good. I would say it is awesome. Any person who has an interest to learn, who has the interest to scale his capability with the product, just has to go to the Juniper site and they will get all the information on every one of their products. I think that it is written well enough for a non-technical person to become technical.  

They have different levels of training available. They make it very easy and available for anybody to explore the solution. There are knowledgeable people available in the technical community. It is a very good solution overall.  

I consider the setup for the product to be very easy. A basic technical person can do it. But, a person would need to know the capability of a robust box like SRX to make full use of the capabilities and the right choice of the product.  

You install the box, configure the hostname, a password, and set your IP address. By default, Juniper handles the basic configurations automatically. The control frame architecture is very nice. The whole platform architecture is very good. When you work with that box, you just divide the box into two layers: the top layer and the bottom layer. The top layer is exclusively made for the SRX box. The bottom layer is nothing but throughput where the packets get in and get out. We call it a packet forwarding engine, PFE.  

Initiating the routing packets actually go in the mapping connection between the top and the bottom, which is managed as with Oracle in an internal zone. The box is already secured when an attack happens. Nothing is 100% in the world. So, there is the possibility of an attack but at least the control center protects your network.  

The entire installation is just a couple of hours. It depends on the Oracle sizing. Let's say that you want to work on the agility of SRX, something you really need to understand is where you are deploying this product. It is different if you are comparing an SRX box or the cloud. When you are using an SRX box will it be deployed for a small enterprise, a mid-size enterprise, and a data center. You can have SRX boxes for a large data center. That is a difference in the agility of Juniper SRX compared to Cisco. For example, when I work with the cloud, I have an SRX virtual firewall, which is a high-performance network security in the virtual cloud. It is especially good for rapid deployments. It hardly takes hours to deploy on the cloud.  

When you have a container with a firewall, it is known as cSRX. Which is again, a highly available container firewall. These are used especially for microservices. When you start with a small enterprise you start with either the SRX 300 series or a 500 series, which is a next-generation firewall. It is comparable to the Cisco ASA. Probably the next good product to compare is Check Point. But the SRX product is easier to manage and deploy when compared to Check Point or Cisco.  

For the mid-size enterprise organization, we have the SRX 1400 Series or you can consider the 4000 Series. It is just an appliance. You just plug it in, switch it on, configure the network IP address, and then start configuring the protocols. You enable the licenses there, malware prevention, and all the other features you want by just adding on to the licenses.  

So it is just a matter of choosing the right appliance and from there it is practically plug-and-play. The challenge is not the initial setup and deployment, it is what you make use of.  

The main competitors for Juniper are Palo Alto, Check Point, and Cisco. Juniper has a lot of features that are good for engineering. Things like Fortinet and Cyberoam can not really compete with these others when it comes to these important features. Specifically, when you talk about Juniper SRX you talk about cloud deployment. You talk about malware remediation. You talk about reporting analytics. You talk about quarantining or threat intelligence (Unified Threat Management or UTM). You talk about data throttle, control prevention, email, web analysis, and integrated management. It can even just work as a router or assisting layer. It works best especially in large networks — like when you talk about service providers — where you have huge traffic flow. It is built to have flexibility and ease-of-use.  

My advice to anyone considering Juniper as a solution would be to first understand that the product needs to be chosen to fit the environment. You want to get the one right box that has the capacity you need. You have everything you need in the model by just updating your license. You do not have to look for a new box when your traffic remains under the upper limits of the capacity. If you are under the limitations of the capacity, the traffic goes straight out, unimpeded.  

On a scale from one to ten where one is the worst and ten is the best, I would rate Juniper SRX as a nine or even a nine-point-five overall. Additional features that could be added to make this solution a ten that other competitors have would technically make it the best product. For example, Check Point offers Blade Architecture. You just keep adding more and more blades. Because of this, Check Point — especially in the area of their security database — they are quite superior to Juniper. o there is room for improvement.  

When you really study on an enterprise level where Check Point stands out or where Juniper stands out, you have got to look into the way each product fits your needs. I mean Check Point is currently easy-to-use, and very good, global product. It also has quite a good rating from the industry over the past few years. Certainly, someone considering a purchase needs to consider options and trends.  

We use Juniper for EEE routing and we also use the gateway feature.

The most valuable features are routing and policy security.

The EEE security controls allow us to make policy restrictions, so I can customize port numbers to allow or limit control.

The Juniper SRX protects against DDoS attacks. 

When we first tested the serial interface on our model, it did not work.

It should be easier to escalate support tickets.

We have been working with Juniper SRX for eight or nine years.

We sized this solution based on our bandwidth, so scalability has not been a problem.

The support that we receive from the partner is good. They are available if you are looking for a replacement or an upgrade, and they worked with me when it came to sizing the router according to our bandwidth.

They were also able to find a workaround to the problem that we were having with the serial interface not working on our SRX550-M.

The only issue with technical support is that it depends on the escalation.

We also have a small number of Cisco routers but we rely primarily on Juniper. The Cisco products are more expensive.

The initial setup is straightforward.

Overall, this is a really good product.

I would rate this solution an eight out of ten.

We use Juniper SRX as a firewall mainly, for security and securing the network.

Juniper SRX is a very powerful firewall and sometimes can be used as a router.

I think Juniper SRX should have a GUI. Some of the competitors are already implementing GUI for the firewall.

I have been working with Juniper SRX for sixteen years.

Juniper SRX is a stable solution.

The scalability of Juniper SRX is acceptable.

Technical support initially is not that fast, if the case requires escalation, the other levels of support are fast.

The setup is a straightforward configuration, but the security customization may take time.

I would rate Juniper SRX a nine out of ten.

Juniper SRX is used for NCLS networks as well as fiber to the home.

We are a reseller of Juniper.

Juniper SRX has helped in the financial success of our organization.

The most powerful feature in Juniper SRX is definitely NCLS.

Aside from the updates, I am satisfied with everything this solution has to offer.

I'm satisfied with its routing, firewalling, and web filtering.

Juniper's product updates are extremely slow, and competitors are rapidly keeping up. It slowly updates the model.

Juniper SRX lacks email protection, for example. it is not malware-protected. In the case of malware, you are purchasing a software package from vendors through Juniper. They do not sell their own products. 

It lacks the Sandbox as well as the CM. The CM is available from Juniper, but it is manufactured by IBM rather than Juniper, despite its name.

I have been using Juniper SRX since 2012, or 2013. This solution is still being used today.

We are working with the most recent up-to-date version.

The stability of Juniper SRX is perfect.

The scalability is amazing.

We have approximately 1,000 users in our organization.

Our usage is moderate.

Technical support is a little worse than Cisco but better than everybody else.

Previously, we worked with several solutions. We switched to Juniper SRX because of the pricing, scalability, and performance.

The initial setup is straightforward. It's very easy.

The time it takes to deploy is determined by the one you choose. It can take a week or less.

I wouldn't be able to tell the amount of staff that is required to update the solution because I am not involved in the process myself.

I am a third-party integrator.

Yes, we have seen a return on investment.

Make sure you have qualified personnel, because qualified personnel may not be as readily available in your country as Cisco professionals, for example.

I would rate Juniper SRX a nine out of ten.

We primarily use Juniper SRX for two functions: site-to-site VPN and VPN for Easy Connect. The VPN provides security for remote work. We also use it for a firewall.

One of Juniper SRX's most valuable features is the site-to-site VPN. 

I would like to have a better web UI for administration. Juniper could simplify the web UI and make it more compatible with mobile devices. In particular, I'm thinking about our remote offices, where we don't have dedicated IT personnel. Let's say someone from the office staff was working via smartphone. If the web UI were more compatible with mobile devices, the administration could manage IT support from a team that is not in their location. It would make it simpler for small companies to deploy these devices. I also think the documentation is lacking.

I've been using Juniper SRX for seven years.

In terms of stability, I would rate SRX nine out of 10. For performance, we're usually satisfied, so about eight of 10.

This model of SRX we use is not a scalable solution. It's near its maximum capacity for encryption, traffic, and features.

Juniper support was great. When we reported a critical issue, they responded with recommended fixes within four hours.

Regarding customer service, we prefer working with a company that lets us directly purchase their solutions worldwide using something like an internet store, so we don't have to go through partners or dealers. We currently deliver such solutions in many countries, and each country has its local vendor. 

Sometimes we can't rely on this delivery method because we haven't tried it yet in these countries, so it's not reliable to open new offices in foreign countries due to some restrictions, regulations, and price administration for networks. This is a problem. So it would be great if Juniper could deliver equipment that we purchase directly on some internet shop instead of using a local dealer or service center.

Deploying SRX was straightforward because our environment was ready for it. We used our own IT team and deployment took about two weeks. It was a normal step-by-step process. As for maintenance, SRX usually requires software updates and nothing more. We've installed it in a suitable environment in the server room, so it doesn't require a lot of additional maintenance.

I'm not sure we are satisfied fully with the pricetag of Juniper SRX, but we understand why the dealer prices it this way. Still, we are not satisfied when we try to get prices for competitor products. Sometimes, it can be tense like this.

When you consider performance, price, and features, maybe Juniper is not so cost-effective compared to other solutions like MikroTik. On the one hand, MikroTik might have better performance and much more features than Juniper. However, Juniper is more reliable and has different approval, certifications, and standard capability features. MikroTik does a lot of the same functions but doesn't have the same certifications. MikroTik is less expensive. The device price of MikroTik is $200 versus $6,000 with SRX. In the end, we chose SRX because it was on a list of solutions approved by our remote parties. One of our customers needed to have this type of VPN to work with our company.

I rate Juniper SRX eight out of 10. I recommend it. There are two vendors — Juniper and Cisco— that we recommend for the production environment of any kind of build.

We use the virtual on-premises in our data centers.

The reason that we picked Juniper SRX is for the scalability, the fit for purpose, the tools that are available, the ongoing support, and the ability to monitor, but particularly for the virtual routers in our data centers so that we can quickly upscale them when needed, when we need more throughput.

In the last year, we've started to roll out Juniper SRX for new sites. It has only been a couple, but we'll have about 10 to 15 sites within the next month in the new framework, and we'll also be putting a virtual SRX router at our gateway in our data centers as well.

We are using the latest version. It's not finalized to install yet. I expect it to be finalized next week in our city and Melbourne data centers.

So far they've been good in terms of stability.

The scalability has been very good so far.

We've got 420 staff using it, plus two of my internal team and two of my MSPs, four people,  working on the network stuff.

We have been in touch with support and they've been good. During the configuration stages, we had a couple of tickets and they were responsive to it.

The first configuration with my network experts took a little bit of time to work through the differences between their knowledge of the Huawei networking and the Juniper set-up and the change from all the Huawei to the Juniper and Sophos access points. The first install took a couple of weeks to configure the actual hardware, and then on site, what we expected to take half a day in the first instance probably took a week, but once we did one, we've been ok rolling out the next ones after that.

In terms of the initial setup being straightforward, that depends on your knowledge of the product. Juniper has been fairly responsive when my team has asked them questions. So it has taken us longer to install than I would've hoped, but that's one of those things when you change your products.

There is a component of monthly and yearly costs depending on the product.

Ongoing costs are something that we need to manage and make sure that we're getting value on. But with feeding the data back in and the capability, we're hoping that it will pay for itself in the monitoring tools and the ability to go past just the different baselines of stability and scalability to actually make sure that we're proactive in keeping our networks alive.

On a scale of one to ten, I would give Juniper SRX an eight.

The main thing is cost. Having said that, it's not ridiculous, but you're always looking for the best value, and them bringing out the virtual cores has been really good. The cost is more expensive, but you're getting a bang for your buck. They are very good value for money in their product.

The overall, ongoing costs of licensing has added to my budget, but until I get long-term experience and make sure that it's running as expected, I can't say it's everything that I expected.