Juniper SRX Series Firewall Reviews

We had implemented two SRXs in high availability mode. They were used, generally, for firewall and NAT translation tables, for forwarding for services, and connecting branch offices. We have a constant internet connection, which is directly connected with the branch offices, in general. We didn't explicitly configure or use any specific SRX features regarding the filtering of URLs or something that a UTM could use, since Juniper has a more advanced configuration and, in general, a UI that's made for the customer.

The solution is mostly stable. 

We get technical support via the reseller, and they are very helpful. 

You can scale the solution. 

The solution works well for larger organizations. 

We've had some issues with the firmware. 

The solution is quite advanced. You need a lot of training to use it effectively.

When we bought the equipment, and we have more Juniper devices, not just SRX, they started to malfunction. I'm not sure why. All the devices that we bought were from the year 2018. We had the EX4600. Something was not working with this device. It was offline. We bought everything in twos so we could make a high availability with all of them. The current has malfunctioned, and all the warranties have also expired. We are, generally, expecting malfunctioning, maybe in the next few years. I was planning to switch the Juniper equipment with something else to avoid this.

It does not have a simple user interface. 

The warranty offered on the devices isn't long enough. it would be better if you could extend it out to five or eight years. Otherwise, you have to be very careful with the equipment. 

I'm not sure if Juniper SRX can filter emails or block viruses. I'm not familiar with these aspects as I haven't had that much experience using the SRX inside the UI. However, if they do not, it would be ideal if they did. I'm not sure if it can deflect any kind of DDoS attack. 

The one particular issue that I've seen on the SRX, is if you have SSH enabled and if there is a large number of SSH connections, when a brute force attack happens, the SRX, in general, tends to become unstable, or it resets by itself. That's one issue that's particularly making me angry, and I had to request the reseller to block the SSH permanently, or just to allow access, so only they can connect.

Juniper SRX was implemented in our company at the start of 2018.

While the solution has been running stable, one device has also malfunctioned. We had some issues with Juniper in general. It was regarding the firmware and some box, or something like that. We've needed to contact our reseller more frequently to fix the issues that are occurring when using the device.

Regarding stability, it's pretty much working in a stable way. I haven't had any issues regarding, let's say, speeds or connectivity or general day-to-day use, when users connected on the switches and accessing the internet, and so on. That said, sometimes with the devices, strange issues happen.

Regarding scalability, generally, it is simple, I would say, at least from my perspective. I wasn't the person that configured the devices, however. The reseller was. 

Before the Corona crisis, there were 250 users. Now we've got maybe 90 to 100 people.

We generally contact the reseller that sold us the device and also has a maintenance protocol. We have services on-demand when some issues arise and we need help.

The reseller was pretty good regarding ticket issues, management, or making modifications, even during the production time. They are really trusted people, and a trusted IT company, and they've expertly managed all the requirements that I've sent them or any other modification on the network that I wanted to have.

I've used Cyber and a Sophos UTM device. Juniper is, generally, more advanced. I haven't been able to get enough training to maintain the Juniper device.

The main reason we chose Juniper was the stability, and the number of concrete connections that users can make when, let's say, they going out to the internet, and accessing services over the internet. Also, regarding the network port-forwarding to internal servers, in services, the device that we had before was Cyberoam UTM, and it didn't quite handle the high load. I generally noticed that SRX can handle pretty high network loads when going in or out. It's proven itself to be stable in that regard.

The initial setup was generally handled by the reseller and they did the setup as described on the schematic and regarding core network configuration, high availability, security, firewalls, et cetera. It was, generally, out of the box when it was configured and set up from the ground up.

While the setup was planned in 2017, it was up and running in 2018. It took about six months or so.

We switched office buildings, the main office. The new office was built with this solution. Everything was migrated, including all the network devices, all the servers, all the ISP, internet connections, and so on. Everything was, generally, carefully planned when it was deployed.

Our reseller also handles the maintenance. Generally, that takes one or two people.

Our reseller partner handled the initial setup for the most part.

I can't speak to the licensing. It's not an aspect I handle directly. I can't say that there are extra costs involved beyond the licensing fee. 

We are currently using Juniper SRX, however, I was thinking about maybe changing the devices to FortiGate or a UTM device.

Lately I was thinking about simplifying. Maybe FortiGate might have something more user-friendly for the end-user or for the customer experience.

I'm just a customer and an end-user.

We are using the SRX Model 345. It's a physical device. It's not a virtual instance.

In general, I wouldn't recommend Juniper to, for example, a small business. I would maybe recommend it to a bigger company. We might have made a mistake taking Juniper. Maybe we should have used something more user-friendly.

I would recommend it to a company that has more than 250 people. Or maybe even over 300. For a smaller company, it's not financially, efficient in the long-term, in terms of subscriptions or maintenance costs and similar things. A company that uses high-grade enterprise equipment, should be really financially equipped to handle such things.

It's highly advanced, at least for me. I would really need some training to at least handle some basic things, or maintenance, or even Firmware upgrading or high availability configurations. It's too advanced for me. I would really need to have some kind of network specialist certificate to manage them.

I would be really worried about the warranty as a new user as well. You really need to keep the subscriptions up to date, or not to stop them. If you've stopped them, you also need to pay penalties for the years that the subscriptions weren't used. 

Regarding equipment, you really need to have them in twos, not one. You need to have high availability for all of them. The equipment tends to malfunction, specifically if there are any power issues inside the building, or if there isn't any generator or UPS underneath, and so on. The equipment really needs to be taken care of.

I'd rate the solution at an eight out of ten.

We use the solution for protection and security. We primarily use the solution for an internal firewall.

If you require any particular rule that needs to be modified, any particular rule that needs to be fine-tuned, the solution will give you all the details regarding how to fine-tune the policy, including the destination, IP, et cetera. You can easily fine-tune whatever you need to in Juniper. It's easy to implement and meets our patience threshold. 

The dashboard is very helpful. It's extremely useful in terms of putting the necessary policies in place.

I handle the operation part. I'm just putting policies, et cetera, on Juniper. For tasks such as those, it is very easy and it is a comfortable, straightforward process.

The solution has proven to be quite stable.

Technical support has been quite helpful.

I've noticed that the management interface could use some updates and upgrades.

The dashboard can be updated. 

The reporting could be more robust and in-depth.

I've looked into the Check Point firewall a bit and I've found that its anti-spoofing is a good feature. Juniper should consider adding that as a feature.

I've only just begun to really use the product. I only have one year of experience so far. It's still new to me. Therefore, it's hard to make any notes on any features or improvements, as I'm still familiarizing myself with everything. I need time to compare it to other firewalls, and I have not gone through the process of doing that just yet. I need more time.

I've been dealing with the solution for about one year. It hasn't been that long. 

It is really stable. I've seen Juniper work well in my other companies as well. It is very good, in terms of stability. There are no bugs or glitches. It doesn't crash or freeze. The performance is reliable.

Overall, the scalability is very good. A company should have no trouble with scaling if it would like to do so.

We have about 2,000 users currently. They cover various roles in our organization. It's not just used by a specific team.

The technical support on offer is very good. Whenever I would have some issues, they have responded on time and they have really good knowledge of the product. We've been quite satisfied overall.

We use a variety of solutions, including Cisco and Check Point.

I did not handle the initial implementation. That was handled by someone else. Therefore, I can't really share any insights on the process. I do not know if it was easy or difficult, or how long it really took to deploy.

I do not handle the licensing arrangements. That's handled by management. Therefore, I can't speak to how much it costs the organization or how often we pay a licensing fee.

We're just a customer and an end-user.

In general, on a scale from one to ten, I'd rate this product at a nine. We've been quite satisfied with its capabilities so far. 

I'd recommend the solution, however, it really depends on what an organization needs. There are various factors, like pricing, for example, that should be taken into account when looking at solutions.

The primary use case is for protecting enterprise systems.

It allows users connecting from homes, who urgently need to log into the networks through a secure tunnel without using internet IP gateway, access using a SSL.

• It is highly scalable, stable, and can be easily updated.
• It protects from distributed denial-of-service attacks, DDoS attacks, with Screen Options.
• When you design your networks, you can put SSL Inspection as a gateway to make the systems secured, like IT systems.

The GUI needs to be easier and more helpful for users who don't have security experience.

They need to add WAF management to the tool, as competitors already have it as part of their offerings. This feature is future of protecting enterprise solutions.

It is very stable, but it needs an engineer on the system while it is running to monitor for attacks and when attacks are in process.

It is easy to expand.

The technical support is good, but there is a time delay between the support and attacks.

The initial setup was straightforward, but has since become straightforward with experience.

For example, with MX (not SRX), it needs to be specific when you export or import the subnetting or addresses that you want to block or filter out of your networks. This is why it is a complex process the first time and becomes subsequently easier

You have to be aware of Linux commands, which will make you able to use this device, like exporting file, saving file, monitoring your logs, and making a new script.

The greatest improvement we have seen is in operational performance and operational stability. There are no outages.

• It's a reliable firewall and very stable, for both the hardware and applications it is stable. 
• It's very powerful. 
• It's also a very secure device, it has good attack prevention capabilities using UTM.
• It's user-friendly with a good UI.
• It has powerful CLI.

It's not 100%, it's not a perfect product, some points need to be adjusted, need to be enhanced.

There have been no issues with this product.

It's a very scalable product.

I think they have professional support. Support is really good, they are professional engineers.

Customer support is very good.

I used Cisco, and Palo Alto, and used McAfee. As a consultant, a systems integrator, if customers go to SRX it's because of its features and the stability of the product. It's the most stable product.

It was very straightforward, very clear.

Other than Palo Alto, StrongSoft is very stable. Cisco Firepower is very unstable.

I can say for, that for a datacenter, and for price, first I appreciate Palo Alto and then I appreciate Juniper, more than the others.

Support for Juniper is best, better than Palo Alto, but Palo Alto is more powerful. And there is a big difference in pricing.

This product is our network firewall.

The Juniper SRX series is easy to use.

The interface could be more user-friendly.

I have been using Juniper SRX for a few years.

I have never needed to contact Juniper technical support.

I have not been involved in the installation of this device.

There is a licensing fee.

This is a product that I can recommend to others.

I would rate this solution a seven out of ten.

Many customers of ours use Juniper firewalls — almost 30 enterprise companies in total. 

We have explored perimeter security; however, we have not had the chance to group all the security solutions from Juniper. In relation to perimeter firewalls, we have had a good experience. We have been working with Juniper for about 10 years now, and I think it's a good brand in the market in general. In the past, they had some issues involving integration with different products in the portfolio, but currently, I think they have solved that issue. Speaking about our experience with perimeter firewalls, we feel comfortable. We think they have a good interface, the operating system is good, it's robust. It has plenty of great features, and the relation between the cost and benefits works for our business.

They recently improved this solution. Currently, I feel comfortable with Juniper in general.

Support is good. We speak to them quite often.

The initial setup was very simple.

Currently, we plan on exploring more products and solutions geared toward cloud security.

Overall, on a scale from one to ten, I would give Juniper SRX a rating of nine.

Firewall for a lab environment.

Before, we were handling everything with a Vyatta server until our network became more complex.

Stability.

The device could be more user-friendly.

We're using it as a primary firewall and UTM for the main lines coming into our offices and also for connecting our sub-offices around the world.

Previously, we had different routers for each of the incoming lines to the office, and we had other firewalls on the backend to manage them. Now, we have changed all of these, and we have all the lines coming into one single solution, which is SRX. We manage everything very easily from one single interface. Previously, we used to have 10 different devices to do that. Now, we have only one.

We like the fact that we can easily combine multiple internet links to the office and use them like one link.

It is very fast and very easy to maintain. Another nice part of it is that you can easily extract the logs and move them over to a security operations center.

Its logging is very good, but we would like to have an easier way of creating more reports. We would like to be able to manipulate the reports or manage the way the reports are coming out.

In terms of new features, we are using almost all of the features that it has, and there is nothing specific that it is lacking.

I have been using this solution for four years.

It is very stable.

It is scalable. We haven't used the scalability up till now, but we know that we can extend it.

We have 150 users here, and then we have around 30 to 40 users in different countries such as Singapore, Hong Kong, and Norway. They're using some parts of it. They are using some smaller units to connect to the main office.

We don't have any plans to increase its usage as of now. Any expansion would be in terms of getting new offices around the world. We may install more of those smaller ones, but for the time being, as far as I know, we will not expand it in the office because it is already performing as it should. It actually did a very good job when we were working remotely because it allows us to connect to the office very easily and work remotely.

They have been pretty good. In some cases, they took a little bit of time to give a response for the cases we were facing. However, in most of the cases, they were very fast in responding and providing full resolution to the cases we faced.

We had different routers for each of the incoming lines to the office, and we had other firewalls on the backend to manage them. We switched because it was too difficult to manage multiple solutions for each of those lines. We wanted to have one single place where we could manage everything. We also didn't want to have some people going out from one internet line and some from another internet line. We wanted to combine all those lines together and make them work as one, and that's what we achieved with SRX.

We were not so much involved in the setup because we had a security company to do that for us. It took us about two months.

We had a security company for its implementation. Our experience with them was very good.

For its maintenance, we have our IT department. There are three people for managing the maintenance of it. 

We evaluated many other options. We checked out Palo Alto, Fortinet, and Check Point.

I would advise others to do good planning in the beginning because that helps a lot in having a very little downtime. It took us two months to implement it, which might seem very long, but we had zero downtime. Nobody noticed anything during the switch. It was the best way to implement it. This is the most important part. When you are trying to do such changes in the organization, it is very important that you do it by using the right resources and from the right perspective.

I would rate Juniper SRX a 10 out of 10.