Juniper SRX Series Firewall Reviews

I work with firewalls. We have a team to manage them. We also have services that are related to hosting and we provide solutions related, and we set up everything.

We manage their connections remotely.

Every firewall has different use cases. Juniper is zone-based and the architecture matters. It offers convenience for the users to have remote access and ensures a secure and safe authentication.

When compared to Palo Alto, Juniper is a better choice when it comes to the enterprise network and connectivity.

Juniper SRX is pretty fast to configure and make it work.

Once it is configured, it's fine, which is not the case with other firewalls.

Juniper is user-friendly. It works perfectly well.

Upgrades are available.

Juniper SRX has a roll-back feature which is very interesting. As no one is perfect and mistakes do happen, we can roll it back to the previous configuration.

This solution can handle a lot. It's manageable when you know the parameters, the features, and the number of policies of your firewall.

The user interface is something that Juniper needs to improve. 

We have used many models of Juniper SRX. Based on the scale and the environment of the customer, we choose what is best for them.

Most of what we use are between the SRX300 and SRX345. These are the most commonly used series.

Simple, mid-scale establishments can use these models.

It is more or less stable. I prefer it for its stability as a firewall.

We are not a large team, we have 20 members in our company.

It's a scalable solution.

The support could be somewhat improved with Juniper.

We have also had firewalls from Palo Alto as well as FortiGate. I prefer Palo Alto, comparatively, it is better.

We find that the technical support with FortiGate is very slow. We are not able to get the proper help in spite of having the AMC add-on.

It is not at all complex. It's easy. 

The initial setup is straightforward.

The maintenance requirements are based on the customer's agreement and whether it is to manage the firewall and maintain it.

It is best suited to an enterprise-level, as the mid-range companies may find that the cost is not affordable.

Previously, we had an implementation plan for a client. We verified the different types of firewalls and the support and how it works. We evaluated Cisco, Juniper, and FortiGate.

From the previous recommendation, we saw all of the technical aspects of the different firewalls. Based on that information, we were able to clarify and come to a conclusion and chose the firewall that was best suited to the client's needs.

Recently, because of the price, we have moved to Juniper.

Most of the AMCs are costly.

We choose our solution based on many reasons. One is the cost, which is the primary reason, and the second is the performance. Performance in this context includes how it loads, and how it handles. Based on these parameters, we choose the firewalls.

At this time, we are not using cloud-based features. It is something we anticipate in the future. We are not using Juniper cloud-based. When you have a setup at an architecture level, they will not have drastic changes until, or unless they are financially stable and they want a higher level of architecture to be implemented.

The change will not happen suddenly, even if you have an enterprise core application it won't be done in a different way. There will be a roadmap done. We also have the SSG firewalls.

There is a lot of work in the pipeline, it might take more time to change the firewalls that need upgrading.

When we use so many products, we have to follow the hierarchy. We don't commonly work in a UI environment.

I would recommend this solution to others who are interested in using it. It is good, and it is faster and easier to maintain. The price is not bad and when compared with Cisco, I find that Juniper is better. It's a good product for enterprise companies. 

We have a custom-built model that makes it very simple to migrate.

I would rate Juniper SRX an eight out of ten.

We are using this product as our Firewall.

The configuration is difficult and it should be easier.

I have been using Juniper SRX for three years.

Juniper is stable and I haven't had any problems.

The hardware is scalable and we have about 500 users.

Juniper supports their products very well.

I have experience with Fortinet and Sophos and I found that the installation and configuration were easier with these solutions.

This product is easy to install but difficult to configure. It takes perhaps three hours to deploy.

I completed the deployment myself. There are three people who work on it, including two administrators and the head of Network Infrastructure.

We plan on buying an SRX370 within the next year.

I would rate this solution a five out of ten.

We leverage this as a firewall and for IT tech services. It's more of a firewall used in a router sorting device. I see major benefits from leveraging it like this.

This is a product on the customer side, not in our services. What I have identified so far is that, considering the complex deployment that the customer wanted to make, the scalability with the feature support that they already have, and its functionality provided, Juniper SRX was one of the better products available. It helped us to scale well with that product customer requirement because they wanted the IT side on a virtual router, with a firewall so it was integrated to work. Such a complex setup cannot be easily accomplished by just using a firewall. SRX actually helps us scale and integrate the product according to customer requirements. It also helped us with its routing capabilities which eased the cost, because otherwise I would have had to take a router and firewall, and then integrate it. With this, however, it was an integration of firewall and routing services all together in a single product. That was one thing that I loved about it.

IPS is something that I do not find valuable, but the other features are awesome. Firewall IP second router is good, but IPS needs to be worked upon.

IPS, or IDS services, need improvement. Their major problem is that you have to integrate it with MSN or web building services, you need to buy support for that and services but you cannot. The best thing that I see was a filtering service with custom categories that I can create. If I buy a license, I can integrate it with a different product, but their own web building services is poor. So they can improve web building services, as well as look for application awareness, and maybe, with IPS, they can have their own built-in services rather than integration with MSN for using IPS. There are three things that can be improved.

IPS is one that I would definitely want to be improved. I would also like SSL VPN to be integrated. Other than that, I guess it's doing a firewall, so I would say it's cool. Next in features, I would want that to be included, along with SSL VPN, if possible. Other than that for the product, I don't think there's a need for doing anything with this.

More than 7 or 8 years

It's cool. I would say it's one of the most stable services. Providing for redundancy is a bit challenging, but it actually is something that can be worked upon because they have a different concept of highway building, as opposed to general people doing stuff. I would say it is a good, stable product, except for the problematic part of it. If people are not aware of how to deal with it, it can be very cumbersome.

You can scale it well, but when you scale you need to take a product out to another one. On a scale level, it's a very good scalable product. It's a good firewall so if you pump it in high traffic, it will be able to adapt to it, unless and until you outgrow its throughput. Then you would either have to get a new model or maybe if you have to avert your firewall, you might have to upgrade it to a new version. So far it's a good product.

This was for a 1,000 user base.

You don't need extra staff to maintain the solution. Unless and until you have a problem of lags or circuit issues, I don't think you need extra staff. One SE should be fine with this product.

I think there will be future plans to increase usage and get more devices. We are also trying to leverage this into a cloud platform, so there would be some more usage.

The technical support or tech team is good. So far, when I worked with them, they have been able to resolve issues firmly. If they cannot do it, they connect you with someone you can work with, so they can just connect to the engineering team. Their data services is something which is really good.

However, their documentation is a bit more challenging. They have unsourced to work, like knowledge base articles and stuff, but they would need to work a bit more on the documentation to compare with Cisco documentation. That's something that they can improve on. They have good documentation. The documentations are clear, but there is not sufficient content available.

The initial setup was very simple. I would say it was the simplest one to date.

Deployment time depends on the solution. This was a very complex one, so it took us four weeks to get the most complexity out of it. I think taking a single deployment, it would not be more than a couple of hours. If you are already working with Juniper products, it would be a couple of hours. If you're not working with Juniper products, maybe a week, not more than a week.

I did the implementation myself, I don't normally take help but in scenarios where documentation is not available, I do go ahead and refer it out but this was simple. I don't think I needed the technical support staff, but I have worked with Juniper tech for certain scenarios in integrating this. It was tax-supported, non-profit services.

There was no additional licensing cost because there were no IPS services. It was just a firewall IP circuit router so they have the default licensing. We just need to renew the support yearly.

Our customer evaluated Palo Alto also. They liked it, and even integrated it, but the scalability requirements they had were an issue. They loved Palo Alto for the security services, but their requirement was routing and security in a single device. That's the reason they were not able to go with the Palo Alto services, but they chose Juniper.

If you're looking for a product that can give you routing as well as security services, and you're not looking for too much taxing on the security part, I guess this is a good product. If, however, you're looking for security services on a greater edge, maybe something like next-gen firewall features, referencing services, or IPS to a greater level, I would recommend going with other security products. If you want integration of both, you can use this, and maybe if you evaluate, or move forward with better services over a period of time and better models of that, maybe this is something that you can always look for both, routing as well as security services.

SRX is a security product that's not that good on security, but it's good at routing, so they actually balance out. I would rate them around six of ten. 

Cisco does one thing right. Cisco has AnyConnect so they can fully integrate SSL routing services. Previously Juniper used to have Pulse Secure and MAG devices. They sold it off to Pulse Secure, but maybe they could try to integrate SSL VPN with their products. Maybe that would help them increase market share.

We use it to deploy the firewall.

Sometimes we use the newer version, sometimes the older version. It depends.

In terms of valuable features, Juniper firewall filtering is good.

Juniper SRX's UI is very bad. We have to use CLA all of the time and Sky ATP.

If I compare Fortinet with SRX, particularly for filtering websites and email addresses, SRX is very very difficult.

I have been using Juniper SRX for the last five to six years.

It is good for a medium sized network. It depends how it is deployed.

If you look at the Gartner rating, Juniper is not among the top rankers.

The scalability is fine.

Since COVID, the tech support is not much good. You have to wait a long time. For example, if you open up a case, you don't know how much time it will be before they come and if the person opening the ticket is even experienced.

Because I have been using Juniper for five years, for me the setup is not hard. But compared to FortiGate it is much more difficult for new users.

It is on a subscription basis, mostly yearly. It totally depends on the customer. The customer gets a discount on the hardware.

On a scale of one to ten, I would give Juniper SRX a seven.

I like the Junos OS, which has been very good for me. It's very clever. I can find everything I want, I can commit changes, and I can throwback. I think it has very good features. I like Juniper because of Junos.

I think it needs some automation. I have to find an API for Python and so on, which is quite different from a typical solution. Sometimes committing configurations takes a lot of time in Juniper because of the connections, and it could be a little bit faster. Their documentation could also be better.

I've been using Juniper SRX for about ten years.

Juniper SRX is very stable.

It's not very scalable because you need some experience with Juniper. I know that it's difficult for people who are familiar with Cisco to start Junos. Compared to Cisco, 
Juniper also has very bad documentation.

I think technical support is good.

We're also using Check Point at the moment.

The initial setup is easy for me because I have some papers with notes that help me.

The price is reasonable.

I would advise people interested in using this solution to start learning Junos.

On a scale from one to ten, I would give Juniper SRX a nine.

We primarily use the solution for a small office.

The solution works very well in small offices.

The CLI works perfectly.

Technical support has been very helpful overall.

They offer very good administration capabilities.

The solution could cost less. It's a bit expensive right now.

The solution sometimes takes a long time to deliver the products. We're often waiting for stock. They should just have the product available and ready to go when customers need it.

I've been using the solution for about 15 years at this point. It's been a long time. It's been well over a decade.

The solution is pretty stable. We haven't had any issues in that regard. It's reliable.

The solution can scale, however, it's often difficult to get a hold of the product itself. We're often waiting on orders.

The solution seems to work well in small offices. I'm not sure how well it would do in larger enterprises.

The solution offers very good technical support. We've found them to be helpful and responsive. We don't have anything to complain about. Their service has been good so far.

We did previously use a solution called NetScreen.

The pricing is a bit expensive. They need to work on their pricing models.

We're currently looking at Fortinet as an option. Currently, this solution is fine for a smaller office, however, we're curious to see if there's a solution that may be better suited for a larger setup.

We're an official Juniper partner.

I don't typically work with the user interface. I deal more often with the CLI, and that works very well. I'm not really able to comment too much on usability for those who need a user interface to operate the solution.

I'd recommend the solution. Overall, on a scale from one to ten, I would rate it at an eight. For the most part, we've been pretty happy with it.

We primarily use the solution for the SD-WAN solution, not the firewall. We use it to protect the perimeter of the client. It's like a firewall for the perimeter.

The application control features are excellent.

The solution has been good for fulfilling our basic needs.

Our operational team handles the solution more than I do. I personally haven't seen any features that are missing per se.

The solution isn't very granular or detailed. However, we're just using the basics anyway.

The product could have a quicker response when it comes to technical support getting back when we have questions.

We've been using the solution for one year.

The stability overall has been okay. It's working. We have the solution in production now for almost a month. At this moment, I haven't heard of any complaints of the stability, or of any bugs within this product.

Typically, we deal with medium-sized organizations.

The solution doesn't have scalability due to the fact that it is a fixed WAN and therefore it's limited to its hardware. You can't scale that to attend to a bigger organization. It's limited. It was created to a specific size; it was not created to scale. It doesn't have this option. 

Technical support has been very good. I would rate it a nine out of ten. We're quite satisfied with the level of service we've been provided so far. However, they could improve slightly by increasing their time to respond. They can be a bit slow.

As resellers, we deal with a variety of products including Cisco and Fortinet.

The initial setup wasn't too complex. It was pretty straightforward. We didn't really face any problems during implementation.

The deployment takes about 20 minutes. This without the client tests and just the configuration and no validation. Everything that was necessary was applied, however, not with the tests as it took too much of the client's time, and would have took much longer.

We buy the license from our reseller and implement the license for our clients.

With Jupiter, we sell IT services such as perimeter security. The client can buy his own firewall or we can buy it for the clients if they would like us to. 

We don't have a focus on selling equipment, however.

We are a reseller. We don't use the product ourselves. We implement solutions such as this for our clients.

I'd advise those considering the solution to gather the most information possible and organize it so that you can configure the firewall according to the company's needs. The relationship between the information that we get and what the client needs at the firewall, the real needs, is important.

Overall, we've been happy with the solution and I would rate it a nine out of ten.

We primarily use this solution for data center segregation.

The features that are most valuable are the high-speed interfaces and MPLS.

The throughput when using features can be improved.

100-gigabit interfaces should be added into the next release because we'd like to adopt them.

The solution's stability is very good.

The scalability of the solution is limited.

We did use a different solution. The old boxes were at end of life.

The initial setup was complex because we have a complex network.

I find that the interfaces are okay. The big thing is performance. With all the features turned on it slows down.

The advice I would give to everyone is to specify a larger box than you think you need.

Due to the performance indications, I'd rate this product as a 7 out of 10.