Juniper vSRX Reviews

On the cloud, we use it to test functionality.

Our company is in a proof of concept mode with this product. We have not selected it yet.

• Security posture
• VPN

The GUI interface needs improvement. It also needs improvement with the VPCs.

Because we are in proof of concept, the stability hasn't been stressed more than 30 percent.

The scalability is okay. 

The size of our environment is 46 offices.

The technical support has been good.

The integration and configuration with AWS was excellent.

Our experience purchasing the solution through the AWS Marketplace was good.

We like pricing through the AWS Marketplace.

We also were considering Palo Alto Networks.

Look at this product and Palo Alto's product, then do a deep comparison analysis.

It integrates with our VPC and Direct Connect Gateway.

I am also using it on-premise. Compared to the AWS version, it is pretty transparent.

We are a solution provider and the vSRX is something that we have included in one of the solutions that we sell to our customers for cyber security protection. Our initial deployment was on-premises at one of our customer's sites.

We were so happy with vSRX that we expanded its usage. We design and prepare solutions for ships, and we have included the vSRX as part of our cyber security solution for them. It is still an on-premises deployment, although the premises is a vessel.

This product is primarily used for its UTM functionality. We collect all of the logs that the UTM produces onboard each ship and bring them onshore. At that point, we reevaluate them. We give full accessibility to the customers, allowing them to see what the UTM is doing on their ships.

This product has improved the way our organization functions because prior to implementing it, vessels did not have this technology. There was nothing equal to it.

The most valuable features are application filtering, content filtering, the intrusion prevention system (IPS), and definitely the application firewall.

We use the SSL inspection capability, which we really like a lot.

The reporting can be improved.

I have been working with Juniper vSRX for three years.

Stability-wise, it is very good. This product is very stable and it's proven to be a very good tool for us. It is used extensively because it is part of the ship's main operations. All of the data that goes in or out of the vessel is inspected by it.

This is quite a scalable product. It is easier to scale than the SRX because it's virtual. It's easier to assign more resources than it is to add more hardware.

We have installed this solution on approximately 450 ships with about 20 people in each of them. Many more of our customers have ships and we expect to surpass 1,000 installations within the next two or three years.

The technical support is very good.

We did not use another solution prior to this one. A product did not exist for our customers' ships, so we introduced it using the vSRX.

We have also implemented the Juniper SRX and the vSRX takes a little bit longer because the design is more complex. From the design phase to implementation and deployment, it takes between two and three days to complete.

We had a partner do the implementation for us. The maintenance is also done by a partner. We have a lot of vSRX devices out there, and we are not actively maintaining them ourselves, so we have our partner to take care of it.

We did not evaluate other options before implementing this solution. We are Juniper SRX users and we were so happy with that product that we decided the only solution had to be the vSRX.

My advice for anybody who is implementing this product is that the whole thing is about the design. If you design it well, consider how you should introduce it into your organization, and have a good implementor to ensure that it integrates well into the platforms you already have in place, then you won't have any problems with the implementation phase. Having a good integrator is very important.

Feature-wise, this product isn't missing anything. There is nothing that we have asked for that isn't there. Our only complaint is about the reporting.

I would rate this solution a ten out of ten.

My primary use case for Juniper is to allow traffic for each team to reach servers on our other sites. I allow some source addresses to reach some destination addresses with some applications with HTTP, HTTPS, and SSH, to reach the service for each team.

Juniper is more flexible with the commit check and the commit confirmed command. The design of the forwarding and contract plan in the operating system is very important for the performance when we have very big traffic.

We worked with Cisco's support and Juniper's support and there are some differences, to be honest, Cisco is more available and is more competent at addressing our cases. So that is something negative about Juniper but otherwise, the architecture of Juniper's OS is flexible and scalable and technically Juniper is good.

The GUI is really bad. Cisco's is more advanced with their ASDM platforms. Cisco has more advantages.

I have been using this solution for more than two years. 

We also used Cisco. There are some differences in the command-line interface.

I would rate Juniper an eight out of ten. In the next release, I would like to see an enhanced GUI, graphic user interface, because the graphic user interface is very bad.

They should also discard some existing commands that we have to delete before the commands. Cisco is more practical.

I would recommend Juniper because they have a very good product. Especially, the 5800 product is a very good product for an internet service provider.

My company is an IAP so we use the solution for virtual security to segregate work.

There are a few valuable features that offer very good quality on the solution. Especially NetScreen. We used to use NetScreen for the product line. It was a very mature solution, very robust, easy to configure, easy to manage, etc. It made it easy to do everything. 

We have some weird errors and some weird behavior on the solution occasionally. The device gets buggy without anyone touching it. It would work and then suddenly stop. Sometimes you need to just move the cards out and restart it again, and it will work. The solution itself, the hardware and the software, there must be some bugs that need to be dealt with. 

We are using high-end devices. For the high-end devices, all the features are there; we don't need more features. What we need are for the features we have to work exactly as we want them to. Especially on the IT desk. There's something wrong between the hardware and the software. As I mentioned, some hardware is not working correctly in some integrations, and I'm not sure why. 

Technical support is very bad. They never respond to any ticket you open, although we pay for the support. 

The initial setup was a little bit complex.

We used a consultant to assist with implementation. In retrospect, we probably could have handled it ourselves.

We use the on-premises deployment model.

I would rate the solution seven out of ten.

The tool could be used without additional work. It is easy to implement.

The IDs of interfaces that are implemented inside of the vSRX maybe should be extended in some cases because there is the imitation of virtual interfaces.

I have been using Juniper vSRX as an end user for five years.

The product is stable.

I rate the solution’s stability a ten out of ten.

The solution’s scalability is high because more than 4000 elements can be deployed.

Around 100 users are using this solution.

Technical support is fine.

The initial setup is easy. We use the special scripts to configure it. It is automatic to configure and implement. 

Documentation.

The tool is sold in a package. Hence, the individual price is very low.

I recommend the Juniper vSRX solution. Its effectiveness depends on the architect's expertise. We've encountered no issues with its deployment in our system. Our collaboration with Juniper has been satisfactory in terms of quality. However, it's essential to consider cloud technology within such architectures. The current solution lacks scalability and might need to be reevaluated based on emerging trends in security with the increasing shift toward cloud technology.

Overall, I rate the solution an eight out of ten.

We use the solution to block unwanted sites on our internal platform.

We like the solution’s protocol and its dashboard system.

The solution should consider improving its licensing policies. It would be better if we could make a one-time payment for the hardware.

Our organization has been using the solution for about three and a half years.

The solution is stable. I rate the stability a nine out of ten.

It is not a scalable solution since it depends on the hardware. In our organization, 500 people use the solution. We have no plans to increase the number of users.

The initial setup is straightforward.

It took about three to four days to deploy the solution. We hired third-party consultants to deploy the solution the first time.

The deployment model depends on our operations. We needed only one engineer to deploy the solution.

We have purchased a one-year license for the solution. The solution could have been cheaper.

I would recommend the solution to others. Overall, I rate the solution a nine on ten.

We use it for our network and VPN.

We have a lot of field users. Using this tool, they can get authenticated into the system. Instead of going through multiple steps to bring up client information, it is just the click of a button on a mobile application, then they can get authenticated.

The authentication part is seamless and easy for people. They can use their mobile phones and everything to get authenticated. 

Right now, we are going through issues and problems where the product gets dropped with the connection or during the authentication initial phase. While it could be our problem, we would like to see more stability in this area.

The stability needs improvement.

We have more than 5000 field agents. From our perspective, we are okay with scalability at this time.

Juniper vSRX was a replacement product for something called Network Connect that we were using before. It seems much easier for the clients to log into it.

We are using both the on-premise and AWS versions. They are used for different purposes, so I can't compare them.

I can’t really say a firewall improves anything other than security, but we have been able to solve a lot of extranet connectivity issues with these firewalls that the bigger name devices didn’t handle so well.

It is bomb proof as seen by the fact they are still in production use today. A simple human friendly command structure, making CLI edits and debug sessions easy and quick, means that they just don’t fail.

The SRX is a different device. It is much more sensitive to unexpected power loss so we had to RMA several after unexpected site power outages. The command structure is also different so that I always need my cheat sheet when debugging on them.

The NSM is its own beast. It's a 10 when it’s running properly, gives you all the info you need easily to make and document edits and monitor status of devices, but keeping it running well is almost a job in itself. It doesn’t manage its own database very well and it gets slow and unresponsive, often requiring user intervention on the server backend.

Currently we use Juniper products, SSG and SRX firewalls in about a 50/50 mix both standalone and in HA clusters. We also use their NSM for device management and logging.

The SSG models are mostly EOL and are being replaced with new “Next Gen” firewalls. The SRX models will likely continue to be used internally as support will remain available for some time.

We only use the firewall and virtual router options and they do what we need:

• The firewall is easy to configure and testing shows we are blocking the threats.
• The virtual routers make this solution a one box answer for our needs and simplify our internal networking. As they are built into the devices, they allow you to move and separate traffic in a number of ways on one set of hardware.

They constitute a solid working solution that has been able to cope with any of the unique challenges that have come up.

While the OS supports a pretty full UTM option, we found in testing that the hardware was not powerful enough to run with all the bells and whistles turned on for the amount of traffic we process. So we use other hardware for those services meaning it’s not a deal breaker for us.

We have had no issues at all with the SSG models and the SRX model only had problems with sudden power loss occasionally.

The only issue was that the Network Security Manager (which is EOL) was sold as supporting over 125 devices. That may be true if you are just managing the configurations but once you add in monitoring and logging it’s really only happy with fewer than 40 devices, as the database grows too big to deal with and needs constant maintenance.

I would rate the technical support as average, as the calls were responded to quickly but as usual it depends on who you happen to get on the phone that day. Some were very good, others times I had to ask for a different engineer to join the call.

This solution was in place when I started so I cannot answer this question.

The setup was straightforward and to get into a cluster consists of about ten commands. The hardest part is deciding on active/active or active/passive for your solution.

I’m not involved in the financial side of the purchase. Our buyers handle that. Support and licensing comes in the usual tiers, SLA for repairs and/or options turned on in the device.

I know they left Check Point and looked at Cisco products before choosing Juniper, but that decision pre-dates my involvement.

I would say get an SSG but they are EOL so for the SRX make sure you have the recovery boot system configured and a way to remote console the device.
I know this sounds like a major problem but it’s not been that big an issue. We run HA and have same day replacement on them so if we lose one it’s not a major outage, just more work to do.