Juniper vSRX Reviews

I can’t really say a firewall improves anything other than security, but we have been able to solve a lot of extranet connectivity issues with these firewalls that the bigger name devices didn’t handle so well.

It is bomb proof as seen by the fact they are still in production use today. A simple human friendly command structure, making CLI edits and debug sessions easy and quick, means that they just don’t fail.

The SRX is a different device. It is much more sensitive to unexpected power loss so we had to RMA several after unexpected site power outages. The command structure is also different so that I always need my cheat sheet when debugging on them.

The NSM is its own beast. It's a 10 when it’s running properly, gives you all the info you need easily to make and document edits and monitor status of devices, but keeping it running well is almost a job in itself. It doesn’t manage its own database very well and it gets slow and unresponsive, often requiring user intervention on the server backend.

Currently we use Juniper products, SSG and SRX firewalls in about a 50/50 mix both standalone and in HA clusters. We also use their NSM for device management and logging.

The SSG models are mostly EOL and are being replaced with new “Next Gen” firewalls. The SRX models will likely continue to be used internally as support will remain available for some time.

We only use the firewall and virtual router options and they do what we need:

• The firewall is easy to configure and testing shows we are blocking the threats.
• The virtual routers make this solution a one box answer for our needs and simplify our internal networking. As they are built into the devices, they allow you to move and separate traffic in a number of ways on one set of hardware.

They constitute a solid working solution that has been able to cope with any of the unique challenges that have come up.

While the OS supports a pretty full UTM option, we found in testing that the hardware was not powerful enough to run with all the bells and whistles turned on for the amount of traffic we process. So we use other hardware for those services meaning it’s not a deal breaker for us.

We have had no issues at all with the SSG models and the SRX model only had problems with sudden power loss occasionally.

The only issue was that the Network Security Manager (which is EOL) was sold as supporting over 125 devices. That may be true if you are just managing the configurations but once you add in monitoring and logging it’s really only happy with fewer than 40 devices, as the database grows too big to deal with and needs constant maintenance.

I would rate the technical support as average, as the calls were responded to quickly but as usual it depends on who you happen to get on the phone that day. Some were very good, others times I had to ask for a different engineer to join the call.

This solution was in place when I started so I cannot answer this question.

The setup was straightforward and to get into a cluster consists of about ten commands. The hardest part is deciding on active/active or active/passive for your solution.

I’m not involved in the financial side of the purchase. Our buyers handle that. Support and licensing comes in the usual tiers, SLA for repairs and/or options turned on in the device.

I know they left Check Point and looked at Cisco products before choosing Juniper, but that decision pre-dates my involvement.

I would say get an SSG but they are EOL so for the SRX make sure you have the recovery boot system configured and a way to remote console the device.
I know this sounds like a major problem but it’s not been that big an issue. We run HA and have same day replacement on them so if we lose one it’s not a major outage, just more work to do.

One of Juniper vSRX's most valuable features is its integration with safety applications. It keeps the software secure from developers without relying on third-party solutions.

The biggest downside of Juniper vSRX is its pricing, which may be too high for smaller organizations. While it's a decent solution, the cost may limit its accessibility to smaller customers.

I have been working with the product for five to six years. 

The solution's stability is good. It responds very quickly in crisis situations, which might be partly because I know the team there and how to get the information I need.

The tool's scalability is good. 

I've seen really fast response times with Juniper vSRX. When there's a problem, it modifies the firmware quickly to respond to the threat. With Cisco, it can take months to make changes because their architecture is more complicated. Juniper vSRX and Fortinet are straightforward. 

Positive

I rate the overall solution a nine out of ten. 

We use the solution to block unwanted sites on our internal platform.

We like the solution’s protocol and its dashboard system.

The solution should consider improving its licensing policies. It would be better if we could make a one-time payment for the hardware.

Our organization has been using the solution for about three and a half years.

The solution is stable. I rate the stability a nine out of ten.

It is not a scalable solution since it depends on the hardware. In our organization, 500 people use the solution. We have no plans to increase the number of users.

The initial setup is straightforward.

It took about three to four days to deploy the solution. We hired third-party consultants to deploy the solution the first time.

The deployment model depends on our operations. We needed only one engineer to deploy the solution.

We have purchased a one-year license for the solution. The solution could have been cheaper.

I would recommend the solution to others. Overall, I rate the solution a nine on ten.

The tool could be used without additional work. It is easy to implement.

The IDs of interfaces that are implemented inside of the vSRX maybe should be extended in some cases because there is the imitation of virtual interfaces.

I have been using Juniper vSRX as an end user for five years.

The product is stable.

I rate the solution’s stability a ten out of ten.

The solution’s scalability is high because more than 4000 elements can be deployed.

Around 100 users are using this solution.

Technical support is fine.

The initial setup is easy. We use the special scripts to configure it. It is automatic to configure and implement. 

Documentation.

The tool is sold in a package. Hence, the individual price is very low.

I recommend the Juniper vSRX solution. Its effectiveness depends on the architect's expertise. We've encountered no issues with its deployment in our system. Our collaboration with Juniper has been satisfactory in terms of quality. However, it's essential to consider cloud technology within such architectures. The current solution lacks scalability and might need to be reevaluated based on emerging trends in security with the increasing shift toward cloud technology.

Overall, I rate the solution an eight out of ten.