Juniper vSRX Room for Improvement
Largely the solution seems fine to me.
It could use more tutorials.
I think there's a step missing or the use cases are missing information. I'm not sure why you have to connect from the descendant to another SRX. The why part, why would I do that and what's practical, is not really answered in any documentation I have access to. At my last job, we used to hook up a VPN to the data center, and then at each site we would have a device connecting to that data center. Now that project is not 100% right now, I'm still wondering if I were to go and do that project, how would I do it? Should I make it cloud-based?
If I want to use it virtually in the cloud as a hub, I want to see if that's possible, and, if it's possible, they should have documentation on that.
I looked at the config. I played around with the config and then I say, "Okay, I see what they're doing, with the actual Azure part, and yet, on AWS, I'm having the same problem." It's something to do with the public IP. It's only functioning on the management side, on the virtual firewall. I can't get the other side, the other network interface to connect out. I don't have a connection out technically. I could ping, but through management and that's not how it's supposed to work. It's just through the management. I'm not seeing the departments.View full review »
Solutions Architect at a tech services company with 11-50 employees
The reporting can be improved.View full review »
Richard A. LaJambe
Senior Network Administrator at Zetec, Inc.
Juniper has some really good ideas, but I think they have missed the boat with regard to execution.
The GUI really needs a lot of work, and it has got worse with successive version updates. There are some things that are just easier to look at in the GUI, and they've removed some features that were very helpful.
Even though the features are still available in the CLI, sometimes it's just easier to look at the rules in a hierarchical fashion in the GUI.
The hardware needs some serious work as well. In the four years we've had Juniper vSRX, we've had four RMAs. Each of the three physical devices that we have has been replaced at least once.
A better methodology of looking at how a proposed rule would act on the network would be good to have. For example, Cisco ASA had a tool where you could write a rule or a policy, and it would tell you whether it stopped specific traffic.View full review »
Senior Network Planning Engineer at a comms service provider with 1,001-5,000 employees
The solution works quite well. I can't think of any features that are lacking. I don't know where it could be improved.
Some people complain that the solution tends to have a steep learning curve. It could be because most people have basic familiarity with Cisco or other similar products and maybe have never worked closely with Juniper products. I don't find that it's a problem, however, I have heard this mentioned as an issue for some people.View full review »
Expert - architect of ICT systems at a tech services company with 501-1,000 employees
I would like to see an activity sensor for malicious content or sensor for viruses and malware.View full review »
Network Security Engineer at a tech services company with 51-200 employees
We worked with Cisco's support and Juniper's support and there are some differences, to be honest, Cisco is more available and is more competent at addressing our cases. So that is something negative about Juniper but otherwise, the architecture of Juniper's OS is flexible and scalable and technically Juniper is good.
The GUI is really bad. Cisco's is more advanced with their ASDM platforms. Cisco has more advantages.View full review »
Senior Solutions Architect at a computer software company with 51-200 employees
VPN access is an area that needs improvement.View full review »
Senior Network Specialist at a comms service provider with 10,001+ employees
Fortinet is more user friendly than Juniper. In terms of remote access, I actually prefer using Fortinet. It is much easier to configure. When someone uses Juniper for the first time, it can be very intimidating. At one time, Juniper had what was known as a MAG, which was meant for remote access for users on the SRX.
They sold MAG and now remote access on Juniper leaves a lot to be desired because they don't have their own client. You have to use Pulse Secure or another solution. When there's a bug, Juniper relies on Pulse Secure and in our experience, this took six months to fix.View full review »
Mine control is not an easy area to control in Juniper. There are also too many steps for configuration, like the IP address policy. There are too many types of licenses, which can be confusing. Simple licenses should be built in.
Processing is too slow between Juniper and Cisco. Palo Alto is faster. The database is not as complete as Cisco or Palo Alto.