User at PT. Manunggal Integrasi Sejahtera
  • 2
  • 71

Which solution do you prefer: Juniper SRX4200 or FortiGate 1800?

Hello peers, 

I work at a small tech company and am researching firewalls.

Which solution do you prefer: Juniper SRX4200 or FortiGate 1800? Can you please compare the two solutions?

Thank you for your help.

PeerSpot user
2 Answers
Lukas Harkabus - PeerSpot reviewer
Security Presales Consultant at Trestech s.r.o.
Top 10
Mar 1, 2023

Hello Fahrorozi,

From my point of view, I would rather choose SRX4200 solution over FortiGate1800. 

1. SRX4200 is a compact 1U device equipped with ports you actually need for full firewall usage and not for datasheet specifications.
2. Juniper Networks started as a Network company so alongside with full NGFW functions of the SRX firewall you are also getting full L3 routing functionalities same ones that are working on Juniper routers with complete granular configuration.
3. All products from Juniper Networks are equipped with their JunOS Operating System which is built on FreeBSD with data and control plane separation. Main configuration and really fast troubleshooting power are provided with structured CLI where you can do everything you can imagine even get into FreeBDS for troubleshooting if needed. Also, a tool like MTR (My Traceroute) for troubleshooting is available. JunOS configuration is the same for every Juniper Networks device so when you will get used to it you can configure every platform the same way (except for stateful firewall functions dedicated only to the SRX platform).
4. Web management is also included on a device that simplifies day-to-day configuration. Web management historically was not quite great, but starting JunOS 21.x it was really improved and provided all you need for device configuration and troubleshooting, also Juniper is still working on quality-of-life improvements.
5. SSL VPN / Client VPN is fully integrated with Juniper SRX and also with a client application.
6. Regarding performance, FortiGate was and maybe is still not providing full packet sanity checks (IP protocol, SEQ number, etc.) in the default configuration. When you enable these features, FortiGate loses some performance because HW acceleration is not possible with these features.
7. Also when you are using NFS with source NAT then you will find a useful feature where you can set to NAT traffic with port number <1024.
8. Regarding C&C, antimalware, IPS, and centralized management it's all similar to all other vendors.

9. Juniper SRX also provides VRF-light routing table separation, and also Full separation with Logical systems that have separate processes for each LSYS. You can also allocate CPU resources for each LSYS.

10. Regarding HA Clustering you can use an active/active data plane (data traversing -> one node in a cluster is entrance and destination is on another node) in a special use case. You can also have free hands regarding failovers using separate interfaces/interfaces groups based on BFD, interface status, and IP reachability. You can also deploy a full L3 cluster.

This is only a subjective short summary, always depends on other factors (interfaces, budget, preferences, etc.). I would suggest you find the nearest partner (Forti or Juniper) to you, schedule a PoC and receive the solution you would prefer.

Instead of FortiGate, I would definitely choose SRX. 
A different case is the native L7 firewall when I want to check all applications, then I would maybe consider Palo Alto vs SRX in some cases.

Product comparison that may be of interest to you
Sandi Tehendi - PeerSpot reviewer
Technical Specialist - Head of Presales at Artha Mitra Interdata
Real User
Jan 27, 2023

Hi Fahrorozi,

If I have to choose between these two, I will choose FG 1800.

1. More flexible ports to use from 1G to 40G
2. Includes SSL VPN / client VPN for users
3. Has better web management than SRX
4. From the datasheet, some of the throughputs are also larger (IPv4 FW throughput, Max Session, Max Policies, etc).

But you need to know what you need for your company.
- Maybe you only need a 10G interface instead of a 1G
- Maybe you don't need the SSL VPN / Client VPN
- You also don't need a large throughput.

Hope this helps.

Find out what your peers are saying about Fortinet FortiGate vs. Juniper SRX Series Firewall and other solutions. Updated: March 2023.
687,947 professionals have used our research since 2012.
Related Questions
Software Engineer at Neusoft
Mar 24, 2023
Hi, I am a software engineer for a large IT services and consulting company.  Is the SD-WAN feature in FortiGate suitable for small business applications? Thank you for your help!
reviewer2123919 - PeerSpot reviewer
Network and Security Engineer at Digital Network Solution (DNS)
Mar 20, 2023
Hello community,  I am a Network and Security Engineer at a small tech consulting company. I am about to import the backup configuration file of my hardware-based FortiGate firewall onto my VM-based FortiGate firewall.  Can you please assist me with the procedure? Thank you for your help.
Product Comparisons
Download Free Report
Download our FREE report comparing Fortinet FortiGate and Juniper SRX Series Firewall based on reviews, features, and more! Updated: March 2023.
687,947 professionals have used our research since 2012.