We performed a comparison between Cisco Secure Firewall vs Juniper SRX based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: The two solutions are very comparable. Each of them have a good set of features, and the solution you choose will ultimately be dependent on your company’s specific preferences and requirements.
"I really like the captive portal feature for our guest network. It has nice VLAN features in terms of separating our network. The anti-virus is also good."
"The next-generation firewall is great."
"FortiGate firewalls are user-friendly, and I like the security profiling features."
"FortiGate Secure SD-WAN includes best-of-breed next-generation firewall (NGFW) security, SD-WAN, advanced routing, and WAN optimization capabilities, delivering a security-driven networking WAN edge transformation in a unified offering."
"The solution has very good threat and content filtering switches."
"All of the features of Fortinet FortiGate are useful and the security protection is good."
"It has improved our security capabilities."
"We use the FortiGate Sandbox to detect zero-day vulnerabilities, such as anomalies or malware, that are unknown and have not yet been discovered."
"The features I have found most valuable are the ASA firewalls. I like to have features like most integrated systems in ACI."
"The integration and configuration were pretty straightforward."
"It's a flexible solution and is well-known in the community."
"The IP filter configuration for specific political and Static NAT has been most valuable."
"Among the top features are integrated threat defence and the fact that each virtual appliance is separate so you get great granular control."
"Cisco ASA provides us with very good application visibility and control."
"Provides good integrations and reporting."
"I have experience with URL filtering, and it is very good for URL filtering. You can filter URLs based on the categories, and it does a good job. It can also do deep packet inspection."
"Great as an inter-segmentation firewall or border or arch-firewall."
"You can scale the solution."
"Technical support is good. They quickly respond, and they even have local help here. They can actually give you an answer very quickly."
"One of Juniper SRX's most valuable features is the site-to-site VPN."
"We think they have a good interface, the operating system is good, it's robust. It has plenty of great features, and the relation between the cost and benefits works for our business."
"The security features and the model collection are the most valuable."
"Troubleshooting with the solution is quite easy. If you compare the process to, for example, Fortigate, Juniper is much easier."
"It helps us perform our daily jobs."
"In the next release, maybe the documentation on how to use this solution could be improved."
"They can do more tests before they release new versions because I would like to be more assured. We had some experiences where they release something new and great, but some of the old features are disabled or they don't work well, which impacts the product satisfaction. The manufacturer should be able to prove that everything works or not only that it might work. This is applicable to most of the other services, software, and hardware companies. They all should work on this. We cannot trust every new release, such as a beta release, on the first day. We wait for some comments on the forums and from other companies that we know. We always wait a few weeks before we use the updated version. They should also extend the VPN client application, especially for Linux versions. Currently, it has an application for Linux devices, but it doesn't work the way we want to connect to the VPN. They use only the old connection, not the new one. They have VPN client applications for Windows and Mac, but they can add more useful features to better manage the devices and monitor the current health of each device. Such features would be helpful for our company."
"FortiLink is the interface on the firewall that allows you to extend switch management across all of your switches in the network. The problem with it is that you can't use multiple interfaces unless you set them up in a lag. Only then you can run them. So, it forces you to use a core type of switch to propagate that management out to the rest of the switches, and then it is running the case at 200. It leaves you with 18 ports on the firewall because it is also a layer-three router that could also be used as a switch, but as soon as you do that, you can't really use them. They could do a little bit more clean up in the way the stacking interface works. Some use cases and the documentation on the FortiLink checking interface are a little outdated. I can find stuff on version 5 or more, but it is hard to find information on some of the newer firmware. The biggest thing I would like to see is some improvement in the switch management feature. I would like to be able to relegate some of the ports, which are on the firewall itself, to act as a switch to take advantage of those ports. Some of these firewalls have clarity ports on them. If I can use those, it would mean that I need to buy two less switches, which saves time. I get why they don't, but I would still like to see it because it would save a little bit of space in the server rack."
"Fortinet FortiGate needs to improve the logging and reporting. Additionally, the next-generation application's policies should be improved. When they were released they had bugs."
"Performance and technical support are the main issues with this solution."
"If I had any criticism that I would give FortiGate, it would be that they need to stop changing their logging format. Every time we do a firmware upgrade, it is a massive issue on the SIM. Parsers have to be rebuilt. Even the FortiGate guys came in and said that they don't play well in the sandbox."
"The support costs and licensing are sometimes so expensive."
"The solution could be more evenly structured."
"I needed to be well-versed with all the command lines for Cisco ASA in order to fully utilize it. I missed this info and wasted some operational costs."
"It is a good firewall, though not NextGen."
"If the implementation was easier, it would be a lot better for us."
"Bandwidth allocation needs improvement."
"It's lacking one feature: VPN. Also, the 2100 Series lacks a DDoS feature. If they could add that to those platforms, that would be good."
"It integrates with other security products from Cisco, but sometimes, there can be glitches or errors."
"One area where the ASA could be improved is that it doesn't have AMP. When you get an ASA with the Firepower model, ASA with FTD, then you have advanced malware protection."
"Security generally requires integration with many devices, and the management side of that process could be enhanced somewhat. It would help if there was a clear view of the integrations and what the easiest way to do them is."
"We purchased three devices and all three have been replaced under RMA."
"The user interface is something that Juniper needs to improve."
"The Juniper product has to improve in terms of innovation."
"In comparison to other enterprise-level firewalls, such as Cisco FTD, Cisco has improved significantly. In the past, I believed that Juniper SRX was superior, but after seeing the advancements in the FTD platform, Cisco has better functionality. I have not recently explored Juniper SRX's next-generation firewall capabilities as we only use basic firewall filtering in our enterprise network."
"I would like them to add a dashboard because it's difficult to operate."
"It was very difficult to deal with and required a lot of support, and the UI is very poor."
"I would like to see endpoint control and endpoint testing security."
"When I was going to upgrade the OS, the solution didn't accept certain USB devices."
Cisco Secure Firewall is ranked 4th in Firewalls with 404 reviews while Juniper SRX Series Firewall is ranked 18th in Firewalls with 86 reviews. Cisco Secure Firewall is rated 8.2, while Juniper SRX Series Firewall is rated 7.8. The top reviewer of Cisco Secure Firewall writes "Highlights and helps us catch Zero-day vulnerabilities traveling across our network". On the other hand, the top reviewer of Juniper SRX Series Firewall writes "Highly scalable, user-friendly UI, and easy to maintain". Cisco Secure Firewall is most compared with Palo Alto Networks WildFire, Netgate pfSense, Meraki MX, Sophos XG and Check Point NGFW, whereas Juniper SRX Series Firewall is most compared with Palo Alto Networks WildFire, Netgate pfSense, Palo Alto Networks NG Firewalls, Check Point NGFW and Meraki MX. See our Cisco Secure Firewall vs. Juniper SRX Series Firewall report.
See our list of best Firewalls vendors and best Firewalls vendors.
We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.