Juniper SRX Series Firewall Reviews

We primarily use the solution as a firewall. We are using a two-tier firewall to protect the internal network.

This brand is one of the top three solutions in terms of firewall protection. 

The performance has been very good overall. 

We've been pleased with its overall security capabilities. 

The setup is pretty straightforward. 

It's stable and reliable.

The solution can scale. 

We'd like to better understand the roadmap of the firewall. 

The latest firewalls tend to have a short lifecycle. 

We'd like to improve the stability and the kill rate. 

The pricing can be a bit high.

I've used the solution for more than eight years. I have used the solution for quite a while so far. 

The stability is excellent. I'd rate it eight out of ten. It's very reliable. There are no bugs or glitches. It doesn't crash or freeze. 

The scalability is pretty good. We can scale a bit. I'd rate the ability to expand seven out of ten. 

We have about 2,000 users on the solution currently. 

We do not plan to increase usage. 

We've used technical support very few times. They are fine. they respond. It's pretty standard. 

The initial setup is pretty straightforward and simple. No matter the brand, the setup, and configuration are very similar. Therefore, if you have some prior experience with firewalls, you should be fine handling the implementation. 

Including the configuration process, the solution only takes an hour or two to deploy.

Normally, we do a POC before deploying the solution fully in order to test everything out. 

We have around four people who can handle deployment and maintenance tasks. 

We handled the setup ourselves with the assistance of a consultant.

We have witnessed an ROI while using this product.

We pay a monthly licensing fee. Normally, it is a year subscription. The cost is a bit high.

We are constantly evaluating other options. If we find there are issues, we proceed to the next brand and consider that one. 

We are using the latest version of the product.

I'd recommend the product to others. 

I would rate the solution eight out of ten.

Currently, we are using the solution as our data center firewall.

Juniper SRX Series Firewall is a stable solution. I am confident about the solution from a security perspective because it is difficult to penetrate.

Juniper SRX Series Firewall has to improve its web content site, like web filtration.

I have been using Juniper SRX Series Firewall since 2015.

Juniper SRX Series Firewall is a stable solution.

Juniper SRX Series Firewall is a scalable solution.

Technical support is always available, and I have had no issues with them. When I raise a ticket, they frequently join the session and resolve the issues.

On a scale from one to ten, where one is bad and ten is good, I rate the solution's technical support nine and a half out of ten.

Positive

The solution is quite easy to install.

The solution can be deployed in a couple of hours.

We have seen a return on investment with the solution because it provides all the security features required on your network, and it's not easy to penetrate.

In my opinion, the Juniper SRX Series Firewall is cheaper than other products. We have a five-year license for the solution in one go.

Currently, we are using the solution as a data center firewall, but we previously used Juniper on all my segments. Since Juniper doesn't have any web content or web filtration, we moved to Fortinet for the internet segment. Otherwise, Juniper is quite okay.

The solution is easy to maintain and monitor. We have moved from SRX550 to SRX1500. Its uptime for the last three months from the deployment day is working fine. The solution's management interface is quite user-friendly for configuring policies and rules.

Overall, I rate the solution an eight out of ten.

Customers use the solution in a cluster configuration to secure the network.

The VPN feature is quite useful, as well as the IPS. The firewall is very good.

If we need to define our user system from an anti-spam perspective, we can constantly update the antivirus. We need a subscription for such updates. It helps improve our security generally.

The solution can scale.

It is stable and reliable.

It is reasonably priced.

It would be ideal if the solution could use cloud services to help update signatures or threat prevention systems. 

There might be limitations with the product, depending on the hardware we use. We need to ensure we choose the right hardware if we want more throughput. We'd like to have more control over certain parameters and over the hardware.

They could include some features that help prevent or fight DDoS attacks.

I've used the solution for more than five years. 

I'd rate the stability eight out of ten. It is stable enough. 

The solution is scalable. I'd rate the scalability seven out of ten. 

It depends on how big the project is and how many branch offices there are. We might need more devices if it is bigger. We'd also need to use templates for all branches so that it is configured uniformly. 

We tend to provide the solution for small and medium-sized companies. I've configured it for 30 or 40 clients. 

I haven't had any issues. I've only opened two or three tickets. It's a stable solution. I haven't used support too much. I'm able to solve issues myself mostly.

Sometimes there are delays in response or solving the issue.

Neutral

The initial setup is straightforward. I'd rate the process eight out of ten in terms of ease of implementation.

The deployment time depends on which features we use. Configuring the solution may take two to three hours; however, if more modifications are needed by the client, it may be longer. It depends on the technical requirements of the company.

Firstly, I needed to update the operating system. I checked the recommendations and prepared some configurations. 

The pricing is okay. It's moderate. I'd rate the pricing five out of ten. 

I'm more of a technical person, not in sales. I do not know the exact cost of the solution. I'm not sure if there are extra costs associated with the product beyond the licensing fees.

We're a Juniper partner.

I have used various versions of the solution, including the 300, 645, and 1500.

I'd recommend the solution to others.

I would rate the solution eight out of ten. It's a reliable solution. However, maybe, when we use the big box model, the pricing is reasonable.

We use Juniper SRX firewalls and site-to-site VPN connectivity.

Overall, in terms of uptime, they are very stable and reliable, which has benefited our organization.

The command line in Juniper SRX is extremely powerful, in my opinion. It's one of the best command lines I've used in networking products.

Both the web management and the graphical user interface are inadequate and should be improved. It's one of those situations. When it comes to Juniper, I would never use the GUI, instead, I would only use the command line.

I would like to see an improved user interface, and some kind of SD-WAN solution included, or perhaps a simpler way of configuring redundant links, such as WAN links.

I have been using Juniper SRX for 10 years.

We're working with the SRX240 and 210 models.

Juniper SRX is a very stable solution.

It should scale well, in my opinion. We are not a large company, but I don't anticipate any problems with Juniper SRX scalability.

We have approximately 300 employees, whose roles are in typical sales, accounting, operations, and transportation.

I'm not sure about increasing, but we do have other Juniper products, such as switches, that we would use.

Based on my experience with technical support, I would rate them a four out of five.

Positive

We have used other solutions. We decided to change to Juniper for something a little different. We have used some open-source firewalls in the past, and we wanted something a little more robust and fully supported in a real business class environment.

Coming from other vendors, the initial learning curve was a little steep. However, I would say that the actual setup was not that difficult.

I would rate the initial setup a three out of five.

I would recommend two people with networking knowledge, particularly in Juniper SRX, are enough to have it managed and supported.

One person could do it, but it helps to have a backup.

It only took a few weeks for them to all be deployed. It was really just a matter of timing and having a window for each location to have a little downtime to make the transition.

The deployment was completed in-house.

I would say that there has been a return on investment with Simply having the dependability, uptime, and additional security features.

Juniper SRX is reasonably priced.

We evaluated other products before choosing Juniper.

Other products had a more limited feature set, in my opinion. For some of the others, it was just the price. Juniper had a reasonable price and other reliable sources highly recommend it.

I believe that knowing exactly what you want to do is beneficial. There's a lot. It's a very flexible platform, and there's usually more than one way to accomplish your goals. Planning ahead of time is definitely beneficial. If you don't have a lot of experience, I'd recommend working with a partner if at all possible.

I would rate Juniper SRX an eight out of ten.

Theere has been no change to our organization. We replaced an older Cisco ASA. We intended to use some of the UTM features, but we have not yet. In some cases, it is worse. We can’t do remote access IPsec VPNs for users like we could with the Cisco ASA. Instead, we set up OpenVPN. As the Cisco ASA is the de facto standard, doing a site-to-site IPsec VPN to other companies takes more time (e.g., IKEv2 will not work connecting to Cisco gear because traffic selectors are not supported for IKEv2).

We mostly use the Layer 4 firewall functions: Access rules, NAT, and site-to-site IPsec VPN. We liked that it had additional features and was more modern than the Cisco ASA line.

It needs better interoperability with Cisco gear.

No stability issues.

No issue. We are only a 40 person company and only have 50Mbps of internet bandwidth.

Technical support is good, though we have not really used support much. Juniper has a decent knowledgebase.

Previously, we had a Cisco ASA 5510. It was old and needed to be replaced. We switched because the Cisco ASA is underpowered. If you try to do too many functions, like IDS/IPS, UTM, virus scanning, and Smart Net, support is expensive.

The initial setup is mostly straightforward. We are converting one of our site-to-site VPNs with another company where we have overlapping subnets. This took some doing because the Cisco ASA allowed us to do policy-based NAT and could NAT the same IP subnet two different ways depending on the destination address. We needed to exclude 10 IP addresses out of a 24 subnet from the static NAT rule which was needed to deal with the overlapping subnets and ended up having to do more than 240 individual 32 NAT rules on the Juniper SRX240H2.

Work with a consultant who has good JunOS knowledge if you have a complex setup (we host more than 20 servers for internet access used by over a 1000 users).

Pricing is good. Most of the costs are in the UTM (IDS/IPS, virus scanning, etc.) subscription. Palo Alto was nice, but much more expensive.

We looked at Juniper SRX vs FortiGate and Juniper SRX vs Palo Alto, as well as the newer Cisco ASAs.

During our last network refresh, we did a wholesale forklift upgrade from Cisco to an entire Juniper network infrastructure, including Juniper SRX router/firewall/IDP, EX Series switches, and QFX Series core switches. The entire process took over two years to complete, but once it was completed, we were extremely happy with the Juniper equipment in terms of costs, performance, maintenance, and the ability to function as we needed.

• Once our engineers got their heads wrapped around the nuances of Juniper's CLI (took them about six months) with training (mostly free) and were able to get settled into Junos OS, we never looked back.
• SRX firewalls/IDP functions require similar technical knowledge level as Cisco ASA and are function on par with them. I recommend investing in Juniper Space if you have a significant amount of Juniper equipment to manage. We have three of the larger SRX550s, with one cluster configuration, for edge security devices (firewall/IDPs). We are very happy with them. 
• Not specifically in SRX category, but the 40Gb/10Gb interfaces in the QFX gear are truly wired for speed on all available ports. The virtual EX switch chassis configuration, where up to 10 switching devices can be managed as a single network device, is a solid configuration for us. We use it in three locations and have zero issues with it.

• I am really hesitate to repeat the Juniper sales line of "One Juniper", simply because within different devices, there are differences in the CLI commands used. This has been due to functional and hardware differences. For the vast majority of the Juniper CLI commands, if you learn them for the SRX, they are the same for the EX and QFX series switches. There is little to no differences between the Junos OS versions
• The "candidate configuration" and rollback features are real life savers. They are different from what Cisco does. At a Cisco CLI, when you hit enter, the command is live. Using a Juniper CLI, you configure a "candidate configuration", then "commit" it to bring it live. If you do not like it or messed up something, you just "rollback" to the previous configuration. It can all be done in a matter of minutes. This is super handy once you get use to it.
• Juniper has the "recovery safety feature", so if you perform a "commit confirmed" and the new configuration disconnects you. then there is no "confirmed" command with X mins (default = 10 mins). It automatically reverts (recovers) to the previous configuration. This is handy for when you do not want to make that trip down range just to reboot a router.
  

Third-party support for Juniper is a lot less than Cisco. This is no surprise, but a definite consideration if you are expecting to use a lot of third party support. In my guesstimate, for every 100 Cisco shops, you will find one Juniper shop.

JTAC (Juniper Networks Technical Assistance Center) is just okay for technical assistance.  However, if you are used to Cisco TAC responsiveness, you will need to adjust your expectations with Juniper Networks TAC.

I could normally fix my issue with Cisco on the first or second call, speaking with the first Cisco TAC engineer (Tier 1) that I spoke with. Juniper Networks TAC is just as good, but in my experience, it takes about two to three times longer to get the same results. It is not unusual to require escalation before the issue is resolved. Juniper simply does not have the depth and number of Juniper experts as Cisco. 

We were able to lower our overall operating costs over a three year period by 25%, mostly recovered from maintenance/support costs.

We use the solution as a device to meet NTLS connections, a firewall, and we are thinking about using it for SD-WAN.

The firewall features and the routing capability are the most valuable. The interface is straightforward and we have not had any problems with integration.

Their models for service providers could improve. We are an MSP, we resell services and I think the company could have a better program for service providers because our needs are different from our regular customer that is buying it for.

More recently we started using the GUI interface and that looks pretty shameful and needs improvement.

Juniper has a different product line that has artificial intelligence capabilities. In the future, we would like to see that extended to the SRX line.

I have been using the solution for approximately two years.

We have found the solution to be very stable. We have had literally little to no hardware or device failures in the field and have not had any customer complaints. In the years we have been using the solution we have not had any issues using it.

The scalability is good. The solution is best for small to medium size businesses.

We had to use the support in a couple of instances. When we have used the support, it was good. They were responsive and able to resolve our issues. There is also some community support online that I have found to be helpful.

The installation difficulty depends on the setup. Initially, when we started using the solution, we were using the command line interface and it took us a while to learn the commands, eventually, it becomes straightforward. 

The full deployment took us approximately one month. We typically need only one person for deployment, and we have a service operation center that manages the devices and provides the maintenance.

The price could improve, it is a bit expensive. Our licensing cost is approximately $120.00 USD annually. There are some extra fees, for example, the GUI has an orchestrator that has its own fees. 

Some of our clients have also seen similar solutions from our competitors such as Cisco and Fortinet. I think technically they are all very good products. However, for us we were looking for a product that was stable and had good support, this is the reason we chose Juniper. We package Juniper as part of our managed service to our customers.

My advice would be, generally, it is a good product with helpful support. The one thing we would like to see changes in is the pricing could be better.

I rate Juniper SRX an eight out of ten.

I work for a system integration company that partners with Juniper. Currently, I'm in a role akin to a technical consultant.

The SRX Series is often used by enterprise companies, typically in a cluster mode configuration, to enhance reliability. It's suitable for small to medium-sized enterprises as well.

Juniper recently announced a new SRX model that's very powerful, so I'm currently satisfied with the offerings.

The product provides good performance and has features comparable to other leading products in the market.

We typically use the SRX for VPN solutions and it supports next-generation features like antivirus, anti-spam, and IPS effectively.

There is room for improvement in scalability and performance. 

It's scalable and reliable, but when using next-generation firewall features, the performance decreases significantly for Juniper SRX. In Check Point and Cisco, the performance decrease is less.

I have been using it for ten years. I have good experience with Juniper SRX Series Firewall, especially in federal applications.

The branch model, being the smallest, sometimes has some bugs. However, the high-end and middle-end models are reliable and stable.

It is scalable, but unlike some vendors, like Check Point, which allows connecting more than two devices in a cluster, Juniper only supports configuring two devices in a cluster.

It's scalable and reliable, but when using next-generation firewall features, the performance decreases significantly for Juniper SRX. In Check Point and Cisco, the performance decrease is less.

I provide technical support myself.

Before, I found solutions myself. I don't usually need technical support for the SRX.

For me,  the initial setup is straightforward due to my experience. Juniper provides good documentation with example configurations, which should help even beginners.

I've handled installation services for service providers. I mostly work with on-premises versions, but sometimes I also install cloud-based solutions.

I start by preparing the configuration based on the customer's requirements, then upgrade to the Juniper-recommended version and install the configuration.

The deployment time depends on the number of SRX devices. Usually, I can handle it alone. It takes two to three hours to deploy one SRX firewall.

The maintenance is moderately challenging.

There is value for money. It offers a good solution at a good price. The price is normal for such a product.

I would recommend reading the documentation before beginning the configuration.

Overall, I would rate the solution an eight out of ten.