Try our new research platform with insights from 80,000+ expert users
it_user845487 - PeerSpot reviewer
Sr. Network Engineer at Kitsap Credit Union
Real User
Lowered our operating costs by 25% over three years, mostly recovered from maintenance/support costs
Pros and Cons
  • "Juniper has the "recovery safety feature", so if you perform a "commit confirmed" and the new configuration disconnects you. then there is no "confirmed" command with X mins (default = 10 mins). It automatically reverts (recovers) to the previous configuration. This is handy for when you do not want to make that trip down range just to reboot a router."
  • "Using a Juniper CLI, you configure a "candidate configuration", then "commit" it to bring it live. If you do not like it or messed up something, you just "rollback" to the previous configuration. It can all be done in a matter of minutes. This is super handy once you get use to it."
  • "Third-party support for Juniper is a lot less than Cisco. This is no surprise, but a definite consideration if you are expecting to use a lot of third party support. In my guesstimate, for every 100 Cisco shops, you will find one Juniper shop."
  • "JTAC (Juniper Networks Technical Assistance Center) is just okay for technical assistance. However, if you are used to Cisco TAC responsiveness, you will need to adjust your expectations with Juniper Networks TAC."

What is our primary use case?

During our last network refresh, we did a wholesale forklift upgrade from Cisco to an entire Juniper network infrastructure, including Juniper SRX router/firewall/IDP, EX Series switches, and QFX Series core switches. The entire process took over two years to complete, but once it was completed, we were extremely happy with the Juniper equipment in terms of costs, performance, maintenance, and the ability to function as we needed.

How has it helped my organization?

  • Once our engineers got their heads wrapped around the nuances of Juniper's CLI (took them about six months) with training (mostly free) and were able to get settled into Junos OS, we never looked back.
  • SRX firewalls/IDP functions require similar technical knowledge level as Cisco ASA and are function on par with them. I recommend investing in Juniper Space if you have a significant amount of Juniper equipment to manage. We have three of the larger SRX550s, with one cluster configuration, for edge security devices (firewall/IDPs). We are very happy with them. 
  • Not specifically in SRX category, but the 40Gb/10Gb interfaces in the QFX gear are truly wired for speed on all available ports. The virtual EX switch chassis configuration, where up to 10 switching devices can be managed as a single network device, is a solid configuration for us. We use it in three locations and have zero issues with it.

What is most valuable?

  • I am really hesitate to repeat the Juniper sales line of "One Juniper", simply because within different devices, there are differences in the CLI commands used. This has been due to functional and hardware differences. For the vast majority of the Juniper CLI commands, if you learn them for the SRX, they are the same for the EX and QFX series switches. There is little to no differences between the Junos OS versions
  • The "candidate configuration" and rollback features are real life savers. They are different from what Cisco does. At a Cisco CLI, when you hit enter, the command is live. Using a Juniper CLI, you configure a "candidate configuration", then "commit" it to bring it live. If you do not like it or messed up something, you just "rollback" to the previous configuration. It can all be done in a matter of minutes. This is super handy once you get use to it.
  • Juniper has the "recovery safety feature", so if you perform a "commit confirmed" and the new configuration disconnects you. then there is no "confirmed" command with X mins (default = 10 mins). It automatically reverts (recovers) to the previous configuration. This is handy for when you do not want to make that trip down range just to reboot a router.

What needs improvement?

Third-party support for Juniper is a lot less than Cisco. This is no surprise, but a definite consideration if you are expecting to use a lot of third party support. In my guesstimate, for every 100 Cisco shops, you will find one Juniper shop.

Buyer's Guide
Juniper SRX Series Firewall
December 2024
Learn what your peers think about Juniper SRX Series Firewall. Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
824,053 professionals have used our research since 2012.

For how long have I used the solution?

Three to five years.

How are customer service and support?

JTAC (Juniper Networks Technical Assistance Center) is just okay for technical assistance.  However, if you are used to Cisco TAC responsiveness, you will need to adjust your expectations with Juniper Networks TAC.

I could normally fix my issue with Cisco on the first or second call, speaking with the first Cisco TAC engineer (Tier 1) that I spoke with. Juniper Networks TAC is just as good, but in my experience, it takes about two to three times longer to get the same results. It is not unusual to require escalation before the issue is resolved. Juniper simply does not have the depth and number of Juniper experts as Cisco. 

What was our ROI?

We were able to lower our overall operating costs over a three year period by 25%, mostly recovered from maintenance/support costs.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Chair of Communication and Computer Networks at Poznan University of Technology
Real User
An inexpensive and stable solution for mid-sized companies, but compared to Cisco, the solution is not innovative
Pros and Cons
  • "The solution is stable, inexpensive, and works well for medium size companies."
  • "The solution's configurations and syntax are specific and more complicated than other platforms."

What is our primary use case?

I am a teacher and the solution is used as a router for my students' laboratory exercises. I have the firewall function switched off and the solution operates as a main router for our very limited traffic. 

What is most valuable?

The solution is stable, inexpensive, and works well for medium size companies.

What needs improvement?

The solution's configurations and syntax are specific and more complicated than other platforms. Compared to Cisco, the solution is not intuitive. 

For how long have I used the solution?

I have been using the solution for two years. 

What do I think about the stability of the solution?

The solution is stable. 

What do I think about the scalability of the solution?

The solution is scalable and I rate it a ten out of ten. 

How are customer service and support?

I have not used support services because I rely on experienced colleagues for answers. 

How was the initial setup?

The solution is quite simple to set up if you spend a few hours learning the syntax. Based on experience level, it can be implemented in a few hours. 

What's my experience with pricing, setup cost, and licensing?

The pricing is very inexpensive which is the main reason I bought the solution. One device costs around 50 EUR through the University's vendor who is modernizing our network. 

What other advice do I have?

I rate this solution a seven out of ten. 

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Juniper SRX Series Firewall
December 2024
Learn what your peers think about Juniper SRX Series Firewall. Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
824,053 professionals have used our research since 2012.
Network Architect - Contractor at TEML
Real User
The operating system and the flexibility it provides is what really differentiates this solution
Pros and Cons
  • "There is a lot of flexibility in how you can commit, check, and back out of a configuration."
  • "It's a good stable firewall, but it's nowhere near what it needs to be for a next-generation type firewall."

What is our primary use case?

The primary use case is a combination of a firewall, router, and VPN termination device.

How has it helped my organization?

It allows us to do remote configuration changes, and if there is a problem, not losing connectivity to the device.

What is most valuable?

I really like the Juniper operating system. It is more of a UNIX based system, more than Cisco, and I really like it. There is a lot of flexibility in how you can commit, check, and back out of a configuration.

What needs improvement?

In terms of improvement, it could use more on the security side. It's a good stable firewall, but it's nowhere near what it needs to be for a next-generation type firewall. 

They also need to improve their documentation. With Cisco, you can find lots of examples, but with Juniper, it is not always the case. One area that needs more focus is instruction on how to interoperate with other vendor's products. I would like to see documentation on running IPsec tables between Fortinet and Juniper or Cisco and Juniper because the information is not there.

Their technical support also needs improvement, as they are lagging behind Cisco.

For how long have I used the solution?

Eight years.

What do I think about the stability of the solution?

This is a very, very stable solution. Again, their operating system is outstanding. Really, this is what differentiates it.

What do I think about the scalability of the solution?

In terms of scalability, it clusters nicely so you can put it into a stacked mode. The size that it is meant to serve, it does very well. It is not meant as a large enterprise-type firewall. Rather, it is meant for a small to medium sized customer.

We currently have about seventy-five users, and we don't plan to increase that number at this time.

How are customer service and technical support?

I would say that their technical support is ok, but it needs improvement. This is an area where they are not as good as Cisco.

Which solution did I use previously and why did I switch?

We migrated to this solution from a Cisco ASA (Adaptive Security Appliance).

How was the initial setup?

Transitioning from the Cisco ASA that we had running took about two hours of planning and another two hours of execution time.

In terms of the maintenance, myself and one other person take care of everything. We take on small contracts all over the place.

What about the implementation team?

I handled the implementation for this solution myself.

What's my experience with pricing, setup cost, and licensing?

The pricing is perhaps half to around forty percent of Cisco. 

Which other solutions did I evaluate?

Juniper is my favorite and I had used it so much that we did not evaluate any other products.

What other advice do I have?

This solution is really nice to use. It's very similar in terms of capabilities to a Cisco, but it's just that the operating system is so much nicer to use.

I would say that you need some time to get comfortable with the operating system if you've never used it before, but don't let that scare you. Buy it and put it on your desk for a week, then play with it. If you've got a live environment or if you've got some type of simulation you can set it up in, it won't take long and you can feel comfortable using it.  

I would rate this product an eight and a half out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Senior Network Analyst with 1,001-5,000 employees
Real User
The throughput is fine but the CLI is verbose, especially when configuring
Pros and Cons
    • "The CLI is verbose. You have to say a lot to do a little. I don't like that part of it. Cisco's command syntax seems to be a good bit more concise. When you're trying to get something done, you don't want to have to type a bunch."

    What is our primary use case?

    Our primary use case is security. The performance has been okay. It's a bit of a change from the Ciscos in terms of the configuration syntax, from the CLI perspective. We use it just as a firewall. We don't use it for routing functionality.

    How has it helped my organization?

    The Juniper was a later model, later technology than we had, more horsepower than we had before. The performance is better, but it could have been any firewall in its peer group. The improvement was because our old firewalls were, well, old. So the performance has been an improvement. And the IDS, perhaps, is a little better than what the older firewalls had.

    What is most valuable?

    I'm not sure what the most valuable features are. I'm not really that impressed with the technical support. I'm not really that impressed with the product, to be honest with you. Throughput seems to be okay.

    What needs improvement?

    The CLI is verbose. You have to say a lot to do a little. I don't like that part of it. Cisco's command syntax seems to be a good bit more concise. When you're trying to get something done, you don't want to have to type a bunch. I wish there was a quicker way to configure through the CLI. I know all the tricks of hitting spacebar etc. to finish the command, and the context tricks of going further in. But it just reminds me of an older operating system, like VAX/VMS. It's just very verbose.

    Maybe this is where the Space Security Director product comes in, but we aren't quite using the Security Director in Space to its fullest yet.

    For how long have I used the solution?

    One to three years.

    What do I think about the stability of the solution?

    It seems stable. We haven't had too many failures. We have had some but, by and large, it's been pretty stable. It's not taxed, the way we're using it.

    What do I think about the scalability of the solution?

    The model we have is very scalable. It's a fairly large firewall.

    How is customer service and technical support?

    I have spoken with technical support 30 or 50 times. On a scale of one to 10, I would evaluate Juniper technical support at five. It's never resolved in one call. It's always a couple of calls. We're not being passed from one department to another, it's just that they don't seem to be answering the question you give them. It's very frustrating.

    How was the initial setup?

    I migrated it from an ASA to the Juniper. It was a fairly straightforward process. There are things that are required on the Juniper that weren't required on the Cisco, like the global address book. Things have to be on there before you can do a lot of net and the like.

    What other advice do I have?

    You need to know what your company's strategic vision is, and then map the security part of that. I don't just mean cost-related, but the strategy for profit-related future ventures. You need to know why you want a particular firewall. Don't ignore the functions and future growth and products on the horizon from each of the vendors.

    What you go with has to meet your current needs but, more importantly, is the company a going concern - meaning if they're going to get better - then how do they complement your particular industry's growth? Are they going to be there to make remote access and extranets and research easier to deliver? The product has to be configurable, with lots of options should you need to subscribe to those options.

    The most important criterion, for me, when selecting a vendor is that they have to rank high in industry ratings. Juniper has just not been there. I haven't seen the 2018 reports, but year after year Juniper is not only the least visionary but one of the least in terms of performance. I also don't like the fact that they spun off their VPN to Pulse Secure. I know that's a subsidiary, but I don't necessarily want to have a separate appliance for a light-duty VPN.

    I would rate Juniper at seven out of 10. It's a little harder to configure from a VPN perspective, VPN Tunnels. Their tech support is the big problem for me. I don't want to be bounced around. I don't want to get half an answer when I ask a whole question. I would take an inferior product with better tech support, without question. If I have a responsive engineering team that will fix problems when they come in, with firmware releases, etc., I'd clearly take an inferior product with that better support. It's all about function.

    I probably wouldn't have chosen the Juniper in this environment. We just don't need yet another knowledge base to learn. And it doesn't fold into some of our Cisco services. For example, the assets control doesn't integrate well with the Radius servers. Something like that could be downloadable ACLs, for instance.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    it_user701490 - PeerSpot reviewer
    Network | Firewall Engineer - Cloud Managed Services Delivery at a tech services company with 10,001+ employees
    Consultant
    Having this design has greatly simplified the network and improved operational efficiency of support staffs

    What is most valuable?

    Valuable features for us include:

    • Routing: When firewalls can also perform full routing functionality, it helps to save cost on dedicated routing hardware.
    • High Availability (clustering): This is important to ensure service availability in the event of a node failure. These firewalls in HA mode consist of a primary and backup node, and provide redundancy such that if one of the nodes fails, the other node will take over.
    • Deep packet inspection (DPI) capabilities: Juniper SRX firewalls inspect packets as they traverse the firewalls and it goes beyond the traditional five tuples (source IP, destination IP, protocol, source port, and destination port) packet inspection by using the App-ID engine to inspect the protocol to correctly identify applications. It further rate-limits traffic, using the AppQoS features, based on specific types of applications.
    • IPSec VPN: This is crucial because it provides secure site to site connectivity between the DC and remote locations. Traffic traversing the secure link is protected from the prying eyes of unauthorized intruders or the man-in-the-middle.

    These features are valuable because they allow smooth operation of the business from a technology standpoint. Again, this is relative.

    How has it helped my organization?

    There was a business need to provide service high availability and system redundancy in addition to routing and firewalling at the internet edge and the datacenter core.

    Having this design has greatly simplified the network and improved operational efficiency of support staffs.

    What needs improvement?

    The GUI needs improving.

    For how long have I used the solution?

    We have been using the solution for seven years, providing design, implementation, support, and optimization.

    What do I think about the stability of the solution?

    We had a stability issue. Just like any other vendor, there are code stability issues on some of the platforms. However, there is always a recommended code version for each platform.

    What do I think about the scalability of the solution?

    We did not encounter issues with scalability, but this depends on the environment. The DC class firewalls can scale vertically or horizontally.

    How are customer service and technical support?

    They provide an awesome technical support.

    Which solution did I use previously and why did I switch?

    We used Cisco and CheckPoint. Routing functionality and advanced security services were limited.

    How was the initial setup?

    The setup was straightforward and simple once you understand the building blocks of Junos and firewalls.

    What's my experience with pricing, setup cost, and licensing?

    Pricing and licensing are very reasonable.

    Which other solutions did I evaluate?

    We evaluated Palo Alto and Fortinet.

    What other advice do I have?

    This product will offer maximum performance and capacity.

    It is extremely reliable depending on the business need. It supports full routing functionality and advanced security services like Application Security, Unified Threat Management (UTM), IPS, and threat intelligence.

    Advanced security services require a license.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    Stratos-Margaritis - PeerSpot reviewer
    Solutions Architect at Navarino SA
    Reseller
    Top 10
    Easy to maintain, easy to extract the logs, and very stable
    Pros and Cons
    • "It is very fast and very easy to maintain. Another nice part of it is that you can easily extract the logs and move them over to a security operations center."
    • "Its logging is very good, but we would like to have an easier way of creating more reports. We would like to be able to manipulate the reports or manage the way the reports are coming out."

    What is our primary use case?

    We're using it as a primary firewall and UTM for the main lines coming into our offices and also for connecting our sub-offices around the world.

    How has it helped my organization?

    Previously, we had different routers for each of the incoming lines to the office, and we had other firewalls on the backend to manage them. Now, we have changed all of these, and we have all the lines coming into one single solution, which is SRX. We manage everything very easily from one single interface. Previously, we used to have 10 different devices to do that. Now, we have only one.

    What is most valuable?

    We like the fact that we can easily combine multiple internet links to the office and use them like one link.

    It is very fast and very easy to maintain. Another nice part of it is that you can easily extract the logs and move them over to a security operations center.

    What needs improvement?

    Its logging is very good, but we would like to have an easier way of creating more reports. We would like to be able to manipulate the reports or manage the way the reports are coming out.

    In terms of new features, we are using almost all of the features that it has, and there is nothing specific that it is lacking.

    For how long have I used the solution?

    I have been using this solution for four years.

    What do I think about the stability of the solution?

    It is very stable.

    What do I think about the scalability of the solution?

    It is scalable. We haven't used the scalability up till now, but we know that we can extend it.

    We have 150 users here, and then we have around 30 to 40 users in different countries such as Singapore, Hong Kong, and Norway. They're using some parts of it. They are using some smaller units to connect to the main office.

    We don't have any plans to increase its usage as of now. Any expansion would be in terms of getting new offices around the world. We may install more of those smaller ones, but for the time being, as far as I know, we will not expand it in the office because it is already performing as it should. It actually did a very good job when we were working remotely because it allows us to connect to the office very easily and work remotely.

    How are customer service and support?

    They have been pretty good. In some cases, they took a little bit of time to give a response for the cases we were facing. However, in most of the cases, they were very fast in responding and providing full resolution to the cases we faced.

    Which solution did I use previously and why did I switch?

    We had different routers for each of the incoming lines to the office, and we had other firewalls on the backend to manage them. We switched because it was too difficult to manage multiple solutions for each of those lines. We wanted to have one single place where we could manage everything. We also didn't want to have some people going out from one internet line and some from another internet line. We wanted to combine all those lines together and make them work as one, and that's what we achieved with SRX.

    How was the initial setup?

    We were not so much involved in the setup because we had a security company to do that for us. It took us about two months.

    What about the implementation team?

    We had a security company for its implementation. Our experience with them was very good.

    For its maintenance, we have our IT department. There are three people for managing the maintenance of it. 

    Which other solutions did I evaluate?

    We evaluated many other options. We checked out Palo Alto, Fortinet, and Check Point.

    What other advice do I have?

    I would advise others to do good planning in the beginning because that helps a lot in having a very little downtime. It took us two months to implement it, which might seem very long, but we had zero downtime. Nobody noticed anything during the switch. It was the best way to implement it. This is the most important part. When you are trying to do such changes in the organization, it is very important that you do it by using the right resources and from the right perspective.

    I would rate Juniper SRX a 10 out of 10.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    RiskMana49f0 - PeerSpot reviewer
    Risk Management and Security Governance at a comms service provider with 501-1,000 employees
    Real User
    Simple to implement and handles MBPN traffic well
    Pros and Cons
    • "The most valuable feature is the virtualization because it can be used for customers who are using the mobile data network to request a private connection to a remote site."
    • "The Juniper product has to improve in terms of innovation."

    What is our primary use case?

    Our primary use case is for MPBN, where we provide a firewall for our mobile data customers. As an ISP, we protect the 2G, 3G, and 4G customers.

    What is most valuable?

    The most valuable feature is the virtualization because it can be used for customers who are using the mobile data network to request a private connection to a remote site.

    There are also standard security features such as NTP groups and firewalling features and these are also good. 

    What needs improvement?

    The Juniper product has to improve in terms of innovation.

    It only has standard reports, such as memory capacity and data traffic. By comparison, the Check Point solution comes with great reports. Check Point tracks the logs, then analyses the logs and can tell you when you are under attack. Then, you can prevent it. With Juniper today, what you have in terms of log analysis is not so good. I think that they have another solution for this, but it is not embedded, and you have to purchase it separately.

    For how long have I used the solution?

    Approximately four years.

    What do I think about the stability of the solution?

    Since we have deployed, there have been maybe two or three minor issues. Our local support helped us to clear these.

    What do I think about the scalability of the solution?

    I cannot really tell if it is scalable because we are managing twenty gigabytes of traffic on the node. They say that it can scale up to almost one terabyte, but we don't have the capacity so I can't really tell.

    This solution is used for all of our mobile customers, which is approximately twelve million. All of our 4G customers use it. This includes standard users who want internet access on their phone, as well as those who want a VPN connected to a private server.

    How are customer service and technical support?

    I would rate their support seven out of ten.

    The technical support directly from Juniper is too expensive, so we receive support from our local reseller instead. This can take between one and three hours, which at times is not up to our company standards.

    While the Juniper support staff is skilled, is it too expensive, which is why I rate it seven.

    Which solution did I use previously and why did I switch?

    At one point we tried to move the mobile data firewall from our Juniper SRX56 to the Cisco ASA 5585. What we found out is that Cisco was not performing well at all. I was very disappointed by the Cisco solution. There were more issues for the same amount of traffic. With Juniper, you just have to upgrade to handle additional clients, but when we tried with Cisco, definitely the result was not good at all.

    How was the initial setup?

    The initial setup was straightforward, especially compared to that of Cisco. It was very simple with the help of our local provider.

    From the design phase up to the implementation stage took approximately one month per site. This included the time to validate the design documents and then validate and approve the changes. We needed to slot a window of time for the change, consider whether there is any impact on the customer, and then monitor what happens during the change. For both of our sites, it took approximately three months.

    For the design and clarification, we had one person for four nodes. In terms of operations, we have two engineers.

    What about the implementation team?

    Our local provider assisted us with the implementation of the final solution. In Cameroon, we had Erikson, and they knew what they had to do so it was really straightforward.

    What's my experience with pricing, setup cost, and licensing?

    While the price of support is expensive, the price of the solution, itself, is not.

    The problem came about when we tried switching to Cisco and discontinued our support. In order to subscribe again later, we had to pay a reinstatement fee. We found out that if you have not used the product for a certain period of time, you have to pay for this period before paying for a new year of support. Say, for example, that you don't pay for support for one year. That year must be paid for, first, before getting support. That is why I am saying that support is expensive, in my opinion.

    Which other solutions did I evaluate?

    We did not evaluate vendors other than Juniper and Cisco because in the enterprise we have a set of approved vendors for each sector and these are two only two in this group.

    What other advice do I have?

    My advice is to make sure that you have local support because it is very important. Juniper does have some good options in terms of support.

    This is not a perfect solution because I think that there is still room for improvement, but I think it is the best solution that I have tested for MBPN.

    I would rate this solution an eight and a half out of ten. 

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    Reviewer893 - PeerSpot reviewer
    Sr. Programmer at a tech vendor with 51-200 employees
    Real User
    We use the Layer 4 firewall functions: Access rules, NAT, and site-to-site IPsec VPN
    Pros and Cons
    • "We mostly use the Layer 4 firewall functions: Access rules, NAT, and site-to-site IPsec VPN."
    • "It needs better interoperability with Cisco gear."

    How has it helped my organization?

    Theere has been no change to our organization. We replaced an older Cisco ASA. We intended to use some of the UTM features, but we have not yet. In some cases, it is worse. We can’t do remote access IPsec VPNs for users like we could with the Cisco ASA. Instead, we set up OpenVPN. As the Cisco ASA is the de facto standard, doing a site-to-site IPsec VPN to other companies takes more time (e.g., IKEv2 will not work connecting to Cisco gear because traffic selectors are not supported for IKEv2).

    What is most valuable?

    We mostly use the Layer 4 firewall functions: Access rules, NAT, and site-to-site IPsec VPN. We liked that it had additional features and was more modern than the Cisco ASA line.

    What needs improvement?

    It needs better interoperability with Cisco gear.

    For how long have I used the solution?

    One to three years.

    What do I think about the stability of the solution?

    No stability issues.

    What do I think about the scalability of the solution?

    No issue. We are only a 40 person company and only have 50Mbps of internet bandwidth.

    How are customer service and technical support?

    Technical support is good, though we have not really used support much. Juniper has a decent knowledgebase.

    Which solution did I use previously and why did I switch?

    Previously, we had a Cisco ASA 5510. It was old and needed to be replaced. We switched because the Cisco ASA is underpowered. If you try to do too many functions, like IDS/IPS, UTM, virus scanning, and Smart Net, support is expensive.

    How was the initial setup?

    The initial setup is mostly straightforward. We are converting one of our site-to-site VPNs with another company where we have overlapping subnets. This took some doing because the Cisco ASA allowed us to do policy-based NAT and could NAT the same IP subnet two different ways depending on the destination address. We needed to exclude 10 IP addresses out of a 24 subnet from the static NAT rule which was needed to deal with the overlapping subnets and ended up having to do more than 240 individual 32 NAT rules on the Juniper SRX240H2.

    What about the implementation team?

    Work with a consultant who has good JunOS knowledge if you have a complex setup (we host more than 20 servers for internet access used by over a 1000 users).

    What's my experience with pricing, setup cost, and licensing?

    Pricing is good. Most of the costs are in the UTM (IDS/IPS, virus scanning, etc.) subscription. Palo Alto was nice, but much more expensive.

    Which other solutions did I evaluate?

    We looked at Juniper SRX vs FortiGate and Juniper SRX vs Palo Alto, as well as the newer Cisco ASAs.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    Buyer's Guide
    Download our free Juniper SRX Series Firewall Report and get advice and tips from experienced pros sharing their opinions.
    Updated: December 2024
    Buyer's Guide
    Download our free Juniper SRX Series Firewall Report and get advice and tips from experienced pros sharing their opinions.