Juniper SRX Series Firewall Reviews

We have a lot of virtual access in the public or private cloud, as well as virtualization on hardware devices.

The most valuable features are the security cloud ACP and KPP features.

Juniper SRX Series Firewall is a primary network company, but its security portfolio is not a market leader. Their primary responsibility is the features that provide their products. Perhaps taking a leap and developing some features from scratch could be a way to improve.

The centralized management has room for improvement because it is outdated and not easy to integrate.

The technical support has room for improvement.

I have been using the solution for five years.

I give the stability an eight out of ten.

In my experience, Juniper SRX Series Firewall is the most stable compared to the primary Fortinet and Palo Alto that I am also used to working with.

When deploying the cluster, we cannot create it anywhere, such as in Palo Alto or Check Point. We must scale appropriately, adding more devices with a load balancer or similar. Depending on the size of the area, it can be highly scalable.

Our customers range from small all the way up to governments.

The technical support is not as good as it used to be, but it is comparable to that of other vendors such as Cisco. We have found that when we contact support, we often end up dealing with the same technician and have to repeat the same procedures before we can be referred to a higher level of technical support.

I also use Palo Alto and Fortinet. Juniper has better firewall-level network functionality.

The initial setup is dependent on how much experience one has with the command line. If one is familiar with the command line, the initial setup is relatively simple. However, if one is used to working in a management setting, the initial setup can be more challenging.

The implementation time depends on the number of clusters required.

The first step of implementation is to unplug and upgrade the devices, followed by configuration before moving into production.

We implement the solution for our customers.

I find the price to be reasonable for an enterprise-level solution. Juniper has recently changed its licensing model. The licenses are annual.

The advanced security functions are an additional fee.

I give the solution an eight out of ten.

I suggest not relying on the management and primary CLI.

Our primary use case is security. The performance has been okay. It's a bit of a change from the Ciscos in terms of the configuration syntax, from the CLI perspective. We use it just as a firewall. We don't use it for routing functionality.

The Juniper was a later model, later technology than we had, more horsepower than we had before. The performance is better, but it could have been any firewall in its peer group. The improvement was because our old firewalls were, well, old. So the performance has been an improvement. And the IDS, perhaps, is a little better than what the older firewalls had.

I'm not sure what the most valuable features are. I'm not really that impressed with the technical support. I'm not really that impressed with the product, to be honest with you. Throughput seems to be okay.

The CLI is verbose. You have to say a lot to do a little. I don't like that part of it. Cisco's command syntax seems to be a good bit more concise. When you're trying to get something done, you don't want to have to type a bunch. I wish there was a quicker way to configure through the CLI. I know all the tricks of hitting spacebar etc. to finish the command, and the context tricks of going further in. But it just reminds me of an older operating system, like VAX/VMS. It's just very verbose.

Maybe this is where the Space Security Director product comes in, but we aren't quite using the Security Director in Space to its fullest yet.

It seems stable. We haven't had too many failures. We have had some but, by and large, it's been pretty stable. It's not taxed, the way we're using it.

The model we have is very scalable. It's a fairly large firewall.

I have spoken with technical support 30 or 50 times. On a scale of one to 10, I would evaluate Juniper technical support at five. It's never resolved in one call. It's always a couple of calls. We're not being passed from one department to another, it's just that they don't seem to be answering the question you give them. It's very frustrating.

I migrated it from an ASA to the Juniper. It was a fairly straightforward process. There are things that are required on the Juniper that weren't required on the Cisco, like the global address book. Things have to be on there before you can do a lot of net and the like.

You need to know what your company's strategic vision is, and then map the security part of that. I don't just mean cost-related, but the strategy for profit-related future ventures. You need to know why you want a particular firewall. Don't ignore the functions and future growth and products on the horizon from each of the vendors.

What you go with has to meet your current needs but, more importantly, is the company a going concern - meaning if they're going to get better - then how do they complement your particular industry's growth? Are they going to be there to make remote access and extranets and research easier to deliver? The product has to be configurable, with lots of options should you need to subscribe to those options.

The most important criterion, for me, when selecting a vendor is that they have to rank high in industry ratings. Juniper has just not been there. I haven't seen the 2018 reports, but year after year Juniper is not only the least visionary but one of the least in terms of performance. I also don't like the fact that they spun off their VPN to Pulse Secure. I know that's a subsidiary, but I don't necessarily want to have a separate appliance for a light-duty VPN.

I would rate Juniper at seven out of 10. It's a little harder to configure from a VPN perspective, VPN Tunnels. Their tech support is the big problem for me. I don't want to be bounced around. I don't want to get half an answer when I ask a whole question. I would take an inferior product with better tech support, without question. If I have a responsive engineering team that will fix problems when they come in, with firmware releases, etc., I'd clearly take an inferior product with that better support. It's all about function.

I probably wouldn't have chosen the Juniper in this environment. We just don't need yet another knowledge base to learn. And it doesn't fold into some of our Cisco services. For example, the assets control doesn't integrate well with the Radius servers. Something like that could be downloadable ACLs, for instance.

As a value-added reseller, we resell Juniper hardware to our clients. Its use cases are related to the standard network architecture. It is a part of the fabric that Juniper uses for their switching.

It is a part of the infrastructure when we're selling Juniper. That's what clients are familiar with and that's what they rely on. 

It does have its nuances in terms of deployment. There are always areas to make something easier or more intuitive or make the system auto-negotiate more with existing hardware.

I have been using this solution since it got launched. It has been around five years or so.

For the most part, it is no more difficult than anything else that's out there right now.

Most of the feedback that I've got from my clients related to Juniper's support is that their support is okay. It is not spectacular. It is just okay.

It is easy. It is pretty much plug-and-play. This is why people like Juniper.

Its price is comparable to the competition.

I would advise definitely taking some training if you're not really familiar with the interface or the GUI. Brush up on it before you dig into it because a lot of people know Aruba or Cisco, but you need to be familiar with it. Don't just buy it because you read some marketing material on it. You actually need to know how to deploy it.

I would rate it a seven out of ten.

I am a teacher and the solution is used as a router for my students' laboratory exercises. I have the firewall function switched off and the solution operates as a main router for our very limited traffic. 

The solution is stable, inexpensive, and works well for medium size companies.

The solution's configurations and syntax are specific and more complicated than other platforms. Compared to Cisco, the solution is not intuitive. 

I have been using the solution for two years. 

The solution is stable. 

The solution is scalable and I rate it a ten out of ten. 

I have not used support services because I rely on experienced colleagues for answers. 

The solution is quite simple to set up if you spend a few hours learning the syntax. Based on experience level, it can be implemented in a few hours. 

The pricing is very inexpensive which is the main reason I bought the solution. One device costs around 50 EUR through the University's vendor who is modernizing our network. 

I rate this solution a seven out of ten. 

We had implemented two SRXs in high availability mode. They were used, generally, for firewall and NAT translation tables, for forwarding for services, and connecting branch offices. We have a constant internet connection, which is directly connected with the branch offices, in general. We didn't explicitly configure or use any specific SRX features regarding the filtering of URLs or something that a UTM could use, since Juniper has a more advanced configuration and, in general, a UI that's made for the customer.

The solution is mostly stable. 

We get technical support via the reseller, and they are very helpful. 

You can scale the solution. 

The solution works well for larger organizations. 

We've had some issues with the firmware. 

The solution is quite advanced. You need a lot of training to use it effectively.

When we bought the equipment, and we have more Juniper devices, not just SRX, they started to malfunction. I'm not sure why. All the devices that we bought were from the year 2018. We had the EX4600. Something was not working with this device. It was offline. We bought everything in twos so we could make a high availability with all of them. The current has malfunctioned, and all the warranties have also expired. We are, generally, expecting malfunctioning, maybe in the next few years. I was planning to switch the Juniper equipment with something else to avoid this.

It does not have a simple user interface. 

The warranty offered on the devices isn't long enough. it would be better if you could extend it out to five or eight years. Otherwise, you have to be very careful with the equipment. 

I'm not sure if Juniper SRX can filter emails or block viruses. I'm not familiar with these aspects as I haven't had that much experience using the SRX inside the UI. However, if they do not, it would be ideal if they did. I'm not sure if it can deflect any kind of DDoS attack. 

The one particular issue that I've seen on the SRX, is if you have SSH enabled and if there is a large number of SSH connections, when a brute force attack happens, the SRX, in general, tends to become unstable, or it resets by itself. That's one issue that's particularly making me angry, and I had to request the reseller to block the SSH permanently, or just to allow access, so only they can connect.

Juniper SRX was implemented in our company at the start of 2018.

While the solution has been running stable, one device has also malfunctioned. We had some issues with Juniper in general. It was regarding the firmware and some box, or something like that. We've needed to contact our reseller more frequently to fix the issues that are occurring when using the device.

Regarding stability, it's pretty much working in a stable way. I haven't had any issues regarding, let's say, speeds or connectivity or general day-to-day use, when users connected on the switches and accessing the internet, and so on. That said, sometimes with the devices, strange issues happen.

Regarding scalability, generally, it is simple, I would say, at least from my perspective. I wasn't the person that configured the devices, however. The reseller was. 

Before the Corona crisis, there were 250 users. Now we've got maybe 90 to 100 people.

We generally contact the reseller that sold us the device and also has a maintenance protocol. We have services on-demand when some issues arise and we need help.

The reseller was pretty good regarding ticket issues, management, or making modifications, even during the production time. They are really trusted people, and a trusted IT company, and they've expertly managed all the requirements that I've sent them or any other modification on the network that I wanted to have.

I've used Cyber and a Sophos UTM device. Juniper is, generally, more advanced. I haven't been able to get enough training to maintain the Juniper device.

The main reason we chose Juniper was the stability, and the number of concrete connections that users can make when, let's say, they going out to the internet, and accessing services over the internet. Also, regarding the network port-forwarding to internal servers, in services, the device that we had before was Cyberoam UTM, and it didn't quite handle the high load. I generally noticed that SRX can handle pretty high network loads when going in or out. It's proven itself to be stable in that regard.

The initial setup was generally handled by the reseller and they did the setup as described on the schematic and regarding core network configuration, high availability, security, firewalls, et cetera. It was, generally, out of the box when it was configured and set up from the ground up.

While the setup was planned in 2017, it was up and running in 2018. It took about six months or so.

We switched office buildings, the main office. The new office was built with this solution. Everything was migrated, including all the network devices, all the servers, all the ISP, internet connections, and so on. Everything was, generally, carefully planned when it was deployed.

Our reseller also handles the maintenance. Generally, that takes one or two people.

Our reseller partner handled the initial setup for the most part.

I can't speak to the licensing. It's not an aspect I handle directly. I can't say that there are extra costs involved beyond the licensing fee. 

We are currently using Juniper SRX, however, I was thinking about maybe changing the devices to FortiGate or a UTM device.

Lately I was thinking about simplifying. Maybe FortiGate might have something more user-friendly for the end-user or for the customer experience.

I'm just a customer and an end-user.

We are using the SRX Model 345. It's a physical device. It's not a virtual instance.

In general, I wouldn't recommend Juniper to, for example, a small business. I would maybe recommend it to a bigger company. We might have made a mistake taking Juniper. Maybe we should have used something more user-friendly.

I would recommend it to a company that has more than 250 people. Or maybe even over 300. For a smaller company, it's not financially, efficient in the long-term, in terms of subscriptions or maintenance costs and similar things. A company that uses high-grade enterprise equipment, should be really financially equipped to handle such things.

It's highly advanced, at least for me. I would really need some training to at least handle some basic things, or maintenance, or even Firmware upgrading or high availability configurations. It's too advanced for me. I would really need to have some kind of network specialist certificate to manage them.

I would be really worried about the warranty as a new user as well. You really need to keep the subscriptions up to date, or not to stop them. If you've stopped them, you also need to pay penalties for the years that the subscriptions weren't used. 

Regarding equipment, you really need to have them in twos, not one. You need to have high availability for all of them. The equipment tends to malfunction, specifically if there are any power issues inside the building, or if there isn't any generator or UPS underneath, and so on. The equipment really needs to be taken care of.

I'd rate the solution at an eight out of ten.

The primary use case is a combination of a firewall, router, and VPN termination device.

It allows us to do remote configuration changes, and if there is a problem, not losing connectivity to the device.

I really like the Juniper operating system. It is more of a UNIX based system, more than Cisco, and I really like it. There is a lot of flexibility in how you can commit, check, and back out of a configuration.

In terms of improvement, it could use more on the security side. It's a good stable firewall, but it's nowhere near what it needs to be for a next-generation type firewall. 

They also need to improve their documentation. With Cisco, you can find lots of examples, but with Juniper, it is not always the case. One area that needs more focus is instruction on how to interoperate with other vendor's products. I would like to see documentation on running IPsec tables between Fortinet and Juniper or Cisco and Juniper because the information is not there.

Their technical support also needs improvement, as they are lagging behind Cisco.

This is a very, very stable solution. Again, their operating system is outstanding. Really, this is what differentiates it.

In terms of scalability, it clusters nicely so you can put it into a stacked mode. The size that it is meant to serve, it does very well. It is not meant as a large enterprise-type firewall. Rather, it is meant for a small to medium sized customer.

We currently have about seventy-five users, and we don't plan to increase that number at this time.

I would say that their technical support is ok, but it needs improvement. This is an area where they are not as good as Cisco.

We migrated to this solution from a Cisco ASA (Adaptive Security Appliance).

Transitioning from the Cisco ASA that we had running took about two hours of planning and another two hours of execution time.

In terms of the maintenance, myself and one other person take care of everything. We take on small contracts all over the place.

I handled the implementation for this solution myself.

The pricing is perhaps half to around forty percent of Cisco. 

Juniper is my favorite and I had used it so much that we did not evaluate any other products.

This solution is really nice to use. It's very similar in terms of capabilities to a Cisco, but it's just that the operating system is so much nicer to use.

I would say that you need some time to get comfortable with the operating system if you've never used it before, but don't let that scare you. Buy it and put it on your desk for a week, then play with it. If you've got a live environment or if you've got some type of simulation you can set it up in, it won't take long and you can feel comfortable using it.  

I would rate this product an eight and a half out of ten.

Thanks to the well-structured and organized security policies, we decreased operations time to create/update/delete our security policies.

Security policies in combination with zones: It is very easy to organize the security polices in a logical structure.

CLI: Junos CLI is very easy to use, and it is also very easy to find back items in the configuration and to change them.

Commit: You can update the whole configuration without affecting the production. The new configuration will be loaded once the command "Commit" is submitted. You can also do a Commit confirmed to automatically roll back to the previous config after X minutes. 

The visibility/reporting could be better. To see something, you have to export the log to a syslog and then process with another product.

We have used it for years without any stability issues.

We haven't encountered scalability issues.

Technical support is pretty good. I would rate it eight out of 10.

I previously used a Netscreen ISG1000 firewall. I switched because the ISG was end-of-life and Netscreen was bought by Juniper.

Initial setup was complex because Junos is totally different than ScreenOS. But with some introductory courses and some googling it becomes much easier.

I’m just the tech, I didn’t take part in the price negotiation. I would say about $20,000 for a SRX650 with IDP licence.

No, we didn't evaluate other options. This was a natural way for us to migrate from ISG to SRX.

Be sure you know what you are looking for. The SRX650 is a perfect product for a small datacenter, not for a branch office where you need lots of visibility.

Implement your structure (zones) first, on paper, before starting to configure it.

Juniper SRX is used for NCLS networks as well as fiber to the home.

We are a reseller of Juniper.

Juniper SRX has helped in the financial success of our organization.

The most powerful feature in Juniper SRX is definitely NCLS.

Aside from the updates, I am satisfied with everything this solution has to offer.

I'm satisfied with its routing, firewalling, and web filtering.

Juniper's product updates are extremely slow, and competitors are rapidly keeping up. It slowly updates the model.

Juniper SRX lacks email protection, for example. it is not malware-protected. In the case of malware, you are purchasing a software package from vendors through Juniper. They do not sell their own products. 

It lacks the Sandbox as well as the CM. The CM is available from Juniper, but it is manufactured by IBM rather than Juniper, despite its name.

I have been using Juniper SRX since 2012, or 2013. This solution is still being used today.

We are working with the most recent up-to-date version.

The stability of Juniper SRX is perfect.

The scalability is amazing.

We have approximately 1,000 users in our organization.

Our usage is moderate.

Technical support is a little worse than Cisco but better than everybody else.

Previously, we worked with several solutions. We switched to Juniper SRX because of the pricing, scalability, and performance.

The initial setup is straightforward. It's very easy.

The time it takes to deploy is determined by the one you choose. It can take a week or less.

I wouldn't be able to tell the amount of staff that is required to update the solution because I am not involved in the process myself.

I am a third-party integrator.

Yes, we have seen a return on investment.

Make sure you have qualified personnel, because qualified personnel may not be as readily available in your country as Cisco professionals, for example.

I would rate Juniper SRX a nine out of ten.