Juniper SRX Series Firewall Reviews

As a firewall in general, it is good.

As we are a solution provider and not product oriented, we give the best solution for our customers, with a good price. We are the number one company in the region, BTC, and operate in Egypt, Iraq, Jordan, Lebanon, and Saudi Arabia.

I've used Juniper products for over 10 years. Alongside SRX I also use Netscreen, SSG, and WXC. As a UTM, Juniper is 5/10.

No issues encountered.

No issues encountered.

For me, the customer satisfaction, and awareness, is the most important thing. I usually train all my clients on their chosen system.

10/10

As we are a service provider, we offer various other products to our customer:

• Astaro ASG
• Avaya/Netscreen
• Fortinet
• HP Switches & WiFi
• Juniper SSG
• Juniper SRX 210 & 240
• Juniper WXC
• Sophos next generation SG, including RED, SG, and WiFi
• Telindus Crocus E1

For me, the installation and setup is simple. I work hard to do the simulation for the customer, and discuss all the requirements before implementation with the client.

Give us 10 minutes of your time, and we will show you the differences. When I do presentations, I give potential clients demo access to the solution(s) I am presenting.

We had implemented two SRXs in high availability mode. They were used, generally, for firewall and NAT translation tables, for forwarding for services, and connecting branch offices. We have a constant internet connection, which is directly connected with the branch offices, in general. We didn't explicitly configure or use any specific SRX features regarding the filtering of URLs or something that a UTM could use, since Juniper has a more advanced configuration and, in general, a UI that's made for the customer.

The solution is mostly stable. 

We get technical support via the reseller, and they are very helpful. 

You can scale the solution. 

The solution works well for larger organizations. 

We've had some issues with the firmware. 

The solution is quite advanced. You need a lot of training to use it effectively.

When we bought the equipment, and we have more Juniper devices, not just SRX, they started to malfunction. I'm not sure why. All the devices that we bought were from the year 2018. We had the EX4600. Something was not working with this device. It was offline. We bought everything in twos so we could make a high availability with all of them. The current has malfunctioned, and all the warranties have also expired. We are, generally, expecting malfunctioning, maybe in the next few years. I was planning to switch the Juniper equipment with something else to avoid this.

It does not have a simple user interface. 

The warranty offered on the devices isn't long enough. it would be better if you could extend it out to five or eight years. Otherwise, you have to be very careful with the equipment. 

I'm not sure if Juniper SRX can filter emails or block viruses. I'm not familiar with these aspects as I haven't had that much experience using the SRX inside the UI. However, if they do not, it would be ideal if they did. I'm not sure if it can deflect any kind of DDoS attack. 

The one particular issue that I've seen on the SRX, is if you have SSH enabled and if there is a large number of SSH connections, when a brute force attack happens, the SRX, in general, tends to become unstable, or it resets by itself. That's one issue that's particularly making me angry, and I had to request the reseller to block the SSH permanently, or just to allow access, so only they can connect.

Juniper SRX was implemented in our company at the start of 2018.

While the solution has been running stable, one device has also malfunctioned. We had some issues with Juniper in general. It was regarding the firmware and some box, or something like that. We've needed to contact our reseller more frequently to fix the issues that are occurring when using the device.

Regarding stability, it's pretty much working in a stable way. I haven't had any issues regarding, let's say, speeds or connectivity or general day-to-day use, when users connected on the switches and accessing the internet, and so on. That said, sometimes with the devices, strange issues happen.

Regarding scalability, generally, it is simple, I would say, at least from my perspective. I wasn't the person that configured the devices, however. The reseller was. 

Before the Corona crisis, there were 250 users. Now we've got maybe 90 to 100 people.

We generally contact the reseller that sold us the device and also has a maintenance protocol. We have services on-demand when some issues arise and we need help.

The reseller was pretty good regarding ticket issues, management, or making modifications, even during the production time. They are really trusted people, and a trusted IT company, and they've expertly managed all the requirements that I've sent them or any other modification on the network that I wanted to have.

I've used Cyber and a Sophos UTM device. Juniper is, generally, more advanced. I haven't been able to get enough training to maintain the Juniper device.

The main reason we chose Juniper was the stability, and the number of concrete connections that users can make when, let's say, they going out to the internet, and accessing services over the internet. Also, regarding the network port-forwarding to internal servers, in services, the device that we had before was Cyberoam UTM, and it didn't quite handle the high load. I generally noticed that SRX can handle pretty high network loads when going in or out. It's proven itself to be stable in that regard.

The initial setup was generally handled by the reseller and they did the setup as described on the schematic and regarding core network configuration, high availability, security, firewalls, et cetera. It was, generally, out of the box when it was configured and set up from the ground up.

While the setup was planned in 2017, it was up and running in 2018. It took about six months or so.

We switched office buildings, the main office. The new office was built with this solution. Everything was migrated, including all the network devices, all the servers, all the ISP, internet connections, and so on. Everything was, generally, carefully planned when it was deployed.

Our reseller also handles the maintenance. Generally, that takes one or two people.

Our reseller partner handled the initial setup for the most part.

I can't speak to the licensing. It's not an aspect I handle directly. I can't say that there are extra costs involved beyond the licensing fee. 

We are currently using Juniper SRX, however, I was thinking about maybe changing the devices to FortiGate or a UTM device.

Lately I was thinking about simplifying. Maybe FortiGate might have something more user-friendly for the end-user or for the customer experience.

I'm just a customer and an end-user.

We are using the SRX Model 345. It's a physical device. It's not a virtual instance.

In general, I wouldn't recommend Juniper to, for example, a small business. I would maybe recommend it to a bigger company. We might have made a mistake taking Juniper. Maybe we should have used something more user-friendly.

I would recommend it to a company that has more than 250 people. Or maybe even over 300. For a smaller company, it's not financially, efficient in the long-term, in terms of subscriptions or maintenance costs and similar things. A company that uses high-grade enterprise equipment, should be really financially equipped to handle such things.

It's highly advanced, at least for me. I would really need some training to at least handle some basic things, or maintenance, or even Firmware upgrading or high availability configurations. It's too advanced for me. I would really need to have some kind of network specialist certificate to manage them.

I would be really worried about the warranty as a new user as well. You really need to keep the subscriptions up to date, or not to stop them. If you've stopped them, you also need to pay penalties for the years that the subscriptions weren't used. 

Regarding equipment, you really need to have them in twos, not one. You need to have high availability for all of them. The equipment tends to malfunction, specifically if there are any power issues inside the building, or if there isn't any generator or UPS underneath, and so on. The equipment really needs to be taken care of.

I'd rate the solution at an eight out of ten.

Our primary use case is consultation and deployment of the solution. We operate as a Juniper Elite Partner. Our customers, large enterprises, want to prevent network failure and downtime.

Improvements can be made to the GUI. The GUI can be improved by creating policies to handle IPS requirements. The configuration should be a one-step process. This would make it easier to complete the setup to register the time of operation.

Yes, it's very stable.

It's scalable. Juniper Select has a solution to boot in high availability technology. We use the Juniper Select from low-end and high-end. In my position as a Senior Network Security Engineer, I handle the high-end suite of Juniper Select 5K.

Currently, the solution is being used every day. We have plans to increase usage in the future.

Technical support is good. They seem to understand our customer's requirements. When they troubleshoot or support our customers, they seem to know what they are doing. They seem to be very helpful. But customers need support right away, and this has been an issue. It can take two to three days to get help some times just because of the volume of ticket request. 

Previously we used a CISCO ASA solution. But in the last three years, we switched to the Juniper solution because Juniper has a competitive price per feature.

The initial setup was complex. It took a group of five, engineers and architects, to get it up and running within 24-hours. And it takes a group of five, engineers and IT experts, to operate and maintain

Licensing which covers maintenance is on an annual basis. Our customers are on one-year contracts. There are additional cost above and beyond the standard licensing fees.

Before choosing Juniper, we evaluated a Fortinet solution because Fortinet has a competitive price. It's also effortless for our engineers to operate and maintain. They can understand and complete tasks quickly. 

Further advice regarding this solution is that anyone planning to implement this product should understand the Juniper suite. They should understand the firewall concept, Juniper configuration, and the command line. They need previous experience with Juniper products. 

On a scale from one to ten, one being the worst and ten being the best I'd give Juniper SRX an overall rating of eight because of its' competitive price. But it's a very complex product compared with other similar products.

One solution is data center Firewall and also we use this solution for protection our service GI + Triple Play

It provides good routing and high performance of the data center. It solves protecting our datacenter, separate networks and protect data center with FW policies + DPI

The routing feature is most valuable, because SRX is the best enterprise router. SRX has complete MPLS service features with L3VPN, VPLS, EVPN. You can also combine Router and FW in one box, with selective packet filter to bypass flow engine and set traffic to packet mode.

Web management needs to improve. The web interface on Juniper SRX is just a short conversion from Junos OS CLI; this is not very suitable for users with little expertise.

But Juniper has complete MGMT for managing SRX devices and other Juniper devices. it' s called Junos Space with APP security director for security devices. It's good, but there is space for improvment.

There were some stability issues.

There are not many scalability issues experienced.

I would give the technical support an eight out of 10 rating.

Previously, we were using the old Juniper ScreenOS, we switched due to end-of-support. I have also expertise with Cisco ASA, Cisco Firepower, Checkpoint R80.10, Dell Sonicwall, Fortinet.

The setup was very complex, e.g., if you are beginner.

We implement is by our self with team in-house.

The prices are very good as compared to other vendors.

We looked at Cisco, FortiGate, Palo Alto

It is a very good router with firewall.

The solution can scale very well.

It's quite a user-friendly solution and I find it to be easy to navigate. 

The initial setup is very easy.

The stability has been quite good. 

Technical support has been quite helpful. 

The pricing has become very reasonable and we find them to be competitive.

The reporting is lacking. it's an aspect of the solution I would like to see improved upon in the future. 

The solution isn't as present in the market as Cisco and Fortigate. They need to do a better job of marketing themselves and becoming more visible. 

I've used the solution for a number of years at this point. I started using it around 2012 or 2013. It's been a while. 

The stability has been good. Over the years there have been no issues with crashing or freezing and there are no bugs or glitches. 

The product scales very well. It's not a problem if your company needs to expand it. 

In our office, we have about 120 people protected under Juniper. However, we have proposed it to many customers and some clients use it as well. Some of them are quite sizeable businesses. 

We've used technical support in the past and have been satisfied with the level of service they provide. they are helpful and responsive. 

I'm also familiar with Cisco and Fortigate.

The initial setup was straightforward. This is due to the fact that we have a decent Juniper-certified team.

We are integrators and can install it for our clients if they need us to. 

We pay an annual licensing fee. 

In the past, they would sometimes be more expensive than Fortinet, however, we have noticed that their pricing has come down a bit and now they are very reasonable. 

We are a reseller and systems integrator. We are also a customer. 

In the office, we have Juniper SRX firewalls. We have not activated the SD-WAN.

I would recommend the solution to other users and companies. 

I'd rate the solution at an eight out of ten overall. 

This product is our network firewall.

The Juniper SRX series is easy to use.

The interface could be more user-friendly.

I have been using Juniper SRX for a few years.

I have never needed to contact Juniper technical support.

I have not been involved in the installation of this device.

There is a licensing fee.

This is a product that I can recommend to others.

I would rate this solution a seven out of ten.

Juniper SRX is solely used as a firewall gateway. We use it only for interfacing with the internet and for server farms, as a data center firewall gateway.

Most of our clients use it as a traditional firewall, blocking Layer 3 and Layer 4, blocking by transport.

We also use firewalls from FortiGate and Palo Alto and they're built with technology to make them next-generation firewalls. Juniper utilizes a router OS and includes enhancements to make it a firewall. But FortiGate and Palo Alto are full-on firewalls because they are built from scratch with features which are specific to firewalls. 

Juniper needs to enhance the solution so that it is more powerful. They need to update the administrative tools to create an easier admin experience. An average administrator would find it easier to configure if they could use https rather than the command line interface to do so.

In addition, it would be more powerful if Juniper brought out a security product other than firewalls, like anti-spam, endpoint protection, etc. Customers who want to deploy security solutions are not just thinking about firewalls. They're thinking about security across their environment. If Juniper could give me a security solution, beyond the firewall, that integrates with the firewall, that would be helpful. Other products have built a security fabric. So if a customer already uses one of their solutions, like a firewall, they will be thinking about integrating with that vendor's other products. If there is more than just a firewall solution, they will use that same vendor's products throughout the security environment. A security fabric is more powerful than just blocking via network parameters.

Juniper should have an end-to-end solution, from the endpoint to the network level. It would provide a more powerful security solution to the customer. Customers are looking for a holistic security solution.

For one to three years it's stable.

If users want to scale up the firewall, they basically want the cheapest firewall that gives them powerful features. Most users choose FortiGate rather than Juniper. Technically, Juniper's scalability is good. But when customers look at the overall price, FortiGate will come out cheaper than Palo Alto or Juniper.

The technical support is good. The engineers help support our customers day-to-day.

The setup depends on the deployment, on what we have to configure. But from one firewall to another firewall, it's about the same. They're not really complex. We have experience using the command line and the user interface. If you ask me which one is easier to configure, I will answer that configuring through the user interface is easier.

The amount of time the deployment takes depends on the complexity of the solution. If the firewall is used as an L3 firewall or L4 firewall, for blocking by IP address and, it's going to be faster to deploy than deploying the firewall using Unified Threat Management. In that case, we need to carefully tune the VPN configuration.

The time for one of our customers to achieve ROI depends on the scalability of the product. It also depends on the type of organization. If it's a hospitality or government organization, it will take them more time to achieve ROI than an internet service provider, where using this product is in line with their business objectives.

In terms of pricing, Juniper is in the middle. The most expensive firewall is Palo Alto. If a customer wants the cheapest price they should go for FortiGate. Juniper is in between these products.

From experience, we like to use firewalls from Palo Alto and FortiGate because the solution is easy to configure with a UI to execute the app. If we use Juniper firewalls, we don't really use the UI because it is not as easy as the command line interface for configuration.

The VPN is different between Juniper and Palo Alto. As far as I know, Juniper does packet inspection in their VPN. Functions like anti-spam and antivirus are running step-by-step. Once the anti-spam processing is done, it goes on to antivirus scanning. But with Palo Alto, the technology is different. It copies each packet to each function. For example, if we activate anti-spam, antivirus, and another check, Palo Alto makes three copies of each packet and inspects them in parallel. This makes the system faster, compared to Juniper. This is the biggest difference as far as I know.

Juniper is good at the routing protocol. If you want a solution to protect your environment from the internet, I would propose a firewall gateway solution but ultimately it depends on what the customer needs.

We are partnered with Juniper, so if customers ask for a firewall solution, the first solution that we pick is generally a Juniper firewall. If a customer wants a firewall other than Juniper, we offer it. Usually, we will do a firewall like FortiGate or Palo Alto, if the customer has enough money, as Palo Alto is very expensive.

We use it as a firewall at our head office and branches. We use its IDS solution at the head office too.

It did not improve our safety because the IDS does not detect some attacks, but our anti-virus software did.

• Correct the bugs in the current version. 
• Help customers more with its configuration so they can feel safer.

We tried configuring the IDS for more than four months, but it did not work properly.