Juniper vSRX Reviews

We use the solution to block unwanted sites on our internal platform.

We like the solution’s protocol and its dashboard system.

The solution should consider improving its licensing policies. It would be better if we could make a one-time payment for the hardware.

Our organization has been using the solution for about three and a half years.

The solution is stable. I rate the stability a nine out of ten.

It is not a scalable solution since it depends on the hardware. In our organization, 500 people use the solution. We have no plans to increase the number of users.

The initial setup is straightforward.

It took about three to four days to deploy the solution. We hired third-party consultants to deploy the solution the first time.

The deployment model depends on our operations. We needed only one engineer to deploy the solution.

We have purchased a one-year license for the solution. The solution could have been cheaper.

I would recommend the solution to others. Overall, I rate the solution a nine on ten.

The tool could be used without additional work. It is easy to implement.

The IDs of interfaces that are implemented inside of the vSRX maybe should be extended in some cases because there is the imitation of virtual interfaces.

I have been using Juniper vSRX as an end user for five years.

The product is stable.

I rate the solution’s stability a ten out of ten.

The solution’s scalability is high because more than 4000 elements can be deployed.

Around 100 users are using this solution.

Technical support is fine.

The initial setup is easy. We use the special scripts to configure it. It is automatic to configure and implement. 

Documentation.

The tool is sold in a package. Hence, the individual price is very low.

I recommend the Juniper vSRX solution. Its effectiveness depends on the architect's expertise. We've encountered no issues with its deployment in our system. Our collaboration with Juniper has been satisfactory in terms of quality. However, it's essential to consider cloud technology within such architectures. The current solution lacks scalability and might need to be reevaluated based on emerging trends in security with the increasing shift toward cloud technology.

Overall, I rate the solution an eight out of ten.

The primary use case of this solution is to load traffic for our RH team so that they can connect to our servers on our other sites. 

I load source addresses to connect to the destination address with applications such as HTTP, HTTPs, and SSH to connect the servers to the RH team.

The flexibility of the commit check and the commit confirmed commands is very good. The design of the forwarding plane and the control plane in the operating system is very important in performing when we have a large amount of traffic.

The architecture of the OS in Juniper is very good. It's flexibility, scalability, and the technicality are also good.

The support can be improved. 

The GUI needs to be improved, as Cisco is more advanced with their ASDM platform.

In the next release, I would like to see improvements made to the GUI because it isn't very good.

I would like them to discard some of the existing commands because we have to delete them. It should be more practical.

I have been working with Juniper for more than two years.

The versions that I have worked with are the SRX 550, 3600 and 5800.

This solution is scalable.

I have dealt with Cisco's Technical support as well as the Technical support from Juniper, and there are some differences. Cisco is more available, and the degree of competence regarding our case is better.

We have used both Cisco and Juniper products. When comparing them, there are differences with the command line interface. Cisco is more advanced.

After some research, I think that the cost of Juniper is more than Check Point, Palo Alto, and Fortinet. 

I would recommend Juniper because they have a good product, especially the 5800 version. 

This is a good product for internet service providers.

I would rate this solution an eight out of ten.

On the cloud, we use it to test functionality.

Our company is in a proof of concept mode with this product. We have not selected it yet.

• Security posture
• VPN

The GUI interface needs improvement. It also needs improvement with the VPCs.

Because we are in proof of concept, the stability hasn't been stressed more than 30 percent.

The scalability is okay. 

The size of our environment is 46 offices.

The technical support has been good.

The integration and configuration with AWS was excellent.

Our experience purchasing the solution through the AWS Marketplace was good.

We like pricing through the AWS Marketplace.

We also were considering Palo Alto Networks.

Look at this product and Palo Alto's product, then do a deep comparison analysis.

It integrates with our VPC and Direct Connect Gateway.

I am also using it on-premise. Compared to the AWS version, it is pretty transparent.

I can’t really say a firewall improves anything other than security, but we have been able to solve a lot of extranet connectivity issues with these firewalls that the bigger name devices didn’t handle so well.

It is bomb proof as seen by the fact they are still in production use today. A simple human friendly command structure, making CLI edits and debug sessions easy and quick, means that they just don’t fail.

The SRX is a different device. It is much more sensitive to unexpected power loss so we had to RMA several after unexpected site power outages. The command structure is also different so that I always need my cheat sheet when debugging on them.

The NSM is its own beast. It's a 10 when it’s running properly, gives you all the info you need easily to make and document edits and monitor status of devices, but keeping it running well is almost a job in itself. It doesn’t manage its own database very well and it gets slow and unresponsive, often requiring user intervention on the server backend.

Currently we use Juniper products, SSG and SRX firewalls in about a 50/50 mix both standalone and in HA clusters. We also use their NSM for device management and logging.

The SSG models are mostly EOL and are being replaced with new “Next Gen” firewalls. The SRX models will likely continue to be used internally as support will remain available for some time.

We only use the firewall and virtual router options and they do what we need:

• The firewall is easy to configure and testing shows we are blocking the threats.
• The virtual routers make this solution a one box answer for our needs and simplify our internal networking. As they are built into the devices, they allow you to move and separate traffic in a number of ways on one set of hardware.

They constitute a solid working solution that has been able to cope with any of the unique challenges that have come up.

While the OS supports a pretty full UTM option, we found in testing that the hardware was not powerful enough to run with all the bells and whistles turned on for the amount of traffic we process. So we use other hardware for those services meaning it’s not a deal breaker for us.

We have had no issues at all with the SSG models and the SRX model only had problems with sudden power loss occasionally.

The only issue was that the Network Security Manager (which is EOL) was sold as supporting over 125 devices. That may be true if you are just managing the configurations but once you add in monitoring and logging it’s really only happy with fewer than 40 devices, as the database grows too big to deal with and needs constant maintenance.

I would rate the technical support as average, as the calls were responded to quickly but as usual it depends on who you happen to get on the phone that day. Some were very good, others times I had to ask for a different engineer to join the call.

This solution was in place when I started so I cannot answer this question.

The setup was straightforward and to get into a cluster consists of about ten commands. The hardest part is deciding on active/active or active/passive for your solution.

I’m not involved in the financial side of the purchase. Our buyers handle that. Support and licensing comes in the usual tiers, SLA for repairs and/or options turned on in the device.

I know they left Check Point and looked at Cisco products before choosing Juniper, but that decision pre-dates my involvement.

I would say get an SSG but they are EOL so for the SRX make sure you have the recovery boot system configured and a way to remote console the device.
I know this sounds like a major problem but it’s not been that big an issue. We run HA and have same day replacement on them so if we lose one it’s not a major outage, just more work to do.

My primary use case for Juniper is to allow traffic for each team to reach servers on our other sites. I allow some source addresses to reach some destination addresses with some applications with HTTP, HTTPS, and SSH, to reach the service for each team.

Juniper is more flexible with the commit check and the commit confirmed command. The design of the forwarding and contract plan in the operating system is very important for the performance when we have very big traffic.

We worked with Cisco's support and Juniper's support and there are some differences, to be honest, Cisco is more available and is more competent at addressing our cases. So that is something negative about Juniper but otherwise, the architecture of Juniper's OS is flexible and scalable and technically Juniper is good.

The GUI is really bad. Cisco's is more advanced with their ASDM platforms. Cisco has more advantages.

I have been using this solution for more than two years. 

We also used Cisco. There are some differences in the command-line interface.

I would rate Juniper an eight out of ten. In the next release, I would like to see an enhanced GUI, graphic user interface, because the graphic user interface is very bad.

They should also discard some existing commands that we have to delete before the commands. Cisco is more practical.

I would recommend Juniper because they have a very good product. Especially, the 5800 product is a very good product for an internet service provider.

My company is an IAP so we use the solution for virtual security to segregate work.

There are a few valuable features that offer very good quality on the solution. Especially NetScreen. We used to use NetScreen for the product line. It was a very mature solution, very robust, easy to configure, easy to manage, etc. It made it easy to do everything. 

We have some weird errors and some weird behavior on the solution occasionally. The device gets buggy without anyone touching it. It would work and then suddenly stop. Sometimes you need to just move the cards out and restart it again, and it will work. The solution itself, the hardware and the software, there must be some bugs that need to be dealt with. 

We are using high-end devices. For the high-end devices, all the features are there; we don't need more features. What we need are for the features we have to work exactly as we want them to. Especially on the IT desk. There's something wrong between the hardware and the software. As I mentioned, some hardware is not working correctly in some integrations, and I'm not sure why. 

Technical support is very bad. They never respond to any ticket you open, although we pay for the support. 

The initial setup was a little bit complex.

We used a consultant to assist with implementation. In retrospect, we probably could have handled it ourselves.

We use the on-premises deployment model.

I would rate the solution seven out of ten.

We use it for our network and VPN.

We have a lot of field users. Using this tool, they can get authenticated into the system. Instead of going through multiple steps to bring up client information, it is just the click of a button on a mobile application, then they can get authenticated.

The authentication part is seamless and easy for people. They can use their mobile phones and everything to get authenticated. 

Right now, we are going through issues and problems where the product gets dropped with the connection or during the authentication initial phase. While it could be our problem, we would like to see more stability in this area.

The stability needs improvement.

We have more than 5000 field agents. From our perspective, we are okay with scalability at this time.

Juniper vSRX was a replacement product for something called Network Connect that we were using before. It seems much easier for the clients to log into it.

We are using both the on-premise and AWS versions. They are used for different purposes, so I can't compare them.