It's a very small firewall, and Juniper doesn't provide UTM solutions. That's why we are shifting towards FortiGate firewalls. We definitely have some kind of business functionality that is not matching with this firewall. Our research and development department works on it, and they recommended that we should replace it with a better firewall, like Fortinet or Cisco, and we found Fortinet more feasible.
Juniper SRX Series Firewall does not offer protection for IoT devices. Therefore, devices like CCTV cameras, biometric systems, control access systems, and building management systems cannot be protected using the product. With around 450+ IoT devices worldwide, Juniper SRX Series Firewall should allow protection for all such devices with an ethernet port, similar to Palo Alto and Check Point. The GUI of the product is overcomplicated and almost every feature of the solution needs to be implemented through CLI programming, using tools like Tera Term. The solution provider should simplify the GUI for partners, system integrators and end users alike.
Cloud & IT-Infrastructure Engineer at Bahnhof AB (publ)
Real User
Top 20
2024-01-15T10:16:59Z
Jan 15, 2024
When I was going to upgrade the OS, the solution didn't accept certain USB devices. So, I had to put in the OS using a trivial FTP server. Otherwise, the solution is really advanced. It's really hard to get a hold of the firmware for it. Even if you applied for customer support, getting to the software side is a little harder. If you want to upgrade the OS, you have to do this by special pauses. You can't just upgrade from an old version to the newest one. You have to make middle landings.
Learn what your peers think about Juniper SRX Series Firewall. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
There is room for improvement in scalability and performance. It's scalable and reliable, but when using next-generation firewall features, the performance decreases significantly for Juniper SRX. In Check Point and Cisco, the performance decrease is less.
Both network and cloud environments require security measures such as traffic protection, intrusion prevention, and antivirus solutions to ensure shared protection. In some cases, customers encounter issues related to network interfaces, while others prioritize security concerns. These aspects are of utmost importance from the customer's perspective. The customers value stability and seek high performance.
It would be ideal if the solution could use cloud services to help update signatures or threat prevention systems. There might be limitations with the product, depending on the hardware we use. We need to ensure we choose the right hardware if we want more throughput. We'd like to have more control over certain parameters and over the hardware. They could include some features that help prevent or fight DDoS attacks.
Juniper SRX Series Firewall is a primary network company, but its security portfolio is not a market leader. Their primary responsibility is the features that provide their products. Perhaps taking a leap and developing some features from scratch could be a way to improve. The centralized management has room for improvement because it is outdated and not easy to integrate. The technical support has room for improvement.
Both the web management and the graphical user interface are inadequate and should be improved. It's one of those situations. When it comes to Juniper, I would never use the GUI, instead, I would only use the command line. I would like to see an improved user interface, and some kind of SD-WAN solution included, or perhaps a simpler way of configuring redundant links, such as WAN links.
Sr. Enterprise Hardware Consultant at a tech services company with 51-200 employees
MSP
2022-03-18T16:42:00Z
Mar 18, 2022
It does have its nuances in terms of deployment. There are always areas to make something easier or more intuitive or make the system auto-negotiate more with existing hardware.
Key Account Manager at a consultancy with 51-200 employees
Reseller
2022-02-04T12:38:33Z
Feb 4, 2022
Juniper's product updates are extremely slow, and competitors are rapidly keeping up. It slowly updates the model. Juniper SRX lacks email protection, for example. it is not malware-protected. In the case of malware, you are purchasing a software package from vendors through Juniper. They do not sell their own products. It lacks the Sandbox as well as the CM. The CM is available from Juniper, but it is manufactured by IBM rather than Juniper, despite its name.
First Assistant Vice President at a financial services firm with 1,001-5,000 employees
Real User
2021-12-27T19:46:00Z
Dec 27, 2021
The range of devices should be expanded to include those suitable for a small implementation. Juniper does not have any lower-priced SRX models, useful perhaps for a single ATM or a single bank branch. Having such a model at a reasonable price would be good. In the time that we have used Juniper, we have not seen them improve their product line. If you look at Cisco, they have all kinds of network products. They have routers, switches, and firewalls. But with Juniper, they are not coming up with different kinds of products. They should be including more firewalls and other products. This is an area that Juniper should improve in general. In Bangladesh, there is a very limited number of partners. The problem with this is that there is a monopoly, and I think that they should end this by increasing the number of local partners.
IP Solution Architect /Deputy Manager at HFCL Limited
Real User
2021-12-22T17:49:00Z
Dec 22, 2021
In terms of what could be improved, J-Web, Juniper Web, is sometimes not working great when users are increasing their internet use. Additionally, they need to improve the GUI, graphical user interface, and the firewall management needs to improve. Their CLI is good, but sometimes the GUI is very slow. Also, the UTM, Unified Threat Management, feature needs to be improved.
Solutions Architect at a tech services company with 11-50 employees
Real User
2021-10-25T14:42:02Z
Oct 25, 2021
Its logging is very good, but we would like to have an easier way of creating more reports. We would like to be able to manipulate the reports or manage the way the reports are coming out. In terms of new features, we are using almost all of the features that it has, and there is nothing specific that it is lacking.
I would like to have a better web UI for administration. Juniper could simplify the web UI and make it more compatible with mobile devices. In particular, I'm thinking about our remote offices, where we don't have dedicated IT personnel. Let's say someone from the office staff was working via smartphone. If the web UI were more compatible with mobile devices, the administration could manage IT support from a team that is not in their location. It would make it simpler for small companies to deploy these devices. I also think the documentation is lacking.
System Administrator at a leisure / travel company with 51-200 employees
Real User
2021-09-13T15:19:36Z
Sep 13, 2021
We've had some issues with the firmware. The solution is quite advanced. You need a lot of training to use it effectively. When we bought the equipment, and we have more Juniper devices, not just SRX, they started to malfunction. I'm not sure why. All the devices that we bought were from the year 2018. We had the EX4600. Something was not working with this device. It was offline. We bought everything in twos so we could make a high availability with all of them. The current has malfunctioned, and all the warranties have also expired. We are, generally, expecting malfunctioning, maybe in the next few years. I was planning to switch the Juniper equipment with something else to avoid this. It does not have a simple user interface. The warranty offered on the devices isn't long enough. it would be better if you could extend it out to five or eight years. Otherwise, you have to be very careful with the equipment. I'm not sure if Juniper SRX can filter emails or block viruses. I'm not familiar with these aspects as I haven't had that much experience using the SRX inside the UI. However, if they do not, it would be ideal if they did. I'm not sure if it can deflect any kind of DDoS attack. The one particular issue that I've seen on the SRX, is if you have SSH enabled and if there is a large number of SSH connections, when a brute force attack happens, the SRX, in general, tends to become unstable, or it resets by itself. That's one issue that's particularly making me angry, and I had to request the reseller to block the SSH permanently, or just to allow access, so only they can connect.
Senior Manager - Unified Communications, Smart Infrastructure and Service Provider Solutions at a tech services company with 51-200 employees
Reseller
2021-07-29T12:12:27Z
Jul 29, 2021
The reporting is lacking. it's an aspect of the solution I would like to see improved upon in the future. The solution isn't as present in the market as Cisco and Fortigate. They need to do a better job of marketing themselves and becoming more visible.
The capacity can be limiting. We have outgrown its capacity. You can only scale up to a certain extent, depending on the device purchased. There are cheaper options on the market. The reporting and alerts could be improved. If you had alerts, whereby you can have things like intrusion detection systems quickly alerting the security managers of a breach would be helpful. They need to work on the user interface. Most tasks are done by commands, and if you don't have experience using the command line, it's terrible. They should make it easier.
IT System Engineer at a computer software company with 201-500 employees
Real User
2021-06-29T12:43:03Z
Jun 29, 2021
In the next release, I would like to have a better web interface. It needs to be more user-friendly. Right now, you can only access many features through the console.
Integrator at a tech services company with 11-50 employees
Real User
2021-04-14T16:18:39Z
Apr 14, 2021
As a networking person, I don't really have any major issues with this device. Based on my experience of using it in a cluster, it could be more stable. I had an incident when one of the SRXs in a cluster couldn't learn ARP. It is a good solution, but firewalls don't seem to be an area of development for Juniper. They are focusing on data centers, routers, and switches, not firewalls.
Consultant at a financial services firm with 5,001-10,000 employees
Real User
2021-04-06T17:00:54Z
Apr 6, 2021
I've noticed that the management interface could use some updates and upgrades. The dashboard can be updated. The reporting could be more robust and in-depth. I've looked into the Check Point firewall a bit and I've found that its anti-spoofing is a good feature. Juniper should consider adding that as a feature. I've only just begun to really use the product. I only have one year of experience so far. It's still new to me. Therefore, it's hard to make any notes on any features or improvements, as I'm still familiarizing myself with everything. I need time to compare it to other firewalls, and I have not gone through the process of doing that just yet. I need more time.
It must be 5G ready. The 5G network is rolling out soon in India, and Juniper must upgrade their firewall slot to the 5G network, or they must manufacture a 5G dongle card for the Juniper firewall. I want Juniper to upgrade their dongle from 4G to 5G. Presently, they have an expansion slot in the SRX 322 series and higher firewalls. In that expansion slot, they can put a 4G mobility SIM card so that whenever our primary link is down, it will automatically connect through this GSM network and form a tunnel.
ICT Product Manager at a comms service provider with 1,001-5,000 employees
Real User
2021-02-18T14:24:25Z
Feb 18, 2021
Their models for service providers could improve. We are an MSP, we resell services and I think the company could have a better program for service providers because our needs are different from our regular customer that is buying it for. More recently we started using the GUI interface and that looks pretty shameful and needs improvement. Juniper has a different product line that has artificial intelligence capabilities. In the future, we would like to see that extended to the SRX line.
Solutions Architect at a tech services company with 201-500 employees
Reseller
2021-02-15T00:35:50Z
Feb 15, 2021
I think with this Juniper product, the CPU switch could be improved for a better overall performance of traffic flow. I'd also like to see a threat intelligence feed which would hopefully monitor the network traffic flowing through the SRX to detect malware and other content.
I think it needs some automation. I have to find an API for Python and so on, which is quite different from a typical solution. Sometimes committing configurations takes a lot of time in Juniper because of the connections, and it could be a little bit faster. Their documentation could also be better.
Freelancer at a non-tech company with self employed
Real User
2021-02-10T16:40:00Z
Feb 10, 2021
Juniper SRX's UI is very bad. We have to use CLA all of the time and Sky ATP. If I compare Fortinet with SRX, particularly for filtering websites and email addresses, SRX is very very difficult.
Director at a tech services company with 1-10 employees
Real User
2021-01-23T09:52:02Z
Jan 23, 2021
The solution could cost less. It's a bit expensive right now. The solution sometimes takes a long time to deliver the products. We're often waiting for stock. They should just have the product available and ready to go when customers need it.
Network Security Engineer at a tech services company with 201-500 employees
Real User
Top 20
2021-01-12T17:13:09Z
Jan 12, 2021
We are experiencing some issues with the clustering. It needs to be simplified and more stable. Some of the features included in SRX need improvement. For example, if you want to change your SSH port number, you cannot go into the application layer. You will have to go to the shell command to change the port. This is a problem because when you show the configuration, you cannot see what was put in the shell. It should easier. Also, the user interface is a bit slow. In the future, I would like to see the UI more responsive. The new generation doesn't use SSH anymore. One-click would be better.
Technical Lead at a tech services company with 10,001+ employees
Real User
2020-12-24T00:33:06Z
Dec 24, 2020
It was very difficult to deal with and required a lot of support, and the UI is very poor. I didn't like this product at all. We faced many issues with the power supply causing many outages with this SRX box. We experienced outage issues when load-balancing between two availability architectures, which had an effect on the availability. Once we started to deal with this solution, it was very difficult to troubleshoot. It was not straightforward at all when comparing to Cisco. We always had support tickets. More than 50 tickets per month exceeded the SLA by more than two weeks. Better support is needed. In the next release, this solution needs to be stable, offer better support, better pricing, and less expensive to migrate.
The reliability needs to be improved. We purchased three devices and all three have been replaced under RMA. We've had other problems where they have needed to be rebooted. A couple of times I've run into the problems where they have to integrate with other systems. The Juniper support really doesn't have a clue about other systems. They know Juniper and if everything is Juniper then it's great. However, we have Windows RADIUS Servers and I need Juniper-specific settings for them. Unfortunately, they're having a real hard time telling me what those should be, and they keep referring back to it being Microsoft, which they don't support. When they say that I need to speak with Microsoft, I remind them that these are things that are defined in the Juniper configurations that I need to set up. They seem to forget that not everybody is exclusively Juniper.
Pre-Sales Analyst at a tech services company with 201-500 employees
Real User
2020-12-10T05:09:51Z
Dec 10, 2020
Our operational team handles the solution more than I do. I personally haven't seen any features that are missing per se. The solution isn't very granular or detailed. However, we're just using the basics anyway. The product could have a quicker response when it comes to technical support getting back when we have questions.
Director & CIO of IT services at Connectivity IT Services Private Limited
Real User
2020-07-14T08:15:49Z
Jul 14, 2020
I have not given a lot of thought as to what needs to be improved because so much of technology and capabilities are expanding. Probably Juniper could come up with their own dedicated endpoint security. Today they have an integration with Sophos. If you really look at what SRX has as far as antivirus capability, it is really only the integration with Sophos. Sophos is good, I am not saying Sophos is a bad solution. But Juniper having their own antivirus solution may be a batter idea to make it a stand-alone product. If you look at Check Point. They have a lot of experience in the area of security which is integrated with their product. In comparison, Juniper could start developing its own strong capabilities with antivirus and have its own security which may even surpass relying on Sophos. Sophos could improve more but it is definitely a wonderful architecture.
Senior Product Manager at a tech services company with 51-200 employees
Reseller
2020-06-16T08:37:23Z
Jun 16, 2020
There are a lot of features that customers do not know about and I think that better documentation would help when it comes to learning how to use the product. Technical support could be improved by adding local engineers.
The workplace management console needs improvement. It should be a little bit more developed. Also, the interface needs a bit more improvement. If the solution would have an intuitive interface would be much better because the work-based interface is not so perfectly developed and it's not ideal. It's not complete yet, and it makes it difficult for beginners and first-time users of this solution. As it is, for new users, it would make it very difficult for them to deploy this solution. Otherwise, the rest is fine. There's no other problem with it.
Professional Services (Security) at Business Management Company
Real User
2019-05-16T07:47:00Z
May 16, 2019
The solution previously had a Clientless SSL VPN, but it has been removed and I would like access to it again. The GUI needs improvement. I can work fine with the command line (CLI), but new people would like a better user interface. I would like to see an SSH VPN in the next release.
Architect - Cloud Serviced at a comms service provider with 10,001+ employees
Real User
Top 20
2019-05-15T05:16:00Z
May 15, 2019
IPS, or IDS services, need improvement. Their major problem is that you have to integrate it with MSN or web building services, you need to buy support for that and services but you cannot. The best thing that I see was a filtering service with custom categories that I can create. If I buy a license, I can integrate it with a different product, but their own web building services is poor. So they can improve web building services, as well as look for application awareness, and maybe, with IPS, they can have their own built-in services rather than integration with MSN for using IPS. There are three things that can be improved. IPS is one that I would definitely want to be improved. I would also like SSL VPN to be integrated. Other than that, I guess it's doing a firewall, so I would say it's cool. Next in features, I would want that to be included, along with SSL VPN, if possible. Other than that for the product, I don't think there's a need for doing anything with this.
Risk Management and Security Governance at a comms service provider with 501-1,000 employees
Real User
2019-05-13T08:56:00Z
May 13, 2019
The Juniper product has to improve in terms of innovation. It only has standard reports, such as memory capacity and data traffic. By comparison, the Check Point solution comes with great reports. Check Point tracks the logs, then analyses the logs and can tell you when you are under attack. Then, you can prevent it. With Juniper today, what you have in terms of log analysis is not so good. I think that they have another solution for this, but it is not embedded, and you have to purchase it separately.
In terms of improvement, it could use more on the security side. It's a good stable firewall, but it's nowhere near what it needs to be for a next-generation type firewall. They also need to improve their documentation. With Cisco, you can find lots of examples, but with Juniper, it is not always the case. One area that needs more focus is instruction on how to interoperate with other vendor's products. I would like to see documentation on running IPsec tables between Fortinet and Juniper or Cisco and Juniper because the information is not there. Their technical support also needs improvement, as they are lagging behind Cisco.
Improvements can be made to the GUI. The GUI can be improved by creating policies to handle IPS requirements. The configuration should be a one-step process. This would make it easier to complete the setup to register the time of operation.
Security Governance at a comms service provider with 1,001-5,000 employees
Real User
2019-04-04T09:10:00Z
Apr 4, 2019
The Juniper SRX product needs to improve in terms of innovation. E.g., Checkpoint comes with a monitoring solution embedded in its product, as well as providing good reports. Checkpoint also does analysis by tracking the logs and letting you know when you are under attack. What Juniper has today in comparison is not so good. Juniper only has limited reports, such as memory, capacity, data, and traffic.
Sr. Engineer at a comms service provider with 51-200 employees
Real User
2019-03-06T07:41:00Z
Mar 6, 2019
We also use firewalls from FortiGate and Palo Alto and they're built with technology to make them next-generation firewalls. Juniper utilizes a router OS and includes enhancements to make it a firewall. But FortiGate and Palo Alto are full-on firewalls because they are built from scratch with features which are specific to firewalls. Juniper needs to enhance the solution so that it is more powerful. They need to update the administrative tools to create an easier admin experience. An average administrator would find it easier to configure if they could use https rather than the command line interface to do so. In addition, it would be more powerful if Juniper brought out a security product other than firewalls, like anti-spam, endpoint protection, etc. Customers who want to deploy security solutions are not just thinking about firewalls. They're thinking about security across their environment. If Juniper could give me a security solution, beyond the firewall, that integrates with the firewall, that would be helpful. Other products have built a security fabric. So if a customer already uses one of their solutions, like a firewall, they will be thinking about integrating with that vendor's other products. If there is more than just a firewall solution, they will use that same vendor's products throughout the security environment. A security fabric is more powerful than just blocking via network parameters. Juniper should have an end-to-end solution, from the endpoint to the network level. It would provide a more powerful security solution to the customer. Customers are looking for a holistic security solution.
Consumer Engineer at a comms service provider with 1,001-5,000 employees
Real User
2019-02-26T08:25:00Z
Feb 26, 2019
The GUI needs to be easier and more helpful for users who don't have security experience. They need to add WAF management to the tool, as competitors already have it as part of their offerings. This feature is future of protecting enterprise solutions.
We are finding that the UTM features which is required (like an antivirus or URL filtering) are not available. We are now looking for the "Next Generation" of firewall protection. We need to be less vulnerable to attacks. In addition, we would really like to see an automated policy feature added.
* Correct the bugs in the current version. * Help customers more with its configuration so they can feel safer. We tried configuring the IDS for more than four months, but it did not work properly.
The CLI is verbose. You have to say a lot to do a little. I don't like that part of it. Cisco's command syntax seems to be a good bit more concise. When you're trying to get something done, you don't want to have to type a bunch. I wish there was a quicker way to configure through the CLI. I know all the tricks of hitting spacebar etc. to finish the command, and the context tricks of going further in. But it just reminds me of an older operating system, like VAX/VMS. It's just very verbose. Maybe this is where the Space Security Director product comes in, but we aren't quite using the Security Director in Space to its fullest yet.
Third-party support for Juniper is a lot less than Cisco. This is no surprise, but a definite consideration if you are expecting to use a lot of third party support. In my guesstimate, for every 100 Cisco shops, you will find one Juniper shop.
Juniper SRX is a next-generation security solution that enables users to expand and secure their networks without incurring heavy costs or sacrificing performance.
Benefits of Juniper SRX
Some of the benefits of using Juniper SRX include:
Easily manage and view every aspect of your system’s security. Juniper SRX enables users to manage their security from a centralized location. The central control center can control and view every Juniper connected device in a user’s network. Once a...
There is room for improvement in customer service and support. The customer interaction is not up to par. It is also very delayed.
It's a very small firewall, and Juniper doesn't provide UTM solutions. That's why we are shifting towards FortiGate firewalls. We definitely have some kind of business functionality that is not matching with this firewall. Our research and development department works on it, and they recommended that we should replace it with a better firewall, like Fortinet or Cisco, and we found Fortinet more feasible.
If Juniper needs improvement, they should work on the price point because it's very high.
Juniper SRX Series Firewall does not offer protection for IoT devices. Therefore, devices like CCTV cameras, biometric systems, control access systems, and building management systems cannot be protected using the product. With around 450+ IoT devices worldwide, Juniper SRX Series Firewall should allow protection for all such devices with an ethernet port, similar to Palo Alto and Check Point. The GUI of the product is overcomplicated and almost every feature of the solution needs to be implemented through CLI programming, using tools like Tera Term. The solution provider should simplify the GUI for partners, system integrators and end users alike.
Juniper SRX Series Firewall has to improve its web content site, like web filtration.
When I was going to upgrade the OS, the solution didn't accept certain USB devices. So, I had to put in the OS using a trivial FTP server. Otherwise, the solution is really advanced. It's really hard to get a hold of the firmware for it. Even if you applied for customer support, getting to the software side is a little harder. If you want to upgrade the OS, you have to do this by special pauses. You can't just upgrade from an old version to the newest one. You have to make middle landings.
There is room for improvement in scalability and performance. It's scalable and reliable, but when using next-generation firewall features, the performance decreases significantly for Juniper SRX. In Check Point and Cisco, the performance decrease is less.
Both network and cloud environments require security measures such as traffic protection, intrusion prevention, and antivirus solutions to ensure shared protection. In some cases, customers encounter issues related to network interfaces, while others prioritize security concerns. These aspects are of utmost importance from the customer's perspective. The customers value stability and seek high performance.
It would be ideal if the solution could use cloud services to help update signatures or threat prevention systems. There might be limitations with the product, depending on the hardware we use. We need to ensure we choose the right hardware if we want more throughput. We'd like to have more control over certain parameters and over the hardware. They could include some features that help prevent or fight DDoS attacks.
They should work on the pricing. I am using VPN and need to pay for its warranty and license separately. It needs to be addressed.
Juniper SRX Series Firewall is a primary network company, but its security portfolio is not a market leader. Their primary responsibility is the features that provide their products. Perhaps taking a leap and developing some features from scratch could be a way to improve. The centralized management has room for improvement because it is outdated and not easy to integrate. The technical support has room for improvement.
Juniper SRX could improve by adding an IPX feature.
The solution's configurations and syntax are specific and more complicated than other platforms. Compared to Cisco, the solution is not intuitive.
I think Juniper SRX should have a GUI. Some of the competitors are already implementing GUI for the firewall.
Both the web management and the graphical user interface are inadequate and should be improved. It's one of those situations. When it comes to Juniper, I would never use the GUI, instead, I would only use the command line. I would like to see an improved user interface, and some kind of SD-WAN solution included, or perhaps a simpler way of configuring redundant links, such as WAN links.
To compare with Fortinet, Juniper needs to improve their security features.
It does have its nuances in terms of deployment. There are always areas to make something easier or more intuitive or make the system auto-negotiate more with existing hardware.
Juniper's product updates are extremely slow, and competitors are rapidly keeping up. It slowly updates the model. Juniper SRX lacks email protection, for example. it is not malware-protected. In the case of malware, you are purchasing a software package from vendors through Juniper. They do not sell their own products. It lacks the Sandbox as well as the CM. The CM is available from Juniper, but it is manufactured by IBM rather than Juniper, despite its name.
Junos Space should be improved to be on par with FortiGate's solution for managing firewalls and routing.
The range of devices should be expanded to include those suitable for a small implementation. Juniper does not have any lower-priced SRX models, useful perhaps for a single ATM or a single bank branch. Having such a model at a reasonable price would be good. In the time that we have used Juniper, we have not seen them improve their product line. If you look at Cisco, they have all kinds of network products. They have routers, switches, and firewalls. But with Juniper, they are not coming up with different kinds of products. They should be including more firewalls and other products. This is an area that Juniper should improve in general. In Bangladesh, there is a very limited number of partners. The problem with this is that there is a monopoly, and I think that they should end this by increasing the number of local partners.
In terms of what could be improved, J-Web, Juniper Web, is sometimes not working great when users are increasing their internet use. Additionally, they need to improve the GUI, graphical user interface, and the firewall management needs to improve. Their CLI is good, but sometimes the GUI is very slow. Also, the UTM, Unified Threat Management, feature needs to be improved.
Its logging is very good, but we would like to have an easier way of creating more reports. We would like to be able to manipulate the reports or manage the way the reports are coming out. In terms of new features, we are using almost all of the features that it has, and there is nothing specific that it is lacking.
I would like to have a better web UI for administration. Juniper could simplify the web UI and make it more compatible with mobile devices. In particular, I'm thinking about our remote offices, where we don't have dedicated IT personnel. Let's say someone from the office staff was working via smartphone. If the web UI were more compatible with mobile devices, the administration could manage IT support from a team that is not in their location. It would make it simpler for small companies to deploy these devices. I also think the documentation is lacking.
We've had some issues with the firmware. The solution is quite advanced. You need a lot of training to use it effectively. When we bought the equipment, and we have more Juniper devices, not just SRX, they started to malfunction. I'm not sure why. All the devices that we bought were from the year 2018. We had the EX4600. Something was not working with this device. It was offline. We bought everything in twos so we could make a high availability with all of them. The current has malfunctioned, and all the warranties have also expired. We are, generally, expecting malfunctioning, maybe in the next few years. I was planning to switch the Juniper equipment with something else to avoid this. It does not have a simple user interface. The warranty offered on the devices isn't long enough. it would be better if you could extend it out to five or eight years. Otherwise, you have to be very careful with the equipment. I'm not sure if Juniper SRX can filter emails or block viruses. I'm not familiar with these aspects as I haven't had that much experience using the SRX inside the UI. However, if they do not, it would be ideal if they did. I'm not sure if it can deflect any kind of DDoS attack. The one particular issue that I've seen on the SRX, is if you have SSH enabled and if there is a large number of SSH connections, when a brute force attack happens, the SRX, in general, tends to become unstable, or it resets by itself. That's one issue that's particularly making me angry, and I had to request the reseller to block the SSH permanently, or just to allow access, so only they can connect.
The user interface is something that Juniper needs to improve.
The reporting is lacking. it's an aspect of the solution I would like to see improved upon in the future. The solution isn't as present in the market as Cisco and Fortigate. They need to do a better job of marketing themselves and becoming more visible.
The capacity can be limiting. We have outgrown its capacity. You can only scale up to a certain extent, depending on the device purchased. There are cheaper options on the market. The reporting and alerts could be improved. If you had alerts, whereby you can have things like intrusion detection systems quickly alerting the security managers of a breach would be helpful. They need to work on the user interface. Most tasks are done by commands, and if you don't have experience using the command line, it's terrible. They should make it easier.
In the next release, I would like to have a better web interface. It needs to be more user-friendly. Right now, you can only access many features through the console.
It could be more secure.
As a networking person, I don't really have any major issues with this device. Based on my experience of using it in a cluster, it could be more stable. I had an incident when one of the SRXs in a cluster couldn't learn ARP. It is a good solution, but firewalls don't seem to be an area of development for Juniper. They are focusing on data centers, routers, and switches, not firewalls.
I've noticed that the management interface could use some updates and upgrades. The dashboard can be updated. The reporting could be more robust and in-depth. I've looked into the Check Point firewall a bit and I've found that its anti-spoofing is a good feature. Juniper should consider adding that as a feature. I've only just begun to really use the product. I only have one year of experience so far. It's still new to me. Therefore, it's hard to make any notes on any features or improvements, as I'm still familiarizing myself with everything. I need time to compare it to other firewalls, and I have not gone through the process of doing that just yet. I need more time.
The interface could be more user-friendly.
It must be 5G ready. The 5G network is rolling out soon in India, and Juniper must upgrade their firewall slot to the 5G network, or they must manufacture a 5G dongle card for the Juniper firewall. I want Juniper to upgrade their dongle from 4G to 5G. Presently, they have an expansion slot in the SRX 322 series and higher firewalls. In that expansion slot, they can put a 4G mobility SIM card so that whenever our primary link is down, it will automatically connect through this GSM network and form a tunnel.
They recently improved this solution. Currently, I feel comfortable with Juniper in general.
Their models for service providers could improve. We are an MSP, we resell services and I think the company could have a better program for service providers because our needs are different from our regular customer that is buying it for. More recently we started using the GUI interface and that looks pretty shameful and needs improvement. Juniper has a different product line that has artificial intelligence capabilities. In the future, we would like to see that extended to the SRX line.
I think with this Juniper product, the CPU switch could be improved for a better overall performance of traffic flow. I'd also like to see a threat intelligence feed which would hopefully monitor the network traffic flowing through the SRX to detect malware and other content.
I think it needs some automation. I have to find an API for Python and so on, which is quite different from a typical solution. Sometimes committing configurations takes a lot of time in Juniper because of the connections, and it could be a little bit faster. Their documentation could also be better.
Juniper SRX's UI is very bad. We have to use CLA all of the time and Sky ATP. If I compare Fortinet with SRX, particularly for filtering websites and email addresses, SRX is very very difficult.
The training videos that are available need to be improved, and made more educative. This will help users to become more familiar with the product.
The solution could cost less. It's a bit expensive right now. The solution sometimes takes a long time to deliver the products. We're often waiting for stock. They should just have the product available and ready to go when customers need it.
We are experiencing some issues with the clustering. It needs to be simplified and more stable. Some of the features included in SRX need improvement. For example, if you want to change your SSH port number, you cannot go into the application layer. You will have to go to the shell command to change the port. This is a problem because when you show the configuration, you cannot see what was put in the shell. It should easier. Also, the user interface is a bit slow. In the future, I would like to see the UI more responsive. The new generation doesn't use SSH anymore. One-click would be better.
It was very difficult to deal with and required a lot of support, and the UI is very poor. I didn't like this product at all. We faced many issues with the power supply causing many outages with this SRX box. We experienced outage issues when load-balancing between two availability architectures, which had an effect on the availability. Once we started to deal with this solution, it was very difficult to troubleshoot. It was not straightforward at all when comparing to Cisco. We always had support tickets. More than 50 tickets per month exceeded the SLA by more than two weeks. Better support is needed. In the next release, this solution needs to be stable, offer better support, better pricing, and less expensive to migrate.
The reliability needs to be improved. We purchased three devices and all three have been replaced under RMA. We've had other problems where they have needed to be rebooted. A couple of times I've run into the problems where they have to integrate with other systems. The Juniper support really doesn't have a clue about other systems. They know Juniper and if everything is Juniper then it's great. However, we have Windows RADIUS Servers and I need Juniper-specific settings for them. Unfortunately, they're having a real hard time telling me what those should be, and they keep referring back to it being Microsoft, which they don't support. When they say that I need to speak with Microsoft, I remind them that these are things that are defined in the Juniper configurations that I need to set up. They seem to forget that not everybody is exclusively Juniper.
While the GUI is pretty good on the Juniper side, there can still be tweaks made to it that will make it even better.
The setup process should be improved.
Our operational team handles the solution more than I do. I personally haven't seen any features that are missing per se. The solution isn't very granular or detailed. However, we're just using the basics anyway. The product could have a quicker response when it comes to technical support getting back when we have questions.
The user interface and the GUI need improvement. In the next release, I would like to see mobile support.
The configuration is difficult and it should be easier.
I have not given a lot of thought as to what needs to be improved because so much of technology and capabilities are expanding. Probably Juniper could come up with their own dedicated endpoint security. Today they have an integration with Sophos. If you really look at what SRX has as far as antivirus capability, it is really only the integration with Sophos. Sophos is good, I am not saying Sophos is a bad solution. But Juniper having their own antivirus solution may be a batter idea to make it a stand-alone product. If you look at Check Point. They have a lot of experience in the area of security which is integrated with their product. In comparison, Juniper could start developing its own strong capabilities with antivirus and have its own security which may even surpass relying on Sophos. Sophos could improve more but it is definitely a wonderful architecture.
There are a lot of features that customers do not know about and I think that better documentation would help when it comes to learning how to use the product. Technical support could be improved by adding local engineers.
When we first tested the serial interface on our model, it did not work. It should be easier to escalate support tickets.
The workplace management console needs improvement. It should be a little bit more developed. Also, the interface needs a bit more improvement. If the solution would have an intuitive interface would be much better because the work-based interface is not so perfectly developed and it's not ideal. It's not complete yet, and it makes it difficult for beginners and first-time users of this solution. As it is, for new users, it would make it very difficult for them to deploy this solution. Otherwise, the rest is fine. There's no other problem with it.
The throughput when using features can be improved. 100-gigabit interfaces should be added into the next release because we'd like to adopt them.
In terms of other features, I'd like to see a web filter, 10 point control, application control and DNA features in the next release.
The solution previously had a Clientless SSL VPN, but it has been removed and I would like access to it again. The GUI needs improvement. I can work fine with the command line (CLI), but new people would like a better user interface. I would like to see an SSH VPN in the next release.
IPS, or IDS services, need improvement. Their major problem is that you have to integrate it with MSN or web building services, you need to buy support for that and services but you cannot. The best thing that I see was a filtering service with custom categories that I can create. If I buy a license, I can integrate it with a different product, but their own web building services is poor. So they can improve web building services, as well as look for application awareness, and maybe, with IPS, they can have their own built-in services rather than integration with MSN for using IPS. There are three things that can be improved. IPS is one that I would definitely want to be improved. I would also like SSL VPN to be integrated. Other than that, I guess it's doing a firewall, so I would say it's cool. Next in features, I would want that to be included, along with SSL VPN, if possible. Other than that for the product, I don't think there's a need for doing anything with this.
The Juniper product has to improve in terms of innovation. It only has standard reports, such as memory capacity and data traffic. By comparison, the Check Point solution comes with great reports. Check Point tracks the logs, then analyses the logs and can tell you when you are under attack. Then, you can prevent it. With Juniper today, what you have in terms of log analysis is not so good. I think that they have another solution for this, but it is not embedded, and you have to purchase it separately.
In terms of improvement, it could use more on the security side. It's a good stable firewall, but it's nowhere near what it needs to be for a next-generation type firewall. They also need to improve their documentation. With Cisco, you can find lots of examples, but with Juniper, it is not always the case. One area that needs more focus is instruction on how to interoperate with other vendor's products. I would like to see documentation on running IPsec tables between Fortinet and Juniper or Cisco and Juniper because the information is not there. Their technical support also needs improvement, as they are lagging behind Cisco.
Improvements can be made to the GUI. The GUI can be improved by creating policies to handle IPS requirements. The configuration should be a one-step process. This would make it easier to complete the setup to register the time of operation.
The Juniper SRX product needs to improve in terms of innovation. E.g., Checkpoint comes with a monitoring solution embedded in its product, as well as providing good reports. Checkpoint also does analysis by tracking the logs and letting you know when you are under attack. What Juniper has today in comparison is not so good. Juniper only has limited reports, such as memory, capacity, data, and traffic.
We also use firewalls from FortiGate and Palo Alto and they're built with technology to make them next-generation firewalls. Juniper utilizes a router OS and includes enhancements to make it a firewall. But FortiGate and Palo Alto are full-on firewalls because they are built from scratch with features which are specific to firewalls. Juniper needs to enhance the solution so that it is more powerful. They need to update the administrative tools to create an easier admin experience. An average administrator would find it easier to configure if they could use https rather than the command line interface to do so. In addition, it would be more powerful if Juniper brought out a security product other than firewalls, like anti-spam, endpoint protection, etc. Customers who want to deploy security solutions are not just thinking about firewalls. They're thinking about security across their environment. If Juniper could give me a security solution, beyond the firewall, that integrates with the firewall, that would be helpful. Other products have built a security fabric. So if a customer already uses one of their solutions, like a firewall, they will be thinking about integrating with that vendor's other products. If there is more than just a firewall solution, they will use that same vendor's products throughout the security environment. A security fabric is more powerful than just blocking via network parameters. Juniper should have an end-to-end solution, from the endpoint to the network level. It would provide a more powerful security solution to the customer. Customers are looking for a holistic security solution.
The GUI needs to be easier and more helpful for users who don't have security experience. They need to add WAF management to the tool, as competitors already have it as part of their offerings. This feature is future of protecting enterprise solutions.
The device could be more user-friendly.
We are finding that the UTM features which is required (like an antivirus or URL filtering) are not available. We are now looking for the "Next Generation" of firewall protection. We need to be less vulnerable to attacks. In addition, we would really like to see an automated policy feature added.
* Correct the bugs in the current version. * Help customers more with its configuration so they can feel safer. We tried configuring the IDS for more than four months, but it did not work properly.
The CLI is verbose. You have to say a lot to do a little. I don't like that part of it. Cisco's command syntax seems to be a good bit more concise. When you're trying to get something done, you don't want to have to type a bunch. I wish there was a quicker way to configure through the CLI. I know all the tricks of hitting spacebar etc. to finish the command, and the context tricks of going further in. But it just reminds me of an older operating system, like VAX/VMS. It's just very verbose. Maybe this is where the Space Security Director product comes in, but we aren't quite using the Security Director in Space to its fullest yet.
I would like to see endpoint control and endpoint testing security. The GUI needs to be easier to handle.
I would like them to add a dashboard because it's difficult to operate. The product only has basic features.
Third-party support for Juniper is a lot less than Cisco. This is no surprise, but a definite consideration if you are expecting to use a lot of third party support. In my guesstimate, for every 100 Cisco shops, you will find one Juniper shop.
It could improve areas which need high performance.
It needs better interoperability with Cisco gear.