What is most valuable?
Valuable features for us include:
- Routing: When firewalls can also perform full routing functionality, it helps to save cost on dedicated routing hardware.
- High Availability (clustering): This is important to ensure service availability in the event of a node failure. These firewalls in HA mode consist of a primary and backup node, and provide redundancy such that if one of the nodes fails, the other node will take over.
- Deep packet inspection (DPI) capabilities: Juniper SRX firewalls inspect packets as they traverse the firewalls and it goes beyond the traditional five tuples (source IP, destination IP, protocol, source port, and destination port) packet inspection by using the App-ID engine to inspect the protocol to correctly identify applications. It further rate-limits traffic, using the AppQoS features, based on specific types of applications.
- IPSec VPN: This is crucial because it provides secure site to site connectivity between the DC and remote locations. Traffic traversing the secure link is protected from the prying eyes of unauthorized intruders or the man-in-the-middle.
These features are valuable because they allow smooth operation of the business from a technology standpoint. Again, this is relative.
How has it helped my organization?
There was a business need to provide service high availability and system redundancy in addition to routing and firewalling at the internet edge and the datacenter core.
Having this design has greatly simplified the network and improved operational efficiency of support staffs.
What needs improvement?
For how long have I used the solution?
We have been using the solution for seven years, providing design, implementation, support, and optimization.
What do I think about the stability of the solution?
We had a stability issue. Just like any other vendor, there are code stability issues on some of the platforms. However, there is always a recommended code version for each platform.
What do I think about the scalability of the solution?
We did not encounter issues with scalability, but this depends on the environment. The DC class firewalls can scale vertically or horizontally.
How are customer service and technical support?
They provide an awesome technical support.
Which solution did I use previously and why did I switch?
We used Cisco and CheckPoint. Routing functionality and advanced security services were limited.
How was the initial setup?
The setup was straightforward and simple once you understand the building blocks of Junos and firewalls.
What's my experience with pricing, setup cost, and licensing?
Pricing and licensing are very reasonable.
Which other solutions did I evaluate?
We evaluated Palo Alto and Fortinet.
What other advice do I have?
This product will offer maximum performance and capacity.
It is extremely reliable depending on the business need. It supports full routing functionality and advanced security services like Application Security, Unified Threat Management (UTM), IPS, and threat intelligence.
Advanced security services require a license.