How has it helped my organization?
Theere has been no change to our organization. We replaced an older Cisco ASA. We intended to use some of the UTM features, but we have not yet. In some cases, it is worse. We can’t do remote access IPsec VPNs for users like we could with the Cisco ASA. Instead, we set up OpenVPN. As the Cisco ASA is the de facto standard, doing a site-to-site IPsec VPN to other companies takes more time (e.g., IKEv2 will not work connecting to Cisco gear because traffic selectors are not supported for IKEv2).
What is most valuable?
We mostly use the Layer 4 firewall functions: Access rules, NAT, and site-to-site IPsec VPN. We liked that it had additional features and was more modern than the Cisco ASA line.
What needs improvement?
It needs better interoperability with Cisco gear.
For how long have I used the solution?
One to three years.
What do I think about the stability of the solution?
What do I think about the scalability of the solution?
No issue. We are only a 40 person company and only have 50Mbps of internet bandwidth.
How are customer service and technical support?
Technical support is good, though we have not really used support much. Juniper has a decent knowledgebase.
Which solution did I use previously and why did I switch?
Previously, we had a Cisco ASA 5510. It was old and needed to be replaced. We switched because the Cisco ASA is underpowered. If you try to do too many functions, like IDS/IPS, UTM, virus scanning, and Smart Net, support is expensive.
How was the initial setup?
The initial setup is mostly straightforward. We are converting one of our site-to-site VPNs with another company where we have overlapping subnets. This took some doing because the Cisco ASA allowed us to do policy-based NAT and could NAT the same IP subnet two different ways depending on the destination address. We needed to exclude 10 IP addresses out of a 24 subnet from the static NAT rule which was needed to deal with the overlapping subnets and ended up having to do more than 240 individual 32 NAT rules on the Juniper SRX240H2.
What about the implementation team?
Work with a consultant who has good JunOS knowledge if you have a complex setup (we host more than 20 servers for internet access used by over a 1000 users).
What's my experience with pricing, setup cost, and licensing?
Pricing is good. Most of the costs are in the UTM (IDS/IPS, virus scanning, etc.) subscription. Palo Alto was nice, but much more expensive.
Which other solutions did I evaluate?