Juniper SRX Review

The virtualization feature is the most valuable feature, as sometimes customers request a private connection using mobile data


What is our primary use case?

We are using this solution mainly for the NPCs and the firewall of the mobile data customers. We are using it to protect the ISP of the mobile data customers: 2G, 3G, and 4G customers. 

What is most valuable?

In terms of features, we are using Source NAT. 

The virtualization feature: Sometimes customers are requesting a private connection using mobile data when they are connecting to remote sites. 

What needs improvement?

The Juniper SRX product needs to improve in terms of innovation. E.g., Checkpoint comes with a monitoring solution embedded in its product, as well as providing good reports. Checkpoint also does analysis by tracking the logs and letting you know when you are under attack. What Juniper has today in comparison is not so good.

Juniper only has limited reports, such as memory, capacity, data, and traffic.

For how long have I used the solution?

Three to five years.

What do I think about the stability of the solution?

Since we have deployed the product, we have had two or three minor issues.

What do I think about the scalability of the solution?

We have something like 12 million customers (mobile data customers).

How are customer service and technical support?

Sometimes, it is difficult to contact the Juniper support because we did not purchase the support package, as it was too expensive. We are using a local reseller instead. Sometimes, when we have had issues, it can take one to three hours for resolution, which is not good at all based on our company standard. However, once we have the right thing connected on the device, then it's very fast.

I would rate the technical support as a seven out of ten. The support is skilled, but the cost is expensive.

If you previously used a different solution, which one did you use and why did you switch?

We previously used Cisco ASA. The results were not good.

How was the initial setup?

The initial setup is straightforward. We had the help of the local provider. So, it was very straightforward. 

Even now, when I compare the initial setup to Cisco, the implementation of Juniper SRX is very simple.

What about the implementation team?

To finish the implementation, we had the help of the local provider, Ericsson.

From the design phase up to the implementation phase, it took more than one month per site. The time to validate the design documents and change, then doing those changes, approve those changes and implementing them. Because we have two sites, it was somewhere around three months.

After the acquisition phase, we discussed the plan and the design document. We did the architecture and design document with the vendor. Before going into the implementation phase, we have to validate all our documents for the high-level and low-level designs. The operational teams are also validating these documents.

Once we have all those documents validated, we request the approval for change. We have a committee who analyzes the documentation. We analyze the work that we are planning to do and validate the changes for a specific time.

We need to look if there any impact on the customer side, do we need to present it to the customer before making the change, and what is the plan for monitoring after the change?

What's my experience with pricing, setup cost, and licensing?

The direct support with Juniper is expensive. When you stop using the solution and miss one year of payments, if you want the support back on a specific node, they ask you to pay for the year that you haven't used the node.

Which other solutions did I evaluate?

We tried to move our mobile data firewall from Juniper SRX to Cisco ASA. What we found was that Cisco did not performing well at all. We were very disappointed by the Cisco solution. With the Cisco solution, we had more memory issues with the same amount of traffic. With Juniper SRX, it just needs an upgrade to carry the traffic.

We have approved vendors in every industry. We cannot deviate and chose any vendor that we want. We can only select vendors from our approved list. The two vendors on that list for this industry include Cisco and Juniper, though recently Huawei was added.

What other advice do I have?

Make sure to have skilled local support.

We are planning to move to the bigger version of Juniper SRX later this year (SRX5800). We are also planning to move to IPv6.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner.
Add a Comment
Guest
Sign Up with Email