Juniper SRX Review

Enables us to integrate a firewall and router in a single product but IPS needs improvement


What is our primary use case?

We leverage this as a firewall and for IT tech services. It's more of a firewall used in a router sorting device. I see major benefits from leveraging it like this.

How has it helped my organization?

This is a product on the customer side, not in our services. What I have identified so far is that, considering the complex deployment that the customer wanted to make, the scalability with the feature support that they already have, and its functionality provided, Juniper SRX was one of the better products available. It helped us to scale well with that product customer requirement because they wanted the IT side on a virtual router, with a firewall so it was integrated to work. Such a complex setup cannot be easily accomplished by just using a firewall. SRX actually helps us scale and integrate the product according to customer requirements. It also helped us with its routing capabilities which eased the cost, because otherwise I would have had to take a router and firewall, and then integrate it. With this, however, it was an integration of firewall and routing services all together in a single product. That was one thing that I loved about it.

What is most valuable?

IPS is something that I do not find valuable, but the other features are awesome. Firewall IP second router is good, but IPS needs to be worked upon.

What needs improvement?

IPS, or IDS services, need improvement. Their major problem is that you have to integrate it with MSN or web building services, you need to buy support for that and services but you cannot. The best thing that I see was a filtering service with custom categories that I can create. If I buy a license, I can integrate it with a different product, but their own web building services is poor. So they can improve web building services, as well as look for application awareness, and maybe, with IPS, they can have their own built-in services rather than integration with MSN for using IPS. There are three things that can be improved.

IPS is one that I would definitely want to be improved. I would also like SSL VPN to be integrated. Other than that, I guess it's doing a firewall, so I would say it's cool. Next in features, I would want that to be included, along with SSL VPN, if possible. Other than that for the product, I don't think there's a need for doing anything with this.

For how long have I used the solution?

More than 7 or 8 years

What do I think about the stability of the solution?

It's cool. I would say it's one of the most stable services. Providing for redundancy is a bit challenging, but it actually is something that can be worked upon because they have a different concept of highway building, as opposed to general people doing stuff. I would say it is a good, stable product, except for the problematic part of it. If people are not aware of how to deal with it, it can be very cumbersome.

What do I think about the scalability of the solution?

You can scale it well, but when you scale you need to take a product out to another one. On a scale level, it's a very good scalable product. It's a good firewall so if you pump it in high traffic, it will be able to adapt to it, unless and until you outgrow its throughput. Then you would either have to get a new model or maybe if you have to avert your firewall, you might have to upgrade it to a new version. So far it's a good product.

This was for a 1,000 user base.

You don't need extra staff to maintain the solution. Unless and until you have a problem of lags or circuit issues, I don't think you need extra staff. One SE should be fine with this product.

I think there will be future plans to increase usage and get more devices. We are also trying to leverage this into a cloud platform, so there would be some more usage.

How are customer service and technical support?

The technical support or tech team is good. So far, when I worked with them, they have been able to resolve issues firmly. If they cannot do it, they connect you with someone you can work with, so they can just connect to the engineering team. Their data services is something which is really good.

However, their documentation is a bit more challenging. They have unsourced to work, like knowledge base articles and stuff, but they would need to work a bit more on the documentation to compare with Cisco documentation. That's something that they can improve on. They have good documentation. The documentations are clear, but there is not sufficient content available.

How was the initial setup?

The initial setup was very simple. I would say it was the simplest one to date.

What about the implementation team?

Deployment time depends on the solution. This was a very complex one, so it took us four weeks to get the most complexity out of it. I think taking a single deployment, it would not be more than a couple of hours. If you are already working with Juniper products, it would be a couple of hours. If you're not working with Juniper products, maybe a week, not more than a week.

I did the implementation myself, I don't normally take help but in scenarios where documentation is not available, I do go ahead and refer it out but this was simple. I don't think I needed the technical support staff, but I have worked with Juniper tech for certain scenarios in integrating this. It was tax-supported, non-profit services.

What's my experience with pricing, setup cost, and licensing?

There was no additional licensing cost because there were no IPS services. It was just a firewall IP circuit router so they have the default licensing. We just need to renew the support yearly.

Which other solutions did I evaluate?

Our customer evaluated Palo Alto also. They liked it, and even integrated it, but the scalability requirements they had were an issue. They loved Palo Alto for the security services, but their requirement was routing and security in a single device. That's the reason they were not able to go with the Palo Alto services, but they chose Juniper.

What other advice do I have?

If you're looking for a product that can give you routing as well as security services, and you're not looking for too much taxing on the security part, I guess this is a good product. If, however, you're looking for security services on a greater edge, maybe something like next-gen firewall features, referencing services, or IPS to a greater level, I would recommend going with other security products. If you want integration of both, you can use this, and maybe if you evaluate, or move forward with better services over a period of time and better models of that, maybe this is something that you can always look for both, routing as well as security services.

SRX is a security product that's not that good on security, but it's good at routing, so they actually balance out. I would rate them around six of ten. 

Cisco does one thing right. Cisco has AnyConnect so they can fully integrate SSL routing services. Previously Juniper used to have Pulse Secure and MAG devices. They sold it off to Pulse Secure, but maybe they could try to integrate SSL VPN with their products. Maybe that would help them increase market share.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Add a Comment
Guest
Sign Up with Email