Juniper SRX Reviews

For different customers, we use the product in different ways. In some cases, it is going to be an on-premises solution. In some cases, it is going to be a cloud-integrated solution. That is one of the best things about Juniper. We can use a single box and have the same unified policy structure if it is off the cloud or it is on-premises.  

Our primary use case is basically to use it like you would any other firewall. I do not call this a firewall anymore because it has functionality beyond what we traditionally think of as a firewall. Those days are gone where a firewall does just one thing. Today most of the firewall products are station firewalls. You have various options in each firewall station. In terms of comparison, you can compare Juniper with Cisco, with Fortinet, with Palo Alto and other leading products. It depends on what exactly you are planning to have it do.  

The most valuable feature for me over-all is that Juniper is simplified and can still do everything that is necessary to be effective. 

On the SRX box, it has what I call a one model concept for security. I work especially with hybrid environments. With an SRX we have a single management dashboard. We can manage the internal framework easily with the centralized management component. You can work with the threat prevention, you can work with the integration, you can work with traffic management. Another good part about SRX is that you have opportunities for automation. Another thing that is very good is that all the operating systems for all Juniper boxes are the same. You do not work on different operating systems using different boxes. 

It does user validation automatically and has automated threat detection and defense. It does threat analytics, which is integrated. So as a single box, it does not just address security, it does not just handle switching, it does not just work as a firewall. It addresses everything.  

I have not given a lot of thought as to what needs to be improved because so much of technology and capabilities are expanding.  

Probably Juniper could come up with their own dedicated endpoint security. Today they have an integration with Sophos. If you really look at what SRX has as far as antivirus capability, it is really only the integration with Sophos. Sophos is good, I am not saying Sophos is a bad solution. But Juniper having their own antivirus solution may be a batter idea to make it a stand-alone product.  

If you look at Check Point. They have a lot of experience in the area of security which is integrated with their product. In comparison, Juniper could start developing its own strong capabilities with antivirus and have its own security which may even surpass relying on Sophos. Sophos could improve more but it is definitely a wonderful architecture.  

I have around 22 years of experience with various similar products. My experience for the last 10 years has been on Juniper. I have worked on Cisco, on Foundry, and on Xstream. And you can make comparisons with products like Fortinet and Palo Alto next-generation firewalls.  

I would rate stability on a scale of one to ten. If ten is best, I would rate a nine-point-five. I would not rate anything a ten in this industry in any case because nothing is perfect and there is always room for improvement. It is very robust. Because the product is robust and very agile that carries over well into the potential for reliability.  

When it comes to scalability, basically Juniper is modular. The SRX architecture is very important. Say I am a small-time customer with 50 people in my company and I deploy on the SRX 300 Series. If my business grows exponentially and I now have 500 people in the company. My traffic has boosted significantly — say about ten times what it was. I do not have to really worry. Within one hour, I can just switch and get a new SRX box in place. Let's say I go with the 500 Series or the 4000 Series. This is my new capacity.

The change over is so simple, because the architecture is common. Whether you talk about SRX 300 or you talk about the service provider architecture, it is the same thing except for the capability to expand and handle the volume. That is very important from a technical perspective, which normally you only need one tech person to deploy.  

For mid-sized companies or even large-sized companies, you have a lot of clients from SRX 300 to SRX 5000 Series and the product line covers all the options. This is from a very basic server-level SRX box to the Next-Generation Firewall and advanced threat mitigation.  

But one thing that scalability should really take into account is that Juniper is an enterprise product. If you are really only talking about using the Sophos UTM or only want to use the product like a firewall, then you should consider a UTM box. If you then want to add an SD-WAN as an additional part of the architecture, the UTM is not the right choice. You just take an SRX box and you have SD-WAN on that. You can have a firewall on that. You can have a UTM on that. You can integrate with the cloud. You can integrate with Linux infrastructure. You can have network security.  

Today when we talk about Check Point, we talk about Next-Generation Firewalls. That includes the Palo Alto Next-Generation Firewall and Cisco Next-Generation. But no one talks about what the definition of Next-Gen is. The only difference about Next-Generation is that it has a staple firewall, by definition.  

If you are a small company and you only have five in your office, obviously you want a secure network. To do this you will buy a simple firewall. When you think of the most simple firewall, people buy a router. Then people buy a switch. Then people buy a firewall. Three devices. I would say, do not buy anything. Just buy one SRX box, which does all the three.  

Now I can also expand the same SRX 300 with a branch location. Let's say, I'm a bank customer. I have branches. Simple, I can now have the simplest of SRX 300 at all my branches or SRX 500. I just connect to my main SRX, let's say a 1500 Series with an SD-WAN topology. The project is done. Simple. I secure my network. I handle my routing. I handle my security. And I have an option for just enabling the license to get the latest threat mitigation.  

For comparison, let's take a very big enterprise network. Maybe I was the head of Informatica at APAC. I am in a situation where I have 6000 R&D developers in the organization. We monitor our total performance. Latency on the firewall should be as low as possible. This is especially critical with the current environment where people work from home. Everyone who is working from home now because of COVID has all their data still in the office and people come onto the network to get connected from home to the office.  

Imagine the load on my firewall in that situation. All the people from inside my organization are sitting outside of the office now accessing the data in the internal network through the firewall. Imagine all the data tracking is coming from all over like an external traffic base. You need to have the proper solution to handle the change in traffic and scalability is the most important factor in this case for successfully running a demanding environment.  

Juniper support is very good. But more than the technical support, their documentation is awesome. You can just Google a solution right now by stating your problem. You get into the juniper.net and there is wonderful documentation. As a technical person, I have never seen any technical documentation that is as good. I would say it is awesome. Any person who has an interest to learn, who has the interest to scale his capability with the product, just has to go to the Juniper site and they will get all the information on every one of their products. I think that it is written well enough for a non-technical person to become technical.  

They have different levels of training available. They make it very easy and available for anybody to explore the solution. There are knowledgeable people available in the technical community. It is a very good solution overall.  

I consider the setup for the product to be very easy. A basic technical person can do it. But, a person would need to know the capability of a robust box like SRX to make full use of the capabilities and the right choice of the product.  

You install the box, configure the hostname, a password, and set your IP address. By default, Juniper handles the basic configurations automatically. The control frame architecture is very nice. The whole platform architecture is very good. When you work with that box, you just divide the box into two layers: the top layer and the bottom layer. The top layer is exclusively made for the SRX box. The bottom layer is nothing but throughput where the packets get in and get out. We call it a packet forwarding engine, PFE.  

Initiating the routing packets actually go in the mapping connection between the top and the bottom, which is managed as with Oracle in an internal zone. The box is already secured when an attack happens. Nothing is 100% in the world. So, there is the possibility of an attack but at least the control center protects your network.  

The entire installation is just a couple of hours. It depends on the Oracle sizing. Let's say that you want to work on the agility of SRX, something you really need to understand is where you are deploying this product. It is different if you are comparing an SRX box or the cloud. When you are using an SRX box will it be deployed for a small enterprise, a mid-size enterprise, and a data center. You can have SRX boxes for a large data center. That is a difference in the agility of Juniper SRX compared to Cisco. For example, when I work with the cloud, I have an SRX virtual firewall, which is a high-performance network security in the virtual cloud. It is especially good for rapid deployments. It hardly takes hours to deploy on the cloud.  

When you have a container with a firewall, it is known as cSRX. Which is again, a highly available container firewall. These are used especially for microservices. When you start with a small enterprise you start with either the SRX 300 series or a 500 series, which is a next-generation firewall. It is comparable to the Cisco ASA. Probably the next good product to compare is Check Point. But the SRX product is easier to manage and deploy when compared to Check Point or Cisco.  

For the mid-size enterprise organization, we have the SRX 1400 Series or you can consider the 4000 Series. It is just an appliance. You just plug it in, switch it on, configure the network IP address, and then start configuring the protocols. You enable the licenses there, malware prevention, and all the other features you want by just adding on to the licenses.  

So it is just a matter of choosing the right appliance and from there it is practically plug-and-play. The challenge is not the initial setup and deployment, it is what you make use of.  

The main competitors for Juniper are Palo Alto, Check Point, and Cisco. Juniper has a lot of features that are good for engineering. Things like Fortinet and Cyberoam can not really compete with these others when it comes to these important features. Specifically, when you talk about Juniper SRX you talk about cloud deployment. You talk about malware remediation. You talk about reporting analytics. You talk about quarantining or threat intelligence (Unified Threat Management or UTM). You talk about data throttle, control prevention, email, web analysis, and integrated management. It can even just work as a router or assisting layer. It works best especially in large networks — like when you talk about service providers — where you have huge traffic flow. It is built to have flexibility and ease-of-use.  

My advice to anyone considering Juniper as a solution would be to first understand that the product needs to be chosen to fit the environment. You want to get the one right box that has the capacity you need. You have everything you need in the model by just updating your license. You do not have to look for a new box when your traffic remains under the upper limits of the capacity. If you are under the limitations of the capacity, the traffic goes straight out, unimpeded.  

On a scale from one to ten where one is the worst and ten is the best, I would rate Juniper SRX as a nine or even a nine-point-five overall. Additional features that could be added to make this solution a ten that other competitors have would technically make it the best product. For example, Check Point offers Blade Architecture. You just keep adding more and more blades. Because of this, Check Point — especially in the area of their security database — they are quite superior to Juniper. o there is room for improvement.  

When you really study on an enterprise level where Check Point stands out or where Juniper stands out, you have got to look into the way each product fits your needs. I mean Check Point is currently easy-to-use, and very good, global product. It also has quite a good rating from the industry over the past few years. Certainly, someone considering a purchase needs to consider options and trends.  

We had implemented two SRXs in high availability mode. They were used, generally, for firewall and NAT translation tables, for forwarding for services, and connecting branch offices. We have a constant internet connection, which is directly connected with the branch offices, in general. We didn't explicitly configure or use any specific SRX features regarding the filtering of URLs or something that a UTM could use, since Juniper has a more advanced configuration and, in general, a UI that's made for the customer.

The solution is mostly stable. 

We get technical support via the reseller, and they are very helpful. 

You can scale the solution. 

The solution works well for larger organizations. 

We've had some issues with the firmware. 

The solution is quite advanced. You need a lot of training to use it effectively.

When we bought the equipment, and we have more Juniper devices, not just SRX, they started to malfunction. I'm not sure why. All the devices that we bought were from the year 2018. We had the EX4600. Something was not working with this device. It was offline. We bought everything in twos so we could make a high availability with all of them. The current has malfunctioned, and all the warranties have also expired. We are, generally, expecting malfunctioning, maybe in the next few years. I was planning to switch the Juniper equipment with something else to avoid this.

It does not have a simple user interface. 

The warranty offered on the devices isn't long enough. it would be better if you could extend it out to five or eight years. Otherwise, you have to be very careful with the equipment. 

I'm not sure if Juniper SRX can filter emails or block viruses. I'm not familiar with these aspects as I haven't had that much experience using the SRX inside the UI. However, if they do not, it would be ideal if they did. I'm not sure if it can deflect any kind of DDoS attack. 

The one particular issue that I've seen on the SRX, is if you have SSH enabled and if there is a large number of SSH connections, when a brute force attack happens, the SRX, in general, tends to become unstable, or it resets by itself. That's one issue that's particularly making me angry, and I had to request the reseller to block the SSH permanently, or just to allow access, so only they can connect.

Juniper SRX was implemented in our company at the start of 2018.

While the solution has been running stable, one device has also malfunctioned. We had some issues with Juniper in general. It was regarding the firmware and some box, or something like that. We've needed to contact our reseller more frequently to fix the issues that are occurring when using the device.

Regarding stability, it's pretty much working in a stable way. I haven't had any issues regarding, let's say, speeds or connectivity or general day-to-day use, when users connected on the switches and accessing the internet, and so on. That said, sometimes with the devices, strange issues happen.

Regarding scalability, generally, it is simple, I would say, at least from my perspective. I wasn't the person that configured the devices, however. The reseller was. 

Before the Corona crisis, there were 250 users. Now we've got maybe 90 to 100 people.

We generally contact the reseller that sold us the device and also has a maintenance protocol. We have services on-demand when some issues arise and we need help.

The reseller was pretty good regarding ticket issues, management, or making modifications, even during the production time. They are really trusted people, and a trusted IT company, and they've expertly managed all the requirements that I've sent them or any other modification on the network that I wanted to have.

I've used Cyber and a Sophos UTM device. Juniper is, generally, more advanced. I haven't been able to get enough training to maintain the Juniper device.

The main reason we chose Juniper was the stability, and the number of concrete connections that users can make when, let's say, they going out to the internet, and accessing services over the internet. Also, regarding the network port-forwarding to internal servers, in services, the device that we had before was Cyberoam UTM, and it didn't quite handle the high load. I generally noticed that SRX can handle pretty high network loads when going in or out. It's proven itself to be stable in that regard.

The initial setup was generally handled by the reseller and they did the setup as described on the schematic and regarding core network configuration, high availability, security, firewalls, et cetera. It was, generally, out of the box when it was configured and set up from the ground up.

While the setup was planned in 2017, it was up and running in 2018. It took about six months or so.

We switched office buildings, the main office. The new office was built with this solution. Everything was migrated, including all the network devices, all the servers, all the ISP, internet connections, and so on. Everything was, generally, carefully planned when it was deployed.

Our reseller also handles the maintenance. Generally, that takes one or two people.

Our reseller partner handled the initial setup for the most part.

I can't speak to the licensing. It's not an aspect I handle directly. I can't say that there are extra costs involved beyond the licensing fee. 

We are currently using Juniper SRX, however, I was thinking about maybe changing the devices to FortiGate or a UTM device.

Lately I was thinking about simplifying. Maybe FortiGate might have something more user-friendly for the end-user or for the customer experience.

I'm just a customer and an end-user.

We are using the SRX Model 345. It's a physical device. It's not a virtual instance.

In general, I wouldn't recommend Juniper to, for example, a small business. I would maybe recommend it to a bigger company. We might have made a mistake taking Juniper. Maybe we should have used something more user-friendly.

I would recommend it to a company that has more than 250 people. Or maybe even over 300. For a smaller company, it's not financially, efficient in the long-term, in terms of subscriptions or maintenance costs and similar things. A company that uses high-grade enterprise equipment, should be really financially equipped to handle such things.

It's highly advanced, at least for me. I would really need some training to at least handle some basic things, or maintenance, or even Firmware upgrading or high availability configurations. It's too advanced for me. I would really need to have some kind of network specialist certificate to manage them.

I would be really worried about the warranty as a new user as well. You really need to keep the subscriptions up to date, or not to stop them. If you've stopped them, you also need to pay penalties for the years that the subscriptions weren't used. 

Regarding equipment, you really need to have them in twos, not one. You need to have high availability for all of them. The equipment tends to malfunction, specifically if there are any power issues inside the building, or if there isn't any generator or UPS underneath, and so on. The equipment really needs to be taken care of.

I'd rate the solution at an eight out of ten.

We leverage this as a firewall and for IT tech services. It's more of a firewall used in a router sorting device. I see major benefits from leveraging it like this.

This is a product on the customer side, not in our services. What I have identified so far is that, considering the complex deployment that the customer wanted to make, the scalability with the feature support that they already have, and its functionality provided, Juniper SRX was one of the better products available. It helped us to scale well with that product customer requirement because they wanted the IT side on a virtual router, with a firewall so it was integrated to work. Such a complex setup cannot be easily accomplished by just using a firewall. SRX actually helps us scale and integrate the product according to customer requirements. It also helped us with its routing capabilities which eased the cost, because otherwise I would have had to take a router and firewall, and then integrate it. With this, however, it was an integration of firewall and routing services all together in a single product. That was one thing that I loved about it.

IPS is something that I do not find valuable, but the other features are awesome. Firewall IP second router is good, but IPS needs to be worked upon.

IPS, or IDS services, need improvement. Their major problem is that you have to integrate it with MSN or web building services, you need to buy support for that and services but you cannot. The best thing that I see was a filtering service with custom categories that I can create. If I buy a license, I can integrate it with a different product, but their own web building services is poor. So they can improve web building services, as well as look for application awareness, and maybe, with IPS, they can have their own built-in services rather than integration with MSN for using IPS. There are three things that can be improved.

IPS is one that I would definitely want to be improved. I would also like SSL VPN to be integrated. Other than that, I guess it's doing a firewall, so I would say it's cool. Next in features, I would want that to be included, along with SSL VPN, if possible. Other than that for the product, I don't think there's a need for doing anything with this.

More than 7 or 8 years

It's cool. I would say it's one of the most stable services. Providing for redundancy is a bit challenging, but it actually is something that can be worked upon because they have a different concept of highway building, as opposed to general people doing stuff. I would say it is a good, stable product, except for the problematic part of it. If people are not aware of how to deal with it, it can be very cumbersome.

You can scale it well, but when you scale you need to take a product out to another one. On a scale level, it's a very good scalable product. It's a good firewall so if you pump it in high traffic, it will be able to adapt to it, unless and until you outgrow its throughput. Then you would either have to get a new model or maybe if you have to avert your firewall, you might have to upgrade it to a new version. So far it's a good product.

This was for a 1,000 user base.

You don't need extra staff to maintain the solution. Unless and until you have a problem of lags or circuit issues, I don't think you need extra staff. One SE should be fine with this product.

I think there will be future plans to increase usage and get more devices. We are also trying to leverage this into a cloud platform, so there would be some more usage.

The technical support or tech team is good. So far, when I worked with them, they have been able to resolve issues firmly. If they cannot do it, they connect you with someone you can work with, so they can just connect to the engineering team. Their data services is something which is really good.

However, their documentation is a bit more challenging. They have unsourced to work, like knowledge base articles and stuff, but they would need to work a bit more on the documentation to compare with Cisco documentation. That's something that they can improve on. They have good documentation. The documentations are clear, but there is not sufficient content available.

The initial setup was very simple. I would say it was the simplest one to date.

Deployment time depends on the solution. This was a very complex one, so it took us four weeks to get the most complexity out of it. I think taking a single deployment, it would not be more than a couple of hours. If you are already working with Juniper products, it would be a couple of hours. If you're not working with Juniper products, maybe a week, not more than a week.

I did the implementation myself, I don't normally take help but in scenarios where documentation is not available, I do go ahead and refer it out but this was simple. I don't think I needed the technical support staff, but I have worked with Juniper tech for certain scenarios in integrating this. It was tax-supported, non-profit services.

There was no additional licensing cost because there were no IPS services. It was just a firewall IP circuit router so they have the default licensing. We just need to renew the support yearly.

Our customer evaluated Palo Alto also. They liked it, and even integrated it, but the scalability requirements they had were an issue. They loved Palo Alto for the security services, but their requirement was routing and security in a single device. That's the reason they were not able to go with the Palo Alto services, but they chose Juniper.

If you're looking for a product that can give you routing as well as security services, and you're not looking for too much taxing on the security part, I guess this is a good product. If, however, you're looking for security services on a greater edge, maybe something like next-gen firewall features, referencing services, or IPS to a greater level, I would recommend going with other security products. If you want integration of both, you can use this, and maybe if you evaluate, or move forward with better services over a period of time and better models of that, maybe this is something that you can always look for both, routing as well as security services.

SRX is a security product that's not that good on security, but it's good at routing, so they actually balance out. I would rate them around six of ten. 

Cisco does one thing right. Cisco has AnyConnect so they can fully integrate SSL routing services. Previously Juniper used to have Pulse Secure and MAG devices. They sold it off to Pulse Secure, but maybe they could try to integrate SSL VPN with their products. Maybe that would help them increase market share.

I work with firewalls. We have a team to manage them. We also have services that are related to hosting and we provide solutions related, and we set up everything.

We manage their connections remotely.

Every firewall has different use cases. Juniper is zone-based and the architecture matters. It offers convenience for the users to have remote access and ensures a secure and safe authentication.

When compared to Palo Alto, Juniper is a better choice when it comes to the enterprise network and connectivity.

Juniper SRX is pretty fast to configure and make it work.

Once it is configured, it's fine, which is not the case with other firewalls.

Juniper is user-friendly. It works perfectly well.

Upgrades are available.

Juniper SRX has a roll-back feature which is very interesting. As no one is perfect and mistakes do happen, we can roll it back to the previous configuration.

This solution can handle a lot. It's manageable when you know the parameters, the features, and the number of policies of your firewall.

The user interface is something that Juniper needs to improve. 

We have used many models of Juniper SRX. Based on the scale and the environment of the customer, we choose what is best for them.

Most of what we use are between the SRX300 and SRX345. These are the most commonly used series.

Simple, mid-scale establishments can use these models.

It is more or less stable. I prefer it for its stability as a firewall.

We are not a large team, we have 20 members in our company.

It's a scalable solution.

The support could be somewhat improved with Juniper.

We have also had firewalls from Palo Alto as well as FortiGate. I prefer Palo Alto, comparatively, it is better.

We find that the technical support with FortiGate is very slow. We are not able to get the proper help in spite of having the AMC add-on.

It is not at all complex. It's easy. 

The initial setup is straightforward.

The maintenance requirements are based on the customer's agreement and whether it is to manage the firewall and maintain it.

It is best suited to an enterprise-level, as the mid-range companies may find that the cost is not affordable.

Previously, we had an implementation plan for a client. We verified the different types of firewalls and the support and how it works. We evaluated Cisco, Juniper, and FortiGate.

From the previous recommendation, we saw all of the technical aspects of the different firewalls. Based on that information, we were able to clarify and come to a conclusion and chose the firewall that was best suited to the client's needs.

Recently, because of the price, we have moved to Juniper.

Most of the AMCs are costly.

We choose our solution based on many reasons. One is the cost, which is the primary reason, and the second is the performance. Performance in this context includes how it loads, and how it handles. Based on these parameters, we choose the firewalls.

At this time, we are not using cloud-based features. It is something we anticipate in the future. We are not using Juniper cloud-based. When you have a setup at an architecture level, they will not have drastic changes until, or unless they are financially stable and they want a higher level of architecture to be implemented.

The change will not happen suddenly, even if you have an enterprise core application it won't be done in a different way. There will be a roadmap done. We also have the SSG firewalls.

There is a lot of work in the pipeline, it might take more time to change the firewalls that need upgrading.

When we use so many products, we have to follow the hierarchy. We don't commonly work in a UI environment.

I would recommend this solution to others who are interested in using it. It is good, and it is faster and easier to maintain. The price is not bad and when compared with Cisco, I find that Juniper is better. It's a good product for enterprise companies. 

We have a custom-built model that makes it very simple to migrate.

I would rate Juniper SRX an eight out of ten.

We are a solution provider and we work closely with our clients to identify their requirements, and then we suggest a solution. Once they accept it, we implement it. The Juniper SRX is one of the models that our clients have chosen.

It is primarily used as a firewall.

The most valuable feature is robustness.

The training videos that are available need to be improved, and made more educative. This will help users to become more familiar with the product.

I have been using Juniper SRX for the past four years.

We had suggested an HA-based environment, or architecture in the majority of places that we have implemented Juniper. In these cases, it has been very stable. There have been other products that we couldn't upgrade to the latest format, but Juniper could always be upgraded. It always worked and never crashed.

I am not very sure about scalability, but I believe that we were able to migrate a few of the lower models to the high-end models and it worked perfectly well. There was no problem.

They have technical support over the phone as well as the online ticketing system and that has worked out pretty well. They have been able to solve problems for us, although I do not know all of the details because we direct our clients to them. When our clients get in touch with customer support to resolve their issues, they share the information with us later.

I sell other products from vendors such as F5, and they have a good training facility online. Juniper is behind in terms of video training that they have available.

The initial setup is not very easy. We had faced problems in the GUI, so we had to switch back to the CLI to get things done. While using the GUI, it was pretty easy and we could accomplish things by just clicking. However, for some reason, there were errors and we had to complete it using the CLI. I have no idea why this was the case, but we finally achieved what we wanted.

Our team implements this product for our clients.

This is an expensive product. The buying power of companies in my region is such that perhaps 5% of them are pretty good. The majority of them are very bad in terms of buying power, so they look at the cost of these solutions and Juniper is not able to match the price.

There are several options that we offer for our clients. These include Pala Alto, Cisco, Dell, SonicWall, F5, and FireEye. Some of our clients choosing Juniper, whereas others choose a solution from another vendor. The majority of our clients choose Cisco or FireEye.

Most of the companies that we deal with have a committee that takes care of purchases. We sit with the committee and they iterate through the various benefits of the solutions, after which the purchase is finalized. We are not biassed toward any particular product. We explain everything to our clients, show them the prices, and they come back to say what product they have chosen.

In summary, this is a good product, although it is a little bit expensive and the training could be improved. Training is something that is very important, and we were not able to get much information. For example, we couldn't get the best-recommended practices, which is something that we look at when implementing solutions. We were able to get a few of them, although not all of them have been updated. Consequently, we have a shortage of information about Juniper. Nonetheless, customer support has been able to help us in a big way.

Overall, things have been a bit slow, but we have been able to catch up.

I would rate this solution a seven out of ten.

The Juniper SRX is our edge firewall.

We have three in total. Two of them are set up in an HA pair, and the other is standalone in another city.

This product has definitely not improved the way our organization functions.

I am familiar with Cisco products and when we purchased the Juniper units, they told us that if you know Cisco IOS then Juniper SRX is really easy. It isn't. It would be like saying that if you know English, then Chinese is really easy. The reality is that it's completely different. There's no commonality and the philosophies are different. Everything is different.

We purchased it for the basic firewall features but added UTM a little bit later.

The reliability needs to be improved. We purchased three devices and all three have been replaced under RMA. We've had other problems where they have needed to be rebooted.

A couple of times I've run into the problems where they have to integrate with other systems. The Juniper support really doesn't have a clue about other systems. They know Juniper and if everything is Juniper then it's great. However, we have Windows RADIUS Servers and I need Juniper-specific settings for them. Unfortunately, they're having a real hard time telling me what those should be, and they keep referring back to it being Microsoft, which they don't support. When they say that I need to speak with Microsoft, I remind them that these are things that are defined in the Juniper configurations that I need to set up. They seem to forget that not everybody is exclusively Juniper.

We bought three Juniper SRX345s about four years ago, and we are still using them today.

We have had glitches that necessitating rebooting the device. For example, a couple of times, they just stop routing on certain VLANs, and one time, it was our server VLANs, so our DNS was down and no one could get to anything. People thought that our internet connection down but actually, it was the DNS and the routing to it had been stopped.

We're a relatively small organization so we didn't scale it.

All of the people in the organization are protected by the devices.

I have used technical support quite a bit, and they are really good. I would rate them an eight out of ten. There is almost always room for improvement.

Prior to the Juniper SRX devices, we had some Cisco ASAs. They were reaching end-of-life so we had to replace them.

At the time we were shopping, Cisco was behind in their technologies. Had they kept up with the technology and provided a comparable device at a competitive price, we would have stayed with Cisco.

We hired a contractor to set up the units.

The IT manager and I, being the network admin, are the only ones who touch it. We try to keep the software updated on all of our devices.

My advice to anybody who is implementing this product is to make sure that they fully understand Junos OS. Over the past four years, I have become moderately proficient with Juniper SRX. There still a lot to learn but I also have contractors that I can get assistance from if needed. For example, currently, I'm trying to set up RADIUS and I'm having some problems with it.

In summary, I think that their design philosophy is really good, but the execution leaves a bit to be desired.

I would rate this solution a six out of ten.

We primarily use Juniper SRX for two functions: site-to-site VPN and VPN for Easy Connect. The VPN provides security for remote work. We also use it for a firewall.

One of Juniper SRX's most valuable features is the site-to-site VPN. 

I would like to have a better web UI for administration. Juniper could simplify the web UI and make it more compatible with mobile devices. In particular, I'm thinking about our remote offices, where we don't have dedicated IT personnel. Let's say someone from the office staff was working via smartphone. If the web UI were more compatible with mobile devices, the administration could manage IT support from a team that is not in their location. It would make it simpler for small companies to deploy these devices. I also think the documentation is lacking.

I've been using Juniper SRX for seven years.

In terms of stability, I would rate SRX nine out of 10. For performance, we're usually satisfied, so about eight of 10.

This model of SRX we use is not a scalable solution. It's near its maximum capacity for encryption, traffic, and features.

Juniper support was great. When we reported a critical issue, they responded with recommended fixes within four hours.

Regarding customer service, we prefer working with a company that lets us directly purchase their solutions worldwide using something like an internet store, so we don't have to go through partners or dealers. We currently deliver such solutions in many countries, and each country has its local vendor. 

Sometimes we can't rely on this delivery method because we haven't tried it yet in these countries, so it's not reliable to open new offices in foreign countries due to some restrictions, regulations, and price administration for networks. This is a problem. So it would be great if Juniper could deliver equipment that we purchase directly on some internet shop instead of using a local dealer or service center.

Deploying SRX was straightforward because our environment was ready for it. We used our own IT team and deployment took about two weeks. It was a normal step-by-step process. As for maintenance, SRX usually requires software updates and nothing more. We've installed it in a suitable environment in the server room, so it doesn't require a lot of additional maintenance.

I'm not sure we are satisfied fully with the pricetag of Juniper SRX, but we understand why the dealer prices it this way. Still, we are not satisfied when we try to get prices for competitor products. Sometimes, it can be tense like this.

When you consider performance, price, and features, maybe Juniper is not so cost-effective compared to other solutions like MikroTik. On the one hand, MikroTik might have better performance and much more features than Juniper. However, Juniper is more reliable and has different approval, certifications, and standard capability features. MikroTik does a lot of the same functions but doesn't have the same certifications. MikroTik is less expensive. The device price of MikroTik is $200 versus $6,000 with SRX. In the end, we chose SRX because it was on a list of solutions approved by our remote parties. One of our customers needed to have this type of VPN to work with our company.

I rate Juniper SRX eight out of 10. I recommend it. There are two vendors — Juniper and Cisco— that we recommend for the production environment of any kind of build.

We use the solution for protection and security. We primarily use the solution for an internal firewall.

If you require any particular rule that needs to be modified, any particular rule that needs to be fine-tuned, the solution will give you all the details regarding how to fine-tune the policy, including the destination, IP, et cetera. You can easily fine-tune whatever you need to in Juniper. It's easy to implement and meets our patience threshold. 

The dashboard is very helpful. It's extremely useful in terms of putting the necessary policies in place.

I handle the operation part. I'm just putting policies, et cetera, on Juniper. For tasks such as those, it is very easy and it is a comfortable, straightforward process.

The solution has proven to be quite stable.

Technical support has been quite helpful.

I've noticed that the management interface could use some updates and upgrades.

The dashboard can be updated. 

The reporting could be more robust and in-depth.

I've looked into the Check Point firewall a bit and I've found that its anti-spoofing is a good feature. Juniper should consider adding that as a feature.

I've only just begun to really use the product. I only have one year of experience so far. It's still new to me. Therefore, it's hard to make any notes on any features or improvements, as I'm still familiarizing myself with everything. I need time to compare it to other firewalls, and I have not gone through the process of doing that just yet. I need more time.

I've been dealing with the solution for about one year. It hasn't been that long. 

It is really stable. I've seen Juniper work well in my other companies as well. It is very good, in terms of stability. There are no bugs or glitches. It doesn't crash or freeze. The performance is reliable.

Overall, the scalability is very good. A company should have no trouble with scaling if it would like to do so.

We have about 2,000 users currently. They cover various roles in our organization. It's not just used by a specific team.

The technical support on offer is very good. Whenever I would have some issues, they have responded on time and they have really good knowledge of the product. We've been quite satisfied overall.

We use a variety of solutions, including Cisco and Check Point.

I did not handle the initial implementation. That was handled by someone else. Therefore, I can't really share any insights on the process. I do not know if it was easy or difficult, or how long it really took to deploy.

I do not handle the licensing arrangements. That's handled by management. Therefore, I can't speak to how much it costs the organization or how often we pay a licensing fee.

We're just a customer and an end-user.

In general, on a scale from one to ten, I'd rate this product at a nine. We've been quite satisfied with its capabilities so far. 

I'd recommend the solution, however, it really depends on what an organization needs. There are various factors, like pricing, for example, that should be taken into account when looking at solutions.