Juniper SRX Series Firewall Reviews

Juniper SRX is used for NCLS networks as well as fiber to the home.

We are a reseller of Juniper.

Juniper SRX has helped in the financial success of our organization.

The most powerful feature in Juniper SRX is definitely NCLS.

Aside from the updates, I am satisfied with everything this solution has to offer.

I'm satisfied with its routing, firewalling, and web filtering.

Juniper's product updates are extremely slow, and competitors are rapidly keeping up. It slowly updates the model.

Juniper SRX lacks email protection, for example. it is not malware-protected. In the case of malware, you are purchasing a software package from vendors through Juniper. They do not sell their own products. 

It lacks the Sandbox as well as the CM. The CM is available from Juniper, but it is manufactured by IBM rather than Juniper, despite its name.

I have been using Juniper SRX since 2012, or 2013. This solution is still being used today.

We are working with the most recent up-to-date version.

The stability of Juniper SRX is perfect.

The scalability is amazing.

We have approximately 1,000 users in our organization.

Our usage is moderate.

Technical support is a little worse than Cisco but better than everybody else.

Previously, we worked with several solutions. We switched to Juniper SRX because of the pricing, scalability, and performance.

The initial setup is straightforward. It's very easy.

The time it takes to deploy is determined by the one you choose. It can take a week or less.

I wouldn't be able to tell the amount of staff that is required to update the solution because I am not involved in the process myself.

I am a third-party integrator.

Yes, we have seen a return on investment.

Make sure you have qualified personnel, because qualified personnel may not be as readily available in your country as Cisco professionals, for example.

I would rate Juniper SRX a nine out of ten.

Our main use case for Juniper SRX is for gateway level protection for all internet users and UTM and to control the user when accessing websites, applications and non-relevant sites.

Our main purpose for using the Juniper security solution is because we are also using Cisco routers, switches etc.. and we wanted unity in the OEM products so that we can maintain all the products in NMS.

The features that I have found valuable are the ones for the main purpose we are using Juniper - its firewall to protect our network for our internet access.

In terms of what could be improved, J-Web, Juniper Web, is sometimes not working great when users are increasing their internet use. Additionally, they need to improve the GUI, graphical user interface, and the firewall management needs to improve. Their CLI is good, but sometimes the GUI is very slow.

Also, the UTM, Unified Threat Management, feature needs to be improved.

We have been using Juniper SRX since January 2018.

Juniper SRX is stable. Stability is okay.

Juniper SRX has scalability. Its current site has 1500 users and we can upgrade to 2 K users.

Right now, we have around 500 - 600 total users, but I think some sections are still under deployment, so all the users are around the 1700 - 1800 range.

We connected with tech support seven or eight months ago. We got good support and a good response.

The initial setup is complex. It takes one week's time for deployment because we are also integrated with Active Directory and Radius Contactless.

We did it with our own team.

Before choosing Juniper, we compared it with two other solutions, but they were banned because they were Chinese products.

I suppose Juniper is a good solution for the railway and metro environment. These projects are very handy and work in the relevant environmental condition, because in this environment we have different climatic conditions. Suppose we require -5 to 55, -5 to 85 compression, some EMCMI specifications, such as EN501214 - Juniper is a good solution in the railway and metro environment, anywhere worldwide and domestic. It is relevant anywhere.

On a scale of one to ten, I would give Juniper SRX an eight.

We use Juniper for EEE routing and we also use the gateway feature.

The most valuable features are routing and policy security.

The EEE security controls allow us to make policy restrictions, so I can customize port numbers to allow or limit control.

The Juniper SRX protects against DDoS attacks. 

When we first tested the serial interface on our model, it did not work.

It should be easier to escalate support tickets.

We have been working with Juniper SRX for eight or nine years.

We sized this solution based on our bandwidth, so scalability has not been a problem.

The support that we receive from the partner is good. They are available if you are looking for a replacement or an upgrade, and they worked with me when it came to sizing the router according to our bandwidth.

They were also able to find a workaround to the problem that we were having with the serial interface not working on our SRX550-M.

The only issue with technical support is that it depends on the escalation.

We also have a small number of Cisco routers but we rely primarily on Juniper. The Cisco products are more expensive.

The initial setup is straightforward.

Overall, this is a really good product.

I would rate this solution an eight out of ten.

I like the routing and firewall features.

The workplace management console needs improvement. It should be a little bit more developed. Also, the interface needs a bit more improvement.

If the solution would have an intuitive interface would be much better because the work-based interface is not so perfectly developed and it's not ideal. It's not complete yet, and it makes it difficult for beginners and first-time users of this solution. As it is, for new users, it would make it very difficult for them to deploy this solution. Otherwise, the rest is fine. There's no other problem with it.

In terms of stability, everything was okay except for one situation which happened about three years ago. There was an upgrade which was released. Once we got the upgrade on the software, it would crash and it wouldn't work as it had before, so we had to downgrade to the previous version. Once we started using that there was no problem.

Due to sanctions, we haven't used the technical support of the original company so the maintenance and everything is done by us.

We were using a different solution, a Microsoft solution. We were looking for a more affordable solution which would suit our needs.

The initial setup was difficult the first time. It was a little bit complicated, but after it was done, we've been using it just fine and there's no problem with the use. It was the first time we were using a firewall, the initial setup procedure took about one month to define all the zones. 

We extend the license yearly and the prices, because of the sanctions, are expensive and costs much more compared to other solutions. It's pricey compared to other locations where there are representatives and you can buy directly from them.

At the moment the solution satisfies our needs. There are no extra features that we need at the moment.

I would rate this solution 8.5 out of 10 because it seems to satisfy our needs. Everything seems good and works fine.

We use Juniper SRX to do LAN routing. FortiGate uses it for public SMS, and we're using Juniper for internal LAN segmentation. We're routing between different international sites in Morocco, France, and Tunisia.

We're primarily using Juniper's EPA feature, but not the other things. We use it to manage different points of firewalling of routing.

Junos Space should be improved to be on par with FortiGate's solution for managing firewalls and routing. 

We've been using Juniper SRX for 10 years. 

Juniper SRX is stable. 

Juniper SRX lacks scalability. Juniper uses a switch car with different switches. We have some difficulties managing this kind of equipment and implementing some features, like Mac lock and Mac limiting solutions. It's difficult to get good support about this from Juniper. We have about 10,000 users across all routers and switches. I can say the same for FortiGate. We're currently using it extensively for all traffic, and we plan to expand usage.  

Juniper support is okay, but maybe they could improve their support for the gates or when the gates are returned. It takes a lot of time to get a return about the subgate.

It's easier to deploy FortiGate, so maybe we will replace some of our Juniper firewalls with FortiGate in the future. We would still use Juniper for routers and switches but use FortiGate for firewalls. 

It's easier to manage EDA TPS on FortiGate, so maybe we will replace Juniper if they can't provide us with a good solution for this in the future. Maybe in a few months, we will replace some Juniper appliances with FortiGate in some projects.

Setting up Juniper SRX is a little difficult. 

Juniper is annually licensed. There are some additional costs for APS. 

I rate Juniper SRX seven out of 10. 

We use the solution for protection and security. We primarily use the solution for an internal firewall.

If you require any particular rule that needs to be modified, any particular rule that needs to be fine-tuned, the solution will give you all the details regarding how to fine-tune the policy, including the destination, IP, et cetera. You can easily fine-tune whatever you need to in Juniper. It's easy to implement and meets our patience threshold. 

The dashboard is very helpful. It's extremely useful in terms of putting the necessary policies in place.

I handle the operation part. I'm just putting policies, et cetera, on Juniper. For tasks such as those, it is very easy and it is a comfortable, straightforward process.

The solution has proven to be quite stable.

Technical support has been quite helpful.

I've noticed that the management interface could use some updates and upgrades.

The dashboard can be updated. 

The reporting could be more robust and in-depth.

I've looked into the Check Point firewall a bit and I've found that its anti-spoofing is a good feature. Juniper should consider adding that as a feature.

I've only just begun to really use the product. I only have one year of experience so far. It's still new to me. Therefore, it's hard to make any notes on any features or improvements, as I'm still familiarizing myself with everything. I need time to compare it to other firewalls, and I have not gone through the process of doing that just yet. I need more time.

I've been dealing with the solution for about one year. It hasn't been that long. 

It is really stable. I've seen Juniper work well in my other companies as well. It is very good, in terms of stability. There are no bugs or glitches. It doesn't crash or freeze. The performance is reliable.

Overall, the scalability is very good. A company should have no trouble with scaling if it would like to do so.

We have about 2,000 users currently. They cover various roles in our organization. It's not just used by a specific team.

The technical support on offer is very good. Whenever I would have some issues, they have responded on time and they have really good knowledge of the product. We've been quite satisfied overall.

We use a variety of solutions, including Cisco and Check Point.

I did not handle the initial implementation. That was handled by someone else. Therefore, I can't really share any insights on the process. I do not know if it was easy or difficult, or how long it really took to deploy.

I do not handle the licensing arrangements. That's handled by management. Therefore, I can't speak to how much it costs the organization or how often we pay a licensing fee.

We're just a customer and an end-user.

In general, on a scale from one to ten, I'd rate this product at a nine. We've been quite satisfied with its capabilities so far. 

I'd recommend the solution, however, it really depends on what an organization needs. There are various factors, like pricing, for example, that should be taken into account when looking at solutions.

During our last network refresh, we did a wholesale forklift upgrade from Cisco to an entire Juniper network infrastructure, including Juniper SRX router/firewall/IDP, EX Series switches, and QFX Series core switches. The entire process took over two years to complete, but once it was completed, we were extremely happy with the Juniper equipment in terms of costs, performance, maintenance, and the ability to function as we needed.

• Once our engineers got their heads wrapped around the nuances of Juniper's CLI (took them about six months) with training (mostly free) and were able to get settled into Junos OS, we never looked back.
• SRX firewalls/IDP functions require similar technical knowledge level as Cisco ASA and are function on par with them. I recommend investing in Juniper Space if you have a significant amount of Juniper equipment to manage. We have three of the larger SRX550s, with one cluster configuration, for edge security devices (firewall/IDPs). We are very happy with them. 
• Not specifically in SRX category, but the 40Gb/10Gb interfaces in the QFX gear are truly wired for speed on all available ports. The virtual EX switch chassis configuration, where up to 10 switching devices can be managed as a single network device, is a solid configuration for us. We use it in three locations and have zero issues with it.

• I am really hesitate to repeat the Juniper sales line of "One Juniper", simply because within different devices, there are differences in the CLI commands used. This has been due to functional and hardware differences. For the vast majority of the Juniper CLI commands, if you learn them for the SRX, they are the same for the EX and QFX series switches. There is little to no differences between the Junos OS versions
• The "candidate configuration" and rollback features are real life savers. They are different from what Cisco does. At a Cisco CLI, when you hit enter, the command is live. Using a Juniper CLI, you configure a "candidate configuration", then "commit" it to bring it live. If you do not like it or messed up something, you just "rollback" to the previous configuration. It can all be done in a matter of minutes. This is super handy once you get use to it.
• Juniper has the "recovery safety feature", so if you perform a "commit confirmed" and the new configuration disconnects you. then there is no "confirmed" command with X mins (default = 10 mins). It automatically reverts (recovers) to the previous configuration. This is handy for when you do not want to make that trip down range just to reboot a router.
  

Third-party support for Juniper is a lot less than Cisco. This is no surprise, but a definite consideration if you are expecting to use a lot of third party support. In my guesstimate, for every 100 Cisco shops, you will find one Juniper shop.

JTAC (Juniper Networks Technical Assistance Center) is just okay for technical assistance.  However, if you are used to Cisco TAC responsiveness, you will need to adjust your expectations with Juniper Networks TAC.

I could normally fix my issue with Cisco on the first or second call, speaking with the first Cisco TAC engineer (Tier 1) that I spoke with. Juniper Networks TAC is just as good, but in my experience, it takes about two to three times longer to get the same results. It is not unusual to require escalation before the issue is resolved. Juniper simply does not have the depth and number of Juniper experts as Cisco. 

We were able to lower our overall operating costs over a three year period by 25%, mostly recovered from maintenance/support costs.

The primary use case is a combination of a firewall, router, and VPN termination device.

It allows us to do remote configuration changes, and if there is a problem, not losing connectivity to the device.

I really like the Juniper operating system. It is more of a UNIX based system, more than Cisco, and I really like it. There is a lot of flexibility in how you can commit, check, and back out of a configuration.

In terms of improvement, it could use more on the security side. It's a good stable firewall, but it's nowhere near what it needs to be for a next-generation type firewall. 

They also need to improve their documentation. With Cisco, you can find lots of examples, but with Juniper, it is not always the case. One area that needs more focus is instruction on how to interoperate with other vendor's products. I would like to see documentation on running IPsec tables between Fortinet and Juniper or Cisco and Juniper because the information is not there.

Their technical support also needs improvement, as they are lagging behind Cisco.

This is a very, very stable solution. Again, their operating system is outstanding. Really, this is what differentiates it.

In terms of scalability, it clusters nicely so you can put it into a stacked mode. The size that it is meant to serve, it does very well. It is not meant as a large enterprise-type firewall. Rather, it is meant for a small to medium sized customer.

We currently have about seventy-five users, and we don't plan to increase that number at this time.

I would say that their technical support is ok, but it needs improvement. This is an area where they are not as good as Cisco.

We migrated to this solution from a Cisco ASA (Adaptive Security Appliance).

Transitioning from the Cisco ASA that we had running took about two hours of planning and another two hours of execution time.

In terms of the maintenance, myself and one other person take care of everything. We take on small contracts all over the place.

I handled the implementation for this solution myself.

The pricing is perhaps half to around forty percent of Cisco. 

Juniper is my favorite and I had used it so much that we did not evaluate any other products.

This solution is really nice to use. It's very similar in terms of capabilities to a Cisco, but it's just that the operating system is so much nicer to use.

I would say that you need some time to get comfortable with the operating system if you've never used it before, but don't let that scare you. Buy it and put it on your desk for a week, then play with it. If you've got a live environment or if you've got some type of simulation you can set it up in, it won't take long and you can feel comfortable using it.  

I would rate this product an eight and a half out of ten.