Please share with the community what you think needs improvement with Juniper SRX.
What are its weaknesses? What would you like to see changed in a future version?
When we first tested the serial interface on our model, it did not work. It should be easier to escalate support tickets.
The workplace management console needs improvement. It should be a little bit more developed. Also, the interface needs a bit more improvement. If the solution would have an intuitive interface would be much better because the work-based interface is not so perfectly developed and it's not ideal. It's not complete yet, and it makes it difficult for beginners and first-time users of this solution. As it is, for new users, it would make it very difficult for them to deploy this solution. Otherwise, the rest is fine. There's no other problem with it.
The throughput when using features can be improved. 100-gigabit interfaces should be added into the next release because we'd like to adopt them.
In terms of other features, I'd like to see a web filter, 10 point control, application control and DNA features in the next release.
The solution previously had a Clientless SSL VPN, but it has been removed and I would like access to it again. The GUI needs improvement. I can work fine with the command line (CLI), but new people would like a better user interface. I would like to see an SSH VPN in the next release.
IPS, or IDS services, need improvement. Their major problem is that you have to integrate it with MSN or web building services, you need to buy support for that and services but you cannot. The best thing that I see was a filtering service with custom categories that I can create. If I buy a license, I can integrate it with a different product, but their own web building services is poor. So they can improve web building services, as well as look for application awareness, and maybe, with IPS, they can have their own built-in services rather than integration with MSN for using IPS. There are three things that can be improved. IPS is one that I would definitely want to be improved. I would also like SSL VPN to be integrated. Other than that, I guess it's doing a firewall, so I would say it's cool. Next in features, I would want that to be included, along with SSL VPN, if possible. Other than that for the product, I don't think there's a need for doing anything with this.
The Juniper product has to improve in terms of innovation. It only has standard reports, such as memory capacity and data traffic. By comparison, the Check Point solution comes with great reports. Check Point tracks the logs, then analyses the logs and can tell you when you are under attack. Then, you can prevent it. With Juniper today, what you have in terms of log analysis is not so good. I think that they have another solution for this, but it is not embedded, and you have to purchase it separately.
In terms of improvement, it could use more on the security side. It's a good stable firewall, but it's nowhere near what it needs to be for a next-generation type firewall. They also need to improve their documentation. With Cisco, you can find lots of examples, but with Juniper, it is not always the case. One area that needs more focus is instruction on how to interoperate with other vendor's products. I would like to see documentation on running IPsec tables between Fortinet and Juniper or Cisco and Juniper because the information is not there. Their technical support also needs improvement, as they are lagging behind Cisco.
Improvements can be made to the GUI. The GUI can be improved by creating policies to handle IPS requirements. The configuration should be a one-step process. This would make it easier to complete the setup to register the time of operation.
The Juniper SRX product needs to improve in terms of innovation. E.g., Checkpoint comes with a monitoring solution embedded in its product, as well as providing good reports. Checkpoint also does analysis by tracking the logs and letting you know when you are under attack. What Juniper has today in comparison is not so good. Juniper only has limited reports, such as memory, capacity, data, and traffic.
We also use firewalls from FortiGate and Palo Alto and they're built with technology to make them next-generation firewalls. Juniper utilizes a router OS and includes enhancements to make it a firewall. But FortiGate and Palo Alto are full-on firewalls because they are built from scratch with features which are specific to firewalls. Juniper needs to enhance the solution so that it is more powerful. They need to update the administrative tools to create an easier admin experience. An average administrator would find it easier to configure if they could use https rather than the command line interface to do so. In addition, it would be more powerful if Juniper brought out a security product other than firewalls, like anti-spam, endpoint protection, etc. Customers who want to deploy security solutions are not just thinking about firewalls. They're thinking about security across their environment. If Juniper could give me a security solution, beyond the firewall, that integrates with the firewall, that would be helpful. Other products have built a security fabric. So if a customer already uses one of their solutions, like a firewall, they will be thinking about integrating with that vendor's other products. If there is more than just a firewall solution, they will use that same vendor's products throughout the security environment. A security fabric is more powerful than just blocking via network parameters. Juniper should have an end-to-end solution, from the endpoint to the network level. It would provide a more powerful security solution to the customer. Customers are looking for a holistic security solution.
The GUI needs to be easier and more helpful for users who don't have security experience. They need to add WAF management to the tool, as competitors already have it as part of their offerings. This feature is future of protecting enterprise solutions.
The device could be more user-friendly.
We are finding that the UTM features which is required (like an antivirus or URL filtering) are not available. We are now looking for the "Next Generation" of firewall protection. We need to be less vulnerable to attacks. In addition, we would really like to see an automated policy feature added.
* Correct the bugs in the current version. * Help customers more with its configuration so they can feel safer. We tried configuring the IDS for more than four months, but it did not work properly.
The CLI is verbose. You have to say a lot to do a little. I don't like that part of it. Cisco's command syntax seems to be a good bit more concise. When you're trying to get something done, you don't want to have to type a bunch. I wish there was a quicker way to configure through the CLI. I know all the tricks of hitting spacebar etc. to finish the command, and the context tricks of going further in. But it just reminds me of an older operating system, like VAX/VMS. It's just very verbose. Maybe this is where the Space Security Director product comes in, but we aren't quite using the Security Director in Space to its fullest yet.
I would like to see endpoint control and endpoint testing security. The GUI needs to be easier to handle.
I would like them to add a dashboard because it's difficult to operate. The product only has basic features.
Third-party support for Juniper is a lot less than Cisco. This is no surprise, but a definite consideration if you are expecting to use a lot of third party support. In my guesstimate, for every 100 Cisco shops, you will find one Juniper shop.
It could improve areas which need high performance.
It needs better interoperability with Cisco gear.