Sourcefire developed Snort, an open source intrusion prevention system capable of real-time traffic analysis and packet logging. Snort was acquired (and is now supported) by Cisco in 2013.
N/A
Juniper SRX
Score 9.0 out of 10
N/A
Juniper SRX is a firewall offering. It provides a variety of modular features, scaled for enterprise-level use, based on a 3-in-1 OS that enables routing, switching, and security in each product.
N/A
Pricing
Snort
Juniper SRX
Editions & Modules
No answers on this topic
No answers on this topic
Offerings
Pricing Offerings
Snort
Juniper SRX
Free Trial
No
No
Free/Freemium Version
No
No
Premium Consulting/Integration Services
No
No
Entry-level Setup Fee
No setup fee
No setup fee
Additional Details
—
—
More Pricing Information
Community Pulse
Snort
Juniper SRX
Features
Snort
Juniper SRX
Firewall
Comparison of Firewall features of Product A and Product B
Snort
-
Ratings
Juniper SRX
8.7
5 Ratings
1% above category average
Identification Technologies
00 Ratings
9.03 Ratings
Visualization Tools
00 Ratings
7.03 Ratings
Content Inspection
00 Ratings
8.04 Ratings
Policy-based Controls
00 Ratings
10.04 Ratings
Active Directory and LDAP
00 Ratings
8.03 Ratings
Firewall Management Console
00 Ratings
7.05 Ratings
Reporting and Logging
00 Ratings
8.05 Ratings
VPN
00 Ratings
10.04 Ratings
High Availability
00 Ratings
10.05 Ratings
Stateful Inspection
00 Ratings
10.04 Ratings
Proxy Server
00 Ratings
9.03 Ratings
Best Alternatives
Snort
Juniper SRX
Small Businesses
AlienVault USM
Score 6.6 out of 10
pfSense
Score 9.2 out of 10
Medium-sized Companies
CrowdStrike Falcon
Score 9.1 out of 10
Quantum Firewalls and Security Gateways
Score 9.3 out of 10
Enterprises
CrowdStrike Falcon
Score 9.1 out of 10
Palo Alto Networks Virtualized Next-Generation Firewalls - VM Series
If a colleague was looking to tighten down their network I can easily recommend Snort to them. It gives you some more peace of mind knowing that its always scanning traffic for malicious looking code. Even things your major firewalls and security hardware might miss, Snort has picked up. Its an easy recommendation for me.
SRXs seem to be well suited at the enterprise level for plain routers, firewalls, and IDP/IDS. They work well on MPLS and Ethernet, including Internet. I have 3 SRXs also performing edge duty, with 2 in a high availability (HA) cluster. The Juniper line of SRXs provides a good range of scaling from small business to extremely large enterprise. Wire speed is a common comparison factor and Juniper shines in that area.
My only real criticism of the product is that it's hard to figure out how to upgrade the firmware from the CLI via TFTP via the docs, but it works great once you get it sorted.
This is the one area where I have a beef with Juniper. When I called into Cisco TAC, 90% of the time, the first person I spoke with was able to resolve my issue. With Juniper TAC, 90% of the time, the first person I speak with is not able to resolve my issue, seems to almost be reading from a script, and must escalate my ticket. All of which takes time.
For our organization, the Cisco defense in depth concept works the best. While Cisco can be made to work with other vendors, we have found the best in depth protection by integrating Cisco products for maximum visibility. We had a Barracuda Web Filter, but it was difficult to maintain when you had limited scope on what you could block, so we created a whitelist only setup which required a lot of additional manpower. This wouldn't have covered new threats with DNS spoofing and the like. Sourcefire also integrated with our anti-malware platform (Cisco AMP) for even better visibility on what may be happening on the end users workstation. We are planning on adding in Cisco ISE to complete the approach and possibly stealthwatch to cover our bases in the future. The Palo Alto gear was interesting, but it was priced far out of our range.
Juniper SRX stands tall compared to all these products for Large Service Provider Networks, where traffic volume is larger. Also, cost comparison with SRX's few other products can also be another contributing factor while selecting this. As well as Juniper Routers, Switches, and multiple products from the same vendor to maintain one single vendor environment. As well as Juniper Support is also really good.
It is a workhorse for our field operations. It provides the last touch for an ISP to the customer. The customer has no view of the device, but with the repeatability of the device, they do not need to.
The ability to roll out a dynamic routing protocol attached to a security zone allows elasticity to the environment that supports growth.
VLAN support on the inside interfaces allow this to be the only device in some smaller deployments we install these in.