Juniper SRX vs. SonicWall NSA Series

SRXs seem to be well suited at the enterprise level for plain routers, firewalls, and IDP/IDS. They work well on MPLS and Ethernet, including Internet. I have 3 SRXs also performing edge duty, with 2 in a high availability (HA) cluster. The Juniper line of SRXs provides a good range of scaling from small business to extremely large enterprise. Wire speed is a common comparison factor and Juniper shines in that area.

Incentivized

This is a higher-end firewall, built for a medium to large business. It handles traffic and scanning and protection well but it would be a bit of a budget-buster and probably overkill for a small to (barely) medium sized business. SonicWall makes SoHo devices for those use cases and they would be more appropriate.

Incentivized

• Edge Device (Tunneling & Routing)
• Routing Instances
• Zone Based Firewall
• L3 Gateway/Vlan termination
• DHCP Server & DHCP Relay
• Good support community & Good available documentation
• Good support by the Vendor

Incentivized

• Relatively inexpensive compared to some of the higher-end products, like Palo Alto Networks.
• Easy to set up, as the SonicWall NSA interface is consistent across all models.

Incentivized

• My only real criticism of the product is that it's hard to figure out how to upgrade the firmware from the CLI via TFTP via the docs, but it works great once you get it sorted.

Incentivized

• Ideal with smaller businesses. Would have to examine for more complex needs of larger businesses.
• Scalability might be an issue for super large organizations.

There is room for improvement when it comes to learning the UI, but the UI is overall pretty good. It doesn't take long to learn if you are famaliar with firewalls.

Incentivized

This is the one area where I have a beef with Juniper. When I called into Cisco TAC, 90% of the time, the first person I spoke with was able to resolve my issue. With Juniper TAC, 90% of the time, the first person I speak with is not able to resolve my issue, seems to almost be reading from a script, and must escalate my ticket. All of which takes time.

Incentivized

Most of the time, calling SonicWall NSA Support, you get an expert who can help resolve your issues. RMAs are pretty easy once they determine there is an issue with the hardware. Support is available 24x7, which makes emergency calls easy. The only downside is the support engineers may have thick accents; however, their expertise more than makes up for any language barriers.

Incentivized

Juniper SRX stands tall compared to all these products for Large Service Provider Networks, where traffic volume is larger. Also, cost comparison with SRX's few other products can also be another contributing factor while selecting this. As well as Juniper Routers, Switches, and multiple products from the same vendor to maintain one single vendor environment. As well as Juniper Support is also really good.

We compared the FortiGate to Sonicwall and continued with Sonicwall as we were a mid-size school where the Sonicwall was performing adequately, and the learning curve was steep to switch platforms. The Sonicwall offered everything the FortiGate did, and was not as costly, both in the appliance and in licensing.

Incentivized

• It is a workhorse for our field operations. It provides the last touch for an ISP to the customer. The customer has no view of the device, but with the repeatability of the device, they do not need to.
• The ability to roll out a dynamic routing protocol attached to a security zone allows elasticity to the environment that supports growth.
• VLAN support on the inside interfaces allow this to be the only device in some smaller deployments we install these in.

Incentivized

• Was affordable, allowing for advanced routing and security.
• Enabled us to build VPNs without purchasing additional services
• Was simple enough to manage in house without external support.

Incentivized