July 12, 2016
Score 3 out of 10
Overall Satisfaction with Juniper SRX
We have multiple clients that are utilizing Juniper SRXs that we administer, some of which are used for specific depts/uses some of which are for an entire Branch. The business problems that this addresses is perimeter security, allowing you to block traffic based off IP and port.
- These will route your traffic well and support most all major routing protocols.
- VPN Termination is straightforward compared to some competitors.
- The commit feature on the SRX puts it way ahead in the ability to roll back changes in case of an error/unplanned consequence.
- This is personal preference, but I strongly dislike the XML format that is displayed if you do not use the display set option.
- Commands to do some simple operations are much longer/more cumbersome compared to some of its main counterparts.
- The lack of application detection is a big knock on these, we ended up replacing the one in my office with a next-gen firewall to give us greater control.
- If you were using this for internal firewalling for traffic you "trust" this could provide a positive impact on your infrastructure.
- For a perimeter firewall I am not impressed with lack of a lot of current next gen technologies (at least on the models I have used).
- The return on investment can be very good in the right situation. The low cost vs competitors offers great ROI.
The SRX Stacks up well to the ASA and Sonic wall but I feel the features provided by FortiGate/Palo Alto and Checkpoint far exceed that of the competitors.
I think if you're using it internally, maybe for segregation in the datacenter, this could excel if you're not worrying about application filtering. The firewalling policies are little more cumbersome to configure but are more robust than a basic ACL.