Overall Satisfaction with Juniper SRX
We use the Juniper SRX series FWs as our edge firewalls, core FWs and VPN P2P peers. We use these in our dept, other dept and divisions make their own decisions on products and vendors to suit their specific needs. The SRX provides us the security we require at a price point much better than other options. Once the learning curve is leveled out, the easy of use for making changes or undoing changes is far greater than other manufactures methods. In a 24/7/365 environment, it's critical that changes be made in a timely manner with minimum errors, Junos provides a great way to validate the change and an automated rollback if any unintended outcomes occur.
- The Junos OS provides engineers the ability to review past changes and see who made the change which can be a huge advantage when troubleshooting issues that recently manifested themselves in a network. Not all issues pop up right away, so this is a great tool to see how the environment has changed in the recent past.
- Junos uses a 2 config process to make changes and put into operation, a operational config and a proposed config called a candidate config. This allows engineers making changes to see the entire proposed changes and confirm its accuracy prior to implementing.
- Configuration changes can be done in several different methods. Once you get comfortable with each, making quick changes can done easily and validated prior to committing to operation.
- There's not a lot about the SRX that I don't like but if I had to say, I'd say the remote access VPN and associated client app needs improvement and by using a 3rd party as the client app provider this made troubleshooting RA issues much more difficult. For this reason, we do not use the SRX for RA VPNs.
- Although I'm not a part of the budgeting process, I do know that by using Juniper SRXs, we were able to get the products we needed with much less issues and justifications as other product we've purchased in the past.
I love the Cisco ASA but I've become used to the SRX. I am a CLI kind of guy so the SRX works for me. Others may be more GUI based so the ASA may be more comfortable to you. If that's the case then the ASA's ASDM is a solid platform to manage your FW. Junos hasn't gotten this component working and will admit that, but if you're CLI driven, then the SRX is much easier to use and has a lot better context sensitive help in most situations.
The Juniper SRX is a great product for almost any deployment, the form factor, the price point, the power and ease of use make it an all purpose FW for any situation.