Item: Juniper SRX
Rating: 10
Author: Verified User

Use Cases and Deployment Scope

in 2014, our organization did a wholesale forklift of our older network equipment and replaced ALL of it with Juniper gear. We use SRX routers/firewalls/IDP and EX & QFX switches. The smaller SRX-220s are in our 17 branch locations with larger SRX-550s in our 3 data center locations. They are all tied together across a telco's MPLS circuitry and also connected to the Internet to 3rd party partners. Juniper network equipment comprises our entire infrastructure - it has proven to be very reliable and effective, plus has a great ROI, especially when compared to the top networking equipment companies.

Pros and Cons

One JUNOS is the Juniper mantra, including for the SRXs. While not entirely true, it comes close enough that if you learn some SRX configuration tricks, they will likely work across all of your SRXs.
Out of the box, with no additional license required, you have a NextGen firewall, by default. You can turn off the firewall and have just a plain ole router.

Technical support is often lacking. By that, I mean that Tier 1 support frequently has to escalate to the next group. I find that most of my support calls don't get resolved until I hit about Tier 3. Plus it takes minimum of 3 days with medium priority issues.
Automation is very flexible, but because there are so many options, it would great to have a road map to perform the most frequent automation tasks.

Return on Investment

Annual capital savings on infrastructure equipment about $500,000.
Data Center switches function (and are managed) as a single virtual chassis, reducing maintenance and troubleshooting time.

Alternatives Considered

Cisco Catalyst 3560-CX Series Switches

Equipment prices ran about the same. Performance and management were also more or less equal. The biggest deciding factors for going with Juniper were (1) fewer security incidents related to SRX firewalls and (2) technical support costs were significantly less.

Support Rating

This is the one area where I have a beef with Juniper. When I called into Cisco TAC, 90% of the time, the first person I spoke with was able to resolve my issue. With Juniper TAC, 90% of the time, the first person I speak with is not able to resolve my issue, seems to almost be reading from a script, and must escalate my ticket. All of which takes time.

Key Insights

Do you think Juniper SRX delivers good value for the price?

Yes

Are you happy with Juniper SRX's feature set?

Yes

Did Juniper SRX live up to sales and marketing promises?

Yes

Did implementation of Juniper SRX go as expected?

Yes

Would you buy Juniper SRX again?

Yes

Other Software Used

Juniper QFX Series, Juniper EX Series Ethernet Switches, VMware ESXi, VMware Carbon Black Cloud Endpoint Standard (formerly Cb Defense)

Likelihood to Recommend

SRXs seem to be well suited at the enterprise level for plain routers, firewalls, and IDP/IDS. They work well on MPLS and Ethernet, including Internet. I have 3 SRXs also performing edge duty, with 2 in a high availability (HA) cluster. The Juniper line of SRXs provides a good range of scaling from small business to extremely large enterprise. Wire speed is a common comparison factor and Juniper shines in that area.

Juniper SRXs are the shizzle!!!

Overall Satisfaction with Juniper SRX