Educause Security Discussion mailing list archives

Re: juniper srx 3400/3600 vs. cisco asa 5580

From: Razi Ahmad <razi.ahmad () STERN NYU EDU>
Date: Wed, 19 May 2010 11:13:42 -0400

On 5/19/2010 10:57 AM, Michael Renne wrote:


I am looking for advice/likes and dislikes/comparisons/comments from
anyone with experience with either or both of these firewall models in
the areas of software/hardware support, ease of administration, code
complexity, available feature sets, expandability, or anything else
you feel is pertinent like any differences you see between juniper and
cisco regardless of the equipment. thanks for the input.

Michael Renne
Network Analyst
College of Liberal Arts
127 Sparks
phone: 865-5889
help desk: 865-3412

Hi Michael,

I don't know much about the ASA 5580 but I would advise you to stay away
from the SRX for the time being. We bought a pair of SRX3400s after
considering going with the Netscreen ISG1000 due to the considerable
performance improvements touted as well as the fact that the SRX3400
would have better 10gig support. However after implementing the SRXs, we
had immediate buyer's remorse. In our environment, the SRX's crashed a
couple of times after we put them into production. We ended up working
with Juniper (through the reseller that we used) to trade in the two
SRX3400s for a pair of ISG1000s. I believe that in the future, the
SRX3400 would be the way to go. However, at this time, given the
problems that we faced with buggy JunOS code, I wouldn't recommend going
with the SRX just yet.

In terms of managing the SRX, it has a nice web UI. However, I
personally found it easier to work through the CLI, even though I was
pretty new to JunOS at the time. In addition, although Juniper says that
their NSM software can provide centralized management for the SRX, I've
heard otherwise from other people. Long story short, if you are familiar
with JunOS, I think that you'd find managing the SRX to be fairly easy.

--
Razi Ahmad
Network Infrastructure and Security Team Lead
Enterprise Operations and Solutions, Information Technology
NYU Stern School of Business
212-998-0172
razi.ahmad () stern nyu edu

Attachment: razi_ahmad.vcf
Description:

Current thread:

juniper srx 3400/3600 vs. cisco asa 5580 Michael Renne (May 19)
- <Possible follow-ups>
- Re: juniper srx 3400/3600 vs. cisco asa 5580 Razi Ahmad (May 19)
- Re: juniper srx 3400/3600 vs. cisco asa 5580 Julian Y. Koh (May 19)
- Re: juniper srx 3400/3600 vs. cisco asa 5580 Mike Patterson (May 19)
- Re: juniper srx 3400/3600 vs. cisco asa 5580 Dexter Caldwell (May 19)