Educause Security Discussion mailing list archives

Re: juniper srx 3400/3600 vs. cisco asa 5580

From: Dexter Caldwell <Dexter.Caldwell () FURMAN EDU>
Date: Wed, 19 May 2010 14:23:56 -0400

I haven't managed any Srx Series Junipers or 5580 ASAs, however, we do
have ISG Series (1000-Advanced, 2000-Advanced) Juniper firewalls and few
ASA 5540s.  

I like the Junipers better for managing a lot of polices, and
performance-wise they're basically asleep (asic-based).  , but the ASAs
are solid too.   Cisco ASDM (management software) can be daunting, but a
good effort for Cisco's usual web interface reputation. The occasional
firmware update from Juniper can be problematic if you don't read the
release notes prior to see if anything affects your environment.   Support
is also pretty accessible and pretty good with Juniper.  On firmware, I
seldom have anything other than a good experience, because I usually call
engineering and ask which version is really the best from a support
standpoint - despite the recommended version posted on the web, among
other typical homework items.     ASAs to me can be a little trickier to
figure out but I like them.  More importantly I'm not so much on dealing
with TAC (Cisco support).   It's generally a pain anytime I have to do it-
 The silly website areas, the levels of beauracy,  Licensing issues with
resellers and CCO account and licensing issues.  It's just generally a
pain.  I really like Cisco equipment, but no love affair with support. 
That said when you get to an engineer they can usually help you.  If 
you're used to Cisco already, then this point will likely be moot for you.
 

Keep in mind, I can only comment on the Juniper ISG platform which is
running ScreenOS, not the SRX models.  I think the ASA platform is pretty
nice, but it's probably less intuitive/more complicated to pick up.  If
you are familiar with Cisco products you might prefer it somewhat.

D/C
The EDUCAUSE Security Constituent Group Listserv
<SECURITY () LISTSERV EDUCAUSE EDU> writes:


I am looking for advice/likes and dislikes/comparisons/comments from
anyone with experience with either or both of these firewall models in
the areas of software/hardware support, ease of administration, code
complexity, available feature sets, expandability, or anything else you
feel is pertinent like any differences you see between juniper and cisco
regardless of the equipment. thanks for the input. 

Michael Renne
Network Analyst
College of Liberal Arts
127 Sparks
phone: 865-5889
help desk: 865-3412

Current thread:

juniper srx 3400/3600 vs. cisco asa 5580 Michael Renne (May 19)
- <Possible follow-ups>
- Re: juniper srx 3400/3600 vs. cisco asa 5580 Razi Ahmad (May 19)
- Re: juniper srx 3400/3600 vs. cisco asa 5580 Julian Y. Koh (May 19)
- Re: juniper srx 3400/3600 vs. cisco asa 5580 Mike Patterson (May 19)
- Re: juniper srx 3400/3600 vs. cisco asa 5580 Dexter Caldwell (May 19)