Re: Juniper SRX Firewall

[Julian Y Koh <kohster () NORTHWESTERN EDU>]

On Fri Aug 15 2014 12:58:29 CDT, Ying Zhang <yingzh () UNB CA> wrote: 
> We are currently using a pair of Juniper NetScreen 5400 and are thinking about a replacement. I’ve seen a lot of 
> positive feedbacks on the PaloAlto firewall on the list. But it also comes with a big price tag. Comparatively 
> Juniper SRX is much affordable. Just wondering if anyone out there used or are still using SRX, and how do you like 
> it? Especially for those who used both, how do you compare them? Any feedback is appreciated.

We use SRX’s for our data center firewalls as well as for many of our little departmental-level firewalls (also have a 
bunch of ScreenOS devices left in that role as well).  We have a Palo Alto 5060 cluster at our border that we are using 
primarily as an IPS, not a firewall. 

The SRX line has been quite solid for us as a pure traditional firewall platform.  The PA brings in all of the “next 
generation firewall” buzzword features that are very interesting in terms of application level filtering and the like.  
We’ve had some stability issues on the PA platform, but we are working through those and generally have been gaining 
some confidence in it.  There has been a definite new benefit/feature that we’ve been using heavily for URL filtering 
to help reduce our exposure to phishing messages.  We’ve also moved some of the filters that we previously had at our 
border router to the PA as well.  

So in short, it’s hard to make a direct comparison in our case since our use cases for the platforms are different, but 
both are working well for us at the moment.  


-- 
Julian Y. Koh
Acting Associate Director, Telecommunications and Network Services
Northwestern University Information Technology (NUIT)

2001 Sheridan Road #G-166
Evanston, IL 60208
847-467-5780
NUIT Web Site: <http://www.it.northwestern.edu/>
PGP Public Key:<http://bt.ittns.northwestern.edu/julian/pgppubkey.html>