We use SRX for 4 years, until now.
SRX is a very good router with a Firewall role above (as for now, we deploy SRX100 as CPE, and even some SRX240 with MPLS activated).
But when confronted to user experience, SRX is not as good as a Fortigate or a PaloAlto.
The geek will like the JUNOS-CLI approach of the SRX for configuring, but when you have 500+ rules, CLI is not that easy.
GUI on SRX ? Bitch please.
GUI with Junospace ? Nope. We tried to settle Junospace for managing a cluster of SRX1400 with 5 Ldom, and ... nope, just no way to configure that with the results we wanted (compare to Fortigate VDOM <=> Fortimanager ADOM)
Another hudge difference
- SRX3200 = max 32 LDOM
- PaloAlto 5060 = 250 VSYS
- Fortigate 1500D = 250 VDOM
- Fortigate 3700D = 500 VDOM
As a service provider, a mechanism for "virtualising" the firewall was mandatory. Goodbye Juniper, not adapted to service provider needs in 2015.
Another flaw in Juniper stack is the non multithreaded Junos (in version lower than 13 at least) : look at the MX performance in OSPF convergence and think that it runs on a very old FreeBSD (6) and it suddenly get clear.
Juniper will try to do the big jump between FreeBSD 6 and 10 on Junos 14/15. I will wait a looooooong time to migrate on those versions !