yes, cases below.  Also please note the one crash April 3 of SRX 650 was our configuration error afterall.

Hello,

Same conclusion for me !

Move to Fortinet and Sonicwall for firewall that need UTM features...

Bye

Hedi

Regarding the quote:

---

John_Burns wrote:

 

have a partner at work who also is an engineer, his only experience with Juniper prior to the SRX platform was netscreen ISG and SSG firewalls. He continues to complain about why he has to use the cli and he goes behind me and turns the GUI back on. I guess this is normal for a lot of firewall admins, bad people trained in the checkpoint / netscreen ways of doing things....  If you are hiding behind a GUI you are not proficient with the product, plain and simple. The GUI shields you from what is happening on the box, in some cases it even prevents you from understanding the true flow of traffic and how the devices logically process traffic and rules. 

 

---

First, I'm not sure Checkpoint/Netscreen-trained firewall admins are bad people ;-)

Secondly, I'm in the exact opposition situation as you: I'm a security manager trying to teach Juniper to Cisco poeple who live and die by the CLI. For the record, our IOS guys are not impressed with JunOS for a variety of reasons... Mostly due to extremely "long-winded" or verbose JunOS commands and general instabilities.

The bottom line with CLI vs GUI isthat  the two should compliment each other. It's not "one or the other." The two lived in perfect harmony in ScreenOS platforms. On Netscreens, I can easily look at a massive policy that's nicely color-coded in the GUI, or use the CLI for troubleshooting, searching for policy elements, etc. I used both on a regular basis.

I agree the J-web on SRX platorms is not up to par. However, I'm not going to manage dozens of firewalls individually via the CLI either. Again, I depend on the GUI (NSM) to help automate policy updates and foster object re-use. It's not a preference, but rather a requirement for efficiency within an organization that runs on very thin staffing levels.

Would have been nice to see this thread before throwing away $20K.  These SRX650's have been a nightmare to use.  And frankly whoever wrote most of the documentation needs to be beaten with a blunt stick. 

We've been at our migration to these SRX650's now for almost 3 months and I can say without a doubt that this has been one of the worst migrations I have ever done.  The sheer over complexity associated with doing things in Junos just bogles my mind.  8 commands to make a destination nat??  The logical flow behind how to do things is insane.  I've used other closed and open-souce products that are infinitely more simple and intuitive to setup. 

We still haven't started selling the SRX range to customers yet because of all the issues.

I'm very seriously thinking about ditching Juniper completely, the SRX range has been the most unreliable platform I have used in a long time.

I like the idea of running JunOS on branch devices but not when it is so unstable and feature limited compared to the SSGs.

Hi all,

I'm also very disappointed with SRX.

Does anybody has already ask to Juniper to replace the SRX with SSG because the SRX simply does NOT WORK properly.

I have implemented two cluster of SRX 240 (with ton of problems) and the customer ask me if it's possible to swap them with two clusters of SSG 140 (even if I loose IDP features).

Regards,

Hedi

I'd suggest to compile the screenos code for srx branch office devices,

and let you choose at boot time which os to run,

so you can wait until srx for branch is at the same level.

In my opinion this discussion needs to shift from referencing the SRX family as a whole to discussing specific builds of the JUNOS-ES software for it.  Saying that a you or a client had problems doesn't seem fair since even inside of this year there have been tremendous improvements between 10.0 and 10.2, for example.  If you're having problems with an SRX, and using old code, I'd strongly encourage upgrading to the most recent 10.2 and 10.3 code before drawing any conclusions for the near future.

mawr