SRX

Juniper push out software upgrades that bring 'new' and/or 'improved' functionality, which is causing hardware to struggle. This has happened to my estate, which worked well under earlier versions even with things like ATP/AV/UTM enabled. (imagine that!). However, several recent performance issues and subsequent investigations have all failed to identify specific causes, and the response from Juniper has been: you need to upgrade your hardware. Why? (My requirements/needs haven't changed). What are my realistic alternatives with Juniper? Where are the new and competitively priced product lines? Couple this with the ridiculously priced (e.g. 4.5x cost for an SRX340 vs SRX380, come on, really!) and laborious license renewal process (it's hell on earth now), poor support responses, and with little to no effort at developing their offering (see Palo Alto and even Fortinet), I am seriously considering abandoning Juniper wholesale, even if that means paying a little more, I am fed up. I've given them 8 years, but it may now be time to move on. 

What are your thoughts and experiences?

-------------------------------------------

I apologize if I could not answer better on the last post. I have found that when you use a juniper srx that the support for L3 is great. This makes me think that unless you are a fairly large company or the likes, that putting too much L2 may give issues. Although I don't own a company as of yet, my connection does wonders. So if anyone has issues with the srx series it is best to get the best L3 devices available. I don't own any juniper switches yet but im a firm believer in IBM compatible hardware. Putting your engineering AREA behind the quote, unquote media bridge must be done. So i think that juniper switches will not do as well here and at the gateway. My media bridge does redundancy. You had better choose a place from one end of the building and spread to the other end. As of now I have one juniper gateway that is internal only(not global zone). It's transparent. And that's great seeing as how most isps want you that way. Hint, hint.

------------------------------
Adrian Aguinaga
B.S.C.M. I.T.T. Tech
(Construction Management)
A.A.S. I.T.T. Tech
(Drafting & Design)
------------------------------

Original Message:
Sent: 10-08-2025 06:26
From: EMTSU
Subject: Is anyone else growing increasingly frustrated with their SRX (and Juniper)?

Juniper push out software upgrades that bring 'new' and/or 'improved' functionality, which is causing hardware to struggle. This has happened to my estate, which worked well under earlier versions even with things like ATP/AV/UTM enabled. (imagine that!). However, several recent performance issues and subsequent investigations have all failed to identify specific causes, and the response from Juniper has been: you need to upgrade your hardware. Why? (My requirements/needs haven't changed). What are my realistic alternatives with Juniper? Where are the new and competitively priced product lines? Couple this with the ridiculously priced (e.g. 4.5x cost for an SRX340 vs SRX380, come on, really!) and laborious license renewal process (it's hell on earth now), poor support responses, and with little to no effort at developing their offering (see Palo Alto and even Fortinet), I am seriously considering abandoning Juniper wholesale, even if that means paying a little more, I am fed up. I've given them 8 years, but it may now be time to move on. 

What are your thoughts and experiences?

-------------------------------------------

You know ... sigh ... Where to begin ...

Because of JunOS, the SRX is still second to none whenever you have any weird routing requirements in addition to the usual security stuff.

I try to imagine what the development process is like. You have to cater to the buzz words so you don't fall behind the competition. You have to cater to the big clients with the big bucks who won't sweat the hardware upgrade that much. Perhaps you have a tendency to develop for the hardware of today. In the end, folks in your position become collateral. This reminds of the oopsie with JunOS 15.1 for the EX2200 (while it was still supported). Turned out the EX2200 didn't have enough memory to support all the features it was supposed to support, so they ended up extending and patching 12.3, specifically for that model, way past the normal EOL for a JunOS version. And who wants to deal with backporting stuff for years and years ...

I haven't had to deal with JTAC much at all beyond the occasional RMA, but I do read all the SRX KB articles they release. And oh boy, do they have some embarrassing gems. Try as they might, the focus still seems to be on quantity over quality. I think there are some great engineers at Juniper, hiding somewhere in the org structure, appearing only upon uttering a very specific magical incantation not known by mere mortals.

I agree, the pricing is not great. I'm not a fan of the whole business model -- there are so many hands waiting for their cut: the reseller wants a piece, the distributor wants a piece, the whole sales org within Juniper wants a piece, the shareholders want a piece. Oh, and I suppose the actual hardware also costs a little bit, almost forgot that part. Personally I don't see the value in involving so many people in the day-to-day sale of a piece of equipment, it only slows things down.

But there are gremlins everywhere. Palo Alto -- super expensive, Fortinet -- couldn't do half the routing stuff JunOS can. There are other options out there, but they all have their own gremlins, just waiting for you to do a complete vendor switch before they jump out and make an appearance.

Lastly, you can no longer abandon Juniper. You can only abandon HPE, because as we all know, mergers and acquisitions make eeeeeverything better ... 

------------------------------
Nikolay Semov
------------------------------

Original Message:
Sent: 10-08-2025 06:26
From: EMTSU
Subject: Is anyone else growing increasingly frustrated with their SRX (and Juniper)?

Juniper push out software upgrades that bring 'new' and/or 'improved' functionality, which is causing hardware to struggle. This has happened to my estate, which worked well under earlier versions even with things like ATP/AV/UTM enabled. (imagine that!). However, several recent performance issues and subsequent investigations have all failed to identify specific causes, and the response from Juniper has been: you need to upgrade your hardware. Why? (My requirements/needs haven't changed). What are my realistic alternatives with Juniper? Where are the new and competitively priced product lines? Couple this with the ridiculously priced (e.g. 4.5x cost for an SRX340 vs SRX380, come on, really!) and laborious license renewal process (it's hell on earth now), poor support responses, and with little to no effort at developing their offering (see Palo Alto and even Fortinet), I am seriously considering abandoning Juniper wholesale, even if that means paying a little more, I am fed up. I've given them 8 years, but it may now be time to move on. 

What are your thoughts and experiences?

-------------------------------------------