Under the hood Junos is clearly the winner compared to ScreenOS, but i find the Web management UI(s) to be absolutely atrocious. A ScreenOS admin does 99% of all configuration on the WebUI. In Junos, maybe 50% are possible because the UI just sucks so bad:
- Firewall rules have no policy ID, sorting those rules is a guessing game. How am i supposed to build a reliable firewall ruleset based on such a foundation?
- The WebUI is awfully slow and the "commit" function only works reliably every other day. Besides, it is just incomplete and cluttered way worse than ScreenOS (which is no hero in this department either)
- Things that were quite simple in ScreenOS (DNAT, for example), take 10x the amount of commands in Junos, and then it doesn't even work as described in the manual. I want a change for the better, not the worse (and way more complex)
And before anybody jumps on the "nobody uses the WebUI to configure such a device" train, keep in mind: in ScreenOS, you DO use the WebUI, because you barely need the console. And it is 2014, not 1994. A decent, working Web UI for such a high end piece of hardware/software can't be treated like "addon" functionality, it has to be core functionality that just works. Like in ScreenOS, which had this since day one and it worked. And much of the competition also has way better WebUIs.
We will have to look for alternatives for ourselves and our customers in the future, because unfortunately Junos is not the solution but just a new problem. It is just not a good fit for an entry level firewall.