Snort vs. Juniper SRX

Overview
ProductRatingMost Used ByProduct SummaryStarting Price
Snort
Score 8.4 out of 10
N/A
Sourcefire developed Snort, an open source intrusion prevention system capable of real-time traffic analysis and packet logging. Snort was acquired (and is now supported) by Cisco in 2013.N/A
Juniper SRX
Score 9.0 out of 10
N/A
Juniper SRX is a firewall offering. It provides a variety of modular features, scaled for enterprise-level use, based on a 3-in-1 OS that enables routing, switching, and security in each product.N/A
Pricing
SnortJuniper SRX
Editions & Modules
No answers on this topic
No answers on this topic
Offerings
Pricing Offerings
SnortJuniper SRX
Free Trial
NoNo
Free/Freemium Version
NoNo
Premium Consulting/Integration Services
NoNo
Entry-level Setup FeeNo setup feeNo setup fee
Additional Details
More Pricing Information
Community Pulse
SnortJuniper SRX
Features
SnortJuniper SRX
Firewall
Comparison of Firewall features of Product A and Product B
Snort
-
Ratings
Juniper SRX
8.7
Ratings
1% above category average
Identification Technologies00 Ratings9.00 Ratings
Visualization Tools00 Ratings7.00 Ratings
Content Inspection00 Ratings8.00 Ratings
Policy-based Controls00 Ratings10.00 Ratings
Active Directory and LDAP00 Ratings8.00 Ratings
Firewall Management Console00 Ratings7.00 Ratings
Reporting and Logging00 Ratings8.00 Ratings
VPN00 Ratings10.00 Ratings
High Availability00 Ratings10.00 Ratings
Stateful Inspection00 Ratings10.00 Ratings
Proxy Server00 Ratings9.00 Ratings
Best Alternatives
SnortJuniper SRX
Small Businesses
LevelBlue USM Anywhere
LevelBlue USM Anywhere
Score 3.9 out of 10
pfSense
pfSense
Score 9.9 out of 10
Medium-sized Companies
CrowdStrike Falcon
CrowdStrike Falcon
Score 9.1 out of 10
Quantum Firewalls and Security Gateways
Quantum Firewalls and Security Gateways
Score 9.6 out of 10
Enterprises
CrowdStrike Falcon
CrowdStrike Falcon
Score 9.1 out of 10
Palo Alto Networks Virtualized Next-Generation Firewalls - VM Series
Palo Alto Networks Virtualized Next-Generation Firewalls - VM Series
Score 10.0 out of 10
All AlternativesView all alternativesView all alternatives
User Ratings
SnortJuniper SRX
Likelihood to Recommend
8.1
(0 ratings)
8.0
(0 ratings)
Likelihood to Renew
-
(0 ratings)
8.0
(0 ratings)
Support Rating
-
(0 ratings)
6.4
(0 ratings)
User Testimonials
SnortJuniper SRX
Likelihood to Recommend
If a colleague was looking to tighten down their network I can easily recommend Snort to them. It gives you some more peace of mind knowing that its always scanning traffic for malicious looking code. Even things your major firewalls and security hardware might miss, Snort has picked up. Its an easy recommendation for me.
Read full review
Juniper vSRX is an excellent edge gateway device. The combination of Tunneling protocols supported and the advanced routing & security features makes it perfect for this kind of deployment. It is available in physical, virtual appliances as well as support on multiple clouds so you can have the same box be your edge gateway in multiple environments for consistency.
It can also work as a Internet Gateway, DMZ Firewall/Router and it would function just fine.
While it can also work as a DC firewall (North-South), the poor GUI will make it harder in the day to day administration for the multiple policies in a DC.
Read full review
Pros
  • The threat intelligence from Cisco TALOS is unparalleled. This is grafted into the Sourcefire application which greatly improves security visibility. With this there are a lot of groups that you can use for white listing or blacklisting, knowing its being updated in the background without additional work from you.
  • Flexible. Instead of putting a traditional firewall inline you can put a source fire appliance (or firewall with sourcefire on-board) to not only block/allow traffic, but if you insights into it, and do some forms of threat scoring.
  • In depth information. Sometimes a bit overwhelming, but you are able to do more than just see alerts, you can view the full information and packets that lead to the conclusion, though the conclusion is prepared in advance for you.
Read full review
  • The Juniper SRX platform is easy to set up (out of the box).
  • The support team responds to tickets quickly and with good solutions.
Read full review
Cons
  • There are plenty of false positives in the logs, but no problems noticed related to them.
Read full review
  • Some of the more complex setups (clustered HA, etc.) can be a little difficult to configure.
  • The lowest-end model that supports true multi-site HA is relatively expensive. It would be nice to have that option in lower models.
  • Some configuration options (particularly the way address book entries are done) can get tedious and make for very long configs.
Read full review
Support Rating
No answers on this topic
This is the one area where I have a beef with Juniper. When I called into Cisco TAC, 90% of the time, the first person I spoke with was able to resolve my issue. With Juniper TAC, 90% of the time, the first person I speak with is not able to resolve my issue, seems to almost be reading from a script, and must escalate my ticket. All of which takes time.
Read full review
Alternatives Considered
Snort was chosen mainly for the ease and cost. With Snort we was able to set up in a matter of minutes without any professional services needed. If you are used to packet tracing the old fashion way, this is the product for you.
Read full review
Equipment prices ran about the same. Performance and management were also more or less equal. The biggest deciding factors for going with Juniper were (1) fewer security incidents related to SRX firewalls and (2) technical support costs were significantly less.
Read full review
Return on Investment
  • The Sourcefire deployment has been very good at actively blocking threats that would have potentially caused loss or compromise.
  • It has given us great visibility to our network.
Read full review
  • It is a workhorse for our field operations. It provides the last touch for an ISP to the customer. The customer has no view of the device, but with the repeatability of the device, they do not need to.
  • The ability to roll out a dynamic routing protocol attached to a security zone allows elasticity to the environment that supports growth.
  • VLAN support on the inside interfaces allow this to be the only device in some smaller deployments we install these in.
Read full review
ScreenShots