Juniper Networks | Upgrade SSG to SRX

Juniper Networks SSG EOL

Yes, it’s true, we’re seeing the end of the line for Juniper SSG firewalls. ScreenOS was simple, effective, quick to boot and responsive (providing you could get your browser to work with it). We have Juniper options and some other ones for you to consider. The ScreenOS era is sadly over and now it’s time to look into next generation firewall replacements. See below for our recommendations of replacement Juniper SRX firewalls.

Please note though that the Juniper SRX is a different firewall than before… There is the need at times to use the command line and there is a learning curve. It’s powerful, can be fast, but not simple and the GUI is slower. If you’re already using Junos to manage Juniper switches and Juniper routers, you’ll be at home and not understand why we mentioned it. However, if you barely ever touched the firewall and you’re a 100% GUI kind of person, please review alternatives to SSG firewalls below or contact us on the bottom on the page.

Select the type of Juniper SSG Firewall you currently own:
  • SSG5 or SSG20
    Consider the SRX100, SRX110, SRX220 and SRX240. The SRX220 is the best upgrade with Gigabit ports.
    Alt image
    Stacks Image 4373
  • SSG140 or SSG320M
    Consider the SRX240 with additional gigabit ports, expansion slots and good firewall throughput.
    Alt image
    Stacks Image 4375
  • SSG350M or SSG520M or SSG550M
    Consider the SRX650 with 4 Gigabit ports, 7 Gbps of firewall throughput and IPS performance of 1 Gps.
    Alt image
    Stacks Image 4378
Open all Close all

Juniper SSG Alternatives

Juniper SSG Firewall Upgrade / Replacements

  • Why Juniper SRX vs Juniper SSG?
    Reasons to pick Juniper Networks SRX over the SSG:
    - You already know/like Juniper support
    - You have other Juniper equipment (switches and routers) that are Junos based
    - You need a big jump in performance now (but you did say you had SSG…)

    - You will need to use/learn CLI commands
    - It is very different coming from SSG, it will be a tough transition

    See the Juniper Networks SRX product line
  • Why Fortinet vs Juniper (FortiGate vs SSG)?
    Reasons to pick Fortinet over the SSG:
    - It’s time to go next generation firewall
    - You want another easy to use GUI
    - You have a smaller SSG model and want to be budget conscious
    - You like a great all in one UTM solution bundle pricing choice
    - You can actually consider turning on IPS and AV protection
    - You’d like more performance now
    - You might want other options like: wireless APs, PoE ports
    - You’d like a broad product line with many choices
    - You have a lower end SSG (SSG5 or SSG20), you want a GUI! (and you don’t want to overspend)
    - You eventually see the need for multiple entry models and datacenter models
    - You’d like to get some Email spam control features
    - You can get more interfaces and greater speeds on many models
    - You want ASIC based performance

    Fortinet History:
    - In 1997 Ken Xie founded NetScreen with Yan Ke and Feng Deng
    - In 2004, Netscreen (then ASIC based firewall appliances) was sold to Juniper Networks
    - Ken Xie left NetScreen in 1999 and founded Fortinet with his brother Michael Xie

    Some comparisons:
    Model 60D (for SSG5, SSG20)
    Alt image
    Stacks Image 15606
    Model 80D (for SSG5, SSG20 and some SSG140s)
    Alt image
    Stacks Image 15676
    Model 100D (for ssg140)
    Alt image
    Stacks Image 15686
    Model 140D (higher end SSGs)
    Alt image
    Stacks Image 15700
    Model 200D (higher end SSGs)
    Alt image
    Stacks Image 15710

    See the Fortinet FortiGate product line
  • Why Palo Alto Networks vs Fortinet (PAN vs SSG)?
    Reasons to pick Palo Alto Networks over the SSG:
    - You’ve seen it, you love it…
    - You’re willing to pay a bit more and join the club
    - You want to go with the one that started the whole NextGen firewall craze
    - You’re a Nir Zuk fan from the old Netscreen days
    - Your needs will fit into either the PA200 or PA500

    Palo Alto Networks History
    - Founded in 2005 by Nir Zuk
    - Nir Zuk was a former engineer from Check Point and NetScreen Technologies

    - If all you need is a SSG5 or SSG20, consider the price point of a Fortinet
    - If you were using SSG SPAM features, consider Fortinet or Juniper
    - Consider Fortinet at this price point if high VPN throughput is needed

    Some comparisons:
    PA220 (for SSG5 and SSG20)
    Stacks Image 15729
    PA820 (for some SSG140s)
    Stacks Image 15731
    PA850 (for some SSG140s and the larger SSGs)
    Stacks Image 15733
    PA850 (for the larger SSGs: SSG520, SSG550)
    Stacks Image 15735
    See the Palo Alto Networks PA firewall product line
  • Why Buy a Firewall from Altaware, Inc.?
    • We’ve been using stateful firewalls since the early days of Netscreen
    • We offer choices from: Palo Alto Networks, Fortinet, Juniper Networks
    • Altaware, Inc. has been configuring, selling and supporting firewalls for over 10 years
    • We understand the strengths and weaknesses of the various choices
    • We can do firewall policy conversions from most other enterprise firewalls
    • We offer enterprise solutions for managing multi-vendor firewall and router environments
    • We offer other cyber security solutions for specific needs and requirements
    • We’ll focus on you and your needs, not the manufacturer’s sales goals

We offer several firewall alternatives including:
- Juniper Networks SRX firewalls
- Fortinet FortiGate firewalls
- Palo Alto Networks PA firewalls
- Barracuda Networks firewalls

We offer professional services to help you convert from SSG to the top three above.

All of the above claim to be next generation firewalls. In general, to be a next generation firewall it needs to be:
- Faster than traditional stateful firewalls including UTM firewalls like the Juniper SSG
- Able to view and control traffic by application and not just ports
- Able to view and control traffic by users and not just static IP addresses
Lets be realistic, it’s time to replace the Juniper Networks SSG firewall, so it’s time to change. It has been about a decade, so it’s a good time to revisit the alternatives. Not only that, but the SRX is big change from the SSG. Fortinet and Palo Alto Networks are a better upgrade coming from the SSG GUI than going to the mostly command line SRX.

© 2017 Altaware, Inc. | All rights reserved.