Juniper Networks | Upgrade SSG to SRX

Juniper Networks SSG EOL

Yes, it’s true, we’re seeing the end of the line for Juniper SSG firewalls. ScreenOS was simple, effective, quick to boot and responsive (providing you could get your browser to work with it). We have Juniper options and some other ones for you to consider. The ScreenOS era is sadly over and now it’s time to look into next generation firewall replacements. See below for our recommendations of replacement Juniper SRX firewalls.

Please note though that the Juniper SRX is a different firewall than before… There is the need at times to use the command line and there is a learning curve. It’s powerful, can be fast, but not simple and the GUI is slower. If you’re already using Junos to manage Juniper switches and Juniper routers, you’ll be at home and not understand why we mentioned it. However, if you barely ever touched the firewall and you’re a 100% GUI kind of person, please review alternatives to SSG firewalls below or contact us on the bottom on the page.

Select the type of Juniper SSG Firewall you currently own:
  • SSG5 or SSG20
    Consider the SRX100, SRX110, SRX220 and SRX240. The SRX220 is the best upgrade with Gigabit ports.
    Alt image
    Stacks Image 4373
    Stacks Image 25632
  • SSG140 or SSG320M
    Consider the SRX240 with additional gigabit ports, expansion slots and good firewall throughput.
    Alt image
    Stacks Image 4375
    Stacks Image 25639
  • SSG350M or SSG520M or SSG550M
    Consider the SRX650 with 4 Gigabit ports, 7 Gbps of firewall throughput and IPS performance of 1 Gps.
    Alt image
    Stacks Image 4378
    Stacks Image 25644
Open all Close all

Juniper SSG Alternatives

Juniper SSG Firewall Upgrade / Replacements

  • Why Juniper SRX vs Juniper SSG?
    Reasons to pick Juniper Networks SRX over the SSG:
    - You already know/like Juniper support
    - You have other Juniper equipment (switches and routers) that are Junos based
    - You need a big jump in performance now (but you did say you had SSG…)

    - You will need to use/learn CLI commands, it is quite different
    - It is very different coming from SSG, it will be a tough transition
    - Converting the configuration takes expertise

    See the Juniper Networks SRX product line
  • Why Palo Alto Networks vs Fortinet (PAN vs SSG)?
    Reasons to pick Palo Alto Networks over the SSG:
    - You’ve seen it, you love it…
    - You’re willing to pay a bit more and join the club and get extensive cyber security protection
    - You want to go with the leader that started the whole NextGen firewall craze
    - You’re a Nir Zuk fan from the old Netscreen days, he's at Palo Alto Networks now!

    Palo Alto Networks History
    - Founded in 2005 by Nir Zuk
    - Nir Zuk was a former engineer from Check Point and NetScreen Technologies

    Some comparisons:
    PA220 (for SSG5 and SSG20)
    Stacks Image 15729
    PA820 (for some SSG140s)
    Stacks Image 15731
    PA850 (for some SSG140s and the larger SSGs)
    Stacks Image 15733
    PA850 (for the larger SSGs: SSG520, SSG550)
    Stacks Image 15735
    See the Palo Alto Networks PA firewall product line
  • Why Buy a Firewall from Altaware, Inc.?
    • We’ve been using stateful firewalls since the early days of Netscreen
    • We offer choices from: Palo Alto Networks, Fortinet, Juniper Networks
    • We have the skills to convert your ScreenOS configs into the newer platforms
    • Altaware, Inc. has been configuring, selling and supporting firewalls for over 10 years
    • We understand the strengths and weaknesses of the various choices
    • We can do firewall policy conversions from most other enterprise firewalls
    • We offer enterprise solutions for managing multi-vendor firewall and router environments
    • We offer other cyber security solutions for specific needs and requirements

We offer several firewall alternatives including:
- Juniper Networks SRX firewalls
- Fortinet FortiGate firewalls
- Palo Alto Networks PA firewalls
- Barracuda Networks firewalls

We offer professional services to help you convert from SSG to the top three above.

All of the above claim to be next generation firewalls. In general, to be a next generation firewall it needs to be:
- Faster than traditional stateful firewalls including UTM firewalls like the Juniper SSG
- Able to view and control traffic by application and not just ports
- Able to view and control traffic by users and not just static IP addresses
Lets be realistic, it’s time to replace the Juniper Networks SSG firewall, so it’s time to change. It has been about a decade, so it’s a good time to revisit the alternatives. Not only that, but the SRX is big change from the SSG. Fortinet and Palo Alto Networks are a better upgrade coming from the SSG GUI than going to the mostly command line SRX.

© 2018 Altaware, Inc. | All rights reserved.