Watchguard X550e vs Juniper srx210 or ssg140

Associate
Joined
5 Jun 2006
Posts
1,153
I've been tasked with getting a new firewall for our company. I've narrowed it down to the Watchguard X550e, Juniper srx210 or Juniper ssg140.

Does anyone have any experience with any of these?
 
Both the Juniper's are excellent, the SRX range is the future but the SSG is a good unit in it's own right. Depends if you want to run JUNOS (Juniper's high end router OS) on the SRX or ScreenOS (the lower end older firewall OS) on an SSG.

I prefer JUNOS but it's not really for beginners whereas ScreenOS is fairly easy to pick up both in GUI and CLI. For 99.9% of people there's nothing missing in ScreenOS compared to JUNOS I should add, you aren't missing out on features.

The SRX210 is lower end in theory than the SS140 (the SRX210 is the replacement for the SSG20 really) but performance wise they are fairly similar.

Wouldn't touch a watchguard with a barge pole...
 
I'd second avoiding the watchguard. Hideous Devices. the SRX range are pretty good, I've been assessing them for my company. They've made a good stab at making them work well using the GUI so that you can avoid the command line. Its OK (that was on JUNOS 9.4, I believe they might be on 10.0 now), however somethings, like configuring the ADSL pim, wasn't possible in the GUI. Do you need all the UTM features?

Dependant on requirements it might be possible to use a Cisco ISR with the firewall IOS, or if you need a good UTM device, then something like a Fortigate might be better, as the GUI is very well thought out.
 
Last edited:
I'd second avoiding the watchguard. Hideous Devices. the SRX range are pretty good, I've been assessing them for my company. They've made a good stab at making them work well using the GUI so that you can avoid the command line. Its OK (that was on JUNOS 9.4, I believe they might be on 10.0 now), however somethings, like configuring the ADSL pim, wasn't possible in the GUI. Do you need all the UTM features?

Dependant on requirements it might be possible to use a Cisco ISR with the firewall IOS, or if you need a good UTM device, then something like a Fortigate might be better, as the GUI is very well thought out.

I'd advise against both actually, the firewall IOS can be utterly illogical at times, it really suffers from being a firewall forced onto a router. The fortigate boxes are excellent on paper and reasonably priced, my main problem is they are temperamental routers and the CLI is the worst I've ever worked with.

JUNOS 10 is out for the the higher end boxes at least, I've got a few scheduled upgrades on our MX480s as a starting point in that direction, nothing major new features wise though.

The GUI will improve, the ScreenOS GUI was missing some major things until it got into v5 really (the second revision after Juniper bought netscreen as I recall).

My opinion is that outside the very high end where checkpoint still has some game, Juniper make the best security appliances available today.
 
Watchguards are great.....if you stick a small HDD on them and build them as linux servers.

I've got PFSense running on my X1000
 
If you wanted that it'd be cheaper just to buy an off the shelf 1U server and install it on that...but I wouldn't touch it for serious firewall duties.
 
Thanks for your help, it given really me a perspective on things.

We did have a centos box that was configured to do firewall/vpn tasks. However the VPN side of it was unreliable. We have a watchguard firebox on loan and while it is easy to set up it seems to be a bit wobbly. One of my IT suppliers suggested Netgear but I'm not sold on them. Our CRM software company recommends another firebox but I'm siding on the SRX stuff as it will be more expandable for the business and a greater education for me. Apparently the srx210 does have JUNOS 10.

I'm a bit wary that I'll be jumping in at the deep end with juniper but at the end of the day I want the best solution for the company.
 
No because it's not unheard of for the Open Source crew to suggest Linux as the answer to all life's problems.

If you're going to do sarcasm you need to do it to a level that isn't believable.
 
Back
Top Bottom