Friday News Analysis: Rumors Around Juniper’s Security Products


Juniper whips out knife, slices off security products

Note that this is not official Juniper news from what I can tell. The report comes from the tech equivalent of a gossip rag. Maybe I shouldn’t bring it up. But…it seems all too plausible. Here are several bits from the article I stitched into one large quote.

Months after Juniper Networks confirmed the prioritisation of revenue-generating projects, the firm has quietly dumped several security products, causing upset to some of its nearest and dearest in the channel. A Juniper spokeswoman confirmed to The Channel that it will jettison the FireFly Host, WebApp Secure and DDoS Secure products from 2015, though current customers will continue to receive support. The PR person did not answer why those products are to be shelved, clearly they were not doing the numbers. He added the SRX firewalls are “tough to sell” against Checkpoint and Cisco in the large enterprise where many customers have already invested in those vendors, “and they get roundly beaten on price in the SME space by Fortinet and Sonic Wall”. This all feeds into persistent talk in the industry that Juniper is looking at exiting security, leaving it with service providers and switch customers as their target audience.

Right. So, dumping fringe or niche security products that the sales team couldn’t push out the door is fair enough. Do what you must. But what’s it say about Juniper when a company their size can’t stand behind a product line broad enough to make them a one-stop shop? I am a Juniper SRX customer, and I’ve been looking at vSRX (Firefly Perimeter) seriously as a possible edge router device I’d run on a custom x86 box. “All Junos” is a good operational idea in my setting, but is betting big on SRX a stupid idea at this point? It is if I deploy 500 Firefly Perimeters, and then Juniper pulls the plug entirely on the security portfolio. When whine-tweeting about this issue, I got back many responses from disgruntled people who never made the leap from NetScreen to SRX because of the functionality loss. So, it seems Juniper, in some cases, is not even winning SRX converts with existing Juniper customers.

Just to be clear, this story did not report the demise of Firefly Perimeter or the SRX firewall line. But are they on the chopping block next? My friend and Packet Pushers co-host Greg Ferro thinks not, pointing out that Juniper needs SRX (especially Firefly Perimeter) in the portfolio to keep service providers happy. I’m not so sure. When maximum profit is the most important component of an analysis, then decision makers who don’t understand tech product synergy can do some really silly things.

I know I’m nervous, and have some talking to do with my C-levels about our Juniper relationship. We have a different level of risk to evaluate now as we build our business.

Read the full article (and come to your own conclusions) here.

About the author

Ethan Banks

Most people know me because I write & podcast about IT on the Packet Pushers network. I also co-authored "Computer Networks Problems & Solutions" with Russ White.

Find out more on my about page.


  • I have an exceptionally difficult time believing this article to be honest. SRX is a core product (hence the X), and even if the branch editions have always struggled a bit finding a foothold, the high end models are powerhouse tanks. Not every deployment needs Palo Alto style pretty graphs.

    The L7 issues with branch will hopefully be mitigated with the release of some new hardware refreshes in 2015.

    In my experience as a consultant engineer, I’ve seen very few full L7 FW deployments ever be 100% completed to the satisfaction of the customer. A lot of security policies (regardless of mfg bells and whistles) end up still being tried and true zone based L3/L4 policies with maybe some IPS in there for good measure.

  • We still use the SSG even though we run into cpu and memory usage issues or at least that’s what the operations people say. I asked why they don’t move to the SRX and it’s because they feel more confident using a GUI. Unfortunately I don’t know anything about the Junipers but ops says it’s easier than the ASA + ME3600 running EIGRP I have to aggregate and secure private line traffic because and distribute routes into BGP. Hope they don’t get rid so the virtual SRX that sounds interesting. We need something more than OVS.


Most people know me because I write & podcast about IT on the Packet Pushers network. I also co-authored "Computer Networks Problems & Solutions" with Russ White.

Find out more on my about page.

Subscribe via Email

Receive complete, ad-free posts in your inbox as I publish them here.

Secured By miniOrange