Cisco vs Juniper Firewalls

I am looking for some education about the differences in ios systems of cisco and juniper networks. I have a some knowledge and experinces in configuring cisco asa, pix and other routers and switches but i have not done any junipers, so in an attempt not to look like a complete idiot i am looking for some good sites i can look at to learn about juniper and its ios. Any suggestions, i have done a traditional google search.
Who is Participating?
QlemoBatchelor, Developer and EE Topic AdvisorCommented:
For ScreenOS (Juniper SSG devices), you can have several looks at the Concepts & Examples ( Each part can be read (almost) independently from the others. You get a good impression how that OS is structured in relation to definitions.
Istvan KalmarHead of IT Security Division Commented:

Please refer this page about coparsion:

I like ASA, I advise to use it if you have deep knowledge...

Best regards,
for Junos visit this site:

after registration you can download more study materials, and after passing the preassesment test you can get 50% discount on the prometric exam (JNCIS-SEC)

you can also find some other tracks there.

if you need docu on juniper netscreen boxes i will ask my colleague i think he has some learning stuff.

Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

jasonpiper01Author Commented:
Thanks guys, i actually have a CCNA but the upper management wants to use juniper equipment. So i am forced to learn this equipment on the fly. I just want to get a head up on learning about them before we start to deploy them.
keep in mind that ScreenOS is on the way out in favor of JUNOS-ES.  Also, their SNMP isn't as good as Cisco.  The Juniper SRX appears to be the replacement for the Netscreens and so far doesn't support IPv6 last I checked (some one correct me if I'm wrong).

Personally, I would go with the ASA.  Junipers are cheaper and personally I do like their JUNOS devices.  However, their SSL VPN and their firewalls worth the price difference IMHO.  If you don't care about management or monitoring of the devices, but only the functionality, then Junipers may be for you though.

Finally, if you are planning on using the Juniper configuration management platform, NSM, it is not very good either for non-firewall devices.
jasonpiper01Author Commented:
Sorry guys, i just havent had a chance to actually use the knowledge here, tomorrow i will have a meeting with the boss and i hope to award points this week.
To add to some of the comments above.

SRX does support IPv6
Screenos is not quite on its way out as yet, although Juniper have definitely preferred junos and is throwing most of its resources to junos.  Screenos will have to be around for another couple of years as a minimum as there are some pretty big customers out that use screenos as its security certified (EAL et al) and given that any new certification can take up to 2 years to acquire, juniper will need to support screenos for a wee while yet.

So for Juniper we have the following:

SSG/ISG running screenos
NS 5000 series running screenos
J series running junos
SRX running junos

If you are getting new kit, I would recommend going for the Junos based, with SRX preferred

I also agree that sadly neither junos nor screenos offers SSL VPN functionality at all, Junipers answer is that they sell a very good SSL VPN appliance.  TBH, it is a great piece of kit and knocks the socks off any competitor, but the lack of SSL VPN on a firewall can make a difference to a tender.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.