Juniper Partners On SRX Issues: Forgiven But Not Forgotten

Stung by angry customers consistent in their criticism of Juniper's SRX services gateways over the past year and a half, solution providers are upbraiding Juniper for what they say was a too-slow response from Juniper's sales and engineering teams to respond to and fix SRX's technical flaws.

The SRX issue was a frequently mentioned subject at Juniper's Global Partner Conference in Las Vegas this week, and one that partners said Juniper, to its credit, is no longer ignoring.

"My big takeaway from this is that they've recognized that partners are unhappy and customers are unhappy," said Helen Lesser, executive vice president at Nexum, a Chicago-based solution provider. "Products have flaws all the time -- it's almost the norm with a new product set -- but where the ball stopped rolling with the SRX issue was that we were escalating feedback on issues and not getting acknowledgment."

Juniper debuted its SRX series dynamic services gateways in 2008, touting the increased throughput over traditional firewalls as well as other features such as intrusion prevention, distributed denial-of-service protection, dynamic routing and quality of service, and network address translation. The idea was to provide a firewall product that ran on Juniper's universal OS, Junos, and that could be customized based on customer needs.

Sponsored post

Sales of SRX surged, but customers reported technical issues with SRX products ranging from overall stability to flaws in areas such as unified threat management (UTM) and intrusion detection. Several solution providers interviewed by CRN singled out Juniper's lower-end SRX products, including its SRX100, SRX210 and SRX240, as being especially problematic.

"What they touted from a product perspective and what it was actually, truly capable of were not the same," said Dominic Grillo, executive vice president at Atrion Communications Resources, a Branchburg, N.J.-based solution provider. "A lot of the UTM-type features they're trying to add and make seamless with the other features haven't been as seamless or as stable as they should be."

Customer complaints about the products were widespread starting in mid-2010, solution providers told CRN, and it wasn't until nearly a year later that Juniper began aggressively updating SRX in response to the concerns.

At Juniper’s partner conference, Bob Muglia, executive vice president, software solutions, and Stefan Dyckerhoff, executive vice president, platform systems, acknowledged the SRX problems during their presentation -- a sign to many partners that Juniper was owning its "mea culpa."

"There's a better feedback loop now, which is going to re-instill confidence," Nexum's Lesser said. "It goes a long way to have Juniper backing me up for the customers I own."

SRX issues came up frequently in security-focused sessions at the partner conference. Several partners who attended closed-door sessions said Gary Olson, who joined Juniper as global managing director for security in October 2011 following a stint at Blue Coat, acknowledged the SRX flaws and said Juniper's fixes to the platform would be much more rapid and comprehensive.

Juniper also is reaching out to customers on the potential problems with SRX that might arise and how to troubleshoot them.

"We don't do a large percentage of SRX, but we did have some challenges in the past 18 months," said David Nahabedian, principal and co-founder of Integration Partners, a Lexington, Mass.-based solution provider.

Juniper has told partners it will adjust its software release schedule in an attempt to more quickly fix technical issues such as those present in the SRX, he said.

"Their schedule may have worked six years ago, but it's not sustainable," Nahabedian said. "New products have quality issues, so it's understandable. It's a function of how many engineers you have."

NEXT: Winning Back Juniper Customers

Few solution providers said they had lost customers as a result of SRX performance issues, but most said that convincing angry customers to give Juniper another chance with SRX updates has been a big challenge. Juniper has provided a number of free product updates and has authorized solution providers to offer customer incentives and protections to win them over, partners said.

"Two of my marquee accounts had singled out UTM and a lot of the intrusion-prevention stuff as what they wanted out of SRX, and they jumped all over me when it wasn't nailing those things," said a senior executive at one nationally known Juniper partner, who requested his name not be used. "Juniper is doing what needs to be done from the engineering side, but I will need assurances now and will be more thorough in the technical assurances we get from Juniper before I try to sell SRX to new customers."

In an interview with CRN during the conference, Juniper CEO Kevin Johnson said customer demand for SRX was high and that Juniper might have been too aggressive in adding features and porting features from ScreenOS and the Juniper-acquired NetScreen products that preceded the SRX gateways.

"The SRX provides this fantastic scale when it comes to securing a network," Johnson said. "I think a number of customers asked for a wide range of features that would enable them to do a lot of things, and as those features were shipped there was a period we had to go through to harden those with the customers."

Johnson disagreed with the notion that Juniper rushed its SRX products out of the development phase.

"Looking back, there are things we could have done differently. Maybe we rushed too many features at once, but I don't think we rushed the product," he said. "In the spirit of trying to respond to customer needs, I think we were doing all the right things and perhaps we could have done some things to sequence those features in different ways."

Some Juniper partners said the SRX issue is a wake-up call for Juniper as a security vendor. Smaller competitors such as Check Point Software Technologies and Palo Alto Networks have ramped up public criticism of Juniper and are talking about how their products are displacing Juniper firewalls, and Juniper in December sued Palo Alto over firewall patent infringement.

But the most telling sign for many solution providers that Juniper's security strategy is a concern was the most recent installment of researcher Gartner's influential Magic Quadrant for firewalls. Juniper was removed from the all-important "leaders" quadrant of the report, downgraded to the "challengers" category.

"What they didn't mention from the stage is that they dropped out of that leadership quadrant," said Frank Kobuszewski, vice president, technology solutions group, at CXtec, a Syracuse, N.Y.-based solution provider. "You can't pull that wool over partners' eyes. Just stand up there and acknowledge it and say, ‘OK guys, we fell on our faces this year.’"

NEXT: Juniper’s Mobile Device Security Strategy

Johnson and other executives pointed out that Juniper leads in security in a number of areas and that competitors such as Palo Alto and Check Point don't have its breadth of products.

"In the domain of security, there are lots and lots of very small companies focused on niches of security," Johnson said. "I think that's because the security threat landscape continues to evolve. It's a fragmented industry with lots of different players, and in a way that's good because it creates a broad system of innovators. At the end of the day, that does create complexity for the customer, and customers look for more of an end-to-end solution. That's our opportunity with the broad footprint we have of security in the network combined with the broad footprint we have on the end devices."

Most of Juniper's top security partners say they aren't worried. Juniper has done an especially good job of tying its security focus with its data center and infrastructure portfolios and creating a go-to-market message around integrated security features.

"I think Juniper has a good focus on tying security into ultimately where they want to go," said Gary Fish, president and CEO of FishNet Security, a Kansas City, Mo.-based solution provider. "Security has really been blended into that overall message."

Johnson also pointed out the rapid adoption of Junos Pulse, the security and management software that Juniper said is now used on more than 35 million mobile devices.

"They have an opportunity to lead in mobile device security," said Nexum's Lesser. "That's a very important piece that we are paying attention to."