The big C vs. the big J

Juniper has always challenged Cisco in the high-end router space, but it has not had a product that hits close to Cisco's core branch-office router business. How do the two compare?

Although Juniper has always challenged Cisco in the high-end router space, it has not had a product that hits close to Cisco's core branch-office router business. There is an obvious parallel between the new Juniper Secure Services Gateway series and Cisco's 2800 and 3800 IOS-based router series. Both have WAN interfaces, dynamic routing, interchangeable port cards, VPN and firewall capabilities. But are these products true competitors?

Not really. While there are some environments where either one would work, they have very different strengths and weaknesses. Cisco's strength is clearly in the routing part of the product line. And while Juniper's SSG products do have WAN interfaces and dynamic routing, they don't match up with the capabilities that Cisco's IOS offers - or even Juniper's own JUNOS. If the SSG series are routers, with a little "r," then Cisco's 3800 boxes are Routers with a big "R."

Juniper's strength is in the firewall side. Cisco's IOS does have a basic firewall that can provide protection when security policies are simple, but it's no match for the Juniper (read NetScreen) firewall capabilities. If Cisco's 3800s are firewalls, then Juniper's SSG series are Firewalls.

There are many other differences. Cisco's product line is broad and deep, and offers features such as VoIP interfaces that Juniper hasn't even started talking about to the outside world. It's easy to simplify these boxes as the Cisco Router firewall and the Juniper router Firewall, but there's much more to it than that.

While Cisco and Juniper can leapfrog each other in the speeds-and-feeds business, playing with pricing and pushing up performance, the fundamentals remain the same: Cisco's IOS makes a better router, while Juniper's ScreenOS makes a better firewall.

For many network managers today, however, the products may be equivalent. Few branch or regional offices have complex mixes of dynamic routing protocols requiring the power of the Cisco router. And few branch or regional offices may have complex security policies requiring the capabilities of the Juniper firewall. Parmesan and Romano cheeses may be very different, but if you're making a calzone, you're not really going to notice much difference which you put in.

This balance is changing. The rise of ever-smarter application-layer security products, such as Juniper's deep inspection or Cisco's intrusion-prevention system, are coming from a clear need to improve security and perimeter defenses. This pull away from a networking-centric world to a security-centric one suggests that Juniper is better positioned to move forward with the security-oriented products that network managers need.

But Cisco is not taking this lying down, and the battle is really just beginning. Its heavy interest in security and early lead in areas such as VoIP means it will be pushing more and more services of all kinds into its edge devices. While Cisco has had a disjointed security strategy in the past, a solid history of innovation combined with one of the world's strongest brands says that Juniper is in for a serious fight.

Return to Juniper Clear Choice Test

Learn more about this topic

Cisco, Juniper face unique challenges 01/30/06

Opinion

Looking back, ahead as Juniper celebrates its 10th anniversary

01/23/06

Review: SSL VPNs dissected: SSL VPN products, security, access control

12/19/05

Juniper hires researcher who highlighted Cisco router flaw

11/05/05

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2006 IDG Communications, Inc.

IT Salary Survey: The results are in