We performed a comparison between Cisco Secure Firewall and Meraki MX based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: Meraki MX is the winner in this comparison. It is easier to set up and more user-friendly than Cisco ASA Firewall. In addition, Meraki MX is a less expensive solution than Cisco Secure Firewall.
"From the firewall perspective, the rules and policies are very sufficient and easy to use."
"Fortigate represents a really scalable way of delivering perimeter network security, some level of layer 7 security, WAF, and also a way to create a meshed ADVPN solution."
"Fortinet FortiGate is a stable solution."
"The UTM feature is quite good. FortiAP is easy to deploy because both Fortigate and FortiAP are under the same brand. Otherwise, you need to do more work on the configuration."
"The multi-tenancy feature is most valuable. It integrates very well with FortiManager and FortiAnalyzer."
"LinkGreat firewall capabilities"
"The most valuable feature of Fortinet FortiGate is URL filtering."
"The signature database and zero-day detection are Fortinet FortiGate's most valuable features."
"It is very stable."
"Once you add Firepower onto to it and you start enabling some of its features, you get some IDS/IPS involved with it and you can even do web filtering."
"We find all of its features very useful. Its main features are policies and access lists. We use both of them, and we also use routing."
"It is a highly stable product. We rarely receive any serious outdates, so it works quite well."
"We are mostly using it for remote access, so the remote access feature is the most valuable, but all other features are also needed and required. It is also a very straightforward and reliable solution."
"Easy to deploy in a working environment between servers and users."
"The product is easy to manage and simple. It works with the rest of our Cisco products. You can drop in new ones if you need more performance. The training and documentation provided are good."
"I found that setting up rules for HTTPS and SSH access to the management interface are straightforward, including setting the cypher type."
"Since it has an integrated dashboard for all the products, customers can get complete network analytics regarding what the user is doing, monitoring, and observing."
"It has a helpful feature for database troubleshooting issues."
"I like the automatic firmware updates. We use the Active Directory to authenticate VPN users."
"The features we have found most valuable are the firewall and the monitoring tools."
"Meraki makes it easy to be secure and know where the holes are to fix them. We have been fixing anything that we have ever found for 20 years. We keep up-to-date with firmware upgrades. We just try to stay on top of everything for security, like maintaining updates and getting rid of old systems. I feel like we're on top of it."
"MX is easy to manage, configure and install."
"Ease of management is the best thing about the solution."
"Deployment takes no more than one working day."
"There were quite a few problems with the stability of the system."
"WAN load-balancing could be a lot better at detecting when a link is poor or inconsistent, and not just flat out dead."
"The customization could be improved. Cisco, for example, is much better at this. They need to work to be at least as good as they are."
"The routing capability on the FortiGate devices has room for improvement."
"They have to just improve its performance when we enable all UTM features. When you enable all the features, the performance of FortiGate, as well as of Sophos and SonicWall, goes down."
"To the best of my knowledge, Fortinet does not have a CASB solution and Fortinet does not have a Zero trust solution."
"The support system could be improved."
"Some of the web policy reports could be improved."
"On the VPN side, Firepower could be better. It needs more monitoring on VPNs. Right now, it's not that good. You can set up a VPN in Firepower, but you can't monitor it."
"This solution could be more granular and user-friendly."
"Its user interface is good, but it could be better. Currently, you have to know what to do before you can manage a device. If you don't know what to do, you can mess things up. There are some devices that are easier, such as FortiGate. The user interface of FortiGate is more intuitive. It is very easy to log in and configure things."
"If I want to activate IPS features on it, I have to buy another license. If I want Cisco AnyConnect, I have to buy another license. That's where we have challenges."
"Initial setup was fairly complex."
"We are Cisco partners, and when we recommend Cisco FirePower to customers, they always think that FirePower is bad. For a single installation of FirePower, if I have to write about 18 tickets to Cisco, it's a big problem. There was an issue was related to Azure. We had Active Directory in Azure. The clients had to connect to FirePower through Azure. We had a lot of group policies. After two group policies, we had to make groups in Azure, and they had to sign in and sign back. It was a triple-layer authentication, and there was a big problem, so we didn't use it."
"Cisco Firepower NGFW Firewall can be more secure."
"It is surprising that you need to have a virtual appliance for the Firepower Management Center. It is not good if you have to setup a VMware server just for it."
"Direct logging is something that can be introduced. In the absence of cloud management, the possibility of local configurations and on-premise logins becomes restricted. This limitation stands as a primary concern. When it comes to resolving issues, the inability to access login options hampers troubleshooting efforts. The stability is noteworthy; but when compared to alternative products, its stability is comparatively lower. Additionally, certain limitations are observed in terms of remote control. Price-wise, the solution stands out for its competitive and cost-effective nature compared to other alternatives. Operationally, it is user-friendly and requires minimal effort from administrators, making configuration hassle-free."
"It would be nice if the different services, including the SIEM SOC and endpoint detection and response (EDR) were integrated into one, so that I don't have to go to different vendors for different services."
"Meraki MX firewalls are great for small to medium-sized businesses, but other solutions are better for enterprise-sized companies."
"What I would like to see in the next version is to have more interfaces for WAN links."
"Could possibly use deeper configurations."
"We have been having a problem with the VPN. When the energy goes down and is back again, the VPN link doesn't get established. We have to manually turn off the modems and other pieces of equipment and manually establish the VPN. It has been around one month since we have been having this problem, and we don't have enough support from Meraki to solve the problem."
"They're very complacent and I find the rule set to be a little arcane."
"When we do API integrations with Meraki, they have always been hard as well as tedious to build. The data that we want out of the API integrations has been only recently available. Six months ago, it was hard to get someone to build something correctly or useful with Meraki APIs. Recently, they have made more data available on the API, but it is just a start. They need to do more."
Cisco Secure Firewall is ranked 4th in Firewalls with 404 reviews while Meraki MX is ranked 2nd in Unified Threat Management (UTM) with 57 reviews. Cisco Secure Firewall is rated 8.2, while Meraki MX is rated 8.2. The top reviewer of Cisco Secure Firewall writes "Highlights and helps us catch Zero-day vulnerabilities traveling across our network". On the other hand, the top reviewer of Meraki MX writes "Cost-effective, simplified, easy to manage, and reliable with advanced security features and granular visibility". Cisco Secure Firewall is most compared with Palo Alto Networks WildFire, Netgate pfSense, Sophos XG, Palo Alto Networks NG Firewalls and Juniper SRX Series Firewall, whereas Meraki MX is most compared with Palo Alto Networks NG Firewalls, Sophos XG, SonicWall TZ, Netgate pfSense and SonicWall NSa. See our Cisco Secure Firewall vs. Meraki MX report.
See our list of best Firewalls vendors.
We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
Meraki is designed for zero deployments and no in-house firewall specialist personnel. Best to secure Networks like remote offices, branches or home offices. Also to protect Internet Access (your computer accesses the internet).
Cisco ASA is more of a professional firewall, not only protecting internet access but also providing security for publishing services like web servers, data centers, central services. They will need a specialist to install and support them. Therefore offer much more sophisticated protection features.
So you can't really compare these solutions, as they are targeting different markets.
You might compare Cisco to Sophos, but again, these are different protection solutions, one for network protection, the other for client protection. If you look only at the firewall part, you miss a lot in the total protection approach with Sophos.
Cisco Adaptive Security Appliance (ASA) software is the operating software for the Cisco ASA suite. It supports network security and firewall options. We researched both Meraki and ASA. We liked that ASA provides a solid VPN setup and integrates with other Cisco security offerings.
Cisco ASA is great for routing and accessing remote office locations via the remote VPN. We also liked the high availability and customizable nating (Network Access Translation). It is very reliable and easy to use. You can easily configure a site-to-site VPN to connect multiple sites. The support is great - they respond 24/7/365 and there is a lot of documentation available.
The downside is that ASAs are aging. Therefore, Cisco ASAs are best suited to small businesses. If you need something affordable that gets the job done, ASA is a good option.
We chose Cisco Meraki, because, in our opinion, it is a step forward from ASA. The level of security and intrusion detection is great, and because it is cloud-based, it is easy to change the configuration without downtime. Logging is very comprehensive, and management is very simple.
The best feature is content filtering with granular control. Cisco Meraki offers advanced malware protection, including traffic shaping. Another feature we really like is that you can pre-configure devices before they arrive at the installation.
It doesn’t work with DMVPN, which is a downside. Another feature that could use some improvement is reporting, which is not real-time. The price can get expensive but if you can afford it, a full-stack Cisco Meraki system does a great job keeping your network secure.
Conclusions:
If you want a robust but basic firewall, ASA is your best choice. Cisco Meraki is a better choice if you are looking for a next-generation firewall with advanced security features and easy management.