We performed a comparison between Cisco Secure Firewall and Meraki MX based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: Meraki MX is the winner in this comparison. It is easier to set up and more user-friendly than Cisco ASA Firewall. In addition, Meraki MX is a less expensive solution than Cisco Secure Firewall.
"The initial installation is very straightforward."
"The most valuable feature of FortiGate is FortiView which provides proactive monitoring."
"It's very good and very stable for businesses. It works very well."
"Mainly the FortiGate reporting system is very good. It guides us through all the expectations of security. Fortinet provides us all that we need for security. Also, Fortinet FortiGate is a next-generation firewall. It is much more advanced than others."
"I like that they have given me a solution at a fair price."
"The next-generation firewall is great."
"FortiGate SD-WAN facilitated a smooth transition for our customers between their two internet service providers, ensuring uninterrupted connectivity without any downtime."
"The usage in general is pretty good."
"When I was managing these firewalls, I found them easy to understand, easy to deploy, and easy to maintain as compared to some of the other firewalls I have been involved with earlier. The opinion of my coworkers is that it's easy and quick to establish new zones, expand, and maintain."
"Manageability of Cisco ASA. It has a GUI interface, unlike the most of Cisco IOS. For beginners they can "sneak in" and apply the command and see the actual commands that the GUI launches. In addition, Cisco has the reputation regarding security."
"The Inline Mode configuration works really well, and ASA works very impressively."
"The remote VPN and IPsec VPN or site-to-site VPN features are valuable. The clustering feature is also valuable. We have two ISP links. Whenever there is a failover, users don't even get to know. The transition is very smooth, and the users don't notice any latency. So, remote VPN, site-to-site VPN, and failover are three very powerful features of Cisco ASA."
"The stability of Cisco ASA is excellent compared to other products on the market. Because of our customer experience as an integrator company, our clients never report any performance problems. We have a good performance reputation with Cisco ASA."
"If you compare the ASA and the FirePOWER, the best feature with FirePOWER is easy to use GUI. It has most of the same functionality in the Next-Generation FirePOWER, such as IPS, IPS policies, security intelligence, and integration and identification of all the devices or hardware you have in your network. Additionally, this solution is user-friendly."
"The IPS, as well as the malware features, are the two things that we use the most and they're very valuable."
"Being able to use it as a policy-based VPN is valuable. It's very easy to understand. It's very easy to troubleshoot."
"It has a helpful feature for database troubleshooting issues."
"Point-to-point VPNs can dynamically follow IP changes with no need for static IPs."
"I love the simplicity of Meraki MX — specifically, the simplicity of the dashboard."
"Intrusion detection and prevention (IDS/IPS): The best feature. It can detect malware, even a virus, and warn you by email about the device that has it. When the Meraki detects that something is wrong, it automatically blocks the connection or the intrusion, delivering a graphic report with all the necessary content."
"We work also with domain control (DC) from Microsoft or Amazon. We use a whole virtual appliance with Meraki."
"I use Meraki in my POCs and with my customers as well."
"Site to Site VPN: The device can establish a VPN connection to multiple sites in a mesh environment in seconds, and without complex VPN knowledge."
"Traffic Shaping: The device lets you decide how you want to use your internet services. Due to the fact that Meraki can accept dual WAN, you can decide the way you balance the data traffic."
"The product does need better support in the cloud environment. It's not exactly cloud-native right now."
"In terms of what could be improved, the SD-WAN is quite difficult, because if you install the new box, 15 is okay, but if you change from an old configuration, if there is already configuration and a policy when you change to SD-WAN, you must change the whole policy that you see in the interface."
"The user interface could be improved."
"It could use better throughput on some of the smaller boxes for the branch offices."
"The support we receive when we need to upgrade is not satisfactory and has room for improvement."
"Some features of Fortinet FortiGate are actually fee enabled that are inconvenient for deploying in production. Other issues relate to isolation with Cisco products and your server."
"Compared to some other products, the DLP is not at par for the moment."
"Scalability for Fortinet FortiGate needs to be improved. SD-WAN security for this solution also needs some improvement."
"Migration with other appliances is not easy. It has to be done manually, and this takes a long time."
"You have to know the ASA command line very well because not all operations are available in the graphical interface"
"The Sandbox and the Web Censoring in this solution need to be improved."
"We would really like to see dual dual power supplies for some Cisco Firewall products."
"The worst part of the entire solution, and this is kind of trivial at times, is that management of the solution is difficult. You manage FireSIGHT through an internet browser. I've had Cisco tell me to manage it through Firefox because that's how they develop it. The problem is, depending on the page you're on, they don't function in the same way. The pages can be very buggy, or you can't resize columns in this one, or you can't do certain things in that one. It causes a headache in managing it."
"On firewall features, Fortinet is better. Cisco needs to become more competitive and add more features or meet Fortinet's offering."
"The solution has not had any layer upgrades. It does not have layer five and upwards, it only has up to layer four. This has caused some problems for us."
"Its user interface is good, but it could be better. Currently, you have to know what to do before you can manage a device. If you don't know what to do, you can mess things up. There are some devices that are easier, such as FortiGate. The user interface of FortiGate is more intuitive. It is very easy to log in and configure things."
"When we do API integrations with Meraki, they have always been hard as well as tedious to build. The data that we want out of the API integrations has been only recently available. Six months ago, it was hard to get someone to build something correctly or useful with Meraki APIs. Recently, they have made more data available on the API, but it is just a start. They need to do more."
"They're very complacent and I find the rule set to be a little arcane."
"The problem is that the two licenses do not currently integrate. We have to create separate companies and do an interconnection."
"The security is not as strong as it could be"
"In general, the SD-WAN feature needs to be improved. The load sharing and load balancing of the traffic should be improved. I have had some problems with these features in the past."
"We had minor issues with Meraki MX. We had a couple of RMAs, so that could be an area for improvement, but in terms of how the RMAs went, the turnaround time and getting those back into redeployment were quick. Another area for improvement in Meraki MX is that when you're scaling for multiple locations, you need to use the same model, but the model you'd need is only available for a short time. The specific model you require could be out of stock, or Meraki isn't making that model anymore, so Meraki should improve that."
"MX can only be managed via a web interface, but I'm accustomed to using a CLI or a graphical interface. I would also like to see more reporting features. It doesn't provide enough information for me to know precisely about some clients."
"It would be great if the Meraki devices let us see, in real time, the internet demand on a single device."
Cisco Secure Firewall is ranked 4th in Firewalls with 404 reviews while Meraki MX is ranked 2nd in Unified Threat Management (UTM) with 57 reviews. Cisco Secure Firewall is rated 8.2, while Meraki MX is rated 8.2. The top reviewer of Cisco Secure Firewall writes "Highlights and helps us catch Zero-day vulnerabilities traveling across our network". On the other hand, the top reviewer of Meraki MX writes "Cost-effective, simplified, easy to manage, and reliable with advanced security features and granular visibility". Cisco Secure Firewall is most compared with Palo Alto Networks WildFire, Netgate pfSense, Sophos XG, Palo Alto Networks NG Firewalls and Juniper SRX Series Firewall, whereas Meraki MX is most compared with Palo Alto Networks NG Firewalls, Sophos XG, SonicWall TZ, Netgate pfSense and SonicWall NSa. See our Cisco Secure Firewall vs. Meraki MX report.
See our list of best Firewalls vendors.
We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
Meraki is designed for zero deployments and no in-house firewall specialist personnel. Best to secure Networks like remote offices, branches or home offices. Also to protect Internet Access (your computer accesses the internet).
Cisco ASA is more of a professional firewall, not only protecting internet access but also providing security for publishing services like web servers, data centers, central services. They will need a specialist to install and support them. Therefore offer much more sophisticated protection features.
So you can't really compare these solutions, as they are targeting different markets.
You might compare Cisco to Sophos, but again, these are different protection solutions, one for network protection, the other for client protection. If you look only at the firewall part, you miss a lot in the total protection approach with Sophos.
Cisco Adaptive Security Appliance (ASA) software is the operating software for the Cisco ASA suite. It supports network security and firewall options. We researched both Meraki and ASA. We liked that ASA provides a solid VPN setup and integrates with other Cisco security offerings.
Cisco ASA is great for routing and accessing remote office locations via the remote VPN. We also liked the high availability and customizable nating (Network Access Translation). It is very reliable and easy to use. You can easily configure a site-to-site VPN to connect multiple sites. The support is great - they respond 24/7/365 and there is a lot of documentation available.
The downside is that ASAs are aging. Therefore, Cisco ASAs are best suited to small businesses. If you need something affordable that gets the job done, ASA is a good option.
We chose Cisco Meraki, because, in our opinion, it is a step forward from ASA. The level of security and intrusion detection is great, and because it is cloud-based, it is easy to change the configuration without downtime. Logging is very comprehensive, and management is very simple.
The best feature is content filtering with granular control. Cisco Meraki offers advanced malware protection, including traffic shaping. Another feature we really like is that you can pre-configure devices before they arrive at the installation.
It doesn’t work with DMVPN, which is a downside. Another feature that could use some improvement is reporting, which is not real-time. The price can get expensive but if you can afford it, a full-stack Cisco Meraki system does a great job keeping your network secure.
Conclusions:
If you want a robust but basic firewall, ASA is your best choice. Cisco Meraki is a better choice if you are looking for a next-generation firewall with advanced security features and easy management.