We performed a comparison between Cisco Secure Firewall and Meraki MX based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: Meraki MX is the winner in this comparison. It is easier to set up and more user-friendly than Cisco ASA Firewall. In addition, Meraki MX is a less expensive solution than Cisco Secure Firewall.
"The pipe filter application is an outstanding feature."
"Fortinet FortiGate is user-friendly and affordable."
"It's super reliable. I don't think I've ever had a reliability issue with it."
"You can create multiple Virtual Domains (VDOMs), which are treated as separate firewall instances."
"I'm pretty happy with its reliability. It is also very scalable."
"Security, SD-WAN, and Streetscape are valuable features."
"The solution has very good threat and content filtering switches."
"Virtual Domains (VDOMs) are a feature that we found valuable."
"The Firepower+ISE+AMP for endpoint integration is something that really stands it out with other vendor solutions. They have something called pxGrid and i think it is already endorsed by IETF. This allows all devices on the network to communicate."
"The most valuable feature is the ability to block almost all of the ports."
"We have been using a 5520 for seven years in our datacenter and we are satisfied by this version."
"One of the most valuable features is the AMP. It's very good and very reliable when it comes to malicious activities, websites, and viruses."
"Cisco has the best documentation. You can easily find multiple documents by searching the web. Even a child can go online and find the required information."
"I'm a big fan of SecureX, Cisco's platform for tying together all the different security tools. It has a lot of flexibility and even a lot of third-party or non-Cisco integration. I feel like that's a really valuable tool."
"We have multiple secure internal networks linked with our plants. We are from a oil company, so we have multiple plant areas which need to have restricted network access. Therefore, we are using it for restricting access to the plant area."
"The features I've found most valuable are the packet captures and packet traces because they help me debug connections. I like the logs because they help me see what's going on."
"WAN optimization is the best feature of the solution."
"Meraki makes it easy to be secure and know where the holes are to fix them. We have been fixing anything that we have ever found for 20 years. We keep up-to-date with firmware upgrades. We just try to stay on top of everything for security, like maintaining updates and getting rid of old systems. I feel like we're on top of it."
"In a week, we can make new policy and view what all our users did."
"The security level of our organization has changed by using Meraki MX Firewalls. We didn't have the UTM before, but now we have sandboxing, tray scanning, attack preventions and monitorization. Our security level has improved."
"Meraki MX offers advanced filtration options, plus it behaves like a router and a firewall at the same time."
"It is a robust SD-WAN solution."
"They have very good technical support and I have relied heavily on them."
"I love the simplicity of Meraki MX — specifically, the simplicity of the dashboard."
"Currently, without the additional reporting module, we only have access to basic reporting."
"It does not have key authentication for admin access."
"The monitor and the visibility, in this proxy, is very weak."
"They can do more tests before they release new versions because I would like to be more assured. We had some experiences where they release something new and great, but some of the old features are disabled or they don't work well, which impacts the product satisfaction. The manufacturer should be able to prove that everything works or not only that it might work. This is applicable to most of the other services, software, and hardware companies. They all should work on this. We cannot trust every new release, such as a beta release, on the first day. We wait for some comments on the forums and from other companies that we know. We always wait a few weeks before we use the updated version. They should also extend the VPN client application, especially for Linux versions. Currently, it has an application for Linux devices, but it doesn't work the way we want to connect to the VPN. They use only the old connection, not the new one. They have VPN client applications for Windows and Mac, but they can add more useful features to better manage the devices and monitor the current health of each device. Such features would be helpful for our company."
"They've become quite expensive."
"The updates Fortinet provides are sometimes unstable."
"The biggest "gotcha" is that if the client purchases what they call the UTM shared bundle, which has unified threat management on both, it's not as easy to manage if you have more than one firewall."
"Fortinet already improved FortiGate, but in the current market, many brands of security devices have improved together. Fortinet still needs to catch up with market standards. Fortinet is lacking in features in comparison to competitors."
"If they want to add better features to the current Cisco ASA, they can start by increasing the encryption. That is the only thing they need to improve."
"We only have an issue with time sync with Cisco ASA and NTP. If the time is out of sync, it will be a disaster for the failover."
"Cisco should improve its user interface design. There is a deep learning curve to the product if you are a newcomer."
"It is confusing to have two management interfaces, e.g., ASDM and Firepower Management Center."
"I have a lot of difficulties with the solution's Firewall Management Center (FMC) and the GUI. Neither is responsive enough and should be improved."
"I think that the solution can be improved with the integration of application-centric infrastructure. It could be used to have better solutions in one box."
"More intuitive support for SIP services are needed. This took a long time to configure properly for the user."
"Critical bugs need to be addressed before releasing the version."
"The current lead time is longer for Meraki MX, and it needs to be improved."
"The product doesn't support route summarization and BGP dynamic routing protocol."
"The product could incorporate tools like ThousandEyes into the system so we can see things directly."
"The product is quite complex to set up."
"Load balancing options and ability to manage a couple of Internet connections."
"I do not have the kind of feature I need for SSL decryption in Meraki MX. It would be great to see the SSL decryption feature in Meraki MX."
"In general, the SD-WAN feature needs to be improved. The load sharing and load balancing of the traffic should be improved. I have had some problems with these features in the past."
"MX can only be managed via a web interface, but I'm accustomed to using a CLI or a graphical interface. I would also like to see more reporting features. It doesn't provide enough information for me to know precisely about some clients."
Cisco Secure Firewall is ranked 4th in Firewalls with 404 reviews while Meraki MX is ranked 2nd in Unified Threat Management (UTM) with 57 reviews. Cisco Secure Firewall is rated 8.2, while Meraki MX is rated 8.2. The top reviewer of Cisco Secure Firewall writes "Highlights and helps us catch Zero-day vulnerabilities traveling across our network". On the other hand, the top reviewer of Meraki MX writes "Cost-effective, simplified, easy to manage, and reliable with advanced security features and granular visibility". Cisco Secure Firewall is most compared with Palo Alto Networks WildFire, Netgate pfSense, Sophos XG, Palo Alto Networks NG Firewalls and Juniper SRX Series Firewall, whereas Meraki MX is most compared with Palo Alto Networks NG Firewalls, Sophos XG, SonicWall TZ, Netgate pfSense and SonicWall NSa. See our Cisco Secure Firewall vs. Meraki MX report.
See our list of best Firewalls vendors.
We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
Meraki is designed for zero deployments and no in-house firewall specialist personnel. Best to secure Networks like remote offices, branches or home offices. Also to protect Internet Access (your computer accesses the internet).
Cisco ASA is more of a professional firewall, not only protecting internet access but also providing security for publishing services like web servers, data centers, central services. They will need a specialist to install and support them. Therefore offer much more sophisticated protection features.
So you can't really compare these solutions, as they are targeting different markets.
You might compare Cisco to Sophos, but again, these are different protection solutions, one for network protection, the other for client protection. If you look only at the firewall part, you miss a lot in the total protection approach with Sophos.
Cisco Adaptive Security Appliance (ASA) software is the operating software for the Cisco ASA suite. It supports network security and firewall options. We researched both Meraki and ASA. We liked that ASA provides a solid VPN setup and integrates with other Cisco security offerings.
Cisco ASA is great for routing and accessing remote office locations via the remote VPN. We also liked the high availability and customizable nating (Network Access Translation). It is very reliable and easy to use. You can easily configure a site-to-site VPN to connect multiple sites. The support is great - they respond 24/7/365 and there is a lot of documentation available.
The downside is that ASAs are aging. Therefore, Cisco ASAs are best suited to small businesses. If you need something affordable that gets the job done, ASA is a good option.
We chose Cisco Meraki, because, in our opinion, it is a step forward from ASA. The level of security and intrusion detection is great, and because it is cloud-based, it is easy to change the configuration without downtime. Logging is very comprehensive, and management is very simple.
The best feature is content filtering with granular control. Cisco Meraki offers advanced malware protection, including traffic shaping. Another feature we really like is that you can pre-configure devices before they arrive at the installation.
It doesn’t work with DMVPN, which is a downside. Another feature that could use some improvement is reporting, which is not real-time. The price can get expensive but if you can afford it, a full-stack Cisco Meraki system does a great job keeping your network secure.
Conclusions:
If you want a robust but basic firewall, ASA is your best choice. Cisco Meraki is a better choice if you are looking for a next-generation firewall with advanced security features and easy management.