We performed a comparison between Cisco Secure Firewall and Meraki MX based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: Meraki MX is the winner in this comparison. It is easier to set up and more user-friendly than Cisco ASA Firewall. In addition, Meraki MX is a less expensive solution than Cisco Secure Firewall.
"It's very easy to set up, it's very easy to make policies and, for an organization, that means you don't need IT expert in firewalls. You just need to have somebody who knows a little bit of IT, and that's it. With other products, you need someone with a "Masters" degree in firewalls."
"The reporting and monitoring are very good."
"It has very easy management and an amazing ETM configuration."
"The most valuable feature is the FortiManager for centralized management."
"Our project needs to link two sides through the internet. One of these was in Cairo and the other in another city. We used FortiGate as the integrating solution between the two locations, i.e. the Fortinet 30E & 100E."
"The base firewall features are quite valuable to us."
"The initial setup of Fortinet FortiGate was straightforward."
"UTM/NGFW features and FortiCloud for logs and backups are awesome."
"The benefits we see from the ASA are connected to teleworking as well as, of course, having the basic functionality of a firewall in place and the prevention of attacks."
"Being able to determine our active users vs inactive users has led us to increased productivity through visibility. Also, if an issue was happening with our throughput, then we wouldn't know without research. Now, notifications are more proactively happening."
"The Packet Tracer is a really good tool. If someone calls because they're having problems, you can easily create fake traffic without having to do an extended packet capture. You can see, straight away, if there's a firewall rule allowing that traffic in the direction you're trying to troubleshoot."
"Cisco ASA works out-of-the-box. With the setup wizard, it was easy to get it deployed quickly, even by novice IT users."
"The fact that we can use Firepower Management Center gives us visibility. It allows us to see and manage the traffic that is going through the network."
"The most valuable feature is the ability to block almost all of the ports."
"It's the VPN side of things that has been most useful for us. It allows us to secure our users even when they're working from home. They are able to access all of our resources, no matter where they are in the world."
"The product is easy to manage and simple. It works with the rest of our Cisco products. You can drop in new ones if you need more performance. The training and documentation provided are good."
"Site to Site VPN: The device can establish a VPN connection to multiple sites in a mesh environment in seconds, and without complex VPN knowledge."
"What I like best about Meraki MX is that it's easy to deploy remotely. The product works. It has automatic updates. I also like that Meraki MX is a brilliant device. You turn it on, stick the key in there, activate it, and then you're done. Meraki MX does what my customers need at the end of the day, so I also like that."
"The dashboard is very intuitive and easy to understand."
"The most valuable feature of Meraki MX is I can manage the solution from anywhere remotely, I can throttle bandwidth, and create all rules. Additionally, it is secure for our customers."
"It is easy to manage, which is one of the most important things for us. It is also flexible, stable, and scalable."
"The product's initial setup phase is very easy."
"I love the simplicity of Meraki MX — specifically, the simplicity of the dashboard."
"We switched to Meraki because it lets you see what's happening in your LAN and WAN in a graphic and web environment."
"Application management can be improved."
"NGN, reporting and controls."
"At first glance, the interface for the device is very confusing."
"In terms of what could be improved, the SD-WAN is quite difficult, because if you install the new box, 15 is okay, but if you change from an old configuration, if there is already configuration and a policy when you change to SD-WAN, you must change the whole policy that you see in the interface."
"Fortinet FortiGate could improve by adding enhancements to FortiMail, FortiSOAR, and FortiDeceptor."
"The main aspect of FortiGate that could be improved is load balancing. Our management team does not want to buy another appliance for only load balancing."
"I would like reporting to be improved and should offer a lot more tools to monitor the products."
"There are some complex administration tasks in their administration portal. That needs to be improved."
"I would like it to have faster deployment times. A typical deployment could take two to three minutes. Sometimes, it depends on the situation. It is better than it was in the past, but it could always use improvement."
"One area where the ASA could be improved is that it doesn't have AMP. When you get an ASA with the Firepower model, ASA with FTD, then you have advanced malware protection."
"The cost is very high. Most organizations cannot afford it."
"Third-party integrations could be improved."
"The operation of the ASA is good but the problem is that whenever you require an upgrade, there are multiple pieces of software that you have to upgrade. Extensive planning is required, because if you upgrade one piece of the software it has to be compatible with the others as well. You always need to check the compatibility metrics."
"We would like to see improvement in recovery. If there is an issue that forces us to do recovery, we have to restart or reboot. In addition, sometimes we have downtime during the maintenance windows. If Cisco could enhance this, so that upgrades would not necessarily require downtime, that would be helpful."
"The maturity needs to be better."
"In the future, I would like to be able to use an IP phone over a VPN connection."
"The product could incorporate tools like ThousandEyes into the system so we can see things directly."
"You cannot use switching behaviors as you see on the Meraki switch."
"Load balancing options and ability to manage a couple of Internet connections."
"Meraki MX can come across as an expensive solution."
"Right now, you can postpone the update but eventually, if you don't do the update, it will install the updates automatically for you and that's something that is not working for me."
"As far as what needs to be improved — nothing really comes to mind. It does what we need it to do."
"In general, the SD-WAN feature needs to be improved. The load sharing and load balancing of the traffic should be improved. I have had some problems with these features in the past."
"It would be great if the Meraki devices let us see, in real time, the internet demand on a single device."
Cisco Secure Firewall is ranked 4th in Firewalls with 404 reviews while Meraki MX is ranked 2nd in Unified Threat Management (UTM) with 57 reviews. Cisco Secure Firewall is rated 8.2, while Meraki MX is rated 8.2. The top reviewer of Cisco Secure Firewall writes "Highlights and helps us catch Zero-day vulnerabilities traveling across our network". On the other hand, the top reviewer of Meraki MX writes "Cost-effective, simplified, easy to manage, and reliable with advanced security features and granular visibility". Cisco Secure Firewall is most compared with Palo Alto Networks WildFire, Netgate pfSense, Sophos XG, Palo Alto Networks NG Firewalls and Juniper SRX Series Firewall, whereas Meraki MX is most compared with Palo Alto Networks NG Firewalls, Sophos XG, SonicWall TZ, Netgate pfSense and SonicWall NSa. See our Cisco Secure Firewall vs. Meraki MX report.
See our list of best Firewalls vendors.
We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
Meraki is designed for zero deployments and no in-house firewall specialist personnel. Best to secure Networks like remote offices, branches or home offices. Also to protect Internet Access (your computer accesses the internet).
Cisco ASA is more of a professional firewall, not only protecting internet access but also providing security for publishing services like web servers, data centers, central services. They will need a specialist to install and support them. Therefore offer much more sophisticated protection features.
So you can't really compare these solutions, as they are targeting different markets.
You might compare Cisco to Sophos, but again, these are different protection solutions, one for network protection, the other for client protection. If you look only at the firewall part, you miss a lot in the total protection approach with Sophos.
Cisco Adaptive Security Appliance (ASA) software is the operating software for the Cisco ASA suite. It supports network security and firewall options. We researched both Meraki and ASA. We liked that ASA provides a solid VPN setup and integrates with other Cisco security offerings.
Cisco ASA is great for routing and accessing remote office locations via the remote VPN. We also liked the high availability and customizable nating (Network Access Translation). It is very reliable and easy to use. You can easily configure a site-to-site VPN to connect multiple sites. The support is great - they respond 24/7/365 and there is a lot of documentation available.
The downside is that ASAs are aging. Therefore, Cisco ASAs are best suited to small businesses. If you need something affordable that gets the job done, ASA is a good option.
We chose Cisco Meraki, because, in our opinion, it is a step forward from ASA. The level of security and intrusion detection is great, and because it is cloud-based, it is easy to change the configuration without downtime. Logging is very comprehensive, and management is very simple.
The best feature is content filtering with granular control. Cisco Meraki offers advanced malware protection, including traffic shaping. Another feature we really like is that you can pre-configure devices before they arrive at the installation.
It doesn’t work with DMVPN, which is a downside. Another feature that could use some improvement is reporting, which is not real-time. The price can get expensive but if you can afford it, a full-stack Cisco Meraki system does a great job keeping your network secure.
Conclusions:
If you want a robust but basic firewall, ASA is your best choice. Cisco Meraki is a better choice if you are looking for a next-generation firewall with advanced security features and easy management.