Compare Fortinet FortiGate vs. Meraki MX
Fortinet FortiGate is ranked 1st in Firewalls with 55 reviews while Meraki MX is ranked 3rd in Unified Threat Management (UTM) with 12 reviews. Fortinet FortiGate is rated 8.6, while Meraki MX is rated 8.2. The top reviewer of Fortinet FortiGate writes "Don't underestimate FortiAnalyzer. It can give you a better understanding of what is going on in your network". On the other hand, the top reviewer of Meraki MX writes "A good firewall solution for small companies with a small IT department or no IT staff at all". Fortinet FortiGate is most compared with Cisco ASA NGFW, Meraki MX and pfSense, whereas Meraki MX is most compared with Fortinet FortiGate, Cisco ASA NGFW and SonicWall TZ. See our Fortinet FortiGate vs. Meraki MX report.
Sponsored | ||
Most Helpful Review | ||||||||
|
|
| ||||||
 Find out what your peers are saying about Fortinet FortiGate vs. Meraki MX and other solutions. Updated: March 2020. 418,350 professionals have used our research since 2012. | ||||||||
Quotes From Members
We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
Pros | ||
They provide DDoS protection and multi-factor authentication. That is a good option as it enables work-from-home functionality. The most valuable feature is that the encryption is solid. Unfortunately in Cisco, only the hardware was good. For us, the most valuable features are the IPX and the Sourcefire Defense Center module. That gives us visibility into the traffic coming in and going out, and gives us the heads-up if there is a potential outbreak or potential malicious user who is trying to access the site. It also helps us see traffic generated by an end device trying to reach out to the world. The information coming from Talos does a good job... I like the fact that Cisco is working with them and getting the information from them and updating the firewall. The firepower sensors have been great; they do a good job of dropping unwanted traffic. The most important point is the detection engine which is now part of the next-generation firewalls and which is supported by Cisco Talos. The most valuable feature of this solution is AMP (Advanced Malware Protection), as this is really needed to protect against cyber threats. | We use the FortiGate Sandbox to detect zero-day vulnerabilities, such as anomalies or malware, that are unknown and have not yet been discovered. We are a visual effects company, and there have been a number of high profile security issues in our industry. This has brought us to a higher standard of security, which our clients are very keen on these days. Virtual Domains (VDOMs) are a feature that we found valuable. SSL-VPN is very useful for us and has been very reliable. FortiGate Secure SD-WAN includes best-of-breed next-generation firewall (NGFW) security, SD-WAN, advanced routing, and WAN optimization capabilities, delivering a security-driven networking WAN edge transformation in a unified offering. Advanced routing (RIP, OSPF, BGP, PBR). It gives you a seamless and simple integration into a large network. The most valuable feature is the VDOM, which allows the customer to have multiple firewalls in a single campus. The security features are about the best that I've seen anywhere. | Point-to-point VPNs can dynamically follow IP changes with no need for static IPs. Dual WAN connections are greatly simplified and point-to-point VPNs automatically connect regardless of what WAN connection is active. I like the automatic firmware updates. We use the Active Directory to authenticate VPN users. I use Meraki in my POCs and with my customers as well. The internet traffic shaping has been very valuable. Deployment takes no more than one working day. The initial setup for me was straightforward. A strong, reliable solution for small companies with little or no dedicated IT department. |
Cons | ||
Cisco provides us with application visibility and control, although it's not a complete solution compared to other vendors. Cisco needs to work on the application behavior side of things, in particular when it comes to the behavior of SSL traffic. It is expensive. In NGFW, Cisco should be aligned with the new technology and inspection intelligence because Cisco is far behind in this pipeline. We were also not too thrilled when Cisco announced that in the upcoming new-gen ASA, iOS was not going to be supported, or if you install them, they will not be able to be managed through the Sourcefire. However, it seems like Cisco is moving away from the ASA iOS to the Sourcefire FireSIGHT firmware for the ASA. We haven't had a chance to test it out. Our latest experience with a code upgrade included a number of bugs and issues that we ran into. So more testing with their code, before it hits us, would help. The software was very buggy, to the point it had to be removed. Most users do not have awareness of this product's functionality and features. Cisco should do something to make them aware of them. That would be quite excellent and useful to organizations that are still using legacy data-center-security products. I have found that Cisco reporting capabilities are not as rich as other products, so the reporting could be improved. | We would like to see a better training platform implemented. We had a minor problem where there was a major system upgrade on the hardware platfrom and the Mac client was not available as soon as it might have been. The PC client was available immediately, but we had to wait a month or so, before there was a mac client. I was slightly irritated that it was not ready on time, but it was eventually resolved. To the best of my knowledge, Fortinet does not have a CASB solution and Fortinet does not have a Zero trust solution. The user interface could be improved to make it less confusing and easier to set up. There is a lot of improvement needed with SSL-VPN. I think there could be more QoS features Improvement is needed in the Web Filter quotas to restrict users with allocated quotas. Technical support for this solution can be improved. | Meraki tech support staff have a lot more visibility into your network than you do, which is frustrating at times. I understand the approach is to keep the dashboard easier to understand. This will frustrate more advanced users at times. Expensive licensing and firewall stops immediately working if the license is not renewed at expiration date. I need more UTM protection security features. The IPS, the Intrusion Prevention System, can be improved. Load balancing options and ability to manage a couple of Internet connections. Right now, you can postpone the update but eventually, if you don't do the update, it will install the updates automatically for you and that's something that is not working for me. The client-side VPN is weak. The product could be improved with deployment templates. The problem is that the two licenses do not currently integrate. We have to create separate companies and do an interconnection. |
Pricing and Cost Advice | ||
In terms of costs, other solutions are more expensive than Cisco. Palo Alto is more expensive than Cisco. Always consider what you might need to reduce your wasted time and invest it in other solutions. Pricing varies on the model and the features we are using. It could be anywhere from $600 to $1000 to up to $7,000 per year, depending on what model and what feature sets are available to us. We used Check Point and the two are comparable. Cost was really what put us onto the ASAs... the price tag for Check Point was exorbitantly more than what it is for the ASA solution. We are in the process of renewing our three-year license, which costs approximately $24,000 USD for the thirty-six months. The pricing for Cisco products is higher than others, but Cisco is a very good, strong, and stable technology. The program is very expensive. The cost of this solution is high. | Fortinet is the least expensive solution. Fortinet Secure SD-WAN delivered the lowest total cost of ownership (TCO) per Mbps among all other vendors. Setup cost may be not so low, as you expect, because it depends on different factors, but TCO for 5 years may pleasantly surprise you. The pricing for this solution is good. Before choosing a piece of equipment you have to take into account the cost-benefit offered by each one. Sometimes it is not worth paying a very cheap price to have a minimum level of security. Each feature costs money, so it is important to study your needs. I would say that all things considered, the pricing is pretty good. Fortinet is reasonable in pricing and licensing. Overall, FortiGate is affordable. The licensing fee can be a little high, depending on the budget for your project. | Other content filtering solutions that I have used had more bells and whistles, but given the cost, complexity, and management overhead, I am very pleased with Meraki’s solution. Meraki is also expensive, but it's a little bit less expensive and it's easier to configure than Cisco ASA. Pricing varies as per the type of license. |
 Use our free recommendation engine to learn which Firewalls solutions are best for your needs. 418,350 professionals have used our research since 2012. | ||||
Answers from the Community | ||||
See all 13 answers » | ||||
Top Comparisons | ||||
 Compared 37% of the time.  Compared 11% of the time. Compared 10% of the time. | Compared 15% of the time. Compared 12% of the time.  Compared 10% of the time. | Compared 36% of the time. Compared 13% of the time.  Compared 7% of the time. | ||
Also Known As | ||||
| Cisco ASA, Adaptive Security Appliance, ASA, Cisco Sourcefire Firewalls | FortiGate 60b, FortiGate 60c, FortiGate 80c, FortiGate 50b, FortiGate 200b, FortiGate 110c, FortiGate | MX64, MX64W, MX84, MX100, MX400, MX600 | ||
Learn | ||||
| Cisco | Fortinet | Cisco | ||
Overview  | ||||
Adaptive Security Appliance (ASA) is Cisco's end-to-end software solution and core operating system that powers the Cisco ASA product series. This software solution provides enterprise-level firewall capabilities for all types of ASA products, including blades, standalone appliances and virtual devices. Adaptive Security Appliance provides protection to organizations of all sizes, and allows end-users to access information securely anywhere, at any time, and through any device. Adaptive Security Appliance is also fully compatible with other key security technologies, and so provides organizations with an all-encompassing security solution. Block more threats and quickly mitigate those that do breach your defenses with the industry’s first threat-focused NGFW. | The FortiGate family of NG firewalls provides proven protection with unmatched performance across the network, from internal segments, to data centers, to cloud environments. FortiGates are available in a large range of sizes and form factors and are key components of the Fortinet Security Fabric, which enables immediate, intelligent defense against known and new threats throughout the entire network. | With the proliferation of modern applications and mixed-use networks, host and port based security is no longer sufficient. Cisco Meraki's layer 7 "next generation" firewall, included in MX security appliances and every wireless AP, gives administrators complete control over the users, content, and applications on their network. | ||
Offer | ||||
Learn more about Cisco ASA NGFW | Learn more about Fortinet FortiGate | Learn more about Meraki MX | ||
Sample Customers | ||||
| There are more than one million Adaptive Security Appliances deployed globally. Top customers include First American Financial Corp., Genzyme, Frankfurt Airport, Hansgrohe SE, Rio Olympics, The French Laundry, Rackspace, and City of Tomorrow. | Pittsburgh Steelers, LUSH Cosmetics, NASDAQ, Verizon, Arizona State University, Levi Strauss & Co. Whitepaper and case studies here | Hyatt, ONS | ||
Top Industries | ||||
Financial Services Firm18% Comms Service Provider10% Manufacturing Company10% University7% Software R&D Company28% Comms Service Provider20% Media Company7% Government5% | Comms Service Provider17% Financial Services Firm8% Healthcare Company7% Real Estate/Law Firm7% Software R&D Company25% Comms Service Provider21% Media Company7% Government5% | Comms Service Provider25% Financial Services Firm13% Consumer Goods Company13% Pharma/Biotech Company13% Software R&D Company23% Comms Service Provider19% Construction Company7% Government5% | ||
Company Size | ||||
Small Business35% Midsize Enterprise25% Large Enterprise40% Small Business28% Midsize Enterprise21% Large Enterprise51% | Small Business47% Midsize Enterprise25% Large Enterprise28% Small Business47% Midsize Enterprise30% Large Enterprise23% | Small Business57% Midsize Enterprise22% Large Enterprise22% Small Business54% Midsize Enterprise13% Large Enterprise33% | ||
Find out what your peers are saying about Fortinet FortiGate vs. Meraki MX and other solutions. Updated: March 2020.
418,350 professionals have used our research since 2012.
See also Fortinet FortiGate Reviews, Meraki MX Reviews, and our list of Best Firewalls Companies.
We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post
reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference
with LinkedIn, and personal follow-up with the reviewer when necessary.
Having experience with all 3 platforms, I lead with FortiGate almost every
time.
Here are some bullets on "why Fortinet"
- 340,000+ customers with 3.6+ million units shipped (more than any other security vendor)
- 90 of S&P Global 100
- 77 of Fortune 100
- 10 of the top 10 Fortune Telecom Companies
- 9 of the top 10 Fortune Retail and Commercial Banks
- 7 of the top 10 Aerospace and Defense
- High throughput: world's fastest firewall
Side by side comparison of 2 comparable models Fortigate 100E vs.
Meraki MX100:
Firewall: FG100E- 7.4 Gbps, Meraki- 750 Mbps
NGFW Throughput: FG100E- 360 Mbps, Meraki- Not published
Packets/second: FG100E- 6.6 Mpps, Meraki- Not Published
SSL Inspection Throughput: FG100E- 190 Mbps, Meraki- Not supported
IPSEC VPN: FG100E- 4 Gbps, Meraki- 500 Mbps
IPS: FG100E- 500 Mbps, Meraki- 750 Mbps
Connections (New/Max Sessions): FG100E- 30K / 2M, Meraki- 12K / 500K
Interfaces (I/O): FG100E- 20 Gbe / 2 SFP, Meraki- 10 Gbe / 2 SFP
5 Year Total Cost of Ownership: FG100E- $6.7K, Meraki- $15k
-FortiGate is a true NextGen Firewall (NGFW) – compared to Meraki, whose USP is “cloud-based ease of management.”
-FortiGate is locally managed, like traditional firewall + cloud management capable.
-A better Cisco product to compare against would be Cisco ASA-X series with FirePower Services (e.g. ASA-5545x or similar - $13k street price).
It’s my first-time using FortiGate and Meraki. I conducted POCs on both firewalls (Meraki and FortiGate) for a month, after which, I decided to acquire FortiGate.
FortiGate:
1- Takes three days for the configuration (from unboxing to network integration).
2- Has better performance than Meraki.
3- Security capabilities are mostly bundled.
4- Site to Site VPN can be easily integrated with other firewalls.
5- Affordable
Meraki:
1- Takes five days for the configuration (from unboxing to network integration).
2- Performance is good.
3- Security capabilities require additional purchase.
4- Additional instructions are needed for this feature for Site to Site VPN
5- High price.
I have used Meraki Fortinet and Cisco. They all 3 have their own language. Cisco technicians want to use CLI, while Meraki will use either CLI or GUI, and Fortinet prefers GUI. Cisco at times can be hard to understand while Meraki is better 70% to understand and I have had nothing but success with Fortinet. As for price, I figured 3-year maintenance across the board Cisco was most expensive, Meraki 2nd, and Fortinet was least expensive. Fortinet seems to bundle more in that lower price also. As for a single view Meraki is top of the pile, with a firewall, switch and access point integration. Cisco and Fortinet will let devices run without maintenance. Meraki not so, the device gives a 30-day warning and then a hard stop, which can take a week to get back up and running!
Meraki equipment requires a current license in order to operate. This also gets you hardware replacement and tech support while the license is current. Fortigate requires a current license for advanced features and firmware upgrades only. This difference seems to put off some potential Meraki customers however, if you are planning on being connected to the Internet and not running current firmware on your security appliance bigger problems await you.
As for throughput you must size your solution to meet your needs based on Internet connectivity speed that plan to use for the life of the security appliance and the features you plan to use. If you have 250Mbps down and 25Mbps up today and plan to go 1 GB symmetrical within a year than you need to purchase a security appliance that can handle 1 GBps symmetrical now. Also advanced features like content filtering and IPS/IDS required extra horsepower on any manufacturers solution. VPN client software with Meraki would be nice but not having to pay for the AnyConnect licenses is a plus. I've heard users having issues with Meraki's Client VPN on Windows 10 but haven't experience this myself. The issues seem to be caused by Microsoft updates affected the VPN in Windows 10. Not exactly Meraki's fault but if Meraki didn't rely on MS for VPN connectivity software the issue would be null. I haven't done a VPN client solution with Fortigate to compare.
Fortigate has a CLI interface for advanced users that want that level of control.
I've used both solutions but find the dashboard for Meraki to be a huge plus. Also find it simpler to train new admins on as it is a 100% GUI solution. Either of these solutions (Fortigate or MX) are quite capable if you are looking for a security appliance. You can't go wrong with either choice in my opinion. If you have a complete Meraki stack (security, switch, APs, etc.) Meraki allows you to manage it all on the same dashboard.
@Matt Ellsworth - Meraki MX appliances allow outbound firewall rules. On the dashboard menu - Security and SD-WAN, Configure, Firewall, Outbound Rules. Fortigate has them also. I would say pretty much all enterprise firewalls have outbound rules.
In my opinion : Meraki has an end to end solution: firewall-switch-access point, that is not the deal with Fortinet.
The intent based networking solution avant la lettre has big quick wins.
As a managed service provider, we establish a powerful connection when having access to the dashboard , so customers are served in no time..
Fortinet is a good firewall like it is but has no advantage in this way.
The possibility to unlease cisco security with amp is again one eco system in connectivity and security.
Cisco has the largest amount of data … so intel is the biggest, more data= more knowledge.
Cisco has a name of being expensive, but with the right Cisco partner: htttps:\\www.conxion.be
and the right solution sales: kvansteeland@conxion.be
Cisco is the best kid in town !
Having used a couple 60D for couple years and the Meraki for one engagement few things.
Meraki
Deployed the Meraki in a simple small network and it works great. Handful of of VLANs regular stuff.
I found Meraki support to not be at the same level of TAC
VPN - I personally opened 6-7 tickets, had another integrator and Cisco reseller take a crack at the VPN, we army another route. If VPN is not needed the box sets its up
60D - it worked, just bought 60E for another gig.
Management:
Meraki is based on cloud management.
Fortinet has local management (FortiGate + FortiManager), which guarantees a greater perception of security and control.
Additional:
Meraki has Umbrella available to supplement security on cloud.
Fortinet dont have a DNS add-on solution.
Wi-Fi:
Meraki Wi-Fi solutions have proven to be better than Fortinet.
Support:
Fortinet has a larger legacy than Meraki, and a greater number of specialists.
Meraki now has the structure of CISCO, even though they are different companies.
Both companies have different revenue streams. What is good for one site might not work for another, and vise versa. I wouldn't recommend either one until I have an understanding of the needs at each site, or at least know what type of company I'm choosing a FW for. For instance, some smaller companies can go with an entirely different brand than Meraki or Fortigate...again, based on their needs. I have used both devices, and recommend different things for differing needs. A company that is entirely web based (no on-site server for instance) has differing needs than a site which has on-site services ONLY! IMHO, the question is too vague to answer completely. As an example, one of the biggest differences is the color of the chassis. The number of users supported also varies greatly, as do the services which are offered (or paid for) for each product. Based on your needs, there are models of firewalls available which have a MGMT location over LTE (which I find very attractive for some clients). If price isn't a concern, then I might have a different answer, but that answer is not implied in the question. Phillip, Matt, and Mustafa all have valid responses, but again, too little information is provided for a real answer.