Cisco Meraki MX Firewalls is a combined UTM and Software-Defined WAN solution. Meraki is managed via the cloud, and provides core firewall services, including site-to-site VPN, plus network monitoring.
$595
per appliance
Juniper SRX
Score 8.4 out of 10
N/A
Juniper SRX is a firewall offering. It provides a variety of modular features, scaled for enterprise-level use, based on a 3-in-1 OS that enables routing, switching, and security in each product.
Cisco Meraki MX Firewalls were definitely more expensive that the Juniper SRX models we had previously but the easy of use, configuration, consistency and insight the Meraki dashboard provides made it an easy choice to use the better produce, Meraki.
Depends on the use case. Meraki shines in the area of ease of management and ease of deployment. This is typically retail customers with many locations or customers with lean IT staff. Meraki MX seems not to do well in complex environments with heavy IT staff requirements. …
The MX platform is definitely suited. It seems to be best at the branch locations under a thousand users or so. And then at the data centers, it's been a little bit of a complicated process involving the full stack of the Meraki switches firewall security appliances. It gets a little more difficult within the data centers because the routing protocols aren't built out fully. They're working on, they're adding new features to that. But right now we're still struggling with a little bit of the features that are available within our data centers.
SRXs seem to be well suited at the enterprise level for plain routers, firewalls, and IDP/IDS. They work well on MPLS and Ethernet, including Internet. I have 3 SRXs also performing edge duty, with 2 in a high availability (HA) cluster. The Juniper line of SRXs provides a good range of scaling from small business to extremely large enterprise. Wire speed is a common comparison factor and Juniper shines in that area.
I'm very happy with their analytics now with the tie in with Thousandeyes, it's been really great insight. We now are SD wan, so insight's been really good. So as you know, everyone blames the network and having that kind of analytics from a single pane glass has been wonderful.
So I think that what we've noticed is the template, and I don't actually configure the Meraki, so that's done by our network team that works under me. But what I'm getting from some of the feedback is that with the Meraki we're a little bit limited into the template as to what we can set up for each template individually. And I'm kind of getting that it has to be based on region, it's not really what we want. So we end up with different templates that we have right now that aren't quite meeting our needs. I don't know if a newer version of Meraki might have that issue addressed already, but I find the template isn't as diverse as what I would like it to be.
My only real criticism of the product is that it's hard to figure out how to upgrade the firmware from the CLI via TFTP via the docs, but it works great once you get it sorted.
As we have it in place now, we will continue to keep it at our remote sites. Future expansion is something we are reviewing, and may well start with some of the larger switches as they seem to offer good performance and management at a reasonable price. Wireless is also something we're investing in and their devices are great for that.
The Cisco Meraki MX series is very easy to use. Setting up user VPN access, site to site VPN to tie multiple locations together and managing all your devices. You can even download the latest firmware and install without ever leaving the dashboard. Meraki is the very definition of easy to use
I haven't ever had a bad experience with Meraki support. On the few occasions where I wasn't understanding the UI or needed some clarification about what a setting actually would do, I contacted them and they were very quickly able to provide help. Returns are simple and fast, too. We had to return a defective device one time and they shipped the replacement before we had even un-racked the one that was faulty. Unlike many other vendors, they didn't ask use to a do long list of scripted diagnostics, they just took my word for it that the device was broken and sent out a replacement immediately
This is the one area where I have a beef with Juniper. When I called into Cisco TAC, 90% of the time, the first person I spoke with was able to resolve my issue. With Juniper TAC, 90% of the time, the first person I speak with is not able to resolve my issue, seems to almost be reading from a script, and must escalate my ticket. All of which takes time.
We're really using the Meraki more and more, everything from the wireless. We started doing some work with the cameras and security. Meraki has been a great product for our company so far. We use it for a lot of our outer campuses as the VPN Tunneling primary with SD wan. So it's working out very well for us.
Juniper SRX stands tall compared to all these products for Large Service Provider Networks, where traffic volume is larger. Also, cost comparison with SRX's few other products can also be another contributing factor while selecting this. As well as Juniper Routers, Switches, and multiple products from the same vendor to maintain one single vendor environment. As well as Juniper Support is also really good.
The Cisco Meraki MX is basically a good product, but not perfect. If you compare the Cisco Meraki MX with a Fortigate or Cisco Firepower, you quickly realize that this system can do less than the reference product. The Cisco Meraki MX can be used in small environments, but in large environments you have to check carefully whether it really makes sense to use it.
It is a workhorse for our field operations. It provides the last touch for an ISP to the customer. The customer has no view of the device, but with the repeatability of the device, they do not need to.
The ability to roll out a dynamic routing protocol attached to a security zone allows elasticity to the environment that supports growth.
VLAN support on the inside interfaces allow this to be the only device in some smaller deployments we install these in.