Cisco Meraki MR Wireless Access Points vs. Palo Alto Networks Next-Generation Firewalls - PA Series

The Cisco Meraki MR Wireless Access Points is a good solution although not for everyone. Cost wise it is more expensive than competition. Technically speaking, if you are going for a full Cisco Meraki solution from firewall, switches, WAP, and management app, it requires a solid technical understanding of where each part and piece falls. If you have the money and the technical capabilities (in house or outsourced) then it is a solid platform that leans on Cisco's respectable history in the communications and infrastructure industry.

Incentivized

Anywhere where high performance and application-specific rules are necessary would be a great fit. Palo Alto NG firewalls are exceptionally well suited to doing application-based rules, rather than service-based rules, although they can still easily do those. The cost might make it less well-suited for smaller installations or where the more complicated setup procedures are too much for a user with limited proficiency to handle.

Incentivized

• It's cloud based, so as long as we have an internet connection, we can access it. Whenever we push a change, it's one stop like a single pane of glass to manage all our equipment. And so that's what I liked about it.

Incentivized

• The PA handles VPN connectivity without missing a beat. We have multiple VPN tunnels in use for redundancy to cloud-based services.
• The PA has great functionality in supporting failover internet connections, again with the ability to have multiple paths out to our cloud-based services.
• The PA is updated on the regular with various security updates, we are not concerned with the firewall's ability to see what packets are really flowing across the network. Being able to see beyond just IP and port requests lets you know things are locked down better than traditional firewalls.
• It is a great overall kit, with URL filtering and other services that fill in the gaps between other solutions without breaking the bank.

Incentivized

• So the Cisco Meraki MR Wireless Access Points dashboard, it's a little bit like comparing Apple and Android. So with Android you can do a lot more configuration, whereas with Meraki there are a lot of assumptions about a radio resource management. There are a lot of assumptions around, for instance, when it does a heat map, it's a heat map, which is a population density rather than a wireless coverage heat map. So that can cause confusion because normally when you look at heat map, you're looking at, that is a metric for how well it's performing rather than how many devices are using it. So I think that's always at the bone of contention around one of the things it can do.

Incentivized

• The interface is a little complicated at first. This is common for all firewall products I've used but Palo Alto could definitely update the UI.
• Firewall rule audits are cumbersome. I have been using third-party tools to assist with the management. It would be great if Palo Alto could build out this functionality within Panorama.
• Best-Practice Assessment (BPA) is not well advertised. These are very useful but require reaching out to your rep. Palo Alto should look at automating this and building it into QBR touchpoints with their customers.

Incentivized

It is a solution that works very well. It is almost like setup and forget, since the solution works. When issues occur, documentation is available with detailed steps on how to solve this problems you are facing, of course Technical Support is always ready to help. We have had instances where an Access Point fails and within 2 days we have the replacement

Incentivized

The PA5220s have far exceeded what we have expected out of them. It was a bit of a learning curve coming from another vendor, but everything falls into place now with ease. The capabilities of the solution still surprise us, allowing us to remove other costly hardware and providing a single point of management needed

Incentivized

To get basic functionality doesn't take long. Set up a new Meraki Dashboard activate the licenses and get internet connection for the APs and you are more or less done. The Dashboard will find your items and you're good to go.

Incentivized

PA Series firewalls provides good value for the price spent on them. Specially the 3K and 5K series devices contains hardware which keeps the management access smooth even during the peak hours of data traffic. The next gen firewall filtering services does function well (except for some bugs).

Incentivized

We have been deploying Meraki since last 8 years and even the first one deployed seems to be working fine till now!

Incentivized

We have not had any issues with the Meraki WiFi Access Point hardware but we did encounter a problem with a Meraki LAN switch that failed to power up. Upon a email into the Meraki Support, they promptly called back and we went over some quick tests to determine a power supply problem. A replacement LAN switch was sent to me the next day.

We've run into a couple undocumented bugs, but that seems to happen with every brand and technology. Any time we've had to engage Palo Alto support they've always been professional, knowledgeable and prompt. In almost all cases we've been able to resolve our issues without having to escalate our tickets.

Incentivized

There were documents that detailed how the WiFi Access Point was to be installed and mounted. The only issue was to cable the device, we use a third party for this type of work and typically has to be performed after normal business hours. Other than that, the installation was easy.

We were more on a Cisco Wireless Controller set up, which takes a lot longer to control and that's why we've actually gone through a cloud-based product, which is very easy compared with the old traditional way that we used to have. It's more ease of software. They've got very similar features, but it's easy to set up and maintain into the future.

Incentivized

We are using Cisco ASA before in our environment but when it comes to deep scanning & layer 7 security it doesn't have that capability. After using Palo Alto Networks Next-Generation Firewall we are using sandboxing & advance malware protection that provides high-level end-user security. Also after implementing it we can easily monitor user-level traffic.

Incentivized

As far as I know, it's 10. I mean, because like I said, I manage stuff in the south. I have coworkers that manage it in the north. And so the scalability of it to be able to be go in and see the configurations of the ones in the north as well as they can see in the south. So across the board, it works really well for how widespread out it is.

Incentivized

• Uptime has improved significantly. The dashboard automatically keeps devices up to date by scheduling upgrades at remote times (say 2am on a Sunday)
• Swapping to Cisco Meraki MR Wireless Access Points has reduced the management overhead. No more long controller software hardware upgrades and obviously no more need for beefy central controllers.

Incentivized

• We used to outsource our Firewall and it's management. Not only did we find their SLA's to be lacking, in general, but communication between us was horrible. Many times we could not understand them and that resulted in less than desirable rule creation or troubleshooting.
• Since we no longer have to pay a company for 24/7 management (and SLOW SLA's) we are saving a ton of money each year. Also our fellow employee's are much happier that things can be resolved in a timely manner.

Incentivized