Cisco offers the Meraki brand of Ethernet switches.
N/A
Palo Alto Networks Next-Generation Firewalls - PA Series
Score 9.1 out of 10
N/A
Palo Alto Network’s Next-Generation Firewalls is a firewall option integrated with other Palo Alto security products. Released in late 2023, the PA-7500 ML-Powered NextGeneration Firewall (NGFW) enables enterprise-scale organizations and service providers to deploy security in high-performance environments.
$1.50
per hour per available zone
Pricing
Cisco Meraki MS
Palo Alto Networks Next-Generation Firewalls - PA Series
Editions & Modules
No answers on this topic
No answers on this topic
Offerings
Pricing Offerings
Cisco Meraki MS
Palo Alto Networks Next-Generation Firewalls - PA Series
Free Trial
No
Yes
Free/Freemium Version
No
No
Premium Consulting/Integration Services
No
No
Entry-level Setup Fee
No setup fee
No setup fee
Additional Details
—
Users may also choose to pay per gigabyte of data used starting at .065/GB. Note that prices listed here reflect installations via Amazon Web Services. Pricing may differ if other service providers are used.
Palo Alto Networks Next-Generation Firewalls - PA Series
Verified User
Professional
Chose Palo Alto Networks Next-Generation Firewalls - PA Series
I've been really happy with our Palo Alto [solutions] and we're replacing a good chunk of our ASAs with Palo Alto. As far as firewalls go the Palo Alto firewalls are significantly better in my opinion, but we still use ASAs as VPN devices in a few scenarios and they work just …
Palo Alto Networks Next-Generation Firewalls - PA Series
Likelihood to Recommend
Cisco
A Cisco Meraki solution should always be in the toolbox for a small-medium office. Especially for a project team that moves around a bit. It is very easy to deploy and if after 6 months the project moves to another location, re-deployment times are much faster than traditional kit. Whilst it could do the job. It is not at the point of replacing a large corporate office of Catalyst Switches but we feel it does not need to do that necessarily.
Anywhere where high performance and application-specific rules are necessary would be a great fit. Palo Alto NG firewalls are exceptionally well suited to doing application-based rules, rather than service-based rules, although they can still easily do those. The cost might make it less well-suited for smaller installations or where the more complicated setup procedures are too much for a user with limited proficiency to handle.
I think when it comes to the Meraki products, it's just the ease of use and ease of troubleshooting because it's all cloud-based, easy to access from anywhere I can literally get on now and troubleshoot. So I think it's just the ease of use, which is great.
The PA handles VPN connectivity without missing a beat. We have multiple VPN tunnels in use for redundancy to cloud-based services.
The PA has great functionality in supporting failover internet connections, again with the ability to have multiple paths out to our cloud-based services.
The PA is updated on the regular with various security updates, we are not concerned with the firewall's ability to see what packets are really flowing across the network. Being able to see beyond just IP and port requests lets you know things are locked down better than traditional firewalls.
It is a great overall kit, with URL filtering and other services that fill in the gaps between other solutions without breaking the bank.
So compared to the Cisco Catalyst series, there isn't that many dolls you can turn and just optimize stuff. So particularly I'm not quite sure around how stuff like MACsec would work on the MS. It's something that I've really got to look into more and the documentation isn't really that obvious for that feature.
The interface is a little complicated at first. This is common for all firewall products I've used but Palo Alto could definitely update the UI.
Firewall rule audits are cumbersome. I have been using third-party tools to assist with the management. It would be great if Palo Alto could build out this functionality within Panorama.
Best-Practice Assessment (BPA) is not well advertised. These are very useful but require reaching out to your rep. Palo Alto should look at automating this and building it into QBR touchpoints with their customers.
At the time I am writing this, Meraki MS has conver all of the required needs. Is really easy to implement, the dashboard helps a lot with the implementation and troubleshooting process, the devices are very robust and you can count with the meraki support in case you face a physical or logical issue with them.
The PA5220s have far exceeded what we have expected out of them. It was a bit of a learning curve coming from another vendor, but everything falls into place now with ease. The capabilities of the solution still surprise us, allowing us to remove other costly hardware and providing a single point of management needed
The Meraki dashboard is one of the most intuitive and user-friendly network management interfaces available. It simplifies many traditionally complex tasks, such as VLAN configuration, port management, and firmware updates, making it easy to deploy and manage networks without extensive CLI work. Features like zero-touch provisioning, remote troubleshooting, and real-time monitoring significantly reduce the time and effort needed for network administration. The reason it’s not a perfect 10 is that while Meraki is great for most standard networking tasks, it can feel somewhat limiting for advanced configurations. Additionally, the reliance on the cloud dashboard means there’s very little local management option, which could be a drawback in environments with strict compliance requirements. Overall, it’s one of the easiest networking solutions to work with, but power users might find certain advanced features lacking.
PA Series firewalls provides good value for the price spent on them. Specially the 3K and 5K series devices contains hardware which keeps the management access smooth even during the peak hours of data traffic. The next gen firewall filtering services does function well (except for some bugs).
Cisco Meraki MS switches are quite reliable, robust, and incredibly rare to experience failures. Most of the time, as with all equipment, problems arise from incorrect configurations, not from poor performance of the equipment itself. In any case, when a hardware or software issue arises, Meraki support responds promptly, and if equipment replacement is required, the service is dispatched quickly and efficiently.
In deployments using Cisco Meraki switches, no issues with performance, slowness, or loss have been reported; overall, performance is quite good. Communication and integration with other devices and brands is quite good, and the devices rarely fail.
Meraki support is excellent. They are also highly proactive. They literally replaced all of a particular model of our MS switches when it was discovered that they were not sure about the longevity of a particular chassis fan inside those switches. Without us having to do anything other than ask, they shipped us all new replacements (with a better fan in them) for the 10 or so of the switches that were in the affected model group, and we shipped the defective ones back to them int he same packaging, prepaid. None of the recalled switches had ever experienced a fan failure, but they were not willing to let them run in a production environment. I like that. Meraki MS support staff are also quick to get back to you and very knowledgeable about their product. I actually contact our Meraki rep to instigate a support case (although i could call support directly), and he gets the details from me first, then opens the ticket for us and explains it to support. This means that I only even need to talk to one person, and I like that, too. Meraki MS switches are designed to be essentially "plug and play", so support is generally not needed unless the end user is not following the deployment and operation guides
We've run into a couple undocumented bugs, but that seems to happen with every brand and technology. Any time we've had to engage Palo Alto support they've always been professional, knowledgeable and prompt. In almost all cases we've been able to resolve our issues without having to escalate our tickets.
The In-person trainings are very useful because allow you to ask questions in live to the instructor. In general, most training sessions have been delivered directly through the Meraki platform with on-demand videos. However, having a dedicated instructor has allowed us to address specific topics that in some cases aren't covered in depth in the courses.
The Cisco Meraki learning platform is very user-friendly and offers all kinds of videos, reading material, and forums related to the different courses. There are courses for specific topics and also dedicated learning paths for certifications. In both cases, the content and explanation are easy to understand and provide highly didactic examples, sample equipment configurations, and quizzes at the end of each lesson to assess the acquired knowledge.
In general, the implementation process was relatively simple, given that we already have a relationship with the partners and experience in other implementations, from the acquisition of licenses, purchase of equipment, configuration of switches and support from the Meraki team, everything has been easy to manage and the support from both the partner and the Meraki team has been excellent.
Catalyst is good but it requires CLI configuration which can be very complex for beginners because they tend to forget commands. Cisco Meraki MS takes out the complexity by having a GUI, and another advantage is the risk of committing bad configuration is minimized (such as typing a typo in a long command for a vlan or IP address). The GUI's just a lot cleaner to work with.
We are using Cisco ASA before in our environment but when it comes to deep scanning & layer 7 security it doesn't have that capability. After using Palo Alto Networks Next-Generation Firewall we are using sandboxing & advance malware protection that provides high-level end-user security. Also after implementing it we can easily monitor user-level traffic.
I would say probably eight. I think there's a lot of, the scalability is very nice and I've definitely deployed a lot of sites quickly. I think for us right now that we have to pivot away from manual configurations and using automated configurations. And so just being sure we prevent things like drift between sites is kind of important right now for us. And so I think that's the next steps for us in that product. And so I think if there was better documentation or better best practices about how to automate and deploy standardized, I think that would help.
I can't think of any negatives. Positive, well, I had nothing but positive things to say about it. Like I said, multiple times. Of course it does give us so much visibility, which is important to us. As far as on a daily basis, I mean the dashboard daily of course, and the use of the phone. It's just also they keep innovating and adding new features to it, which help us lower our troubleshooting times and uptime. And just the overall use of the product itself.
We used to outsource our Firewall and it's management. Not only did we find their SLA's to be lacking, in general, but communication between us was horrible. Many times we could not understand them and that resulted in less than desirable rule creation or troubleshooting.
Since we no longer have to pay a company for 24/7 management (and SLOW SLA's) we are saving a ton of money each year. Also our fellow employee's are much happier that things can be resolved in a timely manner.
