Cisco Meraki MX Firewalls is a combined UTM and Software-Defined WAN solution. Meraki is managed via the cloud, and provides core firewall services, including site-to-site VPN, plus network monitoring.
$595
per appliance
Palo Alto Panorama
Score 8.5 out of 10
N/A
According to the information provided by the vendor, Palo
Alto Panorama is a network security management solution that intends to
simplify and enhance cybersecurity processes for businesses. The product's
primary objective is to offer various features, including unified policy
management, centralized visibility, automated threat response, simplified
configuration, unrivaled scalability, and rapid security adoption. It claims to
assist organizations in efficiently managing their firewalls and…
Small office, small business, medium business even larger enterprise can work on Cisco Meraki MX if they can sacrifice some of the functionality that Cisco Meraki MX can not provide. To enhance security, I would advise combining with cloud delivered firewall.
I think Palo Alto Panorama is suited for administrators of all levels because certain things can be locked down to certain permission levels. But there are executive dashboards all the way down to the weeds for the highest of administrators. This truly is a single pane of glass tool because you never have to go into the individual firewalls for anything.
The management is the best. I'm an old-fashioned networking guy, so I'm used to going to the site itself and connecting. For example, a console cable and start and start configuring. Now since the management is so easy on Meraki I can configure everything from the headquarters from where I sit in Israel and then just go to the site and connect and basically, it's plug and play. After I configure everything from my office in Israel, I can just go to the site for a few hours, and connect everything. Just the magic happens.
If you need to push a setting or config to multiple firewalls Panorama can do that flawlessly.
Panorama has its logging centralized and this makes it easy to locate and reviews logs compared to having to get logs from each device.
I love how the interface matches the interface on the firewall. This makes the learning curve less steep.
Adding new firewalls to Panorama is super easy and not complex. Panorama can push a lot of the config and settings so you don't have to manually do it.
The way you need to segment devices by network causes you to need to go to different dropdowns to see everything at a single site. They have improved this and now allow you to add firewall, switches and wireless to create a single site, but still a bit clunky.
The ability to push out OS updates could be improved in Panorama. It has the abilities, but the use is not intuitive, to the point that we generally connect directly to the firewalls to download the OS updates directly.
Scheduling. It would be nice to be able to schedule jobs to run at certain times. Pushing out updates, like OS updates mentioned above, can require significant bandwidth. So being able to schedule that work for hours that would not directly affect the users would be a welcome addition.
The list of devices in the Templates tabs should be sorted the same way that he devices are grouped in the Device Group tab, rather than just alphabetical. If there was a way to chose the order of the devices, maybe by tag, that would work as well.
As we have it in place now, we will continue to keep it at our remote sites. Future expansion is something we are reviewing, and may well start with some of the larger switches as they seem to offer good performance and management at a reasonable price. Wireless is also something we're investing in and their devices are great for that.
Panorama has given us much more than we expected and the support for the product, by Palo Alto Networks has been great. We would like to see some improvements that I mentioned in another review, like scheduling changes, but overall Panorama has provided a very capable product and we are very happy with it.
The Cisco Meraki MX series is very easy to use. Setting up user VPN access, site to site VPN to tie multiple locations together and managing all your devices. You can even download the latest firmware and install without ever leaving the dashboard. Meraki is the very definition of easy to use
You can do anything via the GUI without going to the CLI. High real time security as every five minutes, it updates the list of phishing websites. High protection as the firewall communicates with the cloud, a machine running artificial intelligence helps to detect malware or other threats.
I haven't ever had a bad experience with Meraki support. On the few occasions where I wasn't understanding the UI or needed some clarification about what a setting actually would do, I contacted them and they were very quickly able to provide help. Returns are simple and fast, too. We had to return a defective device one time and they shipped the replacement before we had even un-racked the one that was faulty. Unlike many other vendors, they didn't ask use to a do long list of scripted diagnostics, they just took my word for it that the device was broken and sent out a replacement immediately
Palo Alto has a very nice customer support. People are very nice and were quick to reply, whenever we had an issue with the subscription or the blacklist tool. There is also a great deal of information on their website that covers each and every detail about the uses and the threat signatures. The community keeps on updating their information very frequently. Small issues are easily solved from the documentation, and for other issues, the customer support service is always present. However, on Fridays it becomes a little delayed as per my observation.
Overall, for a new network admin or a non-IT person, the Cisco Meraki MX is much easier to configure for a single site than the Cisco ASA Firewalls. ASA can be quicker for those with a background in Cisco command line OS.
Palo Alto Panorama and Junos Space Security Director have many similar features but Palo Alto Panorama excels in almost all of them. The monitoring tools in Palo Alto Panorama are easy to use and give more in-depth insight into what is going on in your network. Palo Alto's security is ranked much higher and the Web Application Security is also superior to that of the Junos counterpart.
The Cisco Meraki MX is basically a good product, but not perfect. If you compare the Cisco Meraki MX with a Fortigate or Cisco Firepower, you quickly realize that this system can do less than the reference product. The Cisco Meraki MX can be used in small environments, but in large environments you have to check carefully whether it really makes sense to use it.
VPN tunnel between locations has been up 99% of the time in the 7 years that I have used the Cisco Meraki MXs in my current position. That does not include ISP issues because, in my mind, that shouldn't dictate the performance of the Cisco Meraki MXs.
Sometimes we get phishing emails with malicious links in them. We are able to block the URLs on our network using the Cisco Meraki MXs, and the appliance configuration sets in less than a minute. Blocking that link for anyone over VPN or on the LAN.
The interface is really simple and configuration is a breeze, which makes deploying a new Cisco Meraki MX really fast and easy. Replacing an Cisco Meraki MX is even easier, Just remove the old and add the new and all the configuration stays for the new appliance to use. Saves so much time and money.
The biggest thing is we have not had really any issues with any of our Cisco Meraki MXs going down in the past 7 years. The reliability with these devices are amazing.
At a previous company, I deployed Palo Alto firewalls to a data center, and 12 branch locations. This allowed us to replace MPLS links with IPSec tunnels between the sites. This resulted in significantly more throughput and soft savings of increased productivity. However, the estimated net of $220,000 in hard savings over five years is what is most impressive. I could not have effectively managed all those devices without Palo Alto Panorama.
