Cisco Meraki MX Firewalls is a combined UTM and Software-Defined WAN solution. Meraki is managed via the cloud, and provides core firewall services, including site-to-site VPN, plus network monitoring.
$595
per appliance
Palo Alto Networks Next-Generation Firewalls - PA Series
Score 9.5 out of 10
N/A
Palo Alto next-generation firewalls classify all traffic, including encrypted and internal traffic, based on application, application function, user and content. Users can create security policies to enable only authorized users to run sanctioned applications.
N/A
Pricing
Cisco Meraki MX
Palo Alto Networks Next-Generation Firewalls - PA Series
Editions & Modules
MX64
$595
per appliance
MX67
$695
per appliance
MX68
$995
per appliance
MX84
$1,995
per appliance
MX100
$4,995
per appliance
MX250
$9,995
per appliance
MX450
$19,995
per appliance
No answers on this topic
Offerings
Pricing Offerings
Cisco Meraki MX
Palo Alto Networks Next-Generation Firewalls - PA Series
Palo Alto Networks Next-Generation Firewalls - PA Series
Considered Both Products
Cisco Meraki MX
Verified User
Engineer
Chose Cisco Meraki MX
For a small remote office, Cisco Meraki MX was compared to the PaloAlto next gen firewall.
Whilst the company prefers the use of PaloAlto for internet destined traffic, the office features and simplicity of management meant the Cisco Meraki MX was an easy choice for a small …
Cisco Meraki MX is easy if you don't need multi-tenancy solutions and if the routing in the network is not so complex. But Cisco Catalyst SD-WAN solution is more powerful and has more features compared to Meraki.
Meraki is just easier to use and deploy. It’s not the cheapest option, nor is it the most feature rich or performant firewall platform. But when you need something that works and meets PCI/HIPAA compliance, with very little effort to use, this is the ideal platform for you. …
Cisco Meraki MX is a different product targeted at different markets, not exactly a UTM / NGFW. Centralized management and a single pane of glass add a lot of value. Again there are sites where no MX can replace a PA due to the configuration requirements and performance …
I have primarily used Palo Altos (from the small PA220s to the bigger PA3000s) and while the PAs have a greater learning curve I believe them to be the superior firewall. They are more of a compromise of features/advanced options to ease-of-use, with Meraki leaning more heavily …
Depends on the use case. Meraki shines in the area of ease of management and ease of deployment. This is typically retail customers with many locations or customers with lean IT staff. Meraki MX seems not to do well in complex environments with heavy IT staff requirements. …
Meraki MX's have their place due to the ease of configuration, management, and cost. That is small to mid size businesses. If you require features such as the full suite of NG firewall options, SD-WAN, and granularity of ACL/Policy rules, then Fortinet, Palo Alto and/or …
Palo Alto Networks Next-Generation Firewalls - PA Series
Verified User
Professional
Chose Palo Alto Networks Next-Generation Firewalls - PA Series
These are cheaper (or at least were) than the Meraki firewalls and they allow you to integrate with Palo Alto Wildfire, which is valuable. This allows for a more real time analysis of packets (though we may have to upgrade to a larger firewall to use this). The PA-500 VPN is …
Palo Alto Networks Next-Generation Firewalls - PA Series
Likelihood to Recommend
Cisco
Cisco Meraki MX is great for a short term deployment. An all in one model can combine a cellular router, wireless access point, 10 port switch (with POE). Having a cellular model means seamless failover with a wired link. An included SFP slot on the MX68 series would be beneficial. Maybe in a newer model.
Palo Alto Networks Next-Generation Firewalls - PA Series are extremely versatile. Whether it be a one office location or multiple sites, the Panorama interface allows centralized management. I've found Palo Alto does a great job with their updates and supporting customers. As a cybersecurity professional, I like that Palo Alto's products offer a wide range of controls to support defense in depth. It is easy for security and network infrastructure teams to use the same consoles to deliver performance with security built in.
It provides a really good single pane of glass so you can really easily identify end to end, what is going on in your environment.
It provides the ability for someone that doesn't necessarily need a really deep level of knowledge to be able to operate and maintain it. I think that's probably a big selling point, but I think definitely for the people that I'm selling the products who just having a dashboard and being able to log onto it and see if things are good or bad is quite key. So it does that really well.
The PA handles VPN connectivity without missing a beat. We have multiple VPN tunnels in use for redundancy to cloud-based services.
The PA has great functionality in supporting failover internet connections, again with the ability to have multiple paths out to our cloud-based services.
The PA is updated on the regular with various security updates, we are not concerned with the firewall's ability to see what packets are really flowing across the network. Being able to see beyond just IP and port requests lets you know things are locked down better than traditional firewalls.
It is a great overall kit, with URL filtering and other services that fill in the gaps between other solutions without breaking the bank.
As we have it in place now, we will continue to keep it at our remote sites. Future expansion is something we are reviewing, and may well start with some of the larger switches as they seem to offer good performance and management at a reasonable price. Wireless is also something we're investing in and their devices are great for that.
The PA5220s have far exceeded what we have expected out of them. It was a bit of a learning curve coming from another vendor, but everything falls into place now with ease. The capabilities of the solution still surprise us, allowing us to remove other costly hardware and providing a single point of management needed
The Cisco Meraki MX series is very easy to use. Setting up user VPN access, site to site VPN to tie multiple locations together and managing all your devices. You can even download the latest firmware and install without ever leaving the dashboard. Meraki is the very definition of easy to use
In my opinion, the Palo Alto Firewall is the simplest firewall in terms of management interfaces; though it has more advanced options that apply to more advanced use cases. Configuring basic features on the firewall is nearly self-explanatory; configuring more advanced features can be met with very thorough vendor documentation.
I haven't ever had a bad experience with Meraki support. On the few occasions where I wasn't understanding the UI or needed some clarification about what a setting actually would do, I contacted them and they were very quickly able to provide help. Returns are simple and fast, too. We had to return a defective device one time and they shipped the replacement before we had even un-racked the one that was faulty. Unlike many other vendors, they didn't ask use to a do long list of scripted diagnostics, they just took my word for it that the device was broken and sent out a replacement immediately
We've run into a couple undocumented bugs, but that seems to happen with every brand and technology. Any time we've had to engage Palo Alto support they've always been professional, knowledgeable and prompt. In almost all cases we've been able to resolve our issues without having to escalate our tickets.
Compared to the regular Cisco devices, the greatest thing will always be the ease of configuration that the Cisco Meraki MX gives by having a dashboard to eliminate a command line that can be difficult for some beginners, it is easier to identify if you make mistakes and fix them since everything is saved and visually you can see something that is not so good.
We are using Cisco ASA before in our environment but when it comes to deep scanning & layer 7 security it doesn't have that capability. After using Palo Alto Networks Next-Generation Firewall we are using sandboxing & advance malware protection that provides high-level end-user security. Also after implementing it we can easily monitor user-level traffic.
Scalability is pretty decent. We run into some issues with the more hubs we create. We've had to tune out the deployment between whether something's a hub or a spoke regionally. So as long as not everything is a hub in this environment and you're creating spokes that talk directly to hubs, that takes a lot of the CPU utilization off of anything that's deemed a hub.
I'm going to say positive impact. The biggest thing is especially coming from having a third party taking care of our network to us doing it ourselves. The ease of this with the overall high level visual that we can get as to how our day is starting and running reports to see how many outages have we had, what areas have they actually been in running these reports and being able to gather if it's a certain service provider that's causing an issue in a general area, maybe we need to switch service providers for ISP. So it's been great in that mannerism for us. Ease of manage, I mean, we have a limited number of staff, we have a lot of different offices across the country. And then this is relatively new for us because we did have a previous provider doing all of this for us.
Overall, even though the device is very expensive (both hardware and licensing), the product does produce a decent ROI, given that one (or HA pair) of devices can do so many things, such as anti-virus, anti-malware, URL filtering, SSL decryption, SSL VPN, routing, etc.
There will definitely be sticker shock when you're renewal comes up annually (or after 3 years), so be sure to look very carefully at the recurring costs of this product, with respect to licensing and hardware/software maintenance.