Cisco Meraki SD-WAN is a software-defined WAN offering transport independence, application optimization, intelligent path control, and secure connectivity.
N/A
Palo Alto Networks Next-Generation Firewalls - PA Series
Score 9.1 out of 10
N/A
Palo Alto Network’s Next-Generation Firewalls is a firewall option integrated with other Palo Alto security products. Released in late 2023, the PA-7500 ML-Powered NextGeneration Firewall (NGFW) enables enterprise-scale organizations and service providers to deploy security in high-performance environments.
$1.50
per hour per available zone
Pricing
Cisco Meraki SD-WAN
Palo Alto Networks Next-Generation Firewalls - PA Series
Editions & Modules
No answers on this topic
No answers on this topic
Offerings
Pricing Offerings
Cisco Meraki SD-WAN
Palo Alto Networks Next-Generation Firewalls - PA Series
Free Trial
No
Yes
Free/Freemium Version
No
No
Premium Consulting/Integration Services
No
No
Entry-level Setup Fee
No setup fee
No setup fee
Additional Details
—
Users may also choose to pay per gigabyte of data used starting at .065/GB. Note that prices listed here reflect installations via Amazon Web Services. Pricing may differ if other service providers are used.
Palo Alto Networks Next-Generation Firewalls - PA Series
Likelihood to Recommend
Cisco
At our level, we had to optimize our 3 internet links (MPLS and LTE) with applications like O365, SAP, Microsoft CRM Dynamics and our collaborative work tools like Teams. We also had to ensure that both client workstations and servers could communicate with minimal latency with our Microsoft Intune infrastructure.
Anywhere where high performance and application-specific rules are necessary would be a great fit. Palo Alto NG firewalls are exceptionally well suited to doing application-based rules, rather than service-based rules, although they can still easily do those. The cost might make it less well-suited for smaller installations or where the more complicated setup procedures are too much for a user with limited proficiency to handle.
Meraki has been beautifully done for people who are actually very lean on the IT infrastructure as in resources wise. So Meraki is a very good solution to give them the simplicity on a single glass plan where they can actually have visibility over all their networks on a single glass plane by a click of button, they could actually see what's happening. They could actually do troubleshooting on the fly, including packet capture, which is such a smooth feature. Usually myself including I've been have an engineering background, all my ears packet capture, I've never seen that smooth and easy to operate that you can actually have a high level understanding or deep level depending on how much you want to go in with the click of a button. That's so beautiful. I mean everything for me Meraki is point of kind of a go ahead for everyone.
The PA handles VPN connectivity without missing a beat. We have multiple VPN tunnels in use for redundancy to cloud-based services.
The PA has great functionality in supporting failover internet connections, again with the ability to have multiple paths out to our cloud-based services.
The PA is updated on the regular with various security updates, we are not concerned with the firewall's ability to see what packets are really flowing across the network. Being able to see beyond just IP and port requests lets you know things are locked down better than traditional firewalls.
It is a great overall kit, with URL filtering and other services that fill in the gaps between other solutions without breaking the bank.
The platform itself is very feature-rich. One of the difficulties we find is that to do things, for example, in terms of monitoring and obtaining data, it's not consistent. There are multiple interfaces to get them, but you can't get the same data through all interfaces. So you end up having to try to find either the least common denominator or we have to build our own code that then mines through all the interfaces and that becomes very problematic.
The other problem we've found is that there are issues where the same amount of expected software quality isn't really there in all releases. Cisco breaks things out by like shorter or long-lived release trains. And the long-lived release trains tend to have good quality by the time you get to the second or third release within it. But then those are skips. There are like 12, 18 months skips in between those. So if you start releasing features on versions in between there practically to be safe, you have to wait until you know much later. So to be able to see new future capabilities as they come out and deploy those readily needs to improve, it needs to be much faster.
The interface is a little complicated at first. This is common for all firewall products I've used but Palo Alto could definitely update the UI.
Firewall rule audits are cumbersome. I have been using third-party tools to assist with the management. It would be great if Palo Alto could build out this functionality within Panorama.
Best-Practice Assessment (BPA) is not well advertised. These are very useful but require reaching out to your rep. Palo Alto should look at automating this and building it into QBR touchpoints with their customers.
We implemented Meraki in most of our organization sites, so we are always looking for ways of improving its usage, add more features and discover characteristics that we do not know we already have. As it is an easy to use tool and we are growing, hiring new employees, it is really simple to onboard the new joiners.
The PA5220s have far exceeded what we have expected out of them. It was a bit of a learning curve coming from another vendor, but everything falls into place now with ease. The capabilities of the solution still surprise us, allowing us to remove other costly hardware and providing a single point of management needed
PA Series firewalls provides good value for the price spent on them. Specially the 3K and 5K series devices contains hardware which keeps the management access smooth even during the peak hours of data traffic. The next gen firewall filtering services does function well (except for some bugs).
Fast and efficient. The only issue currently is that the support is only overseas support and not in South Africa, which causes delays in resolution for some cases. Escalating issues is quite simple and the opening of new cases from the dashboard is easy. I have never had a support issue that could not be resolved.
We've run into a couple undocumented bugs, but that seems to happen with every brand and technology. Any time we've had to engage Palo Alto support they've always been professional, knowledgeable and prompt. In almost all cases we've been able to resolve our issues without having to escalate our tickets.
The Sonic wall and Cisco ASA required a lot of trial and error to get up and running. Rules and configurations were difficult to setup and were not intuative. Meraki is very ituative.
We are using Cisco ASA before in our environment but when it comes to deep scanning & layer 7 security it doesn't have that capability. After using Palo Alto Networks Next-Generation Firewall we are using sandboxing & advance malware protection that provides high-level end-user security. Also after implementing it we can easily monitor user-level traffic.
Being a cloud-first solution, Meraki Dashboard will scale as needed without any effort for the client. The Meraki cloud will provision (upscale and downscale) the resources as you grow or shrink in size. You only have to physically install the MX on your site, all the management is one through the Internet via Meraki Dashboard. Worth noting that you can fully-configure the MX prior to the physical installation on site.
Cisco Meraki SD-WAN gave us a new perspective on SDN, ZTP and other automation tools we didn't have before
The sizing of Meraki MX series cannot compete very large and robust networks, only if we use virtual appliances. In this case, I would recommend on other vendors like Fortinet
We used to outsource our Firewall and it's management. Not only did we find their SLA's to be lacking, in general, but communication between us was horrible. Many times we could not understand them and that resulted in less than desirable rule creation or troubleshooting.
Since we no longer have to pay a company for 24/7 management (and SLOW SLA's) we are saving a ton of money each year. Also our fellow employee's are much happier that things can be resolved in a timely manner.
