We performed a comparison between Cisco Secure Firewall and Meraki MX based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: Meraki MX is the winner in this comparison. It is easier to set up and more user-friendly than Cisco ASA Firewall. In addition, Meraki MX is a less expensive solution than Cisco Secure Firewall.
"The stability and scalability of this solution are satisfactory. Its SD-WAN, VPN, and URL filtering features are very useful."
"The most valuable features of Fortinet FortiGate are the different types of profiling. It has been the most effective for me. The WAF and the antivirus profile are the most effective in network protection."
"The technical support is great."
"The most valuable feature is the bundled subscription, which is IPS, TV and web filtering."
"It is a good source for firewall protection."
"The technical support in our region is excellent."
"It is a safe product."
"We purchased Fortinet because of the pricing, its functionality, because it met our requirements, and the total cost of ownership over five years was quite reasonable. In the market, Fortinet is rated quite well."
"The initial setup was not complex."
"This solution made our organization more secure and gave us better control."
"Once you add Firepower onto to it and you start enabling some of its features, you get some IDS/IPS involved with it and you can even do web filtering."
"Management Console and user profiling to define activities."
"The IPS (In-plane switching) is the most valuable feature."
"The product offers good scalability."
"The transparency of the single UI to ensure security. A product has to be simple so that an administrator can use it."
"The most valuable feature must be AnyConnect. We have quite a few customers who use it. It is easy to use and the stablest thing that we have. We have experienced some issues on all our VPN clients, but AnyConnect has been the stablest one."
"Simple to manage."
"It prevents us from being hacked and delivers information about who and where the attack came from."
"It's flexible, easy to configure, and easy to manage."
"Site to Site VPN: The device can establish a VPN connection to multiple sites in a mesh environment in seconds, and without complex VPN knowledge."
"Intrusion detection and prevention (IDS/IPS): The best feature. It can detect malware, even a virus, and warn you by email about the device that has it. When the Meraki detects that something is wrong, it automatically blocks the connection or the intrusion, delivering a graphic report with all the necessary content."
"In general, Meraki MX is easy to work with."
"Easy to deploy with a simple configuration."
"They have very good technical support and I have relied heavily on them."
"The firewall engine is not so strong as of now, in my opinion... My second concern is that, while they have Zero-day vulnerability and anti-malware features, the threat engine needs to be strengthened, its efficiency can be increased."
"In the next release, maybe the documentation on how to use this solution could be improved."
"The biggest "gotcha" is that if the client purchases what they call the UTM shared bundle, which has unified threat management on both, it's not as easy to manage if you have more than one firewall."
"One area for improvement is the performance on the bandwidth demands for smaller devices, as well as better web filtering."
"You do need some IT knowledge in order to effectively work with the solution."
"It should come integrated or have its own type of network monitor tool in a module. There should just be one package, and you are good to go."
"Technical support is good but the response time could be faster."
"A sandbox would be good in order to be able to inspect the emails containing spam and be able to validate the emails that contain malware, prior to delivering to the customer."
"The software was very buggy, to the point it had to be removed."
"It should have an additional “operating mode”, like a “candidate configuration mode”, where you would have the possibility to test the changes you are going to implement and also the possibility to validate these changes."
"They need a user-friendly interface that we could easily configure."
"The solution needs to have better logging features."
"We found it difficult to publish an antennae sidewalk with the ASDM. I think Cisco should improve this by creating a simpler interface for the firewall."
"The intelligence has room for improvement. There are some hackers that we haven't seen before and its ability to detect those types of attacks needs to be improved."
"I would like it if there was a centralized way to manage policies, then sticking with the network functions on the actual devices. That is probably the thing that frustrates me the most. I want a way that you can manage multiple policies at several different locations, all at one site. You then don't have to worry about the connectivity piece, in case you are troubleshooting because connectivity is down."
"The ASA has become a bit old and needs updating."
"As far as what needs to be improved — nothing really comes to mind. It does what we need it to do."
"Meraki MX can come across as an expensive solution."
"The IPS, the Intrusion Prevention System, can be improved."
"We can’t access GUI management and CLI opening features when the Internet is unavailable."
"It is very expensive."
"The whole Cisco Meraki range requires easier access for cameras. For a security center, it would be helpful to have easier access to cameras through the portal. Its licensing cost could also be better."
"It would be nice to get detailed logging information without third-party software."
"We had minor issues with Meraki MX. We had a couple of RMAs, so that could be an area for improvement, but in terms of how the RMAs went, the turnaround time and getting those back into redeployment were quick. Another area for improvement in Meraki MX is that when you're scaling for multiple locations, you need to use the same model, but the model you'd need is only available for a short time. The specific model you require could be out of stock, or Meraki isn't making that model anymore, so Meraki should improve that."
Cisco Secure Firewall is ranked 4th in Firewalls with 404 reviews while Meraki MX is ranked 2nd in Unified Threat Management (UTM) with 57 reviews. Cisco Secure Firewall is rated 8.2, while Meraki MX is rated 8.2. The top reviewer of Cisco Secure Firewall writes "Highlights and helps us catch Zero-day vulnerabilities traveling across our network". On the other hand, the top reviewer of Meraki MX writes "Cost-effective, simplified, easy to manage, and reliable with advanced security features and granular visibility". Cisco Secure Firewall is most compared with Palo Alto Networks WildFire, Netgate pfSense, Sophos XG, Palo Alto Networks NG Firewalls and Juniper SRX Series Firewall, whereas Meraki MX is most compared with Palo Alto Networks NG Firewalls, Sophos XG, SonicWall TZ, Netgate pfSense and SonicWall NSa. See our Cisco Secure Firewall vs. Meraki MX report.
See our list of best Firewalls vendors.
We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
Meraki is designed for zero deployments and no in-house firewall specialist personnel. Best to secure Networks like remote offices, branches or home offices. Also to protect Internet Access (your computer accesses the internet).
Cisco ASA is more of a professional firewall, not only protecting internet access but also providing security for publishing services like web servers, data centers, central services. They will need a specialist to install and support them. Therefore offer much more sophisticated protection features.
So you can't really compare these solutions, as they are targeting different markets.
You might compare Cisco to Sophos, but again, these are different protection solutions, one for network protection, the other for client protection. If you look only at the firewall part, you miss a lot in the total protection approach with Sophos.
Cisco Adaptive Security Appliance (ASA) software is the operating software for the Cisco ASA suite. It supports network security and firewall options. We researched both Meraki and ASA. We liked that ASA provides a solid VPN setup and integrates with other Cisco security offerings.
Cisco ASA is great for routing and accessing remote office locations via the remote VPN. We also liked the high availability and customizable nating (Network Access Translation). It is very reliable and easy to use. You can easily configure a site-to-site VPN to connect multiple sites. The support is great - they respond 24/7/365 and there is a lot of documentation available.
The downside is that ASAs are aging. Therefore, Cisco ASAs are best suited to small businesses. If you need something affordable that gets the job done, ASA is a good option.
We chose Cisco Meraki, because, in our opinion, it is a step forward from ASA. The level of security and intrusion detection is great, and because it is cloud-based, it is easy to change the configuration without downtime. Logging is very comprehensive, and management is very simple.
The best feature is content filtering with granular control. Cisco Meraki offers advanced malware protection, including traffic shaping. Another feature we really like is that you can pre-configure devices before they arrive at the installation.
It doesn’t work with DMVPN, which is a downside. Another feature that could use some improvement is reporting, which is not real-time. The price can get expensive but if you can afford it, a full-stack Cisco Meraki system does a great job keeping your network secure.
Conclusions:
If you want a robust but basic firewall, ASA is your best choice. Cisco Meraki is a better choice if you are looking for a next-generation firewall with advanced security features and easy management.