What are the biggest differences between Meraki and Sophos? Which one is good for security and SD-WAN?

I presume the topic is UTM appliances (as Meraki and Sophos have many products).

Any physical site connected to the Internet needs some kind of a firewall, yes? That firewall should be at the site (if it is "in the cloud" you lose performance/time/bandwidth, and you still might get a man-in-the-middle issue).

For 30-80 users, for devices with prices under $5000 with taxes and shipment (for appliance plus 3 years of full licenses and warranty/support), for me, there were only two real options: Sophos XG 210 and Fortinet FortiGate FG100E (both negotiated at/under C$4350+tax), with Dell NSA 2650 a distant third (includes only 1 or 2 years of licenses/support and is more expensive). I got the Sophos XB2133SUS part number (XG210) device with a bonus device for High Availability (part number XG21T3HUS) for less than C$4300+tax. Both devices (Sophos XG210 and Fortinet FG100E) have 6+ WAN/configurable ports. For performance, look at performance with all the security features enabled (Deep Packet Inspection, VPN, antivirus, etc).
I do SD-WAN using an extra device (~firewall) in front of the actual firewall.

Meraki is not well known for UTM firewalls (sorry), but may do SD-WAN and may manage mobile devices better. I am afraid of their ongoing costs - for example, Meraki Wireless Access Points may stop working completely if the support fee is not paid (and that is a total No-No in my books; I understand not to be able to make more changes - but to stop a service??). As I see, for many folks - ongoing costs are just an after-thought, so maybe it does not matter much. For me, what matters is the actual performance, the security features, Support, initial cost and ongoing (support/licenses renewal) cost.

To be honest, if you are still buying firewall appliances and UTM licenses you are already behind a very obvious requirement to move to Cloud security. Buying UTM does not solve the growing risk of mobility and cloud application delivery. It would be worthwhile reading Gartner's SASE paper on security transformation. Or research Zscaler, who has been delivering this model for 10 years.

If a user is in your network behind your UTM, what stops him from connecting to his mobile phone Hotspot and bypassing all UTM, DLP, etc. Security has to move from the network to the endpoint. Protection regardless of location, device or network. Anything less is a massive compromise and a false sense of actual security.

Sophos gives on-premise UTM functionalities that work like traditional UTMs (such as FortiGate, Firepower and the likes). Meraki MX devices are managed from the cloud and are subscription-based but also extremely easy to configure.

If you want a very easy to configure solution with a minimum IT staff and prefer OPEX over CAPEX, go with Meraki.

If you want on-premise control, and prefer CAPEX over OPEX, go with Sophos.

I haven't had any experience with Sophos, but in small business environments I've found the Meraki devices to be needlessly complex. As one who has worked quite a bit with enterprise Cisco devices, I can't say I'm surprised. In my opinion, complexity doesn't necessarily denote better functionality.

Most concerning to me, though, the Meraki devices also stop functioning entirely if you don't renew. their licenses, and it's some $500 per year *per device.* Any situation where a license not being reactivated can shut down your entire network is a huge concern, particularly at such high cost. We aren't talking Karen not being able to use Acrobat or something here... we're talking entire site outage. That is enough to make any technician worth their salt have a mild seizure.

When it comes to Security, I have very good experiences with Sophos, I can say the security solution is absolutely great in Sophos. Whereas I have never used Meraki, so I can't comment anything on it.

SD-WAN; no experience on any of the requested products, so better not to make any false comment/advice.