One of the most popular comparisons on IT Central Station is Fortinet FortiGate vs Meraki MX Firewalls.
People like you are trying to decide which one is best for their company. Can you help them out?
What is the biggest difference between Fortinet FortiGate and Meraki MX Firewalls? Which of these two solutions would you recommend to a colleague evaluating firewalls and why?
Thanks for helping your peers make the best decision!
Having experience with all 3 platforms, I lead with FortiGate almost every
time.
Here are some bullets on "why Fortinet"
- 340,000+ customers with 3.6+ million units shipped (more than any other security vendor)
- 90 of S&P Global 100
- 77 of Fortune 100
- 10 of the top 10 Fortune Telecom Companies
- 9 of the top 10 Fortune Retail and Commercial Banks
- 7 of the top 10 Aerospace and Defense
- High throughput: world's fastest firewall
Side by side comparison of 2 comparable models Fortigate 100E vs.
Meraki MX100:
Firewall: FG100E- 7.4 Gbps, Meraki- 750 Mbps
NGFW Throughput: FG100E- 360 Mbps, Meraki- Not published
Packets/second: FG100E- 6.6 Mpps, Meraki- Not Published
SSL Inspection Throughput: FG100E- 190 Mbps, Meraki- Not supported
IPSEC VPN: FG100E- 4 Gbps, Meraki- 500 Mbps
IPS: FG100E- 500 Mbps, Meraki- 750 Mbps
Connections (New/Max Sessions): FG100E- 30K / 2M, Meraki- 12K / 500K
Interfaces (I/O): FG100E- 20 Gbe / 2 SFP, Meraki- 10 Gbe / 2 SFP
5 Year Total Cost of Ownership: FG100E- $6.7K, Meraki- $15k
-FortiGate is a true NextGen Firewall (NGFW) – compared to Meraki, whose USP is “cloud-based ease of management.”
-FortiGate is locally managed, like traditional firewall + cloud management capable.
-A better Cisco product to compare against would be Cisco ASA-X series with FirePower Services (e.g. ASA-5545x or similar - $13k street price).
It’s my first-time using FortiGate and Meraki. I conducted POCs on both firewalls (Meraki and FortiGate) for a month, after which, I decided to acquire FortiGate.
FortiGate:
1- Takes three days for the configuration (from unboxing to network integration).
2- Has better performance than Meraki.
3- Security capabilities are mostly bundled.
4- Site to Site VPN can be easily integrated with other firewalls.
5- Affordable
Meraki:
1- Takes five days for the configuration (from unboxing to network integration).
2- Performance is good.
3- Security capabilities require additional purchase.
4- Additional instructions are needed for this feature for Site to Site VPN
5- High price.
I have used Meraki Fortinet and Cisco. They all 3 have their own language. Cisco technicians want to use CLI, while Meraki will use either CLI or GUI, and Fortinet prefers GUI. Cisco at times can be hard to understand while Meraki is better 70% to understand and I have had nothing but success with Fortinet. As for price, I figured 3-year maintenance across the board Cisco was most expensive, Meraki 2nd, and Fortinet was least expensive. Fortinet seems to bundle more in that lower price also. As for a single view Meraki is top of the pile, with a firewall, switch and access point integration. Cisco and Fortinet will let devices run without maintenance. Meraki not so, the device gives a 30-day warning and then a hard stop, which can take a week to get back up and running!
Meraki equipment requires a current license in order to operate. This also gets you hardware replacement and tech support while the license is current. Fortigate requires a current license for advanced features and firmware upgrades only. This difference seems to put off some potential Meraki customers however, if you are planning on being connected to the Internet and not running current firmware on your security appliance bigger problems await you.
As for throughput you must size your solution to meet your needs based on Internet connectivity speed that you plan to use for the life of the security appliance and the features you plan to use. If you have 250Mbps down and 25Mbps up today and plan to go 1 GB symmetrical within a year than you need to purchase a security appliance that can handle 1 GBps symmetrical now. Also advanced features like content filtering and IPS/IDS required extra horsepower on any manufacturers solution. VPN client software with Meraki would be nice but not having to pay for the AnyConnect licenses is a plus. I've heard users having issues with Meraki's Client VPN on Windows 10 but haven't experience this myself. The issues seem to be caused by Microsoft updates affected the VPN in Windows 10. Not exactly Meraki's fault but if Meraki didn't rely on MS for VPN connectivity software the issue would be null. I haven't done a VPN client solution with Fortigate to compare.
Fortigate has a CLI interface for advanced users that want that level of control.
I've used both solutions but find the dashboard for Meraki to be a huge plus. Also find it simpler to train new admins on as it is a 100% GUI solution. Either of these solutions (Fortigate or MX) are quite capable if you are looking for a security appliance. You can't go wrong with either choice in my opinion. If you have a complete Meraki stack (security, switch, APs, etc.) Meraki allows you to manage it all on the same dashboard.
@Matt Ellsworth - Meraki MX appliances allow outbound firewall rules. On the dashboard menu - Security and SD-WAN, Configure, Firewall, Outbound Rules. Fortigate has them also. I would say pretty much all enterprise firewalls have outbound rules.
In my opinion : Meraki has an end to end solution: firewall-switch-access point, that is not the deal with Fortinet.
The intent based networking solution avant la lettre has big quick wins.
As a managed service provider, we establish a powerful connection when having access to the dashboard , so customers are served in no time..
Fortinet is a good firewall like it is but has no advantage in this way.
The possibility to unlease cisco security with amp is again one eco system in connectivity and security.
Cisco has the largest amount of data … so intel is the biggest, more data= more knowledge.
Cisco has a name of being expensive, but with the right Cisco partner: htttps:\\www.conxion.be
and the right solution sales: kvansteeland@conxion.be
Cisco is the best kid in town !
Having used a couple 60D for couple years and the Meraki for one engagement few things.
Meraki
Deployed the Meraki in a simple small network and it works great. Handful of of VLANs regular stuff.
I found Meraki support to not be at the same level of TAC
VPN - I personally opened 6-7 tickets, had another integrator and Cisco reseller take a crack at the VPN, we army another route. If VPN is not needed the box sets its up
60D - it worked, just bought 60E for another gig.
Management:
Meraki is based on cloud management.
Fortinet has local management (FortiGate + FortiManager), which guarantees a greater perception of security and control.
Additional:
Meraki has Umbrella available to supplement security on cloud.
Fortinet dont have a DNS add-on solution.
Wi-Fi:
Meraki Wi-Fi solutions have proven to be better than Fortinet.
Support:
Fortinet has a larger legacy than Meraki, and a greater number of specialists.
Meraki now has the structure of CISCO, even though they are different companies.
Both companies have different revenue streams. What is good for one site might not work for another, and vise versa. I wouldn't recommend either one until I have an understanding of the needs at each site, or at least know what type of company I'm choosing a FW for. For instance, some smaller companies can go with an entirely different brand than Meraki or Fortigate...again, based on their needs. I have used both devices, and recommend different things for differing needs. A company that is entirely web based (no on-site server for instance) has differing needs than a site which has on-site services ONLY! IMHO, the question is too vague to answer completely. As an example, one of the biggest differences is the color of the chassis. The number of users supported also varies greatly, as do the services which are offered (or paid for) for each product. Based on your needs, there are models of firewalls available which have a MGMT location over LTE (which I find very attractive for some clients). If price isn't a concern, then I might have a different answer, but that answer is not implied in the question. Phillip, Matt, and Mustafa all have valid responses, but again, too little information is provided for a real answer.
I'd add that from a feature standpoint there is some differences. The throughput is smaller on the Meraki MX than most FortiGate models. The client vpn for Meraki MX is based on ipsec v1 and uses the default windows vpn setup, no agent software or AnyConnect compatibility. Meraki doesn't allow you to setup inbound firewall rules, not sure about FortiGate.
We have Meraki now - and we don't plan on buying it again when the license expires.
-Edit 2/12/19 - goofed up inbound / outbound firewall rules.
Layer 3
Inbound rules
Inbound traffic will be restricted to the services and forwarding rules configured below.
I think, The Biggest Difference Between Fortinet FortiGate and Meraki MX Firewalls is Cloud Management.
Cloud Management will help very easy to deploy and control.
Overall, I agree with Jay R, the requirements need to be understood. Are you looking for the most secure all-in-one solution? Then look for a solution that has many security features (FW, VPN, AV, IPS, Anti-Spam, APT blocking, Threat detection & Response, etc.) But are they just a hodgepodge of “ok” solutions or truly best-of-breed in each category…or at least in your critical categories?
Are you looking for the easiest to manage solution? Look into how all features are managed. One console or multiple? One step or 10 steps to manage a given feature? Do you need VPNs? How easy are VPNs to setup (site to site and clients)?
How important is centralized logging and monitoring?
Do you need multiple units? If so, can the config be copied from one to the other. Can policies be created and pushed to multiple devices? Do you need Networking features such as SD-WAN, if so what functionality is required?
Performance must be considered. Just because the marketing slick says it can do xGBps, when you turn on all features (AV, Advanced protection, SSL inspection, etc), now what can it do?
What is included in the base price vs what add-ons (additional cost items) do you require? What are the renewal costs? Sometimes products are offered at a great price but then the revenue is made up in renewals..
Bottom line, have a full list of requirements and shop based on the those requirements not the feature that one vendor or the other says they have (unless you *need* it).
I do not Know the Fortinet FortiGate well to make a fair comparison between Meraki MX Firewalls. One think one know for sure, the most user friendly GUI is the Meraki MX Firewalls. You don’t need have a very deep knowledge in network or IT security, but the Cisco Meraki technicians will know more about your network than you.
Biggest diffrence is "Meraki is Cloud Based SDN".. Control and Management plane is on Meraki Cloud.. Management is Meraki's responsibility throughout all its lifetime..
Fortigate's cloud just helps you find your Fortigate and assign it to your FortiManager.. Rest is your responsibility and management is on your site.. Control Plane is on the edges..