Help settle a debate, Meraki MX vs Fortinet Fortigate 30E
Hi All, I am a huge Meraki fan, and when you have the full stack it’s a thing of beauty. In a recent discussion/healthy debate, we are recommending a Meraki MX device when the opposition is recommending Fortinet for our distributed network. Help me settle this debate. What makes an MX the right choice for security and usability compared to Fortinet? What are Fortinet’s shortcomings? What does Fortinet not do that an MX does?
It all comes down to the requirements for the deployment. Yes I love Meraki products however if they don' fit the bill for that deployment then so be it. There is no one vendor that has a "total solution".
If you only want a high speed firewall, FortiGate is a good way to go.
If you manage more that one firewall, switches, access points, cameras and other devices, Meraki is the way to go, especially if you manage more than one site. Meraki is hands down easier for day to day management.
First, it is important to understand the different features of each firewall. Meraki MX has a broad feature set and can protect against a wider range of threats than Fortinet Fortigate 30E. Additionally, Meraki MX offers a more intuitive user interface and is easier to manage.
However, if you need to protect against more sophisticated threats, Fortinet Fortigate 30E may be a better choice. It has stronger security features and can detect and block more malicious attacks.
From a security point of view, a firewall does not matter how good it is, if the firmware is out of date. Meraki has made firmware updating painless. This is especially true if you have more that one of them.
Many of the Fortinet firewalls I see at new clients are out of date, because no one knows how to do it, and the previous IT team did not want to go on site during off hours to update them.
that is not up to date, is
One issue we had with our Fortinet firewalls was that updating firmware was a complete hassle. The firewall must be off line, so you either have a spare firewall, or do the work off hours. If you have more than one, the you spend time babysitting the firmware updates. Because of this, most of the Fortinet firewalls I come across are out of date.
My experience with Fortinet products has not been great overall. A local VAR who used to sell Nortel started moving their phone systems as a segue into the IP phone market and every single one of these units was a disaster requiring regular reboots even with just plain analog lines connected. With IP (SIP...etc), performance and reliability were even worse.
They then started moving the "next generation" ones and these weren't much better/almost as bad. Support was atrocious and none of these issues were ever resolved. They ended up pulling most of them and replacing with Avaya.
Not long after this the local Mercedes dealer received a pair of Fortinet firewalls to replace a single Juniper SSG. Already being a bit apprehensive of their product I questioned the MSP about this decision and they said "yeah, that's why we sent two, they are still cheaper than a single SSG".
I come from a mostly IOS and ASA background and was looking for something easier to manage remotely with better visibility and Cisco-level reliability. Meraki has been a good fit in that role. While the MX family lacks the complexity and deep configurability of something like FirePower (or even Sophos XG), if it works in your application (and I've found a lot of the time it does), it may be a better fit for some of the reasons @DHAnderson touched-on. Meraki equipment is wickedly simple to keep up-to-date and manage and there's a security benefit to that which needs to be considered. Also, in my experience, Cisco's support is far better.