Help settle a debate, Meraki MX vs Fortinet Fortigate 30E

carlosmathinson
Comes here often

Help settle a debate, Meraki MX vs Fortinet Fortigate 30E

Hi All, I am a huge Meraki fan, and when you have the full stack it’s a thing of beauty. In a recent discussion/healthy debate, we are recommending a Meraki MX device when the opposition is recommending Fortinet for our distributed network. Help me settle this debate. What makes an MX the right choice for security and usability compared to Fortinet? What are Fortinet’s shortcomings? What does Fortinet not do that an MX does?

9 REPLIES 9
DarrenOC
Kind of a big deal
Kind of a big deal

Hi @carlosmathinson ,

 

previous debate on here:

 

https://community.meraki.com/t5/Security-SD-WAN/MX-vs-Fortigate/td-p/42724

Darren OConnor | doconnor@resalire.co.uk
https://www.linkedin.com/in/darrenoconnor/

I'm not an employee of Cisco/Meraki. My posts are based on Meraki best practice and what has worked for me in the field.

It all comes down to the requirements for the deployment. Yes I love Meraki products however if they don' fit the bill for that deployment then so be it. There is no one vendor that has a "total solution". 

Andrew3
Conversationalist

I used both Fortigate and Meraki. 

If you want have more features, LACP, and you rarely move equipment - Fortigate

If you often move equipment - like you have many sites that changes location and you want to have ease of use - definately Meraki

aujlaakaran0
New here

I used both Fortigate and Meraki.

I have used both FortiGate and Meraki.

 

If you only want a high speed firewall, FortiGate is a good way to go.

 

If you manage more that one firewall, switches, access points, cameras and other devices, Meraki is the way to go, especially if you manage more than one site.  Meraki is hands down easier for day to day management.

 

 

Dave Anderson
smohsin
Conversationalist

First, it is important to understand the different features of each firewall. Meraki MX has a broad feature set and can protect against a wider range of threats than Fortinet Fortigate 30E. Additionally, Meraki MX offers a more intuitive user interface and is easier to manage.

However, if you need to protect against more sophisticated threats, Fortinet Fortigate 30E may be a better choice. It has stronger security features and can detect and block more malicious attacks.

From a security point of view, a firewall does not matter how good it is, if the firmware is out of date.  Meraki has made firmware updating painless.  This is especially true if you have more that one of them.

 

Many of the Fortinet firewalls I see at new clients are out of date, because no one knows how to do it, and the previous IT team did not want to go on site during off hours to update them. 

 

-Dave

 

that is not up to date, is 

One issue we had with our Fortinet firewalls was that updating firmware was a complete hassle.  The firewall must be off line, so you either have a spare firewall, or do the work off hours.  If you have more than one, the you spend time babysitting the firmware updates.  Because of this, most of the Fortinet firewalls I come across are out of date.  

 

Meraki firmware 

Dave Anderson

I disagree, firmware updates have very little to do with security, maybe security of a device itself, but not the clients behind it. FortiGates will update signatures and bad IP lists and other things every 30min or so with FortiGuard subscription, or you can create custom feeds.

Another HUGE security advantage of FortiGate is deep-packet inspection which Meraki can't do at all, given that over 85% of all attacks are encrypted.

OVERKILL
Building a reputation

My experience with Fortinet products has not been great overall. A local VAR who used to sell Nortel started moving their phone systems as a segue into the IP phone market and every single one of these units was a disaster requiring regular reboots even with just plain analog lines connected. With IP (SIP...etc), performance and reliability were even worse. 

 

They then started moving the "next generation" ones and these weren't much better/almost as bad. Support was atrocious and none of these issues were ever resolved. They ended up pulling most of them and replacing with Avaya. 

 

Not long after this the local Mercedes dealer received a pair of Fortinet firewalls to replace a single Juniper SSG. Already being a bit apprehensive of their product I questioned the MSP about this decision and they said "yeah, that's why we sent two, they are still cheaper than a single SSG". 

 

I come from a mostly IOS and ASA background and was looking for something easier to manage remotely with better visibility and Cisco-level reliability. Meraki has been a good fit in that role. While the MX family lacks the complexity and deep configurability of something like FirePower (or even Sophos XG), if it works in your application (and I've found a lot of the time it does), it may be a better fit for some of the reasons @DHAnderson touched-on. Meraki equipment is wickedly simple to keep up-to-date and manage and there's a security benefit to that which needs to be considered. Also, in my experience, Cisco's support is far better. 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels