We are evaluating migrate our Riverbed SDWAN to other technology, I need to understand performance advantages of Meraki over Fortinet.
At first glance I see a huge difference in terms of performance. For example between Fortigate 40F and MX75, about firewall and S2S VPN throughput.
MX75:
Firewall 1Gpbs
VPN S2S: 500Mbps
Max Th with Sec features: 750 Mbps
40F:
Firewall: 5Gbps
VPN S2S: 4,4Gpbs.
IPS/Thread Prot: 800/600
This would tell me 40F is more prepared for gigabit wan connections than MX75, at least.
I dont know if I am missing or missunderstanding somethind. Could you help me?
Thank you
@CharAG : I would recommend you to go with proper sizing
https://meraki.cisco.com/product-collateral/mx-sizing-guide/?file
It's a trade-off into the visibility of the traffic passing through your network versus performance.
When comparing prices, remember that with HA you only need one license with Meraki MX. And the license is most often the most expensive part.
Don't always compare the specs and prices of the Boxes. SDWAN as a whole isn't all about the "box" which will be doing the routing.
For example; The Forigate solution requires you to run FortiManager, FotiCloud, and FortiAnalyzer to get the same level of management, control, and visibility of what's offered for free in the Meraki dashboard with the appropriate license.
The FortiGate solution would require you to host those management, control planes yourself which will add more $ and complexity to the overall solution not necessarily making it a better solution.
Also, is the requirement to have NGFW features on the box, or could you look at offloading this to a cloud-hosted proxy service and generate a complete SASE architecture?
Fortigate is severely lagging behind Cisco in this area. Cisco Meraki + Umbrella would be a fantastic compelling solution.
Well said by @KarstenI , expensive part is licensing 🙂
Thank you all for answers. We currently have Umbrella, but not SIG.
But about sizing, If I have 500 users and 15 branches, and want to ensure our gigabit wan network, present and future, I will have to choose MX450, because it's the only able to manage 2Gbps over VPN (I would have traffic over 15 VPNs), dispite MX450 designed for 10000 clients. Or MX250, but I see a long term risk limit VPN to 1Gpbs.
Is it correct?
@CharAG if you want more than 1Gbps VPN throughput then yes, at the moment you need MX450s