Although this thread is from 2018 I felt compelled to add my experience with the MX in regards to other NGFW products. In this case the Sonicwall of which I have installed many over the years.   The Meraki even in 2020 should not be considered a replacement for any firewall where you have many ingress/egress policies. Inclusive of address/service objects/object groups/Range Objects, application or AVC policies,ETC. In addition the MX doesn't segregate traffic like a traditional firewall into zones, ETC. Making it confusing and combersumb to overcome that when designing it into your Edge. Several other shortcomings that hey say are in the pipe line: No Link Agg support, no support for OSPF or even Cisco's EIGRP.  When implementing Geo filtering no way to see blocked events easily if at all.No support for dual peers with third party firewalls and because its a common org dashboard with say several MX's within different site networks you must add tags at the Org level then choose those tags to filter sites from hitting the third party VPN. No concept of a true L3 isolated interface you have to associated a L2 vlan id. Well in one of my first implementations I looped the network thinking I can have a P2P (MX connected to small switch to connect carrier and 2 MX's) L3 between two sites MX's HQ in HA pair didn't like it.   The Meraki MX does well in a topology where multiple smaller remote sites have MX units and the Head end a larger MX to act as a VPN concentrator. Their auto VPN feature works well here. Then I would backhaul all remote sites thru a true Edge NGFW. Yes they intro BGP support (still Beta) but it is really only meant for Dynamic routing over VPN.   ... View more