The Cisco Meraki firewall provides 100% cloud-managed security & SD-WAN solutions to small businesses, branch offices, data centers, and distributed enterprise environments. They are no doubt a great product with a strong focus on simplicity. It is reasonably simple and easy to understand and manage. If you are looking for a security solution to protect your fluid network infrastructure located on-premise and in the cloud—SaaS, IaaS, and PaaS-based infrastructure, the Cisco Meraki firewall is a good choice.
However, if you figured out that Cisco Meraki firewalls are not best suited for your environment and you’re considering a suitable alternative, you’ll find lots of them out there. Choosing the right one for your business and budget can sometimes be challenging. When evaluating different solutions, you need to ensure that the various functionalities address your security risks and policy requirements. You don’t want to get caught up in the sales and marketing hype that tends to surround most security products. It’s crucial to compare competencies in specific product capabilities, integration and deployment, and service and support.
In this article, we will review the ten best Cisco Meraki MX firewall alternatives in the market. Hopefully, this will guide you in the process of selecting the right one for your environment.
Here is our list of the Best Cisco Meraki Firewall Alternatives:
- FortiGate Network Firewall EDITOR’S CHOICE This is a range of products and you can get the firewall as a device, virtual appliance, or SaaS package.
- Check Point NGFW A series of hardware firewalls from this innovator in the field of cybersecurity.
- Juniper NGFW This network device manufacturer provides a hardware firewall and also options for a firewall run as a virtual appliance or containerized.
- Huawei Unified Security Gateway (USG) Physical and virtual appliance deployment options are available for this next-generation firewall.
- Sophos SG Firewall This NGFW includes email scanning and is available as a physical or virtual appliance or as a cloud-based service.
- WatchGuard Firebox A stateful firewall and IPS that is available as a cloud service, a hardware device, or a virtual appliance.
- SonicWall Firewall This NGFW is available in versions to suit all sizes of businesses and is offered in cloud, hardware, and virtual appliance formats.
- Forcepoint NGFW This service can create an SD-WAN and protect the boundary with its deployment as a cloud service, a physical device, or a virtual appliance.
- Hillstone NGFW This range of NGFWs provides LAN and site-to-site security that includes IoT connectivity and is offered in cloud, virtual, and hardware formats.
- WiJungle Unified Network Security Gateway This appliance combines a load balancer, a firewall, a gateway router, a VPN, and an IPS.
The best Meraki firewall alternatives
Our methodology for selecting Cisco Meraki Firewall alternatives
We reviewed the market for firewalls that compete well with Cisco Meraki and analyzed the options based on the following criteria:
- Classic firewall functions to block malicious connections
- A device that can implement intrusion prevention
- DDoS and other malformed traffic attacks
- Unified functions, such as load balancing and traffic shaping
- Activity tracking
- A free trial or a demo for assessment before buying
- Value for money from a system that combines many functions at a reasonable price
1. FortiGate Network Firewall
The FortiGate network firewall is among the leading next-generation firewalls (NGFW) in the market. It has been recognized as a leader in the 2020 Gartner Magic Quadrant for Network Firewalls. FortiGate NGFW supports deployments across physical, virtual, and cloud environments. It’s available in different models ranging from entry-level hardware appliances targeted at small offices to ultra-high-end appliances designed for data centers and multi-tenant cloud environments, as well as virtual software appliances for deployment on your hardware.
Key Features:
- Creates an SD-WAN
- Intrusion detection and prevention
- Traffic scanning
- Can create VLANs
- VPN management
Why do we recommend it?
FortiGate Network Firewall is the star product of Fortinet. The company particularly excels at the hardware appliance version of the firewall and created its own chip to ensure that its device was faster at processing traffic than rivals. The company now makes the firewall available in software versions.
FortiGate NGFW is powered by FortiOS software, enabling the Fortinet Security Fabric—an adaptive architecture providing integrated detection and automated responses to cybersecurity threats. Additionally, it utilizes machine learning and AI to offer behavioral-based cyber threat detection and prevention.
The next-generation firewall offers endpoint profiling and stateful traffic management. It allows you to create firewall rules to establish different zines of trust on your network and also extend the definition of your network’s boundary out to remote workers, distant sites, and cloud platforms.
The network firewall can implement SSL offloading to enable the firewall to read unencrypted traffic before it crosses the internet or passes through the network. This enables it to implement virus scanning and compile profiles of external activity, resulting in IP blacklisting. It can also operate as a reverse firewall, scanning outgoing traffic as part of a data loss prevention (DLP) strategy that includes email scanning.
Other functions include wireless LAN controls and Web scanning for threats. The firewall will implement sandboxing for downloads to block malware from getting onto any endpoint on the network.
Who is it recommended for?
The FortiGate hardware range includes four models that are categorized by Fortinet as “entry level.” However, the hardware solution probably isn’t suitable for cash-strapped small businesses. This is a product for larger organizations and its highly-rated capabilities put it at the top end of the market’s price range.
Fortinet licenses NGFW security features which it calls FortiGuard Services, on a per-device basis. FortiGuard Services are available as a single subscription or software bundle with or without hardware. FortiCare device-based support is the foundation of the support services, providing firmware updates, technical support, and foundational FortiGuard subscriptions. Customers can also purchase advanced premium support services to complement the standard FortiCare support plan.
EDITOR'S CHOICE
FortiGate Network Firewalls are our top pick for a Cisco Meraki Firewall alternative because Fortinet is a prominent leader in the field of network security and offers a range of products that fully compete with the Cisco Meraki brand. The Fortinet FortiGate series is a range of products that includes the company’s signature firewall appliances. These devices contain specially designed chips to speed up traffic scanning, which makes the Fortinet hardware a very good buy. The company also offers its FortiGate software as a SaaS package or for installation on a server as a virtual appliance.
OS: Cloud, physical device, or virtual appliance
2. Check Point NGFW
Check Point has one of the best NGFW solutions for small, midsize, large-scale, and data center organizations. It is recognized as a leader in the Gartner 2020 Network Firewall Magic Quadrant for its enterprise-quality security features and ease of management. Check Point’s NGFW is available in different models ranging from entry-level hardware appliances targeted at small and branch offices to high-end appliances designed for data centers and large enterprises and appliances for Industrial Control Systems (ICS) and SCADA networks.
Key Features:
- Option for industrial sites
- VPN for internet connections
- Download sandboxing
- Content scanning
Why do we recommend it?
Check Point NGFW is a range of fifteen hardware models that offer a choice of throughput processing capacity. The range is marketed under the Quantum brand, with sub-groups called Lightspeed, Gen V, Spark, and Rugged. The company also offers a cloud-based option to protect cloud services, which is called CloudGuard.
Key features include firewalls, IPS, IPsec VPN, anti-bot, antivirus, email security and anti-spam, application control, mobile access, URL filtering, identity and content awareness, policy management, among others. In addition to the above features, Check Point’s software bundle comes enhanced with OS-level sandboxing technology called SandBlast Threat Emulation and Threat Extraction to prevent zero-day and other targeted attacks.
One good thing about Check Point NGFW products is it’s easy to use user interface and consistent software architecture for all models, both high and low ends. It also tried to incorporate various features and functionality for a wide range of network sizes and use cases.
Who is it recommended for?
The different product groups within the Quantum range address different market sectors. Quantum Spark is made for small businesses and Quantum Rugged is designed for industrial sites. Quantum Lightspeed is designed for data centers and then the editions of the Quantum Security Gateway has a range of capacities for mid-sized and large businesses.
Check Point’s licensing is designed to be scalable and modular. To this end, Check Point offers both predefined packages and the ability to custom-build a solution, which it calls software blades. So, for example, say you want to use a firewall, IPS, and IPSec VPN; you would need a software license for those blades.
Check Point is best suited for midrange organizations seeking strong security and robust management features. The sheer number of different products and security features can sometimes be overwhelming. If you don’t need every security feature it offers out of the box, you might be better off purchasing a more focused product with fewer features.
3. Juniper NGFW
Juniper Networks is known to deliver high-performance NGFW that provide granular control and visibility from client to cloud. Juniper has been recognized as a challenger in the 2020 Gartner Magic Quadrant for Network Firewalls. Juniper gives you the flexibility to deploy its network firewall as physical (SRX series), virtual appliance (vSRX), and containerized firewalls (cSRX).
- The SRX series physical hardware appliances are designed for SMBs and mid-size organizations, data centers, and large enterprises.
- The vSRX virtual firewalls are designed to secure public cloud environments
- The cSRX container firewalls are designed to secure applications running in containers and microservices.
Junos OS is the network operating system that powers appliances. Junos Space Security Director is the central manager for all Juniper NGFW. It provides security policy management for all physical, logical, and virtual firewalls through a centralized web-based interface.
Key Features:
- Web protection
- Segmentation and user access control
- Malware detection
Why do we recommend it?
Juniper NGFW comes from a major brand in the network security market. Juniper Networks devices are equipped with the J-Flow traffic reporting system that is based on the NetFlow protocol. The company provides virtual appliance models as well as physical devices. The firewall can also perform risk scoring and QoS prioritization.
The Juniper system also offers an intrusion detection and protection service and threat detection. It enables you to create zones of trust and VLANs to limit the devices that users can access, it also allows application and protocol controls to be applied to traffic.
Who is it recommended for?
A Juniper firewall would probably be the first choice of companies that already use Juniper network devices – keeping all of your network equipment within the same brand makes administration a lot easier because these devices have their own command sets, which represent a coding language and differ from provider to provider.
Juniper licensing is based on subscription. To use a licensed feature, you need to purchase, install, activate, manage a license that corresponds to each licensed feature. You can administer and manage the permits through the Juniper Agile Licensing Portal.
4. Huawei Unified Security Gateway (USG)
Huawei network firewall solution, which it brands as Unified Security Gateway (USG), provides integrated NGFW security for midsize, large enterprises, chain organizations, cloud service providers, and large data centers. Huawei is a well-known brand in Europe, the Middle East, Africa, and Asia (EMEAA) markets. Huawei USG was named as Customers’ Choice in 2021 for Gartner Network Firewalls. It was also recognized as a challenger in the 2020 Gartner Magic Quadrant for Network Firewalls.
Key Features:
- AI-based threat detection
- Intrusion prevention system
- Traffic shaping
Why do we recommend it?
Huawei Unified Security Gateway (USG) is implemented in the HiSecEngine range. This product line of network appliances includes a next-generation firewall that relies on AI processes to deduce attacks that could be spread across several packets. The range provides equipment for data centers, campus and branch offices, and for small businesses.
Huawei USG firewall solution comes in desktop, rackmount, data center (DC) chassis, and software virtual appliance model, giving you the flexibility to deploy as hardware or software virtual appliance in a physical or virtual environment.
- Desktop model: The Huawei HiSecEngine USG6500E series such as USG6510E and USG6530E is the desktop hardware AI firewall appliance targeted at SMBs, branch offices, and franchise businesses.
- Rackmount model: HiSecEngine USG6500E series (fixed-configuration), USG6600E and USG6600F series and USG6700E series (fixed-configuration) are hardware rackmount AI NGFW designed for small and medium-sized enterprises, chain organizations, institutions/campuses, and data centers.
- DC Chassis model: The USG9500 series such as USG9520, USG9560, and USG9580 is an all-in-one data center model that delivers up to 1.92 Tbit/s in firewall throughput to cloud service providers and large-scale enterprise campus networks.
- Software virtual appliance model: The Huawei USG6000V series such as USG6000V1 to USG6000V8 is a software virtual appliance model designed to run in virtual environments, providing virtualized gateway services vFW, vIPsec, vLB, vIPS, vAV, and vURL Remote Query.
Who is it recommended for?
The HiSecEngine range provides models for all sizes of businesses. The small business unit is called HiSecEngine USG6500E Desktop Series. As it is a series of products,m there are actually several models in this group. The difference between each unit is its capacity, which influences the price.
One of the remarkable features of the Huawei USG NGFW solution is the innovative AI capabilities it brings to threat defense. Other features include application control, IPS, bandwidth management, URL filtering/web protection, antivirus, VPN, DLP, DDoS mitigation, policy management, among others. All Huawei USG products can be purchased directly from Huawei or via accredited partners.
5. Sophos SG Firewall
Sophos gives you the flexibility to deploy its network firewall as hardware (SG series), software (virtual appliance), or cloud-based appliance. One good thing about this product is that Sophos provides a free tool called Sophos UTM Manager (SUM) to centrally manage all your appliances from a single, centralized management console. It’s a good thing because most vendors usually require some form of licensing or subscription to unlock this feature. The Sophos SG series firewall appliance comes in Desktop, 1U, and 2U models.
- The Desktop model such as the SG 105/105w, SG 115/115w, SG 125/125w, and SG 135/135w (“W” signifies support for a wireless network) is the entry-level range targeted at SMBs and remote offices.
- The 1U model, such as SG 210, SG 230, SG 310, SG 330, SG 430, and SG 450, is the mid-range solution ideal for many medium-sized organizations.
- The 2U model, such as SG 550 and SG 650, is the high-end solution targeted at larger organizations and data center environments.
Key Features:
- DLP including email scanning
- VPNs and mobile traffic security
- Endpoint protection and advanced threat detection
Why do we recommend it?
The Sophos SG Series Firewall is a range of network appliances that include models for different sizes of enterprises. All models include an intrusion prevention system (IPS), which adds functionality to the expanse of buying a piece of hardware, thus improving value for money. Each unit can also act as a VPN server.
Who is it recommended for?
The range of units offered by Sophos caters to small home offices, small business sites, branch offices, campuses, and data centers. So, every size of business will find a model in this range. All of the models provide the same services of firewall, IPS, and VPN server, with the variables being the throughput capacity and the number of ports that each unit has.
Sophos licensing is based on subscription. You can either subscribe individually to those modules or purchase a single pre-packaged FullGuard license. The Sophos standard support provides access to manual updates, knowledge base, community forum, and return and replace services. Premium support gives you 24/7 technical support from Sophos Support engineers, automatic updates, and advanced replacements. If you think Sophos UTM is right for your business, follow the steps below to complete the buying process.
- Choose your deployment model: hardware, software, virtual or cloud-based appliance.
- Choose your license: pre-packaged license or license modules individually
- Choose your add-ons: take advantage of add-ons such as subscription extensions, centralized management, and reporting options, among others.
6. WatchGuard Firebox
WatchGuard network firewall solution, which it brands as Firebox, delivers an all-in-one network security platform and protection for primarily small, midsize, and distributed enterprises. It does not directly address large conglomerates or big data centers. However, it is among the industry’s finest when it comes to performance.
Key Features:
- Deployment options
- Stateful firewall
- IPS and malware scanning
Why do we recommend it?
The WatchGuard Firebox packs a full suite of cybersecurity tools into its appliance. The package includes anti-virus, firewall, spam guard, application control, intrusion protection system, and URL filtering functions. This collection saves businesses time and money and network managers only have to learn one command set to manage all security functions.
WatchGuard Firebox comes in tabletop, rackmount, and software virtual appliances to give you the flexibility to deploy the solution as a hardware appliance in a physical environment or as software in a virtual or cloud infrastructure.
- Tabletop Firebox appliances: Just as the name implies, these are small form-factor, high-performance, tabletop hardware appliances ranging from T15 to T80 designed for home office, SMB, and branch office locations.
- Rackmount Firebox appliances: The 1U rack-mount appliance ranging from M270 to M670 is designed for small and growing midsize businesses, and M4600 and M5600 is targeted at distributed enterprise organization.
- Virtual/cloud Firebox solution: FireboxV and Firebox Cloud is the software version of the Firebox with all of the security and performance required for any size organization moving their IT infrastructure to a virtual environment—private or public cloud.
Some of the critical features of WatchGuard’s Firebox solution include a stateful firewall, IPS, URL filtering, gateway AV, application control, and antispam, and features for combating advanced threats such as file sandboxing, data loss prevention, ransomware protection, and more. All WatchGuard hardware includes a one-year hardware warranty. In addition, WatchGuard sells subscriptions for the security software modules for Firebox appliances, either individually or as a suite.
Who is it recommended for?
The consolidation of multiple security functions in one appliance will appeal to small and mid-sized businesses. The unit can also be used as a gateway, which reduces the need for different hardware on the network for communication with the outside world. WatchGuard also offers its Firebox package as a virtual appliance.
Your support license gives you access to updates and enhancements and all new releases at no cost. In addition, customers can purchase a subscription to Standard, Plus (24/7), Gold, or Premium that offers a higher priority to your support case. If you are considering WatchGuard Firebox solution for your business, the steps below will guide you in your buying decision:
- Choose your product or appliance type
- Select your preferred security package—Total Security Suit or Basic Security Suite
- Contact a WatchGuard certified reseller
7. SonicWall Firewall
SonicWall has been in the firewall business from the earliest days. The SonicWall Firewall supports deployments across physical, virtual, and cloud environments. Its appliances are powered by a software called SonicOS that enables all the security and networking features.
The SonicWall network firewalls are grouped under the following categories:
- SonicWall TZ SOHO Series: These are entry-level products (wired and wireless models) that combine threat prevention and SD-WAN technology, targeted at SMBs and remote offices.
- Network Security Appliance (NSA) series: These are hardware appliances that range from NSA 2650 series to NSA 9650 series and are targeted at mid-sized networks to distributed enterprises and data centers.
- Network Security Services Platform (NSSP) series: These are also hardware appliances made up of NSSP 12400 and NSSP 12800 series that combine cloud intelligence with appliance-based protection, designed for large distributed enterprises, data centers, and service providers.
- Network Security Virtual (NSV) series: These are virtual firewalls that range from NSV 10 to NSV 1600, designed to deal with vulnerabilities within virtual environments.
One notable feature of SonicWall firewalls is the availability of an integrated cloud-based centralized management service called Capture Cloud Platform and online live demos that helps you experience real product demonstrations without going through the trouble of putting a test box in your environment.
Key Features:
- Create VLANs and SD-WAN
- Traffic shaping
- Wireless LAN management
Why do we recommend it?
SonicWall firewalls fall into four product categories that aim to please all types of businesses by offering a size and type of device for each market sector. The small business model range includes a wireless gateway. All models are able to implement SD-WANs and each device is loaded with a package of cybersecurity tools.
The SonicWall system also implements SSL offloading, which enables it to scan packet contents in both directions. With these capabilities, the service can block infected web pages, spot malware, and identify suspicious behavior for intrusion detection and insider threat identification.
Who is it recommended for?
SonicWall offers good value for money with its hardware firewalls, thanks to the inclusion of additional security functions, such as SSL offloading and a single sign-on environment. The SonicWall name is not as well known at the high capacity end of the market.
SonicWall licensing is subscription-based, and it comes with standard and premium support. Before deciding to purchase or renew your subscription, you first need to determine the appliance type, model, and subscription right for your business.
8. Forcepoint NGFW
Forcepoint NGFW protects enterprise networks and remote offices with high-performance “intelligence aware” security, supported by real-time updates. It combines true SD-WAN, intrusion prevention, and seamless integration with cloud-based SASE security to keep your network and data safe. Forcepoint NGFW supports deployments across physical, virtual, and cloud environments.
Key Features:
- Implements virtual networks and SASE
- Intrusion prevention system
- IP blacklisting
Why do we recommend it?
The strength of the Forcepoint NGFW range is that this hardware device also provides a number of internet traffic management services. These include the creation and management of virtual network systems, such as SD-WAN and SASE that can unify multiple sites and cloud platforms. They can also act as VPN servers.
Through the Forcepoint NGFW Security Management Center (SMC), administrators can deploy, monitor, and update up to 2000 Forcepoint NGFW appliances from a single centralized management console. Key features and capabilities include Unified software for physical and cloud deployments (AWS, Azure, VMware), sidewinder security proxies for mission-critical applications, SD-WAN connectivity, built-in IPS with anti-evasion defenses, policy-driven centralized management, whitelisting/blacklisting by the client application and version, anti-malware sandboxing, and much more.
The Forcepoint NGFW are grouped under the following categories:
- The Forcepoint 6200, 3400, and 3300 series are physical appliances targeted at data centers and campus networks
- The Forcepoint 2100 and 1100 series are physical appliances that provide security at the network edge
- The Forcepoint 300, 120, and 60 series are physical appliances targeted at remote sites and branch offices
- The Forcepoint 50 series are physical appliances targeted at SMBs or home offices
- Unified Forcepoint NGFW software is a software/virtual appliance designed to protect cloud and virtual infrastructure
Who is it recommended for?
Companies that will get the most out of the Forcepoint system will be those that operate multiple sites and want to administer them as a single network. Also, those companies that extensively use cloud services for their in-house tools, such as the Microsoft 365 suite, would be drawn to these firewalls.
Forcepoint NGFW pricing varies according to the capacity and the capabilities desired. A customized demo is available on request.
9. Hillstone NGFW
Hillstone Networks has emerged as a global competitor in the network firewall space. Its NGFW products, such as Edge Protection solutions, help enterprises, and service providers mitigate cyber-attacks and infrastructure breaches. As a result, Hillstone Networks was included in the 2020 Gartner Magic Quadrant for Network Firewalls for their ability to execute and completeness of vision. It has also been recognized in Gartner 2021 Peer Insights Customers’ Choice for Network Firewalls.
Key Features:
- Network, site-to-site, and IoT security
- Malware scanning
- Intrusion prevention system
Why do we recommend it?
The Hillstone NGFW range includes two product lines, the X-Series for data centers, and the A-Series for everyone else. These ranges are both delivered as network appliances. Hillstone’s big innovation is its proprietary Twin-Mode operation, which looks at traffic at the Network Layer and the Application Layer simultaneously.
Hillstone NGFW products scale from small to large campuses to carrier-class multi-tenant data centers and provide flexible deployment options across physical, virtual, and cloud environments. Key features include network firewall and VPN features, antivirus and intrusion prevention, web/URL filtering, IP reputation protection, botnet C&C prevention, IoT, and security.
The Hillstone NGFW products are grouped under the following categories:
- The Hillstone A-series NGFW are physical appliances that provide edge protection for physical enterprise networks
- The Hillstone E-series (E1000-E5000) NGFW are designed for security and provide visibility and control of applications for a multi-tenant solution in the virtual environment.
- The Hillstone X-series NGFW such as X10800, X8180, and X7180 are designed for data centers and multi-tenant cloud-based security-as-a-service environments.
- The Hillstone T-series Intelligent NGFW leverages a combination of statistical clustering, behavioral analytics, and correlation analysis to detect and prevent advanced attacks.
- The Hillstone CloudEdge Virtual NGFW is a software/virtual firewall solution designed for virtual environments and multi-tenant and Firewall as a Service” model.
Who is it recommended for?
Hillstone’s innovative approach to simultaneous threat hunting will appeal to businesses that are less impressed by big brands and want to compare functionality rather than name recognition. The X-Series is available in a multi-tenant architecture, which will particularly interest managed service providers. The A-Series packs in multiple cybersecurity tools.
Hillstone NGFWs can be purchased directly from the manufacturer or via channel partners or authorized resellers. Online product demonstrations are also available on request.
10. WiJungle Unified Network Security Gateway
WiJungle is an Indian-based Unified Network Security provider that helps organizations manage and secure their network infrastructure through a single appliance. WiJungle’s all-In-one (unified) approach to network security eliminates the need for multiple stand-alone appliances like a router, firewall, VPN server, web gateway, load balancers, etc.
Key Features:
- Traffic shaping
- Intrusion presentation system
- Data loss prevention
Why do we recommend it?
WiJungle Unified Network Security Gateway is a range of devices that combine network functions for both network management and internet connection maintenance. This is an efficient solution because it means the network manager has only one console to access and only one command set for all duties.
The product is designed to deliver network security solutions such as NGFW)/Unified Threat Management (UTM), Hotspot Gateway, Web Application Firewall (WAF), and more, all in one box. Gartner has recognized WiJungle among the highest rated vendors in network firewall in the 2020 Gartner Peer Insights “Voice of the Customer.”
WiJungle is available in different models ranging from entry-level hardware appliances targeted at small offices to high-end appliances designed for large businesses. It utilizes machine learning and AI to provide behavioral-based cyber threat detection and prevention.
Who is it recommended for?
Small businesses will particularly appreciate the large number of functions that are packed into the WiJungle device. It provides traffic monitoring services as well as security systems. A larger business would probably prefer to assess each function against its rivals rather than take a package deal from a little-known brand.
WiJungle pricing is based on the estimated number of total concurrent user loads. Hence, price tends to increase with simultaneous users or sessions. License renewals are optional. Only the updates, support, and Free Transactional Messages (limited to the Indian market) are halted after the license expires. All other functionalities keep on working unhindered.