The Cisco Meraki firewall provides 100% cloud-managed security & SD-WAN solutions to small businesses, branch offices, data centers, and distributed enterprise environments. They are no doubt a great product with a strong focus on simplicity. It is reasonably simple and easy to understand and manage. If you are looking for a security solution to protect your fluid network infrastructure located on-premise and in the cloud—SaaS, IaaS, and PaaS-based infrastructure, the Cisco Meraki firewall is a good choice.

However, if you figured out that Cisco Meraki firewalls are not best suited for your environment and you’re considering a suitable alternative, you’ll find lots of them out there. Choosing the right one for your business and budget can sometimes be challenging. When evaluating different solutions, you need to ensure that the various functionalities address your security risks and policy requirements. You don’t want to get caught up in the sales and marketing hype that tends to surround most security products. It’s crucial to compare competencies in specific product capabilities, integration and deployment, and service and support.

In this article, we will review the ten best Cisco Meraki MX firewall alternatives in the market. Hopefully, this will guide you in the process of selecting the right one for your environment.

Here is our list of the Best Cisco Meraki Firewall Alternatives: 

  • FortiGate Network Firewall EDITOR’S CHOICE This is a range of products and you can get the firewall as a device, virtual appliance, or SaaS package.
  • Check Point NGFW A series of hardware firewalls from this innovator in the field of cybersecurity.
  • Juniper NGFW This network device manufacturer provides a hardware firewall and also options for a firewall run as a virtual appliance or containerized.
  • Huawei Unified Security Gateway (USG) Physical and virtual appliance deployment options are available for this next-generation firewall.
  • Sophos SG Firewall This NGFW includes email scanning and is available as a physical or virtual appliance or as a cloud-based service.
  • WatchGuard Firebox A stateful firewall and IPS that is available as a cloud service, a hardware device, or a virtual appliance.
  • SonicWall Firewall This NGFW is available in versions to suit all sizes of businesses and is offered in cloud, hardware, and virtual appliance formats.
  • Forcepoint NGFW This service can create an SD-WAN and protect the boundary with its deployment as a cloud service, a physical device, or a virtual appliance.
  • Hillstone NGFW This range of NGFWs provides LAN and site-to-site security that includes IoT connectivity and is offered in cloud, virtual, and hardware formats.
  • WiJungle Unified Network Security Gateway This appliance combines a load balancer, a firewall, a gateway router, a VPN, and an IPS.

The best Meraki firewall alternatives

1. FortiGate Network Firewall

The FortiGate network firewall is among the leading next-generation firewalls (NGFW) in the market. It has been recognized as a leader in the 2020 Gartner Magic Quadrant for Network Firewalls. FortiGate NGFW supports deployments across physical, virtual, and cloud environments. It’s available in different models ranging from entry-level hardware appliances targeted at small offices to ultra-high-end appliances designed for data centers and multi-tenant cloud environments, as well as virtual software appliances for deployment on your hardware.

Our methodology for selecting Cisco Meraki Firewall alternatives

We reviewed the market for firewalls that compete well with Cisco Meraki and analyzed the options based on the following criteria:

  • Classic firewall functions to block malicious connections
  • A device that can implement intrusion prevention
  • DDoS and other malformed traffic attacks
  • Unified functions, such as load balancing and traffic shaping
  • Activity tracking
  • A free trial or a demo for assessment before buying
  • Value for money from a system that combines many functions at a reasonable price

FortiGate NGFW is powered by FortiOS software, enabling the Fortinet Security Fabric—an adaptive architecture providing integrated detection and automated responses to cybersecurity threats. Additionally, it utilizes machine learning and AI to offer behavioral-based cyber threat detection and prevention.

Key Features:

  • Creates an SD-WAN
  • Intrusion detection and prevention
  • Traffic scanning
  • Can create VLANs
  • VPN management

The next-generation firewall offers endpoint profiling and stateful traffic management. It allows you to create firewall rules to establish different zines of trust on your network and also extend the definition of your network’s boundary out to remote workers, distant sites, and cloud platforms.

The network firewall can implement SSL offloading to enable the firewall to read unencrypted traffic before it crosses the internet or passes through the network. This enables it to implement virus scanning and compile profiles of external activity, resulting in IP blacklisting. It can also operate as a reverse firewall, scanning outgoing traffic as part of a data loss prevention (DLP) strategy that includes email scanning.

Other functions include wireless LAN controls and Web scanning for threats. The firewall will implement sandboxing for downloads to block malware from getting onto any endpoint on the network.

Fortinet licenses NGFW security features which it calls FortiGuard Services, on a per-device basis. FortiGuard Services are available as a single subscription or software bundle with or without hardware. FortiCare device-based support is the foundation of the support services, providing firmware updates, technical support, and foundational FortiGuard subscriptions. Customers can also purchase advanced premium support services to complement the standard FortiCare support plan.

2. Check Point NGFW

Check Point has one of the best NGFW solutions for small, midsize, large-scale, and data center organizations. It is recognized as a leader in the Gartner 2020 Network Firewall Magic Quadrant for its enterprise-quality security features and ease of management. Check Point’s NGFW is available in different models ranging from entry-level hardware appliances targeted at small and branch offices to high-end appliances designed for data centers and large enterprises and appliances for Industrial Control Systems (ICS) and SCADA networks.

EDITOR’S CHOICE

FortiGate Network Firewalls are our top pick for a Cisco Meraki Firewall alternative because Fortinet is a prominent leader in the field of network security and offers a range of products that fully compete with the Cisco Meraki brand. The Fortinet FortiGate series is a range of products that includes the company’s signature firewall appliances. These devices contain specially designed chips to speed up traffic scanning, which makes the Fortinet hardware a very good buy. The company also offers its FortiGate software as a SaaS package or for installation on a server as a virtual appliance.

OS: Cloud, physical device, or virtual appliance

  • Option for industrial sites
  • VPN for internet connections
  • Download sandboxing
  • Content scanning

Key features include firewalls, IPS, IPsec VPN, anti-bot, antivirus, email security and anti-spam, application control, mobile access, URL filtering, identity and content awareness, policy management, among others. In addition to the above features, Check Point’s software bundle comes enhanced with OS-level sandboxing technology called  SandBlast Threat Emulation and Threat Extraction to prevent zero-day and other targeted attacks.

One good thing about Check Point NGFW products is it’s easy to use user interface and consistent software architecture for all models, both high and low ends. It also tried to incorporate various features and functionality for a wide range of network sizes and use cases.

Check Point’s licensing is designed to be scalable and modular. To this end, Check Point offers both predefined packages and the ability to custom-build a solution, which it calls software blades. So, for example, say you want to use a firewall, IPS, and IPSec VPN; you would need a software license for those blades.

Check Point is best suited for midrange organizations seeking strong security and robust management features. The sheer number of different products and security features can sometimes be overwhelming. If you don’t need every security feature it offers out of the box, you might be better off purchasing a more focused product with fewer features.

3. Juniper NGFW

Juniper Networks is known to deliver high-performance NGFW that provide granular control and visibility from client to cloud. Juniper has been recognized as a challenger in the 2020 Gartner Magic Quadrant for Network Firewalls. Juniper gives you the flexibility to deploy its network firewall as physical (SRX series), virtual appliance (vSRX), and containerized firewalls (cSRX).

  • The SRX series physical hardware appliances are designed for SMBs and mid-size organizations, data centers, and large enterprises.
  • The vSRX virtual firewalls are designed to secure public cloud environments
  • The cSRX container firewalls are designed to secure applications running in containers and microservices.

Junos OS is the network operating system that powers appliances. Junos Space Security Director is the central manager for all Juniper NGFW. It provides security policy management for all physical, logical, and virtual firewalls through a centralized web-based interface.

  • Web protection
  • Segmentation and user access control
  • Malware detection

The Juniper system also offers an intrusion detection and protection service and threat detection. It enables you to create zones of trust and VLANs to limit the devices that users can access, it also allows application and protocol controls to be applied to traffic.

Juniper licensing is based on subscription. To use a licensed feature, you need to purchase, install, activate, manage a license that corresponds to each licensed feature. You can administer and manage the permits through the Juniper Agile Licensing Portal.

4. Huawei Unified Security Gateway (USG)

Huawei network firewall solution, which it brands as Unified Security Gateway (USG), provides integrated NGFW security for midsize, large enterprises, chain organizations, cloud service providers, and large data centers. Huawei is a well-known brand in Europe, the Middle East, Africa, and Asia (EMEAA)  markets. Huawei USG was named as Customers’ Choice in 2021 for Gartner Network Firewalls. It was also recognized as a challenger in the 2020 Gartner Magic Quadrant for Network Firewalls.

  • AI-based threat detection
  • Intrusion prevention system
  • Traffic shaping

Huawei USG firewall solution comes in desktop, rackmount, data center (DC) chassis, and software virtual appliance model, giving you the flexibility to deploy as hardware or software virtual appliance in a physical or virtual environment.

  • Desktop model: The Huawei HiSecEngine USG6500E series such as USG6510E and USG6530E is the desktop hardware AI firewall appliance targeted at SMBs, branch offices, and franchise businesses.
  • Rackmount model: HiSecEngine USG6500E series (fixed-configuration), USG6600E and USG6600F series and USG6700E series (fixed-configuration) are hardware rackmount AI NGFW designed for small and medium-sized enterprises, chain organizations, institutions/campuses, and data centers.
  • DC Chassis model: The USG9500 series such as USG9520, USG9560, and USG9580 is an all-in-one data center model that delivers up to 1.92 Tbit/s in firewall throughput to cloud service providers and large-scale enterprise campus networks.
  • Software virtual appliance model: The Huawei USG6000V series such as USG6000V1 to USG6000V8 is a software virtual appliance model designed to run in virtual environments, providing virtualized gateway services vFW, vIPsec, vLB, vIPS, vAV, and vURL Remote Query.

One of the remarkable features of the Huawei USG NGFW solution is the innovative AI capabilities it brings to threat defense. Other features include application control, IPS, bandwidth management, URL filtering/web protection, antivirus, VPN, DLP, DDoS mitigation, policy management, among others. All Huawei USG products can be purchased directly from Huawei or via accredited partners.

5. Sophos SG Firewall

Sophos gives you the flexibility to deploy its network firewall as hardware (SG series), software (virtual appliance), or cloud-based appliance. One good thing about this product is that Sophos provides a free tool called Sophos UTM Manager (SUM) to centrally manage all your appliances from a single, centralized management console. It’s a good thing because most vendors usually require some form of licensing or subscription to unlock this feature. The Sophos SG series firewall appliance comes in Desktop, 1U, and 2U models.

  • The Desktop model such as the SG 105/105w, SG 115/115w, SG 125/125w, and SG 135/135w (“W” signifies support for a wireless network) is the entry-level range targeted at SMBs and remote offices.

  • The 1U model, such as SG 210, SG 230, SG 310, SG 330, SG 430, and SG 450, is the mid-range solution ideal for many medium-sized organizations.

  • The 2U model, such as SG 550 and SG 650, is the high-end solution targeted at larger organizations and data center environments.

  • DLP including email scanning

  • VPNs and mobile traffic security

  • Endpoint protection and advanced threat detection

Sophos licensing is based on subscription. You can either subscribe individually to those modules or purchase a single pre-packaged FullGuard license. The Sophos standard support provides access to manual updates, knowledge base, community forum, and return and replace services. Premium support gives you 24/7 technical support from Sophos Support engineers, automatic updates, and advanced replacements. If you think Sophos UTM is right for your business, follow the steps below to complete the buying process.

  • Choose your deployment model: hardware, software, virtual or cloud-based appliance.
  • Choose your license: pre-packaged license or license modules individually
  • Choose your add-ons: take advantage of add-ons such as subscription extensions,  centralized management, and reporting options, among others.

6. WatchGuard Firebox

WatchGuard network firewall solution, which it brands as Firebox, delivers an all-in-one network security platform and protection for primarily small, midsize, and distributed enterprises. It does not directly address large conglomerates or big data centers. However, it is among the industry’s finest when it comes to performance.

  • Deployment options
  • Stateful firewall
  • IPS and malware scanning

WatchGuard Firebox comes in tabletop, rackmount, and software virtual appliances to give you the flexibility to deploy the solution as a hardware appliance in a physical environment or as software in a virtual or cloud infrastructure.

  • Tabletop Firebox appliances: Just as the name implies, these are small form-factor, high-performance, tabletop hardware appliances ranging from T15 to T80 designed for home office, SMB, and branch office locations.
  • Rackmount Firebox appliances: The 1U rack-mount appliance ranging from M270 to M670 is designed for small and growing midsize businesses, and M4600 and M5600 is targeted at distributed enterprise organization.
  • Virtual/cloud Firebox solution: FireboxV and Firebox Cloud is the software version of the Firebox with all of the security and performance required for any size organization moving their IT infrastructure to a virtual environment—private or public cloud.

Some of the critical features of WatchGuard’s Firebox solution include a stateful firewall, IPS, URL filtering, gateway AV, application control, and antispam, and features for combating advanced threats such as file sandboxing, data loss prevention, ransomware protection, and more. All WatchGuard hardware includes a one-year hardware warranty. In addition, WatchGuard sells subscriptions for the security software modules for Firebox appliances, either individually or as a suite.

Your support license gives you access to updates and enhancements and all new releases at no cost. In addition, customers can purchase a subscription to Standard, Plus (24/7), Gold, or Premium that offers a higher priority to your support case. If you are considering WatchGuard Firebox solution for your business, the steps below will guide you in your buying decision:

  • Choose your product or appliance type
  • Select your preferred security package—Total Security Suit or Basic Security Suite
  • Contact a WatchGuard certified reseller

7. SonicWall Firewall

SonicWall has been in the firewall business from the earliest days. The SonicWall Firewall supports deployments across physical, virtual, and cloud environments. Its appliances are powered by a software called SonicOS that enables all the security and networking features.

The SonicWall network firewalls are grouped under the following categories:

  • SonicWall TZ SOHO Series: These are entry-level products (wired and wireless models) that combine threat prevention and SD-WAN technology, targeted at SMBs and remote offices.
  • Network Security Appliance (NSA) series: These are hardware appliances that range from NSA 2650 series to NSA 9650 series and are targeted at mid-sized networks to distributed enterprises and data centers.
  • Network Security Services Platform (NSSP) series: These are also hardware appliances made up of  NSSP 12400 and NSSP 12800 series that combine cloud intelligence with appliance-based protection, designed for large distributed enterprises, data centers, and service providers.
  • Network Security Virtual (NSV) series: These are virtual firewalls that range from NSV 10 to NSV 1600, designed to deal with vulnerabilities within virtual environments.

One notable feature of SonicWall firewalls is the availability of an integrated cloud-based centralized management service called Capture Cloud Platform and online live demos that helps you experience real product demonstrations without going through the trouble of putting a test box in your environment.

  • Create VLANs and SD-WAN
  • Traffic shaping
  • Wireless LAN management

The SonicWall system also implements SSL offloading, which enables it to scan packet contents in both directions. With these capabilities, the service can block infected web pages, spot malware, and identify suspicious behavior for intrusion detection and insider threat identification.

SonicWall licensing is subscription-based, and it comes with standard and premium support. Before deciding to purchase or renew your subscription, you first need to determine the appliance type, model, and subscription right for your business.

8. Forcepoint NGFW

Forcepoint NGFW protects enterprise networks and remote offices with high-performance “intelligence aware” security, supported by real-time updates. It combines true SD-WAN, intrusion prevention, and seamless integration with cloud-based SASE security to keep your network and data safe. Forcepoint NGFW supports deployments across physical, virtual, and cloud environments. 

  • Implements virtual networks and SASE
  • Intrusion prevention system
  • IP blacklisting

Through the Forcepoint NGFW Security Management Center (SMC), administrators can deploy, monitor, and update up to 2000 Forcepoint NGFW appliances from a single centralized management console. Key features and capabilities include Unified software for physical and cloud deployments (AWS, Azure, VMware), sidewinder security proxies for mission-critical applications, SD-WAN connectivity, built-in IPS with anti-evasion defenses, policy-driven centralized management, whitelisting/blacklisting by the client application and version, anti-malware sandboxing, and much more.

The Forcepoint NGFW  are grouped under the following categories:

  • The Forcepoint 6200, 3400, and 3300 series are physical appliances targeted at data centers and campus networks
  • The Forcepoint 2100 and 1100 series are physical appliances that provide security at the network edge
  • The Forcepoint 300, 120, and 60 series are physical appliances targeted at remote sites and branch offices
  • The Forcepoint 50 series are physical appliances targeted at SMBs or home offices
  • Unified Forcepoint NGFW software is a software/virtual appliance designed to protect cloud and virtual infrastructure

Forcepoint NGFW pricing varies according to the capacity and the capabilities desired. A free 30-day trial or customized demo is available on request.

9. Hillstone NGFW

Hillstone Networks has emerged as a global competitor in the network firewall space. Its NGFW products, such as Edge Protection solutions, help enterprises, and service providers mitigate cyber-attacks and infrastructure breaches. As a result, Hillstone Networks was included in the 2020 Gartner Magic Quadrant for Network Firewalls for their ability to execute and completeness of vision. It has also been recognized in Gartner 2021 Peer Insights Customers’ Choice for Network Firewalls.

  • Network, site-to-site, and IoT security
  • Malware scanning
  • Intrusion prevention system

Hillstone NGFW products scale from small to large campuses to carrier-class multi-tenant data centers and provide flexible deployment options across physical, virtual, and cloud environments. Key features include network firewall and VPN features, antivirus and intrusion prevention, web/URL filtering, IP reputation protection, botnet C&C prevention, IoT, and security.

The Hillstone NGFW  products are grouped under the following categories:

  • The Hillstone A-series NGFW are physical appliances that provide edge protection for physical enterprise networks
  • The Hillstone E-series (E1000-E5000) NGFW are designed for security and provide visibility and control of applications for a multi-tenant solution in the virtual environment.
  • The Hillstone X-series NGFW such as X10800, X8180, and X7180 are designed for data centers and multi-tenant cloud-based security-as-a-service environments.
  • The Hillstone T-series Intelligent NGFW leverages a combination of statistical clustering, behavioral analytics, and correlation analysis to detect and prevent advanced attacks.
  • The Hillstone CloudEdge Virtual NGFW is a software/virtual firewall solution designed for virtual environments and multi-tenant and Firewall as a Service” model.

Hillstone NGFWs can be purchased directly from the manufacturer or via channel partners or authorized resellers. Online product demonstrations are also available on request.

10. WiJungle Unified Network Security Gateway

WiJungle is an Indian-based Unified Network Security provider that helps organizations manage and secure their network infrastructure through a single appliance. WiJungle’s all-In-one (unified) approach to network security eliminates the need for multiple stand-alone appliances like a router, firewall, VPN server, web gateway, load balancers, etc.

The product is designed to deliver network security solutions such as NGFW)/Unified Threat Management (UTM), Hotspot Gateway, Web Application Firewall (WAF), and more, all in one box. Gartner has recognized WiJungle among the highest rated vendors in network firewall in the 2020 Gartner Peer Insights “Voice of the Customer.”

WiJungle is available in different models ranging from entry-level hardware appliances targeted at small offices to high-end appliances designed for large businesses. It utilizes machine learning and AI to provide behavioral-based cyber threat detection and prevention.

  • Traffic shaping
  • Intrusion presentation system
  • Data loss prevention

WiJungle pricing is based on the estimated number of total concurrent user loads. Hence, price tends to increase with simultaneous users or sessions. License renewals are optional. Only the updates, support, and Free Transactional Messages (limited to the Indian market) are halted after the license expires. All other functionalities keep on working unhindered.