We have Meraki Mx devices now, we are looking to replace them. But that is because the Meraki MX platform lacks SSL Inspection, Granular Firewall rules (Block only, no allow setting), client vpn relies on windows vpn setup (we would prefer a software solution).
But when we bought Meraki's we were switching from something with little to no visibility into the network. The visibility we got with the meraki and the content filtering and ability to block countries was quick and easy to setup. If we weren't looking to lock things down further, we would renew our Meraki's rather than replace them.
We are also looking at the fortigate series, but we would be using the latest generation - I think the 60f would be the newest of the 60 size.
I recommend that using a Sonicwall as the peripheral firewall as you can easily configure the firewall rules to block certain countries. Its ease of use and SSL inspection and many other features and reporting features are more than sufficient for a small company.
You don't need a dedicated IT department, Sonicwall provide cloud-based support services that can assist you 24hrs/ 7 days.
To enhance the firewall protection further, we also deploy ZoneAlarm and webroot security firewalls at the desktops level. We also have several firewalls routers to safeguard very important servers, giving an onion-like "layers defense" structure.