2019-12-12T05:52:00Z
MD
Sr Solutions Architect - Growth and E&U Vertical, Global Network Solutions, Digital Solutions at a comms service provider with 10,001+ employees
  • 2
  • 30

What are the biggest differences between Meraki and Sophos? Which one is good for security and SD-WAN?

I am a pre-sales consultant with 15+ years of experience in Telecom & ICT Pre-Sales, Business Analysis, & Enterprise Business Enablement.

I am currently researching Meraki and Sophos. What are the main differences between the two? Which one is good with security and SD-WAN?

Thanks! I appreciate the help.

5
PeerSpot user
5 Answers
NS
IT Manager with 11-50 employees
User
2019-12-12T16:24:02Z
Dec 12, 2019

I presume the topic is UTM appliances (as Meraki and Sophos have many products).

Any physical site connected to the Internet needs some kind of a firewall, yes? That firewall should be at the site (if it is "in the cloud" you lose performance/time/bandwidth, and you still might get a man-in-the-middle issue).

For 30-80 users, for devices with prices under $5000 with taxes and shipment (for appliance plus 3 years of full licenses and warranty/support), for me, there were only two real options: Sophos XG 210 and Fortinet FortiGate FG100E (both negotiated at/under C$4350+tax), with Dell NSA 2650 a distant third (includes only 1 or 2 years of licenses/support and is more expensive). I got the Sophos XB2133SUS part number (XG210) device with a bonus device for High Availability (part number XG21T3HUS) for less than C$4300+tax. Both devices (Sophos XG210 and Fortinet FG100E) have 6+ WAN/configurable ports. For performance, look at performance with all the security features enabled (Deep Packet Inspection, VPN, antivirus, etc).
I do SD-WAN using an extra device (~firewall) in front of the actual firewall.

Meraki is not well known for UTM firewalls (sorry), but may do SD-WAN and may manage mobile devices better. I am afraid of their ongoing costs - for example, Meraki Wireless Access Points may stop working completely if the support fee is not paid (and that is a total No-No in my books; I understand not to be able to make more changes - but to stop a service??). As I see, for many folks - ongoing costs are just an after-thought, so maybe it does not matter much. For me, what matters is the actual performance, the security features, Support, initial cost and ongoing (support/licenses renewal) cost.

Product comparison that may be of interest to you
it_user1150056 - PeerSpot reviewer
Managing Director at Onesecure
Real User
2019-12-12T07:53:10Z
Dec 12, 2019

To be honest, if you are still buying firewall appliances and UTM licenses you are already behind a very obvious requirement to move to Cloud security. Buying UTM does not solve the growing risk of mobility and cloud application delivery. It would be worthwhile reading Gartner's SASE paper on security transformation. Or research Zscaler, who has been delivering this model for 10 years.

If a user is in your network behind your UTM, what stops him from connecting to his mobile phone Hotspot and bypassing all UTM, DLP, etc. Security has to move from the network to the endpoint. Protection regardless of location, device or network. Anything less is a massive compromise and a false sense of actual security.

Elom Kutsienyo - PeerSpot reviewer
Systems Engineer at a tech services company with 51-200 employees
Reseller
2019-12-12T11:22:27Z
Dec 12, 2019

Sophos gives on-premise UTM functionalities that work like traditional UTMs (such as FortiGate, Firepower and the likes). Meraki MX devices are managed from the cloud and are subscription-based but also extremely easy to configure.

If you want a very easy to configure solution with a minimum IT staff and prefer OPEX over CAPEX, go with Meraki.

If you want on-premise control, and prefer CAPEX over OPEX, go with Sophos.

Tony Tuite - PeerSpot reviewer
Consultant at NFC/IT
Reseller
Leaderboard
2019-12-13T13:18:14Z
Dec 13, 2019

I haven't had any experience with Sophos, but in small business environments I've found the Meraki devices to be needlessly complex. As one who has worked quite a bit with enterprise Cisco devices, I can't say I'm surprised. In my opinion, complexity doesn't necessarily denote better functionality.

Most concerning to me, though, the Meraki devices also stop functioning entirely if you don't renew. their licenses, and it's some $500 per year *per device.* Any situation where a license not being reactivated can shut down your entire network is a huge concern, particularly at such high cost. We aren't talking Karen not being able to use Acrobat or something here... we're talking entire site outage. That is enough to make any technician worth their salt have a mild seizure.

CG
Associate Vice President - IT with 1,001-5,000 employees
User
2019-12-12T06:59:43Z
Dec 12, 2019

When it comes to Security, I have very good experiences with Sophos, I can say the security solution is absolutely great in Sophos. Whereas I have never used Meraki, so I can't comment anything on it.

SD-WAN; no experience on any of the requested products, so better not to make any false comment/advice.

Related Questions
Netanya Carmi - PeerSpot reviewer
Content Manager at PeerSpot (formerly IT Central Station)
Nov 24, 2021
How does Meraki MX compare with Sophos XG? Which is better and why?
2 out of 3 answers
GC
Management at Servimeg
Nov 23, 2021
Cisco mx64, for example, has 2 WANs, is very practical and simple for the two services, has a balancing for two internet services and bandwidth control (by groups and users).
LL
Network Engineer at Datafox OÜ
Nov 23, 2021
Meraki MX is a small business product and lacks a lot of features compared to Sophos XG/XGS. - IPsec IKEv2 does not work (it is in the menu, but does not work and can only be enabled by meraki support) - no SSLVPN or IPsec VPN client. AnyConnect can only be tested with beta firmware.  Cisco Client VPN (L2TP) is a total joke - not sure for who it is meant for? - no user based firewall rules (for VPN) - no firewall rule grouping - no masquerade option for DNAT (sometimes it is very useful if I can do a DNAT with masquerade to another subnet) - no VLAN tagging support on WAN port (would be usable for IPTV - solvable if WAN is bypassed through a managed switch) - no multiple IP support on WAN port (Sophos has alias support on every interface, which means that multiple IP addresses can be added on the same LAN or WAN port) - no LAG or LACP support (would be usable to connect aggregation switch to firewall to bypass more traffic through the MX) - no DAC cable support for SFP port (why I do have to use optical cable to connect aswitch?) - no custom IPS policies - only on/off button - no e-mail protection option (Sophos has it with extra license) - no web server protection (Sophos has it with extra license) - no sandstorm option (most firewalls have it with extra license) - hardware may probably too weak compared to the user count - no BGP, OSPF routing - no multiple VPN user groups and LDAP servers
Netanya Carmi - PeerSpot reviewer
Content Manager at PeerSpot (formerly IT Central Station)
Nov 24, 2021
Why?
See 2 answers
Nov 8, 2021
Cisco Adaptive Security Appliance (ASA) software is the operating software for the Cisco ASA suite. It supports network security and firewall options. We researched both Meraki and ASA. We liked that ASA provides a solid VPN setup and integrates with other Cisco security offerings. Cisco ASA is great for routing and accessing remote office locations via the remote VPN. We also liked the high availability and customizable nating (Network Access Translation). It is very reliable and easy to use. You can easily configure a site-to-site VPN to connect multiple sites. The support is great - they respond 24/7/365 and there is a lot of documentation available. The downside is that ASAs are aging. Therefore, Cisco ASAs are best suited to small businesses. If you need something affordable that gets the job done, ASA is a good option. We chose Cisco Meraki, because, in our opinion, it is a step forward from ASA. The level of security and intrusion detection is great, and because it is cloud-based, it is easy to change the configuration without downtime. Logging is very comprehensive, and management is very simple. The best feature is content filtering with granular control. Cisco Meraki offers advanced malware protection, including traffic shaping. Another feature we really like is that you can pre-configure devices before they arrive at the installation. It doesn’t work with DMVPN, which is a downside. Another feature that could use some improvement is reporting, which is not real-time. The price can get expensive but if you can afford it, a full-stack Cisco Meraki system does a great job keeping your network secure. Conclusions: If you want a robust but basic firewall, ASA is your best choice. Cisco Meraki is a better choice if you are looking for a next-generation firewall with advanced security features and easy management.
Frank Theilen - PeerSpot reviewer
IT Adviser/Manager with 51-200 employees
Nov 24, 2021
Meraki is designed for zero deployments and no in-house firewall specialist personnel. Best to secure Networks like remote offices, branches or home offices. Also to protect Internet Access (your computer accesses the internet). Cisco ASA is more of a professional firewall, not only protecting internet access but also providing security for publishing services like web servers, data centers, central services. They will need a specialist to install and support them. Therefore offer much more sophisticated protection features. So you can't really compare these solutions, as they are targeting different markets. You might compare Cisco to Sophos, but again, these are different protection solutions, one for network protection, the other for client protection. If you look only at the firewall part, you miss a lot in the total protection approach with Sophos.
Download Free Report
Download our FREE report comparing Meraki MX and Sophos UTM based on reviews, features, and more! Updated: November 2022.
DOWNLOAD NOW
654,218 professionals have used our research since 2012.