Best Cisco Meraki Firewall Alternatives

The Cisco Meraki firewall provides 100% cloud-managed security & SD-WAN solutions to small businesses, branch offices, data centers, and distributed enterprise environments. They are no doubt a great product with a strong focus on simplicity. It is reasonably simple and easy to understand and manage. If you are looking for a security solution to protect your fluid network infrastructure located on-premise and in the cloud—SaaS, IaaS, and PaaS-based infrastructure, the Cisco Meraki firewall is a good choice.

However, if you figured out that Cisco Meraki firewalls are not best suited for your environment and you’re considering a suitable alternative, you’ll find lots of them out there. Choosing the right one for your business and budget can sometimes be challenging. When evaluating different solutions, you need to ensure that the various functionalities address your security risks and policy requirements. You don’t want to get caught up in the sales and marketing hype that tends to surround most security products. It’s crucial to compare competencies in specific product capabilities, integration and deployment, and service and support.

In this article, we will review the ten best Cisco Meraki MX firewall alternatives in the market. Hopefully, this will guide you in the process of selecting the right one for your environment.

The best Meraki firewall alternatives

1. FortiGate Network Firewall

FortiGate Network Firewall
Figure 1.0 Screenshot showing FortioS configuration interface

The FortiGate network firewall is among the leading next-generation firewalls (NGFW) in the market. It has been recognized as a leader in the 2020 Gartner Magic Quadrant for Network Firewalls. FortiGate NGFW supports deployments across physical, virtual, and cloud environments. It’s available in different models ranging from entry-level hardware appliances targeted at small offices to ultra-high-end appliances designed for data centers and multi-tenant cloud environments, as well as virtual software appliances for deployment on your hardware.

FortiGate NGFW is powered by FortiOS software, enabling the Fortinet Security Fabric—an adaptive architecture providing integrated detection and automated responses to cybersecurity threats. Additionally, it utilizes machine learning and AI to offer behavioral-based cyber threat detection and prevention. Key features include:

  • Software-defined wide area network (SD-WAN) and NGFW
  • Anti-malware, IP reputation, and SSL inspection
  • Advanced persistent threat protection
  • Intrusion prevention and detection
  • Email, web, and content filtering
  • Data loss prevention (DLP)
  • Virtual private network (VPN)
  • Integrated WLAN controller
  • Cloud sand-box

Fortinet licenses NGFW security features which it calls FortiGuard Services, on a per-device basis. FortiGuard Services are available as a single subscription or software bundle with or without hardware. FortiCare device-based support is the foundation of the support services, providing firmware updates, technical support, and foundational FortiGuard subscriptions. Customers can also purchase advanced premium support services to complement the standard FortiCare support plan.

2. Check Point NGFW

Check Point NGFW
Figure 2.0 Check Point Autonomous Threat Prevention interface

Check Point has one of the best NGFW solutions for small, midsize, large-scale, and data center organizations. It is recognized as a leader in the Gartner 2020 Network Firewall Magic Quadrant for its enterprise-quality security features and ease of management. Check Point’s NGFW is available in different models ranging from entry-level hardware appliances targeted at small and branch offices to high-end appliances designed for data centers and large enterprises and appliances for Industrial Control Systems (ICS) and SCADA networks.

Key features include firewalls, IPS, IPsec VPN, anti-bot, antivirus, email security and anti-spam, application control, mobile access, URL filtering, identity and content awareness, policy management, among others. In addition to the above features, Check Point’s software bundle comes enhanced with OS-level sandboxing technology called  SandBlast Threat Emulation and Threat Extraction to prevent zero-day and other targeted attacks.

One good thing about Check Point NGFW products is it’s easy to use user interface and consistent software architecture for all models, both high and low ends. It also tried to incorporate various features and functionality for a wide range of network sizes and use cases.

Check Point’s licensing is designed to be scalable and modular. To this end, Check Point offers both predefined packages and the ability to custom build a solution, which it calls software blades. So, for example, say you want to use a firewall, IPS, and IPSec VPN; you would need a software license for those blades.

Check Point is best suited for midrange organizations seeking strong security and robust management features. The sheer number of different products and security features can sometimes be overwhelming. If you don’t need every security feature it offers out of the box, you might be better off purchasing a more focused product with fewer features.

3. Juniper NGFW

Juniper NGFW
Figure 3.0 Screenshot showing Junos Security Director dashboard

Juniper Networks is known to deliver high-performance NGFW that provide granular control and visibility from client to cloud. Juniper has been recognized as a challenger in the 2020 Gartner Magic Quadrant for Network Firewalls. Juniper gives you the flexibility to deploy its network firewall as physical (SRX series), virtual appliance (vSRX), and containerized firewalls (cSRX).

  • The SRX series physical hardware appliances are designed for SMBs and mid-size organizations, data centers, and large enterprises.
  • The vSRX virtual firewalls are designed to secure public cloud environments
  • The cSRX container firewalls are designed to secure applications running in containers and microservices.

Junos OS is the network operating system that powers appliances. Junos Space Security Director is the central manager for all Juniper NGFW. It provides security policy management for all physical, logical, and virtual firewalls through a centralized web-based interface. Some of the key features and capabilities of Juniper NGFW include:

  • Control web browsing through robust URL filtering categories, and block malicious websites
  • Prevent unauthorized use with user-based security policies and segmentation
  • Network anti-malware protection and web filtering
  • High-risk application identification and control
  • User identification and access control
  • Juniper advanced threat prevention
  • Intrusion detection and prevention
  • Real-time protection

Juniper licensing is based on subscription. To use a licensed feature, you need to purchase, install, activate, manage a license that corresponds to each licensed feature. You can administer and manage the permits through the Juniper Agile Licensing Portal.

4. Huawei Unified Security Gateway (USG)

Huawei Unified Security Gateway (USG)
Figure 4.0 Screenshot showing Huawei USG admin dashboard

Huawei network firewall solution, which it brands as Unified Security Gateway (USG), provides integrated NGFW security for midsize, large enterprises, chain organizations, cloud service providers, and large data centers. Huawei is a well-known brand in Europe, the Middle East, Africa, and Asia (EMEAA)  markets. Huawei USG was named as Customers’ Choice in 2021 for Gartner Network Firewalls. It was also recognized as a challenger in the 2020 Gartner Magic Quadrant for Network Firewalls.

Huawei USG firewall solution comes in desktop, rackmount, data center (DC) chassis, and software virtual appliance model, giving you the flexibility to deploy as hardware or software virtual appliance in a physical or virtual environment.

  • Desktop model: The Huawei HiSecEngine USG6500E series such as USG6510E and USG6530E is the desktop hardware AI firewall appliance targeted at SMBs, branch offices, and franchise businesses.
  • Rackmount model: HiSecEngine USG6500E series (fixed-configuration), USG6600E and USG6600F series and USG6700E series (fixed-configuration) are hardware rackmount AI NGFW designed for small and medium-sized enterprises, chain organizations, institutions/campuses, and data centers.
  • DC Chassis model: The USG9500 series such as USG9520, USG9560, and USG9580 is an all-in-one data center model that delivers up to 1.92 Tbit/s in firewall throughput to cloud service providers and large-scale enterprise campus networks.
  • Software virtual appliance model: The Huawei USG6000V series such as USG6000V1 to USG6000V8 is a software virtual appliance model designed to run in virtual environments, providing virtualized gateway services vFW, vIPsec, vLB, vIPS, vAV, and vURL Remote Query.

One of the remarkable features of the Huawei USG NGFW solution is the innovative AI capabilities it brings to threat defense. Other features include application control, IPS, bandwidth management, URL filtering/web protection, antivirus, VPN, DLP, DDoS mitigation, policy management, among others. All Huawei USG products can be purchased directly from Huawei or via accredited partners.

5. Sophos SG Firewall

Figure 5.0 Screenshot showing Sophos UTM manager dashboard

Sophos gives you the flexibility to deploy its network firewall as hardware (SG series), software (virtual appliance), or cloud-based appliance. One good thing about this product is that Sophos provides a free tool called Sophos UTM Manager (SUM) to centrally manage all your appliances from a single, centralized management console. It’s a good thing because most vendors usually require some form of licensing or subscription to unlock this feature. The Sophos SG series firewall appliance comes in Desktop, 1U, and 2U models.

  • The Desktop model such as the SG 105/105w, SG 115/115w, SG 125/125w, and SG 135/135w (“W” signifies support for a wireless network) is the entry-level range targeted at SMBs and remote offices.
  • The 1U model, such as SG 210, SG 230, SG 310, SG 330, SG 430, and SG 450, is the mid-range solution ideal for many medium-sized organizations.
  • The 2U model, such as SG 550 and SG 650, is the high-end solution targeted at larger organizations and data center environments.

Some of the critical features or modules of Sophos firewall include but are not limited to:

  • Next-generation firewall (NGFW) protection
  • Email Protection, encryption, and anti-spam
  • Site-site and remote access VPN
  • Mobile network access control
  • Data loss prevention (DLP)
  • Advanced threat protection
  • Endpoint protection

Sophos licensing is based on subscription. You can either subscribe individually to those modules or purchase a single pre-packaged FullGuard license. The Sophos standard support provides access to manual updates, knowledge base, community forum, and return and replace services. Premium support gives you 24/7 technical support from Sophos Support engineers, automatic updates, and advanced replacements. If you think Sophos UTM is right for your business, follow the steps below to complete the buying process.

  1. Choose your deployment model: hardware, software, virtual or cloud-based appliance.
  2. Choose your license: pre-packaged license or license modules individually
  3. Choose your add-ons: take advantage of add-ons such as subscription extensions,  centralized management, and reporting options, among others.

6. WatchGuard Firebox

WatchGuard Firebox
Figure 6.0 Screenshot showing Watchguard cloud dashboard

WatchGuard network firewall solution, which it brands as Firebox, delivers an all-in-one network security platform and protection for primarily small, midsize, and distributed enterprises. It does not directly address large conglomerates or big data centers. However, it is among the industry’s finest when it comes to performance.

WatchGuard Firebox comes in tabletop, rackmount, and software virtual appliances to give you the flexibility to deploy the solution as a hardware appliance in a physical environment or as software in a virtual or cloud infrastructure.

  • Tabletop Firebox appliances: Just as the name implies, these are small form-factor, high-performance, tabletop hardware appliances ranging from T15 to T80 designed for home office, SMB, and branch office locations.
  • Rackmount Firebox appliances: The 1U rack-mount appliance ranging from M270 to M670 is designed for small and growing midsize businesses, and M4600 and M5600 is targeted at distributed enterprise organization.
  • Virtual/cloud Firebox solution: FireboxV and Firebox Cloud is the software version of the Firebox with all of the security and performance required for any size organization moving their IT infrastructure to a virtual environment—private or public cloud.

Some of the critical features of WatchGuard’s Firebox solution include a stateful firewall, IPS, URL filtering, gateway AV, application control, and antispam, and features for combating advanced threats such as file sandboxing, data loss prevention, ransomware protection, and more. All WatchGuard hardware includes a one-year hardware warranty. In addition, WatchGuard sells subscriptions for the security software modules for Firebox appliances, either individually or as a suite.

Your support license gives you access to updates and enhancements and all new releases at no cost. In addition, customers can purchase a subscription to Standard, Plus (24/7), Gold, or Premium that offers a higher priority to your support case. If you are considering WatchGuard Firebox solution for your business, the steps below will guide you in your buying decision:

  1. Choose your product or appliance type
  2. Select your preferred security package—Total Security Suit or Basic Security Suite
  3. Contact a WatchGuard certified reseller

7. SonicWall Firewall

SonicWall Firewall
Figure 7.0 Screenshot showing SonicOS configuration interface

SonicWall has been in the firewall business from the earliest days. The SonicWall Firewall supports deployments across physical, virtual, and cloud environments. Its appliances are powered by a software called SonicOS that enables all the security and networking features.

The SonicWall network firewalls are grouped under the following categories:

  • SonicWall TZ SOHO Series: These are entry-level products (wired and wireless models) that combine threat prevention and SD-WAN technology, targeted at SMBs and remote offices.
  • Network Security Appliance (NSA) series: These are hardware appliances that range from NSA 2650 series to NSA 9650 series and are targeted at mid-sized networks to distributed enterprises and data centers.
  • Network Security Services Platform (NSSP) series: These are also hardware appliances made up of  NSSP 12400 and NSSP 12800 series that combine cloud intelligence with appliance-based protection, designed for large distributed enterprises, data centers, and service providers.
  • Network Security Virtual (NSV) series: These are virtual firewalls that range from NSV 10 to NSV 1600, designed to deal with vulnerabilities within virtual environments.

One notable feature of SonicWall firewalls is the availability of an integrated cloud-based centralized management service called Capture Cloud Platform and online live demos that helps you experience real product demonstrations without going through the trouble of putting a test box in your environment. Other key features include:

  • Web content filtering and application identification
  • Anti-malware, IP reputation, and SSL inspection
  • LS/SSL/SSH decryption and inspection
  • Traffic visualization and analytics
  • Networking, Wireless, and VoIP
  • NGFW, IPS, and VPN features
  • Management and monitoring
  • Integrated WLAN controller

SonicWall licensing is subscription-based, and it comes with standard and premium support. Before deciding to purchase or renew your subscription, you first need to determine the appliance type, model, and subscription right for your business.

8. Forcepoint NGFW

Figure 8.0 Forcepoint NGFW main dashboard

Forcepoint NGFW protects enterprise networks and remote offices with high-performance “intelligence aware” security, supported by real-time updates. It combines true SD-WAN, intrusion prevention, and seamless integration with cloud-based SASE security to keep your network and data safe. Forcepoint NGFW supports deployments across physical, virtual, and cloud environments. 

Through the Forcepoint NGFW Security Management Center (SMC), administrators can deploy, monitor, and update up to 2000 Forcepoint NGFW appliances from a single centralized management console. Key features and capabilities include Unified software for physical and cloud deployments (AWS, Azure, VMware), sidewinder security proxies for mission-critical applications, SD-WAN connectivity, built-in IPS with anti-evasion defenses, policy-driven centralized management, whitelisting/blacklisting by the client application and version, anti-malware sandboxing, and much more.

The Forcepoint NGFW  are grouped under the following categories:

  • The Forcepoint 6200, 3400, and 3300 series are physical appliances targeted at data centers and campus networks
  • The Forcepoint 2100 and 1100 series are physical appliances that provide security at the network edge
  • The Forcepoint 300, 120, and 60 series are physical appliances targeted at remote sites and branch offices
  • The Forcepoint 50 series are physical appliances targeted at SMBs or home offices
  • Unified Forcepoint NGFW software is a software/virtual appliance designed to protect cloud and virtual infrastructure

Forcepoint NGFW pricing varies according to the capacity and the capabilities desired. A free 30-day trial or customized demo is available on request.

9. Hillstone NGFW

Hillstone NGFW
Figure 9.0 Hillstone T-series firewall dashboard showing network risk status

Hillstone Networks has emerged as a global competitor in the network firewall space. Its NGFW products, such as Edge Protection solutions, help enterprises, and service providers mitigate cyber-attacks and infrastructure breaches. As a result, Hillstone Networks was included in the 2020 Gartner Magic Quadrant for Network Firewalls for their ability to execute and completeness of vision. It has also been recognized in Gartner 2021 Peer Insights Customers’ Choice for Network Firewalls.

Hillstone NGFW products scale from small to large campuses to carrier-class multi-tenant data centers and provide flexible deployment options across physical, virtual, and cloud environments. Key features include network firewall and VPN features, antivirus and intrusion prevention, web/URL filtering, IP reputation protection, botnet C&C prevention, IoT, and security.

The Hillstone NGFW  products are grouped under the following categories:

  • The Hillstone A-series NGFW are physical appliances that provide edge protection for physical enterprise networks
  • The Hillstone E-series (E1000-E5000) NGFW are designed for security and provide visibility and control of applications for a multi-tenant solution in the virtual environment.
  • The Hillstone X-series NGFW such as X10800, X8180, and X7180 are designed for data centers and multi-tenant cloud-based security-as-a-service environments.
  • The Hillstone T-series Intelligent NGFW leverages a combination of statistical clustering, behavioral analytics, and correlation analysis to detect and prevent advanced attacks.
  • The Hillstone CloudEdge Virtual NGFW is a software/virtual firewall solution designed for virtual environments and multi-tenant and Firewall as a Service” model.

Hillstone NGFWs can be purchased directly from the manufacturer or via channel partners or authorized resellers. Online product demonstrations are also available on request.

10. WiJungle Unified Network Security Gateway

WiJungle Unified Network Security Gateway
Figure 10.0 Screenshot showing WiJungle Unified Network Security Gateway dashboard

WiJungle is an Indian-based Unified Network Security provider that helps organizations manage and secure their network infrastructure through a single appliance. WiJungle’s all-In-one (unified) approach to network security eliminates the need for multiple stand-alone appliances like a router, firewall, VPN server, web gateway, load balancers, etc.

The product is designed to deliver network security solutions such as NGFW)/Unified Threat Management (UTM), Hotspot Gateway, Web Application Firewall (WAF), and more, all in one box. Gartner has recognized WiJungle among the highest rated vendors in network firewall in the 2020 Gartner Peer Insights “Voice of the Customer.”

WiJungle is available in different models ranging from entry-level hardware appliances targeted at small offices to high-end appliances designed for large businesses. It utilizes machine learning and AI to provide behavioral-based cyber threat detection and prevention. Some of the key features and capabilities include:

  • Bandwidth Management & Quality Of Service
  • Anti-Malware With Ransomware Protection
  • Intrusion Detection & Prevention System
  • Load Balancing & Link Aggregation
  • Intrusion Prevention System
  • Data Leakage Prevention
  • User/Guest Management
  • Virtual Private Network

WiJungle pricing is based on the estimated number of total concurrent user loads. Hence, price tends to increase with simultaneous users or sessions. License renewals are optional. Only the updates, support, and Free Transactional Messages (limited to the Indian market) are halted after the license expires. All other functionalities keep on working unhindered.