Looking at potential to replace my Checkpoint Firewall/Security with Meraki (MX100) due to reduction in capacity requirement and cost improvements. 1. Any experience, feedback, Insights, pros/cons, etc... on Meraki? 2. Any thoughts on comparision to Checkpoint? Thank you.
For long term total cost of ownership Fortigate is hard to beat. With them you can prepay maintenance or have a relatively small annual fee to keep lists current, etc, where with Meraki the annual fee is high so over the life of the product it will cost you quite a bit more for a similar sized unit. We have both and do like the meraki management, just need to decide if it is worth the $$.
We're currently a 100% Meraki shop (22 sites) and I used to be a certified CheckPoint engineer. The cloud configuration is great and it makes VPN connectivity a dream. The content filtering and security solutions are also wonderful. The only con I've got is their VPN solution isn't that great - it uses the built in Windows stuff.
Hope that helps some - happy to answer additional questions or discuss a specific configuration requirements.
We moved from SonicWall to Meraki. Meraki devices are really easy to use and configure. It is a bit more expensive than SonicWall, in line with Chris Wasmund's comment. We recoup that expense with reduced cost of administration. The UI and one-pane-of-view is clear with Meraki. You can find devices/rules quickly. It's easy to train people on how to use and configure it. Meraki's support has been good as well.
We found a few things Merakis were just not very good at. VPN is not its strong point. Double-NAT'ing is difficult and not very granular. If you want split tunneling but want all box.com traffic to go through your HQ, Meraki wasn't able to help us with that.
Call up Meraki folks and have them demo it. They are very honest and upfront about what you can and can't do. We really like Meraki. Their Z3/MX devices for teleworkers are just so simple to deploy compared to our previous solution. All in all, Meraki devices have saved us a significant amount of time without compromising our capabilities. I don't know Checkpoint so I couldn't give comparisons.