The firewall is the gatekeeper of your business network. It decides what traffic is allowed in and out, blocks malicious connections, and forms the first line of defence against cyber attacks. For decades, traditional firewalls from vendors like Fortinet, SonicWall, and WatchGuard have served this role reliably. But a newer approach — cloud-managed networking, led by Cisco Meraki — is changing how businesses think about network security.
The Cisco Meraki MX is not just a firewall. It is a cloud-managed security appliance that combines firewall, VPN, content filtering, intrusion prevention, and SD-WAN capabilities in a single device, all managed through a centralised cloud dashboard. For UK SMEs, particularly those with multiple sites or remote workers, this approach offers compelling advantages over traditional firewalls.
But is Meraki right for every business? This guide provides a thorough comparison between Cisco Meraki MX and traditional firewalls, helping you make an informed decision for your network.
Understanding Traditional Firewalls
Traditional firewalls are hardware appliances that sit at the edge of your network, typically between your internet connection and your internal network. They are configured and managed locally — either through a web interface accessed from within your network or via a command-line interface.
Established vendors like Fortinet (FortiGate), SonicWall, WatchGuard, and Palo Alto Networks have been producing business firewalls for decades. Their products are mature, well-understood, and supported by large ecosystems of trained engineers and resellers.
Traditional firewalls are configured by an engineer — either in-house or from your IT support provider — who sets up rules defining what traffic is permitted, configures VPN tunnels for remote access or site-to-site connectivity, enables content filtering and intrusion prevention, and manages firmware updates and security patches. All of this configuration is stored on the device itself.
Understanding the Cisco Meraki MX
The Cisco Meraki MX takes a fundamentally different approach. While it is still a physical appliance that sits at your network edge, its configuration is stored in and managed from the Meraki cloud dashboard. This means you can configure, monitor, and troubleshoot your firewall from anywhere with an internet connection — no VPN required, no need to be on the local network.
The Meraki dashboard provides a single pane of glass for managing not just the MX firewall but also Meraki switches, wireless access points, cameras, and mobile devices. For businesses with multiple sites, every location's network equipment is visible and manageable from one screen.
The MX includes enterprise-grade features as standard: stateful firewall, site-to-site VPN (auto-configured between Meraki devices), client VPN for remote access, content filtering, intrusion detection and prevention (IDS/IPS), advanced malware protection (AMP), and SD-WAN capabilities for intelligent traffic routing across multiple internet connections.
Cisco Meraki MX Strengths
- Cloud-managed from anywhere via dashboard
- Zero-touch deployment at remote sites
- Automatic site-to-site VPN configuration
- Built-in SD-WAN with dual-WAN failover
- Unified dashboard for all network devices
- Automatic firmware updates and security patches
- Excellent visibility and reporting
- Simple multi-site management
Traditional Firewall Strengths
- No ongoing licence fees for basic operation
- Greater configuration flexibility and granularity
- Higher throughput at lower hardware cost
- Works independently of cloud connectivity
- Larger pool of trained engineers
- More vendor options and price competition
- On-premises logging with no cloud dependency
- Full control over update timing
Feature-by-Feature Comparison
Let us compare the two approaches across the features that matter most to UK businesses.
| Feature | Meraki MX | Traditional Firewall |
|---|---|---|
| Management interface | Cloud dashboard (anywhere access) | Local web UI or CLI |
| Site-to-site VPN | Auto-configured between Meraki devices | Manual configuration required |
| Remote access VPN | Built-in client VPN | Built-in (varies by vendor) |
| Content filtering | Included in licence | Usually requires add-on licence |
| IDS/IPS | Included (Snort-based) | Included or add-on (varies) |
| SD-WAN | Built-in with intelligent path selection | Limited or requires separate product |
| Firmware updates | Automatic, cloud-managed | Manual download and install |
| Multi-site management | Single dashboard for all sites | Separate management per device (or central manager at extra cost) |
| Ongoing costs | Annual licence required | Hardware purchase + optional support renewal |
The Licensing Model: A Key Difference
The most significant difference between Meraki and traditional firewalls is the licensing model. Every Meraki device requires an active licence to function. If your licence expires and is not renewed, the device continues to pass traffic but loses all cloud management, reporting, and advanced security features. The licence effectively becomes the ongoing cost of ownership.
Meraki licences are typically purchased in one-year, three-year, five-year, or seven-year terms, with longer terms offering better per-year pricing. A typical Meraki MX licence for an SME-grade appliance costs between £400 and £1,200 per year, depending on the model and features.
Traditional firewalls, by contrast, can operate indefinitely without an ongoing licence for basic firewall functionality. However, advanced features like intrusion prevention, content filtering, and antivirus scanning usually require an annual subscription. When you add these subscriptions, the total cost of ownership gap between Meraki and traditional firewalls narrows considerably.
Approximate 3-year total cost of ownership for comparable SME firewalls including all licences and support (hardware + subscriptions)
When Meraki MX Is the Better Choice
The Meraki MX excels in specific scenarios that are increasingly common among UK businesses.
Multi-site businesses. If you have two or more offices, Meraki's auto-VPN feature alone justifies the investment. Adding a new site to your VPN mesh takes minutes instead of hours. The ability to manage all sites from a single dashboard reduces operational overhead dramatically.
Businesses without in-house IT. If you rely on a managed IT provider, Meraki makes their job significantly easier — and by extension, your support faster and more effective. Your provider can troubleshoot your firewall remotely without needing VPN access to your network, see real-time traffic data, and push configuration changes instantly.
Businesses needing SD-WAN. If you have multiple internet connections (for example, a leased line and a broadband backup), Meraki's built-in SD-WAN can intelligently route traffic across both connections, provide automatic failover, and prioritise critical applications — all without additional hardware or licensing.
One of Meraki's most compelling features for multi-site businesses is zero-touch deployment. You configure the device in the Meraki dashboard before it even arrives at the site. When someone at the remote office plugs it in and connects it to the internet, it automatically downloads its configuration from the cloud and starts working. No engineer visit required. For UK businesses with branch offices in remote locations, this can save thousands of pounds in engineer travel costs.
When a Traditional Firewall Is the Better Choice
Single-site businesses with tight budgets. If you operate from a single office and your primary concern is cost, a traditional firewall will typically offer lower total cost of ownership over a five-year period. The hardware is often cheaper, and you can choose which subscription features to purchase.
Businesses needing maximum configuration flexibility. Traditional firewalls like FortiGate and Palo Alto offer deeper configuration options than Meraki. If your network has complex routing requirements, unusual NAT configurations, or needs advanced firewall rule structures, a traditional firewall provides greater flexibility.
Environments with unreliable internet. While Meraki devices continue to forward traffic if they lose cloud connectivity, you cannot make configuration changes without an internet connection to the dashboard. If your internet is unreliable, this dependency could be problematic.
Security Considerations for UK Businesses
Both Meraki and traditional firewalls provide robust security when properly configured. However, the NCSC and Cyber Essentials scheme have specific requirements that both approaches can meet.
Cyber Essentials requires that your firewall blocks all incoming connections by default and only allows specific, documented exceptions. Both Meraki and traditional firewalls support this. The scheme also requires that default administrative passwords are changed, remote management interfaces are disabled or protected, and firewall rules are reviewed regularly. Meraki's cloud management makes the regular review process simpler, as all rules and their hit counts are visible in the dashboard.
For businesses handling personal data under UK GDPR, both approaches can provide the "appropriate technical measures" required for network security. The key is proper configuration and ongoing management — which is true regardless of whether you choose Meraki or a traditional solution.
Making Your Decision
The choice between Cisco Meraki MX and a traditional firewall is not about which is objectively better — it is about which is better for your specific business context. Consider your number of sites, your IT support model, your budget, your need for SD-WAN, and your tolerance for ongoing subscription costs.
For multi-site UK businesses with managed IT support, Meraki is typically the superior choice. The management efficiency, auto-VPN, and unified dashboard deliver value that far exceeds the licence premium. For single-site businesses on tight budgets with relatively simple requirements, a traditional firewall from Fortinet, SonicWall, or WatchGuard will serve you well at a lower cost.
Whichever approach you choose, the most important factor is proper configuration and ongoing management. A poorly configured Meraki MX provides no more security than a poorly configured FortiGate. Professional installation and management are essential regardless of the vendor you select.
Need Help Choosing the Right Firewall?
Cloudswitched deploys and manages both Cisco Meraki and traditional firewall solutions for UK businesses. We will assess your network requirements, recommend the most appropriate solution, and handle installation, configuration, and ongoing management. Get in touch for a network security review.
GET IN TOUCH
CloudSwitched
Centrally located in London, Shoreditch, we offer a range of IT services and solutions to small/medium sized companies.