Cisco Meraki SD-WAN is a cloud-managed solution that simplifies and secures wide area networking across branch, campus, and remote locations. Built on Meraki’s dashboard, it delivers centralized visibility, automation, and traffic optimization without the complexity of traditional WAN deployments. The solution improves application performance by dynamically routing traffic based on real-time conditions, integrating advanced security, and providing seamless multicloud connectivity. With support…
N/A
pfSense
Score 9.9 out of 10
N/A
pfSense is a firewall and load management product available through the open source pfSense Community Edition, as well as a the licensed edition, pfSense Plus (formerly known as pfSense Enterprise). The solution provides combined firewall, VPN, and router functionality, and can be deployed through the cloud (AWS or Azure), or on-premises with a Netgate appliance. It as scalable capacities, with functionality for SMBs. As a firewall, pfSense offers Stateful packet inspection, concurrent…
At our level, we had to optimize our 3 internet links (MPLS and LTE) with applications like O365, SAP, Microsoft CRM Dynamics and our collaborative work tools like Teams. We also had to ensure that both client workstations and servers could communicate with minimal latency with our Microsoft Intune infrastructure.
I believe PFSense is well suited for both home lab environments as well as up to small to mid-size business environments on a tight budget. However, I would implore that anything in production requires the use of the authorized hardware that PFSense sells to receive support. However, in my experience, PFSense is a solid set-and-forget firewall solution.
Meraki has been beautifully done for people who are actually very lean on the IT infrastructure as in resources wise. So Meraki is a very good solution to give them the simplicity on a single glass plan where they can actually have visibility over all their networks on a single glass plane by a click of button, they could actually see what's happening. They could actually do troubleshooting on the fly, including packet capture, which is such a smooth feature. Usually myself including I've been have an engineering background, all my ears packet capture, I've never seen that smooth and easy to operate that you can actually have a high level understanding or deep level depending on how much you want to go in with the click of a button. That's so beautiful. I mean everything for me Meraki is point of kind of a go ahead for everyone.
Easy to use. Good user interface design! Easy to understand and easy to set up.
Lower hardware requirement. 3 years ago, we used an old PC to run it. Now, we have changed to a router device with Celeron CPU and 8GB RAM. It runs smoothly with a 1000G commercial broadband.
The platform itself is very feature-rich. One of the difficulties we find is that to do things, for example, in terms of monitoring and obtaining data, it's not consistent. There are multiple interfaces to get them, but you can't get the same data through all interfaces. So you end up having to try to find either the least common denominator or we have to build our own code that then mines through all the interfaces and that becomes very problematic.
The other problem we've found is that there are issues where the same amount of expected software quality isn't really there in all releases. Cisco breaks things out by like shorter or long-lived release trains. And the long-lived release trains tend to have good quality by the time you get to the second or third release within it. But then those are skips. There are like 12, 18 months skips in between those. So if you start releasing features on versions in between there practically to be safe, you have to wait until you know much later. So to be able to see new future capabilities as they come out and deploy those readily needs to improve, it needs to be much faster.
I did kind of mention a Con in the Pro section with OpenVPN.
When I create a config for an employee other employees are able to login to that config.
I could be doing something wrong when I am making it - I am not afraid to admit that as I am pretty new to all of this, but it seems like it builds a key and I would think the key would be unique in some way to each employee, but I could be wrong.
I actually do not have a lot of Con's for this software - I did not get to set this up on our work network so I am not sure of any downfalls when installing.
I installed this on my personal machine in a Hyper-V environment to get a feel for it before I started working on it at work and it seemed pretty smooth. I didn't run into any issues.
Because so far the solution showed great stability during the time, easy to use and deploy. There is still room for improvements like adding a smarter way to manage the policies to apply to the tunneled traffic, today the way to configure and manage them is quite old style, It would be better an "object" oriented way to create them.
The pfSense UI is easy to navigate and pretty go look at. It is much better than some high dollar firewalls that just throw menus you you. The pfSense UI is quick and responsive and makes sense 99% of the time. Changes are committed quickly and the hardware rarely requires a reboot. It just runs.
Fast and efficient. The only issue currently is that the support is only overseas support and not in South Africa, which causes delays in resolution for some cases. Escalating issues is quite simple and the opening of new cases from the dashboard is easy. I have never had a support issue that could not be resolved.
Cisco Meraki SD-WAN is way more easy to configure as they do not use a command line interface, but a graphical user interface. Cisco Meraki SD-WAN also has configuration templates, which allows for multiple devices configuration with much less effort than conventional command line interface devices. Monitoring is also a benefit over regular devices.
Meraki has a unified management login for all devices, which is nice. It also has decent content filtering, both areas where pfSense is weaker. Where pfSense far ouclasses Meraki is in the ease of use and the other width of features. These include features such as better VPN interoperability, non-subscription based pricing, auditability, not relying on the infrastructure of a third party, more transparency of what's actually going on, easier to deploy replacements if hardware fails. Additionally, the NAT management for pfSense seems to be a bit better, as you can NAT between any network segment and not just the LAN segments out the WAN interfaces.
Being a cloud-first solution, Meraki Dashboard will scale as needed without any effort for the client. The Meraki cloud will provision (upscale and downscale) the resources as you grow or shrink in size. You only have to physically install the MX on your site, all the management is one through the Internet via Meraki Dashboard. Worth noting that you can fully-configure the MX prior to the physical installation on site.
Cisco Meraki SD-WAN gave us a new perspective on SDN, ZTP and other automation tools we didn't have before
The sizing of Meraki MX series cannot compete very large and robust networks, only if we use virtual appliances. In this case, I would recommend on other vendors like Fortinet
pfSense can be installed on commodity hardware with no licensing fees. With a simple less than 10 minute restore time, on most hardware, it's an extremely inexpensive way to achieve the same results that some of the more expensive vendors provide.
The easy to use interface has allowed configuration management to be preformed by lower level technicians with quick and easy training.
