Analysis of the SMB Firewall Market:
Cisco Meraki vs. SonicWall vs. Sophos


Examining the feature set, license options, and organizational fit of leading cybersecurity solutions

It’s the nature of technology that last generation’s most advanced and rarefied tools eventually become more widely accessible. For SMBs, that’s an excellent thing because it means that enterprise-grade protections for their digital assets are now both economical and customizable to their particular operations.

With cyberattacks on the precipitous incline, most SMBs are taking a closer look at the technologies that form their first line of defense: Firewalls.


Feature Comparison

The three market-leading options, Cisco Meraki, SonicWall, and Sophos, are each capable of performing several vital cybersecurity roles, including:

  • Network Firewalling
  • Intrusion Detection
  • Intrusion Prevention

All three include extensive feature sets with support for the following:

  • Traffic Shaping and Priority Queuing
  • Stateful Inspection
  • Deep Packet Inspection
  • Anti-malware
  • Anti-Bot System
  • On Appliance Reporting
  • VPN
  • Application control
  • GeoIP blocking
  • Spam Email Filtering
  • Cloud Deployment
  • SSL Decryption

All three are available on a wide range of devices and operating systems, including:

  • Windows
  • Android
  • iOS
  • Windows Terminal server
  • Mac
  • Linux


Licensing Options

Not every feature available for these products is included by default. That will depend on your licensing arrangement. 


Cisco Meraki

Licensing and centralized management for all Cisco Meraki products is facilitated via the Meraki cloud, which offers licenses on a per device, per year basis (with set duration and expiration dates). Every Meraki hardware component requires a cloud license or it will not function properly or move traffic.

The three licensing editions suitable for SMBs are:

  • Advanced Security 
  • Enterprise
  • Secure SD-WAN Plus 

All three include:

  • Zero-touch provisioning and firmware updates
  • Site-to-site Auto VPN
  • Automatic WAN failover
  • Sub-second site-to-site VPN failover and dynamic path selection
  • Source based routing and IP-based local breakout
  • Cellular failover

Advanced Security and SD-WAN Plus add:

  • Geo-based firewall rules
  • Content filtering
  • Cisco Advanced Malware Protection (AMP)

But only SD-WAN Plus, which is designed for organizations reliant on SaaS, IaaS, and data centers, includes:

  • Advanced QoE analytics (Web app, VoIP, and WAN health)
  • App-based local breakout



SonicWall offers two suites of products and four subscription bundle options:


  • Comprehensive Gateway Security Suite (CGSS)

Includes Gateway Antivirus, Anti-Spyware, Application Intelligence and Control Service, and Content Filtering Service. 

  • Advanced Gateway Security Suite (AGSS)

AGSS includes all the features of CGSS, but adds the additional security option: Capture Advanced Threat Protection (CATP), which blocks zero-day attacks and deploys remediation signatures to other network appliances.


  • TotalSecure (CGSS)
  • TotalSecure – Advanced Edition (AGSS)
  • Secure Upgrade Plus (CGSS)
  • Secure Upgrade Plus – Advanced Edition (AGSS)



The base license for Sophos is required for all its hardware and virtual firewalls and is perpetual. Additional features are available in 1, 2, or 3-year subscriptions. They offer these features in a number of bundles::

  • FullGuard: Protection for Network, Web, Email, and Web Server
  • FullGuard Plus: Same as FullGuard + Sandstorm protection
  • EnterpriseGuard: Protection for Network and Web
  • EnterpriseGuard Plus: Same as EnterpriseGuard + Sandstorm protection
  • TotalProtect: XG Hardware Firewall or Virtual Appliance + FullGuard
  • TotalProtect Plus: XG Hardware Firewall or Virtual Appliance + FullGuard Plus
  • EnterpriseProtect: XG Hardware Firewall or Virtual Appliance + EnterpriseGuard
  • EnterpriseProtect Plus: XG Hardware Firewall or Virtual Appliance + EnterpriseGuard Plus

Sandstorm is Sophos’ proprietary sandbox defense technology, a dedicated cloud environment for investigating zero-day exploits and other high risk threats.

Support comes in two options: Enhanced and Enhanced Plus, which includes direct access to senior tech support and a warranty for any connected Sophos device.

Licenses for Sophos’ hardware products are limited only by the potential of the hardware. Virtual firewalls, however, are priced according to the maximum number of CPU cores and the amount of the RAM available to them.

Sophos also supports Active-Active (cluster) and Active-Passive (standby) modes, and each Active firewall requires its own license.

  • Active-Active: Each firewall must run the same subscriptions (but expiry dates need not match)
  • Active-Passive Hardware: Only the active product requires a subscription
  • Active-Passive Virtual: Require one Active license to initiate passive instances


Make Defense a Priority

Firewalls are a proven technology for efficiently and securely controlling incoming and outgoing network traffic. For SMBs, it’s an essential link in their primary defenses to cyberthreats, verifiably governing transfers and limiting them only to trusted networks.

However, selecting and implementing the right firewall solution for your business can be a complex undertaking — and the consequences of making a mistake are great, including exposure to avoidable risks, loss of sensitive data, network slowdowns or outages, or simply overpaying for services and licenses that aren’t tailored to your needs and delivering maximum value and protection.

Need help finding the most economical and secure path to protecting your SMB’s data assets, employees, and customers? D2 Integrated Solutions takes a pragmatic and collaborative approach to IT. Contact us today.

Analysis of the SMB Firewall Market:
Cisco Meraki vs. SonicWall vs. Sophos