All taken in good spirit
I enjoy being challenged. I’m wrong all the time - and I look forward to learning where those areas are.
Neither Fortinet nor Cisco need our defense - they both stand on their own.
What I’m trying to convey is that they serve different purposes. I will also be the first to admit that my decision making is biased towards not giving energy to things which don’t need it.
Fortinet gives you more knobs to tweak - a broader range of capabilities. It just comes at the expense of demanding more attention.
I wouldn’t use Fortinet unless I had permanent network skillset on my team. Be that hired or through a vendor - the solutions pretty much demand ongoing attention. With Meraki, you don’t need it.
The total cost of ownership of either solution in a mid sized environment is relatively the same. You need all the devices supported either way, and the labor costs of the one offset the direct monetary
costs of the other.
I’m sure someone will drop a comparison in here about a ms225-48fp + 5yr service contract /vs/ FS-248E-FPOE to prove the point that the cost is half that of the meraki. But that’s not a fair comparison. To get an apples-apples you need the 248F, the forticare, the fortilan cloud, and the administrative overhead required to ensure the devices are only accessible via MFA-protected means. The cost ends up being about the same. We can do this same conversation on any of the products. It doesn’t really work out cheaper - and that’s by design.*
I concede that Fortinet gives you a lot more freedom in the hardware after you’re done with it in production - but that doesn’t necessarily matter in the context of this conversation. The organization is buying it, not you. And that organization is done with it when it leaves support either way. You can get similar resale value out of a piece of pulled Meraki as you can fortigate. So end of the day - whatever.
Let me stress that this isn’t a question of which is better. They are both good. What this is a question of is how much attention you want to dedicate to networking, if you need to do something that Meraki can’t do, and how you want to pay for the networking you need.
This concept of fitting solutions strengths to your needs extends out to all shapes and sizes. You can’t justify either of these solutions for small networks, nor large ones. Small networks are better served by solutions targeting them - a small-biz mesh system or something like MerakiGo/Omada/Unifi. Similarly, large networks are better served by solutions targeting them - full-fat cisco/HPE(Aruba)/Extreme implementations.
I don’t know what Jeremey’s requirements were when they chose Meraki the first time, nor how their environments have changed in the intervening years.
What I do know is that across tons of 5-year TCO studies, Meraki and Full-stack Fortinet have practically identical fully-burdened lifecycle costs when comparing apples to apples.
With all the above as context - to answer your two questions.
#1 - We never really own anything where the primary function is delivered via software. Whether this is good or bad is a fascinating debate that I am no stranger to. I concede that there is more flexibility with what you can do with the fortigate after you stop paying them - but it doesn’t matter in the context of an organization buying these systems. They buy them to use them, and during their use they must be supported owing to security, governance, or insurance policies. Even if fortigate doesn’t (yet) force you to buy them, your internal policy should be doing so. What happens after the gears life is over within the context of that organization is of no concern to said organization^.
#2 - You demonstrated that you had an operational requirement to do something more than Meraki could give you, so you made a change. Great. That falls perfectly within the framework of this conversation.
*Not to belabor the point - but fortinet has no desire to be cheaper than Meraki, and have assured their investors they are on a path towards improving their image, making their cloud offerings better, and meeting the price point of Meraki. You’re seeing this already with products increasing in price, and some beginning to have compulsory maintenance.
The difference being that Fortinet will maintain the illusion of affordability by making features split up across a bunch of SKUs - where no individual part is that expensive, but the whole is no cheaper than competition.
^Even if it should potentially be of concern to society. But trust me - down that road fortigate is functionally no better than Meraki.