Hi, can't seem to find this answer anywhere. Client (for security reasons) absolutely does not want a third party controlling their network from the cloud. how do i turn off the meraki cloud management and allow the router to be managed via a local web interface?
Solved! Go to Solution.
wow. that's... disappointing. looks like we have to quote the customer a more flexible solution. Thanks for the clear answer!
It has its pros and cons. But yea, if cloud is out of the question then you can't use Meraki. On the flip side, if a customer wanted no possible way for locally managed device even if factory reset, Meraki perfectly fits that need.
I have learned that it's hard to break up with old habits. People used to CLI, SSH and related logins to manage switches have a harder time getting used to Meraki. I do agree there are cases where a CLI could be beneficial, and I like a solution like Ruckus that offers CLI in addition to Ruckus Cloud web based management. Still, I love all the things you can do in the Meraki dashboard. Some things are more hidden and there is a learning curve to find where certain things are located, but overall it makes to simpler switch management, IMO.
Two things that people point to me when I mention Meraki are the lack of CLI and the annual subscription fees. Neither one has been a negative for our implementation.
@Doc1 its not dissapointing, that is the whole point of Meraki.... If you have misunderstood that concept thats not Meraki's fault.
@BlakeRichardson Wasn't casting aspersions at Meraki. I didn't recommend the solution to the customer, rather they bought it and had their previous IT consultant set it up. They simply didn't know that a thrid party company had full control of their network from outside their perimeter. when I pointed it out, they asked the question if there was a way to disable it. I didn't think so, but figured I'd ask anyway.
Just going to get them a sonicwall replacement and turn off cloud management, so their concerns can be addressed. Thanks, all!
Because a system is cloud managed doesn’t mean you’ve given a third party company full control of your network any more than trusting that the firmware installed on a Cisco/Aruba/Huawei device doesn’t provide a back door to your system for that organisation.
No user data passes through the Meraki cloud it only used for control, and Meraki have very strict controls and procedures in place about who has access to what. You can find a great deal of detail on this at https://meraki.cisco.com/trust. It is also possible to completely block access to your organisation if you believe it is sensitive:
I understand that this is a big step for some people, but I’d say it’s less of a risk than storing data in Microsoft OneDrive/M365, AWS, Azure or GCP - where the hosting company potentially has access to real information about your company and what it does. To that end I know that Government organisations in a number of jurisdictions trust the Meraki network platform, whereas they have specific M365 environments (deployed by Microsoft) specifically for Government and their agencies to meet their data storage requirements.
All up every customer should understand how their network is controlled and where their data is or isn’t stored, but please make sure that what you are communicating to clients is accurate and valid.
Hi Bruce, the client involved lost a huge investment when their cloud hosting went belly-up and the data became vulnerable to an external hack. so, they've pulled out from Onedrive and other cloud hosting - except for encrypted backups. The CISO pointed out, correctly, that Meraki depends on Cisco's own hosted web-based password security and protocols, and there's no way to isolate your router from dependency on this if you use a Meraki router.
The CISO wanted to be able to say that no individual or company outside their network can manage their routers. Meraki, as you correctly noted, doesn't support that option. So what I told the customer IS accurate and valid.
Again, I did not recommend this strategy to them. But I do agree if they are going with a Low/No-Cloud security posture, they will need a new router.
@Doc1 Just FYI Sonicnwall have cloud backups enabled by default so if the customer wants nothing to do with the cloud you will need to turn that off manually.