Meraki

Community

How to replace Sophos SG by Meraki + Secure Connect

Daniel-BC
Comes here often
‎Sep 27 2024 4:52 AM
‎Sep 27 2024 4:52 AM

How to replace Sophos SG by Meraki + Secure Connect

Hi Experts,

as a consultant I find myself challenged to replace existing Sophos SG Firewall with Meraki + Secure Connect. At present the end customer has set some rules, which seem not to be replaceable 1-2-1. How do we solve the following requests:

a) Masking to create DNAT rules

b) transparent proxy

c) Sophos RED has a (permanent) connection to external service providers, restriction of rights to SQL access

d) Not a full web application firewall.
e) Live firewall protocol for problem analysis not available


Hoping for your expertise, how to offer the same or even better solution by using Meraki and Secure Connect. Thank you in advance!
Daniel

0 Kudos
4 Replies 4
cmr
Kind of a big deal
Kind of a big deal
‎Sep 27 2024 6:31 AM
‎Sep 27 2024 6:31 AM

As someone who managed Sophos SG and XG for quite a few years, can you expand a bit on what exactly you want as a-d are correct, but there might be ways to cover them off.

 

For e) this is now available, see below:

 

cmr_0-1727443855586.png

 

If my answer solves your problem please click Accept as Solution so others can benefit from it.
0 Kudos
Daniel-BC
Comes here often
‎Sep 27 2024 7:32 AM
‎Sep 27 2024 7:32 AM

Thank you cmr for taking this topic.
How to cover "a-d" off by using MX (or Meraki in general) and Secure Connect, that is exactly my lack of knowledge. Can you inform me, high level, what the solution would be?
best wishes 🙂  

0 Kudos
RobustMeraki
Getting noticed
‎Oct 1 2024 12:48 AM
‎Oct 1 2024 12:48 AM

Hi everyone,

I think what Daniel is trying here is to get his points a-e which Sophos already offers - to replace it with a Meraki Solution and if needed adding Secure Connect or Cisco's Security Softwares to it. 

 

It should be fully able to replace the exisiting Sophos solution that the customer is using. If at all this is not doable directly as Sophos does it are there any workarounds to it with Meraki?

0 Kudos
In response to RobustMeraki
cmr
Kind of a big deal
Kind of a big deal
‎Oct 1 2024 1:21 AM
‎Oct 1 2024 1:21 AM

C is Meraki's AutoVPN, I've used both RED and AutoVPN for more than five years and they have similarities, I'd say the Meraki AutoVPN is more resilient, easier to use and slightly less configurable.  I prefer AutoVPN over RED.

 

D isn't an MX in my experience, a Cisco FirePower device running FTD is closer to an SG for more advanced features like that.

If my answer solves your problem please click Accept as Solution so others can benefit from it.
0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
© 2024 Cisco Systems, Inc.