cancel
Showing results for 
Search instead for 
Did you mean: 

Confusion with Advance and Enterprise License

SOLVED
SCC
Getting noticed

Confusion with Advance and Enterprise License

Hi All,

 

I am too confused with Advance and Enterprise License. Advance is the twice the cost of Enterprise.

But my concern is that if i go with Enterprise License, will i not get any kind of Security Protection. I mean my network is secure or not ? if i am using the Enterprise License.

 

Thanks

1 ACCEPTED SOLUTION

Accepted Solutions
A model citizen

Re: Confusion with Advance and Enterprise License

We only have enterprise licences in our retail stores, as you are not able to simply connect devices to the LAN (instead of unplugging a device and connect it) but WiFi for example is WPA2 enterprise, with radius auth, so you can´t just join.

 

All other security things are handled with a seperate firewall. The MX´s on site connect with IPSec and no local breakout on site, so all the traffic goes through a external Firewallfirst and afterwards through a internal one. Thats why we believe Enterprise is enough.

URL Filtering is on the internal FW and a proxy.

16 REPLIES 16
Here to help

Re: Confusion with Advance and Enterprise License

Greetings,

 

See below link which shows the differences:

https://documentation.meraki.com/MX/Other_Topics/MX_Security_Appliance_FAQ

 

Adv license offers "additional" security functions which when implemented correctly reduce your threat landscape.

 

Hope this helps.

 

Cheers

SCC
Getting noticed

Re: Confusion with Advance and Enterprise License

Thanks for your response.

 

The question I am having from my client is that why Enterprise license is called Enterprise when it's not securing providing the Enterprise Level of Protection.

 

The point is that if someone visit the bad page it will not be blocked in Enterprise License ?

Correct

 

Thanks

A model citizen

Re: Confusion with Advance and Enterprise License

Hi @SCC 

I understand for better security one must apply Advance License. Enterprise offer limited functionalities L3 L7 etc.

 

Kindly check the following Url for feature comparison between both the License types.

 

https://www.syndicateinfo.com/post/what-is-the-difference-between-the-enterprise-and-advanced-securi...

Cheers
Ajit
ajitsnw@gmail.com
A model citizen

Re: Confusion with Advance and Enterprise License

Hi

May be because Enterprise License offers you complete VPN and SDWAN functionalities. Meraki calls it Enterprise.

 

if someone visit the bad page it will not be blocked in Enterprise License ?

You are correct. You need Content Filtering Feature for this.

 

 

Cheers
Ajit
ajitsnw@gmail.com
Here to help

Re: Confusion with Advance and Enterprise License

When I first got on board the Meraki bandwagon the term enterprise license to me implied Enterprise=Ultimate license.

However this is not the case, took me a while for that to sink in. At the end of the day the devil is in the detail and the link I provided shows the differentiation. At the end of the day its just a name.

 

As mentioned before, if you have the advance license you reduce your risk in being exposed to threats. They key takeaway here is the word "reduce". To boot, just because you have the Adv license it does _not_ mean your immune from threats either.

 

It all comes down to the Org's security posture.

 

cheers

 

 

 

Highlighted
Kind of a big deal

Re: Confusion with Advance and Enterprise License

I suspect the "original" licence was called Enterprise - when there was only one licence.  Then Cisco bought Meraki.  The AMP engine was added to the MX product line.

 

So what to do about naming?  Well it does offer more advanced security features.  I know, lets call it "Advanced Security",

SCC
Getting noticed

Re: Confusion with Advance and Enterprise License

Thanks @PhilipDAth 

 

But my question was that if i go for Enterprise License, does it mean the Meraki MX and MS switches and the customer network behind this Meraki Network is not secure at all. anyone can hack it or make it vulnerable.

 

Thanks

 

 

A model citizen

Re: Confusion with Advance and Enterprise License

Depends on what you mean with "secure".

 

I´m sure my understanding of secure is different than yours Smiley Wink

SCC
Getting noticed

Re: Confusion with Advance and Enterprise License

Secure means Security. Network is safe behind Meraki using Enterprise License.

Kind of a big deal

Re: Confusion with Advance and Enterprise License

With the enterprise license you already get access to the L7 firewall. So you can effectively filter traffic. But you will not be able to mitigate certain attack vectors like malware, or malicious traffic posing as regular traffic (something the IDS would be able to identify).

 

If you have other security tools in place for those then there's no issue. If not, then you could improve security by going for the advanced security license. Since there's no such thing as 100% secure, it's a trade-off you have to make yourself.

Kind of a big deal

Re: Confusion with Advance and Enterprise License

>customer network behind this Meraki Network is not secure at all

 

No one can simply say they are "secure".  And I certainly would not tell you that "you are not secure at all".  Security is like temperature.  There are a whole range of values.

 

You need to make a decision about what you feel is sufficient and go for that.  You need to consider what your risks are, and put in sufficient mitigation within what you can afford to stop those threats.

 

 

Personally, I have only ever sold Advanced Security licences to customers.  I personally consider the benefits of the content filtering to be able to block known malware sources and other things to be very valuable (proactively stop someone from even being able to download the malware rather than retrospectively trying to deal with it afterwards).  And then their is the great IPS engine built around snort to try and stop attackers from using known compromises to take control of your computers - and lastly AMP - the ability to scan HTTP downloads for malware.

Getting noticed

Re: Confusion with Advance and Enterprise License

@SCC  below are the feature wise comparison between both the licenses. license feature.PNG 

A model citizen

Re: Confusion with Advance and Enterprise License

We only have enterprise licences in our retail stores, as you are not able to simply connect devices to the LAN (instead of unplugging a device and connect it) but WiFi for example is WPA2 enterprise, with radius auth, so you can´t just join.

 

All other security things are handled with a seperate firewall. The MX´s on site connect with IPSec and no local breakout on site, so all the traffic goes through a external Firewallfirst and afterwards through a internal one. Thats why we believe Enterprise is enough.

URL Filtering is on the internal FW and a proxy.

Getting noticed

Re: Confusion with Advance and Enterprise License

Has anyone converted their org from advanced to enterprise?
Kind of a big deal

Re: Confusion with Advance and Enterprise License


@Aaron_Wilson wrote:
Has anyone converted their org from advanced to enterprise?

Yes, helpdesk can help you do it.

A model citizen

Re: Confusion with Advance and Enterprise License

@Aaron_Wilson Yes, we've done it a number of times. It's really never been a big deal.

 

For edge devices, my company only sells the advanced security license now, because content filtering/AMP/IPS are pretty good. Our primary customer is an SMB who isn't willing to spend for a lot of separate services to provide defense in depth. The advanced security stuff lets us improve their posture in a way that they'll accept easily.

Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.