Hi All,
I am too confused with Advance and Enterprise License. Advance is the twice the cost of Enterprise.
But my concern is that if i go with Enterprise License, will i not get any kind of Security Protection. I mean my network is secure or not ? if i am using the Enterprise License.
Thanks
Solved! Go to solution.
We only have enterprise licences in our retail stores, as you are not able to simply connect devices to the LAN (instead of unplugging a device and connect it) but WiFi for example is WPA2 enterprise, with radius auth, so you can´t just join.
All other security things are handled with a seperate firewall. The MX´s on site connect with IPSec and no local breakout on site, so all the traffic goes through a external Firewallfirst and afterwards through a internal one. Thats why we believe Enterprise is enough.
URL Filtering is on the internal FW and a proxy.
Greetings,
See below link which shows the differences:
https://documentation.meraki.com/MX/Other_Topics/MX_Security_Appliance_FAQ
Adv license offers "additional" security functions which when implemented correctly reduce your threat landscape.
Hope this helps.
Cheers
Thanks for your response.
The question I am having from my client is that why Enterprise license is called Enterprise when it's not securing providing the Enterprise Level of Protection.
The point is that if someone visit the bad page it will not be blocked in Enterprise License ?
Correct
Thanks
Hi
May be because Enterprise License offers you complete VPN and SDWAN functionalities. Meraki calls it Enterprise.
if someone visit the bad page it will not be blocked in Enterprise License ?
You are correct. You need Content Filtering Feature for this.
When I first got on board the Meraki bandwagon the term enterprise license to me implied Enterprise=Ultimate license.
However this is not the case, took me a while for that to sink in. At the end of the day the devil is in the detail and the link I provided shows the differentiation. At the end of the day its just a name.
As mentioned before, if you have the advance license you reduce your risk in being exposed to threats. They key takeaway here is the word "reduce". To boot, just because you have the Adv license it does _not_ mean your immune from threats either.
It all comes down to the Org's security posture.
cheers
I suspect the "original" licence was called Enterprise - when there was only one licence. Then Cisco bought Meraki. The AMP engine was added to the MX product line.
So what to do about naming? Well it does offer more advanced security features. I know, lets call it "Advanced Security",
Thanks @PhilipDAth
But my question was that if i go for Enterprise License, does it mean the Meraki MX and MS switches and the customer network behind this Meraki Network is not secure at all. anyone can hack it or make it vulnerable.
Thanks
Depends on what you mean with "secure".
I´m sure my understanding of secure is different than yours 😉
Secure means Security. Network is safe behind Meraki using Enterprise License.
With the enterprise license you already get access to the L7 firewall. So you can effectively filter traffic. But you will not be able to mitigate certain attack vectors like malware, or malicious traffic posing as regular traffic (something the IDS would be able to identify).
If you have other security tools in place for those then there's no issue. If not, then you could improve security by going for the advanced security license. Since there's no such thing as 100% secure, it's a trade-off you have to make yourself.
>customer network behind this Meraki Network is not secure at all
No one can simply say they are "secure". And I certainly would not tell you that "you are not secure at all". Security is like temperature. There are a whole range of values.
You need to make a decision about what you feel is sufficient and go for that. You need to consider what your risks are, and put in sufficient mitigation within what you can afford to stop those threats.
Personally, I have only ever sold Advanced Security licences to customers. I personally consider the benefits of the content filtering to be able to block known malware sources and other things to be very valuable (proactively stop someone from even being able to download the malware rather than retrospectively trying to deal with it afterwards). And then their is the great IPS engine built around snort to try and stop attackers from using known compromises to take control of your computers - and lastly AMP - the ability to scan HTTP downloads for malware.
We only have enterprise licences in our retail stores, as you are not able to simply connect devices to the LAN (instead of unplugging a device and connect it) but WiFi for example is WPA2 enterprise, with radius auth, so you can´t just join.
All other security things are handled with a seperate firewall. The MX´s on site connect with IPSec and no local breakout on site, so all the traffic goes through a external Firewallfirst and afterwards through a internal one. Thats why we believe Enterprise is enough.
URL Filtering is on the internal FW and a proxy.
Hi @SCC
I understand for better security one must apply Advance License. Enterprise offer limited functionalities L3 L7 etc.
Kindly check the following Url for feature comparison between both the License types.
@Aaron_Wilson wrote:
Has anyone converted their org from advanced to enterprise?
Yes, helpdesk can help you do it.
@Aaron_Wilson Yes, we've done it a number of times. It's really never been a big deal.
For edge devices, my company only sells the advanced security license now, because content filtering/AMP/IPS are pretty good. Our primary customer is an SMB who isn't willing to spend for a lot of separate services to provide defense in depth. The advanced security stuff lets us improve their posture in a way that they'll accept easily.