Meraki

Community

HTTPS Inspection on MX

Solved
Brash
Kind of a big deal
Kind of a big deal
‎Dec 2 2021 2:43 PM
‎Dec 2 2021 2:43 PM

HTTPS Inspection on MX

I've been looking into HTTPS inspection on Meraki MX's recently.


I found a thread from 2019 indicating that the feature came into Beta firmware and the following document released
https://documentation.meraki.com/MX/Content_Filtering_and_Threat_Protection/HTTPS_Inspection

However the doc now seems to be behind a Meraki login (separate from dashboard/community login).


Has the doc been removed from public access or am I just doing something silly?

And is the feature available in current stable or beta firmware or has it since been removed?

0 Kudos
1 Accepted Solution
MilesMeraki
Head in the Cloud
‎Dec 2 2021 5:42 PM
‎Dec 2 2021 5:42 PM

I'm under the assumption that this might be removed/no longer available. The HTTPS feature on the MX's caused severely degraded throughput once enabled plus an array of other issues.

 

I think the direction now going forward will be to perform the HTTPS/TLS decryption by a SASE security service like Umbrella in-line between the MX and the Internet/SaaS traffic. If you have a look at the updated Sizing guides this also seems to be the "recommended" approach. (https://meraki.cisco.com/product-collateral/mx-sizing-guide/?file).

 

This isn't necessarily a bad thing. SASE security architectures allow for the same security posture and enforcement to be maintained no matter the user's location. This would effectively mean that their HTTPS/TLS traffic would be still decrypted when either on a trusted network or on an un-trusted/un-managed network. Most vendors are now taking this approach to security.

Eliot F | Simplifying IT with Cloud Solutions
Found this helpful? Give me some Kudos! (click on the little up-arrow below)

View solution in original post

4 Replies 4
Inderdeep
Kind of a big deal
Kind of a big deal
‎Dec 2 2021 4:10 PM
‎Dec 2 2021 4:10 PM

@Brash : I think we still dont have any announcement on this feature yet. Yes i am getting the same login as well.

Regards/Inder
Cisco IT Blogs awarded in 2020 & 2021
www.thenetworkdna.com
MilesMeraki
Head in the Cloud
‎Dec 2 2021 5:42 PM
‎Dec 2 2021 5:42 PM

I'm under the assumption that this might be removed/no longer available. The HTTPS feature on the MX's caused severely degraded throughput once enabled plus an array of other issues.

 

I think the direction now going forward will be to perform the HTTPS/TLS decryption by a SASE security service like Umbrella in-line between the MX and the Internet/SaaS traffic. If you have a look at the updated Sizing guides this also seems to be the "recommended" approach. (https://meraki.cisco.com/product-collateral/mx-sizing-guide/?file).

 

This isn't necessarily a bad thing. SASE security architectures allow for the same security posture and enforcement to be maintained no matter the user's location. This would effectively mean that their HTTPS/TLS traffic would be still decrypted when either on a trusted network or on an un-trusted/un-managed network. Most vendors are now taking this approach to security.

Eliot F | Simplifying IT with Cloud Solutions
Found this helpful? Give me some Kudos! (click on the little up-arrow below)
In response to MilesMeraki
Brash
Kind of a big deal
Kind of a big deal
‎Dec 2 2021 6:23 PM
‎Dec 2 2021 6:23 PM

I thought that might be the case given MiM for HTTPS inspection is beginning to get steered away from.
That said another service means another additional cost 😞 

0 Kudos
In response to Brash
MilesMeraki
Head in the Cloud
‎Dec 3 2021 1:45 AM
‎Dec 3 2021 1:45 AM

Unfortunately, this is the same for all other vendors as everything moves to SASE or "Cloud delivered". There are some fantastic BUNDLE offers on Meraki + Umbrella at the moment and I'd assume these will only get better over time.

Eliot F | Simplifying IT with Cloud Solutions
Found this helpful? Give me some Kudos! (click on the little up-arrow below)
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.