I've been looking into HTTPS inspection on Meraki MX's recently.
I found a thread from 2019 indicating that the feature came into Beta firmware and the following document released
https://documentation.meraki.com/MX/Content_Filtering_and_Threat_Protection/HTTPS_Inspection
However the doc now seems to be behind a Meraki login (separate from dashboard/community login).
Has the doc been removed from public access or am I just doing something silly?
And is the feature available in current stable or beta firmware or has it since been removed?
Solved! Go to solution.
I'm under the assumption that this might be removed/no longer available. The HTTPS feature on the MX's caused severely degraded throughput once enabled plus an array of other issues.
I think the direction now going forward will be to perform the HTTPS/TLS decryption by a SASE security service like Umbrella in-line between the MX and the Internet/SaaS traffic. If you have a look at the updated Sizing guides this also seems to be the "recommended" approach. (https://meraki.cisco.com/product-collateral/mx-sizing-guide/?file).
This isn't necessarily a bad thing. SASE security architectures allow for the same security posture and enforcement to be maintained no matter the user's location. This would effectively mean that their HTTPS/TLS traffic would be still decrypted when either on a trusted network or on an un-trusted/un-managed network. Most vendors are now taking this approach to security.
@Brash : I think we still dont have any announcement on this feature yet. Yes i am getting the same login as well.
I'm under the assumption that this might be removed/no longer available. The HTTPS feature on the MX's caused severely degraded throughput once enabled plus an array of other issues.
I think the direction now going forward will be to perform the HTTPS/TLS decryption by a SASE security service like Umbrella in-line between the MX and the Internet/SaaS traffic. If you have a look at the updated Sizing guides this also seems to be the "recommended" approach. (https://meraki.cisco.com/product-collateral/mx-sizing-guide/?file).
This isn't necessarily a bad thing. SASE security architectures allow for the same security posture and enforcement to be maintained no matter the user's location. This would effectively mean that their HTTPS/TLS traffic would be still decrypted when either on a trusted network or on an un-trusted/un-managed network. Most vendors are now taking this approach to security.
I thought that might be the case given MiM for HTTPS inspection is beginning to get steered away from.
That said another service means another additional cost 😞
Unfortunately, this is the same for all other vendors as everything moves to SASE or "Cloud delivered". There are some fantastic BUNDLE offers on Meraki + Umbrella at the moment and I'd assume these will only get better over time.