MX Protection and Umbrella

Crpence3
Here to help

MX Protection and Umbrella

We are getting ready to move from a SonicWall to a Meraki MX100.  I am still nervous about the security aspects of the move.  Will I notice any drop in security also would it help to add Umbrella to the Firewall?  If I do how is it licensed?  Any help would be greatly appreciated. 

6 REPLIES 6
CharlesO
Conversationalist

We are a Cisco & Meraki partner, and managed services provider. I haven't had anyone express concerns or shortcomings with the Meraki line over Dell's Sonicwall. I would need more specifics to really dig in though.

 

The biggest items you want to take note of is the licensing. You're going to want to make certain that you purchase through an authorized partner first. Then make certain that you obtain the "Advanced Security" license for your MX. This enables all the robust functionality that you'll want. Tying in with Meraki switches and Wireless Access Points will tighten up security tremendously. Of course your configuration is the next biggest area of concern. Umbrella can be obtained a few different ways. I'd recommend working with your on a complete solution, or getting a good path defined for your planning & upgrades.

 

Let me know if you have anymore questions... I'm a solutions architect guy but understand the licensing requirements and programs. I'd have to loop in a colleague for any sales details though.

 

Enjoy!

CharlesO
Conversationalist

Oops! I forgot to mention... The DNS protection that Umbrella provides is an excellent addition to your security mesh!
PhilipDAth
Kind of a big deal
Kind of a big deal

If you go with a Meraki MX Advanced Security licence then I wouldn't bother with Umbrella UNLESS you were prepared to install the Umbrella roaming agent on each of your machines - especially notebooks that roam outside of your network.

 

The benefit of Umbrella here is that you have the same protection no matter where in the world the machine connects to the Internet.

Was not sure if Umbrella would help with the SSL that the MX does not handle?  I was just not sure if that would help.  We are doing the Advanced Security License.  Do you see many things get past your MX?

CptnCrnch
Kind of a big deal
Kind of a big deal

We did a lot of Proof of Concepts for customers. Customers running Firepower, Check Point, Firewall XYZ: when adding Umbrella to the mix, there was still a lot of things you wouldn't want to see in your environment. Even with strong perimeter security in place.

PhilipDAth
Kind of a big deal
Kind of a big deal

>Was not sure if Umbrella would help with the SSL that the MX does not handle?

 

Umbrella can do this as long as you are prepared to load its root certificate into the trusted root CA store on every single one of your devices that will be using it.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels