When will Meraki build a Home Office tier security router that won't cripple a Gig Internet connection when SPI is enabled?
As an aside, I'm not sure there's anything that can be disabled to make the MX67/68 push a gigabit. It seems like the appliance is inherently limited at the rated throughput.
The reality is that for many domestic installations, another router/security appliance has to be placed ahead of the MX to handle such commonly used services as multicast IPTV and true IPv6. Effectively this diverts some of the used bandwidth away from the MX, which means the under-capacity is less obvious in practice than it is in theory.🤓
If you have disabled the advanced security features (AMP and IPS) you still have to make sure your uplink speed is set correctly in the traffic shaping page.
If that parameter is set lower to your actual max bandwidth your MX will enforce the configured speed by shaping to it. That's how the MX can correctly calculate bandwidth for it's CBWFQ config.
Hope there will be something like a MX69 which will support for 1Gig WAN with full IPv6 and maybe a fiber sfp for internet uplink 🙂
As a MX250 is way too expensive for my home setup, while there is a need for these high download and upload speeds..
Agreed, an MX250 is way overkill feature wise for a home network as well...we just need a simple, even a new 70 series, that would address at least 1 Gig WAN w/SFP and stateful firewall...the rest of the stuff could fall in line feature wise with the rest of portfolio
Looking at something like the Firewalla Pro that is plastered all over my Facebook timeline, it claims to do 3 Gbps with DPI/Stateful inspection...I feel like this shouldn't be a huge hurdle to get into the product as a baseline feature...I realize it probably requires a HW respin of some sort, but Meraki is falling behind in the MVO feature list for HO/SMB devices, and the coming ubiquity of Gig internet connections...
I've had a similar problem for a client.
We have put in a full stack at both his delis and loves the dashboard (albeit read only). All the till guys said that a site-to-site VPN would never work (to link the pricing etc between the venues) -but it did just work!
We wanted to put in an MX and also MS/MR into his house so that he could update the tills without the need for RDP and generally improve his home network. The problem was he has 1Gbps up and down at home and laughed when I said it was only the MX250 that could supply the speed. Even suggested perhaps MX100. No idea why he needs 1Gbps, but that's another story.
We have ended up ordering a Z3 for him at home and the desktop used for RDP will simply be plugged into that and used to connect to the two sites. The downside for us (and Meraki) is that we could have another full stack order.
Honestly I would be totally happy with just being to get 1gbit symmetric NAT/L3 FW performance, and accept the tradeoff that the speeds are the currently quoted MX67/68 speeds if I turn on IDS, AMP, or use site to site VPN. It's understandable why the latter features require significant computational power in order to reliably push 1gbit, but 1gbit NAT is something easily achievable on the ARM chips that are used for the MX67/68 -- in fact, there are plenty of pro-sumer products that can do this.
At-home use cases for 1gbit are almost always about download speeds. It is the difference between a Windows 10 installer downloading in 2 minutes or 5 minutes. Or a Xbox video game title downloading in 10 minutes vs 20 minutes. That's something that consumers appreciate, especially when in a lot of places, fiber to the premise gigabit is being offered at a lower monthly price than 100-200mbit cable internet.
Well, I just got an upgrade from my ISP that bumps me over 500mbps, it's now become critical to have a SOHO focused security device that can handle SOHO Gigabit speeds...Any news yet?? Bueller...? Bueller...?
There is a sea change happening that may simplify a Meraki firewall so it could work at 1gbps.
Due to encrypted web pages and soon encrypted DNS, it may be more cost effective to do little to no inspection in the firewall, and use a service like Umbrella do do the heaving lifting, and a capable EDR system for additional client protection.
Google Fiber to offer 2 Gig internet for $100 a month starting this year!
And another reason Meraki should have a secure, higher bandwidth option in the wings...
My Charter Business drep says Charter can give me 960 mbps. It is too expensive for me, but it is available!
That said, the job of a firewall has gotten even harder with encrypted DNS.
SonicWall recently announced MultiGig firewalls. The TZ firewall 470 has 1.5 GBPS Threat protection throughput and Zero Touch deployment through their cloud based single pane of glass interface. They are still missing the ease of use that Meraki has.
The tea leaves are pointing in different directions due to Covid19, but we will eventually go back to offices and MutiGig is becoming a reality.