MX Success Story: How I got rid of a terrible custom designed firewall

Head in the Cloud

MX Success Story: How I got rid of a terrible custom designed firewall

Here is a little success story with how the MX lineup made our life not terrible at the Boutique Hotel Collection.


Backstory: I came on board as the new CIO/IT Manager/Director of IT, whatever you want to call it in July of 2015. I was replacing someone not technically savvy and downright incompetent. We had ancient Cisco switches (10/100), failing equipment, no central name it, we had it if it was terrible. Chief and foremost among them? A custom, in-house firewall/router. It was based on FreeBSD (again, an ancient version with hundreds of vulnerabilities) running on consumer grade hardware. It lacked IDS/IPS, dual WAN support, content filtering, or anything else really associated with a NGFW.  Clearly, it was first on the chopping block to go.


Old Firewall Interface. I'm not sure why the Chef from The Muppets is there. The majority of the buttons had no function. Basically only the port forwarding worked.

Terrible Custom FirewallTerrible Custom Firewall



Port forwarding? Sure, basic. No TCP/UDP selection, no multiple WAN links, no 1:1 NAT or 1:many.


Old Port ForwardingOld Port Forwarding

The devices frequently locked up, requiring a reboot. Notice, a device named SM-PowerJack. This was an Ethernet connected device that was supposed to be able to reboot the cable modem via the network if it wasn't responding. How you would do this remotely, remains a mystery to me (as there was no secondary or out of band management).


Enter the MX84 for our corporate office, and the MX100s for all of our hotels. MX64s at some of our very small locations/satellite offices. With the MX100, we are easily able to reach full speed on our dual fiber optic WAN (150/150 and 100/100) with full all features turned on. We routinely exceed the "recommended" users amount, as the hardware has the power to scale up pretty well. With central management, policies, IPS/IDS and AV scanning, we now are fully PCI compliant. Employee satisfaction and guest satisfaction went up significantly, and from an IT standpoint, we were able to manage the network from any Internet connected device.


The MX series is the backbone of our network. For a NGFW, it's a fantastic device and has paid for itself 100 times over compared to the "custom" solution that was in place before. Even when comparing other NGFWs, the Dashboard is the key differentiator. With a lean IT team, we need every advantage we can get.


Hope this amusing story brings a smile to someone's face!

BHC Resorts IT Department
Building a reputation

Great move on the upgrade @BHC_RESORTS, I bet that made your your life/job soooo much easier!

Kind of a big deal

This is amazing. The chef picture really takes the cake on the absurdity of the whole thing. 


You should add the Chef back to the dashboard for the lulz. 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.