Meraki Firewalls

henrya34
New here

Meraki Firewalls

Hi everyone,

 

Im still relatively new to Meraki but I just had a couple of questions around statefulness, default passwords and encryption.  Let me know if anything here isn’t true:

 

  1. Cannot turn off statefulness on the firewalls.
  2. There is no default password for the management console, it is set up via an account creation with Cisco/Meraki.
  3. There is no way to control the encryption algorithm when connecting to the management consult URL, Cisco is the one that enforces this but it doesn’t allow connections less than TLS 1.2.

I have a hard time finding any white papers or publications to support this

3 REPLIES 3
Nash
Kind of a big deal

  1. The MX is a stateful firewall. See: https://meraki.cisco.com/products/appliances 
  2. There's not a "management console" as you would traditionally see. You will have accounts for the Meraki dashboard that have access to the organization/network. You can set a password for the local status page, which gives you SOME access to the device config but it's minimal.
  3. The Meraki dashboard is a website like any other. If you want to enforce TLS 1.2 or above, you'll need to set that on your computers that are accessing the dashboard.
  4. Unfortunately, as I understand it, we can't run the local status page over https - it's http only. Rec is disable local status page if you don't need it, when that's a problem.

@henrya34 just to add to the answer from @Nash I wanted to call out that for the security of the Meraki Dashboard itself, remember to check out the Organization > Settings page, where you can enable things like 2 factor authentication, restrict login IP ranges, set password complexity requirements and account lockout mechanisms, etc. 

 

Also note that you have complete RBAC control of all admins, and there are self-maintaining immutable spreadsheets in the Meraki Dashboard for every successful and/or failed login attempt, and a complete change log with every change made by every admin, what they changed, old/new values, and it is fully searchable, sortable, and exportable. 

 

Finally, for most back-end security related items, there is a section of the web site on that here: https://meraki.cisco.com/trust 

Let us know if other questions.

 

 

Thanks, these are great resources!

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels