Meraki

Community

Meraki Firewalls

henrya34
New here
‎Apr 13 2020 9:13 AM
‎Apr 13 2020 9:13 AM

Meraki Firewalls

Hi everyone,

 

Im still relatively new to Meraki but I just had a couple of questions around statefulness, default passwords and encryption.  Let me know if anything here isn’t true:

 

  1. Cannot turn off statefulness on the firewalls.
  2. There is no default password for the management console, it is set up via an account creation with Cisco/Meraki.
  3. There is no way to control the encryption algorithm when connecting to the management consult URL, Cisco is the one that enforces this but it doesn’t allow connections less than TLS 1.2.

I have a hard time finding any white papers or publications to support this

0 Kudos
3 Replies 3
Nash
Kind of a big deal
‎Apr 13 2020 10:20 AM
‎Apr 13 2020 10:20 AM

  1. The MX is a stateful firewall. See: https://meraki.cisco.com/products/appliances 
  2. There's not a "management console" as you would traditionally see. You will have accounts for the Meraki dashboard that have access to the organization/network. You can set a password for the local status page, which gives you SOME access to the device config but it's minimal.
  3. The Meraki dashboard is a website like any other. If you want to enforce TLS 1.2 or above, you'll need to set that on your computers that are accessing the dashboard.
  4. Unfortunately, as I understand it, we can't run the local status page over https - it's http only. Rec is disable local status page if you don't need it, when that's a problem.
Windows 10 Client VPN scripts: Makes life better!
In response to Nash
MerakiDave
Meraki Employee
Meraki Employee
‎Apr 13 2020 3:07 PM
‎Apr 13 2020 3:07 PM

@henrya34 just to add to the answer from @Nash I wanted to call out that for the security of the Meraki Dashboard itself, remember to check out the Organization > Settings page, where you can enable things like 2 factor authentication, restrict login IP ranges, set password complexity requirements and account lockout mechanisms, etc. 

 

Also note that you have complete RBAC control of all admins, and there are self-maintaining immutable spreadsheets in the Meraki Dashboard for every successful and/or failed login attempt, and a complete change log with every change made by every admin, what they changed, old/new values, and it is fully searchable, sortable, and exportable. 

 

Finally, for most back-end security related items, there is a section of the web site on that here: https://meraki.cisco.com/trust 

Let us know if other questions.

 

 

In response to MerakiDave
QLSteve
Getting noticed
‎Apr 13 2020 3:22 PM
‎Apr 13 2020 3:22 PM

Thanks, these are great resources!

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.