Meraki MX is a NGFW or not

SCC
Building a reputation

Meraki MX is a NGFW or not

Hi All,

 

I am at a stage now, where i need to know clearly when we put a MX device it comes with Enterprise License or Advance Security License.

 

I want to know with the Enterprise License MX is just a stateful firewall, whereas as soon as we apply the advance security license does the same MX becomes the NGFW - NextGen Firewall ?

7 REPLIES 7
AjitKumar
Head in the Cloud

Hi @SCC 

 

Going by the definition of NGFW. I may say "YES".

 

Recent introduction is HTTPS inspection.

However I follow @PhilipDAth on his views on HTTPS Inspection.

https://community.meraki.com/t5/Security-SD-WAN/MX-HTTPS-Inspection-Coming/m-p/45870

 

However for additional security we recommend Cisco Umbrella to our customers which can be easily integrated with Cisco Meraki Solutions.

 

You may check the following url for complete information on Cisco Meraki Firewall.

https://www.syndicateinfo.com/post/why-cisco-meraki-firewall

 

 

Regards,
Ajit
AjitsNW@gmail.com
www.ajit.network
Nash
Kind of a big deal

Hard agree that HTTPS inspection on a firewall is bad news. It's extremely resource intense on the firewall, and stinks of "crunchy outside, squishy inside" security design to me. If your security design could also describe a delicious candy, you don't want to do that.

 

@SCC What features are you looking to have? The advanced security license will get you access to AMP for HTTP-based downloads, an IDS/IPS, easy l7 geoblocking, and URL-based content filtering. 

 

If you know what you need to have, then we can help you figure out if the MX might be a fit. If you just need an "NGFW" to check off the box, then I think you need to really think more about what exactly you need and why.

SCC
Building a reputation

@NashWith Enterprise License, Does I have any kind of security or not ? Does it not work or act like a Firewall with Enterprise License.

Nash
Kind of a big deal

Check out this link. I'd put it as a hyperlink in my original comment: https://documentation.meraki.com/MX/Other_Topics/MX_Security_Appliance_FAQ#What_is_the_difference_be...

 

It tells you what the Enterprise license provides vs Advanced Security. If I'm selling an MX to a client, we always sell with the Advanced Security license.

SCC
Building a reputation

@NashThe thing is that as soon as the cost of Advance Security License is added it becomes too expensive for client and client started to compare with the SOPHOS XG Firewall which is cheaper and one time cost.

PhilipDAth
Kind of a big deal
Kind of a big deal

>Needed to build an extra phase 2 tunnel instead of putting 2 subnets in one phase 2 configuration.

 

The unfortunate thing is this is outside of your control.  You can simply put forward the solution you recommend.

SCC
Building a reputation

@PhilipDAthOhh Is it , this is on SOPHOS XG Firewall.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels