cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

What is Meraki MX device ?

Highlighted
New here

What is Meraki MX device ?

What is Meraki MX device ?

8 REPLIES 8
Highlighted
A model citizen

Re: What is Meraki MX device ?

An MX is a security appliance - a firewall with a dash of router.

 

https://meraki.cisco.com/products/security-sd-wan/

 

Specifically regarding the MX64/MX65, here is an overview of the device: https://documentation.meraki.com/MX/MX_Overviews_and_Specifications/MX64_and_MX65_Overview_and_Speci...

 

 

 

Highlighted
New here

Re: What is Meraki MX device ?

It's a wannabe firewall. It's good at site-to-site VPN and is very limited in other aspects. It's OK for a small business, and does a bit of everything. With a larger environment you will quickly discover its configuration / capabilities limits. 

Highlighted
A model citizen

Re: What is Meraki MX device ?

@IgorPodgorny I would have to disagree.. as long as you have an appropriately size MX it is one of the best firewalls money can buy. But a lot of the time people don't size there appliances approitaply for there environment or future proofing. 

Dakota Snow | Network-dad Linkdedin
CMNO | A+ | ECMS2
Check out IT Career Skills onIt Career SkillsIt Career Skills
Highlighted
New here

Re: What is Meraki MX device ?

I'm not talking about a size or throughput. I'm referring to a "must have" functions of an edge device for a larger environment.

1. No dynamic routing. There is no way to propagate routes into upstream MPLS. I get that that with VPN you may not need to do that, but there is also no way to learn routes from a core/distribution downstream switch. The only option is to use static routes.

2. Many:1 NAT is  not an option (this is a big one). I have multiple ISPs, yet there is no way to make server (Exchange for example) available on both of them. There is 1:1 NAT and with that you have to set outbound priority.

3. Limited port forwarding. There is no way to claim one of the public IPs on WAN and configure port forwarding. The only port forwarding you can do is done on IP assigned to WAN interface. Well I guess you can do 1:Many NAT, but that ties that internal server to one particular interface.

4. Layer 3 firewall rules can't be assigned per interface, or LAN / WAN side for that matter. No way to whitelist / bypass Layer 3 rules on all LAN traffic for example.

5. Layer 7 firewall lacks filtering all together. The only option is "Deny", can't make any exceptions. Once again all traffic is included LAN-side along with WAN. Something that happened recently in our environment, "Deny peer-to-peer" actually broke LAN side SQL traffic.

6. No visibility (this is also a big one). Tech support offered to create an exception to Layer 7 rule I mentioned above, which brings me to a point. Why can't I see what is being blocked and by what, and how come I can't make those exceptions?

7. IPS / IDS, once again, provides very little control. You can whitelist the rule, but not interface or traffic side. Some things I would like to whitelist as I know what they are (like outdated RDP or something), but I don't want to whitelist it on WAN side, just LAN.

 

Let me know if you want to know more.... "Best firewall money can buy" can't compete with some free products out there as far as firewall or Edge device goes. I do regret that we went with MXs and a 3 year license. Will be switching as soon as it expires.

Highlighted
New here

Re: What is Meraki MX device ?

Great, I posted a reply with Meraki shortcomings and they removed it as spam.

Highlighted
Community Manager

Re: What is Meraki MX device ?

@IgorPodgorny - very sorry about that. Our automated spam checker is over-aggressive sometimes. I have un-marked your post as spam and it is now visible. 

Caroline S | Community Manager, Cisco Meraki | @merakicaroline
New to the community? Get started here
Highlighted
Kind of a big deal

Re: What is Meraki MX device ?

@IgorPodgorny is bringing up valid points. The MX definitely has its lacks of features, but as long as you know these shortcomings and if you're placing it right, it also has its advantages too. Especially if you're looking into the integration into Merakis full stack or Ciscos other security offerings, just take a look at the Umbrella or Threat Grid integration.

 

Long story short: just place it into spots where it fits including the easy management, integration into the ecosystem or great SD-WAN capabilities and everyone will be happy.

Highlighted
Just browsing

Re: What is Meraki MX device ?

Interesting .  Thanks for the education

Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.