cancel
Showing results for 
Search instead for 
Did you mean: 

Meraki APs - how do they manage content filtering and security?

New here

Meraki APs - how do they manage content filtering and security?

I'm curious about how the firewall rules are implemented. If I have APs distributed over several locations (basically: AP --> WAN/Router --> Internet; they don't come to a central location or a corporate firewall).

 

So, based on that, how will Meraki manage: content filtering (it sends a DNS request to a central location and it decides, or how? How much bandwidth does it consume? any other advantages/disadvantages?). 

 

Also, regarding security, how does it manage it if its only the AP. 

 

Thanks,

7 REPLIES 7
Meraki Employee

Re: Meraki APs - how do they manage content filtering and security?

Adult Content Filtering on AP's relies on just a pre-populated list of sites that are loaded into the AP's when that config is selected - there are no active lookups performed or anything like that: https://documentation.meraki.com/MR/Firewall_and_Traffic_Shaping/Adult_Content_Filtering_Overview

 

Not sure what other security features you might be referring to unfortunately.

New here

Re: Meraki APs - how do they manage content filtering and security?

Hello Alex, thanks for your reply. I'm reading about FortiAP's and they claim to say that their devices do content filtering/firewall locally; and that differentiates them from other "cloud based solutions". 

Meraki Employee

Re: Meraki APs - how do they manage content filtering and security?

Hi Roques

 

Thanks for your question, please note that most of vendors offer content filtering on the Access Points, they would require patch updates frequently to get a new list of websites plus most of them don't share the list with their customers. Best practices is to have the gateway to perform the content filtering as that will offer you a protection across the whole network for wired and wireless users. You can consider our MXs to perform content filtering at the edge of your network, at the end of the day Access Points are not firewalls so better to consider a proper firewall to protect your network.

Just browsing

Re: Meraki APs - how do they manage content filtering and security?

Agree with using filtering and security on your network gateway, not on the AP's.  What you could do, is using the firewall to open port as needed, say a guest network with just 80 and 443.  But more makes it harder to troubleshoot.

Conversationalist

Re: Meraki APs - how do they manage content filtering and security?

 

On the ap content filtering is enabled only with nat mode so works on the edge of network only if ap manage the traffic and nat not as pass through. An MX with deeper controll over this kind of inspection also with vpn to the corporate is a good solution, but i think the use of a solution like Cisco Umbrella is the best protection not only for content but also for malware, botnet and so on... with no small regular update but with live data from cloud at dns/ip layer in real time.

Highlighted
New here

Re: Meraki APs - how do they manage content filtering and security?

Hello,

 

Thanks all. We want to have several open hotspots, distributed over non-related locations that don't have to go to a central location. In that sense, we were looking at the competition's AP because it has some security functionalities that in a way, and for most cases, were enough to avoid having a dedicated firewall. Opinions?

Getting noticed

Re: Meraki APs - how do they manage content filtering and security?

The Meraki content filtering on the access points is pretty rudimentary and relies on a list of sites maintained by Meraki to prevent access to adult content. However, they do also offer the option to use 'Custom DNS' which would allow you the capability to use a much more full-featured solution such as Cisco Umbrella (previously OpenDNS) to achieve more dynamic control. It's also worth noting that beyond the content filtering the access points also offer capability around firewalling, application based traffic shaping, and user based traffic shaping.

Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Points Contest
Join us for a month-long contest with heaps of swag to win!

Learn More ›