Layer 7 rules are Deny only because....   I have no reason why except to say lunacy.  They apply top down so i expect something like... 1 Accept P2P Skype 2 Deny P2P All This would allow Layer 7 rules to allow Skype and block all other P2P traffic like file sharing networks but for as much money as Meraki costs they apparently just like to have the benefit of touting that they HAVE Layer 7 features but not actually making them useful whatsoever.  Layer 7 isn't really available in this product as far as I can tell because all you can do is block individually so it's pretty much useless... unless you just want to block one thing then, whatever floats your boat.  For all the press Meraki gets about having amazing security I don't see one iota of security in this thing.  I feel like my network is wide open to attacks.  I mean, yeah! There's a SPI firewall.  Whoop-dee-doo. ... View more

Breaking SSL security to scan for malware about to enter at the edge of the network is a VERY GOOD thing.  A real SSL inspection service will allow trusted connections to bypass SSL encryption like data traversing to and from banks, or to trusted cloud services like Google Search, but can be selectively implemented on new or unknown services to help protect the user from downloading backdoors and trojans.  It doesn't have to be an on/off service, but how can you call ANY network secure without having some semblance of SSL inspection or deep packet inspection?  You can't.  Don't believe me?  Go to Eicar.org and test the efficacy of your edge security.  Without packet inspection you're not going to be able to stop viruses from entering your network.  If your local AV software is alerting about the download then that's your last line of defense and your security posture is crap. ... View more