Meraki

Community

About fraya

Re: vMX100 in Azure queries

by in Security & SD-WAN
‎Apr 5 2019 6:15 AM
‎Apr 5 2019 6:15 AM
@Aousien i was, but unfortunately it was not using Meraki.    With regards to HA in Azure, not many SD-WAN vendors have a solution or if they do its pretty poor. An alternative would be to use Azure Virtual WAN which is resilient and hook into your SD-WAN (if supported, e.g Citrix, VeloCloud, Silverpeak etc).   With regards to throughput often the limitation is the size of the VM. 500Mbps for the Meraki vMX-100 is really good   With regards to IKEv2 support. Its not available by default but Meraki can open it up to you on request. I'm not sure if you have to be a large customer or justify it but it is possible.   I am a Meraki fan so hopefully i will get to deploy a Meraki SD-WAN at some point. Still my pet peeve is lack of SSL inspection. As most traffic is now SSL the IPS/AMP etc will become increasingly useless if it cant see inside the packet. ... View more

Feature Request - Integrations to Zscaler and Microsoft Azure

by in Security & SD-WAN
‎Jul 17 2018 3:53 AM
4 Kudos
‎Jul 17 2018 3:53 AM
4 Kudos
We are looking to move away from on-premise data centres and MPLS and using public cloud IaaS like Microsoft Azure, local Internet break-out and security as a service such as Zscaler. We are looking at SD-WAN products to provide connectivity to such services and I am keen to know the roadmap for Meraki's SD-WAN offering and whether it will integrate with xaaS such as Azure and Zscaler. Note. I know the vMX100 is in Azure which is great (no resilience is not so great)   1. Zscaler integration. Cisco Viptela, Velocloud, Aruba etc have partnered with Zscaler to provide SD-WAN GRE breakout to Zscaler. Are Meraki looking to partner with Zscaler? Or GRE tunnelling in the MX series would be good so this could be manually configured. IPsec is supported but not ideal for this traffic. Note. I know the MX has some security features but the lack of SSL inspection is not good when the majority of web traffic is now encrypted.   2. Microsoft Azure Virtual WAN integration. Riverbed and Citrix have partnered with Microsoft to integrate with their SD-WAN solutions with Azure so an NVA (Network Virtual Appliance, like the vMX100) is not required in Azure as it can integrate natively with their SD-WAN using the Azure Virtual WAN gateway. I appreciate this has just been released but is Meraki looking at this integration like Checkpoint and Palo Alto are.   What I'm trying to ascertain is where Meraki's SD-WAN sits in the enterprise space and if its going to meet our requirements like the other SD-WAN vendors mentioned above.   thanks ... View more

Re: Feature Request: IKEv2 Support in MX appliances

by in Security & SD-WAN
‎Jun 11 2018 5:52 AM
1 Kudo
‎Jun 11 2018 5:52 AM
1 Kudo
I am currently evaluating SD-WAN vendors. Meraki is my preferred vendor but to meet all the technical requirements I require the VPN parameters to comply with NCSC's foundation grade policy as a minimum.   I would like AutoVPN to support IKE-v2, Diffie Helman Group 14 and a desired would be certificate based authentication or stronger Pre-Shared Key ... View more

Re: Default IPSec configuration between Meraki peers

by in Security & SD-WAN
‎Jun 11 2018 5:38 AM
‎Jun 11 2018 5:38 AM
Is there any update as to whether IKE-v2 is now supported for AutoVPN? Also DH group 1/2/5 aren't secure anymore. Is DH Group 14 now supported? ... View more

Re: vMX100 in Azure queries

by in Security & SD-WAN
‎Jun 4 2018 6:30 AM
‎Jun 4 2018 6:30 AM
Thanks for your response Philip.   Load Balancing subnets might be an option but as static routing is used in Azure (UDRs) this might be a bit cumbersome to route branch x sites to one MX gateway subnet and branch y to another MX gateway subnet. We have 20+ subnets in Azure each with their own routing table attached.   With regards to traffic volume, we have a security requirement to encrypt over any transit medium (Internet or private circuit e.g. Expressroute), so Expressroute doesn't really provide us with any added value as we have decent sized Internet circuits with low latency to Azure, the limitation would be the encryption device at the Azure end. We have a similar throughput issue with our current Checkpoint deployment so this isn't a dig at Meraki.   Is it possible to have multiple auto-VPNs? For example, so we could have auto-VPN 1 for branch traffic to Azure vMX1 and auto-VPN 2 for DC traffic to Azure vMX2. Effectively using auto-VPNs as separate routing domains. ... View more

vMX100 in Azure queries

by in Security & SD-WAN
‎Jun 4 2018 2:03 AM
‎Jun 4 2018 2:03 AM
I'm looking at Meraki as an SD-WAN solution to replace our existing VPN solution. We are moving towards a cloud first approach and use Microsoft Azure extensively along with a couple of on-premise data centres.   One of the requirements is resilience in Azure for the VPN termination. There doesn't appear to be any Meraki documentation around the vMX100 and resilience. Is High Availability possible in any form? e.g. 2 vMX100 in the same VNET (Active/Passive, cold standby, fast manual recovery?). If HA is not possible now, is this on the road map and when?   The next requirement is throughput, 500Mbps VPN throughput for the vMX100 in Azure is pretty good for branch site traffic, however is a larger vMX going to be available at some point and when? While the vMX100 would cope with most of our small/medium branches, using it to connect to our on-premise data centres for application-to-application type traffic would likely saturate 500Mbps and drag down user performance, so need more VPN throughput.   thanks ... View more
© 2024 Cisco Systems, Inc.