Cisco Meraki MX does the job well, but has a few caveats that could come back to bite you if you aren't careful
Overall Satisfaction with Cisco Meraki MX
Cisco Meraki MX is used by some of my clients for managing their internet connection between a few facilities. They have an ethernet handoff, and Cisco Meraki MX sits between their internet connection and their network, acting as a firewall, router, VPN endpoint, and content filter.
Pros
- Decent web interface
- Support
- Content filtering
- Threat detection (when using the higher license)
Cons
- Intranet management (inability to NAT between LANs limits flexibility)
- Multitenancy from one device
- Limited in VPN options
- Always a recurring charge
- Difficult to troubleshoot when internet is down
- For my clients, it was easy to mark off a few items on their checklist so that we could move on to more important things
Cisco Meraki MX has allowed me and my team to maintain a few networks with relatively little effort. We didn't require a lot of training to use the core feature set, and it has served our clients well. It does what any good firewall should do, be set up, stay out of the way, and maintain security.
We haven't integrated any other systems into Meraki.
We continued using Cisco Meraki MX after taking over the client since they are familiar with it and enjoy the reporting it provides. We use pfSense for most new deployments as the controls it gives us are slightly better than the Cisco Meraki MX controls. That isn't to say Cisco Meraki MX is bad; it just isn't suitable for many of our clients that are multi-tenant, which is one of the weaker offerings from Meraki. For our clients that were already using Cisco Meraki MX when we adopted them, there was no reason to change, it does the job, and it does it well.
Do you think Cisco Meraki MX delivers good value for the price?
Not sure
Are you happy with Cisco Meraki MX's feature set?
Yes
Did Cisco Meraki MX live up to sales and marketing promises?
I wasn't involved with the selection/purchase process
Did implementation of Cisco Meraki MX go as expected?
Yes
Would you buy Cisco Meraki MX again?
No
Cisco Meraki MX Feature Ratings
Cisco Hybrid Work
- Cisco Meraki MX
- Working from anywhere (e.g., coffee shop, airport)
- Working from an office or other company space
- Working from home
We mostly needed a system that would let our workforce work on small documents from anywhere. Since the information is stored on our server at the office, having something that would let them securely connect and access server resources was critical. We also wanted something that would integrate with our local authentication server (Microsoft Active Directory in this case) and the Meraki unit works for that.
There weren't organizational challenges per se. Most of the difficulty came from ensuring those that needed to work remotely had the equipment to do so. We're an MSP, and the client already had a good idea of how they wanted things to work. We just needed a good way to make it happen.
The Meraki unit acts as a good endpoint for roaming clients. Setup is pretty easy and is easy enough for people to use that we don't have to expend a lot of effort training people. It has been secure, reasonable in setup, and performance has been as we expect. The only challenges we've run into with it have been Microsoft occasionally breaking things with an update. Those are few and far between, and would probably impact any VPN solution. So in short, it made solving the problem of remote network access very painless for us.
Being outside of the office does create some challenges. Having the VPN available to employees has done quite a bit for letting them check up on things, update documents, collaborate, etc. The VPN is one part of the hybrid work system in place, but it place a pivotal role and having it easy to set up made my team's life easier from an operational standpoint, as well as a training standpoint for our customer.
In this case, we were already using the Meraki for other services (IDS/IPS type work). We also implement pfSense and OpenVPN. They all have their pros and cons, but Meraki fits in well with the solutions that we've found. It is easy to use, has broad platform support, and maintains security well.
- Microsoft Teams
- Google Meet
- Other
Dialpad
Discord
Figma
Discord
Figma
Using Cisco Meraki MX
4 - We are an MSP and Cisco Meraki units are used by some of our clients, so we need to maintain them. They are used as router/firewalls for some of our clients.
2 - Maintaining Meraki equipment only requires basic networking skills. Understanding firewalls, NAT, routing, DHCP, fundamentals helps.
- Easy router/firewall management for cleints
- Reporting for our MSP clients
- VPN endpoint
- Using the VPN endpoint feature to make access iLO devices.
- Satellite or home office connections.
Evaluating Cisco Meraki MX and Competitors
- Ease of Use
It was already in place when we took over the client. We've been renewing it since it fulfills the need for the client and we can manage it easily enough. When renewal came up, we considered moving to another platform, but felt there were more important things to focus on.
When the next renewal comes, we'll probably be caught up with other projects, so we'll be more seriously looking at alternatives.
Cisco Meraki MX Implementation
- Implemented in-house
Change management was a minor issue with the implementation - It keeps a bit of an audit trail, but nothing very thorough. There also isn't a way to export a specific snapshot of configuration.
- Learning some of the limitations that our other equipment can do. (NAT between local networks for example.)
Cisco Meraki MX Training
- No Training
If you are familiar with networking, you should have no problem picking up the interface. None of my staff needed any specific training to put the Meraki equipment to good use.
Configuring Cisco Meraki MX
There is really only one way to configure the equipment, so there isn't so much a "best practices" to speak of. It does a good job of guiding you to make reasonable decisions that won't get you into too much trouble.
No - we have not done any customization to the interface
No - the product does not support adding custom code
We didn't customize much because you can't customize much.
Cisco Meraki MX Support
Pros | Cons |
---|---|
Quick Resolution Good followup Knowledgeable team Problems get solved Immediate help available Support understands my problem Support cares about my success Quick Initial Response | None |
There isn't really an option for purchasing "premium support." We have the support that is provided with the license subscription.
When we were trying to get our licensing stuff figured out (our vendor was having trouble getting a new license key for us) Meraki extended the grace period for us to ensure we continued to have service. Then, when we got the license, they helped us to ensure they applied properly.
Using Cisco Meraki MX
Pros | Cons |
---|---|
Easy to use Technical support not required Well integrated Consistent Quick to learn Feel confident using | Cumbersome Lots to learn |
- Site to site VPN
- Client to Site VPN
- DHCP Server Management
- Offline device troubleshooting
Yes, but I don't use it
Cisco Meraki MX Reliability
Integrating Cisco Meraki MX
- Active Directory
We use active directory for authentication on the Client VPN. Setup was painless and it has worked well enough.
Meraki is extremely limited in integrations based on what we've seen.
Meraki isn't really the product for you if you are trying to integrate things. If you just need a router/firewall that can do some VPN and IDS work, it's great, but if you want deep integration into your other workflows, it probably won't work out well.
Relationship with Cisco
We didn't attempt to do any negotiation with them. The pricing is what it is. We do have to purchase for multiple years at a time, month to month isn't really a thing.
Don't be afraid to call them. They are good to work with and very responsive.
Upgrading Cisco Meraki MX
Yes - The firmware update was pretty simple. We didn't have to do much beyond just let it run. The update wasn't super exciting, and that's exactly how they should be.
- The higher end model can handle more throughput, otherwise it is identical.
- Just incremental improvements. No groundbreaking new features.
Comments
Please log in to join the conversation