Overall Satisfaction with Cisco Meraki MX Firewalls
We use Meraki MX as a security appliance/firewall. With an advanced security license, the content filtering, IDS, and geographical blocking features are surprisingly good compared to using alternative solutions with no noticeable performance hit as long as you size the unit properly.
The geographical blocking is a great security feature but you have to use with planning. I’ve managed to block a few vendors' websites and mail servers without realizing what country those vendors were located in. When you’re not use to having geographical blocking the first time I I had that problem it took a while to troubleshoot why the connectivity was missing. Sorta over secured myself. Not the MX’s fault.
- The dashboard brings all management features with you wherever you are. All you need is an Internet connection and a browser and you can manage the solution. The dashboard tracks your uplink connectivity to the dashboard and double checks with you all changes impacting the connectivity, making it much safer to enact changes remotely. Dual WAN connections are greatly simplified and site-to-site VPNs automatically connect regardless of what WAN connection is active.
- Site-to-Site VPNs are the easier to setup than any other vendor’s solution. You simple pick two or more devices to tunnel together and then select what network subsets should be allowed to cross the tunnel and you are done. The solution handles all the details. Site-to-site VPNs can dynamically follow IP changes with no need for static IPs.
- For MSPs the dashboard is even more convenient as all your clients are on the same MSP account. Switching between managing different clients Meraki equipment is a few clicks once you login to the dashboard. Two-factor authentication is available for enhanced dashboard security.
- Some advanced enterprise features are missing, but for SMBs this solution is a dream to deploy and manage. Complex environments should look elsewhere, but I personally have not ran across anything that Meraki has not been able to handle so far. On the dashboard is a “Make a Wish” button to request new features. In three years, I have made three wishes and they were all were granted.
- Previously I managed Cisco ASA equipment and enjoyed these firewalls. The need to train other admins and deployment at MSP clients were at the top of my list for switching to Meraki MX. The learning curve is much less steep for new security admins and the central dashboard allows coolabritive efforts when admins are in different locations. Built-in change management makes it easy to see who made specific changes as changes are logged on the dashboard.
- Other content filtering solutions that I have used had more bells and whistles, but given the cost, complexity, and management overhead, I am very pleased with Meraki’s solution.
I prefer Cisco ASA for large enterprise deployments. Fortigate works well but I'm not a huge fan of their GUI interface (maybe personal preference). Sonicwall and Watchguard are avoided and only used when we inherit the solution. Not a huge fan of either. I do value the large breadth of options in the security appliance space.