Quick tech specs
- Security appliance
Know your gear
The MX64W integrates Cisco Meraki's wireless technology with the powerful MX network security features in a compact form factor ideal for branch offices or small enterprises.
Cisco Meraki MX84 Cloud Managed - security appliance is rated2.33 out of5 by3.
Rated 5 out of 5 byrod86 from JunkCannot connect to management portal to assign a static address. Do Not waist your money on anything Meraki has its name on.
Date published: 2016-03-27T00:00:00-04:00
Rated 5 out of 5 byADynes from Missing Key Features of a Firewall / ProxyTo say the Cisco Meraki MX series is missing some essential features of a firewall/proxy box would be a huge understatement. For example one of their big selling points is how easy it is to setup a site to site VPN. It is pretty easy, I will admit that, but once setup some of the key features are either hard to use or missing completely. For example there is a section called "Site to Site VPN Firewall". You would think this is a firewall to restrict traffic between a site to site VPN and you would be right. However the firewall rules have to be written out per IP address and per port. So if you want bi-directional communication between one of your subnets and one of your remote peers subnet for 10 different ports you have to write 20 rules, 10 from your subnet to theirs for each port and another ten the other way. If you have 5 subnets internally and they have 5 subnets those same 10 ports will now take 500 SEPARATE RULES! It doesn't allow you to put in multiple subnets and ports per line. And if you are doing a Site to Site VPN with a Non-Meraki peer then the site to site firewall doesn't work at all. I talked to tech support (January 2016) about this and they said that is true and its not a "feature that has been implemented yet".The problem is this is one of many features that haven't been implemented. For example the client VPN can be setup a single way, L2TP. It uses Aggressive mode IKE with a preshared key, which by the way fails PCI compliance scans. When asked about this I was told that's the only option and they are not looking to change that.Logging is a big missing one also. You can write firewall rules and the interface lets you see "hits" against each rule but there is no way to see what actually was accepted or blocked by a rule. So if you write all your rules and then you have a Deny rule as your last rule, a industry standard, there is no way to actually log what is hitting the deny rule. There is no way to see whats hitting any rule other then a hit counter. When I asked tech support about that (January 2016) I was told "Oh, just put a allow all rule before your deny rule". *smh*These are examples of the shortcomings I've found in the first month of working with the MX units and I've asked my sales person what the return policy is on it. I have both a MX84 and a MX64 and both have the same limitations and issues. I am coming from a Forefront TMG 2010 server which at 6 years old and going end of life this year has twice the features and is easier to use then this device. This really feels like a incomplete product just thrown on the market and touted as "Cloud Enabled" to make it sell but it's a bunch of smoke and mirrors.I HIGHLY recommend avoiding the Cisco Meraki MX product line.
Date published: 2016-01-26T00:00:00-05:00
Rated 5 out of 5 byInfrastructureMgr from Fantastic... depending on your need.The low end of the Meraki MX line is a fantastic buy, depending on your need. Don't buy these if you're looking for a full featured firewall or proxy server - there are better, more specialized devices for that. Don't buy one and expect it to let you do fancy configurations at the command-line. If you're a Cisco command-line guy these may just tick you off. But if you have lots of small network nodes and relatively few resources (no matter how talented), these are worth their weight in gold.We have several dozens of small remote offices and project locations, and I have two network guys. Most have two circuits or ISP lines of some sort for redundancy, all are VPN'ed together. This device allows us to provide redundant, fully meshed, multi-path VPN with automatic fail over and without requiring static IPs (useful for broadband connectivity at temporary project sites). It allows us to prioritize VoIP traffic, to block web usage by category across the split-tunneled internet traffic, and to provide some level of IPS. We can deploy them in a heartbeat, and have them pre-configured and plug-and-play by the time they arrive on site.We also have scenarios where we're looking at using them to provide simple performance based routing between satellite and cellular networks aboard ships. If the cell drops below a certain performance metric, they can automatically route across the (normally slower) satellite link instead. We can also do traffic shaping, so that dropbox and crashplan syncing doesn't completely kill WAN performance.The portal based visibility, especially for connected devices and client activity is pretty great. The MX devices also give us netflow now, so when the portal based reporting and visibility isn't enough, we can see exactly what's going on. SNMP capabilities are still iffy, but coming along as they continue to make improvements. We're also using Meraki APs now for the same reasons, and even some switches in non-datacenter use cases.All of that is pretty darn impressive for a little device like this, and exactly what we've needed. So again, if you're looking for a corporate firewall and proxy device, this ain't it. If you want a full-featured device to do routing and VPN connectivity for retail outlets, project sites or smaller branch offices, or better yet to give you visibility and manageability in a dynamic and ever-changing environment, these are definitely worth a look.
Date published: 2016-06-19T00:00:00-04:00