Meraki MX Firewalls Review
We had a problem with our MX100 and Meraki sent us a spare the next day so we'd have it on hand in case of issues.


I was using the Meraki MX Firewall with a complete Meraki set up (WAPs over 43 acres) and, in general, it was a really lovely system to administer. 

MX 100


We had a problem with our MX100 and Meraki sent us a spare the next day so we'd have it on hand in case of issues - we did end up doing a swap to check if this solved the problem. The swap took less than an hour to have it up and running. Meraki products are great for swapping in and out and generally administering. I don't think you need to have much training to deal with most Meraki appliances - the user interface is very easy to sort. It's cloud based and I never had problems accessing it. I've taken some screenshots from the Meraki PDF on the MX100.

This gives you an idea of the kind of thing you're going to see in the cloud interface. In terms of giving your Execs information or checking our possible security issues, it's handy. 

I've nabbed these facts from the Cisco site: 

• Gigabit SFP connectivity
• Stateful firewall throughput: 750 Mbps
• Recommended maximum clients: 500 


Cloud-based centralized management
• Managed centrally over the Web
• Classifies applications, users and devices
• Zero-touch, self-provisioning deployments


Networking and security
• Stateful firewall
• Auto VPN™ self-configuring site-to-site VPN
• Active Directory integration
• Identity-based policies
• Client VPN (IPsec)
• Smart link bonding


Traffic shaping and application management
• Layer 7 application visibility and traffic shaping
• Application prioritization
• Web caching
• Choose WAN uplink based on traffic type


Advanced security services
• Content filtering
• Google SafeSearch and YouTube for Schools
• Intrusion prevention (IPS)
• Antivirus and antiphishing filtering
• Requires Advanced Security License


The features feed into defence in depth so you have an IPS, content filtering, AV and anti-phishing. The self configuring VPN was a real bonus and it also integrates into AD (like most). 

Firmware updates can be automated and rolled back extremely easily if you have any problems. It was a nice surprise to see how organised and automated Merkai were. 

Be aware, if you suddenly get more staff and want to have more than 500 users then it's not a firmware upgrade. It's a new appliance - we experienced this and had to look into the MX400 which takes you to 2000 clients; yes, there's a bit of a gap from the MX100 and MX400. 

Would I change anything? As above, the fact you need to go from MX100 (500 staff) to MX400 (2000) staff and there is nothing in between. I think that's a bit cheeky. 

Disclosure: I am a real user, and this review is based on my own experience and opinions.
3 visitors found this review helpful

5 Comments

Orlee GillisCommunity Mgr

Aimee, what would you recommend as a way to solve the MX100 to MX400 migration/transfer?

Like (0)31 October 16

Aimee, did you end up dropping the MX100 and going to a different provider? Were the difficulties you experienced and mentioned at the top of the article related to hitting that 500 client "maximum"? I'm looking at options for a new high school that will eventually have around 600 students, staff , and faculty. When I estimate the number of school-owned and BYOD devices, we could scale past that 500 client maximum fairly quickly.

Thanks!

Like (0)17 March 17

These are concurrent users. I would not use any firewall with 500 or more concurrent users but several firewalls. The limitation on the devices is about processing rules, policies, malware and VPN encryption in RAM. Therefore a limit on users. The MX400/600 are designed for campus usage and can therefore process more users (2000/10.000). Keep in mind that the concurrent users will have to share the internet bandwidth you connect to the firewall (max 2*1Gb/s). If you need faster throughput, you would not process rules and malware protection, nor VPN on the firewall but before. If you can lay your hands on an internet provider speed of more than 1Gb/s than you might look into the Cisco Firepower range.

Like (0)20 July 17

The information regarding concurrent users is not a hard limit. Specifying the bandwidth is much more important. The information refers to all activated functions with the Advanced Security License.

Like (0)07 November 17
Alex DReal UserTOP 5LEADERBOARD

The number 500 (MX100), 2000 (MX400), That's a recommended for concurrent clients that help admin can easy to choice the accordant firewall model for their network. At this time Meraki have many more model that are accordant for many achitecture.

Example: if your site have more than 1000 clients, you can choice MX250 (recommended 2.000)

Like (0)05 January 18
Guest
Why do you like it?

Sign Up with Email