What is our primary use case?
Security appliance/firewall. With an advanced security license, the content filtering, IDS, and geographical blocking features are surprisingly good compared to using alternative solutions with no noticeable performance hit.
The geographical blocking is a great security feature but you have to use with planning. I’ve managed to block a few vendors websites and mail servers without realizing what country those vendors were located in. When you’re not use to having geographical blocking the first time I had the problem it took a while to troubleshoot why the connectivity was missing. Sorta over secured myself. 🤓 Not the MX’s fault.
How has it helped my organization?
- Easy of use
- Remote management
We are an MSP and Meraki provides MSPs with a combined management dashboard to centralize all clients under one single pane of glass. They offer a dynamic DNS, so Client VPNs and point-to-point VPNs can dynamically follow IP changes with no need for static IPs. The SD-WAN VPNs are also the easiest VPNs to setup in either a mesh or hub-and-spoke configuration that you will find. It works with non-Meraki VPN equipment too.
What is most valuable?
The dashboard brings all management features with you wherever you are. All you need is an Internet connection and a browser and you can manage the solution. The dashboard tracks your uplink connectivity to the dashboard and double checks with you all changes impacting the connectivity, making it much safer to enact changes remotely. Dual WAN connections are greatly simplified and site-to-site VPNs automatically connect regardless of what WAN connection is active.
Site-to-Site VPNs are the easier to setup than any other vendor’s solution. You simple pick two or more devices to tunnel together and then select what network subsets should be allowed to cross the tunnel and you are done. The solution handles all the details. Site-to-site VPNs can dynamically follow IP changes with no need for static IPs.
For MSPs the dashboard is even more convenient as all your clients are on the same MSP account. Switching between managing different clients Meraki equipment is a few clicks once you login to the dashboard. Two-factor authentication is available for enhanced dashboard security.
What needs improvement?
Some advanced enterprise features are missing, but for SMBs this solution is a dream to deploy and manage. Complex environments should look elsewhere, but I personally have not ran across anything that Meraki has not been able to handle so far. On the dashboard is a “Make a Wish” button to request new features. In three years, I have made three wishes and they were all were granted.
For how long have I used the solution?
Three to five years.
What do I think about the scalability of the solution?
During the Intel CPU clock signal component issue in early 2017 Meraki’s MX84 product line was impacted. Once Mearaki started getting replacement CPUs they shipped a replacement MX84 to swap my production unit. I was very impressed to learn how easy a hardware swap works with the Meraki dashboard. It was very simple to add the replacement unit. It began to function as a warm spare so I could then remove the old serial numbered device. A few minutes later and the replacement unit downloaded the production configuration and we were up and running on the replacement hardware. I understand scaling to a larger MX is just as simple.
How is customer service and technical support?
Tech support is available from the dashboard. Meraki tech support staff have a lot more visibility into your network than you do, which is frustrating at times. I understand the approach is to keep the dashboard easier to understand. This will frustrate more advanced users at times.
Which solutions did we use previously?
Previously I managed Cisco ASA equipment and enjoyed these firewalls. The need to train other admins and deployment at MSP clients were at the top of my list for switching to Meraki MX. The learning curve is much less steep for new security admins and the central dashboard allows coolabritive efforts when admins are in different locations. Built-in change management makes it easy to see who made specific changes as changes are logged on the dashboard.
What's my experience with pricing, setup cost, and licensing?
Other content filtering solutions that I have used had more bells and whistles, but given the cost, complexity, and management overhead, I am very pleased with Meraki’s solution.
What other advice do I have?
I was very worried when Cisco purchased Meraki, but surprisingly, they have not changed the organization or product lines for the worse.
Disclosure: I am a real user, and this review is based on my own experience and opinions.