From the improvement perspective, we need more monitoring capabilities. We want to have full-based access visibility, such as, what is happening when something is trying to reach and it is denying. We cannot see some parts of it. 

The integration of active directory with this product is not very fruitful. It has some bugs or lacks in the functionality of active directory integration. We are unable to identify where exactly and whether it has really applied our policy. 

The Cisco supply chain is problematic although that may not be all their fault. What I really want is to be able to sell the solution and deploy it for my clients. They are very cagey about the availability of their product and they definitely take better care of their larger clients, pricing out mid-sized organizations. I'd like their policy rules to be closer to those of some of the other vendors. They're very complacent and I find the rule set to be a little arcane. There's no company ou there that does the combination of hardware quality, reliability of service, and most importantly, the quality of the interface. 

The product doesn't support route summarization and BGP dynamic routing protocol. The product has to provide more flexibility in hardware. It should also introduce route summarization features. It is not an application-aware product.

There is not a lot of configurability for the notifications and alerts in Meraki. There are a lot of alerts to choose from, but no matter how you set them up, they are spam.

When we do API integrations with Meraki, they have always been hard as well as tedious to build. The data that we want out of the API integrations has been only recently available. Six months ago, it was hard to get someone to build something correctly or useful with Meraki APIs. Recently, they have made more data available on the API, but it is just a start. They need to do more.

There needs to be some improvement on the client VPN. They have been promising AnyConnect for years. Right now, they have only a handful of their device list able to support AnyConnect for the client VPN. So, the client VPN and API are where they need to refine stuff. Non-Meraki VPN clients are a problem where you have to share a whole subnet and more than one IP, which is not ideal.

For three years, we have heard that they have been working on AnyConnect. Only within the last year have seen possible betas on limited sets of devices for AnyConnect. It has become hard to believe, "We will see this in six months." They are working on it, but we need this already, which is a problem.

We use several automation tools, but almost nothing does automation with Meraki the way that we want. We are currently working with Solarwinds MSP/NCentral and possibly Symmetric to get more of an API management tool. As an MSP, I set up SAML certificates that are all the same across our 80 organizations in Meraki. That lets us manage them all from one console, which is great, but we still need to go make changes individually. So, we are trying to get to where we have an automated tool that can make changes for multiple organizations or firewall settings at the same time.

We use Meraki MX for harmonizing policies and enforcement across heterogeneous networks, but it is tedious. If you have four sites and all of them are behind their own firewall, then none of them are piping the Internet back to the same central site. They all are branch networks, but have their own access to the Internet. Anytime you change one branch's MX, then you have to do the same change on every MX manually. There is no replicated change between MXs.

The product is quite complex to set up. The product is dependent on other Cisco products. If we have Meraki, we must use Cisco devices only, which should not be the case. Any device which is running should be well-paired with MX. If we use Meraki MX, we must use MX in other locations. If we use Aruba or Ruckus, it does not communicate well with MX devices. It is like a monopoly.

Most firewall vendors provide a pretty good amount of logging information, like errors, issues, and warnings. Meraki does some of it but does not provide detailed logging information. We can send it to syslog or SIM, but we can't get it from the portal or the device itself. It would be nice to get detailed logging information without third-party software.

Pricing is an area where the solution lacks since it is an expensive tool. Pricing needs to be improved.

The solution's pricing should be reduced. There are other remote tools out there for VPN access, and Meraki MX is gradually losing ground because it's expensive.

My new business owner went from having 14 devices to seven and then from seven to two. Now, I'm only paying for two licenses. I'll soon be moving away from Meraki entirely. The solution's price should be reduced so that new businesses can easily use it.

The product could incorporate tools like ThousandEyes into the system so we can see things directly. If we are going to a public cloud and do not have an end device in the cloud that we can monitor from the dashboard, the tools will allow us to see what a service or customer experience looks like going across that network.

The solution's lead time should be improved because the deliveries are a bit slow. The current lead time is longer for Meraki MX, and it needs to be improved. We currently take two to three months to get the materials, but customers are not willing to wait that long. We need to improve the lead time so customers can get their products faster.

An area for improvement in Meraki MX is that it needs some provision, as supplying the unit through Cisco can be tedious at times, but as far as the product itself and its offerings, Meraki MX is five-star all the way.

I do not have the kind of feature I need for SSL decryption in Meraki MX. It would be great to see the SSL decryption feature in Meraki MX.

We had minor issues with Meraki MX. We had a couple of RMAs, so that could be an area for improvement, but in terms of how the RMAs went, the turnaround time and getting those back into redeployment were quick.

Another area for improvement in Meraki MX is that when you're scaling for multiple locations, you need to use the same model, but the model you'd need is only available for a short time. The specific model you require could be out of stock, or Meraki isn't making that model anymore, so Meraki should improve that.

MX can only be managed via a web interface, but I'm accustomed to using a CLI or a graphical interface. I would also like to see more reporting features. It doesn't provide enough information for me to know precisely about some clients. 

They could also add improve the content filter by adding Arabic. It only filters English-language content. Meraki should work on that feature for other languages.

Meraki has some hidden features and information that is only privy to their engineers. If that information became available to us, then it would improve our ease of management, and we would be able to make certain adjustments instead of having to go to them.

We do not have account managers in our region for the solution. Some governments don't use the product since it is attached to the internet. 

We use a Cisco LAN switch. Its model is CBS250, and it is a Cisco Small Business switch. It can be easily integrated, but the problem is that the other Cisco products are not in the same dashboard or cloud. Each one has a different management interface. I would prefer if both could be in the same cloud. If we use a switch from Meraki, it will be more expensive. Meraki switches are more expensive than the Cisco Small Business switches. For that reason, we prefer to use Cisco switches. With Cisco switches, we don't have to pay for subscriptions, whereas with a LAN switch from Meraki, we will have to pay for subscriptions.

We have been having a problem with the VPN. When the energy goes down and is back again, the VPN link doesn't get established. We have to manually turn off the modems and other pieces of equipment and manually establish the VPN. It has been around one month since we have been having this problem, and we don't have enough support from Meraki to solve the problem.

Their Technical Assistance Center (TAC) is slow to answer. Their response time should be improved. When we request support, their response time is long and not good. They still don't have the solution to the VPN problem. They established the VPN link, but the problem continues. They don't fix the problem. They just repair it, and the problem persists.

The configuration options for firewall and IPS have limitations. We do not have access to CLI, similar to other Cisco products. This particular area needs improvement.

I don't think I can comment on what needs improvement in the solution because of the usage of Meraki MX in our company. The tool is not complex. For my type of usage, I am satisfied with the results of the product. I think that I may use the product on a larger scale.

The fact that the product is a little expensive and how it needs to be made cheaper from an improvement perspective is a debatable topic, in my opinion.

Direct logging is something that can be introduced. In the absence of cloud management, the possibility of local configurations and on-premise logins becomes restricted. This limitation stands as a primary concern. When it comes to resolving issues, the inability to access login options hampers troubleshooting efforts.

The stability is noteworthy; but when compared to alternative products, its stability is comparatively lower. Additionally, certain limitations are observed in terms of remote control. Price-wise, the solution stands out for its competitive and cost-effective nature compared to other alternatives. Operationally, it is user-friendly and requires minimal effort from administrators, making configuration hassle-free.

I do wish you could control some ports locally from a console, but this is not the case. The only thing you can control locally is the uplink ports.

I would say that it could possibly use some deeper configurations, but I am not entirely sure. I'm still comparing it with others.

We can’t access GUI management and CLI opening features when the Internet is unavailable.

The price of the solution can be improved because it is very expensive. 

The event logging, alerting, and reporting features could use improvement. Especially the export of the log is difficult. There is an API to connect to, but I have not found it easy to extract something yet.

We are currently having a problem with Meraki in the end product. They have two kinds of enterprise licenses and an advanced security license. 

The problem is that the two licenses do not currently integrate. We have to create separate companies and do an interconnection between these licenses. 

Even to do a full free trial run, we need the same kind of licenses. This is something we seek to change because it's not fair. With this license mode, we should be able to choose which sites we use and which sites we do not need.

We often see a break in the connection between both modem and dish. We found that if we communicate with Cisco, we can find the right solution to solve this.

Currently, we have found all the things we need for our company already. Only perhaps compatibility for mobile lines is still required. 

Meraki MX is the program for us. We should have enterprise licenses.

There are a few things that are odd that I can do with other firewall products that I can't do with a Meraki. Such as - wanting to setup two firewalls in front of the same protected subnet. Since they 'act' like one when they are added, it won't let you setup the firwall in the traditional way where it's on the same LAN and has a proper public IP. When you attempt to save, because of their oversimplification of firewalls, it complains that you already have a firewall in front of that subnet. The only choice the leave you is to match the exact firewall and use their built in high availability. I don't want to do that in this case because I was intentionally terminating certain VPN tunnels on one, and other tunnels on the other. I could do this with an ASA, CheckPoint, SonicWALL, or Fortinet, but not here.

Some advanced enterprise features are missing, so Meraki MX is not for
demanding enterprise networks as it lacks high-level features (including SSL inspection).

As for SSL inspection, I think this is better performed on the Client PC where the inspection can be performed before or after the SSL encryption is done. Look at a solution like SentinalOne for this. This type of solution is going to be less prone to problems with SSL inspection.

Additionally, the native client VPN uses native OS VPN connectivity in Windows, Mac OS X, and Linux. While this is nice from the perspective of no license fees to have a client VPN, there are sometimes issues when drivers or OS updates are released that impact client VPN connectivity. DrayTek makes VPN client software that works with the MX but it is not officially supported by Meraki.

I'm not a fan of any security appliance's VPN as they typically allow access to everything on the corporate network. Specific VPN solutions like Absolute allow you to create granular access control to resources inside your firewall. I think having that level of control is a huge security plus.

More recently, Meraki implemented the Cisco AnyConnect VPN client with the MX and that is a more reliable solution than using the VPN built into Windows. I highly recommend using that or a 3rd party ZTNA solution.

There are so many options available when you are looking to create your security stack. In my experience, I've found that putting all your requirements on one solution will usually result in some level of disappointment.

On the Meraki dashboard is a “Make a Wish” button to request new features. I have made multiple wishes and they were all granted.

You can't set up complicated firewall rules, such as the ones that can be handled by Sophos. Sometimes you need to contact Meraki Cisco support for extra setup because as a normal user or administrator, you can't do it.

If you use the VPN to link Meraki with your onsite domain with Active Directory then it doesn't work properly. It will work for one or two weeks, then it will stop. They need to improve the link between Meraki and Active Directory.

When the internet connection is lost, you are not able to change any of the firewall rules because you cannot connect to the portal. This is unlike Sophos, where you can log on to it physically and change the rules.

It would be good if they allowed you to implement the certificate. At the moment, you can link Meraki with the self-signed certificate in your domain, but you cannot set up the active service VPN with Meraki on a certificate.

What I would like to see in the next version is to have more interfaces for WAN links. 

For example, if we have three providers, we can't connect to Meraki because it has only two WAN ports.

I would like to have on Meraki more WAN ports, i.e. one data internet port for two lines.

The whole Cisco Meraki range requires easier access for cameras. For a security center, it would be helpful to have easier access to cameras through the portal. Its licensing cost could also be better.

It would be great if the Meraki devices let us see, in real time, the internet demand on a single device.

It would be nice if the different services, including the SIEM SOC and endpoint detection and response (EDR) were integrated into one, so that I don't have to go to different vendors for different services. Ideally, I would like to have one place to shop.

It can always improve pricewise regarding throughput.

I do not seeing any areas that need improvement.

Currently, I don't see any big areas for improvement; although, It lacks some switching features. For instance, when you use MX to link the firewall to a stack, you cannot use LACP.  You cannot use switching behaviors as you see on the Meraki switch. This would be a really cool feature to have — real switching features on Meraki MX.

While it's reasonably priced, it could always be lowered to compete with others.

In the next release, because the security is pretty basic, I think they could include additional security features.

Expensive licensing and firewall stops immediately working if the licence is not renewed at the expiration date.

The product could improve most by improving the client VPN. The auto VPN works for site-to-site but they have an issue with the client VPN. For example, if I connect the client VPN, I cannot block clients for specific access inside of the company. Because of the limitation, you need to make a rule for everyone and it's not very easy to do. What you really want is to have a specific client VPN with specific (fine-grained) access to different areas.

One other thing that they should have to improve product utility is some kind of templates.  For example, templates for configuration of use in a vertical market would be useful.

They have a very good product. If you contact technical support, they should already know more about your methods and your needs. Management of the firewall is on the cloud and to be so easy for the user to configure, they remove some of the more complicated options. If you want an option, you need to contact support in order to enable it. They could have, for example, a different dashboard for more advanced features that you would be responsible to pay more for.

If Meraki could handle more than one internet connection and a bonding formula then that would be valuable. Load balancing options and ability to manage a couple of Internet connections, that's it. This is the main thing I see that the solution needs.

The security is not as strong as it could be. The lack of HTTPS encryption is a big challenge that I have with Meraki. Essentially, the Meraki device is blind to any threats that are encrypted, and currently, somewhere in the neighborhood of 3/4 to 80% of all internet traffic is encrypted. In other words, you basically have a blind security guard watching the network.

Management can be improved in Meraki MX. 

From a subscription base or price perspective, there's some room for improvement.

They also need more security features. There are good security features now, but I need more of the security features to offer UTM protection.

Currently, if you make a rule in the firewall you have to add all of the IPs. If I'm working with an object for, say, an object group, where I put every single IP that I want into it, and then I apply it on a rule, it's a little bit easier to configure because you have a better overview of that. The overview is not completely clear. It's a bit difficult. But control of network objects is something I really want because it makes it easier to maintain.

Also, there's not enough control over system updates. Right now, you can postpone the update but eventually, if you don't do the update, it will install the updates automatically for you and that's something that is not working for me. It can happen during business hours, for example, and then you have a big issue.

We feel that Cisco provides smaller features with fewer possibilities versus other solutions out there. 

There is room for improvement relating to third-party VPNs.

You can only have one tunnel in the whole infrastructure — one tunnel with one device. I cannot have multiple terminals running from each of the devices to the same third-party.

It can be improved in many areas, because it has many proprietary models for many different areas.

This product has room for improvement. The main features not included with the firewall is the virtual domain. With Meraki, the interface for the virtual domain could be improved.

The virtual domain is a concurrent session. The concurrent session is limited in Meraki, like FortiGate. In MX100, it's around 200 to 25,000 concurrent sessions.

In the same model with FortiGate, it's around five million concurrent sessions. It's very important to improve in Meraki.

In my view, it is very important that the number of concurrent sessions is increased.

They should improve load balancing.

In general, the SD-WAN feature needs to be improved. The load sharing and load balancing of the traffic should be improved. I have had some problems with these features in the past.

The IPS, the Intrusion Prevention System, can be improved. If they can add I think the next generation firewalls, that would be great.

I think for now, it is good. However, we could have more reporting options and the ability to send alarms to the administrator. 

We prefer UTM solutions.

As far as what needs to be improved — nothing really comes to mind. It does what we need it to do.

More detail needed for configuration of the VPN. No peer Meraki.