We just raised a $30M Series A: Read our story

Meraki MX OverviewUNIXBusinessApplication

Meraki MX is #1 ranked solution in top Unified Threat Management (UTM) tools. IT Central Station users give Meraki MX an average rating of 8 out of 10. Meraki MX is most commonly compared to Fortinet FortiGate:Meraki MX vs Fortinet FortiGate. Meraki MX is popular among the small business segment, accounting for 40% of users researching this solution on IT Central Station. The top industry researching this solution are professionals from a comms service provider, accounting for 29% of all views.
What is Meraki MX?
With the proliferation of modern applications and mixed-use networks, host and port based security is no longer sufficient. Cisco Meraki's layer 7 "next generation" firewall, included in MX security appliances and every wireless AP, gives administrators complete control over the users, content, and applications on their network.

Meraki MX was previously known as MX64, MX64W, MX84, MX100, MX400, MX600.

Meraki MX Buyer's Guide

Download the Meraki MX Buyer's Guide including reviews and more. Updated: November 2021

Meraki MX Customers
Hyatt, ONS
Meraki MX Video

Pricing Advice

What users are saying about Meraki MX pricing:
  • "Like any Cisco product, the license is really expensive for small business clients. It needs to be cheaper. If you look it up, you might go, "That doesn't make any sense.""
  • "We just have to pay for the product and the license. We have a license for three years, and it is renewed every three years. It costs $1,200 for three years for one endpoint. Meraki had a good promotion for remote workers or remote workforce. The discount is very good. This promotion continues till the next fiscal year of Cisco."
  • "​Other content filtering solutions that I have used had more bells and whistles, but given the cost, complexity, and management overhead, I am very pleased with Meraki’s solution."
  • "The license cost depends on the box. We acquired a different product line. We are dealing with MX appliance now, that is, MX6, MX54, MX100, MX250, MX450. Every box has got an identity, and it has got its own specification. Every box has got a different license fee. We deployed Meraki MX in UAE when it was not a mature product. We took a risk, but we were successful. We saved a huge amount of money after implementing and removing all the MPLS and leased lines. We got a broadband connection because Meraki MX could work on a broadband connection. We have drastically saved a very good amount of money, which was one of the successful things apart from the successful solution."

Meraki MX Reviews

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
Craig Butler
Central Services Engineer at Liberty Technology
MSP
Makes it easy to stay on top of everything for security

Pros and Cons

  • "Meraki makes it easy to be secure and know where the holes are to fix them. We have been fixing anything that we have ever found for 20 years. We keep up-to-date with firmware upgrades. We just try to stay on top of everything for security, like maintaining updates and getting rid of old systems. I feel like we're on top of it."
  • "When we do API integrations with Meraki, they have always been hard as well as tedious to build. The data that we want out of the API integrations has been only recently available. Six months ago, it was hard to get someone to build something correctly or useful with Meraki APIs. Recently, they have made more data available on the API, but it is just a start. They need to do more."

What is our primary use case?

Meraki MX is great for WAN networking, e.g., when you have multiple ISPs at the one site or you have a large network that expands across a large physical area, like across a state or county. You use it to have a seamless VPN that you are not managing on devices or if you have a client VPN that needs to be easily integrated into the firewalls. 

Our use case is anywhere from a 10-person company to a full-level enterprise, like a 1000-person company. You can use Meraki MX at any sort of level. They have different models, including for home use for remote workers.

We only sell Meraki. As we get new clients, we switch them over to Meraki. A requirement that we have: If you are a recurring client, then you need to have Meraki MX because it is where we get our ISP data from. We are going to grow. We actively manage 40 organizations on a day-to-day basis as well as another 40 organizations/companies where we work with one-offs. Overall, close to 70 clients will have Meraki devices. 

We are a managed services provider (MSP). I have it at my house. Then, at our headquarters, we have an MX100.

Meraki doesn't have any on-prem stuff for software. We have a local portal for their network stuff, but they are exclusively managed online through a cloud portal.

We are using Hosted ESA.

How has it helped my organization?

Meraki makes it easy to be secure and know where the holes are to fix them. We have been fixing anything that we have ever found for 20 years. We keep up-to-date with firmware upgrades. We just try to stay on top of everything for security, like maintaining updates and getting rid of old systems. I feel like we're on top of it. We are a mature organization in that regard; we are like a spry, almost middle-aged man.

They are integrating with SecureX and have some built-in security alerts that work with Cisco AMP for antivirus. They give us visibility where they need to and don't overstep. I like it when Meraki MX focuses on routing and what a firewall traditionally is, like antivirus and anti-malware. I don't know how much more Meraki MX needs to be doing with that. I understand they are a firewall, but firewalls are for routing, not for base layer.

I check something in Talos normally seven times a day. When I am working a normal day, I get new IPs or domains to review. Talos also feeds directly into Perch, AMP, and so many things. We rely heavily on Talos. I know they feed into Meraki MX as well. So, Talos is wonderful, and we could not do our job without them.

Meraki has always made our security posture better. It has always given us more visibility in general. It has also made the ease of access to secure our network easier. For example, if you compare learning the Meraki certificate to the Cisco CCNA certificate, the Meraki certificate is about a third of the difficulty of the CCNA cert. So, the barrier to entry to manage Merakis is lower in IT than the barrier to entry to manage Cisco ASAs. The learning curve matches that.

What is most valuable?

The site-to-site VPN is really good. It keeps us going when we expand clients. We can just say, "Wherever you are, we can put you behind the same firewall or pipe your traffic somewhere. It is very easy to set up." 

The web console for managing everything keeps everything on Meraki and keeps us from going somewhere else. It is why I think a lot of people like Meraki. Comparing it to SonicWall or even a different Cisco firewall, like traditional ASAs, managing Meraki is a thousand times easier because of fluidity. You don't have to rebuild a table just to change one rule. It's much more readable for a human. All of that ASA stuff and command line are great when you know how to use command line and worked on it for five years. However, if we are trying to train new people who are more used to a GUI on Windows, then Meraki will be a lot easier for everyone to learn, and even for salespeople to get data from it. It's better for the human environment and the human part of all of this.

Webex and Meraki kind of work together. That is the whole layering thing. WebEx is for your team collaboration. We use analytical data from WebEx Control Hub and Meraki to figure out issues with calls. We have to route it the right way, then figure out if the ISPs are giving us packet loss. Almost anything goes out to the Internet 100 percent works with Meraki because you have to troubleshoot the ISP, and Meraki is how you do that.

Meraki MX integrates stuff fairly well. We get the data we want out of it.

What needs improvement?

There is not a lot of configurability for the notifications and alerts in Meraki. There are a lot of alerts to choose from, but no matter how you set them up, they are spam.

When we do API integrations with Meraki, they have always been hard as well as tedious to build. The data that we want out of the API integrations has been only recently available. Six months ago, it was hard to get someone to build something correctly or useful with Meraki APIs. Recently, they have made more data available on the API, but it is just a start. They need to do more.

There needs to be some improvement on the client VPN. They have been promising AnyConnect for years. Right now, they have only a handful of their device list able to support AnyConnect for the client VPN. So, the client VPN and API are where they need to refine stuff. Non-Meraki VPN clients are a problem where you have to share a whole subnet and more than one IP, which is not ideal.

For three years, we have heard that they have been working on AnyConnect. Only within the last year have seen possible betas on limited sets of devices for AnyConnect. It has become hard to believe, "We will see this in six months." They are working on it, but we need this already, which is a problem.

We use several automation tools, but almost nothing does automation with Meraki the way that we want. We are currently working with Solarwinds MSP/NCentral and possibly Symmetric to get more of an API management tool. As an MSP, I set up SAML certificates that are all the same across our 80 organizations in Meraki. That lets us manage them all from one console, which is great, but we still need to go make changes individually. So, we are trying to get to where we have an automated tool that can make changes for multiple organizations or firewall settings at the same time.

We use Meraki MX for harmonizing policies and enforcement across heterogeneous networks, but it is tedious. If you have four sites and all of them are behind their own firewall, then none of them are piping the Internet back to the same central site. They all are branch networks, but have their own access to the Internet. Anytime you change one branch's MX, then you have to do the same change on every MX manually. There is no replicated change between MXs.

For how long have I used the solution?

I have been using the solution Meraki firewall since day one of working with Liberty Technology, which has been almost three years. Liberty Technology has been using Meraki for closer to 20 years.

What do I think about the stability of the solution?

Client VPN is the only unstable thing that we have found.

When we need to do re-audit firmware updates for a bunch of clients, that takes 10 people. Day-to-day, zero to one person maintains it.

What do I think about the scalability of the solution?

It is very scalable.

For active security, we have about 15 to 30 security tools, like XDRs and firewalls. There are a lot of things that we need secured. We have physical doors, email, networking equipment, phones, and Windows devices, like physical machines. If you just go down the list of hosts, those take different types of security, like hosts for VMs. So, if you layer that, then you have layers of security where these are your base layer. Then, on top of that, you start layering on authentication protocols, like your domain controllers, authentication, LDAP, or wherever you want to have your directory live. We have a few places where our directory can live and switch between. There are different security setups depending on what we want to fallback to or actively use. 

Everyone accessing Meraki is either IT personnel or serving an IT personnel goal. There are also some salespeople who go over inventory, billing, and procurement on the sales side. Anyone in security and working on the network in general can access Meraki. Anywhere in-between the IT director and the IT to our line can access Meraki to do something in it. There are different thresholds in which those people do different things. Tier 1 will just go look and make sure something is connected. Tier 3 will go make sure that things are set up correctly and change things if needed. Engineering will look at an issue if it gets escalated beyond that. That is your normal, typical IT stuff.

How are customer service and technical support?

Most of the time, the technical support works out. One in seven times, I will get a tech working the case where I close the ticket, then reopen it. Every once in a while, you are just going to run into someone who doesn't know what is going on or they don't have enough sense to escalate it. Both of those situations are concerning when we run into them. It doesn't happen too much with Meraki. Sometimes, it is a language issue or you get someone who is in the wrong mindset to fix your issue. If you have an extremely urgent issue, you don't want them to be like, "Hey, I don't know. I don't feel confident." Or, the person already said something, then is double guessing themselves. However, this is not the norm. 

We were looking at CDO for a while. I don't really know what happened there, but the talks stopped all of a sudden, which isn't uncommon for us with Cisco. We will be looking at a product, then they won't get back to us or I won't hear about it again.

Which solution did I use previously and why did I switch?

A medical provider had a terrible network going in. We swapped out all their old solutions: Fortinet switches and SonicWall Firewall routers. Sonic Firewall routers' user interface feels as if, with anything you do, that you could be lost at the next second. You don't feel like it is stable. It is very clunky and slow. So, we switched that out, and instantly saw, "We have loops here and bad traffic going this way." We started getting analytics on how we needed to route the network better and where we needed to put actual physical drops. They had a cable between two switches that should have been an aggregate cable or aggregate port, and it wasn't. It was just an Ethernet cable that was piping about a half or third of their organization's network, which was terrible.

A big deal with Meraki MX is phone systems. If you have to maintain a phone system with Cisco ASA, it is a lot harder than maintaining it with a Meraki switch due to the malleability of the Meraki switch, firewall, and router. Because you got to communicate with the phone gateway, and that all comes back on the Meraki firewall.

Usually, the military uses Palo Alto. I might have used Palo Alto at a different job, not this one. My experience with Palo Alto will be similar to any Cisco ASA device. The GUI is not there. You have to do everything with command line as well as rebuild Access tables. That is the only way to modify those things, which is not fun. It is not something that anyone wants to learn or go do. It always has that extra level of effort. Meraki MX removed that. 

Maintaining firewalls will never be joyful, but Meraki has made the quality of life for someone who has to maintain a firewall much better.

How was the initial setup?

The initial setup is straightforward. When we are rolling stuff out, it is always fine. When we have redundancy or multiple networks to configure, that takes time and is tedious. However, the setup itself is not complex. There is plenty of documentation on it.

There are two schools of thought on implementation strategy: 

  1. We clone out from a very similar organization, then try to mirror it and switch the hardware, e.g., the actual inventory in the organization. 
  2. We build a new org from the ground up, if it's a small organization, then we just throw Meraki in, and we are good. I find it is easy. There is a standard practice that we are developing. It is so easy that once you have done it once, then you can train someone the first time that they do it. It wouldn't be something you would need documentation to reference, because of how simple it is. It takes one to three hours to set up. If it is a larger organization, then we will take three hours and refine things. If it is one site, then it is about an hour, just to make sure we are not screwing anything up.

What about the implementation team?

For Meraki MX, it takes just one person to set it up. If we are training someone, then it takes two people.

What was our ROI?

The ROI comes from when we switch out phone systems. If you had an AT&T phone system, but switched out to your own Meraki gear and phones, then you would see a giant bill reduction getting off that AT&T contract. This includes your ISP and phones because you don't know what is hidden in that contract. 

Anytime you are working on a very large, physically-wide network, like statewide or countywide, you want it for bandwidth data, unless you have unlimited bandwidth. 

What's my experience with pricing, setup cost, and licensing?

Like any Cisco product, the license is really expensive for small business clients. It needs to be cheaper. If you look it up, you might go, "That doesn't make any sense." 

If you want good security, this solution is what you need. It is worth it, even though it is expensive. I do think they should really look at making cheaper options, and not making people who already have the hardware find new hardware to get a cheaper option.

Which other solutions did I evaluate?

We are always evaluating new products, and this includes MFA. There are multiple types of MFA that we employ for different services. It's not like everything uses every product. It is that there are layers, like your email is probably behind five to six layers of security or different products that you don't even know about.

I have very little experience with Fortinet. Fortinet has almost like a home network GUI, where you don't have a consolidating console for your whole organization. Fortinet does not have a solid cloud console. Meraki's cloud console and interface are just so sleek, and they work. I know where to get the data out of the solution now. It saves everyone time and makes them feel better when looking at something. Meraki has already won the race, but I feel like they have kind of stagnated. They just need to keep going, making every bit of data that they have accessible within one API call or having very clear directions of what to do to get that data. That is not there anymore. It used to be. They were going in that direction, then they stopped. Meraki is good and has a better GUI than anyone else, but they need to get more data visibility in there. 

What other advice do I have?

Duo Security integration is fantastic and really shines, but that is really on the Duo Security team for putting it altogether. Cisco AMP integration is lackluster where it is doing it, but we don't see a lot of what it's doing.

When you use Meraki with an XDR, then you get a lot of good data that way. When you have options to get Meraki for port mirroring with a good XDR, then you will get a lot of data. So, its integration is very good. However, your base insights from Meraki will not come from Meraki itself. You have to integrate Meraki MX with an XDR or Stealthwatch NetFlow analysis. Meraki MX struggles to give you the alerts for data it already has.

Meraki is very future-proof. They are ahead of the curve, but they have slowed down. So, they might average out to where some people will catch up. However, they are so far ahead on where I believe people are going that it is hard to see sometimes.

The ease of use and learning curve are a big deal because you will always have turnover in IT that you have to deal with. The best thing you can do is make something easier for newer people to get into, maybe not some of the more complex things that you can do with Meraki. The big lesson learnt: I don't have to spend days training someone up in Meraki. They can do it pretty quickly in a day themselves.

I would rate this solution as a nine out of 10.

Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor. The reviewer's company has a business relationship with this vendor other than being a customer: Partner
Flag as inappropriate
EC
Director with 51-200 employees
Reseller
Top 10
Provides good visibility, easy to configure and manage, and good for small businesses

Pros and Cons

  • "Its ease of configuration and management is very useful for us and for other companies that don't have an onsite IT person. It is easy to configure and easy to manage. It is easy to configure the VPN with the Auto VPN feature."
  • "We have been having a problem with the VPN. When the energy goes down and is back again, the VPN link doesn't get established. We have to manually turn off the modems and other pieces of equipment and manually establish the VPN. It has been around one month since we have been having this problem, and we don't have enough support from Meraki to solve the problem."

What is our primary use case?

We use it for the protection of our network and for access to our network Wi-Fi. 

We mainly use two products of Meraki. We use the MX Series router and Access Point MR. MX is a router, and its deployment is installed on-premises, but the management or administration is done on the cloud.

How has it helped my organization?

It protects our network and does content filtering. It monitors our network for threats, and it also monitors the performance of the network. We also use it for the VPN.

The visibility that it provides is very good. It is the most valuable feature of Meraki. It allows us to easily monitor threats, internal users, and internal and external networks. We rely a lot on this facility.

Its ability to provide visibility into threats is good. By using the dashboard, we can watch and be aware of any threats and also take action if needed. 

By using the VPN, we can connect remotely. We have two offices, and we could connect them through the VPN. We could establish a network between two sites, and that has improved and increased communication and productivity. Our remote site is able to access the server remotely.

Meraki has improved our security posture. Before Meraki, we didn't have any security. Now, we are protected by the firewall. It is our first perimeter protection. It has increased security, but we know that we need more security. The maturity of our organization's security implementation is low because we don't have many tools for security. Meraki is at the beginning of our security stack. We use the Meraki firewall, and that's all. We need more tools for security, but the problem is that tools are expensive. So, currently, we are protected by just the Meraki firewall and the antivirus for the endpoints.

What is most valuable?

The visibility through the cloud dashboard is most valuable. We can access the dashboard remotely anytime for configuration and monitoring. 

Its ease of configuration and management is very useful for us and for other companies that don't have an onsite IT person. It is easy to configure and easy to manage. It is easy to configure the VPN with the Auto VPN feature.

What needs improvement?

We use a Cisco LAN switch. Its model is CBS250, and it is a Cisco Small Business switch. It can be easily integrated, but the problem is that the other Cisco products are not in the same dashboard or cloud. Each one has a different management interface. I would prefer if both could be in the same cloud. If we use a switch from Meraki, it will be more expensive. Meraki switches are more expensive than the Cisco Small Business switches. For that reason, we prefer to use Cisco switches. With Cisco switches, we don't have to pay for subscriptions, whereas with a LAN switch from Meraki, we will have to pay for subscriptions.

We have been having a problem with the VPN. When the energy goes down and is back again, the VPN link doesn't get established. We have to manually turn off the modems and other pieces of equipment and manually establish the VPN. It has been around one month since we have been having this problem, and we don't have enough support from Meraki to solve the problem.

Their Technical Assistance Center (TAC) is slow to answer. Their response time should be improved. When we request support, their response time is long and not good. They still don't have the solution to the VPN problem. They established the VPN link, but the problem continues. They don't fix the problem. They just repair it, and the problem persists.

For how long have I used the solution?

I have been using this solution for about five years.

What do I think about the stability of the solution?

It is currently not stable for us. Its stability is not good. Its configuration could be the reason for the instability. 

What do I think about the scalability of the solution?

Meraki has a lot of different products, and it is scalable with Meraki products, but its scalability with another brand is not good.

We have two administrators who are currently using this solution.

How are customer service and support?

Their Technical Assistance Center (TAC) is slow to answer. We called them two times. Their time of response was one hour and fifty minutes for one call, and it was one hour and seven minutes for the other call. Our experience was not good.

When we can get support, their attention is very good, but they haven't been able to find a resolution. The problem is still there.

How was the initial setup?

It was straightforward. It is easy to configure. Meraki dashboard is intuitive. Of course, you need to know about networking, but it is intuitive and very fast to do the initial configuration. It took two hours.

In terms of the implementation strategy, we planned the network, the addresses, and the segmentation before starting the configuration. We planned the ports that should be opened and the ports that must be closed for security. We also planned the rules of the firewall.

We just configured Meraki through the dashboard. In switches, we configured the segmentation and the addresses. In Meraki, we configured the rules of content filtering. We then blocked the required things. The VPN configuration is supposed to be easy, but the problem is that if the VPN goes down when we are using it, it is too complex to bring it up.

Its implementation is very new, and it was done around one month or two months ago. At this time, no maintenance is necessary. If required, our administrators or a third party can take care of maintenance. Once configured, there is no need to change anything. Its usability is very good, and it is not common to make any changes or do any maintenance. It just works.

What about the implementation team?

We used a third party to help with its deployment. Our experience with them was medium. 

What's my experience with pricing, setup cost, and licensing?

We just have to pay for the product and the license. We have a license for three years, and it is renewed every three years. It costs $1,200 for three years for one endpoint. 

Meraki had a good promotion for remote workers or remote workforce. The discount is very good. This promotion continues till the next fiscal year of Cisco.

Which other solutions did I evaluate?

We evaluated FortiGate. FortiGate is a very good firewall. It is better than Meraki, but it is more complex to configure and manage. In terms of security, FortiGate is better to integrate. We chose Meraki because of its ease of management.

FortiGate has good visibility and control through its own local interface. If you need to access the cloud, you need to go for another subscription.

FortiGate has good monitoring, visibility, and control, but Meraki is easier. Meraki has fewer security functions than FortiGate. You can monitor more in FortiGate.

The problem with FortiGate is that you need to buy FortiManager to have more visibility, which is a separate license. You can gain visibility of threats inside of the local interface of FortiGate by using FortiManager. 

What other advice do I have?

It is a very good platform for small businesses. It is easy to configure and manage, and it has Talos. It is easy to integrate with other Meraki products. Its contact filtering is also good, and the VPN is very easy to configure with the Auto VPN feature.

It provides good security, but it is not the best. It is for small businesses, and it doesn't have the same functionality as Firepower or other brands, such as Fortinet. It doesn't have the same security as Firepower or FortiGate. I would recommend complementing the security provided by Meraki MX with an endpoint security solution. If you need more security, you can add sandbox security.

I would rate Meraki MX an eight out of 10.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Other
Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor. The reviewer's company has a business relationship with this vendor other than being a customer:
Flag as inappropriate
Learn what your peers think about Meraki MX. Get advice and tips from experienced pros sharing their opinions. Updated: November 2021.
554,676 professionals have used our research since 2012.
ITCS user
Supervisor of IT Infrastructure & Cybersecurity at a tech consulting company with 51-200 employees
Reseller
Top 5Leaderboard
Great SD-WAN solution. Manage multiple Meraki devices (security, switches, APs, Cameras) with a single pane of glass.

Pros and Cons

  • "Point-to-point VPNs can dynamically follow IP changes with no need for static IPs."
  • "Dual WAN connections are greatly simplified and point-to-point VPNs automatically connect regardless of what WAN connection is active."
  • "Meraki tech support staff have a lot more visibility into your network than you do, which is frustrating at times. I understand the approach is to keep the dashboard easier to understand. This will frustrate more advanced users at times.​"

What is our primary use case?

Security appliance/firewall and SD-WAN. With an advanced security license, the content filtering, IDS, and geographical blocking features are surprisingly good compared to using alternative solutions with no noticeable performance hit. 

The geographical blocking is a great security feature but you have to use with planning. I’ve managed to block a few vendors websites and mail servers without realizing what country those vendors were located in. When you’re not use to having geographical blocking the first time I had the problem it took a while to troubleshoot why the connectivity was missing.  Sorta over secured myself. Not the MX’s fault.

How has it helped my organization?

  • Easy of use
  • Remote management

We are an MSP and Meraki provides MSPs with a combined management dashboard to centralize all clients under one single pane of glass. They offer a dynamic DNS, so Client VPNs and point-to-point VPNs can dynamically follow IP changes with no need for static IPs. The SD-WAN VPNs are also the easiest VPNs to setup in either a mesh or hub-and-spoke configuration that you will find. It works with non-Meraki VPN equipment too.

What is most valuable?

The dashboard brings all management features with you wherever you are. All you need is an Internet connection and a browser and you can manage the solution. The dashboard tracks your uplink connectivity to the dashboard and double checks with you all changes impacting the connectivity, making it much safer to enact changes remotely. Dual WAN connections are greatly simplified and site-to-site VPNs automatically connect regardless of what WAN connection is active. 

Site-to-Site VPNs are the easier to setup than any other vendor’s solution. You simple pick two or more devices to tunnel together and then select what network subsets should be allowed to cross the tunnel and you are done. The solution handles all the details. Site-to-site VPNs can dynamically follow IP changes with no need for static IPs.

For MSPs the dashboard is even more convenient as all your clients are on the same MSP account. Switching between managing different clients Meraki equipment is a few clicks once you login to the dashboard. Two-factor authentication is available for enhanced dashboard security. 

Options for teleworkers include the Meraki Z3 product. This device is great for extending your workforce into homes. It has a POE port built-in and can power a VoIP phone for your office communications as well as the AutoVPN capability. We have deployed a lot of these since COVID-19 emerged.

What needs improvement?

Some advanced enterprise features are missing, so the Meraki MX is not for
demanding enterprise networks as it lacks high level features
(including SSL inspection and VPN client software)

As for SSL inspection I think this is better performed on the Client PC where the inspection can be performed before or after the SSL encryption is done. Look at a solution like SentinalOne for this. This type of solution is going to be less prone to problems with SSL inspection.

Additionally the client VPN uses native OS VPN connectivity in Windows, Mac OS X, and Linux. While this is nice from the perspective of no license fees to have a client VPN, there are sometimes issues when drivers or OS updates are released that impact client VPN connectivity. Draytek makes VPN client software that works with the MX but it is not officially supported by Meraki.

I'm not a fan of any security appliance's VPN as they typically allow access to everything on the corporate network. Specific VPN solutions like NetMotion allow you to create granular access control to resources inside your firewall. I think having that level of control is a huge security plus.

There are so many options available when you are looking to create your security stack. In my experience I've found that putting all your requirements on one solution will usually result in some level of disappointment.

On the Meraki dashboard is a “Make a Wish” button to request new features. I have made multiple wishes and they were all were with in granted.

For how long have I used the solution?

Five to six years.

What do I think about the stability of the solution?

Meraki hardware seems to be very stable. Their update process can be automated and I have not had any issues with stability. Also redundant Internet connectivity automatically fails over reliably. AutoVPN rebuilds the site to site VPN tunnels after a Internet connectivity failover without any admin action. 

What do I think about the scalability of the solution?

During the Intel CPU clock signal component issue in early 2017 Meraki’s MX84 product line was impacted. Once Meraki started getting replacement CPUs they shipped a replacement  MX84 to swap my production unit. I was very impressed to learn how easy a hardware swap works with the Meraki dashboard. It was very simple to add the replacement unit. It began to function as a warm spare so I could then remove the old serial numbered device. A few minutes later and the replacement unit downloaded the production configuration and we were up and running on the replacement hardware. I understand scaling to a larger MX is just as simple.

How are customer service and technical support?

Tech support is available from the dashboard. Meraki tech support staff have a lot more visibility into your network than you do, which is frustrating at times. I understand the approach is to keep the dashboard easier to understand. This will frustrate more advanced users at times.

Which solution did I use previously and why did I switch?

Previously I managed Cisco ASA equipment and enjoyed these firewalls. The need to train other admins and deployment at MSP clients were at the top of my list for switching to Meraki MX. The learning curve is much less steep for new security admins and the central dashboard allows collaborative efforts when admins are in different locations. Built-in change management makes it easy to see who made specific changes as changes are logged on the dashboard.

How was the initial setup?

Setup is rather easy but with templates or using an existing MX as a template to create an new MX configuration setup becomes even easier.

What was our ROI?

ROI is huge on Meraki products for admins. The learning curve reduces the amount of training required and the dashboard makes administration of MX appliances simple and that impacts ROI in a big way.

What's my experience with pricing, setup cost, and licensing?

Other content filtering solutions that I have used had more bells and whistles, but given the cost, complexity, and management overhead, I am very pleased with Meraki’s solution.

What other advice do I have?

I was very worried when Cisco purchased Meraki, but surprisingly, they have not changed the organization or product lines for the worse.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
AH
Group Network Specialist at a financial services firm with 5,001-10,000 employees
Real User
Top 5Leaderboard
Cost-effective, simplified, easy to manage, and reliable with advanced security features and granular visibility

Pros and Cons

  • "It has the most advanced security features, for example, layer 3 and layer 7 firewall capabilities and the end team and IPS protection. It also has IPS, and it has very good functioning of cloning services. You don't actually have to touch the device. If you have multiple companies in different countries, you don't really require this device to be touched. You can get it delivered directly to any office of a country, and then you can simply put your configuration over the cloud. It's very simplified and easy to manage. It gives a very good granular visibility about your network. Earlier, a lot of things were lacking in the network. We were unable to identify where the problem was, but after implementing Meraki MX, we are able to dig down and identify where is the problem. We can easily and quickly identify the sources and the root causes of the issues."
  • "From the improvement perspective, we need more monitoring capabilities. We want to have full-based access visibility, such as, what is happening when something is trying to reach and it is denying. We cannot see some parts of it. The integration of active directory with this product is not very fruitful. It has some bugs or lacks in the functionality of active directory integration. We are unable to identify where exactly and whether it has really applied our policy."

What is our primary use case?

We have migrated all wide area network (WAN) links from the conventional connection to the cloud-managed SD-WAN. 

We have all ranges. We are using the lowest model MX65 and the highest model MX450. We have deployed on-premises and on the cloud because the hardware requires an on-premises placement and then it works on the cloud.

We have more than 1500 users. We have approximately 1500 employees, and we also have guests who are bringing their own devices. Some of the users have got multiple devices, so the number of users increases. When you look at the dashboard, you might find more than 3,000 end-user devices across the group.

How has it helped my organization?

Meraki MX has not only simplified our wide area network connectivity operations. It also gave us a very cost-effective solution. As compared to the most expensive MPLS and leased-line circuits, it works on a broadband connection.

What is most valuable?

It has the most advanced security features, for example, layer 3 and layer 7 firewall capabilities and the end team and IPS protection. It also has IPS, and it has very good functioning of cloning services.

You don't actually have to touch the device. If you have multiple companies in different countries, you don't really require this device to be touched. You can get it delivered directly to any office of a country, and then you can simply put your configuration over the cloud. It's very simplified and easy to manage. 

It gives a very good granular visibility about your network. Earlier, a lot of things were lacking in the network. We were unable to identify where the problem was, but after implementing Meraki MX, we are able to dig down and identify where is the problem. We can easily and quickly identify the sources and the root causes of the issues.

What needs improvement?

From the improvement perspective, we need more monitoring capabilities. We want to have full-based access visibility, such as, what is happening when something is trying to reach and it is denying. We cannot see some parts of it. 

The integration of active directory with this product is not very fruitful. It has some bugs or lacks in the functionality of active directory integration. We are unable to identify where exactly and whether it has really applied our policy. 

For how long have I used the solution?

We have been using Meraki MX for more than two years. We deployed this product two years ago.

What do I think about the stability of the solution?

Stability is there in Meraki MX. The availability is 99%. We have been monitoring the organization for the past two years, and we haven't got any downtime because of Meraki MX. It is either because of the ISP link being down because of non-payment or maybe some issue with ISP link or power outage. We haven't got any problem with Meraki MX itself. 

How are customer service and technical support?

Their technical support is satisfactory. I would not say very satisfactory, but it's okay. We are only covered with the support license. 

They are good up to some extent, but because we have been using these devices or this product, sometimes, we know better than their support team. In fact, we had a problem related to active data integration with Meraki MX during the implementation, and the support team was unable to resolve it. We resolved it ourselves. We would expect better support from Meraki MX.

Which solution did I use previously and why did I switch?

We used the conventional Cisco routers.

How was the initial setup?

The initial setup was straightforward. Before deploying Meraki MX, we did a POC for three months, and this POC was successful. In fact, we were given only 60 days, but we took over 90 days to do a complete assessment to see whether this fulfills our needs. When we were sure that this is the right solution for us, we deployed it across the group.

What about the implementation team?

Initially, we required an integrator. There was a vendor who deployed this service, but after the first-time implementation, it was very easy because it's a very quick thing to do. We did not require any assistance from any of the vendors. 

We have got in-house resources. When we get a new device, we don't require any implementation or installation support. We do it ourselves. It's very simple. We've been doing this deployment across the group. Initially, we had about 30 sites. Now, we have 40 sites, and the number of sites is increasing.  

What's my experience with pricing, setup cost, and licensing?

The license cost depends on the box. We acquired a different product line. We are dealing with MX appliance now, that is, MX6, MX54, MX100, MX250, MX450. Every box has got an identity, and it has got its own specification. Every box has got a different license fee.

We deployed Meraki MX in UAE when it was not a mature product. We took a risk, but we were successful. We saved a huge amount of money after implementing and removing all the MPLS and leased lines. We got a broadband connection because Meraki MX could work on a broadband connection. We have drastically saved a very good amount of money, which was one of the successful things apart from the successful solution.

What other advice do I have?

From the IT perspective, people are more relying on the cloud for cloud hosting. Instead of having the data center on-premises or hybrid, people are moving towards cloud hosting. The integration with cloud managed services is there. We have some services hosted on Azure. We also have some services hosted on Amazon. We have a plugin with the cloud manager, Meraki MX. It has VMS features available so that we can have the security and our own private cloud connected to Amazon, Azure, or any cloud services, which is a future proof solution.

I would, of course, recommend Meraki MX. Everyone should have this cloud management solution. We never had any problems after the implementation. This solution also gave us the confidence to deploy across the group. If we had experienced, for example, sluggishness, slowness, or some unreliability, we would have not continued deploying it. Based on this, I would strongly recommend that any company in the world can deploy this product without any hesitation or doubt. It's very reliable. 

They are continuously updating the firmware and resolving the issues. They're always there to help you out. So, we should not be worried about this product. I would highly recommend that the Meraki MX appliance should be deployed.

I would rate Meraki MX an eight out of ten. It has got pros and cons, but the pros are more.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Frank Theilen
IT Adviser/Manager with 51-200 employees
Real User
Top 5
Be prepared for a new way of managing networks.​

What is our primary use case?

I used the MX80 as primary FW in a small Office with 50 users. The options provide even non-FW-specialist a way to manage and block certain aspects of internet usage.

The main purpose of the Meraki is to use Internet for Users. Not filter traffic for Servers. 

Together with other network gear you get an overall visibility into each client on the network. Thats is fantastic. Meraki offers free trails and you can get the entry level gear very cheap. The support model allows usage of the cloud management only if you have support. But then you get all features and updates.

We now use the small MX as a VPN tunnel in the small offices. The SDWAN feature is great as it connects to any point if one is not available. Setup is easy as bam. Check it out.

How has it helped my organization?

Everyone is able to look at the cloud management to find out problems and identify the source. You don't need a FW specialist any more. You can even outsource the maintenance and support via a support account and delegate access in networks, locations or even only one device.

What is most valuable?

The solution was cloud managed, so I could access it from anywhere and deploy it with zero configuration. No need to configure anything. Just send it to the location and connect with the internet. 

What needs improvement?

The event logging, alerting, and reporting features could use improvement. Especially the export of the log is difficult. There is an API to connect to, but I have not found it easy to extract something yet.

For how long have I used the solution?

I have used this solution for 4 years.

What do I think about the stability of the solution?

I did not encounter any issues with stability. Once a device was just dead and dead replacement. Once we had to replace a device because of predicted failure. Both cases were handled well by the support. We had only next business day support.

What do I think about the scalability of the solution?

I did not encounter any issues with scalability. High bandwidth will cost something. You might be better off using multiple streams with multiple providers.

How are customer service and technical support?

I would rate technical support 10/10.

Which solution did I use previously and why did I switch?

I previously used Cisco and I switched because of missing manageability.

I now use a central Sophos FW and this can be managed through the central AV and Protection Cloud Management if you use Sophos as AV client.

How was the initial setup?

The initial setup was easy. Some features need more investigation (client VPN). SDWAN is great. Some more training on how to set something up would help like VLAN. Even if it is that easy to configure it, the basic concepts might be missing.

What about the implementation team?

Other provider did not jump on Meraki as I would expect. Most of them do not support nor use Meraki. It is difficult to find support provider to help if there is a problem.

What was our ROI?

With many locations you will save a lot on traveling and deployment, as you don't need this any more. The costs inc. support is comparable with other vendors.

What's my experience with pricing, setup cost, and licensing?

Compare total costs (setup and management), taking in mind that cloud features do more than just stop traffic on the edge: they identify both traffic and users.

Is it getting used to have support as a must. But realistically I would not use any other FW without support today.

Which other solutions did I evaluate?

We used Cisco products, we tested several other vendors too. Sophos is a close match in manageability and offer real FW features, but is more complex and needs more training.

Meraki is still best for an office FW. Simple categories, features, SDWAN. I would not use it for Web Server protection or Server to Server firewall so.

What other advice do I have?

Be prepared for a new way of managing networks. Test it. See the webcast. The zero deployment is a killer feature. Network Products like switches and Wifi do the rest.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
MM
Senior Network Engineer at a computer software company with 11-50 employees
Real User
Top 5
Good support, easy to set up, with web-based centralized management

Pros and Cons

  • "The technical support people from Meraki are brilliant."
  • "They need to improve the link between Meraki and Active Directory."

What is our primary use case?

We are a solution provider and Meraki is one of the firewall products that we implement for our customers.

What is most valuable?

Meraki is very easy to set up. It has a cloud-based setup where you log into a portal and it communicates with your device.

What needs improvement?

You can't set up complicated firewall rules, such as the ones that can be handled by Sophos. Sometimes you need to contact Meraki Cisco support for extra setup because as a normal user or administrator, you can't do it.

If you use the VPN to link Meraki with your onsite domain with Active Directory then it doesn't work properly. It will work for one or two weeks, then it will stop. They need to improve the link between Meraki and Active Directory.

When the internet connection is lost, you are not able to change any of the firewall rules because you cannot connect to the portal. This is unlike Sophos, where you can log on to it physically and change the rules.

It would be good if they allowed you to implement the certificate. At the moment, you can link Meraki with the self-signed certificate in your domain, but you cannot set up the active service VPN with Meraki on a certificate.

For how long have I used the solution?

I have been working with Meraki MX for five years.

What do I think about the stability of the solution?

Stability is not a problem, although we did one time have a Meraki device that was dead on arrival.

How are customer service and technical support?

The technical support people from Meraki are brilliant. When you call, you reach them quickly and it's like you are talking with second-line support. By comparison, with Sophos, it's not always like that. The people from Meraki really try.

Which solution did I use previously and why did I switch?

We sell the Sophos UTM solution to protect some of our customers. I am a certified Sophos architect and it is easier to set up than Meraki.

We are also resellers of FortiGate.

When it comes to reading the logs of other devices, it is much easier with Meraki, FortiGate, or even the Sophos XG firewall.

At the moment, all of the firewalls on the market are doing the same thing. Once you buy the license, it will cover everything.

How was the initial setup?

I have never had a problem setting up a Meraki device, other than one time when the unit was dead on arrival. Once they are set up, they work fine.

What other advice do I have?

The suitability of this product depends on the customer's needs. If they don't need really complicated firewall rules, yet want to protect the network and want really good web filtering, then I recommend using Meraki. If on the other hand, they have a really complicated setup and want better filtering, then Sophos is the better option.

Also, if you have your own web server or mail server on-site, then I recommend Sophos. If instead, you have a normal office network with mail stored in the cloud, then I recommend Meraki.

Overall, this is a good product but it does have some limitations. Sophos UTM gives you more options, for example.

I would rate this solution an eight out of ten.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
TK
COO at a manufacturing company with 11-50 employees
Real User
Good support, cloud-managed with a nice web interface

Pros and Cons

  • "They have very good technical support and I have relied heavily on them."
  • "It would be nice if the different services, including the SIEM SOC and endpoint detection and response (EDR) were integrated into one, so that I don't have to go to different vendors for different services."

What is our primary use case?

The primary reason we implemented this product is as a gateway router. That is the first functionality that we sought out for. It also has all of these built-in intrusion detection and malware protection firewall features. So, we are also using it for the firewall capability that is built into it.

What is most valuable?

The whole selling point for this product is that it's cloud-managed.

They have very good technical support and I have relied heavily on them.

The ports can be VLAN separated, so we use that feature, or we used it in the past.

What needs improvement?

It would be nice if the different services, including the SIEM SOC and endpoint detection and response (EDR) were integrated into one, so that I don't have to go to different vendors for different services. Ideally, I would like to have one place to shop.

What do I think about the stability of the solution?

This is a stable product.

How are customer service and technical support?

They have very good technical support.

Which solution did I use previously and why did I switch?

We also have a Barracuda.

I worked with the previous, older router than was in the company and it was command-line driven. That was terrible, so I find that the Cisco Merki is a great improvement. Overall, I'm really happy with it, although I cannot compare it to any others.

My understanding is that all of the products have evolved from a command-line interface to being web-based and cloud-managed.

How was the initial setup?

The initial setup is pretty straightforward.

What about the implementation team?

I deployed this product, although I relied a lot on Cisco support when I set it up.

What other advice do I have?

This is a nice device, although I find that when you speak with professionals about it, they put down these combined devices that have many different functionalities. They say that it is not like a bonafide firewall, the same way that they say the Barracuda IPS is not as good as a dedicated one. I wouldn't be able to tell you whether it's good or it's better unless something really bad happens. I don't know, for example, whether it works great or it's that we haven't been attacked yet.

We have a SIEM SOC managed service and as part of it, they rely on the logs that the Meraki generates, so it can't be that bad of a product.

Overall, this is a very nice product.

I would rate this solution an eight out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Aimee White
Info Sec Consultant at Size 41 Digital
Real User
Top 5Leaderboard
We had a problem with our MX100 and Meraki sent us a spare the next day so we'd have it on hand in case of issues.
I was using the Meraki MX Firewall with a complete Meraki set up (WAPs over 43 acres) and, in general, it was a really lovely system to administer.  We had a problem with our MX100 and Meraki sent us a spare the next day so we'd have it on hand in case of issues - we did end up doing a swap to check if this solved the problem. The swap took less than an hour to have it up and running. Meraki products are great for swapping in and out and generally administering. I don't think you need to have much training to deal with most Meraki appliances - the user interface is very easy to sort. It's cloud based and I never had problems accessing it. I've taken some screenshots from the Meraki PDF on the MX100. This gives you an idea of the kind of thing you're going to see in the cloud…

I was using the Meraki MX Firewall with a complete Meraki set up (WAPs over 43 acres) and, in general, it was a really lovely system to administer. 

MX 100

We had a problem with our MX100 and Meraki sent us a spare the next day so we'd have it on hand in case of issues - we did end up doing a swap to check if this solved the problem. The swap took less than an hour to have it up and running. Meraki products are great for swapping in and out and generally administering. I don't think you need to have much training to deal with most Meraki appliances - the user interface is very easy to sort. It's cloud based and I never had problems accessing it. I've taken some screenshots from the Meraki PDF on the MX100.

This gives you an idea of the kind of thing you're going to see in the cloud interface. In terms of giving your Execs information or checking our possible security issues, it's handy. 

I've nabbed these facts from the Cisco site: 

• Gigabit SFP connectivity
• Stateful firewall throughput: 750 Mbps
• Recommended maximum clients: 500 


Cloud-based centralized management
• Managed centrally over the Web
• Classifies applications, users and devices
• Zero-touch, self-provisioning deployments


Networking and security
• Stateful firewall
• Auto VPN™ self-configuring site-to-site VPN
• Active Directory integration
• Identity-based policies
• Client VPN (IPsec)
• Smart link bonding


Traffic shaping and application management
• Layer 7 application visibility and traffic shaping
• Application prioritization
• Web caching
• Choose WAN uplink based on traffic type


Advanced security services
• Content filtering
• Google SafeSearch and YouTube for Schools
• Intrusion prevention (IPS)
• Antivirus and antiphishing filtering
• Requires Advanced Security License

The features feed into defence in depth so you have an IPS, content filtering, AV and anti-phishing. The self configuring VPN was a real bonus and it also integrates into AD (like most). 

Firmware updates can be automated and rolled back extremely easily if you have any problems. It was a nice surprise to see how organised and automated Merkai were. 

Be aware, if you suddenly get more staff and want to have more than 500 users then it's not a firmware upgrade. It's a new appliance - we experienced this and had to look into the MX400 which takes you to 2000 clients; yes, there's a bit of a gap from the MX100 and MX400. 

Would I change anything? As above, the fact you need to go from MX100 (500 staff) to MX400 (2000) staff and there is nothing in between. I think that's a bit cheeky. 

Disclosure: I am a real user, and this review is based on my own experience and opinions.