There’s many firewalls out there to pick from – and they tend to be expensive and complex to configure. Meraki has managed to make a security appliance that both offers simplicity of management and is highly secure – in this blog, we’ll take a look at the Meraki MX appliance.
ASSOCIATED BLOGS:
What is the Meraki MX Appliance?
As well as all the normal firewall features you'd expect, the Meraki MX also includes SD-WAN – so that’s a major plus. Meraki is cloud based of course, so the major benefit is of managing the appliance via the internet.
The Meraki MX Appliances also enable a range of integrations, which we'll take a look at later in this blog.
First up, let’s take a look at some of the security features – Adaptive Policy and Group Policy ACLs.
ASSOCIATED BLOGS:
- Cisco Meraki Dashboard
- Managed Services
- Cisco Powered Managed Services
- Meraki Powered Managed Services
Adaptive Policy
Meraki supports advanced functionality, which looks quite like Cisco SDA Fabric.
This ability to provide adaptive policy offers the option of micro-segmentation – which delivers what’s classically known as “zero trust”.
The concept of the IP address a device is using, is no longer the specific thing that’s used to determine where traffic can go.
A tag is attached to the packets from a device, which is then used to determine how that traffic is handled.
The traffic handling is really about exactly what a device can access on your network.
ASSOCIATED BLOGS:
Group Policy ACLs
Meraki supports advanced functionality, which looks quite like Cisco SDA Fabric.
If you’re not ready to venture into the world of the Software Defined Access, then the Group Policy ACLs are there while you decide if you want to transition.
These are sort of akin to Macro Segmentation, where you can provide a wider access to resources, than perhaps Micro Segmentation might be used to deliver.
OK - in the next section we'll take a look at some of the integrations we'd mentioned earlier in this blog.
ASSOCIATED BLOGS:
Meraki and ThousandEyes
Cisco ThousandEyes allows for per-hop testing to determine where issues might exist between your end users and your cloud applications (or other networking equipment).
Think of TE as a bit like Google maps for your network – you want to know where the bottlenecks and slow traffic exist.
In order to test per-hop though, you need to deploy agents, so the synthetic traffic is generated at each site.
The Meraki MX allows for the ThousandEyes agent to be installed on the appliance itself – no extra VM or NUC needed - very handy!
This allows you to be testing your network from the point at which you connect to your WAN, so for fault finding purposes, this allows you to easily determine if your WAN or LAN are the root cause of any monitoring issues.
ASSOCIATED BLOGS:
Meraki and Cisco Umbrella
Cisco Umbrella is another integration, so if you want to take advantage of the features this offers.
Umbrella offers two key features, which is the DNS looks up protection and Secure Internet Gateway (SIG).
DNS protection is about testing all DNS lookups and blocking unsafe sites – this is a good place in the overall loading of a website to do this, as you capture anything suspicious early on in a page load.
For SIG, this is a lot more sophisticated. As well as your MX filtering traffic, Umbrella has a secure tunnel setup from your MX through to the SIG cloud firewall.
SIG is able to decode your HTTPS traffic (much like a proxy does) and ensure the traffic inside these secure connections is safe.
This is a level higher than firewalls typically operate, so SIG offers you a second level of protection for your network.
ASSOCIATED BLOGS:
- Cisco RX-SOP: How to Turn Down the Noise
- Cisco DNA Center Beginners Guide
- Cisco Access Points – Naming standards
Meraki MX: Summary
We’ve run through some security and configuration features for the Meraki MX security appliance.
Ease of use as well as high levels of security and integrations such as ThousandEyes and Umbrella, Cisco have opened the door to integrating additional features.
ThousandEyes provides advanced visibility and synthetic traffic to test your network, with Umbrella offering DNS and securing of encrypted traffic – both very handy features to add to your security toolkit.
Umbrella is backed to Cisco Talos too, so Umbrella is able to achieve very high threat detection rates.
If you’re ready for SDA, then the MX appliance can help there too, but if you are more comfortable with the concept of classic ACLs, then it’s got you covered as well.
In the end your choice to deploy the Meraki MX is because you want a highly secure firewall, with advanced features, that is easy to administer and use.
ASSOCIATED BLOGS:
- Meraki Cloud Wi-Fi
- Meraki Managed Service
- Cisco Meraki Access Points
- Cisco Meraki Switching
- Cisco Meraki Dashboard