Meraki MX

There’s many firewalls out there to pick from – and they tend to be expensive and complex to configure. Meraki has managed to make a security appliance that both offers simplicity of management and is highly secure – in this blog, we’ll take a look at the Meraki MX appliance.

_ Meraki MX (1)


What is the Meraki MX Appliance?

As well as all the normal firewall features you'd expect, the Meraki MX also includes SD-WAN – so that’s a major plus. Meraki is cloud based of course, so the major benefit is of managing the appliance via the internet.

The Meraki MX Appliances also enable a range of integrations, which we'll take a look at later in this blog.

First up, let’s take a look at some of the security features – Adaptive Policy and Group Policy ACLs.


Adaptive Policy

Meraki supports advanced functionality, which looks quite like Cisco SDA Fabric.

D4 Meraki SD-WANThis ability to provide adaptive policy offers the option of micro-segmentation – which delivers what’s classically known as “zero trust”.

The concept of the IP address a device is using, is no longer the specific thing that’s used to determine where traffic can go.

A tag is attached to the packets from a device, which is then used to determine how that traffic is handled.

The traffic handling is really about exactly what a device can access on your network.


Group Policy ACLs

Meraki supports advanced functionality, which looks quite like Cisco SDA Fabric.

Meraki Cloud Wi-FiIf you’re not ready to venture into the world of the Software Defined Access, then the Group Policy ACLs are there while you decide if you want to transition.

These are sort of akin to Macro Segmentation, where you can provide a wider access to resources, than perhaps Micro Segmentation might be used to deliver.


OK - in the next section we'll take a look at some of the integrations we'd mentioned earlier in this blog.


Meraki and ThousandEyes

Top 5 Reasons - ThousandEyes Managed ServicesCisco ThousandEyes allows for per-hop testing to determine where issues might exist between your end users and your cloud applications (or other networking equipment).

Think of TE as a bit like Google maps for your network – you want to know where the bottlenecks and slow traffic exist.

In order to test per-hop though, you need to deploy agents, so the synthetic traffic is generated at each site.

The Meraki MX allows for the ThousandEyes agent to be installed on the appliance itself – no extra VM or NUC needed - very handy!

This allows you to be testing your network from the point at which you connect to your WAN, so for fault finding purposes, this allows you to easily determine if your WAN or LAN are the root cause of any monitoring issues.


Meraki and Cisco Umbrella

Meraki and Cisco Better Together (Instagram Post)Cisco Umbrella is another integration, so if you want to take advantage of the features this offers.

Umbrella offers two key features, which is the DNS looks up protection and Secure Internet Gateway (SIG).

DNS protection is about testing all DNS lookups and blocking unsafe sites – this is a good place in the overall loading of a website to do this, as you capture anything suspicious early on in a page load.

For SIG, this is a lot more sophisticated. As well as your MX filtering traffic, Umbrella has a secure tunnel setup from your MX through to the SIG cloud firewall.

SIG is able to decode your HTTPS traffic (much like a proxy does) and ensure the traffic inside these secure connections is safe.

This is a level higher than firewalls typically operate, so SIG offers you a second level of protection for your network.


Meraki MX: Summary

Meraki Automation and New FeaturesThanks for reading this blog.

We’ve run through some security and configuration features for the Meraki MX security appliance.

Ease of use as well as high levels of security and integrations such as ThousandEyes and Umbrella, Cisco have opened the door to integrating additional features.

ThousandEyes provides advanced visibility and synthetic traffic to test your network, with Umbrella offering DNS and securing of encrypted traffic – both very handy features to add to your security toolkit.

Umbrella is backed to Cisco Talos too, so Umbrella is able to achieve very high threat detection rates.

If you’re ready for SDA, then the MX appliance can help there too, but if you are more comfortable with the concept of classic ACLs, then it’s got you covered as well.

In the end your choice to deploy the Meraki MX is because you want a highly secure firewall, with advanced features, that is easy to administer and use.


Free Quote


Need Help with your Network Install?

If you’re looking for a partner to help you through the future of networking – or to help you work through the maze of how to upgrade your network, we're here to help.

Contacting us is easy:

We are experts in network design and especially Wi-Fi design and remediation and Cisco ISE. If you're ready to take the plunge, we're ready to help you with DNA Center and SDA too. 

IPTel Solutions - Experts in Network Engineering Excellence


Click to Download "Top 8 Secrets to Great Wi-Fi"