topic Re: Cisco and Meraki in Tech Talk https://community.isc2.org/t5/Tech-Talk/Cisco-and-Meraki/m-p/14927#M480 <P>Meraki is geared towards small and medium business, with Cisco steering enterprise customers towards their Viptela solution.&nbsp; Fundamentally, Meraki limitations arise from dependency on "proprietary protocols" and difficulties inter-operating with competitors, such as IOS, Palo, Checkpoint, zscaler, bluecoat, etc.</P><P>&nbsp;</P><P>They do a pretty good job of checking off the boxes when comparing features/price on paper.&nbsp; Like any cloud offering, the feature list is wide, but not deep.&nbsp; For example, they have a "firewall", but it is not competitive with enterprise solutions such as Palo Alto and Checkpoint.&nbsp; Also, their VPN options (specifically surrounding NAT) are no where as flexible as IOS or Palo Alto.</P><P>&nbsp;</P><P>Their cool health-based routing is geared towards inter-facility connections, where you control both ends and have an MX appliance on each end.&nbsp; Extended migrations require a meet-me point to bridge old and new networks.</P><P>&nbsp;</P><P>If an endpoint is "the Internet", long-term connections (e.g. webex) require client-initiated reestablishment if meraki decides to switch to a backup ISP.&nbsp; This is because they NAT to the ISP-provided source IP address instead of using BGP peering.&nbsp; Similarly, they do not do stateful-failover if you need to fail to a backup Meraki appliance.</P><P>&nbsp;</P><P>&nbsp;</P><P>Their price advantage primarily comes from displacing backhaul of Internet-bound traffic.&nbsp; If you already have "direct internet access" at your remote locations, the financial story is less compelling.</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>As with any subscription product, there are questions of contingency operation if the Meraki cloud were to fail, if&nbsp;your model were to fall out of support&nbsp;or if you were to fail to pay your bill.</P><P>&nbsp;</P><P>We last looked at them somewhat more than a year ago, so YMMV.</P> Mon, 24 Sep 2018 21:52:49 GMT denbesten 2018-09-24T21:52:49Z Cisco and Meraki https://community.isc2.org/t5/Tech-Talk/Cisco-and-Meraki/m-p/14901#M479 <P>Anybody have any experience, good or bad with the CISCO Meraki suite of security "products"?</P><P>We have to upgrade our infrastructure and the CISCO reps are trying to sell out IT folks on replacing a lot of our current security tools with their "Meraki" solution. I am doing some independent research but wanted to hear your thoughts or experiences with it.</P> Mon, 24 Sep 2018 14:44:32 GMT https://community.isc2.org/t5/Tech-Talk/Cisco-and-Meraki/m-p/14901#M479 CISOScott 2018-09-24T14:44:32Z Re: Cisco and Meraki https://community.isc2.org/t5/Tech-Talk/Cisco-and-Meraki/m-p/14927#M480 <P>Meraki is geared towards small and medium business, with Cisco steering enterprise customers towards their Viptela solution.&nbsp; Fundamentally, Meraki limitations arise from dependency on "proprietary protocols" and difficulties inter-operating with competitors, such as IOS, Palo, Checkpoint, zscaler, bluecoat, etc.</P><P>&nbsp;</P><P>They do a pretty good job of checking off the boxes when comparing features/price on paper.&nbsp; Like any cloud offering, the feature list is wide, but not deep.&nbsp; For example, they have a "firewall", but it is not competitive with enterprise solutions such as Palo Alto and Checkpoint.&nbsp; Also, their VPN options (specifically surrounding NAT) are no where as flexible as IOS or Palo Alto.</P><P>&nbsp;</P><P>Their cool health-based routing is geared towards inter-facility connections, where you control both ends and have an MX appliance on each end.&nbsp; Extended migrations require a meet-me point to bridge old and new networks.</P><P>&nbsp;</P><P>If an endpoint is "the Internet", long-term connections (e.g. webex) require client-initiated reestablishment if meraki decides to switch to a backup ISP.&nbsp; This is because they NAT to the ISP-provided source IP address instead of using BGP peering.&nbsp; Similarly, they do not do stateful-failover if you need to fail to a backup Meraki appliance.</P><P>&nbsp;</P><P>&nbsp;</P><P>Their price advantage primarily comes from displacing backhaul of Internet-bound traffic.&nbsp; If you already have "direct internet access" at your remote locations, the financial story is less compelling.</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>As with any subscription product, there are questions of contingency operation if the Meraki cloud were to fail, if&nbsp;your model were to fall out of support&nbsp;or if you were to fail to pay your bill.</P><P>&nbsp;</P><P>We last looked at them somewhat more than a year ago, so YMMV.</P> Mon, 24 Sep 2018 21:52:49 GMT https://community.isc2.org/t5/Tech-Talk/Cisco-and-Meraki/m-p/14927#M480 denbesten 2018-09-24T21:52:49Z