Anybody have any experience, good or bad with the CISCO Meraki suite of security "products"?
We have to upgrade our infrastructure and the CISCO reps are trying to sell out IT folks on replacing a lot of our current security tools with their "Meraki" solution. I am doing some independent research but wanted to hear your thoughts or experiences with it.
Meraki is geared towards small and medium business, with Cisco steering enterprise customers towards their Viptela solution. Fundamentally, Meraki limitations arise from dependency on "proprietary protocols" and difficulties inter-operating with competitors, such as IOS, Palo, Checkpoint, zscaler, bluecoat, etc.
They do a pretty good job of checking off the boxes when comparing features/price on paper. Like any cloud offering, the feature list is wide, but not deep. For example, they have a "firewall", but it is not competitive with enterprise solutions such as Palo Alto and Checkpoint. Also, their VPN options (specifically surrounding NAT) are no where as flexible as IOS or Palo Alto.
Their cool health-based routing is geared towards inter-facility connections, where you control both ends and have an MX appliance on each end. Extended migrations require a meet-me point to bridge old and new networks.
If an endpoint is "the Internet", long-term connections (e.g. webex) require client-initiated reestablishment if meraki decides to switch to a backup ISP. This is because they NAT to the ISP-provided source IP address instead of using BGP peering. Similarly, they do not do stateful-failover if you need to fail to a backup Meraki appliance.
Their price advantage primarily comes from displacing backhaul of Internet-bound traffic. If you already have "direct internet access" at your remote locations, the financial story is less compelling.
As with any subscription product, there are questions of contingency operation if the Meraki cloud were to fail, if your model were to fall out of support or if you were to fail to pay your bill.
We last looked at them somewhat more than a year ago, so YMMV.