What needs improvement with Meraki MX?

Generally, the feedback is about the visibility of the network. Sometimes you want a little bit more control, and you don't have that control with Meraki MX.

There is another team in my company that looks into areas associated with the product to figure out where improvements are required. With Meraki MX's integration capabilities, users may face challenges since it does not integrate well with other systems. If you configure Meraki MX with EAP-TLS, then you may face scalability issues since there are a few things that need to be changed in the product.

It can be hard to get a hold of the solution’s technical support team.

I don't think I can comment on what needs improvement in the solution because of the usage of Meraki MX in our company. The tool is not complex. For my type of usage, I am satisfied with the results of the product. I think that I may use the product on a larger scale. The fact that the product is a little expensive and how it needs to be made cheaper from an improvement perspective is a debatable topic, in my opinion.

I do not have the kind of feature I need for SSL decryption in Meraki MX. It would be great to see the SSL decryption feature in Meraki MX.

I would say that it could possibly use some deeper configurations, but I am not entirely sure. I'm still comparing it with others.

We can’t access GUI management and CLI opening features when the Internet is unavailable.

The product doesn't support route summarization and BGP dynamic routing protocol. The product has to provide more flexibility in hardware. It should also introduce route summarization features. It is not an application-aware product.

We do not have account managers in our region for the solution. Some governments don't use the product since it is attached to the internet.

Pricing is an area where the solution lacks since it is an expensive tool. Pricing needs to be improved.

The product is quite complex to set up. The product is dependent on other Cisco products. If we have Meraki, we must use Cisco devices only, which should not be the case. Any device which is running should be well-paired with MX. If we use Meraki MX, we must use MX in other locations. If we use Aruba or Ruckus, it does not communicate well with MX devices. It is like a monopoly.

We had minor issues with Meraki MX. We had a couple of RMAs, so that could be an area for improvement, but in terms of how the RMAs went, the turnaround time and getting those back into redeployment were quick. Another area for improvement in Meraki MX is that when you're scaling for multiple locations, you need to use the same model, but the model you'd need is only available for a short time. The specific model you require could be out of stock, or Meraki isn't making that model anymore, so Meraki should improve that.

An area for improvement in Meraki MX is that it needs some provision, as supplying the unit through Cisco can be tedious at times, but as far as the product itself and its offerings, Meraki MX is five-star all the way.

The Cisco supply chain is problematic although that may not be all their fault. What I really want is to be able to sell the solution and deploy it for my clients. They are very cagey about the availability of their product and they definitely take better care of their larger clients, pricing out mid-sized organizations. I'd like their policy rules to be closer to those of some of the other vendors. They're very complacent and I find the rule set to be a little arcane. There's no company ou there that does the combination of hardware quality, reliability of service, and most importantly, the quality of the interface.

Meraki has some hidden features and information that is only privy to their engineers. If that information became available to us, then it would improve our ease of management, and we would be able to make certain adjustments instead of having to go to them.

We use a Cisco LAN switch. Its model is CBS250, and it is a Cisco Small Business switch. It can be easily integrated, but the problem is that the other Cisco products are not in the same dashboard or cloud. Each one has a different management interface. I would prefer if both could be in the same cloud. If we use a switch from Meraki, it will be more expensive. Meraki switches are more expensive than the Cisco Small Business switches. For that reason, we prefer to use Cisco switches. With Cisco switches, we don't have to pay for subscriptions, whereas with a LAN switch from Meraki, we will have to pay for subscriptions. We have been having a problem with the VPN. When the energy goes down and is back again, the VPN link doesn't get established. We have to manually turn off the modems and other pieces of equipment and manually establish the VPN. It has been around one month since we have been having this problem, and we don't have enough support from Meraki to solve the problem. Their Technical Assistance Center (TAC) is slow to answer. Their response time should be improved. When we request support, their response time is long and not good. They still don't have the solution to the VPN problem. They established the VPN link, but the problem continues. They don't fix the problem. They just repair it, and the problem persists.

You can't set up complicated firewall rules, such as the ones that can be handled by Sophos. Sometimes you need to contact Meraki Cisco support for extra setup because as a normal user or administrator, you can't do it. If you use the VPN to link Meraki with your onsite domain with Active Directory then it doesn't work properly. It will work for one or two weeks, then it will stop. They need to improve the link between Meraki and Active Directory. When the internet connection is lost, you are not able to change any of the firewall rules because you cannot connect to the portal. This is unlike Sophos, where you can log on to it physically and change the rules. It would be good if they allowed you to implement the certificate. At the moment, you can link Meraki with the self-signed certificate in your domain, but you cannot set up the active service VPN with Meraki on a certificate.

Currently, I don't see any big areas for improvement; although, It lacks some switching features. For instance, when you use MX to link the firewall to a stack, you cannot use LACP. You cannot use switching behaviors as you see on the Meraki switch. This would be a really cool feature to have — real switching features on Meraki MX.

The whole Cisco Meraki range requires easier access for cameras. For a security center, it would be helpful to have easier access to cameras through the portal. Its licensing cost could also be better.

It would be nice if the different services, including the SIEM SOC and endpoint detection and response (EDR) were integrated into one, so that I don't have to go to different vendors for different services. Ideally, I would like to have one place to shop.

There is room for improvement relating to third-party VPNs. You can only have one tunnel in the whole infrastructure — one tunnel with one device. I cannot have multiple terminals running from each of the devices to the same third-party.

We prefer UTM solutions. As far as what needs to be improved — nothing really comes to mind. It does what we need it to do.

In general, the SD-WAN feature needs to be improved. The load sharing and load balancing of the traffic should be improved. I have had some problems with these features in the past.

While it's reasonably priced, it could always be lowered to compete with others. In the next release, because the security is pretty basic, I think they could include additional security features.

From the improvement perspective, we need more monitoring capabilities. We want to have full-based access visibility, such as, what is happening when something is trying to reach and it is denying. We cannot see some parts of it. The integration of active directory with this product is not very fruitful. It has some bugs or lacks in the functionality of active directory integration. We are unable to identify where exactly and whether it has really applied our policy.

The security is not as strong as it could be. The lack of HTTPS encryption is a big challenge that I have with Meraki. Essentially, the Meraki device is blind to any threats that are encrypted, and currently, somewhere in the neighborhood of 3/4 to 80% of all internet traffic is encrypted. In other words, you basically have a blind security guard watching the network.

Management can be improved in Meraki MX.

Expensive licensing and firewall stops immediately working if the licence is not renewed at the expiration date.

We are currently having a problem with Meraki in the end product. They have two kinds of enterprise licenses and an advanced security license. The problem is that the two licenses do not currently integrate. We have to create separate companies and do an interconnection between these licenses. Even to do a full free trial run, we need the same kind of licenses. This is something we seek to change because it's not fair. With this license mode, we should be able to choose which sites we use and which sites we do not need. We often see a break in the connection between both modem and dish. We found that if we communicate with Cisco, we can find the right solution to solve this. Currently, we have found all the things we need for our company already. Only perhaps compatibility for mobile lines is still required. Meraki MX is the program for us. We should have enterprise licenses.

The product could improve most by improving the client VPN. The auto VPN works for site-to-site but they have an issue with the client VPN. For example, if I connect the client VPN, I cannot block clients for specific access inside of the company. Because of the limitation, you need to make a rule for everyone and it's not very easy to do. What you really want is to have a specific client VPN with specific (fine-grained) access to different areas. One other thing that they should have to improve product utility is some kind of templates. For example, templates for configuration of use in a vertical market would be useful. They have a very good product. If you contact technical support, they should already know more about your methods and your needs. Management of the firewall is on the cloud and to be so easy for the user to configure, they remove some of the more complicated options. If you want an option, you need to contact support in order to enable it. They could have, for example, a different dashboard for more advanced features that you would be responsible to pay more for.

What I would like to see in the next version is to have more interfaces for WAN links. For example, if we have three providers, we can't connect to Meraki because it has only two WAN ports. I would like to have on Meraki more WAN ports, i.e. one data internet port for two lines.

This product has room for improvement. The main features not included with the firewall is the virtual domain. With Meraki, the interface for the virtual domain could be improved. The virtual domain is a concurrent session. The concurrent session is limited in Meraki, like FortiGate. In MX100, it's around 200 to 25,000 concurrent sessions. In the same model with FortiGate, it's around five million concurrent sessions. It's very important to improve in Meraki. In my view, it is very important that the number of concurrent sessions is increased.

If Meraki could handle more than one internet connection and a bonding formula then that would be valuable. Load balancing options and ability to manage a couple of Internet connections, that's it. This is the main thing I see that the solution needs.

Currently, if you make a rule in the firewall you have to add all of the IPs. If I'm working with an object for, say, an object group, where I put every single IP that I want into it, and then I apply it on a rule, it's a little bit easier to configure because you have a better overview of that. The overview is not completely clear. It's a bit difficult. But control of network objects is something I really want because it makes it easier to maintain. Also, there's not enough control over system updates. Right now, you can postpone the update but eventually, if you don't do the update, it will install the updates automatically for you and that's something that is not working for me. It can happen during business hours, for example, and then you have a big issue.

The IPS, the Intrusion Prevention System, can be improved. If they can add I think the next generation firewalls, that would be great.

From a subscription base or price perspective, there's some room for improvement. They also need more security features. There are good security features now, but I need more of the security features to offer UTM protection.

Some advanced enterprise features are missing, so the Meraki MX is not for demanding enterprise networks as it lacks high level features (including SSL inspection and VPN client software) As for SSL inspection I think this is better performed on the Client PC where the inspection can be performed before or after the SSL encryption is done. Look at a solution like SentinalOne for this. This type of solution is going to be less prone to problems with SSL inspection. Additionally the client VPN uses native OS VPN connectivity in Windows, Mac OS X, and Linux. While this is nice from the perspective of no license fees to have a client VPN, there are sometimes issues when drivers or OS updates are released that impact client VPN connectivity. Draytek makes VPN client software that works with the MX but it is not officially supported by Meraki. I'm not a fan of any security appliance's VPN as they typically allow access to everything on the corporate network. Specific VPN solutions like NetMotion allow you to create granular access control to resources inside your firewall. I think having that level of control is a huge security plus. There are so many options available when you are looking to create your security stack. In my experience I've found that putting all your requirements on one solution will usually result in some level of disappointment. On the Meraki dashboard is a “Make a Wish” button to request new features. I have made multiple wishes and they were all were with in granted.

The event logging, alerting, and reporting features could use improvement. Especially the export of the log is difficult. There is an API to connect to, but I have not found it easy to extract something yet.