Cisco Meraki SD WAN & SASE Cybersecurity Solutions

Cisco Meraki SD WAN and SASE Solution: Comparisons, Review, Benefits, Use Cases, Pros & Cons

Author: Netify Research Team

If you have questions about Cisco Meraki and how their capability is aligned to your needs, email the Netify research team. UK: uk@netify.co.uk North America: northamerica@netify.com

(Please use the UK email for ROW - Rest of the World - questions or inquiries)

Netify Review

Customers choose Cisco Meraki because of its simplicity and low cost. The solution is designed to be easy to manage with quick deployment and management tools in the cloud. The solution is primarily aimed at Small - Medium Enterprises (SMEs) and mid-market companies but does offer a lot of scalability for more comprehensive solutions. Meraki is suitable for enterprises with several branch offices requiring granular features.

Although Meraki is a cost-effective solution, to begin with, the addition of licensing fees can cause the cost to rise, creating, in some cases, an expensive solution. Further, some customer reviews suggest that because customer support is so rarely required, the Meraki support team can be hard to contact and slow to respond to requests.

Meraki has a vast partner channel, which offers clients a wide range of choices when choosing a managed services provider (Meraki do not sell direct). The sheer number of partners can be confusing for IT decision-makers. A clear understanding of a client’s business requirements is essential to make the right choice.

About Cisco Meraki

Meraki was founded in 2006 by Sanjit Biswas, John Bicket and Hans Robertson and is today headquartered in San Francisco, California, North America. The cloud infrastructure startup was acquired by Cisco Systems in 2012 for $1.2 billion in cash as their easy-to-deploy, mid-market solution.

Cisco Meraki focuses on cloud-managed products such as wireless, switching, security, SD WAN, mobile device management, intelligent cameras and a cloud network platform that are all centrally managed from the web. The company’s MX range of SD WAN appliances supports wired WAN connections, 802.11ac wave 2 Wi-Fi and integrated CAT 6 cellular modems.

What is the Cisco Meraki SD WAN Solution?

Cisco Meraki is a branch office solution designed for Small-Medium Enterprises (SMEs) and larger companies. The company is a popular choice for clients looking to migrate away from expensive MPLS, which is achieved by using lower-cost leased line DIA and fiber broadband services deployed via Meraki MX appliances with zero-touch provisioning. 

Configuration-Based Key Features:

• Multi-Cloud: vMX (a virtualized version of MX) can be deployed in private and major public clouds (see, How does Cisco Meraki access cloud vendors?).
• Meraki Dashboard: Designed to create a hub and spoke or mesh VPN technologies by automatically negotiating VPN routes, key exchange, authentication and encryption protocols, which are enabled for all Meraki MX appliances within an organization.
• Hardware Deployment Options: Cisco Meraki SD WAN can be remotely deployed and cloud-managed from an MX hardware appliance, which caters for varying branch sizes whilst supporting wired WAN connectivity with built-in CAT 6 wireless modems and 802.11ac wave 2 Wi-Fi:

Security-Based Key Features:

• See, What is the Cisco Meraki SASE security solution?

Performance-Based Key Features:

• End-To-End Analytics: Improves end-to-end monitoring and network visibility using the Meraki Insight product (see, What Reporting and Management is Available Via the Cisco Meraki Portal?).
• Performance Indicators: Symbols are used to show the health of applications, providing a visual reference to the performance of each individually. The performance indicators are based on thresholds which a Meraki Administrator sets. The indicators show green if a connection is healthy, yellow if it is compromised, and red if there are any significant issues.
• Machine-Learned Thresholds: Thresholds for web applications can be adjusted using advanced machine algorithms based on historical data patterns of the network and performance indicators such as workloads. The product is known as SmartThresholds and is a tool built directly into the Meraki Smart Insights dashboard (see, What Reporting and Management is Available Via the Cisco Meraki Portal?).

What is the Cisco Meraki SASE security solution?

Meraki has historically offered integrated security options with SD WAN. The product has matured into a fully featured SD WAN capability with a SASE solution deployed from Meraki MX hardware appliances. The solution auto provisions IPsec VPN tunnels between sites, with the Meraki Dashboard able to automatically negotiate encryption and automation protocols and VPN routes while allowing clients to monitor network security. There are several key features:

• Cisco Umbrella Security: Provides data loss prevention, remote browser isolation, SaaS tenant restrictions, file type and granular application control. Cisco Umbrella Security also includes a cloud access security broker (CASB) and SSL decryption & inspection. Umbrella allows clients to manage cloud security separately at branch locations whilst offering connectivity to a multi-cloud environment (see, How does Cisco Meraki access cloud vendors?). By bundling Umbrella products together, Meraki achieves full SASE capability.
• Cisco Advanced Malware Protection (AMP): Designed to detect and dispose of malware efficiently by constantly analyzing file activity across the network.
• Data Loss Prevention: Detects and prevents data breaches by closely monitoring sensitive data.
• Intrusion Prevention System (IPS): Examines traffic flows to detect weaknesses and breaches within the network.
• Next Generation Layer 7 Firewall: Blocks or authorizes traffic by examining protocol, port and state and filters traffic based on rules set by the user. It is also capable of filtering data packets based on application. 
• SSL Decryption/Inspection: The traffic scale is decrypted and routed to inspection tools to identify application threats inbound.
• CASB: Cloud-based software that maintains security policies and monitors activity between cloud users and applications.
• SaaS Tenant Restrictions: Controls access to SaaS cloud applications by specifying which users can access tenants.
• Granular App Control: Controls which users and departments can access specific applications. 
• File Type Control: Restricts the upload and download of various file types. 
• Cisco Talos: Cisco’s threat intelligence centre monitors network security and informs the Meraki SASE solution.

How does Cisco Meraki access cloud vendors?

Cisco Meraki uses virtualized MX appliances (vMX) to access cloud vendors. Users can deploy the vMX appliance in private and all major public clouds. The Meraki solution can connect branch sites to vMX appliances in multi-cloud environments. This provides a secure connection and dynamic path selection to optimize access to mission-critical resources. The vMX solution does not use any extra hardware however requires different licenses for each product. Licenses are available for 1, 3 and 5 years. The Meraki offering is as follows:

• vMX (Small): Supports client VPN, 50 VPN tunnels and a 200Mbps VPN throughput. Cloud vendors available are AWS, Azure, Google Cloud and Alibaba Cloud. Requires Small Enterprise Cloud Management Licence.
• vMX (Medium): Supports client VPN, 250 VPN tunnels and a 500Mbps VPN throughput. Cloud vendors available are AWS, Azure, Google Cloud and Alibaba Cloud. Requires Medium Enterprise Cloud Management License.
• vMX (Large): Supports client VPN, 1000 VPN tunnels and 1Gbps VPN throughput. Cloud vendors available are AWS and Alibaba Cloud. Requires Large Enterprise Cloud Management License.

Cisco Systems are both an AWS Marketplace Seller and Public Sector Partner. They are also Service Validated by AWS for an Amazon Linux 2 Ready Product. Cisco Meraki’s dashboard and vMX software are available via the Microsoft Azure Marketplace, with the Meraki vMX receiving a ‘preferred solution’ rating.

Does Cisco Meraki offer WAN acceleration and optimization?

Cisco Meraki can leverage IaaS, SaaS or data centre resources to ensure the optimum performance of business-critical applications. This is achieved through advanced analysis tools that utilize intelligent path selection and machine learning to provide end-to-end visibility into the network.

WAN optimization features were retired from the MX range of appliances at the end of 2015 after failing to meet quality standards. Cisco Meraki made no further improvements to the feature, and it was phased out in favour of VPN traffic optimization as part of their IWAN offering.

Cisco Meraki’s solution enables WAN acceleration and VPN traffic optimization through load balancing, active-active auto VPN, flow preferences and traffic shaping rules to improve the network performance.

Cisco Meraki’s SD WAN offering utilizes Automated-VPN IPsec tunnels between sites. The MX range of appliances supports multiple layers of redundancy. Redundancy features include warm spare failover through Virtual Routing Redundancy Protocols (VRRP), high data centre availability, and hub and spoke or mesh topologies. Failover is also supported by dual uplink support and 3G/4G cellular connectivity. 

How does Cisco Meraki support remote users?

Remote workers have various support options available from Meraki. These include: Cisco AnyConnect, Native client VPN, and dedicated Wi-Fi-enabled teleworking devices. Meraki’s specific teleworking devices are the Z3 and Z3C; however, the MX appliance is also suitable. Both internet-based and site-to-site traffic is secured by cloud security for out-of-office users and on-premises unified threat management. Meraki further supports remote users by securing networks with Cisco Umbrella Cloud Security and Cisco Talos to provide high levels of protection anywhere.

What is the Cisco Meraki managed, co-managed and DIY services solution?

Meraki does not directly offer managed, co-managed, or DIY services as a vendor. Instead, managed and co-managed services are available to purchase via a channel integrator or service provider, and DIY hardware and licensing are available from value-added resellers (VARs). The lack of direct input can cause issues due to the enormous size of the Meraki channel - finding a channel partner that can provide a solution suitable for business needs can be complicated.

What Reporting and Management is available via the Cisco Meraki Portal?

Cisco Meraki Insights is a product designed to offer clients end-to-end monitoring and network visibility in one space by analyzing web applications and WAN link performance. It can monitor remote and home workers and those in the office. It features: 

• Web Application Performance Monitoring: The health of web applications can be monitored via Meraki Insight, a product designed to allow clients granular network visibility by configuring a Meraki MX appliance. Traffic is aggregated into groups based on its associated application and is sent to the Meraki Cloud Controller product for deeper analysis. After this, data is populated into Meraki Insight, creating visibility in the network.
• WAN Performance Monitoring: Designed to monitor ISP uplinks across the network, identifying issues such as ‘poor performance’ or ‘high usage’ and keeping track of all primary, secondary and LTE uplinks in one location. Suitable for SD WAN deployments requiring large networks to be monitored. Administrators can view data from the WAN Health dashboard.
• VoIP Performance Monitoring: Monitoring and analytics are also available for VoIP.
• Smart Thresholds: Built-in by default tool with the capability to set thresholds for individual application’s performance and a machine-learning algorithm that learns optimum network performance.

What is the Cisco Meraki SLA?

As an SD WAN vendor, Cisco Meraki is not required to provide a Service Level Agreement. The SLA will be offered by one of the service provider partners that may manage the underlay solution.