• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Meraki Equipment Question

B

Burner27

Diamond Member
Hey all,

I started another thread regarding pfSense vs Sophos vs Meraki which has brought up an interesting question for me. I would like to get anyone's/everyone's opinion on Meraki gear. What your experience has been. Do you feel comfortable with cloud management? Do you feel it is a secure device? Does it perform well? Do you think it is better/worse than open source routers? Or anything else you might want to say about it. I dont want to talk about their absurd licensing scheme or that if you dont keep a current license your devices become bricks--I already know that part.

So.......Fire AWAY!!!!

and thanks!
 
I think I mentioned in your other thread, but I found the wireless signal to be better on my Sophos AP's than the Meraki's. No complaints about their interface/management however.
 
XavierMace said:
I think I mentioned in your other thread, but I found the wireless signal to be better on my Sophos AP's than the Meraki's. No complaints about their interface/management however.
Click to expand...
I agree with you there. The MR33 I have doesnt broadcast as strong a signal like my Linksys WRT1200AC does.
 
I got a free MX64 w/3yr Advanced Security license on it. Work will pay for re-upping that license when it expires. My initial thoughts centered around security. With the onslaught of emerging threats nowadays, does pfSense have what it takes to combat that? Same question to Meraki as well. Equipment wise-Meraki doesn't tell you what their hardware is comprised of. I will primarily be using it at home to become familiar with it as we are deploying these for several clients. It helps to know the product you recommend. I also received an MR33 w/3yr license for attending another webinar. I like free stuff....

The only thing I am not happy about is I am capped. I pay for 300/20 service, but the MX64 limits me to 250/20. With pfSense, I easily get 350/24 service. May not seem noticeable on uploads but downloads take a big hit. I knew that going into this by using the Meraki, but it always sticks in the back of my mind. I guess what I am asking (opinion poll) is 'would you sacrifice 100Mbps download by using the Meraki?"
 
You are sacrificing 50mbps, not 100. And in a home environment, I'll go with offense or Sophos over mx64, assuming you provision enough cpu for the features you want to run.

Don't think you can sell the mx64 with the licence though.

Also, your work will buy you licence for the mx64 going forward. So that is a big plus for staying with meraki.


Tough call.
 
Last edited:
sdifox said:
You are sacrificing 50mbps, not 100. And in a home environment, I'll go with offense or Sophos over mx64, assuming you provision enough cpu for the features you want to run.

Don't think you can sell the mx64 with the licence though.

Also, your work will buy you licence for the mx64 going forward. So that is a big plus for staying with meraki.


Tough call.
Click to expand...

How am I sacrificing 50mbps? Even though I am paying for 300/20 service, with pfsense and Sophos I easily achieve 350mbps. No matter what I do the Meraki stops me @ 250mbps.

No, I can't sell the Meraki, and I wouldn't. I am just thinking in terms of security features between them. I am leaning towards Sophos though.
 
Burner27 said:
How am I sacrificing 50mbps? Even though I am paying for 300/20 service, with pfsense and Sophos I easily achieve 350mbps. No matter what I do the Meraki stops me @ 250mbps.

No, I can't sell the Meraki, and I wouldn't. I am just thinking in terms of security features between them. I am leaning towards Sophos though.
Click to expand...

Ok then load up Sophos in a VM and go to town. UTM is free for home user up to 50 ips
 
Burner27 said:
May I ask why you think Sophos is better than Meraki?
Click to expand...

Lots of people are moving from meraki to pfsense or sophos. I cannot speak for them of course. I am just running pfsense in hyper-v.

Also, remember we are talking about home use, so any of meraki Sophos or pfsense is fine. Since you have free meraki, just use that. Load up Sophos VM if you want to play with it or test it. Same with pfsense. Pfsense does take a bit more work and understanding of network.

Stoped being meraki fan after cisco
 
Last edited:
sdifox said:
Mainly cost.
Click to expand...
I would have to agree with you there. The 3yr advanced security license that came with the Meraki MX64 I have is $800 to renew for 3 yrs. Kinda outlandish.

In terms of security/performance, I would think running Sophos or pfSense on a custom box would yield the best setup. You can choose the parts you want to use. With Meraki, you are stuck with whatever is in their machines. Same holds true for Sophos' and pfSense's offerings as well. Meraki doesnt even tell you what hardware is in their boxes.
 
Burner27 said:
I would have to agree with you there. The 3yr advanced security license that came with the Meraki MX64 I have is $800 to renew for 3 yrs. Kinda outlandish.

In terms of security/performance, I would think running Sophos or pfSense on a custom box would yield the best setup. You can choose the parts you want to use. With Meraki, you are stuck with whatever is in their machines. Same holds true for Sophos' and pfSense's offerings as well. Meraki doesnt even tell you what hardware is in their boxes.
Click to expand...


Well, both pfsense and Sophos sell hardware boxes, with different hardware level depending on intended use. Have you tried to setup esxi and host Sophos as a VM?


Cloud management for a single unit is just silly.
 
Last edited:
sdifox said:
Well, both pfsense and Sophos sell hardware boxes, with different hardware level depending on intended use. Have you tried to setup esxi and host Sophos as a VM?


Cloud management for a single unit is just silly.
Click to expand...
Have run pfSense and Sophos on separate hardware already. pfSense runs quicker, but I like the interface/features of Sophos.
 
Burner27 said:
Have run pfSense and Sophos on separate hardware already. pfSense runs quicker, but I like the interface/features of Sophos.
Click to expand...


did you turn on advanced features like DPI and https filtering? that is when you can tell how good each of the firewall is.
 
No but I will. Lemme ask you this, I have been reading that running a router/firewall as a VM is not advised due to a 'possiblity' that the hypervisor could be compromised. Is this really a concern?
 
Burner27 said:
No but I will. Lemme ask you this, I have been reading that running a router/firewall as a VM is not advised due to a 'possiblity' that the hypervisor could be compromised. Is this really a concern?
Click to expand...

not particularly. SR-IOV, VT-d and VT-x were designed for this type of use. Of course it is higher risk than having dedicated hardware, but to date I am not aware of any exploit of VT-d. As far as I can tell, DMA attacks require physical access.
 
Last edited:
I've seen that mentioned as a 'possibility' more than once, but I've never seen any mention of it actually being done. My mindset is that would have to be a very specialized attack and even if it's possible, who's going to waste that sort of time to compromise somebodies home network?
 
XavierMace said:
I've seen that mentioned as a 'possibility' more than once, but I've never seen any mention of it actually being done. My mindset is that would have to be a very specialized attack and even if it's possible, who's going to waste that sort of time to compromise somebodies home network?
Click to expand...
Well hackers (I would think) cant tell what they're attacking when it comes to residential or business IP address. All they care about is getting in.
 
XavierMace said:
I've seen that mentioned as a 'possibility' more than once, but I've never seen any mention of it actually being done. My mindset is that would have to be a very specialized attack and even if it's possible, who's going to waste that sort of time to compromise somebodies home network?
Click to expand...

most homes are using vanilla routers with the bare minimum to be qualified as protection. And the thing is for most people that's fine. I just run pfsense cuz I have a box with plenty of power and it is far more stable than my shitty linksys router.

All I really need is bigger state table and stability.
 
sdifox said:
most homes are using vanilla routers with the bare minimum to be qualified as protection. And the thing is for most people that's fine. I just run pfsense cuz I have a box with plenty of power and it is far more stable than my shitty linksys router.

All I really need is bigger state table and stability.
Click to expand...

That was kinda my point. Yet I've had multiple people bring the virtualization aspect up as a "concern" when they're running consumer grade routers. So I think it's effectively a non-concern.
 
sdifox said:
Hackers have targets. script kiddies don't.
Click to expand...
I stand corrected. 😉

The hardware I can use for pfsense or Sophos (seriously overkill):

I7-6700K
Gigabyte GA-Z170N-Gaming 5 mobo
16GB DDR4-2400
256GB Intel 600 m.2 SSD
Intel dual port 1000PT NIC
 
Last edited:
You must log in or register to reply here.

TRENDING THREADS

Back
Top