404 Tech Support

Evaluating the Cisco Meraki MX64 firewall

I was a little familiar with Cisco Meraki products since exploring their free MDM tools over two years ago. Now, I am checking out the hardware offerings in their firewall line for a client’s needs. Setting up a trial with the Meraki MX64 was pretty prompt and painless as far as these things go. I am currently in the middle of that two week trial.

The MX64 is the smallest of their firewall line. It is a “desktop” form factor while the next step-up to the MX84 is rack-mountable and higher-capacity but also higher cost. The MX64 is rated for 250Mbps throughput and recommended for a maximum of 50 clients.

As far as first impressions go, the Meraki MX64 makes a good one. The packaging is snug and clean, making for a great presentation as you open the box.

The design is a simple, machined aluminum look. The status light is on the front with the power and ports on the back. Besides the rack-mounting, the status light on the other side is the biggest difference for the desktop form factor.

The MX64 has five ethernet ports on the back side. One is labeled ‘Internet’ while the others are numbered 1-4. The numbered ports can act as LAN or the 4th port can be configured to be a second WAN link for load-balancing or fail-over. The USB port can also be used for a cell phone network fail-over configuration.

Remaining in the box include the power adapter, two short patch cables, and two mounting screws. The bottom of the device has slots where the screws would slide to secure the device on a wall-mount.

Besides the hardware, the trial was accompanied by a quick start guide. It essentially tells you to create your account with Meraki, claim the device, and configure the network settings. Then, once you plug everything in, it will auto-download the configuration from this global dashboard and the settings will be as you configured them.

I ran into a problem here in that it assumes a DHCP network. While I have a DHCP internal network, the ISP-provided IP address is static and must be configured. If you need to assign a static IP address, plug a computer into the firewall and go to setup.meraki.com. This will access the local interface of the firewall and will work without Internet access.

The dashboard on Meraki is a very nice interface. I have obtained a much better idea of the network traffic than the old SonicWall could provide. The features include content filtering (including malware, adware, phishing, and other general categories), traffic shaping, a security filter which has already blocked some exploits, and more dashboard elements like the top clients by usage, top applications by bandwidth. There are also event logs per client so you can monitor the content filtering and other rules that have taken effect.

The nice part of the dashboard is that you can access it anywhere, make a configuration change, and in a couple minutes the setting will be synced down to the device. With only one appliance, this was a convenience. With multiple appliances and multiple locations, I imagine this would be a life saver. Not having to VPN to each network, connect to the firewall, and make the same configuration change repeatedly is just opening it up to human error. The dashboard has been great to provide network usage information. I wish there was a little more detail on CPU/RAM usage and throughput since this can differ with the combinations of features enabled/disabled but so far it has been a great experience.

The MX64 is in similar price points as its competitors. I wish I could go up a level to take advantage of rack mounting and web caching but the budget won’t support the jump. The pricing particularly comes down to the licensing for the Advanced Security features which scales up with the number of supported clients. I’m content with the MX64 and Meraki’s offering of the trial and their dashboard for evaluation. I have another to consider but so far this looks like a good match for the client.