Get your free Meraki gear!
-
Apparently I'm also in the minority here to think that Meraki gear isn't junk. I didn't really get to play with their APs and didn't have a need to since we used Ubiquiti gear for APs (which worked great).
I will say my only experience is with the Meraki MX appliances. I've seen a number of folks advocate the Ubiquiti ERL or other router model over most anything in terms of bang for the buck. But I don't think when comparing the MX appliances to something like an ERL you're comparing apples to apples. The ERL is a true firewall. That's what it does and was built to do. The MX appliances fall more in the UTM area and provide capabilities like web filtering, intrusion detection, malware prevention, and firewall functionality. While I agree the price of Meraki can be unattractive because of the recurring subscription cost, the gear was built to make administration simple. And it certainly is. If you take the cost of having a separate web filter and a separate IPS / IDS, does the cost of Meraki really become so astronomical?
I don't claim to have used the Ubiquiti firewalls. Based on a quick glance at the guide they seem quite nice and provide a CLI, which you won't get with a Meraki.
-
@NetworkNerd said in Get your free Meraki gear!:
But I don't think when comparing the MX appliances to something like an ERL you're comparing apples to apples. The ERL is a true firewall. That's what it does and was built to do. The MX appliances fall more in the UTM area and provide capabilities like web filtering, intrusion detection, malware prevention, and firewall functionality.
That alone is another vote for the ERL approach as generally UTMs are considered to be a bad thing.
-
@scottalanmiller said in Get your free Meraki gear!:
@NetworkNerd said in Get your free Meraki gear!:
But I don't think when comparing the MX appliances to something like an ERL you're comparing apples to apples. The ERL is a true firewall. That's what it does and was built to do. The MX appliances fall more in the UTM area and provide capabilities like web filtering, intrusion detection, malware prevention, and firewall functionality.
That alone is another vote for the ERL approach as generally UTMs are considered to be a bad thing.
Because so many functionalities are tied to one device and they should be separated?
-
@NetworkNerd said in Get your free Meraki gear!:
If you take the cost of having a separate web filter and a separate IPS / IDS, does the cost of Meraki really become so astronomical?
Yes, without question. It's one of the most ridiculously priced products on the market. And they are slow (even by Cisco standards) and not very reliable.
-
@NetworkNerd said in Get your free Meraki gear!:
Apparently I'm also in the minority here to think that Meraki gear isn't junk. I didn't really get to play with their APs and didn't have a need to since we used Ubiquiti gear for APs (which worked great).
Never said junk ..... just toooooooo expensive for the job they do
-
@NetworkNerd said in Get your free Meraki gear!:
@scottalanmiller said in Get your free Meraki gear!:
@NetworkNerd said in Get your free Meraki gear!:
But I don't think when comparing the MX appliances to something like an ERL you're comparing apples to apples. The ERL is a true firewall. That's what it does and was built to do. The MX appliances fall more in the UTM area and provide capabilities like web filtering, intrusion detection, malware prevention, and firewall functionality.
That alone is another vote for the ERL approach as generally UTMs are considered to be a bad thing.
Because so many functionalities are tied to one device and they should be separated?
Yes, lumping all of those functions into the router is considered a very bad idea. Especially things like filtering that slow things down a lot or IDS that can be more easily compromised, and slows things down. UTMs are sales gimmicks, they sound good but they were avoided for decades because it was fundamentally a bad idea. Then someone came up with the name "UTM" and people just assumed it was new and good and they spent fortunes on devices that we not recommend just throwing out.
-
@hobbit666 said in Get your free Meraki gear!:
@NetworkNerd said in Get your free Meraki gear!:
Apparently I'm also in the minority here to think that Meraki gear isn't junk. I didn't really get to play with their APs and didn't have a need to since we used Ubiquiti gear for APs (which worked great).
Never said junk ..... just toooooooo expensive for the job they do
Same as junk in the business world. They don't do the job well enough justify using, even if they were free. That's how bad they are.
-
@scottalanmiller said in Get your free Meraki gear!:
@NetworkNerd said in Get your free Meraki gear!:
But I don't think when comparing the MX appliances to something like an ERL you're comparing apples to apples. The ERL is a true firewall. That's what it does and was built to do. The MX appliances fall more in the UTM area and provide capabilities like web filtering, intrusion detection, malware prevention, and firewall functionality.
That alone is another vote for the ERL approach as generally UTMs are considered to be a bad thing.
I thought you had mentioned a few times that Palo Alto has the best UTM out there. So it's kind of the same as that thread from long ago where you advised get a HDS if you get a SAN, but don't get a SAN? If you're going to get UTM, get Palo Alto, but don't get a UTM.
-
@NetworkNerd said in Get your free Meraki gear!:
@scottalanmiller said in Get your free Meraki gear!:
@NetworkNerd said in Get your free Meraki gear!:
But I don't think when comparing the MX appliances to something like an ERL you're comparing apples to apples. The ERL is a true firewall. That's what it does and was built to do. The MX appliances fall more in the UTM area and provide capabilities like web filtering, intrusion detection, malware prevention, and firewall functionality.
That alone is another vote for the ERL approach as generally UTMs are considered to be a bad thing.
I thought you had mentioned a few times that Palo Alto has the best UTM out there.
The best UTM, yes. That doesn't make it a good idea, just the best when you are considering doing UTM against other recommendations.
-
@NetworkNerd said in Get your free Meraki gear!:
So it's kind of the same as that thread from long ago where you advised get a HDS if you get a SAN, but don't get a SAN? If you're going to get UTM, get Palo Alto, but don't get a UTM.
Exactly
