Comparing the meraki MX60 to meraki Z1
Every once in a while I like to do a product review. Next up is the meraki MX60 (shown above on the left next to the Meraki Z1). The official MX60 data sheet can be found HERE. The MX60 comes with or without wireless capabilities hence the MX60W means wireless while the one used in this post is a MX60. Outside of that, both models are the same and considered the low end / home model as shown in the next image.
Meraki Network and Security Product line
Like other Meraki solutions, the MX60 is managed using a cloud-based framework rather than accessing the appliance directly. Below is an example of me logging into my Meraki network featuring various devices. I access the main dashboard using https://meraki.cisco.com/.
Meraki main dashboard example
Once logged in, I can review the health of my entire network, dive into a particular device configuration and license other devices. The cool part about the cloud approach is a administrator could configuration devices prior to a deployment without having to console into each device. All that has to be done with the hardware is ship it and plug it in since everything configuration wise comes from the cloud. Also things like managing updates are done via the cloud so I randomly will see messages about my system being updated via email or when I log into the GUI making overall management super easy.
For the cost, the Meraki MX60 has a many features expected from a enterprise security solution. Examples are content filtering, VPN, Active Directory integration, Traffic Shaping and some access control capabilities.
Meraki MX60 configuration areas
As a firewall, the MX60 offers standard access rules as well as layer 7 application layer controls. The next images show the default configuration pages for firewall rules.
Basic Firewall Rules
The content filter is pretty easy to use and based on categorizes. For example, an administrator could deny Gambling websites but white list Lottery websites. All the standard stuff is there plus known high risk sites such as Bot Nets as shown below. There are also popular functions such as YouTube for schools and clean search engines meaning cleaning up what can be accessed (example is a search for “chicks” would bring up chickens rather than ladies).
The Meraki MX60 uses SourceFire / SNORT rules for the IPS. Its explained as “Security filtering is comprised of the Kaspersky® SafeStream anti-virus / anti-phishing engine and Sourcefire SNORT intrusion detection engine.” There isn’t a lot of tuning options regarding the available signatures however whitelisting is pretty easy to do. There are only a few ruleset options such as secure or in the next example, balanced. What each security setting really means is explained HERE.
Malware Detection and IPS For The Meraki MX60
The MX60 offers decent VPN and access control options. Both are pretty easy to setup. Regarding access control, users can authenticate using single sign on or prompted to enter credentials such as a Active Directory login. Administrators can also enforce a acknowledgment page with spooky legal information prior to permitting access.
Overall, the Meraki series is easy to use and very feature rich for the price. The MX60 list price is $495 giving you Firewall, IPS, VPN, Application Layer Controls, Traffic Filtering, WAN optimization and more. Many of these features are only found on mid market to enterprise level security solutions making this series a great value for those seeking high in security for small breach office or home use. Check out Meraki’s website as well as attend a weekly webinar to get a free access point. Most people I know that get an Maraki AP convert their home networks once they see how easy it is to setup and use.
Also check out my post on free Meraki mobile device management MDM HERE.