The Dyson of…Firewall/Routers!

I love my Dyson vacuum.

It’s a DC14 Animal, and I regularly take it apart and put it in the dishwasher by itself to clean every cyclonic chamber and HEPA filter.  I always say:  “I like things that just WORK.”  With proper maintenance and care, this thing does.  It’s 11 years old now and still performs excellently.

So let me tell you about the other, Dyson-esque item in my life: my new Cisco Meraki MX64 — a cloud-managed device for security, networking and application control.  In short, a Layer 3/7 firewall and (in our case, also a Dual-WAN router) for an office of approx. 50 users.

I’ve been messing with firewalls, both software and hardware-based, since Checkpoint back in the early 2000s.  Then I graduated to NetScreen — I still remember my way around the ScreenOS (we have partners who still run these now-unsupported items).  Then, when NetScreen got bought by Juniper…to the Juniper SRX and the JunOS.

 

JunOS and I never really hit it off.  It was an arms-length business relationship, and JunOS did its’ best to keep me baffled and overwhelmed with the step-by-step nature of their commits.  I’m sure it didn’t help that Juniper is very proud of their boxes, and we’re in that place where our needs are more than your generic small office, and yet not big enough to use the Big Toy tools that my peers in the Tulsa CIO Forum use.  Palo Alto Neworks: I’m looking at you.

Throughout the 2000s, Cisco switches became ubiquitous and their various OS versions came into everyone’s lives and sought to do similar things, both inside the LAN and approaching the WAN boundary.  Very capable.  But often I’d find myself pushing the envelope of the basic programming and would have to phone a friend to get it to do exactly what I wanted.

The lesson I came to learn: I’m an IT Vice-President where an increasing amount of my responsibilities lies outside of traditional IT.  I evangelize, I proselytize.  I do my part for the overall health and well-being of the Tulsa Area United Way.  In order to do that, I need tools that just WORK.  Enter the Cisco Meraki.

I started buying Meraki wireless mesh access points WAY BACK in the 2006-2010 period, when they were still a private company.  I installed them in Foundation offices, nonprofit offices like Mental Health Oklahoma, private homes, and covered a swath of Drumright, OK with them.  I was enamored of Meraki’s “Free The Net” program in downtown San Francisco. The manner in which the units would work together, yet still create private and secure /32 subnets for each client, made them much superior to the buggy wi-fi range extenders of the day.  Wireless mesh uses orthogonal frequency-division multiplexing (OFDM) to transmit multiple signals out on different frequencies, which would be essentially “averaged” by the receiver in order to build a more robust and reliable wireless pipe.  The tech was not 100% new: vendors had been pitching OFDM wireless to me back at Blue Cross Blue Shield of Oklahoma in 2001 — but the application and price point of Meraki were groundbreaking.

When Meraki changed their licensing model (chase the cash flow!) prior to being bought by Cisco, I walked away — choosing to vote my dollars with Open Mesh since 2011.  They’re very similar in approach to the old Meraki, and only now are starting to become onerous with their licensing…but I digress…

The Meraki APs I put in at Mental Health Oklahoma were the ‘long-tailed catalyst’ of my conversion.  Paul Davis at MHAO started upgrading to Meraki security devices in early 2015 when they began a period of wild growth and property acquisition.  The main office at Boulder Park, Yale Apartments, Eastoak, a new statewide office in Oklahoma City, and MANY offices at various apartment buildings they’ve bought and manage.  Paul said that once they moved to Meraki 100%, they haven’t had to pay any contractors for support, and have actually deployed all the units in all locations themselves.  I knew they could do the job, but being that we’re the United Way and in the business of giving away funds, I blanched at the licensing.  Again.

 

A few weeks ago, I joined an online webinar hosted by Meraki, and won an MX64…a unit with a list price of $595, plus a 3-year license ($810 list).  Suffice to say, it’s been LOVE.  I’ve been able to install it and replace my TP-Link Dual WAN router, my Juniper SRX210, a legacy NetScreen SSG5 that was managing an external IP, and a couple of switches.  It’s cloud-accessible dashboard has given me unprecedented data on my network.  I can easily see our total bandwidth used across our 2 broadband services, and peer into the latency and jitter of each.  In fact, the jitter and latency information is making me think about moving our VOIP phone service from our cable broadband to our fiber connection.  It allows me to more easily manage our DMZ via VLAN. I can easily verify that our Azure VM initial replication is not exceeding our bandwidth.  I can even drill into the metrics of each individual host on the LAN, and see if anyone is abusing our network via Spotify or Pandora (answer: so far No, but the Layer 7 firewall can let me easily block those applications if it looks excessive!).

Oh, and while I set it up in Dual-WAN mode it also has a USB port for our cell hotspot, in order to provide cell service backup in the unlikely event that both Cox and AT&T primaries both go down.

Assuming this unit continues to impress me, when it’s free 3-year license is up I’ll GLADLY pay approx. $20/month to keep it talking.

WHY did I wait so long?

If this sounds like something that might work for you, reach out to Hollie Petapiece at Cisco.  She’s our Oklahoma/Arkansas rep, but she can hook you up…

Leave a Reply

Your email address will not be published. Required fields are marked *