Hardware

Cisco Meraki MX64 Firewall

For my assignment, I will be discussing the Cisco Meraki MX64 Firewall, as I use a variant of it at my office, along with other Cisco products. The firewall is 100% cloud managed, allowing it to be remotely updated, maintained, and configured, regardless of the technician’s physical location. In the current busy tech world, one must be able to make changes to security within a moment’s notice. With COVID-19 causing destruction throughout the world, being able to manage a firewall while you are quarantined at home is a vital cog in the machine that is business operations. As we are a small company, the Cisco Meraki MX64 is ideal as it is limited to 50 max clients and has a small form factor (fits neatly in our rack). The MX64 offers zero-touch self-provisioning deployments, making setup simple. The MX64’s ability to classify users, applications, and devices make management straightforward, as policies can be initiated with a finely-tuned radius.

The Cisco Meraki MX64 is a stateful firewall; it features an auto VPN self-configuring site-to-site VPN, making the initial setup easy, as well as allowing increased security by using a VPN. As one of the more challenging aspects of setting up a new firewall is configuring Active Directory, the MX64 offers fast AD integration. Managing a large number of devices and users can be challenging, but the MX64 makes this quite effortless with its identity-based policies. The MX64 offers several advanced security services such as content filtering, Google SafeSearch and YouTube for Schools, intrusion detection and prevention (IDS/IPS), advanced malware protection (AMP), and Cisco Threat Grid.

Monitoring and management is one area the MX64 shines, as it provides web-based administration and configuration, advanced monitoring and alerts, sophisticated asset discovery and user identification, network-wide reporting, a centralized policy management system, real-time web diagnostic and troubleshooting, searchable network-wide logs, and automatic firmware and security upgrades/patches. By using a single 18w power supply, the operating temperatures of the MX64 range from 32*F to 104*F. For performance, the device has 250Mbps stateful firewall throughput and 100Mbps VPN throughput (Meraki, 2020).

            By far, the best aspect of the Meraki MX64 is the simple setup. Within seconds, the system will connect through the Cloud to a Cisco Meraki data center, thus getting all of its firmware and system updates through an SSL connection. Using a straightforward graphical interface, administrators can manage the device effortlessly. To begin with the installation of the device, one would merely connect the power adapted, CAT5 ethernet cables, and mount the MX64 onto a wall or rack. Next, the device must have an IP address; this can be accomplished by using a client machine to connect to one of the four LAN ports on the device, accessing the MX64’s built-in web service at http://setup.meraki.com, selecting Uplink Configuration under the Local Status tab, then choosing Static under the IP Assignment option. Finally, one must enter the IP address, subnet mask, default gateway IP, and DNS server information. Setting up a DHCP address is even easier, as, by default, all MX devices are configured to negotiate the address automatically (Meraki, 2020).

            To configure the firewall settings on an MX64 device, there are some best-practice procedures to follow. For outbound rules, one can permit or deny Access Control List (ACL) statements to control traffic; to accomplish this, you would click Add a Rule to the outbound firewall rule, then configure the Policy, Protocol, Source and Destination, and Src and Dst ports. Finally, under Actions, you can move the rules up or down the list. For the Layer 7 Firewall Rules, I would recommend some work in blocking specific web-based services, such as video or music websites. In Geo-IP based Firewalling, you can block or allow web traffic from or to a certain specified IP range (and even block entire countries). Forwarding rules can also be configured by creating rules based on the Uplink, Protocol (TCP or UDP), LAN IP, and Local Port (Breeden, 2019).

            The Cisco Meraki MX64 offers unparalleled security for a network by providing a single means of configuring and managing all users, devices, and policies. Backed by constant updates and patches, the MX64 is an excellent choice for smaller networks that need a simple and cost-effective method to protect their information assets. Regardless of the level of training a technician has in firewall implementation and configuration, the MX64’s cloud-managed firewall is suited for everyone. As an avid fan of Cisco products, I have had nothing but success with the MX64.

References

Stallings, W. (2017). Network Security Essentials: Applications and Standards (Sixth). Pearson.

Meraki, Inc. (n.d.). MX64. Retrieved May 12, 2020, from https://meraki.cisco.com/products/appliances/mx64#tech-specs.

Breeden, J. (2019, May 1). Review: Cisco Meraki MX64 Cloud-Managed Platform Tightens Network Security. Retrieved May 12, 2020, from https://edtechmagazine.com/higher/article/2019/11/review-cisco-meraki-mx64-cloud-managed-platform-tightens-network-security.

 

Categories: Hardware

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s