+97
Started

Offer the Meraki MX as a virtual appliance

Rob Geoghan 3 years ago • updated 9 months ago 21
The subject pretty much sums it up.
+2
To connect networks to cloud resources like a VPC in AWS?
Under review
I'm not 100% I understand what you are thinking. I was thinking something along the lines of the offering from Palo Alto and many other firewall vendors
https://www.paloaltonetworks.com/products/platforms/virtualized-firewalls/vm-series/overview.html

Yep, I see AWS is on that list.
+2

I work for a private cloud hosting company and use Meraki devices extensively for setting up our client networks. Having a virtual MX device would solve the last piece in the puzzle of how to terminate VPN connections back to our cloud easily. We have a workable solution now that uses the 3rd party VPN feature in Meraki, but having cloud orchestrated auto-VPN would be even better. This is especially true when the client site might have multiple internet connections and failing between them could be managed by the cloud instead of being done by hand. Charging a reasonable fee for having these devices in the cloud portal as substitutes for the MX/Z1 line would be completely acceptable.

+6

This is something we've absolutely considered and are continuing to think about, especially for our larger Service Provider customers. The main concern we have is around security. We want to make sure that we don't in any way introduce vulnerabilities or security holes that would allow an attacker to compromise the Meraki software or the connection to the Meraki cloud. There is some work currently being done to determine what we would have to do to provide a secure virtualized MX solution, so how that project goes will determine if and when we start offering a "vMX" (not an official name, just my personal term for it).

I am in the same situation as Mike, mutli-tenant hosting. Right now we are using virtual OpenBSD firewalls because Meraki has not offerings, however we use Cisco ASA's exclusively at the client sites. The major benefit of the Meraki, to us, is the auto-vpn feature. If we could utilize end to end Meraki, our company would switch out all virtual appliances and ASA's almost immediately. We have had excellent results for those companies with multiple branches to mesh.

Is it possible/can we use the VM Concentrator for this purpose?

+11

@Cisco Meraki: this is a pressing need given the limited nature of your site-to-site VPN connectivity with cloud services (especially your lack of IKEv2 for multi site Azure connections). At the very least, can you not start with a limited "vMX" that enables Meraki auto VPN so that multiple sites/offices can be joined to the cloud? Tim has a point, can you not adapt the VM concentrator for this purpose?

+1

Any updates? This would solve a number of challenges for us connecting to Azure.

I haven't seen any news on the matter. This is by far the most upvoted feature.

This would solve a huge hole for us that I'm struggling with currently. Just a limited device that can do VPN would solve my current biggest networking headache.

This would be great for us as well. Right now I'm looking at alternative solutions like VNS3. Some of these limitations of Meraki are frustrating.


Pegg leg,

Would you mind doing a little write up on how deployed this option and the costs associated with it? I see that the Cisco CSR says no per tunnel fees which sounds like it might be cheaper depending on how many sites you have.

+1

Costs for the 250mbps device with 2 nics are around £2500 per year Cisco cost plus a D2 VM in Azure. Depending on what throughput you need, I think the cost can come down to around £1500 a year. If you purchase a 3 year licence you pay for around 2 years.


We have all our global sites (all Meraki) configured to connect to the CSR to get to our resources in Azure


The CSR is straight forward to setup. If you are fimiliuar with Cisco devices you will have no problem getting this up and running.


Cisco offer free trial licences as well. See below:

https://www.google.co.uk/url?sa=t&rct=j&q=&esrc=s&source=web&cd=2&cad=rja&uact=8&ved=0ahUKEwii-silupnQAhWLAcAKHbPJC9QQFggjMAE&url=http%3A%2F%2Fwww.cisco.com%2Fc%2Fdam%2Fen%2Fus%2Fproducts%2Fcollateral%2Frouters%2Fcloud-services-router-1000v-series%2Fsales...




This sounds nice. But we have trouble to connect our Merakis to the Azure Cloud. We are using about 150 Sites in the moment. And a Barracuda NGFW inside Azure.

Most of the Sites have a default Internet line, so no fixed IP. We are able to create a S2S VPN with the DNS Name of the Meraki Devices. But have urgent issues with the general VPN stability.

Is there a better way to connect Merakis with the Cisco Appliance? Or do you use the normal S2S VPN ?


thanks

Andreas


+15

Yes. Please do create virtual appliance. We need connectivity to Azure. Or implement IKEv2 in your MX appliances.

+3

Bump. Have a vMX appliance would be epic. I can't believe it hasn't been created at this point.

+2

Any updates on this? It would be nice to have a virtual MX appliance in the AWS marketplace along with the CSR 1000v AMI!

+12

Great! we have the virtual MX for Amazon, can Azure be far away?

+4
Started

Changed status to started.