On 20/Jun/20 08:49, Reuben Farrelly via cisco-nsp wrote:
> Meraki doesn't currently support IPv6 in any way, shape or form. > > Some other things you'll find missing in Meraki products: > > - Zone based firewalls - Meraki MX doesn't do zones > - Routing protocols for all but the most absolutely basic use cases > - Client side VPN. More specifically it does PPTP but not so many > people are sold on the security and NAT problems that come with PPTP > - Modern crypto - IPSec Auth is limited to MD5/SHA1 for example. > - Any sort of xDSL, they only have Ethernet models. If you need xDSL > you'll need a bridge modem for the carriage circuit > - Extremely limited NAT capabilities, no ALG, no ability to disable > NAT between eg WAN and LAN ports which means it's almost useless for > an MPLS circuit. The lack of control over NAT also makes it > impossible to run a publically addressable DMZ > - SSL decryption which makes content filtering a bit less useful > - Cellular is limited to not all 4G bands (notably does not support > 700MHz here in Australia) and Cell backup is not supported in an HA setup > > And dare I say it, Segment Routing and MPLS definitely are not part of > the featureset ;) > > There are many good things about Meraki (eg dashboard, autovpn, > updates, ease of provisioning), but in my recent experience with MX/MS > products you have to spend as much if not more time working out what > Meraki products *can not* do as what they *can* do - and know the > product limitations before you design and deploy not during (don't > assume anything). > > Personally I would only recommend Meraki for a small business with > very basic and well defined requirements. Even then once you factor > in the cost of licensing + hardware and compare it to a low end Cisco > Enterprise product that does not have said limitations, you may find > the cost is about the same over 3 or more years. Sounds like pfSense might be a better option :-). If I can summarize it in one sentence, is Meraki meant to be Cisco's SD-WAN job? Mark. _______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
