You are probably aware of the increasing use of cloud-hosted applications, as well as the worldwide availability of reliable LTE coverage. You’ve almost certainly witnessed the increasing use of mobile devices, growth of video traffic, and increasing security threats. These trends challenge modern organizations to adapt to a complex landscape with higher bandwidth requirements, multiple uplinks, and threats that can take down networks. Despite these complexities, IT admins can use new technologies to position their branch networks for a successful future.
What’s new?
Today, we are excited to announce brand new additions to our MX and Z products, with multiple new MX security & SD-WAN appliances, along with a new Z-Series teleworker and IoT device. With upgraded and improved hardware, the additions to the MX line feature higher throughputs, faster Wi-Fi, and integrated LTE modems. The built-in modems will offer a greatly simplified way to connect remote locations or provide failover redundancy via LTE.
The MX67 and MX68 lineup
The new MX products benefit from state of the art new hardware features designed to deal with an evolving branch environment:
Up to 450 Mbps Throughput
802.11ac Wave 2 Wireless
Integrated 300 Mbps CAT 6 LTE cellular modem
The MX family adds six new models to the highly successful MX64 and MX65 small branch security & SD-WAN appliances. The new MX67 and MX68 products include models with wired, wireless, cellular, and PoE+ capabilities. Both the MX67C and MX68CW feature region-specific SKUs to accommodate separate cellular bands. Meraki is partnering with mobile providers to fully certify the cellular platforms across all regions. For more details of MX67, MX67W, MX68, MX68W, and the cellular MX67C, MX68CW visit the MX datasheet.
The new Z-Series
We are also delighted to add a new model to our feature-packed Z-Series teleworker gateway family with the Meraki Z3C, now with LTE. A built-in 100 Mbps CAT 3 LTE modem in the Z3C provides an elegant way to add redundancy for teleworker deployments. Our customers are also excited about using the Z3C to securely connect remote or isolated machinery such as vending machines, ATMs, and kiosks.
LTE in the dashboard
Similar to the rest of Meraki’s products, these new cellular MX and Z-Series models offer exceptional visibility via the Meraki dashboard. For these models, IT admins can monitor current traffic and historical performance, as well as the ability to troubleshoot and configure their LTE connections. For example, the dashboard allows users to configure and reset their cellular connection with a few clicks of a button. There will be a new LTE API, and the dashboard will make it simple to manage devices at scale using templates.
The Meraki MX continues to march forward in its mission to provide market-leading threat intelligence and an intuitive SD-WAN offering to keep customers connected and secure. Try out the new devices for yourself with a free trial, and let us know what you think.
One more thing…
Speaking of free trials, for those purchasing the new MX and Z-Series models in the next three months, we have an additional treat: a free 45-day trial of Meraki Insight, our intuitive tool for monitoring and troubleshooting WAN and application performance. With Insight, IT admins can monitor the status of all uplinks in the organization, and troubleshoot any network outages within seconds. It also provides detailed performance metrics to understand the root cause of ISP outages. Contact a Meraki sales representative for more information.
To learn more about the MX67 and MX68 models, as well as the Z3C, watch the launch webinar or visit the What’s New page.
The pace at which new security threats are being introduced and propagated online has reached exponential levels, gaining speed with each passing year. Organizations have more locations and devices to protect, and threats are using many different ports to try to gain access or exfiltrate data. Security teams are often understaffed and struggle with complex, siloed systems that do not integrate or share intelligence in a programmatic way. These teams need solutions that are easy to deploy, simple to manage, can scale exponentially, and can integrate with other tools.
Securing your wireless users from malicious attacks — particularly these “DNS blind spots” that exist in many networks and are exploited by 97% of advanced malware — is of paramount importance. Unfortunately, recent surveys indicate that 75% of organizations do not actively monitor and apply security for DNS.
It is within this context that we are excited to announce support for integration between Meraki MR wireless access points (APs) and Cisco Umbrella (formerly OpenDNS).
Umbrella is the industry’s first secure internet gateway, a cloud-delivered first line of defense against threats like malware, ransomware, and phishing. Umbrella enforces security at the DNS layer by identifying requested web domains hosting nasty stuff — malware, phishing, etc. — and block end user access to them. Umbrella also enables more secure DNS querying through a tool called DNSCrypt, which automatically encrypts DNS queries between your network and Umbrella’s servers, effectively eliminating the chance that your queries will be the victim of eavesdropping or man-in-the-middle (MITM) attacks. This secures the “last mile” of a client’s internet connection, which is often left exposed and vulnerable.
There is no additional cost or charge for taking advantage of this integration (which is available to all Meraki wireless customers who have upgraded to our latest MR26.x firmware), but Meraki wireless customers who wish to integrate with Umbrella will need a separate Umbrella license and account with that service.
Enabling Umbrella integration
So, what does this mean for admins of Meraki wireless networks? This integration with Umbrella enables Meraki admins who obtain Umbrella licenses (WLAN, Professional, Insights, or Platform) to seamlessly assign DNS filtering via Meraki group policy or SSID to specific subsets of wireless clients, or to them all.
Enabling Umbrella integration takes only a few steps. First, the Meraki and Umbrella dashboards must be linked via the Umbrella Network Devices API key. Once this API key is generated from within the Umbrella dashboard, it needs to be copied into the Meraki dashboard by navigating to Network-wide > General.
Enabling Meraki + Umbrella integration within the Meraki dashboard.
Once the Meraki and Umbrella dashboards have been configured, linking a Meraki SSID or group policy to an Umbrella security policy is easy (note: Meraki group policies must be set to use ‘Custom SSID Firewall & Shaping Rules’ to link an Umbrella policy to them). After this initial setup, a unique identifier is generated behind the scenes for the specified Meraki SSID or group policy and is used by Umbrella to determine how to evaluate traffic from that Meraki network moving forward.
To link a Meraki SSID to an Umbrella policy, navigate to the Wireless > Configure > Firewall & Traffic Shaping section of the Meraki dashboard. There, you will find a button to link Umbrella policies.
Linking an Umbrella policy to a Meraki SSID.
By default, the last policy physically listed in the Umbrella dashboard’s ordered policy list will be inherited by a Meraki SSID unless a different policy is selected from the dropdown list.
To link a Meraki group policy to an Umbrella security policy, navigate to the Network > Configure > Group policies page in the Meraki dashboard and choose the specific Meraki group policy that you want to link. Under the ‘Layer 7 firewall rules’ section of that policy, you’ll be able to choose which Umbrella policy you’d like to apply.
Applying an Umbrella DNS policy to the Meraki ‘VIP Umbrella Clients’ group policy.
Once a Meraki SSID or group policy has been successfully linked to an Umbrella security policy, clients connecting to that SSID or who have been applied that group policy will have their DNS queries encrypted (if the AP supports 802.11ac) and verified against the corresponding Umbrella policy. Encrypting DNS queries between Meraki APs and Umbrella DNS endpoints helps secure the ‘last mile’ of client web browsing and protects against devastating MITM attacks or packet snooping that can reveal which websites client devices are browsing.
An example Umbrella policy may prohibit access to known malicious web domains or websites that host specific types of content, like gambling or peer-to-peer domains. If the client’s request for access to a given website is allowed, Umbrella will return an encrypted DNS response with the appropriate IP address. If the request is denied, then an encrypted DNS response pointing to the Umbrella block page will be returned instead.
Taken together, Meraki wireless and Umbrella integration provide a significantly more robust security framework for IT admins looking to protect clients from web threats in a more proactive way. Instead of waiting for a malicious site to infect a machine and then using tools like antivirus to detect and remediate, Meraki MR customers can rest easy knowing that they are protected from ever reaching harmful sites in the first place.
Interested customers should contact Meraki Support to have this feature enabled. This feature requires an early-release MR firmware version that can be enabled with Meraki support assistance.
Last summer, we celebrated as the millionth Meraki network came online. Today, less than a year later, we’ve hit 1.4 million networks. It’s hard to believe, but in just 12 years, Meraki has completely changed the face of networking and helped hundreds of thousands of organizations connect people and ideas better than ever before.
Bringing intelligent management and a simpler IT experience to organizations everywhere has always been our mission. That’s why I’m excited to announce today that Meraki is launching in the world’s biggest Internet market: China.
Why China? Many of our large enterprise customers in such verticals as retail, hospitality, education, and manufacturing have already entered the Chinese market. They love using Meraki to manage their networks in other countries, and now they can use Meraki to manage their Chinese networks as well. At the same time, we look forward to bringing the Meraki magic to organizations born and bred in China and show them how Meraki can help them seize new opportunities while reducing operational costs.
It’s hard to overstate the role that pervasive Internet connectivity has had in shaping China’s society and economy. China has nearly 800 million online users, most of whom access the Internet exclusively through their smartphones. App developers, local merchants, and everyone in between need fast and reliable networking to function smoothly. Entire platforms like Alipay and WeChat have changed how Chinese consumers interact with friends, family, and organizations of every type.
Having visited China a few times myself, I’ve been astonished every time I’ve paid for a train ride using my phone, borrowed a shared bike through an app, or ordered food at a restaurant (and paid for my meal) without having to leave the table. It’s clear to me that the increasing sophistication of China’s digital economy demands a stronger IT and networking backbone.
Over the last many months and years, we’ve worked hard to understand the needs of customers in China and to build an experience ideal for this market. We’re launching in China with our flagship networking solutions: MR (wireless access points), MS (switches), and MX (routers).
At Meraki, we believe that IT has a pivotal role to play in every organization. In years past, organizations would often treat IT as a separate appendage, consulting the IT team only when the Wi-Fi went down. Today, organizations work hand-in-hand with their IT teams, relying on them to deploy and manage forward-thinking solutions that can give organizations actionable intelligence about their customers, prevent production downtime, and much more.
What makes Meraki the leader in intuitive, intelligent IT? Our centralized management model minimizes the need for expensive, complex on-site infrastructure like wireless controllers, and allows us to rapidly deliver features that unlock new capabilities. All of our products are managed through the web-based Meraki dashboard, a simple interface for configuring and controlling Meraki access points, switches, and routers. Advanced capabilities, from a network topology view and virtual switch stacking, to Layer 7 application visibility and extensible APIs, minimize the time IT administrators need to deploy, configure, and manage the network.
The Meraki team has invested countless resources to build a comprehensive networking solution specifically for the Chinese market:
We have invested in two data centers in China, used exclusively for the management data of Chinese organizations.
The Meraki dashboard has been translated into Chinese and is physically separate from the dashboard used to manage networks outside of China.
We’ve opened up a China headquarters in Shanghai and will be running all of our Meraki China operations from there, including dedicated sales and marketing teams.
A support team dedicated to our Meraki China customers (and fluent in Mandarin!) sits in our Shanghai headquarters, ready to proactively help our customers build the best and most powerful networks.
Whether in San Francisco or Shanghai, our ethos remains the same: simplifying powerful technology to free passionate people to focus on their mission. Meraki is all over the world, with over 1.4 million active networks (and counting) in offices, classrooms, coffee shops, restaurants, manufacturing facilities, hospitals, hotel rooms, and everywhere in between. We can’t wait to see how our Chinese customers will build out new networks and how Meraki will help shape the future of IT in China.
