Posts Tagged ‘meraki’

MG CELLULAR GATEWAY ORDERABLE TODAY

Last month at Cisco Partner Summit, we announced the newest addition to the Meraki platform – the MG Cellular Gateway. The reaction to MG has been overwhelming with customers and partners eagerly waiting to get their hands on it, and now, the wait is over. We’re pleased to announce that MG is officially orderable today – try it out for yourself.

If you’re hearing about MG for the first time, then read on…

 

What is it?
The MG Cellular Gateway is a brand new Meraki product line that takes a cellular signal and transforms it into a wired Ethernet connection that can then be propagated down to the rest of a network via a router.

Cellular is growing
Cellular usage as a viable enterprise-grade connectivity option has been steadily growing with advances in throughput and availability in particular. IDC estimates the compound annual growth rate (CAGR) of the global LTE gateway market to be approximately 25% with around half of all enterprises using cellular as their current backup network solution for WAN connectivity.

The Meraki MG Cellular Gateway is our second wave of investment into cellular products. Last year we introduced a range of small branch MX security & SD-WAN appliances with integrated LTE modems to deliver all-in-one cellular failover capability. Customer response to the embedded cellular range has made those models one of the most popular of the MX line over the past year.

So there’s obvious an appetite in cellular products, but in what scenario would an MG cellular gateway be useful?

 

Cellular signal strength
One of the biggest challenges with utilizing cellular connectivity is getting the signal itself to where it’s needed. For most enterprises, geographical cellular coverage is not the issue. The challenge is usually with signal strength where the networking equipment is located. More often than not, this tends to be a network closet or server room deep inside a building, where cellular reception is likely to be poor or sporadic at best.

Antennas from cellular devices in a closet or server room can be extended to a location with better signal using a coaxial cable, however this is only practical over short distances. Coaxial cables are susceptible to high signal loss, making them unsuitable to transport a cellular signal over all but short distances.

Meraki MG cellular gateways are IP67 rated, meaning they can be optimally positioned, indoors or outdoors, to receive maximum signal strength. Cellular signal from MGs is delivered to the rest of the network via an Ethernet cable which experiences zero signal loss even over larger distances. Ethernet delivery also means that MG can be paired with any router on the market downstream to provide another uplink for SD-WAN or as a failover/primary link.

As you would expect with a Meraki product, MG is supremely simple, and of course managed from the same dashboard as the rest of the Meraki portfolio.

 

A decade head start
MG is built on the industry’s most trusted cloud infrastructure, backed by over 10 years of experience supporting nearly half a million customers globally, including numerous deployments in excess of 20,000 locations. Leveraging this backend infrastructure means that Meraki is uniquely positioned to rapidly bring new products and product lines to market that are supremely scalable and robust, from day one.

 

What about 5G?
There’s a lot of hype and excitement around 5G, and rightly so. Compared to 4G, 5G promises

  • 10x latency reduction
  • 10x increase in connection density
  • 100x more traffic capacity

As hugely exciting as these capabilities are, there’s still some time before they become a reality. Firstly the 5G standard itself needs to be ratified – the timing of which is still to be confirmed. Moreover, as was the case with the preceding generations of cellular technology, multiple elements need to be completed before 5G adoption can become widespread: carriers need to certify 5G with their respective infrastructure and roll out new equipment to provide coverage, and client devices compatible with 5G need to proliferate.

Given the backend that Meraki has built, we’ve always been among the first to bring the latest technology innovations to our customers as we did with 802.11ac waves 1 and 2, and most recently, Wi-Fi 6. 5G will be no different. We’re closely tracking the progress of 5G, and are ideally positioned to deliver a solution to our customers that will allow them to fully leverage the enhancements in latency and throughput efficiencies that it promises, at scale.

So whether you’re starting your Meraki journey with MG or continuing it with adding to your existing Meraki deployment, you’re investing in a proven platform that’s ready to offer you unprecedented visibility and management, today.

 

More MG info & resources

Cisco and Meraki: Adapting for the Continuously Evolving Enterprise

Security is a top priority for people in IT. Everyone knows how important security is to an organization, its devices, and most significantly, its people. 

While putting a firewall in your network is the first line of defense, another primary foundation to network security is the enforcement of access security policies. Permitting or denying access to specific resources establishes security in your network. For example, guests should not be able to access business servers. Organizations can have long lists of access policies, dictating who can access what. But how many organizations have a clear and concise policy list they easily understand, manage, and configure?

Access control lists are daunting in most environments. This is due to how access policies are built. Access policies are based on an IP architecture, where sources and destinations are defined by your network topology. While this works, IP-based access policies do not easily scale with large scale environments, businesses with distributed sites, and frequently changing organizations. 

Most are familiar with policy lists that look something like this:

Would you be able to tell what these IP addresses represent? Is XXX.XXX.XXX.XXX your cloud server? Or the HR team? 

The point is, it’s difficult to tell. It also becomes more troublesome as your business needs change, such as a growing business dealing with company acquisitions, a university expanding their campus with new sites, or a firm that’s redesigning their entire organizational structure. In every one of these cases, access policies must be re-configured to mirror the way the network topology changes. 

What if access policies no longer needed to be dependent on network topology; no longer IP-based, and instead, based on the intent of the user, device, or service? 

Today’s the day – we’re introducing Adaptive Policy. 

*(Beta available H1CY2020)

 

Adaptive Policy is a new solution where revolutionary Cisco Security Group Tag (SGT) technology meets the most powerful Cisco Meraki switch hardware yet. This software feature addresses the shortcomings of traditional policy administration using Cisco SGT and the MS390. With Cisco SGT, numerical tags are used to profile users, devices, services, and time of access. Tags can be assigned using a RADIUS server like Cisco Identity Services Engine (ISE). When Cisco ISE is used, the tag is transmitted to all devices in the network — every packet is tagged and decisions based on the tag are made by the MS390

 

How does Adaptive Policy actually work?

 

IT team creates an access policy whereby the sales team cannot access a product roadmap application. 

When a salesperson connects their laptop to the network, Cisco ISE will authenticate the user using Active Directory, then assign a tag, let’s pretend, tag 4 for the salesperson. The MS390 will receive tag 4 sent from ISE and will then add the tag 4 to every packet coming the salesperson’s device. If the salesperson tries to connect to the product roadmap server, which only allows tag 5, the MS390 will deny the request. But let’s say the salesperson moves to the product team, the user profile changes based on Active Directory, and now this user can access the roadmap application without having to re-configure all the switches in the network. 

This policy enforcement process has become scalable, effective, and automatic. Adaptive Policy utilizes Cisco SGT to determine traffic intent and can help scale and reinforce security for customers of any deployment size. 

With Adaptive Policy, security is agnostic to network topology, making security orchestration and mass configuration changes consistent. Furthermore, instead of using IP addresses, we can now use natural language to determine how a policy is adjusted and implemented. Instead of seeing XXX.XXX.XXX.XXX, you’ll find yourself reading “Marketing team”. 

 

Adaptive Policy is built with flexibility. 

 

Adaptive Policy is a new feature built with a Meraki API-first strategy that will guarantee full consumption. Together with Cisco, we are able to provide interoperability with an open implementation of tagging, which means it won’t be tied to only one vendor. Thanks to Cisco SGT’s open and extensible technology, Adaptive Policy provides maximum potential across Cisco and 3rd party vendors, giving you flexibility for your networking needs. 

MR customers can take advantage of Adaptive Policy too!

 

Customers who have Meraki MR access points (ac Wave 2 and above) but do not have the MS390 can still deploy Adaptive Policy. Under a hybrid environment, current Cisco Catalyst switch (3K to 9K series) customers with Meraki MR can implement Adaptive Policy utilizing inline-SGTs.

How can I enable Adaptive Policy?

Adaptive Policy is available as an advanced feature on the MS390. You will need the MS390 switch along with the MS390 Advanced licensing to enable this new feature. 

To learn more about Adaptive Policy and the MS390 switch, watch the launch webinar or read the MS390 blog. Starting early 2020, you can also give Adaptive Policy a whirl by starting a free trial.

Additional Resources:

Todd Nightingale, Cisco Meraki GM talks about Security Made Simple

Meraki Security Made Simple 

Security Made Simple Podcast

Cisco Live Cancún 2019

¿Eres de los que constantemente está leyendo sobre lo último en IT? ¿Te has imaginado que nos espera en el futuro? Cisco Live Cancún, es un espacio único para conocer y experimentar la tecnología simplificada, segura e inteligente de Cisco Meraki que permite a las organizaciones transformarse digitalmente.

Cisco Live Cancún será del 28 al 31 de octubre y quisiéramos compartirte algunas razones para animarte a vivir esta experiencia con nosotros:

  1. Sesiones técnicas: Meraki está incluido en siete sesiones técnicas. Estas sesiones se centran en tecnologías, estrategias de arquitectura, aplicaciones de solución de problemas para las soluciones o tecnologías de Cisco. Regístrese para las sesiones, ya que serán 100% Meraki. Los asistentes de Cisco Live pueden registrarse para estas presentaciones iniciando sesión en su cuenta en línea de Cisco Live e ingresando al catálogo de sesiones.
  2. Vertical summits: hay un total de siete sesiones verticales en Cisco Live Cancún y Meraki es patrocinador de tres. Manténgase actualizado, conozca las historias de éxito de otras compañías que ahora son una referencia en su industria, haga crecer su red y comience o adapte su estrategia tecnológica para llevar a su compañía un paso por delante de su competencia en las sesiones para gobierno, educación y salud.
  3. Zona DevNet: visite las sesiones de Meraki DevNet para obtener más información. Meraki tendrá seis sesiones en la zona DevNet. Los asistentes de Cisco Live pueden registrarse para estas presentaciones iniciando sesión en su cuenta en línea de Cisco Live e ingresando al Catálogo de sesiones.
  4. Demos (World of solutions): como complemento a todas las sesiones de aprendizaje, en el World of Solutions, podrá ver las soluciones de Cisco y sus partners. También podrá encontrar a Meraki en una variedad de demos en todo el Cisco Showcase: 
  • Launch | WiFi 6 Launch
  • Security | Meraki Security
  • Branch | Branch Security & SD-WAN powered by Meraki
  • Branch | Work Simple, Digital Workplace
  • Campus | Assurance in the Cisco Meraki Platform
  • Campus | High Density Wireless for Campus 

        5. Certificaciones: si necesita certificarse en las soluciones Cisco y reforzar su currículum, durante Cisco Live tiene la oportunidad de presentar cualquiera de los exámenes de certificación.

Además de todo lo que podrá aprender en este evento, Cisco Live Cancún también ofrece actividades divertidas y de ocio, como la tradicional carrera de 5 km, sesiones de yoga, el cóctel de apertura del WoS y la fiesta de clausura del evento.

Para más detalles de la participación de Meraki en Cisco Live visite nuestra página del evento y síganos en Twitter @MerakiLatam

Ready for iOS 13 and macOS 10.15 Catalina?

Image source

Are you excited about all the new Apple innovation coming in iOS 13 and macOS 10.15 Catalina? Great, so are we! Both iOS 13 and macOS Catalina are introducing significant changes to Apple’s enterprise management capabilities and we are excited to announce that Cisco Meraki Systems Manager will support new settings and features on both platforms. Here are some of the planned changes coming to Meraki Systems Manager to support iOS 13 and macOS Catalina.

Changes to Device Restrictions

Between iOS 13 and macOS Catalina, Meraki Systems Manager will support a grand total of seventeen device restriction settings changes.  The changes include six new restriction settings and eleven settings that are changing supervision requirements.  

New Restrictions

  • Allow Find My Device in the Find My app (iOS)
  • Allow Find My Friends in the Find My app (iOS)
  • Force Wi-Fi power on (iOS)
  • Allow Files Network Drive Access (iOS)
  • Allow Files USB Drive Access (iOS)
  • Allow continuous path keyboard (iOS)
  • Allow Handoff (New to macOS)

Supervision Requirement Changes

Now Requires Supervision:

  • Allow adding Game Center friends 
  • Allow installing apps
  • Allow use of camera
  • Allow cloud Keychain sync
  • Allow document sync 
  • Allow explicit music and podcasts
  • Allow use of iTunes Store
  • Allow use of Safari
  • Allow users to use saved passwords in Safari and AutoFill Passwords feature
  • Allow Facetime

No Longer Requires Supervision:

  • Allow remote screen observation by the Classroom app 

Restrictions settings that are changing status in iOS 13 and macOS 10.15, will retain their configured effect if an unsupervised device is upgraded. For example, if camera use is blocked by restrictions settings on an unsupervised device running iOS 12.4 and lower, the restriction setting will continue to block the Camera app when the device is upgraded to iOS 13.  

New Settings Updates

Along with the Restrictions payload, Apple has updated a number of different settings with enhanced options to affect behavior on devices. Meraki Systems Manager will also support changes to the following payloads at the time of release:

  • Wi-Fi – Support for WPA3 authentication
  • Exchange ActiveSync – Manage synching of Contacts, Calendars, and Mail independently on iOS
  • Web Content Filter – macOS support for Filter Data Providers
  • Privacy Preferences Policy Control – Manage new permissions in macOS
  • Single App Mode – Manage Voice Control settings on iOS or tvOS

Automated Device Enrollment Changes

Automated Device Enrollment (also known as DEP) will now enforce mandatory enrollment in Meraki Systems Manager.  Also, we have introduced a new option to skip “Dark Mode” setup on iOS and macOS.  

Coming Soon

In the weeks following the launch of iOS 13 and macOS Catalina, Meraki Systems Manager will continue the momentum by rolling out support for more advanced features and functionality. This includes, but is not limited to:

  • Support for brand new macOS Catalina settings payloads
  • New Extensible Single Sign On capabilities to allow for native Apple Kerberos SSO and 3rd-party integration
  • Custom enrollment webpage to more readily personalize and secure the enrollment process on devices

If you would like to learn more about Systems Manager, join us for an upcoming webinar (where you can qualify to earn free System Manager licenses), or call the Meraki sales line to start a risk-free evaluation.

 

New Features and Updates for MV Smart Cameras

As Meraki users are well aware, one of the benefits of the cloud management is seamless updates. We talked about the security benefits of automatic firmware upgrades in our recent blog post, “Security Starts with Simplicity.” Another advantage is getting new features and functionality without doing any extra work. Starting today, MV smart camera users have access to several new and upgraded features designed to make the solution even easier to use, and offer additional value.

Timeline Navigation Changes

The timeline may not be something people think about as a feature, but it’s a core part of how users interact with video. Our goal has been to make that experience as simple as possible. Natural language processing is one example of this — users can type in “yesterday evening” or “a week ago at noon” to access to the corresponding video. Now, users have new options for fluidly navigating the timeline using the scroll wheel on a mouse or the equivalent controls on a touchpad:

  • Zoom in and out by scrolling on a mouse.
  • Move forward or backward in the timeline bar by swiping on a touchpad, or shift+scroll on a mouse.

Finally, in a motion search, slider bars will appear on the timeline to indicate the time range for the results. Search results default to the middle 50% of the current visible timeline bar, and can be adjusted by moving the slider bars or changing the start and end date selectors above the motion search results. Refer to our documentation for more information on timeline navigation.

Motion Alerts 2.0

Motion alerts was one of our most requested features post-launch, and our engineering team granted that wish early last year. Alerts could be scheduled, and configured for the full frame or area of interest. When Motion Recap was released, images were included with motion alert emails to make alerts easier to understand. But our engineering team wasn’t going to stop there. They’ve been working on ways to make motion alerts better by making them more meaningful, and potentially reducing the frequency of false alerts. 

Motion alerts 2.0 offers new tools to select motion sensitivity levels and multiple areas of interest, allowing for greater flexibility. The average expected motion alerts per day are now displayed in the dashboard, making it easy to understand the impact of any configurations made. For more information, check out our motion alerts documentation.

Vehicle Detection

With this new release, MV smart cameras are getting a little smarter. In 2018, we announced advanced analytics with people detection. Now, using the same ML/AI capabilities, MV cameras will be able to detect vehicles in the frame of the camera. The vehicle detection model will be enabled on outdoor cameras (MV72), and vehicle count information will be displayed in the dashboard in the same format as people count is today. 

The ability for the camera to detect vehicles opens a variety of new applications. In addition to being able to discover motion events with vehicles more quickly, vehicle traffic and trends can be easily monitored in areas like parking lots or garages. Vehicle detection data is also available via the MV Sense API, allowing for custom integrations and applications. Check out our MV Object Detection documentation article for more information on vehicle detection.

Camera Field of View in Maps

Rounding out the list of new features is an enhancement to maps and floorplans. In December 2018, we added cameras to maps and floorplans. Now, the camera field of view (FoV) can be displayed for easy reference. The MV32 (fisheye) camera view is indicated by a circle, while other models will have a directional triangle. Simply use your mouse to position the FoV as needed. You’ll find more information about placing cameras in maps and floorplans in our documentation article, here.

How will you use the new features with your MV camera deployment? Share your plans and let us know what you think in the Meraki Community!

A Revolutionary Way to Not Watch Video

When it comes to our favorite shows, riveting movies, or funny cat videos, some of us can’t get enough screen time. But reviewing security camera footage is another matter. When tasked with going through hours of video to understand what happened during a particular incident or situation, most of us want a way to figure it out as quickly as possible.

What if there were a way to see the entirety of an event in a single image? Motion Recap makes this possible.

Motion Recap takes advantage of the Motion Search 2.0 algorithm, which uses background subtraction to isolate motion. Imagine a person walking down an empty street. Things in the background — buildings, signs, trees, or parked cars — remain unchanged. The only thing that changes is the location of that lone individual. Now imagine that activity as a series of still frames. A Meraki MV Smart Camera analyzes those frames to determine what is the same in each — in other words, the background. When the background is removed, what remains frame over frame is the motion (the individual walking).

A lone individual makes their way down the street.

Motion Recap images are composite images, built in-camera, that summarize a motion event. In the example described above, the Motion Recap image is created by superimposing the individual on the background at set intervals as they make their way down the street. This image allows the viewer to understand the entirety of an event with just a glance, instead of watching a 30 second video clip to see that the person did indeed walk down the street.

The path of a delivery person shown in a Motion Recap image

Find What You’re Looking for, Faster

The new Motion Recap feature on MV smart cameras enables users to find answers without having to watch video. Motion Search results are now displayed as Motion Recap images, allowing users to understand what has happened in video, without ever watching it. Say you need to find out who placed this dog toy on the couch in the video feed below. You use Motion Search to select the dog toy, and the Meraki dashboard returns results containing motion in that area.

Who moved the toy? Isolating activity using Motion Search.

Below are the six Motion Search results, returned as Motion Recap images. We can see the toy is on the ground in the top left image, and on the couch in the bottom middle image. In the fourth result, the bottom left, we can see an individual reaching down to pick up the toy and place it on the couch.

Motion Recap images offer answers without watching video.

Motion Recap images are grouped by events, and each image contains up to 30 seconds of motion. Longer events are made up of multiple images. By selecting any Motion Recap image, we can scroll through to view other images, or watch the corresponding video for that event.

Want to see the demo in action? Check out this video to find out how Motion Search and Motion Recap solve the mystery of who stole the MV Gnome in our office.

Motion Recap image from an MV32 fisheye camera

Motion Recap is now available to all customers with second generation MV smart cameras (models ending in -2). Users can toggle between Motion Recap and list view results using the buttons on the right-hand side. Or, if you prefer the list view, disable Motion Recap completely on the “Quality and retention” tab.

Let us know what you think about the new Motion Recap feature in the Meraki Community or request a risk-free evaluation to try out MV for yourself!

Our Topology Icons Speak Volumes

Communicating technical topics to a broad audience can be challenging. Photos, illustrations, and video are all helpful tools designed to simplify complex subjects, but it’s easy to go overboard when describing a product as intricate as a switch or security appliance.

To help everyone represent Cisco Meraki products and related concepts more clearly, Meraki has released a set of official topology icons (in png and svg formats) to encourage collaboration and discussion.

 

Speaking a single language

The icons help to describe key networking ideas more consistently across our entire product line. The products covered include our switches, access points, smart cameras, security and SD-WAN devices, virtual appliances, and other generic networking items. The images can be used freely, with attribution, as a part of the Creative Commons terms of use. We envision the icons being used in topology diagrams for deployment documents, blogs, forums, and social media.

 

Below is a symbol legend for some select icons you will find inside our larger icon set in the Meraki Library.

 

Topology Set Icons

Left-to-Right Arrows for Layer 2 – The two sets of arrows going right and left indicate communication between devices at Layer 2. Available on MS device icons. Example:

 

Diagonal Arrows for Layer 3 – Our Layer 3 icon adds diagonal arrows to indicate the routing capabilities available on MS and MX products. Example:

 

Wireless – The icon represents a device that has Wi-Fi capabilities. Available on MR wireless, select MX security appliances, and Z-Series teleworker appliances. Example:

 

MX SD-WAN and security specific symbols – The MX icon includes symbols for inspecting traffic (magnifying glass), diagonal arrows for routing, and a brick wall for protection against bad actors. Example:

 

Dotted Line for Virtual Appliances – The virtual appliance provides Meraki security and SD-WAN services for migrating IT services to Amazon Web Services and or Microsoft Azure. Example:

 

Server – The server icon has several sub-icons to highlight important characteristics. Available with cloud, directory, domain, file, web, and Meraki servers. Example:

 

If you would like to get started, consider downloading our full icon set to begin incorporating the images into your topology maps, Meraki community messages, personal blogs, and Twitter posts.


Meraki Topology Icons by Cisco Meraki are licensed under a Creative Commons Attribution 4.0 International License.

Ready, Set, Meraki Go

Readers of this blog will be excited to learn that Meraki has recently launched a new WiFi solution for small businesses in single-site locations. Today, we are introducing Meraki Go, a set of WiFi access points tailor-made for small and home businesses, with features to get a business going, all managed by a new easy-to-use app.

Meraki Go enables small business owners to manage their own WiFi needs. With a simple guided onboarding process, users can configure multiple WiFi networks in minutes. This allows shops, restaurants, and cafes to segment their guest and corporate traffic for added security. Meraki Go users can also quickly set usage limits on applications, and block clients from accessing certain websites. This way, small offices with limited bandwidth can prioritize business traffic, and make sure video streaming doesn’t get in the way of work.

As Meraki expands our product offerings, we want to make sure that we’re listening to the needs of our users. This is why we have built the Meraki Go experience from the ground up. With features made for business but an app designed for humans, Meraki Go has the best of both worlds, and we’re excited for you to try it.

All Meraki Go access points will require a subscription (1, 3, or 5 years), which provides access to in-app support, as well as security and app updates.

Check this out on meraki-go.com today, or watch our launch video below.

Meraki MR + Umbrella: A Match Made In the Cloud

The pace at which new security threats are being introduced and propagated online has reached exponential levels, gaining speed with each passing year. Organizations have more locations and devices to protect, and threats are using many different ports to try to gain access or exfiltrate data. Security teams are often understaffed and struggle with complex, siloed systems that do not integrate or share intelligence in a programmatic way. These teams need solutions that are easy to deploy, simple to manage, can scale exponentially, and can integrate with other tools.

Securing your wireless users from malicious attacks — particularly these “DNS blind spots” that exist in many networks and are exploited by 97% of advanced malware — is of paramount importance. Unfortunately, recent surveys indicate that 75% of organizations do not actively monitor and apply security for DNS.

It is within this context that we are excited to announce support for integration between Meraki MR wireless access points (APs) and Cisco Umbrella (formerly OpenDNS).

Umbrella is the industry’s first secure internet gateway, a cloud-delivered first line of defense against threats like malware, ransomware, and phishing.  Umbrella enforces security at the DNS layer by identifying requested web domains hosting nasty stuff — malware, phishing, etc. — and block end user access to them. Umbrella also enables more secure DNS querying through a tool called DNSCrypt, which automatically encrypts DNS queries between your network and Umbrella’s servers, effectively eliminating the chance that your queries will be the victim of eavesdropping or man-in-the-middle (MITM) attacks. This secures the “last mile” of a client’s internet connection, which is often left exposed and vulnerable.

There is no additional cost or charge for taking advantage of this integration (which is available to all Meraki wireless customers who have upgraded to our latest MR26.x firmware), but Meraki wireless customers who wish to integrate with Umbrella will need a separate Umbrella license and account with that service.

 

Enabling Umbrella integration

So, what does this mean for admins of Meraki wireless networks? This integration with Umbrella enables Meraki admins who obtain Umbrella licenses (WLAN, Professional, Insights, or Platform) to seamlessly assign DNS filtering via Meraki group policy or SSID to specific subsets of wireless clients, or to them all.

Enabling Umbrella integration takes only a few steps. First, the Meraki and Umbrella dashboards must be linked via the Umbrella Network Devices API key. Once this API key is generated from within the Umbrella dashboard, it needs to be copied into the Meraki dashboard by navigating to Network-wide > General.

Enabling Meraki + Umbrella integration within the Meraki dashboard.

 

Once the Meraki and Umbrella dashboards have been configured, linking a Meraki SSID or group policy to an Umbrella security policy is easy (note: Meraki group policies must be set to use ‘Custom SSID Firewall & Shaping Rules’ to link an Umbrella policy to them). After this initial setup, a unique identifier is generated behind the scenes for the specified Meraki SSID or group policy and is used by Umbrella to determine how to evaluate traffic from that Meraki network moving forward.

To link a Meraki SSID to an Umbrella policy, navigate to the Wireless > Configure > Firewall & Traffic Shaping section of the Meraki dashboard. There, you will find a button to link Umbrella policies.

Linking an Umbrella policy to a Meraki SSID.

 

By default, the last policy physically listed in the Umbrella dashboard’s ordered policy list will be inherited by a Meraki SSID unless a different policy is selected from the dropdown list.

To link a Meraki group policy to an Umbrella security policy, navigate to the Network > Configure > Group policies page in the Meraki dashboard and choose the specific Meraki group policy that you want to link. Under the ‘Layer 7 firewall rules’ section of that policy, you’ll be able to choose which Umbrella policy you’d like to apply.

Applying an Umbrella DNS policy to the Meraki ‘VIP Umbrella Clients’ group policy.

 

Once a Meraki SSID or group policy has been successfully linked to an Umbrella security policy, clients connecting to that SSID or who have been applied that group policy will have their DNS queries encrypted (if the AP supports 802.11ac) and verified against the corresponding Umbrella policy. Encrypting DNS queries between Meraki APs and Umbrella DNS endpoints helps secure the ‘last mile’ of client web browsing and protects against devastating MITM attacks or packet snooping that can reveal which websites client devices are browsing.

An example Umbrella policy may prohibit access to known malicious web domains or websites that host specific types of content, like gambling or peer-to-peer domains. If the client’s request for access to a given website is allowed, Umbrella will return an encrypted DNS response with the appropriate IP address. If the request is denied, then an encrypted DNS response pointing to the Umbrella block page will be returned instead.

Taken together, Meraki wireless and Umbrella integration provide a significantly more robust security framework for IT admins looking to protect clients from web threats in a more proactive way. Instead of waiting for a malicious site to infect a machine and then using tools like antivirus to detect and remediate, Meraki MR customers can rest easy knowing that they are protected from ever reaching harmful sites in the first place.

Interested customers should contact Meraki Support to have this feature enabled. This feature requires an early-release MR firmware version that can be enabled with Meraki support assistance.

To find out more, speak to a Meraki sales representative today.

Stumptown Coffee Roasters: an MV Case Study

When Portland-based Stumptown Coffee Roasters needed a security camera and monitoring solution for their distributed and rapidly growing operation, they quickly settled on Meraki MV. Stumptown was already using Meraki wireless, switching, SD-WAN, and networking security solutions in their retail environments, so exploring security cameras was an easy decision for Travis Luckey, Stumptown’s former Director of Technology. With their core focus on product quality, Stumptown’s team found real value in having the ability to monitor remote sites and processes while also minimizing the need for onsite visits and troubleshooting. Their cafes and roasting facilities are scattered across the U.S., making centralized management, ease-of-use, and straightforward monitoring from any geographic location key features of the solution they would need.

Original Challenges

  • Stumptown’s headquarters are in Portland, along with some major operations facilities and cafes, but they also have facilities in New York City and Los Angeles, plus a distribution center in Seattle.
  • They needed a solution that would cut down on installation and configuration time while allowing the team to manage the entire operation from a centralized and/or remote location, if needed.
  • Luckey’s team loved the Meraki IT solution and wanted a camera solution with the same benefits.
  • The IT team wanted to be able to give different levels of camera access to various members of the executive, management, and respective operational teams.
  • Existing legacy systems were selected and installed ad hoc by local managers over many years, making it difficult to manage everything.

“Meraki cameras gave us the ability to deploy nationwide and centrally manage a single product platform for security footage.” – Travis Luckey, Director of Technology


An MV71 deployed at Stumptown’s Southeast Portland cafe and roastery location

The Deployment

  • The team installed over 50 indoor and outdoor Meraki cameras.
  • The company has standardized on Meraki cameras for their nationwide deployment.
  • MV cameras are used for both retail security as well as monitoring distribution centers (ten locations in total).
  • Anywhere from two to four cameras were installed at each site alongside a full stack of Meraki networking gear.
  • The IT team loved that there was no DVR infrastructure to install.

“[It’s so easy]…most junior level IT staff are able to do just about all of the configuration and management across our entire Meraki deployment.” – Travis Luckey, Director of Technology

 

Results

  • A small number of dedicated IT staff are able to monitor locations all around the country with minimal training time.
  • Installation is easy enough that the IT team can stage cameras and then ship them to a non-technical Operations Manager for installation, at which point the IT staff helps walk them through the physical deployment.
  • Both Tier 1 technical staff (IT, technical operations, systems administrators) and Tier 2 non-technical staff (Operations, Retail Managers, and company executives) are able to have differing levels of access to video pertinent to their respective roles.
  • During a footage recovery exercise following a bank robbery near a Stumptown location, administrators were able to pull video footage in a matter of minutes; the police officer told Travis this was one of the easiest footage recovery cases he had ever worked on.
  • The IT team now has full visibility into the full deployment from coast-to-coast and can troubleshoot any potential issues with cameras or the network before they grow into bigger business problems.
  • Firmware and security updates roll out seamlessly, with little to no effort required by Travis’s team.
  • Using Meraki cameras, plus the rest of the Meraki networking portfolio, has changed the Helpdesk staff’s roles dramatically. They spend significantly less time troubleshooting, and more time on new projects. The change has been so dramatic that they have changed their titles to IT Business Partners.

“It was really remarkable how easy it was to troubleshoot a potentially business-interrupting problem. I fell in love with the platform at the moment I realized that.” – Travis Luckey, Director of Technology


To learn more about Meraki MV security cameras and how they provide both physical security and advanced analytics in a single package, check out our catalog of free webinars or get in touch with your Meraki rep today.