The Network Equipment Solutions Blog | Hummingbird Networks

Cisco Meraki vMX100 Virtual Firewall Review

Written by Jason Blalock | Aug 31, 2017 1:08:00 PM

Leave it to Meraki to come up with completely new ways to spread their great security systems to the cloud.  In this case, to AWS.

Amazon Web Services (AWS) are, of course, astoundingly popular.  AWS is the most-used cloud-based commercial web host in the world, with a fair number of the most popular websites online -such as Reddit and Netflix- counted among its customers.  The service itself is also remarkably resilient as cloud services go.  Outages are extremely rare, and the service itself has -as far as anyone knows- never been successfully penetrated by cyber-criminals.

However, individual AWS accounts are still potentially vulnerable, as any cloud account may be.  Given the importance of AWS to the Internet as a whole, Meraki has decided to address this problem with the creation of their vMX100 virtual security appliance.  The addition of Cisco Meraki vMX100 virtual firewall to your AWS EC2 instance could greatly boost your own security, along with allowing you to manage your AWS security from the same dashboard as your other Meraki services.

Obviously, the vMX100 is a very niche product.  However, for those this fits, there's nothing else quite like it.  

The Meraki vMX100 - What Is It?

The vMX100 shares series numbering with other MX-series Meraki security devices, but unlike every other Meraki firewall, it's pure software.  There is no physical component.  It is, fundamentally, a plugin which can be freely downloaded from the AWS Marketplace and integrated directly into your EC2 instance.

Once installed into your AWS account, it functions as a virtual site-to-site VPN appliance, allowing extra-secure connections between you and your EC2 instance.  It's functionally equivalent to having a direct secured Ethernet connection to a datacenter, except it's cloud-based and allows direct connection from any device that's part of your Meraki network.

It supports up to 500Mbps of secured throughput, which is more than enough for any mission-critical offsite IT functions like Active Directory, logging, or file services.  the vMX100 also offers the same SD-WAN capabilities as a physical MX-series device, allowing for optimal pathways (via Dynamic Path Selection) between your AWS account and your various other physical network devices.

Then, from there, it simply integrates into your Meraki Dashboard like all other Meraki hardware and appliances.  It eliminates some of the fuss of managing your EC2 instance, while offering greatly improved security across the board to protect any vital assets you have in AWS.

It's Not Actually Free, Is It?

No, it's not.  The software itself can be freely downloaded, but -like all Meraki products- it requires an appropriate service license to operate.  These are available in 1, 3, or 5-year increments, with the 5-year option offering the best overall per-year value.  The only difference here between other MX-series devices is that there's no option for Advanced Security License because the vMX100 doesn't support any of the advanced security features.  It's strictly a VPN system.  

Additionally, as a third party product, it makes no changes to your existing agreement with Amazon.  Whatever fees you're already paying for your AWS account and EC2 usage still apply.

As to whether it's worth it, that's going to largely depend on how much you are already paying for AWS, and just how mission-critical AWS is to your operations.  Never the less, if you do rely on AWS and store a significant amount of critical data in Amazon's servers, you might do well to consider the vMX100 as an insurance policy against loss.

Are Meraki security systems the right choice for your operation?  If you're unsure, just contact Hummingbird Networks for a free consultation on your many security and firewall options.