Meraki Security + DNS Security for Remote Office Workers
In the new and crazy working world of constant remote connectivity, companies are scrambling to get their VPN solutions working to support all their users and keep the same level security on their corporate networks. With the Cisco Meraki solution, the smaller MX devices (next-gen firewall) can be sent to remote workers and can be considered small remote offices, providing full SD-WAN access from home. These capabilities can also implemented on the Meraki MR series Access Points (APs) from the dashboard. This allows for workers that are still working at the office on wireless to be protected with the both the Meraki and Cisco Umbrella DNS-security solution. The smaller MX devices can be deployed to a remote worker's house and provide them with home internet access out their existing Internet connection. Next, configure to allow for full SD-WAN access to all the other remote locations that utilize Meraki SD-WAN. From here, Meraki can implement content filtering and that can all be enabled on the dashboard. But why not aspire to deeper level filtering and DNS type security that you most likely have at your on-premise locations? Meet Cisco Umbrella Integration with Meraki All in the Meraki Dashboard! The combination of URL filtering on the Meraki MX with the comprehensive DNS level security from Umbrella provides enterprise-quality internet security for the remote workforce.
Cisco Umbrella now has a full integration with the Meraki Dashboard via an API. This gives the customer or MSP additional information on the dashboard in Meraki. This is fully enabled on the MX and MR devices so wireless at their houses or in the office is fully protected. The integration is simple for when creating the API in Umbrella with the API key and secret (which is displayed once, so keep it safe as you can’t get it again). Once back in the Meraki Dashboard, you can then simply enable the API for Umbrella in the Meraki dashboard, paste in the API key and the secret. Once complete, they are then sync’ed up and you can now have the same company wide security groups and policies at the office and at home. One of the nicer things about the integration between the Meraki and Umbrella policies is that you can create all the Umbrella policies you want to integrate on Meraki from the Meraki dashboard. For these, you no longer need to create the policy in Umbrella if you want to use it on Meraki. At that point, you no longer need to leave the Meraki Dashboard, everything is seen in the “single pane of glass” (I put the quotes because I think at this point everyone is using that term and to a point it is driving me nuts...). To get the Umbrella policies assigned, they can be assigned via a group-policy (MX and MR to specific clients with caveats) or straight to the MX on a per-subnet level. You can also assign the Umbrella policies to specific SSID’s, though that’s only supported on the MR AP’s. So, with all that, you can now create a teleworker deployment for all the remote workers in the company; potentially. A teleworker business solution that fits into the business security mold that your CISO will like, regardless if the worker is at home or in the office with the company’s security policies will be applied. This will then make the teleworker happy and your service desk happy as nothing needs to be installed on the end-user computer for any type of VPN software. I’m not saying this will replace VPN software solutions or should in any given environment, but what it will solve is that for certain people or Execs or the people that customers want to have as a full-time teleworker as they work from home 99% of the time.
This will solution provides them all the benefits of the business security protections (malware, URL filtering, DNS filtering), full SD-WAN access to all corporate locations just from the comfort of their home.
T.J. Mitchell, CCIE #16217
Sr. Network Architect, PTP