Software-defined WAN is a new approach to network connectivity that lowers operational costs and improves resource usage for multi-site deployments, allowing network administrators to use bandwidth more efficiently and ensure the highest possible level of performance for critical applications without sacrificing security or data privacy. For more information on deploying and configuring SD-WAN on the Meraki MX Security Appliance, see the Meraki SD-WAN Deployment Guide.
| Title | Rating | Mindshare | Recommending | |
|---|---|---|---|---|
| Cisco ACI | 4.0 | 15.3% | 85% | 102 interviewsAdd to research |
| Cradlepoint NetCloud | 3.5 | 4.7% | 50% | 4 interviewsAdd to research |
Meraki SD-WAN is software-defined and handles key elements like bandwidth, layer seven applications, and VPN connections via automation. For instance, you can set up and configure auto-mesh connections between sites with minimal effort. The same goes for VLAN configuration; you define it, and the system automates the necessary access lists and rules behind the scenes.
In traditional setups, you'd manually create access control lists and prioritize traffic. With Meraki, it's automated. For example, you can set a rule giving voice packets priority, and Meraki's SD-WAN takes care of it instantly. Voice traffic can be prioritized by directly setting it as a feature or associating it with a specific VLAN. The result is that voice packets have priority while other data traffic utilizes the remaining bandwidth. This dynamic traffic handling is built-in, so you don’t need to write manual rules like you would with other systems.
Dynamic bandwidth allocation ensures that voice traffic always gets priority, while the Auto VPN feature simplifies network setup. The VPN configuration happens automatically, and the system fails to ensure continuous connectivity if you have a redundant connection. Everything is managed, meaning bandwidth and connections are adjusted.
Meraki did the job for what I needed. The key principle to follow is to let the problem drive the solution. Don’t pick a solution and try to force your problem into it. In our case, our needs drove the solution, and Meraki fit those needs best. If I were looking for more throughput, there would be better solutions. For example, Palo Alto and Fortinet can offer higher bandwidth capacities. I sized the solution based on the bandwidth available, which we likely won’t exceed.
The main feature we needed was maintaining the system with minimal staff and without outsourcing support. Defining our needs led us to AutoVPN, which fits our requirement for minimal support. Meraki was the right product to meet these needs. If your priority is backend traffic and bandwidth, and you don’t need to filter traffic and scan for malware, geofence, or mesh networks, there are better options with more capacity. But that wasn’t our need.
The real issue is that many people pick a solution and try to adapt their business model, which is the wrong approach. In the long run, that limits you.
I've had no issues with stability.
When planning, I considered whether I might expand from one site to ten or even a hundred sites. The solution allows the deployment of equipment for any number of sites—one, ten, or a hundred. Once the equipment is online, it becomes fully meshed within fifteen minutes.
The response time from contacting TAC is under five minutes. Email follow-ups are also quite timely if you choose that route. I’ve never had issues with their tech support, and everyone I've interacted with has been more than capable.
Positive
We handled everything in-house, and based on my 27 years of experience, I’ve looked at Cisco. For about 20 years, Cisco routers were the industry standard. Cisco remains a benchmark for routers. If you’re looking for firewall solutions or a security appliance, a router becomes a hybrid between firewalls, IDS, and routers.
Of all the solutions I’ve evaluated, Meraki is the simplest in terms of ease of use for setup and configuration. If it's the right product for your needs, I revamped an entire wide-area network over the course of a couple of months. In total, the time spent configuring everything was less than a week.
You should have a solid understanding of networking, including wider networking concepts and security, like content filtering, geofencing, and traffic limits. Knowledge of VLANs is also helpful, but you need to plan everything before implementing it. While you can always add features later, planning for them from the start is much easier.
Once you understand the capabilities, allowing them in the future is a good idea. Assume you’ll need them and activate the necessary features upfront. When the time comes, you only need to configure them; no major reconfiguration will be required. If you do need them later, it’s much easier if they’ve already been enabled.
If you plan to use VLANs, enable the feature even if you don't need it right away. If you end up needing it later, the capability will already be in place, which is important because it can impact various settings across the system.
Over the years, I’ve learned that you often need features you didn't initially anticipate as sites grow. It's better to enable these features in advance rather than turning them on later, which can affect other parts of the routing configuration. By planning for these features upfront, you avoid the complexity and potential disruptions of reconfiguring things later.
The return on investment is strong due to the reduced need for maintenance staff. Even without negotiating maintenance contracts and pricing, the fact that I require fewer support personnel helps the cost. The reduction in outside support costs helps offset the maintenance expenses. We also replaced our phone equipment with a VoIP integrated into the Meraki platform. The cost savings from both this and the reduced need for external support nearly cover the maintenance costs.
They’re competitive across the board. For larger deployments, they’re open to negotiating terms.
Maintaining firmware can be challenging for a one-person operation managing nine different security appliances across nine sites. It allows me to schedule firmware updates for off-hours. If I forget, Cisco Meraki will push and schedule updates for me if the firmware nears its support expiration date. I can schedule upgrades through the portal after hours or in the middle of the night, and Meraki will handle the process.
If I need to make changes, I can view all my devices using the centralized portal. I can define the configurations and then apply them to individual devices or replicate them across multiple devices. Once I push and save the configuration changes, they are distributed to all the devices within two to five minutes.
Overall, I rate the solution a ten out of ten.
