I received an email asking for details as to why I replaced my Untangle whitebox with a Meraki MX60 security appliance. For those familiar with my lab, this is something I went about doing a little less than a year ago during a lengthy lab refresh. Each time I forklift the security appliance I try to get some significant gains, such as when I migrated from SmoothWall to Untangle.
To be clear, my Untangle firewall was pretty awesome for the years it protected my home and lab. Total investment was under $300 in the hardware – a little Shuttle toaster box – with free software. Back in 2014, I even wrote a post showing folks how to use VLANs with version 9.x (something that didn’t become available until version 10.x). Here’s my original blurb on it:
Untangle is a snazzy and free Linux-based firewall and services device. Using a shopping cart like experience, one can pluck a variety of free and paid applications and drop them on the device. I personally run the virus blocker, spyware blocker, firewall, IPS, and IPsec VPN apps for my home lab on a baby sized Atom box that, although many years old, still purrs like a kitten. This strikes me as rather impressive, since the box is on 24/7 and was built using COTS (commodity off-the-shelf) hardware.
With Untangle, the main complication was their pricing model for enterprise-y features. Chief among them was site-to-site tunneling and client-side VPN, which were always a bit ghetto on Untangle but things I really needed. The complete licensing package for Untangle is just over $500 US per year, which is too rich for my blood.
The other constraint was that my Untangle hardware was really, really old. It was begging for a replacement. 🙂
Rather than specing out another whitebox, I realized I was a bit tired of being the support person for hardware and have been actively seeking solutions that are turn-key, such as my Synology and ioSafe arrays for storage. Most of the security appliances in the market seemed too watered down (home usage) or more like a pet project that required far too much time investment. I value time as one of the most precious and valuable commodities, especially for a device that literally allows me access to the Internet.
As a work-from-home person, this is non-trivial and not something I’m willing to risk. I require a rock solid device that allows me to yell (nicely) at support if it breaks. 🙂
Meraki had made a splash in the market well before Cisco bought them. The idea of having a security appliance that I could fully manage from anywhere was very attractive because I travel frequently. And the MX60w supported the entire gauntlet of features I needed for half the cost of Untangle’s annual license. It’s also a wireless access point, which I use to connect my infrastructure devices (Nest, Sonos speakers, and the like).
After being a Meraki customer for 10+ months, I can say that I’m still a huge fan and have bought more of them for other folks (even at Rubrik). My favorite features thus far include:
- The VPN tunneling is intuitive, easy to setup, and auto-magic when connecting to other Meraki devices.
- The per-client visibility is nice to see what’s eating up bandwidth, or determine if something is being too chatty.
- Being able to control the device over the web or mobile app is incredibly clutch, allowing me to manage several devices from a single account.
Another time saver is having Meraki automatically handle all of my schedule maintenance for me. I can select when it’s OK to push code, and what level of code I want – stable or beta – and they do the rest. As an example, I’m scheduled to get the next round of firmware on February 27th.
Again, less time spent is a huge win for me, because I don’t want to spend time with the device. I just want it to forward good traffic and block bad traffic. 🙂
I’m guessing there are better devices out there that meet someone else’s design requirements. Meraki met mine and I’m very pleased with the device. As a reminder, each environment’s functional design is going to be unique in some ways, so I don’t believe there is a “best way” when it comes to hardware. Buy what makes sense for you, as I did, and go forward from there. Enjoy!
