Meraki Security Gateway has a web facing login

Update: while talking to Cisco they have now disabled the web facing login. Unsure if this is only the case for me. But now no longer able to do that.

I needed a managed router that I know for sure has automatic latest firmware. And also a robust VPN. I don’t have time to mess with PFsense so I went with Cisco Meraki, at least a reputable brand.

Now I quickly realized this has a web facing login and seemingly no way of turning that off. The web facing login also informs the world of my network name, silly enough I did write my organization name to it. I have enabled MFA and used a strong password.

But is it just me but doesn’t this feel like a downgrade security wise to your average consumer hardware which doesn’t respond to any queries from outside? When I don’t use VPN I would rather have the machine not respond to anything.

Are you asking a question here or just talking about your experience with Meraki? Meraki is a commercial solution that assumes a certain level of technical knowledge and competence. It is also relatively expensive so I am a little curious as to why you chose it over something like a netgate firewall running PFsense.

1 Like

There is really no option to disable? A strange approach to the case from oem :confused:

1 Like

Working with Cisco and other brands on a daily basis, Cisco feels like the most ass-backwards of them all (except HPE/Aruba, they are even more special).

There is, it is called plonking a firewall in front of it. It is that stupid.
To make this kind of dumber: The webinterface does not shut down ports, just sets an ACL (of sorts) to drop non-Cisco management traffic.

3 Likes

Wow… From a business perspective, it probably makes sense. :slight_smile:

Client - Hello, we wanted to block access to the xyz option
Cisco - Hello, no problem, you just have to buy our latest firewall model

:smiley:

3 Likes

Yes, no way to disable as Meraki is cloud based and also they do the updates automatically over the internet.

Because I run business and don’t have time to start to learn firewall management.
I could probably pull that off but I could make a mistake.
At least now if my data leaks I can say to client that I am running a firewall that is professionally managed by Cisco and thus I have done everything right in my end.

Then I need to trust Cisco that they have setup the ACL in such a way that hacker cant pretend to be a Cisco management. I would guess they use some kind of public key type of deal.

It is questionable that the login page does adveritise the name of the business as well. Could be a law firm for example who have this installed, no need for hackers to spend time trying to find the IP address of the target as it is clearly labeled.

I know this is stateful firewall and I think the concensus in the web is that this is somewhat of a different level product than your average 50 dollar router and thus is priced as such.

1 Like