Networking

Review: Cisco Meraki Z3 Grants Teleworking Wishes

Welcome remote workers without leaving the backdoor open to precious IT assets and infrastructure.

Tom Jordan is a solutions architect at the University of Wisconsin–Madison.

The Cisco Meraki Z3 teleworker gateway is an ideal solution for organizations looking to manage remote worker security with confidence and ease. Higher education institutions are increasingly challenged to deliver secure IT services to faculty, staff and students who may need to be off campus due to weather conditions, health problems or work assignments that require travel.

That’s where the Z3, an enterprise-class firewall and VPN gateway, can become a real ace in the hole for accommodating and empowering teleworkers without compromising organizational security.

Network administrators can control the SSIDs that are broadcast by the device and can configure those SSIDs to integrate with institutional authentication servers such as LDAP, Active Directory or RADIUS. For IT shops that use single sign-on, web SSO is supported via SAML, and SSIDs can be configured to require two-factor authentication. A customizable splash page can be created to ask users to acknowledge an acceptable use policy prior to connecting.

Cisco Meraki Z3 Offers Simple Deployment Paired with Effective Security Policy Management

When the Z3 is coupled with the Meraki Cloud, organizations gain impressive capabilities for automated deployment at large scale. The Meraki Cloud allows network administrators to register devices by serial number prior to deployment. Larger deployments allow network administrators to specify an order number, which will add all of the devices automatically on that order. Once the device is registered to the Meraki Cloud, it downloads the configuration and policies specified by the network administrator. This ensures consistent configuration and security policy while greatly reducing the support burden for teleworkers to connect.

The Z3 and Meraki Cloud also ensure the comprehensive application of security policy on network traffic. The AutoVPN feature greatly simplifies configuration of site-to-site VPN tunnels. Layer 7 packet inspection and traffic shaping allow network administrators to apply quality of service policies to prioritize Voice over IP or remote desktop traffic over other traffic. Network administrators can require client VPN connections to the Z3 — in effect, creating a small branch office.

Network administrators can specify wireless LAN settings such as channel selection, radio power and channel width, but can also leave these settings to auto-tune based on the teleworker’s environment. Engineers can also remotely view channel utilization and contention.

Support and Setup for Cisco Meraki Z3

Setting up the Z3 is simple even for nontechnical teleworkers, though organizations may want to supplement the instructions provided in the product packaging. The device can be configured with a static IP via connection to a LAN port, or with DHCP via the WAN uplink port. In the latter configuration, the teleworker simply connects the WAN port to the router or gateway with the included cable, and then powers on the device.

When the device begins to broadcast a Meraki Setup SSID, the teleworker connects a client device to this SSID and completes the setup via the Meraki Dashboard. This allows individual device configuration when the device is deployed in an unmanaged environment.

Supporting remote teleworkers presents a unique set of challenges, and the Z3 and Meraki Cloud provide some specific tools to make it easier. For example, remote packet capture allows a network administrator to capture traffic from the device, and network administrators can send NetFlow data from the device to a NetFlow collector or network management suite. The Z3 can send alerts via email or be integrated with a log aggregator or security information and event management solution via webhooks. Most important, a suite of troubleshooting tools — including remote ping, traceroute (MTR), throughput test, and Domain Name System and Address Resolution Protocol table inspection — is available to help network engineers troubleshoot remotely.

Form Factor for the Cisco Meraki Z3

The Z3 is a small form factor device (6.83x4.41x1.04 inches) that supports up to 5 client devices. It includes a 100-megabit-per-second stateful firewall and is rated for 50Mpbs VPN throughput. Wireless capabilities include a full dual-band 802.11ac Wave 2 array with MU-MIMO and a maximum wireless data rate of 1.3Gbps. The device includes four internal dipole antennas and can support up to four SSIDs.

Wired connectivity is provided by four 1-gigabit-per-second LAN ports, one of which provides 802.3af Power over Ethernet. Wired uplink is provided via a 1Gbps WAN port, and a USB 2.0 port provides the interface for a backup cellular modem.

A Welcome Solution for Home Work

The Meraki Z3 offers organizations an effective platform for providing secure and scalable access to an increasingly remote workforce in higher education. The feature set and deployment processes are well thought out and address the challenges of deploying, maintaining and supporting the institutional network to meet most teleworkers’ needs. When coupled with the Meraki Cloud, the Z3 is a great choice to ‘send home’ with your remote workers.

Cisco Meraki