Wow, I really didn't expect that these devices will go EOL that soon. What a kick in the a.. for all that bought them recently. Especially as the last day of support is already November 2014.
Luckily I wasn't that fast with replacing my ASA 5505 with one of these units. So I only got a Small-Business-slap with my UC320.
Sent from Cisco Technical Support iPad App
I thought the same thing. Looking at Meraki MX60 going forward in place of ISA/OnPlus combo. I wonder how long it will be around since the Cisco purchase..
Regarding Meraki, considering how much Cisco spent on the acquisition, I would expect it to be around for awhile. Then again, I'm 2 for 2 on the OnPlus and ISA so take my opinion for what it's worth. I won't even mention the Cius and VXC. I've had a tough couple of years.
Sent from Cisco Technical Support iPhone App
Cisco spent a similar amount of $ (adjusted for inflation) for Linksys and how'd that work out for customers? Meraki may have been a $1.2B shopping spree, but customers don't feel safe with Cisco any longer. Very frustrating as a long Cisco supporter.
@Brandon Svec, you'd better look at the MX60 specs before you go down that road. 20 users max! To get more than that you have to fork out $2,000 !!!!!!
i am also looking for alternatives, the MX60 looks not too bad (I also consider Zyxel ZyWall USG 50/100 and Fortinet FortiGate FG-30D/FG-60C).
However, are there any experiences with the Meraki MX60 device (now that it is owned by Cisco and with the experiences we have had with ISA):
How can you look at the MX60 as an ISA500 replacement? Unless you only have 20 users or less and will never have any more this is an overpriced device with no room to grow. To get more than 20 users you must pay $2000 for the next step up and if you're going to do that you are much better off with a real firewall like an ASA5505 or 5510 (if I'm spending $2k on a firewall it'll certainly be an ASA). Cisco just doesn't get it here. SMBs are not going to pay $2k for an MX80 when they were a hard sell for $1000 on an ISA570W. This was a bad decision by Cisco. Sonicwall or Juniper seems to be my next place to look.
It seems like everyone is talking about the Gartner Magic Quadrant these days for some sort of metric on how companies, like Cisco, are doing on producing products (firewalls, utms, etc.). I was just looking at the Aug 2014 UTM Gartner Magic Quadrant and Cisco is not even in the leaders quadrant. Below is the chart, so you can see for yourself. In theory, the companies to do business with are the ones in the upper right quadrant. I am certainly using this as a starting point for replacing my ISA570. Hopefully this will help someone else out with a direction to go in.
Next-Gen UTM devices with application control is what I will be looking for in a new device. I have tested Sophos which was impressive but not well known and I am also looking into CheckPoint, which I have used before, and both are in the upper right quadrant.
I hear your frustration but I disagree with your thought process. Linksys came over to Cisco but they never discontinued much of anything. In fact, that was part of the problem. Linksys made way too many products that competed with itself. Cisco just rebranded all the Linksys products like the RV082.
Then came along the Small Business Pro line that had in-house developers building products. The SA5xx line was doomed from the start, IMHO. It had a slow CPU and didn't load balance anywhere near as well as the far less expensive RV082 did, our go-to small biz router since it first shipped.
The ISA5xx promised far superior performance, IronPort security filtering, and better LAN performance than the RV082 (gigabit vs. 100BaseT). The ISA5xx was an immediate hit with our clients and that was the problem. Instantly the sub-$1000 ISA570W was taking a LOT of business from ASA and the garbage Meraki that Cisco had just purchased was 2-3x more expensive than the ISA570W. Why would anyone fork out for Meraki when they could buy an ISA570W? They didn't! Why would anyone buy an ASA5505 or 5510 with IPSecurity to have failover Internet when they could buy an ISA570W and have dual WAN from the start for much less $? They wouldn't. If I had to bet, Cisco Enterprise put an end to the ISA5xx line not Cisco Small Business Pro.
The problem is the Cisco SBP line has the ability to put out products that beat Cisco Enterprise in the SMB market but Cisco Enterprise has bet the farm on their products that are overpriced and over-featured for the SMB market. I simply will NOT ALLOW a client of mine to fork out the $ for Meraki's stuff that doesn't come close to handling the traffic the ISA570W did.
You're of course right Torsten. I have customers who have been Linksys/Cisco customers for 10+ years who have told me to never offer then Cisco products again! They're fed up with Cisco's lack of vision. The ISA5xx was a stunning device, too stunning. It took too much business from Cisco Enterprise and came with a terrific warranty. Then Cisco sold off Linksys, bought Meraki, expected SMBs to pay 3-6x for lower performing equipment with no guarantees of lifespan. If Cisco would guarantee, in writing, Meraki equipment would be supported for 10 years I'd have customers buying them, but customers no longer trust Cisco. Notice the glaring lack of input here from Cisco reps. I think they know they have a problem but I'm not sure they know how to solve it. Meraki certainly isn't the way.
From my point of view it seems they still don't know that they have a problem. It seems they think with the CISCO glasses: CISCO is CISCO. That's it!
But if you take a look back into the past you will find a lot of #1's which are not longer on the Market now. Only to name a few brands: Sinclair, Comodore, US-Robotics, 3com, Novell and so on...
And what do they did? Exactly the same. Ignore the active and current customers because new customers will bring more money. Newer things have to be more expensive, ignore if these things are better or not than our old things and we don't care about the old things. Old things are history and history is over. OK, today you simply write 3 letters for this: "EOL".
Within business management this way is called as "hard selling". But hard selling almost causes an "hard drop" for the companies.
I don't expect that CISCO will hit the ground but I guess they will stumble. I think it's time for this lesson. And when I watch this thread there is one unique comment: No more trust in CISCO SMB brand.
Hmm... congratulation dear Mr. CISCO! Well done!
Yes, congratulations Cisco, way to piss off your SMB customers. We will not forget!
I am currently using an ISA570 that has 1.5 years of subscription left on it and I am already planning to replace it with something other than Cisco as soon as possible. The device is a total wreck between bad firmware and security updates that will never get fixed because support has ended! Nice job!
I hate to continue with the trend but, i have been a bit disconnected the idea of being an SMB switch sales account manager and not provide a security gateway is less than thrilling. i have a site that has an SA540 that has reach its usefulness. wanted to replace with isa500 series i have being very impress with the boxes and, all that i can do definitely a ASA5505 killer. too bad is eol I don't really care for the meraki mx less than impress with the price is absolutely ridiculous after licensing i don't see any sub 15 user environment paying that money. it would be nice if the meraki genius take over the ISA500 project it is a very cool box. any recommendation and not the sonicwall or watchguard vomit.
I'm currently migrating customers with price in mind to pfSense.
It's free, fast, easy to manage and has the same features like the ISA with the big plus of a CLI with real tcpdump.
Except now you're relying on a computer do to your routing, right? Computers just aren't as reliable as appliances, require a lot more space and power to run, and have to be managed a lot more closely than an appliance. Me personally, I'm sticking to appliances, but they wont' be Cisco appliances so long as corporate hog ties the Small Business division from making a great product that doesn't cost $9000 over 3 years (Meraki's cost that much).
I understand a lot of the frustration here, but let's be real about Meraki price. It is all on their public web page (MSRP) and you can expect 30% off easily as street price. So for example an MX80 (which is way more firewall than an ISA550) with 3 year advanced security is under $4200. That includes the dashboard admin, 24/7 support, lifetime hardware warranty, etc. A closer example would be the MX60 which only $1050 over 3 years with advanced security license. Really, for what you get it is a fantastic value in my opinion.
If anyone reading this hasn't tried it, you should. Here is a link to free trial options and if you attend a webinar they will give you a free AP with three year license to keep. http://goo.gl/05SXsl
I sign up to take a look at the meraki product line. it is stamp cisco, but it appears to be totally separate from cisco. don't try to login with your cisco id doesn't log you in, anyways. so based on the number discussed the MX60 is $1050 over 3years is not bad the only thing i can't see it doesn't do dual wan, and the load balancing like the ISA550/570? I'm sure the mx80 is much better than the ISA's but $4,200 over three year I can not see the small business guy paying that. I may be wrong I think the ASA5512 with firepower is a much better product than the MX80.
It is true that it is not Cisco designed. It was an acquisition a couple years ago for 1.2 billion cash.
All MX series from Z1 to MX600 support dual WAN and a third USB modem that can be used stand alone or as backup. The MX60 is recommended for about 25 users, but many people use it for up to 100. Now I would not say it would support 100 users with heavy use and all security features and VPN and content filtering and layer 7 traffic shaping enabled on a 100mbit WAN, but really would an ISA do that very well?
There is no apples to apples comparison for Meraki, it is really a bit of a unique concept. The management and monitoring and ease of use is a really strong part of their offering.
I am implementing an all Meraki network right now with 3 locations and about 135 combined devices (mostly APs, but also dozens of switches and 3 MX400 firewalls) I was able to configure the whole thing myself in about an hour and have an installer just plugging in equipment and it is being automatically configured as it is plugged in. It may be hard to understand if you haven't tried it. It is NOT like ASA and ASA certainly has some features that Meraki can not do, but Meraki is targeted at customers who don't need particularly complicated networks, but do want all the advanced bells and whistles in the admin and monitoring and reporting interfaces as well as 24/7 enterprise support and lifetime warranty.
Here is a 6 minute overview of the MX series to give you a good overview of all it can do out of the box: https://www.youtube.com/watch?v=GthE4CXR998
Actually Brandon, I find the ISA570W works wonderfully with 100+ users on a dual WAN connection with the fastest at 80+Mbps. The client that's using that has no VPN but they're using all the security features other than antispam and they have heavily configured application control enabled on their guest WiFi that regularly has 50-70 people connected via Cisco Small Business WAPs, that's in addition to 30+ admin machines and a HD webcam that runs 24/7 streaming video to a rebroadcast service.
Anyway, I get their management GUI is part of their offering, but for 99% of small businesses they couldn't care less. They cannot afford thousands upon thousands of $ in WAN equipment from an unproven company (remember, this NOT Cisco equipment, it's an acquisition and Cisco has a habit of buying companies and then discontinuing products). Just like we had no guarantees the ISA500 series would be around for awhile, what guarantees do customers have that Meraki will be? I'm hearing rumblings that sales aren't stellar so how long does Cisco stand by this division if they're not moving tons of product?
What they need is a midway product that supports say 250 users at half the MX100 price point and a written guarantee of a minimum of 5 years of product support and upgrades. Until then, my Cisco customers who jumped on the ISA bandwagon are gun shy that Cisco could shut this down too. Remember, this product, just like the ISA, directly competes with the ASA and Ironport lines not to mention Aironets and Catalyst switches. If Meraki starts taking business from those lines Cisco Enterprise could easily demand they be shut down too, just like it looks like they did with the ISA.
very true, will have to say yes an appliance would be most reliable. what have you found to be comparable to an ISA570 in terms of all the options? I look at the Cisco ASA 5505 the issues is not gigabit, no dual wan, and a bit dated performance wise. yes I personally don't get the Meraki benefit is it better than the ASA?
But it will be 3x the cost of the ISA570 if you want dual WAN, won't do wireless, won't have application filtering, won't have malicious website filtering, won't have much of anything that the ISA did for small businesses for a reasonable price. The Meraki fluff is $9000 over 3 years so it's out and the low end ASAs don't have any of the other features. Cisco just priced itself right out of the small business market for this type of equipment.
Brian, what products and licenses are you basing this $9000 figure on? An MX60 with 3 year advanced license is just over $1000 for three years. 5-10 years gives you an even deeper discount on the license and support side.
I fear you're not comparing apples to apples. It looks as though you're comparing a Ferrari to a SmartCar. By published specs, the MX60 is ONLY rated for 20, that's TWENTY, users max. The ISA570 can handle many more than that, in fact easily in the 200+ range - I have a client using well over 100 at any given time without issue or speed problems on an 80Mbps connection. So first off you have to go to an MX100 not an MX60 to even start comparing apples to apples. I had a long talk with multiple reps at Meraki and they concurred that the MX80 and MX60 were woefully under-powered compared to the ISA570 based on performance specs alone. So now that you're in comparable hardware, let's talk prices:
They're selling SMB hardware at more than enterprise prices. If the MX100 was $2500 with $500/year licensing I'm jump on that immediately. Cisco enterprise equipment has SmartNet contracts that sell for <20% of the cost of the unit/year. A $3,000 ASA-5510 has a yearly SmartNet contract of $605.09 (that's a direct price from CDW for a client of mine who is renewing their contract as we speak).
Simply put, Cisco has NO replacement for the ISA570 that a logical price point that a company willing to buy the ISA570 is going to spend and Cisco sending people to the MX60 is only going to make customers mad when they buy one and find out what it's only capable of handling 20 users at a time, TWENTY! The cheapest Linksys, Belkin, Netgear, etc... home device supports more than 20 users at a time. You couldn't even use a Cisco WAP561 fully populated with max users of 32 WPA2 encrypted users with an MX60. As a consultant there's no way on this planet that I'm willing to risk my reputation on Cisco's recommendation to go to a product that is woefully under-powered and clearly overpriced (their excuse for the pricing was their portal is worth the $ - they can dream all the want, but $10,000 over 3 years for what the ISA would have cost $1000, I'd live with the ISA's GUI).
the ISA was definitively the absolute solution for the small business, I have clients with multiple site with the ISA570/550 combination of main site to branch UC540 with 7975g phones behind it. Remote phone and all the options turn on the ISA's site site dual wan, site to site, sslvpn, IPS, content filtering. the ISA rocks 100% better than the SA520/540 ever did. bringing performance and price point.
I'm not frustrated over eol of ISA can't take personaly. the IT world is all about change. it would have been cool to have something in place that would fit with the rest of the cisco gear the clients already invested plenty on.
If there is a ASA-5506x or ASA-5508xI would like to start looking at the specs
I have some real world experience with Meraki and can tell you one example where I have 3 MX80's for a school using VPN and content filtering and security features with about 200-300 average daily users per site (BYOD mostly ipad, smart phones, etc), but also voip and admin and testing, etc. and it works great. They want to add Meraki switches and APs now. The computer teacher is able to manage the whole network himself and has minimal network knowledge.
Also, keep your eyes open for a new MX product announcement in the next couple weeks.
Ah, but Brandon, a school != small business. I thought the pricing on the ISA was great and an easy sell. Meraki, I'll give them maybe easy management (no experience). Pricing, not so much. Small businesses put on part time employees at those prices.
And I think the ISA looks better in a rack. :p