Meraki Rate-Limits Z1 to 50Mbps

dafyre

@Jason said:

... require more fees for more throughput being used on the same device.

This is what drives me crazy about companies these days... Let me pay for a box that is sized for the network I want. If it can handle more than my current bandwidth, great! Don't make me buy a paper license just because I have a 300Mbit internet connection and your box is rated for 200 megs, but I am aactually seeing the full 300.

This is why I prefer to build my own firewall... Shorewall + Snort (or Suricata) + DansGuardian +ClamAV = Win. (Or you can just use pfSense)... Gotta build a beefy box to make it all run nice and smooth and not choke your internet.... But still probably a far cry cheaper than Palo Altos, et al.

MattSpeller

@dafyre I need to try doing one like that

dafyre

@MattSpeller said:

@dafyre I need to try doing one like that

Not hard to do once you figure out where the pieces go, and which ones to use, lol.

JaredBusch

@MattSpeller said:

@dafyre I need to try doing one like that

I would never do that. I am firmly in the camp of Content filtering belongs on its own thing.

scottalanmiller

Same here, I keep content filtering outside of the firewall / router.

scottalanmiller

@WingCreative said:

@Nic said:

@Jason meraki says it's not a bug - here's there response:

As discussed in our Z1 datasheet (https://meraki.cisco.com/lib/pdf/meraki_datasheet_z1.pdf) the rated throughput for the MX (firewall) is 50Mbps.
Therefore the speeds you are achieving are correct and are within the specifications as outlined in the datasheet.
If you were previously achieving higher speeds and have now seen a drop in performance this may be caused by changes within the new firmware update. However your device is still achieving speeds as specified within the datasheet.

Sounds like someone forgot to flip a "don't go above rated throughput, if they want more they'll pay more" switch in the firmware until today.

That's exactly what it is.

quicky2g

@dafyre said:

@Jason said:

... require more fees for more throughput being used on the same device.

This is what drives me crazy about companies these days... Let me pay for a box that is sized for the network I want. If it can handle more than my current bandwidth, great! Don't make me buy a paper license just because I have a 300Mbit internet connection and your box is rated for 200 megs, but I am aactually seeing the full 300.

This is why I prefer to build my own firewall... Shorewall + Snort (or Suricata) + DansGuardian +ClamAV = Win. (Or you can just use pfSense)... Gotta build a beefy box to make it all run nice and smooth and not choke your internet.... But still probably a far cry cheaper than Palo Altos, et al.

You must have loads of fun troubleshooting all those individual systems when something is blocked that shouldn't be.

dafyre

@quicky2g said:

@dafyre said:

@Jason said:

... require more fees for more throughput being used on the same device.

This is what drives me crazy about companies these days... Let me pay for a box that is sized for the network I want. If it can handle more than my current bandwidth, great! Don't make me buy a paper license just because I have a 300Mbit internet connection and your box is rated for 200 megs, but I am aactually seeing the full 300.

This is why I prefer to build my own firewall... Shorewall + Snort (or Suricata) + DansGuardian +ClamAV = Win. (Or you can just use pfSense)... Gotta build a beefy box to make it all run nice and smooth and not choke your internet.... But still probably a far cry cheaper than Palo Altos, et al.

You must have loads of fun troubleshooting all those individual systems when something is blocked that shouldn't be.

Ha ha ha. Nope. If it's a website, it's DansGuarian. If it's an App, then it is Snort / Suricata blocking it. (In my last build, I used Suricata to block the applications we didn't want on the network).

If it's not Snort / Suricata, then it's the Firewall not allowing outgoing ports.