Thank you for that. A ton.

Meraki is obviously not following this thread. I spent a lot of time looking for roadmaps and news. They don't want to say "FIPS, the concept breaks our system and putting that burden on every customer for the DoD / DOJ / etc isn't worth it, ever." They should say that.

Cisco should step up and say "ASA and Firepower our our platforms for customers who require FIPS."

I will also be giving up on this, I don't have 15 more months to hope that they support it.

That's your choice. I'll just continue to buy the cheapest FP1010 for FIPS and run Meraki everywhere else until Meraki gets up to speed. I love Meraki and their concepts. Now with the muscle of Cisco, I can wait. I'm patient.

I wish I was in that situation. We aren't in a place where we could run two solutions. 99% of our employees and data requires protection.

I see that the Cisco website shows version 16 of the MX firmware as compliant. I've only seen version 15 so far (beta).

Here is the page on the Cisco site showing version 16 as compliant:

https://www.cisco.com/c/en/us/solutions/industries/government/global-government-certifications/fips-140.html

Is there a "special" beta of version 16 available? Is it perhaps just for some particular physical models?

Thanks

We just need everyone to upgrade to 15.x, then it will become the new stable release, the 14.x train will be dropped, and 16.x will become the new public beta which everyone can use.

@martins@netxuk.com I see from that link that the next beta for wireless, switching and firewalling are all going to be FIPS compliant.

We're running 27.x on MRs, 14.x on MSs* and 15.x on MXs so if the rest of you all follow, as @Philip D'Ath said, we'll have FIPS compliance all the sooner.

*Not on an L3 stack of 3x MS210s as it is sorely unstable on that configuration as of 14.10.'

I'm really glad we held out for Meraki's FIPS compliancy. This is going to just make everything much nicer in my realm.

Thanks cmr,

I work for a Cisco partner and we run beta versions on most of our own Meraki kit already. Got quite a few customers running version 15 on the MX's too.

I've heard on the grape vine that only certain models of MX are going to be FIPS compliant. Don't know if this is down to the physical encryption processors in use. I'd be very happy to hear anything back from Meraki about this.

@martins@netxuk.com I'd think you'll be correct. I imagine some of the smaller older devices (MX64/65 etc.) will not be able to go to MX16 at all or perhaps only in a limited way.

From my Meraki rep,

Meraki MX450, MX250, and any MX6x will become FIPS compliant, but the rest of the MXs will not. So for instance, the MX84 will never be FIPS compliant.

Thanks LandrinLong,

Yeah those model numbers correspond with what I've heard. Shame about the MX84 and MX100 in particular.

For the MX84 and MX100, they are currently in development for replacements that will be FIPS 140-2 compliant that have similar price points and throughput, but the current MX84 and MX100 will not be unfortunately. At least that is what my reps and Cisco/Meraki engineers are telling me.

I'd hope the replacements are somewhat more performant for a similar cost, especially in terms of raw throughout as that would then be a worthwhile improvement.