|Model||Meraki MX 250|
|Recommended Use Cases||Large branch|
|Stateful Firewall Throughput||4Gbps|
|Advanced Security Throughput||2 Gbps|
|Maximum VPN Throughput||1 Gbps|
|Maximum Concurrent VPN Tunnels||3000|
|WAN Interfaces||2 x 10GbE SFP+ 1 x USB (cellular failover1 )|
|LAN Interfaces||8 x GbE (RJ45) 8 x GbE (SFP) 8 x 10GbE (SFP+)|
|Web Caching||128GB (SSD)|
|Mounting||1 U rack|
|Operating Temperature||0°C to 40°C|
More Bandwidth. Less Cost.
The Meraki MX SD-WAN and security appliances are the quickest and easiest way to significantly reduce total WAN costs whilst delivering the desired level of performance for critical cloud applications.
The WAN struggle is real
Branch sites have never demanded as much bandwidth as they do today with global business traffic and SaaS application usage both soaring. This results in legacy business WAN links, such as MPLS, rapidly exceeding the capacity for which they were originally designed.
Welcome to cost effective bandwidth
Take advantage of low-cost WAN links such as broadband and fiber with the Meraki MX to significantly save on WAN costs and deliver the desired level of performance for business critical cloud applications.
With the proliferation of modern applications and mixed-use networks, host and port based security is no longer sufficient. Cisco Meraki's layer 7 "next generation" firewall, included in MX security appliances and every wireless AP, gives administrators complete control over the users, content, and applications on their network.
Layer 7 traffic classification and control
The Cisco Meraki proprietary packet processing engine analyzes network traffic up to and including layer 7, using sophisticated fingerprinting to identify users, content, and applications on the network. Each network flow is categorized, and access control policies are enforced — for example, blocking Netflix and prioritizing video conferencing. By classifying traffic at layer 7, Cisco Meraki's next generation firewall controls evasive, encrypted, and peer-to-peer applications, like BitTorrent or Skype, that cannot be controlled by traditional firewalls. Cisco Meraki's next generation firewall is included in all wireless access points and security appliances.
Intrusion detection engine
Featuring an integrated intrusion detection and prevention (IDS / IPS) engine based on Sourcefire's Snort, the single most widely deployed intrusion detection and prevention technology in the world, Cisco Meraki security appliances protect your network against malicious entities and threats. Using a combination of signature, protocol and anomaly-based inspection methods ensures ironclad security for your network. Leveraging the Cisco Meraki cloud management platform, threat signatures are automatically updated, keeping security always up-to-date.
Identity-based and device-aware security
Device-aware access controls enable administrators to ensure the appropriate level of network access for each class of devices. Layer 7 device fingerprints automatically detect and classify Apple iOS, Android, Windows, Mac OS, and other clients. These fingerprints are integrated into Cisco Meraki firewalls and wireless APs, so that administrators can, for example, apply firewall rules specific to iPads in a Bring Your Own Device (BYOD) network.
Cisco Meraki security appliances feature a powerful category-based content filter, which matches content against millions of URLs in dozens of categories. The Cisco Meraki content filtering engine features native Active Directory integration to apply access controls specific to each class of users. Content lists and application signatures are updated dynamically from the cloud, so that security policies remain up to date even as content and applications change.
Every network is a potential target for malicious attack; Cisco Meraki MX Security Appliances provide best-in-class, easily configurable intrusion prevention to protect yours.
Best-in-class Sourcefire Engine
Every Cisco Meraki MX Security Appliance supports unparalleled threat prevention via the integrated Sourcefire Snort engine. Intrusion prevention (IPS) is performed via rulesets: pre-defined security policies that determine the level of protection needed. Sourcefire refreshes rulesets daily to ensure protection against the latest vulnerabilities—including exploits, viruses, rootkits, and more—and these are pushed via the cloud to MX customers within an hour—no manual staging or patching needed.
Easy Error-free Deployment
Human error can bedevil the best attempts to lock down a network if the security tool used is complex. Enabling and deploying IPS on the MX, however, takes mere seconds and involves only two dashboard clicks: enabling IPS, and selecting a Sourcefire ruleset (threat protection level) to enforce. Since vulnerability definitions are automatically pushed to the MX from the cloud, IT admins can enjoy up-to-date, market leading IPS with minimal effort.
Real-time Graphical Reporting
View IPS security reports from any Internet-accessible device in the Meraki dashboard. Data is presented in real time, allowing IT admins to quickly gauge current threat status—as well as view historical trends—for informed decision-making. Use built-in templates to filter data from the last hour, day, week, or month—or create a custom date range view. Granular, by-the-minute details are also available. View specifics about detected threats and learn about about remediation techniques by following links to CVE, TechNet, and other resources intelligently presented within the Meraki dashboard. Finally, choose to view security threats organization-wide, or drill down for detailed reports on specific networks.
Use reports to identify troublesome clients and applications, make informed firewall or traffic-shaping decisions, provide a security synopsis to management, and gauge overall vulnerability over time.
Cisco Meraki’s unique auto provisioning site-to-site VPN connects branches securely, without tedious manual VPN configuration. Leveraging the power of the cloud, MX Security Appliances configure, monitor, and maintain your VPN so you don't have to.
Auto-provisioning IPsec VPN
Cisco Meraki’s unique auto provisioning site-to-site VPN connects branches securely with complete simplicity. Using IPsec over any wide area network, the MX links your branches to headquarters as well as to one another as if connected with a virtual Ethernet cable. Customers accessing or moving services to the Amazon Web Services cloud can use Auto VPN to connect directly to a virtual MX inside their Virtual Public Cloud.
Cisco Meraki’s sophisticated content filtering enables the users of your network to enjoy the benefits of the Internet while remaining protected from inappropriate or harmful content, maintaining productivity and compliance with applicable business and regulatory requirements.
Identity-based filtering policies
Granular identity based policies can be tailored to specific groups wherever Active Directory is used, with whitelists providing a means to exclude certain users and websites from all filtering. Policy management of AD groups is handled directly in the dashboard, and direct queries of the AD server enable an intuitive interface without the need for AD-based setup or agents, reducing configuration steps and making group-based filtering a breeze.