MX Cloud Managed Security Appliance Series
Overview
Datasheet | MX
Cisco Meraki MX Security Appliances are ideal for organizations with large numbers of distributed sites. Since the MX is 100% cloud managed, installation and remote management is simple. The MX has a comprehensive suite of network services, eliminating the need for multiple
appliances. These services include Layer 7 application firewall, content filtering, web search filtering, SNORT® based intrusion prevention, web
caching, Intelligent WAN with multiple uplinks and 4G failover.
FEATURERICH UNIFIED THREAT MANAGEMENT
UTM CAPABILITIES
• Application-aware trac control: set bandwidth policies based on
Layer 7 application type (e.g., YouTube, Skype, P2P).
• Content filtering: CIPA-compliant content filter, safe-seach enforcement
(Google/Bing), and YouTube for Schools.
• Intrusion prevention: PCI-compliant IPS sensor using industry-leading
SNORT® signature database from Cisco Sourcefire.
• Anti-virus and anti-phishing: flow-based protection engine powered
by Kaspersky.
• Identity-based security policies and application management.
INDUSTRYLEADING CLOUD MANAGEMENT
INTELLIGENT SITETOSITE VPN WITH CISCO IWAN
J
• Auto VPN: automatic vpn route generation, IKE/IPsec setup and
key exchange via Cisco Meraki’s secure cloud.
• Intelligent WAN with active / active VPN, policy-based-routing, and
dynamic VPN path selection.
• Interoperates with standards-based IPsec VPNs.
• Automated MPLS to VPN failover.
• Client VPN: L2TP IPsec support for native Windows, Mac OS X,
iPad and Android clients with no per-user licensing fees.
BRANCH GATEWAY SERVICES
• Unified firewall, switching, wireless LAN, and mobile device management through an intuitive web-based dashboard.
• Template based settings scale easily from small deployments to
tens of thousands of devices.
• Role-based administration, configurable email alerts for a variety of
important events, and easily auditable change logs.
• Summary reports with user, device, and application usage
details archived in the cloud.
• Built-in DHCP, NAT, QoS, and VLAN management services.
• Web caching: accelerates frequently accessed content.
• Load balancing: combines multiple WAN links into a single highspeed interface, with policies for QoS, trac shaping, and failover.
• Smart connection monitoring: automatic detection of layer 2 and
layer 3 outages and fast failover, including 3G/4G USB modems.
INSIDE THE CISCO MERAKI MX
MX400 shown, features vary by model
Redundant Power
Reliable, energy
ecient design
Web Caching
1TB SATA disk
Multiple Uplink Ports
Link bonding/failover
3G/4G Modem Support
Automatic wireless failover
Cloud Managed Architecture
Built on Cisco Meraki’s award-winning cloud-managed architecture,
the MX is the industry’s only 100% cloud-managed Unified Threat
Management appliance. MX appliances self-provision, automatically
pulling policies and configuration settings from the cloud. Powerful
remote management tools provide network-wide visibility and
control, and enable administration without the need for on-site
networking expertise.
Cloud services deliver seamless firmware and security signature
updates, automatically establish site-to-site VPN tunnels, and
provide 24x7 network monitoring. Moreover, the MX’s intuitive
browser-based management interface removes the need for
expensive and time-consuming training.
Enhanced CPU
Layer 3-7 firewall
and trac shaping
Additional Memory
For content filtering
10Gb Ethernet/SFP+ Ports
For switch connectivity
Ironclad Security
The MX platform has an extensive suite of security features including
IPS, content filtering, web search filtering, anti-virus / anti-phishing,
geo-IP based firewalling and IPsec VPN connectivity, while providing
the performance required for modern, bandwidth-intensive networks.
Layer 7 fingerprinting technology lets administrators identify
unwanted content and applications and prevent recreational apps
like BitTorrent from wasting precious bandwidth.
The integrated Sourcefire SNORT® engine delivers superior intrusion
prevention coverage, a key requirement for PCI 3.0 compliance. The
MX also uses the Webroot BrightCloud® URL categorization database
for CIPA / IWF compliant content-filtering, Kaspersky Safestream II®
engine for anti-virus / anti-phishing, and MaxMind for geo-IP based
security rules.
Best of all, these industry-leading Layer 7 security engines and
signatures are always kept up-to-date via the cloud, simplifying
network security management and providing peace of mind to
IT administrators.
Organization Level Threat AssessmentCisco Meraki Cloud Management Architecture
2
Cisco Systems, Inc. | 50 0 Terry A. Francois Blvd, San Francisco, CA 94158 | (415) 432-1000 | sales@meraki.com
Auto Configuring Site-to-Site VPN
Next Gen Application Firewall and Trac Visibility
Identity Based Policy Management
End-to-End Network Visibility and Troubleshooting
Intelligent WAN Made Simple
Transport independence
Dual WAN ports with load balancing and failover enable the use of MPLS and redundant, commodity Internet connections, providing additional bandwidth and higher reliability.
3G / 4G failover
The Cisco Meraki MX supports 3G/4G service providers globally for WAN connection failover. Web caching temporarily stores video, media,
and web documents, lowering bandwidth usage and accelerating the download speed of Internet content.
Application optimization
Layer 7 trac shaping, application prioritization optimize the trac for mission-critical applications and user experience.
Intelligent path control
Use dynamic VPN path selection to choose the best VPN uplink based on packet loss, latency, and jitter. Define policies for sending the right
trac through the appropriate path (e.g., send voice via MPLS, http via VPN over broadband).
Secure connectivity
Cisco Meraki’s unique auto provisioning site-to-site VPN (Auto VPN) connects branches securely with unmatched simplicity. MX Security
Appliances automatically learn VPN parameters needed to establish and maintain VPN sessions using a 128-bit AES encryption. A unique
cloud-enabled discovery mechanism enables automatic interconnection of VPN peers and routes across the WAN, and keeps them updated
in dynamic IP environments.
3
Cisco Systems, Inc. | 50 0 Terry A. Francois Blvd, San Francisco, CA 94158 | (415) 432-1000 | sales@meraki.com
Integrated 802.11ac Wireless
The MX64W and MX65W integrate Cisco Meraki’s award-winning
wireless technology with the powerful MX network security features
in a compact form factor ideal for branch oces or small enterprises.
• Dual-band 802.11n/ac, 2x2 MIMO with 2 spatial streams
• Unified management of network security and wireless
• Integrated enterprise security and guest access
Built-in PoE+
The MX65 and MX65W include two ports with 802.3at (PoE+). This
built-in power capability removes the need for additional hardware to
power critical branch devices.
• 2 802.at (PoE+) ports capable of providing a total of 60W
• Power APs, phones, cameras, and other PoE enabled devices
without the need for AC adapters, PoE converters, or unmanaged
PoE switches.
MX65W Security Appliance
MX65 Port Configuration
Z1 Telecommuter Gateway
The Z1 Telecommuter Gateway extends the power of the Cisco
Meraki dashboard and cloud-based centralized management to
employees, IT sta and executives working from home.
Using the patent-pending Cisco Meraki Auto VPN, Administrators can
extend
network services including VoIP and remote desktop (RDP) to remote
employees with a single-click, provide wired and wireless access, and
increase end-user productivity through Layer 7 trac shaping and
prioritization.
• 1 x 802.11b/g/n radio, 1 x 802.11a/n radio, 2x2 MIMO with 2 spatial
streams
• Site-to-site (IPsec) VPN using Cisco Meraki Auto VPN
• Layer 7 application visibility and trac shaping
4
Cisco Systems, Inc. | 50 0 Terry A. Francois Blvd, San Francisco, CA 94158 | (415) 432-1000 | sales@meraki.com
Z1 Telecommuter Gateway
Lifetime Warranty with Next-day Advanced Replacement
Cisco Meraki MX appliances include a limited lifetime hardware warranty that provides next-day advance hardware replacement. Cisco Meraki’s
simplified software and support licensing model also combines all software upgrades, centralized systems management, and phone support
under a single, easy-to-understand model. For complete details, please visit meraki.cisco.com/support.
Product Options
MX64(W) MX65(W) MX84 MX100 MX400 MX600
Recommended
Use Cases
Recommended
Max Clients
Stateful Firewall
Throughput
Advanced Security
Throughput
Maximum
VPN sessions
Interfaces 5 x GbE 12 x GbE (2 PoE+) 10 x GbE
Additional
Interface Modules
Web Caching N/A N/A Ye s Yes Ye s Ye s
Hard Drive* N/A N/A 1 TB 1 TB 1 TB 4 x 1 TB (RAID)
Small retail branch,
small clinic
50 50 200 500 2,000 10,000
250 Mbps 250 Mbps 500 Mbps 750 Mbps 1 Gbps 1 Gbps
200 Mbps 200 Mbps 300 Mbps 650 Mbps 1 Gbps 1 Gbps
25 25 100 250 1,000 5,000
N/A N/A N/A N/A 8 x GbE (RJ45)
Small retail branch,
small clinic
Medium sized
branch
2 x GbE (SFP)
Large branch K-12 firewall /
VPN concentrator
9 x GbE
2 x GbE (SFP)
4 x GbE 4 x GbE
8 x GbE (SFP)
2 x 10GbE (SFP+)
(2 modules max)
Large K-12 firewall,
VPN concentrator
8 x GbE (RJ45)
2 x 10GbE (SFP+)
(2 modules max)
8 x GbE (SFP)
USB for 3G/4G
Failover
Mounting Desk / Wall Desk / Wall 1U rack 1U rack 1U rack 2U rack
Dimensions 9.5” x 5.2” x 1”
Weight 3.04 lb (1.4 kg) 3.37 lb (1.53 kg) 9 lb (4.1kg) 9 lb (4.1kg) 33 lb (15.0 kg) 53 lb (24.0 kg)
Power Supply 18W DC (included) 90W DC (included) 100-220V
Power Load
(idle/max)
Operating
Temperature
Humidity 5% to 95% 5% to 95% 5% to 95% 5% to 95% 5% to 95% 5% to 95%
*Note: Hard drive is used for web caching.
5
Cisco Systems, Inc. | 50 0 Terry A. Francois Blvd, San Francisco, CA 94158 | (415) 432-1000 | sales@meraki.com
Ye s Ye s Yes Ye s Ye s Ye s
(239mm x 132mm x
25mm)
4W / 10W (MX64)
6W / 13W (MX64W)
32°F to 104°F
(0°C to 40°C)
10.0” x 5.2” x 1”
(256mm x 132mm x
25mm)
6W / 72W (MX65)
9W / 79W (MX65W)
32°F to 104°F
(0°C to 40°C)
19.0” x 10.0 “ x 1.75”
(483 mm x 254 mm
x 44 mm)
50/60Hz AC
26W / 32W 30W / 55W 123W / 215W 132W / 226W
32°F to 104°F
(0°C to 40°C)
19.0” x 10.0 “ x 1.75”
(483 mm x 254 mm
x 44 mm)
100-220V
50/60Hz AC
32°F to 104°F
(0°C to 40°C)
19.0” x 22.0 “ x 1.75”
(483 mm x 559 mm
x 44 mm)
100-220V
50/60Hz AC (dual)
32°F to 104°F
(0°C to 40°C)
19.0” x 22.0 “ x 3.5”
(483 mm x 559
mm x 89 mm)
100-220V
50/60Hz AC (dual)
32°F to 104°F
(0°C to 40°C)
Specifications
Management
Managed via the web using the Cisco Meraki dashboard
Single pane-of-glass into managing wired and wireless networks
Zero-touch remote deployment (no staging needed)
Automatic firmware upgrades and security patches
Templates based multi-network management
Org-level two-factor authentication and single sign-on
Role based administration with change logging and alerts
Monitoring and Reporting
Throughput, connectivity monitoring and email alerts
Detailed historical per-port and per-client usage statistics
Application usage statistics
Org-level change logs for compliance and change management
VPN tunnel and latency monitoring
Network asset discovery and user identification
Periodic emails with key utilization metrics
Syslog integration
Remote Diagnostics
Live remote packet capture
Real-time diagnostic and troubleshooting tools
Aggregated event logs with instant search
Network and Security Services
Stateful firewall, 1:1 NAT, DMZ
Identity-based policies
Auto VPN: Automated site-to-site (IPsec) VPN, for hub-and-spoke or mesh topologies
Client (IPsec L2TP) VPN
Multiple WAN IP, PPPoE, NAT
VLAN support and DHCP services
Static routing
User and device quarantine
Advanced Security Services
Content filtering (Webroot BrightCloud CIPA compliant URL database)
Web search filtering (including Google / Bing SafeSearch)
YouTube for Schools
Intrusion-prevention sensor (Sourcefire SNORT® based)
Anti-virus engine and anti-phishing filtering (Kaspersky SafeStream II engine)
Geography based firewall rules (MaxMind Geo-IP database)
Note: Advanced security services require Advanced Security license.
Integrated Wireless (MX64W and MX65W only)
1 x 802.11a/n/ac (5 GHz) radio
1 x 802.11b/g/n (2.4 GHz) radio
Max data rate 1.2 Gbit/s (aggregate)
2 x 2 MIMO with two spatial streams
2 external dual-band dipole antennas (connector type: RP-SMA)
Antenna gain: 3.0 dBi @ 2.4 GHz, 3.5 dBi @ 5 GHz
WEP, WPA, WPA2-PSK, WPA2-Enterprise with 802.1X authentication
FCC (US): 2.412-2.462 GHz, 5.150-5.250 GHz (UNII-1), 5.250-5.350 GHZ (UNII-2), 5.470-
5.725 GHz (UNII-2e), 5.725 -5.825 GHz (UNII-3)
CE (Europe): 2.412-2.484 GHz, 5.150-5.250 GHz (UNII-1), 5.250-5.350 GHZ (UNII-2)
5.470-5.600 GHz, 5.660-5.725 GHz (UNII-2e)
Additional regulatory information: IC (Canada), C-Tick (Australia/New Zealand), RoHS
Power over Ethernet (MX65 and MX65W only)
2 x PoE+ (802.3at) LAN ports
30W maximum per port
Regulatory
FCC (US)
CB (IEC)
CISPR (Australia/New Zealand)
Warranty
Full lifetime hardware warranty with next-day advanced replacement included.
WAN Performance Management
Web caching (not available on the MX64/MX64W and MX65/MX65W)
WAN link aggregation
Automatic Layer 3 failover (including VPN connections)
3G / 4G USB modem failover
Application level (Layer 7) trac analysis and shaping
Ability to choose WAN uplink based on trac type
IWAN: Dual active VPN with policy based routing and dynamic path selection
6
Cisco Systems, Inc. | 50 0 Terry A. Francois Blvd, San Francisco, CA 94158 | (415) 432-1000 | sales@meraki.com
Ordering Guide
To place an order for an MX appliance, pair a specific hardware model with a single license (which includes cloud services, software upgrades
and support). For example, to order an MX64 with 3 years of Advanced Security license, order an MX64-HW with LIC-MX64-SEC-3YR.
Lifetime warranty with advanced replacement is included on all hardware at no additional cost.
MODEL LICENSE DESCRIPTION
MX64-HW
MX64W-HW
MX65-HW
MX65W-HW
MX84-HW
LIC-MX64-ENT-1YR
LIC-MX64-ENT-3YR
LIC-MX64-ENT-5YR
LIC-MX64-SEC-1YR
LIC-MX64-SEC-3YR
LIC-MX64-SEC-5YR
LIC-MX64W-ENT-1YR
LIC-MX64W-ENT-3YR
LIC-MX64W-ENT-5YR
LIC-MX64W-SEC-1YR
LIC-MX64W-SEC-3YR
LIC-MX64W-SEC-5YR
LIC-MX65-ENT-1YR
LIC-MX65-ENT-3YR
LIC-MX65-ENT-5YR
LIC-MX65-SEC-1YR
LIC-MX65-SEC-3YR
LIC-MX65-SEC-5YR
LIC-MX65W-ENT-1YR
LIC-MX65W-ENT-3YR
LIC-MX65W-ENT-5YR
LIC-MX65W-SEC-1YR
LIC-MX65W-SEC-3YR
LIC-MX65W-SEC-5YR
LIC-MX84-ENT-1YR
LIC-MX84-ENT-3YR
LIC-MX84-ENT-5YR
LIC-MX84-SEC-1YR
LIC-MX84-SEC-3YR
LIC-MX84-SEC-5YR
Cisco Meraki MX64, 1 year Enterprise License and Support
Cisco Meraki MX64, 3 year Enterprise License and Support
Cisco Meraki MX64, 5 year Enterprise License and Support
Cisco Meraki MX64, 1 year Advanced Security License and Support
Cisco Meraki MX64, 3 year Advanced Security License and Support
Cisco Meraki MX64, 5 year Advanced Security License and Support
Cisco Meraki MX64W, 1 year Enterprise License and Support
Cisco Meraki MX64W, 3 year Enterprise License and Support
Cisco Meraki MX64W, 5 year Enterprise License and Support
Cisco Meraki MX64W, 1 year Advanced Security License and Support
Cisco Meraki MX64W, 3 year Advanced Security License and Support
Cisco Meraki MX64W, 5 year Advanced Security License and Support
Cisco Meraki MX65, 1 year Enterprise License and Support
Cisco Meraki MX65, 3 year Enterprise License and Support
Cisco Meraki MX65, 5 year Enterprise License and Support
Cisco Meraki MX65, 1 year Advanced Security License and Support
Cisco Meraki MX65, 3 year Advanced Security License and Support
Cisco Meraki MX65, 5 year Advanced Security License and Support
Cisco Meraki MX65W, 1 year Enterprise License and Support
Cisco Meraki MX65W, 3 year Enterprise License and Support
Cisco Meraki MX65W, 5 year Enterprise License and Support
Cisco Meraki MX65W, 1 year Advanced Security License and Support
Cisco Meraki MX65W, 3 year Advanced Security License and Support
Cisco Meraki MX65W, 5 year Advanced Security License and Support
Cisco Meraki MX84, 1 year Enterprise License and Support
Cisco Meraki MX84, 3 year Enterprise License and Support
Cisco Meraki MX84, 5 year Enterprise License and Support
Cisco Meraki MX84, 1 year Advanced Security License and Support
Cisco Meraki MX84, 3 year Advanced Security License and Support
Cisco Meraki MX84, 5 year Advanced Security License and Support
MX100-HW
MX400-HW
MX600-HW
*Note: For each MX product, additional 7 or 10 year Enterprise or Advanced Security licensing options are also available (ex: LIC-MX100-SEC-7YR).
7
Cisco Systems, Inc. | 50 0 Terry A. Francois Blvd, San Francisco, CA 94158 | (415) 432-1000 | sales@meraki.com
LIC-MX100-ENT-1YR
LIC-MX100-ENT-3YR
LIC-MX100-ENT-5YR
LIC-MX100-SEC-1YR
LIC-MX100-SEC-3YR
LIC-MX100-SEC-5YR
LIC-MX400-ENT-1YR
LIC-MX400-ENT-3YR
LIC-MX400-ENT-5YR
LIC-MX400-SEC-1YR
LIC-MX400-SEC-3YR
LIC-MX400-SEC-5YR
LIC-MX600-ENT-1YR
LIC-MX600-ENT-3YR
LIC-MX600-ENT-5YR
LIC-MX600-SEC-1YR
LIC-MX600-SEC-3YR
LIC-MX600-SEC-5YR
Cisco Meraki MX100, 1 year Enterprise License and Support
Cisco Meraki MX100, 3 year Enterprise License and Support
Cisco Meraki MX100, 5 year Enterprise License and Support
Cisco Meraki MX100, 1 year Advanced Security License and Support
Cisco Meraki MX100, 3 year Advanced Security License and Support
Cisco Meraki MX100, 5 year Advanced Security License and Support
Cisco Meraki MX400, 1 year Enterprise License and Support
Cisco Meraki MX400, 3 year Enterprise License and Support
Cisco Meraki MX400, 5 year Enterprise License and Support
Cisco Meraki MX400, 1 year Advanced Security License and Support
Cisco Meraki MX400, 3 year Advanced Security License and Support
Cisco Meraki MX400, 5 year Advanced Security License and Support
Cisco Meraki MX600, 1 year Enterprise License and Support
Cisco Meraki MX600, 3 year Enterprise License and Support
Cisco Meraki MX600, 5 year Enterprise License and Support
Cisco Meraki MX600, 1 year Advanced Security License and Support
Cisco Meraki MX600, 3 year Advanced Security License and Support
Cisco Meraki MX600, 5 year Advanced Security License and Support
Accessories
The Cisco Meraki MX84, MX100, MX400, and MX600 models
support pluggable optics for high-speed backbone connections
between wiring closets or to aggregation switches. Cisco Meraki
oers several standards-based Gigabit and 10 Gigabit pluggable
modules. Each appliance has also been tested for compatibility with
several third-party modules.
Pluggable (SFP) Optics for MX84, MX100, MX400, and MX600
ACCESSORIES / OPTICS
Supported Cisco Meraki accessory modules for MX100, MX400 and MX600.
MODEL DESCRIPTION
IM-8-CU-1GB Cisco Meraki 8 x 1 GbE Copper Interface Module for MX400 and MX600
IM-8-SFP-1GB Cisco Meraki 8 x 1 GbE SFP Interface Module for MX400 and MX600
IM-2-SFP-10GB Cisco Meraki 2 x 10 GbE SFP+ Interface Module for MX400 and MX600
MA-SFP-1GB-SX Cisco Meraki 1 GbE SFP SX Fiber Module (1000BASE-SX, range: 550m)
MA-SFP-10GB-SR Cisco Meraki 10 GbE Short Range SFP+ Module (10GBASE-SR, range: 400m)
Interface Modules for MX400 and MX600
MA-CBL-TA-1M Cisco Meraki 10 GbE Twinax Cable with SFP+ Connectors (10GSFP+Cu, range: 1m)
MA-CBL-TA-3M Cisco Meraki 10 GbE Twinax Cable with SFP+ Connectors (10GSFP+Cu, range: 3m)
Note: Please refer to meraki.com for additional single-mode and multi-mode fiber transceiver modules
8
Cisco Systems, Inc. | 50 0 Terry A. Francois Blvd, San Francisco, CA 94158 | (415) 432-1000 | sales@meraki.com
Loading...