PROTECTS  NETWORK AND ASSETS 

• NGFW - Next Generation Firewall

  1. • Stateful Firewall - L3 and L7 aware

• Geo-based firewalling 

  1. • Allow or block traffic by country

• Content Filtering

  1. • Over 85 website content categories

     • Over 4 billion categorized URLs [updated constantly]

• SNORT 3 - IDS/IPS

  1. • Snort IDS/IPS is #1 in the industry for many years. Gartner’s Magic Quadrant 

     • The most widely deployed, with over 4 million downloads open-source variant alone. That doesn’t even take into account the variants running on FirePower, ASA , and MX security appliances.

• Cisco AMP - Cisco AMP with optional Threat Grid integration

  1. • Cisco Advanced Malware Protection is the industry's leading malware protection solution.

     • With a database of over 500 million known files and over 1.5 million new incoming file samples every day.

• Cisco Talos 

  1. • The largest commercial threat intelligence teams in the world. Talos Intelligence

     • Talos threat intelligence leads to over 20 million blocked threats per day.

• High Availability 

  1. • Active / Passive with a single License.

• Automatic Firmware Upgrades

• SD-WAN - Ready

• SASE - Ready [Can be integrated with various products to build a complete SASE Solution]

• INTEGRATION

  1. • Cisco AnyConnect

     • Cisco ISE, 

     • Cisco DUO 

     • Cisco ThousandEyes 

     • Cisco Umbrella - [First line of Defense] [Optional]  

       • Enforcement built into the foundation of the internet. Fast and effective protection against threats such as Malware, Ransomware, Phishing & Command and Control call backs.

       • Resolves 620 billion internet requests a day.

       • Identifies over 60,000 new malicious destinations [domains, IPs, and URLs] daily.

       • Enforce/blocks more than 7 million malicious domains and IPs concurrently with no latency.

BANDWIDTH MANAGEMENT 

• Multiple WAN Port

  • • • Supports Upto 4 WAN Uplinks

      • 3G/4G Failover

      • Copper/SFP/SFP+ Interfaces [For WAN and LAN]

• WAN Link Management [Policy and performance based (WAN) routing]

  • • • Load Balancing

      • Automatic Fail over

      • Limiting upload and download traffic through the WAN ports

• Traffic Shaping

  • • Internet Speed limit for User/Device/IP/VLAN

    • Smart Path Selection on the basis internet performance

VPN SERVICES

• Any-connect

  • • • TLS client VPN Support

      • Radius, AD and Client Certificate based authentication

      • Per user policy with RADIUS Filter-ID

      • Split Tunnel

      • Require Anyconnect PLUS License 

• L2TP for endpoints

• IP-Sec - Tunnels to non-Meraki devices

• AutoVPN - Zero-touch site-to-site VPN

OTHER SERVICES

• L3 Services

  • • Configurable VLANs / DHCP support

    • Mandatory DHCP

    • 1:1 and 1:Many NAT and Port Forwarding

• Multi-location configuration templates

• Netflow support

• Active Directory

• Syslog integration

• Remote Packet Capture tools

• APIs - The CLI is Dead; the API is the new language

• MX Sizing Principles - https://meraki.cisco.com/product-collateral/mx-sizing-guide/?file

• Anyconnect - 

AnyConnect on the MX Appliance 

Client Download and Deployment

AnyConnect Authentication Methods

AnyConnect Troubleshooting Guide

AnyConnect on ASA vs MX

AnyConnect licensing on the MX

FAQ 

Meraki VPN

• MX WAN port will do NAPT for outbound traffic and it means that max session is 65k on each WAN port.