NGFW - Next Generation Firewall :
Stateful Firewall
L3
L7
Geo-based firewalling : Allow or block traffic by country
Content Filtering
Over 85 website content categories
Over 4 billion categorized URLs [updated constantly]
Application based Firewalling : NBAR Version 2 [Enhanced Application visibility ]
Nearly 1500+ Application aware firewalling [NBAR 2]
Detailed application insights and policing
Traffic Inspection
L7 Firewall Rules
Traffic Shaping Rules
Strengthens security
Application Based Local Internet Breakout (In the future)
Application based Traffic Steering (In the future)
SNORT 3 - IDS/IPS
Snort IDS/IPS is #1 in the industry for many years. Gartner’s Magic Quadrant
The most widely deployed, with over 4 million downloads open-source variant alone. That doesn’t even take into account the variants running on FirePower, ASA , and MX security appliances.
Cisco AMP - Cisco AMP with optional Threat Grid integration
Cisco Advanced Malware Protection is the industry's leading malware protection solution.
With a database of over 500 million known files and over 1.5 million new incoming file samples every day.
Cisco Talos Threat Intelligence
The largest commercial threat intelligence teams in the world. Talos Intelligence
Talos threat intelligence leads to over 20 million blocked threats per day.
High Availability : Active / Passive with a single License.
Automatic Firmware Upgrades
SD-WAN - Ready
SASE - Ready
INTEGRATION
Cisco AnyConnect
Cisco ISE,
Cisco DUO
Cisco ThousandEyes
Cisco Umbrella
Multiple WAN Port
Supports Upto 4 WAN Uplinks
3G/4G Failover
Copper/SFP/SFP+ Interfaces [For WAN and LAN]
WAN Link Management [Policy and performance based (WAN) routing]
Load Balancing
Automatic Fail over
Limiting upload and download traffic through the WAN ports
Traffice Shaping
Internet Speed limit for User/Device/IP/VLAN
Smart Path Selection on the basis internet performance
Any-connect
TLS client VPN Support
Radius, AD and Client Certificate based authentication
Per user policy with RADIUS Filter-ID
Split Tunnel
Require Anyconnect PLUS License
L2TP for endpoints
IP-Sec - Tunnels to non-Meraki devices
AutoVPN - Zero-touch site-to-site VPN
L3 Services
Configurable VLANs / DHCP support
Mandatory DHCP
1:1 and 1:Many NAT and Port Forwarding
Multi-location configuration templates
Netflow support
Active Directory
Syslog integration
Remote Packet Capture tools
APIs : The API is the new language
MX WAN port will do NAPT for outbound traffic and it means that max session is 65k on each WAN port.