NGFW - Next Generation Firewall : 

1. • Stateful Firewall 

   • L3 

   • L7 

Geo-based firewalling  : Allow or block traffic by country

Content Filtering

1. • Over 85 website content categories

   • Over 4 billion categorized URLs [updated constantly]

Application based Firewalling : NBAR Version 2 [Enhanced Application visibility ]

• • Nearly 1500+ Application aware firewalling [NBAR 2] 

  • Detailed application insights and policing

  • Traffic Inspection

  • L7 Firewall Rules

  • Traffic Shaping Rules 

  • Strengthens security

  • Application Based Local Internet Breakout (In the future)

  • Application based Traffic Steering (In the future)

SNORT 3 - IDS/IPS

• • Snort IDS/IPS is #1 in the industry for many years. Gartner’s Magic Quadrant 

  • The most widely deployed, with over 4 million downloads open-source variant alone. That doesn’t even take into account the variants running on FirePower, ASA , and MX security appliances.

Cisco AMP - Cisco AMP with optional Threat Grid integration

• • Cisco Advanced Malware Protection is the industry's leading malware protection solution.

  • With a database of over 500 million known files and over 1.5 million new incoming file samples every day.

Cisco Talos Threat Intelligence 

• • The largest commercial threat intelligence teams in the world. Talos Intelligence

  • Talos threat intelligence leads to over 20 million blocked threats per day.

High Availability : Active / Passive with a single License.

Automatic Firmware Upgrades

SD-WAN - Ready

SASE - Ready 

INTEGRATION

• • Cisco AnyConnect

  • Cisco ISE, 

  • Cisco DUO 

  • Cisco ThousandEyes 

  • Cisco Umbrella 

Multiple WAN Port

• • Supports Upto 4 WAN Uplinks

  • 3G/4G Failover

  • Copper/SFP/SFP+ Interfaces [For WAN and LAN]

WAN Link Management [Policy and performance based (WAN) routing]

• • • Load Balancing

    • Automatic Fail over

    • Limiting upload and download traffic through the WAN ports

Traffice Shaping

• • • Internet Speed limit for User/Device/IP/VLAN

    • Smart Path Selection on the basis internet performance

Any-connect

• • • TLS client VPN Support

    • Radius, AD and Client Certificate based authentication

    • Per user policy with RADIUS Filter-ID

    • Split Tunnel

    • Require Anyconnect PLUS License 

L2TP for endpoints

IP-Sec - Tunnels to non-Meraki devices

AutoVPN - Zero-touch site-to-site VPN

L3 Services

• • Configurable VLANs / DHCP support

  • Mandatory DHCP

  • 1:1 and 1:Many NAT and Port Forwarding

Multi-location configuration templates

Netflow support

Active Directory

Syslog integration

Remote Packet Capture tools

APIs : The API is the new language

MX Sizing Guide & Principles

Anyconnect  

• • • • • • AnyConnect on the MX Appliance 

          • Client Download and Deployment

          • AnyConnect Authentication Methods

          • AnyConnect Troubleshooting Guide

          • AnyConnect on ASA vs MX

          • AnyConnect licensing on the MX

          • FAQ 

MX WAN port will do NAPT for outbound traffic and it means that max session is 65k on each WAN port.