advertisement
MX Cloud Managed
Security Appliance Series
Overview
Cisco Meraki MX Security Appliances make it easy to deploy high quality network infrastructure to large numbers of distributed sites. Since the MX is 100% cloud managed, installation and remote management is simple. The MX has a comprehensive suite of network services, eliminating the need for multiple appliances. Services include a next-generation firewall, content filtering, web search filtering, intrusion detection, web caching, WAN optimization, and link bonding with failover.
Next Generation Firewall Capabilities
• Application-aware traffic control: set bandwidth policies based on
Layer 7 application type (e.g., YouTube, Skype, P2P).
• Content filtering: CIPA-compliant content filter, web (Google/Bing) search filtering, and YouTube for Schools.
• Intrusion detection: PCI-compliant IDS sensor using industry-leading
Snort database from Sourcefire.
• Anti-virus and anti-phishing: flow-based protection engine powered by Kaspersky.
• Identity-based filtering and application bandwidth management
Auto VPN
• Site-to-site VPN: automatic routing table generation, provisioning and key exchange via Cisco Meraki’s secure cloud.
• Interoperates with standards-based IPsec VPNs.
• Client VPN: L2TP IPsec support for native Windows, Mac OS X, iPad and Android clients with no per-user licensing fees.
Industry-leading Cloud Management
• Unified WAN, LAN, and wireless LAN management through a web- based dashboard. Scales easily from small deployments to large, multi-site deployments with tens of thousands of devices.
• Role-based administration, email alerts on configuration change, connectivity issues and power loss, auditable change logs.
• Summary reports with user, device, and application usage details archived in the cloud.
• Quarterly feature updates and enhancements delivered on demand from the Cisco Meraki cloud.
Branch Gateway Services
• Built-in DHCP, NAT, QoS, and VLAN management services.
• Web caching: accelerates frequently accessed content.
• Link bonding: combines multiple WAN links into a single highspeed interface, with policies for QoS, traffic shaping, and failover.
• Layer 3 failover: automatic detection of layer 2 and layer 3 outages and fast failover, including 3G/4G USB modems.
• WAN optimization: data redundancy elimination, protocol optimization, and compression provide bandwidth savings up to 99%.
Inside the Cisco Meraki MX
MX400 shown, features vary by model
Redundant Power
Reliable, energy efficient design
WAN Optimization
1TB SATA disk
Enhanced CPU
Layer 3-7 firewall and traffic shaping
Additional Memory
For content filtering
Multiple Uplink Ports
Link bonding/failover
3G/4G Modem Support
Automatic wireless failover
10Gb Ethernet/SFP+ Ports
For switch connectivity
Cloud Managed Architecture
Built on Cisco Meraki’s award-winning cloud-managed architecture, the MX is the only 100% cloud-managed networking and security appliance. MX appliances self-provision, automatically pulling policies and configuration settings from the cloud. Powerful remote tools provide network-wide visibility and control, and enable administration without on-site networking expertise.
Cloud services deliver seamless firmware and security signature updates, automatically establish site-to-site VPN tunnels, and provide 24x7 network monitoring. Moreover, the MX’s browserbased management dashboard completely eliminates the need for training.
Ironclad Security for Edge Networks
The MX hardware platform is purpose-built for Layer 7 deep packet inspection, with advanced security features including intrusion detection (IDS), content filtering, web search filtering, anti-virus / antiphishing, and IPsec VPN connectivity, while providing the throughput and capacity for modern, bandwidth-intensive networks.
Layer 7 fingerprinting technology lets administrators identify unwanted content and applications and prevent recreational apps like BitTorrent from wasting precious bandwidth.
The integrated Sourcefire® Snort® engine delivers superior intrusion detection coverage, a key requirement for PCI 2.0 compliance. The
MX also uses the Webroot® BrightCloud URL categorization database for CIPA / IWF compliant content-filtering, and Kaspersky® SafeStream engine for anti-virus / anti-phishing filtering.
Best of all, these industry-leading Layer 7 security engines and signatures are always kept up-to-date via the cloud, simplifying network security management and providing peace-of-mind to
IT administrators.
Cisco Meraki Cloud Management Architecture
2
Organization Level Threat Assessment
Cisco Systems, Inc. | 660 Alabama St, San Francisco, CA 94110 | (415) 432-1000 | [email protected]
Auto Configuring Site-to-Site VPN Next Gen Application Firewall and Traffic Visibility
User and Device Fingerprints Identity Based Policy Management
WAN Optimization Link Bonding and Failover
Increased Reliability with Multiple WAN Links and 3G/4G Failover
Multiple WAN ports with balancing and failover enable the use of redundant commodity Internet connections, providing additional bandwidth and higher reliability. For remote sites where multiple wireline providers are difficult to secure, the Cisco Meraki MX can fail over to 3G/4G wireless Internet connections.
3
Reduce Bandwidth Costs with Web Caching and WAN Optimization
Web caching temporarily stores video, media, and web documents, lowering bandwidth usage and accelerating the download speed of Internet content like YouTube videos and other media.
WAN optimization dramatically improves application performance and reduce bandwidth requirements at remote sites. All Cisco Meraki
MX appliances include WAN optimization at no additional charge. The MX60 and MX60W feature basic WAN optimization, while the MX80,
MX90, MX400, and MX600 feature advanced WAN optimization.
Basic WAN optimization includes link compression and protocol optimization. Link compression reduces TCP traffic by 20% - 30%, and protocol optimization accelerates Windows File Sharing (CIFS), FTP, and HTTP transfers.
Advanced WAN optimization adds high-capacity byte-level caching for additional performance improvements, employing a universal data store to maximize the effectiveness of the cache.
Cisco Systems, Inc. | 660 Alabama St, San Francisco, CA 94110 | (415) 432-1000 | [email protected]
MX60W with Integrated Wireless
The MX60W integrates Cisco Meraki’s award-winning wireless technology with the powerful MX network security features in a compact form factor ideal for branch offices or small enterprises:
• 1x 802.11b/g/n or 802.11a/n radio, 3x3 MIMO with 3 spatial streams
• Unified management of network security and wireless
• Integrated enterprise security and guest access
• Application-aware traffic analysis and traffic shaping
MX60W Security Appliance
Z1 Telecommuter Gateway
Z1 Telecommuter Gateway
The Z1 Telecommuter Gateway extends the power of the Cisco Meraki dashboard and cloud-based centralized management to employees, IT staff and executives working from home.
Using the patent-pending Cisco Meraki Auto VPN, Administrators can extend network services including VoIP and remote desktop (RDP) to remote employees with a single-click, provide wired and wireless access, and increase end-user productivity through Layer 7 traffic shaping and prioritization.
• 1 x 802.11b/g/n radio, 1 x 802.11a/n radio, 2x2 MIMO with 2 spatial streams
• Site-to-site (IPsec) VPN using Cisco Meraki Auto VPN
• Layer 7 application visibility and traffic shaping
For detailed specs, please see the Z1 datasheet
Accessories
The Cisco Meraki MX90, MX400, and MX600 models support pluggable optics for high-speed backbone or link aggregation connections between wiring closets or to aggregation switches. Cisco Meraki offers several standards-based Gigabit and 10 Gigabit pluggable modules.
Each appliance has also been tested for compatibility with several third-party modules.
Interface Modules for MX400 and MX600 Pluggable (SFP) Optics for MX90, MX400, MX600
Accessories / Optics
Supported Cisco Meraki accessory modules for MX90, MX400 and MX600.
Model
IM-8-CU-1GB
IM-8-SFP-1GB
IM-2-SFP-10GB
SFP-1GB-SX
SFP-10GB-SR
CBL-TA-1M
Description
Cisco Meraki 8 x 1 GbE Copper Interface Module for MX400 and MX600
Cisco Meraki 8 x 1 GbE SFP Interface Module for MX400 and MX600
Cisco Meraki 2 x 10 GbE SFP+ Interface Module for MX400 and MX600
Cisco Meraki 1 GbE SFP SX Fiber Module (1000BASE-SX, range: 550m)
Cisco Meraki 10 GbE Short Range SFP+ Module (10GBASE-SR, range: 400m)
Cisco Meraki 10 GbE Twinax Cable with SFP+ Connectors (10GSFP+Cu, range: 1m)
Note: Please refer to meraki.com for additional single-mode and multi-mode fiber transceiver modules
4 Cisco Systems, Inc. | 660 Alabama St, San Francisco, CA 94110 | (415) 432-1000 | [email protected]
Lifetime Warranty with Next-day Advanced Replacement
Cisco Meraki MX appliances include a limited lifetime hardware warranty that provides next-day advance hardware replacement. Cisco Meraki’s simplified software and support licensing model also combines all software upgrades, centralized systems management, and phone support under a single, easy-to-understand model.
For complete details, please visit www.meraki.com/support.
Product Options
Recommended use cases
MX60 / MX60W
Small retail branch, small clinic
(approx. 20 users)
100 Mbps
MX80
Mid size branch,
(approx. 100 users)
MX90
Large branch, 8
LAN ports, 2 SFP
(approx. 250 users)
500 Mbps
MX400
K-12 firewall /
VPN concentrator
(approx. 2,000 users)
1 Gbps
MX600
Large K-12 firewall,
VPN concentrator
(approx. 10,000 users)
2 Gbps Stateful Firewall
Throughput
Advanced Security
Throughput
Maximum site-to-site
VPN sessions
Interfaces
50 Mbps
20
250 Mbps
125 Mbps
50
225 Mbps
125
325 Mbps
2,000
Additional
Interface Modules
5 x GbE
N/A
5 x GbE
N/A
Web Caching
WAN Optimization
N/A
Basic
Hard Drive* N/A
USB for 3G/4G Failover Yes
Mounting
Dimensions
Weight
Power Supply
Desk / Wall
9.5” x 6.7” x 1.14”
(239mm x 170mm x
34mm)
3.04 lb (1.4 kg)
18W DC (included)
Yes
Advanced
1 TB
Yes
1U rack
19.0” x 10.0 “ x 1.75”
(483 mm x 254 mm x 44 mm)
8 lb (3.6kg)
100-220V
50/60Hz AC
26W / 32W Power Load (idle / max) 4W / 10W (MX60)
6W / 13W (MX60W)
Operating Temperature 32°F to 104°F
(0°C to 40°C)
Humidity 5% to 95%
32°F to 104°F
(0°C to 40°C)
5% to 95%
32°F to 104°F
(0°C to 40°C)
5% to 95%
9 x GbE
2 x GbE (SFP)
N/A
4 x GbE
Yes
Advanced
1 TB
Yes
1U rack
19.0” x 10.0 “ x 1.75”
(483 mm x 254 mm x 44 mm)
9 lb (4.1kg)
100-220V
50/60Hz AC
28W / 35W
8 x GbE (RJ45)
8 x GbE (SFP)
4 x 10GbE (SFP+)
(2 modules max)
Yes
Advanced
1 TB
Yes
1U rack
19.0” x 22.0 “ x
1.75” (483 mm x
559 mm x 44 mm)
33 lb (15.0 kg)
100-220V
50/60Hz AC (dual)
123W / 215W
32°F to 104°F
(0°C to 40°C)
5% to 95%
650 Mbps
5,000
4 x GbE
8 x GbE (RJ45)
8 x GbE (SFP)
4 x 10GbE (SFP+)
(2 modules max)
Yes
Advanced
4 x 1 TB (RAID)
Yes
2U rack
19.0” x 22.0 “ x
3.5” (483 mm x
559 mm x 89 mm)
53 lb (24.0 kg)
100-220V
50/60Hz AC (dual)
132W / 226W
32°F to 104°F
(0°C to 40°C)
5% to 95%
*Note: Hard drive is used for web caching and advanced WAN Optimization, which includes byte-level object caching.
5 Cisco Systems, Inc. | 660 Alabama St, San Francisco, CA 94110 | (415) 432-1000 | [email protected]
6
Specifications
Management
Managed via the web using the Cisco Meraki dashboard
Single pane-of-glass into managing wired and wireless networks
No-touch remote deployment (no staging needed)
Automatic firmware upgrades and security patches
Centralized policy management
Org-level two-factor authentication and single sign-on
Role based administration with change logging and alerts
Monitoring and Reporting
Throughput, connectivity monitoring and email alerts
Detailed historical per-port and per-client usage statistics
Application usage statistics
Org-level change logs for compliance and change management
VPN tunnel and latency monitoring
Network asset discovery and user identification
Periodic emails with key utilization metrics
Syslog integration
Remote Diagnostics
Live remote packet capture
Real-time diagnostic and troubleshooting tools
Aggregated event logs with instant search
Network and Security Services
Stateful firewall, 1:1 NAT, DMZ
Identity-based policies
Auto VPN: Automated site-to-site (IPsec) VPN, for hub-and-spoke or mesh topologies
Client (IPsec L2TP) VPN
Multiple WAN IP, PPPoE, NAT
VLAN support and DHCP services
Static routing
User and device quarantine
WAN Performance Management
Web caching
WAN link aggregation
Automatic Layer 3 failover (including VPN connections)
3G / 4G USB modem failover
Application level (Layer 7) traffic analysis and shaping
Ability to choose WAN uplink based on traffic type
Note: Web caching is not available on the MX60 or MX60W models.
WAN Optimization
Byte-level caching
Universal datastore with data redundancy elimination
TCP transport compression and optimization
Protocol optimization (CIFS, HTTP, FTP)
Note: MX60 / MX60W have basic WAN optimization, which includes protocol optimization and link compression, but limited caching.
Advanced Security Services
Content filtering (Webroot BrightCloud CIPA compliant URL database)
Web search filtering (including Google / Bing SafeSearch)
YouTube for Schools
Intrusion-detection sensor (Sourcefire SNORT® based)
Anti-virus engine and anti-phishing filtering (Kaspersky SafeStream II engine)
Note: Advanced security services require Advanced Security license.
Integrated Wireless
1 x 802.11a/b/g/n (2.4 GHz or 5 GHz)
Max data rate 450 Mbit/s
3x3 MIMO with 3 spatial streams, beamforming
3 external dual-band dipole antennas (connector type: RP-SMA)
Antenna gain: 3.0s dBi @ 2.4 GHz, 3.5 dBi @ 5 GHz
WEP, WPA, WPA2-PSK, WPA2-Enterprise with 802.1X authentication
Regulatory: FCC (US), IC (Canada), CE (Europe), C-Tick (Australia/New Zealand), RoHS
Note: Integrated wireless is only available on the MX60W model.
Regulatory
FCC (US)
CB (IEC)
CISPR (Australia/New Zealand)
Warranty
Full lifetime hardware warranty with next-day advanced replacement included.
Cisco Systems, Inc. | 660 Alabama St, San Francisco, CA 94110 | (415) 432-1000 | [email protected]
7
Ordering Guide
To place an order for an MX appliance, pair a specific hardware model with a single license (which includes cloud services, software upgrades and support). For example, to order an MX90 with 3 years of Advanced Security license, order an MX90-HW with LIC-MX90-SEC-3YR.
Lifetime warranty with advanced replacement is included on all hardware at no additional cost.
Model
MX60-HW
MX60W-HW
MX80-HW
MX90-HW
MX400-HW
MX600-HW
License
LIC-MX60-ENT-1YR
LIC-MX60-ENT-3YR
LIC-MX60-ENT-5YR
LIC-MX60-SEC-1YR
LIC-MX60-SEC-3YR
LIC-MX60-SEC-5YR
LIC-MX60W-ENT-1YR
LIC-MX60W-ENT-3YR
LIC-MX60W-ENT-5YR
LIC-MX60W-SEC-1YR
LIC-MX60W-SEC-3YR
LIC-MX60W-SEC-5YR
LIC-MX80-ENT-1YR
LIC-MX80-ENT-3YR
LIC-MX80-ENT-5YR
LIC-MX80-SEC-1YR
LIC-MX80-SEC-3YR
LIC-MX80-SEC-5YR
LIC-MX90-ENT-1YR
LIC-MX90-ENT-3YR
LIC-MX90-ENT-5YR
LIC-MX90-SEC-1YR
LIC-MX90-SEC-3YR
LIC-MX90-SEC-5YR
LIC-MX400-ENT-1YR
LIC-MX400-ENT-3YR
LIC-MX400-ENT-5YR
LIC-MX400-SEC-1YR
LIC-MX400-SEC-3YR
LIC-MX400-SEC-5YR
LIC-MX600-ENT-1YR
LIC-MX600-ENT-3YR
LIC-MX600-ENT-5YR
LIC-MX600-SEC-1YR
LIC-MX600-SEC-3YR
LIC-MX600-SEC-5YR
Description
Cisco Meraki MX60, 1 year Enterprise License and Support
Cisco Meraki MX60, 3 year Enterprise License and Support
Cisco Meraki MX60, 5 year Enterprise License and Support
Cisco Meraki MX60, 1 year Advanced Security License and Support
Cisco Meraki MX60, 3 year Advanced Security License and Support
Cisco Meraki MX60, 5 year Advanced Security License and Support
Cisco Meraki MX60W, 1 year Enterprise License and Support
Cisco Meraki MX60W, 3 year Enterprise License and Support
Cisco Meraki MX60W, 5 year Enterprise License and Support
Cisco Meraki MX60W, 1 year Advanced Security License and Support
Cisco Meraki MX60W, 3 year Advanced Security License and Support
Cisco Meraki MX60W, 5 year Advanced Security License and Support
Cisco Meraki MX80, 1 year Enterprise License and Support
Cisco Meraki MX80, 3 year Enterprise License and Support
Cisco Meraki MX80, 5 year Enterprise License and Support
Cisco Meraki MX80, 1 year Advanced Security License and Support
Cisco Meraki MX80, 3 year Advanced Security License and Support
Cisco Meraki MX80, 5 year Advanced Security License and Support
Cisco Meraki MX90, 1 year Enterprise License and Support
Cisco Meraki MX90, 3 year Enterprise License and Support
Cisco Meraki MX90, 5 year Enterprise License and Support
Cisco Meraki MX90, 1 year Advanced Security License and Support
Cisco Meraki MX90, 3 year Advanced Security License and Support
Cisco Meraki MX90, 5 year Advanced Security License and Support
Cisco Meraki MX400, 1 year Enterprise License and Support
Cisco Meraki MX400, 3 year Enterprise License and Support
Cisco Meraki MX400, 5 year Enterprise License and Support
Cisco Meraki MX400, 1 year Advanced Security License and Support
Cisco Meraki MX400, 3 year Advanced Security License and Support
Cisco Meraki MX400, 5 year Advanced Security License and Support
Cisco Meraki MX600, 1 year Enterprise License and Support
Cisco Meraki MX600, 3 year Enterprise License and Support
Cisco Meraki MX600, 5 year Enterprise License and Support
Cisco Meraki MX600, 1 year Advanced Security License and Support
Cisco Meraki MX600, 3 year Advanced Security License and Support
Cisco Meraki MX600, 5 year Advanced Security License and Support
*Note: For each MX product, additional 7 or 10 year Enterprise or Advanced Security licensing options are also available (ex: LIC-MX90-SEC-7YR).
Cisco Systems, Inc. | 660 Alabama St, San Francisco, CA 94110 | (415) 432-1000 | [email protected]
advertisement
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Related manuals
advertisement