MX Cloud Managed Security Appliance Series...for classes of users based on Active Directory...
8
Industry-leading Cloud Management • Unified WAN, LAN, and wireless LAN management under a web based dashboard. Scales easily from small deployments to large, multi-site deployments with tens of thousands of devices. • Role-based administration, email alerts for configuration change, connectivity issues and power loss, auditable change logs. • Summary reports with user, device, and application usage details, archived in the cloud. • Quarterly feature updates and enhancements delivered on demand from the Meraki cloud. Branch Gateway Services • Built-in DHCP, NAT, QoS, and VLAN management services. • Link bonding: combines multiple WAN links into a single high- speed interface, with policies for QoS, traffic shaping, and failover. • Layer 3 failover: automatic detection of layer 2 and layer 3 outages and fast failover, including 3G/4G USB modems. • WAN optimization: data redundancy elimination, protocol optimization, and compression provide bandwidth savings up to 99% for Windows filesharing (CIFS), FTP, HTTP, and TCP traffic. Next Generation Firewall Capabilities • Application-aware traffic control: set bandwidth policies based on Layer 7 application type (e.g. YouTube, Skype, P2P). • Content filtering: CIPA compliant category-based filters, configurable for classes of users based on Active Directory membership. • Intrusion detection: PCI compliant IDS sensor using industry-leading Snort database from Sourcefire. • Anti-virus and anti-phishing: flow based protection engine powered by Kaspersky. Auto VPN • Site-to-site VPN: automatic routing table generation, provisioning and key exchange via Meraki’s secure cloud. • Interoperates with standards-based IPsec VPNs. • Client VPN: L2TP IPsec support for native Windows, Mac OS X, iPad and Android clients with no per-user licensing fees. Overview Meraki MX security appliances make it easy to deploy high quality network infrastructure to large number of distributed sites. Since the MX is 100% cloud managed, installation and remote management is simple. The MX also has a comprehensive suite of network services, eliminating the need for multiple boxes. Services include next-generation firewall, content filtering, intrusion detection, WAN optimization, and link bonding and failover. MX Cloud Managed Security Appliance Series
Transcript of MX Cloud Managed Security Appliance Series...for classes of users based on Active Directory...
Industry-leading Cloud Management
• UnifiedWAN,LAN,andwirelessLANmanagementunderawebbaseddashboard.Scaleseasilyfromsmalldeploymentstolarge,multi-sitedeploymentswithtensofthousandsofdevices.
• Role-basedadministration,emailalertsforconfigurationchange,connectivityissuesandpowerloss,auditablechangelogs.
• Summaryreportswithuser,device,andapplicationusagedetails,archivedinthecloud.
• QuarterlyfeatureupdatesandenhancementsdeliveredondemandfromtheMerakicloud.
Branch Gateway Services
• Built-inDHCP,NAT,QoS,andVLANmanagementservices.
• Linkbonding:combinesmultipleWANlinksintoasinglehigh-speedinterface,withpoliciesforQoS,trafficshaping,andfailover.
• Layer3failover:automaticdetectionoflayer2andlayer3outagesandfastfailover,including3G/4GUSBmodems.
• WANoptimization:dataredundancyelimination,protocoloptimization,andcompressionprovidebandwidthsavingsupto99%forWindowsfilesharing(CIFS),FTP,HTTP,andTCPtraffic.
Next Generation Firewall Capabilities
• Application-awaretrafficcontrol:setbandwidthpoliciesbasedonLayer7applicationtype(e.g.YouTube,Skype,P2P).
• Contentfiltering:CIPAcompliantcategory-basedfilters,configurableforclassesofusersbasedonActiveDirectorymembership.
• Intrusiondetection:PCIcompliantIDSsensorusingindustry-leadingSnortdatabasefromSourcefire.
• Anti-virusandanti-phishing:flowbasedprotectionenginepoweredbyKaspersky.
Auto VPN
• Site-to-siteVPN:automaticroutingtablegeneration,provisioningandkeyexchangeviaMeraki’ssecurecloud.
• Interoperateswithstandards-basedIPsecVPNs.
• ClientVPN:L2TPIPsecsupportfornativeWindows,MacOSX,iPadandAndroidclientswithnoper-userlicensingfees.
OverviewMerakiMXsecurityappliancesmakeiteasytodeployhighqualitynetworkinfrastructuretolargenumberofdistributedsites.SincetheMXis100%cloudmanaged,installationandremotemanagementissimple.TheMXalsohasacomprehensivesuiteofnetworkservices,eliminatingtheneedformultipleboxes.Servicesincludenext-generationfirewall,contentfiltering,intrusiondetection,WANoptimization,andlinkbondingandfailover.
MXCloudManagedSecurityApplianceSeries
Meraki, Inc. | 660 Alabama St, San Francsico, CA 94110 | (415) 632-5800 | [email protected]
CloudManagedArchitectureBuiltonMeraki’saward-winningcloudmanagedarchitecture,theMXistheonly100%cloud-managednetworkingandsecurityappliance.MXappliancesself-provision,automaticallypullingpoliciesandconfigurationfromthecloud.Powerfulremotetoolsprovidenetwork-widevisibilityandcontrol,andenableadministrationwithouton-sitenetworkingexpertise.Cloudservicesdeliverseamlessfirmwareandsecuritysignatureupdates,automaticallyestablishsite-to-siteVPNtunnels,andprovide24x7networkmonitoring.Moreover,theMX’sbrowser-basedmanagementdashboardcompletelyeliminatestheneedfortraining.
Redundant Power
Reliable,energy
efficientdesign
WAN Optimization
1TBSATAdisk
Multiple Uplink Ports
Linkbonding/failover
3G/4G Modem Support
Automaticwirelessfailover
10Gb Ethernet/SFP+ Ports
Forswitchconnectivity
Enhanced CPU
Layer3-7firewall
andtrafficshaping
Additional Memory
Forcontentfiltering
Inside the Meraki MX MX400shown,featuresvarybymodel
IroncladSecurityforEdgeNetworksTheMXhardwareplatformispurpose-builtforLayer7deeppacketinspectionattheedge,withadvancedsecurityfeaturesincludingintrusiondetection(IDS),contentfiltering,anti-virus/anti-phishing,andIPsecVPNconnectivity,whileprovidingthethroughputandcapacityformodern,bandwidth-intensivenetworks.
Layer7fingerprintingtechnologyletsadministratorsidentifyunwantedcontentandapplicationsandpreventrecreationalappslikeBitTorrentfromwastingpreciousbandwidth.
TheintegratedSourcefire®Snort®enginedeliverssuperiorintru-siondetectioncoverage,akeyrequirementforPCI2.0compliance.TheMXalsousestheWebroot®BrightCloudURLcategorizationdatabaseforCIPA/IWFcompliantcontent-filtering,andKaspersky®SafeStreamengineforanti-virus/anti-phishingfiltering.
Bestofall,theseindustry-leadingLayer7securityenginesandsignaturesarealwayskeptup-to-dateviathecloud,simplifyingnetworksecuritymanagementandprovidingpeace-of-mindtoITadministrators.
Meraki Cloud Management Architecture Organization Level Threat Assessment
Meraki, Inc. | 660 Alabama St, San Francsico, CA 94110 | (415) 632-5800 | [email protected]
IncreasedReliabilityforDistributedNetworksMultipleWANportswithbalancingandfailoverenabletheuseofredundantcommodityInternetconnections,providingadditionalbandwidthandhigherreliability.Forremotesiteswheremultiplewirelineprovidersaredifficulttosecure,theMerakiMXcanfailoverto3G/4GwirelessInternetconnections.
ReduceBandwidthCostswithWANOptimizationWANoptimizationusesacombinationoftechniquestodramaticallyimproveapplicationperformanceandreducebandwidthrequirementsatremotesites.AllMerakiMXappliancesincludeWANoptimizationatnoadditionalcharge.
TheMX60andMX60WfeaturebasicWANoptimization,whiletheMX80,MX90,MX400,andMX600featureadvancedWANoptimization.BasicWANoptimizationincludeslinkcompressionandprotocoloptimization.
AdvancedWANoptimizationaddsdataredundancyeliminationandcachingforadditionalperformanceimprovements.Merakioptimizesanumberofprotocols,includingWindowsFileSharing(CIFS),FTP,HTTP,andgenericTCPtraffic.Merakiusesauniversaldatastoretomaximizetheeffectivenessofthecache.
Auto Configuring Site-to-Site VPN Application Visibility and Control
User and Device Fingerprints Active Directory Integrated Content Filtering
Link Bonding and FailoverWAN Optimization
Meraki, Inc. | 660 Alabama St, San Francsico, CA 94110 | (415) 632-5800 | [email protected]
Accessories / OpticsSupportedMerakiaccessorymodulesforMX90,MX400andMX600.
Note:MerakiSFP-1GB-SXandSFP-10GB-SRuseLCconnectors.
InterfaceModulesforMX400andMX600
TheMX60WintegratesMeraki’saward-winningwirelesstechnologywiththepowerfulMXnetworksecurityfeaturesinacompactformfactoridealforbranchofficesorsmallenterprises:
• 1x802.11b/g/nor802.11a/nradio,3x3MIMOwith3spatialstreams
• Unifiedmanagementofnetworksecurityandwireless
• Integratedenterprisesecurityandguestaccess
• Application-awaretrafficanalysisandtrafficshaping
AccessoriesTheMerakiMX90,400and600modelssupportpluggableopticsforhigh-speedbackboneorlinkaggregationconnectionsbetweenwiringclosetsortoaggregationswitches.Merakioffersseveralstandards-basedGigabitand10Gigabitpluggablemodules.Eachappliancehasalsobeentestedforcompatibilitywithseveralthird-partymodules.
Pluggable(SFP)OpticsforMX90,MX400,MX600
Model Description
IM-8-CU-1GB Meraki8x1GbECopperInterfaceModuleforMX400andMX600
IM-8-SFP-1GB Meraki8x1GbESFPInterfaceModuleforMX400andMX600
IM-2-SFP-10GB Meraki2x10GbESFP+InterfaceModuleforMX400andMX600
SFP-1GB-SX Meraki1GbESFPSXFiberModule(1000BASE-SX,range:550m)
SFP-10GB-SR Meraki10GbEShortRangeSFP+Module(10GBASE-SR,range:400m)
CBL-TA-1M Meraki10GbETwinaxCablewithSFP+Connectors(10GSFP+Cu,range:1m)
`
MX60WwithIntegratedWireless
MX60Wsecurityappliancewithintegratedwireless
TheZ1telecommutergatewayextendsthepoweroftheMerakiDashboardandcloud-basedcentralizedmanagementtoemployees,ITstaffandexecutiveswork-ingfromhome.
Usingthepatent-pendingMerakiAutoVPN,AdministratorscanextendnetworkservicesincludingVoIPandremotedesktop(RDP)toremoteemployeeswithasingle-click,providewiredandwirelessaccess,andincreaseend-userpro-ductivitythroughLayer7trafficshapingandprioritization.
• 2x802.11a/b/g/nradios,2x2MIMOwith2spatialstreams
• Site-to-site(IPsec)VPNusingtheMerakiAutoVPN
• Layer7applicationvisibilityandtrafficshaping
Fordetailedspecs,pleaseseeZ1datasheet
Z1TelecommuterGateway
Z1Telecommuter
Meraki, Inc. | 660 Alabama St, San Francsico, CA 94110 | (415) 632-5800 | [email protected]
LifetimeWarrantywithNext-dayAdvancedReplacementMerakiMXappliancesincludealimitedlifetimehardwarewarrantythatprovidesnext-dayadvancehardwarereplacement.Meraki’ssimplifiedsoftwareandsupportlicensingmodelalsocombinesallsoftwareupgrades,centralizedsystemsmanagement,andphonesupportunderasingle,easy-to-understandmodel.Forcompletedetails,pleasevisitwww.meraki.com/support.
MX60 / MX60W MX80 MX90 MX400 MX600
Recommendedusecases
Smalloffice/retailbranch(approx.20users)
Mid-sizedoffice(approx.50users)
Mid-sizedoffice(ap-prox.125users)
Datacenter/concentrator(approx.2,000users)
Largedatacenter/concentrator(approx.10,000users)
StatefulFirewallThroughput
100Mbps 250Mbps 500Mbps 1Gbps 2Gbps
AdvancedSecurityThroughput
50Mbps 125Mbps 225Mbps 325Mbps 650Mbps
Maximumsite-to-siteVPNsessions
20 100 200 2,000 5,000
WANInterfaces 1or2xGbE 1or2xGbE 1or2xGbE 1or2xGbE 1or2xGbE
LANInterfaces* 3or4xGbE 3or4xGbE 7or8xGbE2xGbE(SFP)
2or3xGbE 2or3xGbE
AdditionalLANInterfaces
N/A N/A N/A 8xGbE(RJ45)8xGbE(SFP)4x10GbE(SFP+)(2modulesmax)
8xGbE(RJ45)8xGbE(SFP)4x10GbE(SFP+)(2modulesmax)
WANOptimization Basic Advanced Advanced Advanced Advanced
WANOptimizationCache
100MB 1TB 1TB 1TB 4x1TB(RAID)
USBfor3G/4GFailover yes yes yes yes yes
Mounting Desk/Wall 1Urack 1Urack 1Urack 2Urack
Dimensions 9.5”x6.7”x1.14”(239mmx170mmx34mm)
19.0”x10.0“x1.75”(483mmx254mmx44mm)
19.0”x10.0“x1.75”(483mmx254mmx44mm)
19.0”x22.0“x1.75”(483mmx559mmx44mm)
19.0”x22.0“x3.5”(483mmx559mmx89mm)
Weight 3.04lb(1.4kg) 8lb(3.6kg) 9lb(4.1kg) 33lb(15.0kg) 53lb(24.0kg)
PowerSupply 18WDC(included) 100-220V50/60HzAC
100-220V50/60HzAC
100-220V50/60HzAC(dual)
100-220V50/60HzAC(dual)
PowerLoad(idle/max) 4W/10W(MX60)6W/13W(MX60W)
26W/32W 28W/35W 123W/215W 132W/226W
OperatingTemperature 32°Fto104°F(0°Cto40°C)
32°Fto104°F(0°Cto40°C)
32°Fto104°F(0°Cto40°C)
32°Fto104°F(0°Cto40°C)
32°Fto104°F(0°Cto40°C)
Humidity 5%to95% 5%to95% 5%to95% 5%to95% 5%to95%
ProductOptions
*Note:InterfaceLAN1canbetoggledbetweenLANandWAN.
Meraki, Inc. | 660 Alabama St, San Francsico, CA 94110 | (415) 632-5800 | [email protected]
Specifications
Management
ManagedviatheWebusingtheMerakiCloudController
Singlepaneofglassintowiredandwirelessnetworks
No-touchremotedeployment(nostagingneeded)
Automaticfirmwareupgradesandsecuritypatches
Centralizedpolicymanagement
Org-leveltwo-factorauthenticationandsinglesign-on
Rolebasedadministrationwithchangeloggingandalerts
Monitoring and Reporting
Throughput,connectivitymonitoringandemailalerts
Detailedhistoricalper-portandper-clientusagestatistics
Applicationusagestatistics
Org-levelchangelogsforcomplianceandchangemanagement
VPNtunnelandlatencymonitoring
Networkassetdiscoveryanduseridentification
Periodicemailswithkeyutilizationmetrics
Syslogintegration
Remote Diagnostics
Liveremotepacketcapture
Real-timediagnosticandtroubleshootingtools
Aggregatedeventlogswithinstantsearch
Network and Security Services
Statefulfirewall,1:1NAT,DMZ
Site-to-site(IPsec)VPN
Client(IPsecL2TP)VPN
MultipleWANIP,PPPoE,NAT
VLANsupportandDHCPservices
Staticrouting
Useranddevicequarantine
WAN Performance Management
WANlinkaggregation
AutomaticLayer3failover(includingVPNconnections)
3G/4GUSBmodemfailover
Applicationlevel(Layer7)trafficanalysisandshaping
AbilitytochooseWANuplinkbasedontraffictype
WAN Optimization
Byte-levelcaching
Universaldatastorewithdataredundancyelimination
TCPtransportcompressionandoptimization
Protocoloptimization(CIFS,HTTP,FTP)
Note:MX60/MX60WhavebasicWANoptimization,whichincludesprotocoloptimizationandlinkcompression,butlimitedcaching.
Advanced Security Services
Contentfiltering(WebrootBrightCloudCIPAcompliantURLdatabase)
Intrusion-detectionsensor(SourcefireSNORT®based)
Anti-virusengineandanti-phishingfiltering(KasperskySafeStreamIIengine)
Note:AdvancedsecurityservicesrequireAdvancedSecuritylicense.
Integrated Wireless
1x802.11a/b/g/n(2.4GHzor5GHz)
Maxdatarate450Mbit/s
3x3MIMOwith3spatialstreams,beamforming
3externaldual-banddipoleantennas(connectortype:RP-SMA)
Antennagain:[email protected],3.5dBi@5GHz
WPA2-PSKauthentication
Regulatory:FCC(US),IC(Canada),CE(Europe),C-Tick(Australia/NewZealand),RoHS
Note:IntegratedwirelessisonlyavailableontheMX60Wmodel.
Regulatory
FCC(US)
CB(IEC)
CISPR(Australia/NewZealand)
Warranty
Fulllifetimehardwarewarrantywithnext-dayadvancedreplacementincluded.
Meraki, Inc. | 660 Alabama St, San Francsico, CA 94110 | (415) 632-5800 | [email protected]
Model License Description
MX60-HW LIC-MX60-ENT-1YR
LIC-MX60-ENT-3YR
LIC-MX60-ENT-5YR
LIC-MX60-SEC-1YR
LIC-MX60-SEC-3YR
LIC-MX60-SEC-5YR
MerakiMX60,1yearEnterpriseLicenseandSupport
MerakiMX60,3yearEnterpriseLicenseandSupport
MerakiMX60,5yearEnterpriseLicenseandSupport
MerakiMX60,1yearAdvancedSecurityLicenseandSupport
MerakiMX60,3yearAdvancedSecurityLicenseandSupport
MerakiMX60,5yearAdvancedSecurityLicenseandSupport
MX60W-HW LIC-MX60W-ENT-1YR
LIC-MX60W-ENT-3YR
LIC-MX60W-ENT-5YR
LIC-MX60W-SEC-1YR
LIC-MX60W-SEC-3YR
LIC-MX60W-SEC-5YR
MerakiMX60W,1yearEnterpriseLicenseandSupport
MerakiMX60W,3yearEnterpriseLicenseandSupport
MerakiMX60W,5yearEnterpriseLicenseandSupport
MerakiMX60W,1yearAdvancedSecurityLicenseandSupport
MerakiMX60W,3yearAdvancedSecurityLicenseandSupport
MerakiMX60W,5yearAdvancedSecurityLicenseandSupport
MX80-HW LIC-MX80-ENT-1YR
LIC-MX80-ENT-3YR
LIC-MX80-ENT-5YR
LIC-MX80-SEC-1YR
LIC-MX80-SEC-3YR
LIC-MX80-SEC-5YR
MerakiMX80,1yearEnterpriseLicenseandSupport
MerakiMX80,3yearEnterpriseLicenseandSupport
MerakiMX80,5yearEnterpriseLicenseandSupport
MerakiMX80,1yearAdvancedSecurityLicenseandSupport
MerakiMX80,3yearAdvancedSecurityLicenseandSupport
MerakiMX80,5yearAdvancedSecurityLicenseandSupport
MX90-HW LIC-MX90-ENT-1YR
LIC-MX90-ENT-3YR
LIC-MX90-ENT-5YR
LIC-MX90-SEC-1YR
LIC-MX90-SEC-3YR
LIC-MX90-SEC-5YR
MerakiMX90,1yearEnterpriseLicenseandSupport
MerakiMX90,3yearEnterpriseLicenseandSupport
MerakiMX90,5yearEnterpriseLicenseandSupport
MerakiMX90,1yearAdvancedSecurityLicenseandSupport
MerakiMX90,3yearAdvancedSecurityLicenseandSupport
MerakiMX90,5yearAdvancedSecurityLicenseandSupport
MX400-HW LIC-MX400-ENT-1YR
LIC-MX400-ENT-3YR
LIC-MX400-ENT-5YR
LIC-MX400-SEC-1YR
LIC-MX400-SEC-3YR
LIC-MX400-SEC-5YR
MerakiMX400,1yearEnterpriseLicenseandSupport
MerakiMX400,3yearEnterpriseLicenseandSupport
MerakiMX400,5yearEnterpriseLicenseandSupport
MerakiMX400,1yearAdvancedSecurityLicenseandSupport
MerakiMX400,3yearAdvancedSecurityLicenseandSupport
MerakiMX400,5yearAdvancedSecurityLicenseandSupport
MX600-HW LIC-MX600-ENT-1YR
LIC-MX600-ENT-3YR
LIC-MX600-ENT-5YR
LIC-MX600-SEC-1YR
LIC-MX600-SEC-3YR
LIC-MX600-SEC-5YR
MerakiMX600,1yearEnterpriseLicenseandSupport
MerakiMX600,3yearEnterpriseLicenseandSupport
MerakiMX600,5yearEnterpriseLicenseandSupport
MerakiMX600,1yearAdvancedSecurityLicenseandSupport
MerakiMX600,3yearAdvancedSecurityLicenseandSupport
MerakiMX600,5yearAdvancedSecurityLicenseandSupport
OrderingGuideToplaceanorderforanMXappliance,pairaspecifichardwaremodelwithasinglelicense(whichincludescloudservices,softwareupgradesandsupport).Forexample,toorderanMX90with3yearsofAdvancedSecuritylicense,orderanMX90-HWwithLIC-MX90-SEC-3YR.Lifetimewarrantywithadvancedreplacementisincludedonallhardwareatnoadditionalcost.
