Skip to main content
Cisco Meraki

Security and SD-WAN (MX,Z) Features Directory

Security and SD-WAN (MX,Z) Features Directory

Overview

This article describes MX/Z features and their dependencies on MX/Z firmware releases.

Note: All products have a minimum runnable firmware version, and some have a maximum runnable firmware version. Please refer to Product Firmware Version Restrictions for more information.  

The table below explains the platform differentiation:

Use Case

Platform

Compatible Licenses (detailed breakdown)

Security and SD-WAN (multi-WAN, security, wireless, HA, and cellular support)

All MX models (active models

Enterprise, Advanced Security, Secure SD-WAN Plus

Teleworker (single-WAN, basic security, wireless, and cellular support)

All Z models (active models)

Enterprise

Virtual MX (single-WAN and native-cloud hosting)

All vMX models (active models)

Enterprise

Note: There is only one official Beta, Stable Release Candidate, and Stable firmware release. If you see more than one, this means you have patch versions available for nodes running the major versions.

Let's take the following example:

Screen Shot 2022-07-06 at 1.52.57 PM.png 

  • MX 16.16 is the current stable release as of this writing.
  • MX 16.16.3 is the stable patch release for nodes running MX 16.16.
  • MX 15.42.3 is the stable patch release for nodes running MX 15.42.
  • MX 15.44.3 is the stable patch release for nodes running MX 15.44.

Therefore, if your organization does not contain nodes running MX 15.x, then you will not see MX 15.x.y as a firmware upgrade option. Similarly, if your organization does not contain nodes running MX 16.x, then you will not see MX 16.x.y as a firmware upgrade option. 

Stable Release - MX 18.1.X Firmware Features

Feature

Description

Type

Platforms Supported

Minimum Required License Type

AutoVPN enhancements

Stability and performance improvements.

 

Enhancement

Z3, Z3C, MX64, MX64W, MX65, MX65W, MX67, MX67W, MX67C, MX68, MX68W, MX68CW, MX84, MX100, MX250, MX450, MX75, MX85, MX95, MX105, vMX100, vMX-S/M/L, UMB-SIG

Enterprise

Non-Meraki VPN peering with FQDN

This feature enables customers to use FQDN instead of IP while configuring Non-Meraki VPN peers. Using IP addresses can be tedious because with a dynamic IP address, a customer has to manually modify the Non-Meraki VPN settings on the Site-to-Site VPN page.

New Feature

Z3, Z3C, MX64, MX64W, MX65, MX65W, MX67, MX67W, MX67C, MX68, MX68W, MX68CW, MX84, MX100, MX250, MX450, MX75, MX85, MX95, MX105, vMX100, vMX-S/M/L, UMB-SIG

Enterprise

IPv6 (Second Public Release) Support for AMP, Theat Grid, and other UX enhancements New Feature Z3, Z3C, MX64, MX64W, MX65, MX65W, MX67, MX67W, MX67C, MX68, MX68W, MX68CW, MX84, MX100, MX250, MX450, MX75, MX85, MX95, MX105, vMX100, vMX-S/M/L, UMB-SIG, MG51, MG51E Enterprise

Non-Meraki and Meraki VPN exclusions

VPN full-tunnel exclusion is a feature on the MX whereby the administrator can configure rules to determine exceptions to a full-tunnel VPN configuration. The feature applies to both Auto VPN and Non-Meraki VPN (NMVPN) connections.

New Feature

Z3, Z3C, MX64, MX64W, MX65, MX65W, MX67, MX67W, MX67C, MX68, MX68W, MX68CW, MX84, MX100, MX250, MX450, MX75, MX85, MX95, MX105, vMX100, vMX-S/M/L, UMB-SIG

L3 - Enterprise

L7 - Secure SD-WAN Plus

vMX NAT mode

A limited NAT mode capability can be enabled on the vMX in which traffic from the spokes will be NATed to the vMX's IP as it egresses the vMX in to your datacenter.

New Feature

vMX100, vMX-S/M/L, UMB-SIG

Enterprise

Policy Objects GA

The main advantage of Network Objects comes from the single Network Objects management page. Here, we are able to create/modify/delete Network Objects and Groups. This is highly beneficial to network administrators making adjustments to large firewall rulesets.

Enhancement

Z3, Z3C, MX64, MX64W, MX65, MX65W, MX67, MX67W, MX67C, MX68, MX68W, MX68CW, MX84, MX100, MX250, MX450, MX75, MX85, MX95, MX105, vMX100, vMX-S/M/L, UMB-SIG

Enterprise

Adaptive Policy

Traditional segmentation is based on subnets, VLANs and ACL rules. The rule sets are limited to the network which it resides in and is not meant to be globally scalable. Adaptive Policy help address these limitations with micro-segmentation and more.

New Feature

Z3, Z3C, MX64, MX64W, MX65, MX65W, MX67, MX67W, MX67C, MX68, MX68W, MX68CW, MX84, MX100, MX250, MX450, MX75, MX85, MX95, MX105, vMX100, vMX-S/M/L, UMB-SIG

Advanced Security 

ThousandEyes Agent Onboarding the ThousandEyes Agent to our MX family New Feature MX67, MX67W, MX67C, MX68, MX68W, MX68CW, MX75, MX85, MX95, MX105, MX250, MX450 Secure SD-WAN Plus + (more options being discussed)

 

Old Stable Release - MX 17.X Firmware Features

Feature

Description

Type

Platforms Supported

Minimum Required License Type

IPv6 (First Public Release)

IPv6 is an ongoing cross-product initiative for Meraki as IPv4 addresses are being exhausted and with more hosts such as IoT devices requiring addressing, IPv6 provides a new structure to accommodate a larger number of hosts. 

New feature

MX, Z, vMX

Enterprise

NBAR2

Network-Based Application Recognition (NBAR) is an advanced application recognition engine developed by Cisco that utilizes several classification techniques.

Enhancement

MX, Z

Enterprise

Content Filtering Powered by Cisco Talos

This allows the MX’s Content Filtering feature to classify URLs based on web content and threat categories curated by Cisco Talos.

New Feature

MX

Advanced Security

SD-Internet Steering (Top 10 Apps)

Internet traffic policy configuration remains consistent with VPN traffic policy configuration, albeit with different options. There are 2 different SD-Internet policies that can be configured:

  • Custom expression polices
  • Major application polices

New Feature

MX

Secure SD-WAN Plus

Mandatory DHCP

Mandatory DHCP enabled VLANs must request for a DHCP address before gaining access to the network.

New Feature

MX

Enterprise

Enhanced WAN Failover and Failback

Flow failover and failback the instant the primary uplink is deemed reliable.

New Feature

MX

Enterprise

 

ARCHIVE

MX 16.X Firmware Features

Feature

Description

Type

Platforms Supported

Minimum Required License Type

Traffic Analytics Classified by NBAR2

Network-Based Application Recognition (NBAR) is an advanced application recognition engine developed by Cisco that utilizes several classification techniques.

New feature

MX, Z

Enterprise

Cisco AnyConnect 

Introduces native Cisco AnyConnect support from the Meraki dashboard.

New feature

MX, Z, vMX

Enterprise

SD-WAN over Cellular

With this feature in place the cellular connection that was previously only enabled as backup can be configured as an active uplink in the SD-WAN & traffic shaping page.

New Feature

MX

Enterprise

vMX in GCP

vMX deployment in Google Cloud Platform.

New Feature

vMX

Enterprise

PPPoE support

You may need PPPoE if your ISP requires a username and password to access your DSL connection.

New Feature

MX, Z

Enterprise

Enhanced SNORT

Snort version upgrades.

Enhancement

MX

Advanced Security

SD-Internet Steering (L3)

The function of this feature is to steer customer traffic to SaaS or public cloud-based applications over the best-performing WAN connection at the time the traffic is forwarded.

New Feature

MX

Secure SD-WAN Plus

 

MX 15.X Firmware Features

     

    • Was this article helpful?