Meraki MX Security and SD-WAN Licensing

Overview 

The Meraki MX is a multi-functional security & SD-WAN enterprise appliance with a wide set of capabilities to address multiple use cases for organizations of all sizes, in all industries.

Given the range of use cases that can be solved, there are three license options for the MX appliance that provides customers the flexibility to select the license most appropriate for their intended use.

 

Enterprise	Advanced Security	Secure SD-WAN Plus
“All I require is Auto VPN and a firewall”	“I connect directly to the Internet so need a UTM too”	“My business is reliant on SaaS/IaaS/DC served apps”
Essential SD-WAN  Secure connectivity & basic security	All enterprise features Fully featured unified threat management	All advanced security features Advanced analytics with machine learning powered by Meraki Insight Smart SaaS QoE

The licensing structure for MX appliances is the same as that of any other Meraki device – 1:1 ratio of devices to licenses. Pair your chosen MX appliance(s) with the relevant license for your use case

• Enterprise license

OR

• Advanced security license

OR

• Secure SD-WAN Plus license

Features by License Option 

 

Feature	Enterprise	Advanced Security	Secure SD-WAN Plus
Centralized management	✔	✔	✔
Zero-touch firmware updates	✔	✔	✔
True zero-touch provisioning	✔	✔	✔
24x7 enterprise support	✔	✔	✔
Open APIs	✔	✔	✔
Automatic WAN failover	✔	✔	✔
Sub-second site-to-site VPN failover	✔	✔	✔
Sub-second dynamic path selection	✔	✔	✔
Stateful firewall	✔	✔	✔
VLAN to VLAN routing	✔	✔	✔
Advanced Routing	✔	✔	✔
Uplink Load Balancing/failover	✔	✔	✔
3G / 4G cellular failover	✔	✔	✔
Traffic shaping/prioritization	✔	✔	✔
Site-to-site VPN	✔	✔	✔
Client VPN	✔	✔	✔
MPLS to VPN Failover	✔	✔	✔
Splash pages	✔	✔	✔
Configuration templates	✔	✔	✔
Group Policies	✔	✔	✔
Client connectivity alerts	✔	✔	✔
Essential SD-WAN	✔	✔	✔
Source-Based Routing	✔	✔	✔
Local Breakout (IP based)	✔	✔	✔
Geography based firewall rules		✔	✔
Intrusion detection & prevention		✔	✔
Content filtering		✔	✔
YouTube Content Restriction		✔	✔
Web Search Filtering		✔	✔
Cisco Advanced Malware Protection (AMP)		✔	✔
Umbrella DNS Integration**		✔	✔
Threat Grid Integration**		✔	✔
Web App Health Analytics			✔
WAN Health Analytics			✔
VoIP Health Analytics			✔
Smart breakout			✔
SD-Internet			✔

**Requires a separate license

 

---

FAQ 

How are licenses enforced on MX?

The licenses are on a per-model basis. Every MX model has a corresponding license. They are non-transferable between appliance models. For instance, an MX64 license will not be covered by an MX84 license.

 

Can we mix two license types in a single organization?

MX licensing is uniform across an entire Meraki dashboard organization. For instance, if you have 25 MX networks in your organization, you can have 25 Enterprise or Advance Security or Secure SD-WAN Plus licenses but you cannot have 20 MX devices with Enterprise and 5 MX devices with SD-WAN Plus licenses. For such a requirement, the recommended way of deployment would be to create a separate organization for each edition of licenses.

 

Is there a separate license to cover support or device warranty or software upgrades?
Each license is inclusive of device RMA, 24x7 enterprise support, and software upgrades. 

 

Will there be a requirement to pay extra for new features?

New features are added by license type.

• Features added to the enterprise license option will be available free-of-charge to all existing MX customers.
• Features added to the advanced security license option will be available free-of-charge to all existing MX customers with an advanced security or SD-WAN Plus license.
• Features added to the Secure SD-WAN Plus license option will be available free-of-charge to all existing MX customers with an SD-WAN Plus license.

 

Are MX licenses available on both Co-Term and PDL versions?

Yes. All the MX licenses are available under Co-Term as well as PDL (Per Device Licensing). For More information and general differences between the two, please see the documentation on Meraki Licensing.

 

Can you move from one MX license edition to another, for example, Enterprise to Advanced Security or SD-WAN Plus?

Currently, there are two ways to move to a different MX license edition:

• Purchase the desired MX license type (one license for all compatible MXs in the organization) and apply them to the organization which will convert the entire organization to the desired license type. Note: This will adjust your remaining licensing term depending on the license type (duration, MX model, license type etc.)
• Call/email Meraki support and convert the organization to the desired license option. Note: You will have a new co-termination date for your organization with this method.

 

Are free trials available for each of the MX license types?
Yes. Please contact your Meraki Sales representative for more information.

 

How does Warm-Spare MX set up work with the license?
In a network where two MXs are configured in Warm-Spare mode will only require one MX license.

 

Will Meraki Insight be available as a separate license?
Yes. Meraki Insight (included in Secure SD-WAN Plus license by default) will still be available as a separate license.

 

Will new features under Meraki Insight be restricted to the Secure SD-WAN Plus license only?
No. Any new features that released as a part of MI will also be available under separate MI licenses.

 

If I have the Advanced Security license + MI or Enterprise + MI, do I essentially have the new Secure SD-WAN functionality?
No, you will miss out on the new features (present and future) coming under the SD-WAN Plus license. However, you will have more flexibility in being able to move the MI license around between devices.

 

Is MI going to be merged as a Secure SD-WAN Plus license only? Is MI going away?
No. Meraki Insight is available for customers who have different needs.