The Meraki Insight product is designed to give Meraki customers an easy way to monitor the performance of Web Applications and WAN Links on their network and easily identify if any issues are likely being caused by the network or application. The goal of Meraki Insight is to provide end-to-end visibility to the customers and make sure they have assurance for the mission-critical traffic of the network.
The Web Application information is presented in a series of easy to understand graphs and charts that can clearly show if performance issues are being introduced within the local network or if the performance issues are the result of something at the Application or WAN level.
On the other hand, WAN Health will show which uplinks are critical in terms of performance or utilization and will flag those uplinks so that users can monitor how their ISP connections across the organization are performing so users can prioritize working on the connections that need more attention.
Meraki Insight requires the MX to be running a minimum firmware build of MX 14.20 or greater (14.21 or higher is recommended). Please refer to our Managing Firmware Upgrades article for more information about upgrading firmware.
Meet the First Collector of Meraki Insight
In order for Meraki Insight to work in the network, The Meraki MX is a necessary device. Currently, MX has a built-in collector to provide Insight data.
Meraki Insight requires additional licensing that is separate from the standard Dashboard licensing for devices. Like standard licensing, Insight licenses are available in 1yr, 3yr, 5yr, 7yr, and 10yr license lengths. Insight licensing is separated by the hardware model. The following chart shows the different licensing tiers and their applicable hardware models.
|License SKU (1, 3, 5, 7, 10 Years)
Meraki Insight (XSmall)
|LIC-MI-XS-1YR / 3YR / 5YR / 7YR / 10YR
Z3, Z3C, Z4, Z4C
Meraki Insight (Small)
|LIC-MI-S-1YR / 3YR / 5YR / 7YR / 10YR
Meraki Insight (Medium)
|LIC-MI-M-1YR / 3YR / 5YR / 7YR / 10YR
MX75 / MX84 / MX85 / MX95 /
Meraki Insight (Large)
|LIC-MI-L-1YR / 3YR / 5YR / 7YR / 10YR
MX250, MX400, MX600
Meraki Insight (XLarge)
|LIC-MI-XL-1YR / 3YR / 5YR / 7YR / 10YR
Higher tiered licenses can be applied to lower models of MX but lower tiered licenses cannot be applied to higher models of MX. For example, an MX64 can use a 'Large' Insight license but an MX250 cannot use a 'Small' or 'Medium' Insight license. When doing this, Dashboard will display the corresponding tier of the device rather than of the license.
Like standard Dashboard licensing, networks running an MX pair in an HA configuration will only require a single Insight license.
Networks bound to a configuration template in Dashboard will still require individual licensing for MI features.
Meraki Insight licensing is applied on a per-Network basis so each network that is implementing Meraki Insight will require the appropriate license to be applied to that Network. After claiming the licenses like normal Dashboard licenses they can be managed by going to Insight > Configure > Licensing. From this page, we can see how many of each type of Insight license is available and how many are currently applied to existing Networks. This works similarly to the Device Count and License Limit counts on the regular License Info page.
Enabling and Disabling Meraki Insight
To Enable Meraki Insight on a network:
Ensure the necessary Licensing is available
Select the checkbox next to the Network where Insight should be enabled
Click 'Add network(s) to Insight' at the top left of the table to Enable Meraki Insight on the selected Network(s)
To Disable Meraki Insight on a network:
Select the checkbox next to the Network with Insight currently enabled
Click 'Remove network(s) from Insight'
Meraki Insight Trial Termination Process
As mentioned above, Meraki Insight is licensed per MX model type. While assigning MI licenses its important to assign it to the appropriate MX model type. Hence enabling/disabling MI will depend on assigning/unassigned the license from the MI License page. Having the MI license claimed on the License page under Organization will not activate the software and will require additional steps as mentioned in the previous section.
The same logic applies when enabling MI trial licenses. Please refer to the below section for some important information to keep in mind while trialing MI:
Scenario 1: A trial is claimed, but the licenses are not assigned on the Insight --> Licensing page.
When the trial expires, it will automatically be removed and no additional steps are required.
Scenario 2: A trial is claimed, and the licenses are assigned to networks on the Insight --> Licensing page.
When the trial expires, the networks utilizing the trial licenses will have Insight disabled to keep the organization in licensing compliance.
An indicator for which networks are utilizing trial licenses is located on the Insight licensing page:
Meraki Insight is currently only supported on MX series devices as well as the Z3/C, Z4/C Teleworker Gateway. This does NOT include the Z1 Teleworker Gateway, MS, or MR series of devices. Additionally, MXs that are acting as Auto VPN Hubs will not be able to analyze traffic arriving over the VPN from Spoke sites. To gather data about traffic from Auto VPN Spoke sites, Insight must be enabled on the spoke MX. Finally, traffic originating from the WAN, such as that destined for an onsite web server will not be tracked.
Is Meraki Insight supported on all Meraki products?
Currently, it is only supported with MX series devices and Z3 / Z4 variants. Refer to the Licensing table at this top of this doc for the supported hardware models.
What is the firmware version required on MX series devices to add support for Insight?
MX devices need to be running firmware version MX 14.20 at a minimum in order to support Meraki Insight.
What are the protocols and types of applications that this product can track performance for?
Currently web-based applications (HTTP and HTTPS) only.
Does Insight send my network traffic to Meraki?
Meraki Insight aggregates network statistics on the MX and only sends those aggregates back to the Meraki Cloud, so local network traffic is still segregated on your network. These aggregated statistics are sent as TLS-SYSLOG traffic using port TCP 443.
Previously, Meraki Insight used TCP port 6514, but this port has been decommissioned. No configuration change is needed in your devices.
Can Insight track performance for VoIP traffic?
The VoIP Health feature is designed to monitor network links for the performance of the uplink for VoIP. It is a part of the Meraki Insight product line. If your organization has Meraki Insight licenses added to the dashboard, VoIP Health should be enabled by default.
Can Insight track performance for custom applications?
Custom Applications can be tracked as long as the application traffic passes through the MX and the application has been defined within MI. Custom applications can be configured from the Traffic analysis section in the Organization > Settings page by using a hostname or IP address. Once configured the custom application will be available from the list of applications.
What happens if I remove Insight licensing from a Network?
Insight licenses can be moved between networks with just a few clicks, but disabling Insight on a Network will mean any Insight related data for that Network will be lost after several days. If Insight licensing is reapplied prior to the data being lost it will become viewable again, however, no data will be gathered and existing data will not be viewable during the time the network is not licensed.
Is Insight included with Advanced Security Edition licensing?
Meraki Insight requires additional licensing as it is a separate product. Please contact your Cisco Meraki Sales representative to inquire.
Why is my application not being tracked?
Only traffic that passes through an MX can be tracked by Meraki Insight. For example, if the MX is handling all routing for a location then both WAN bound and Inter-VLAN bound application traffic will be tracked. However, if Inter-VLAN routing is happening on a downstream device and only WAN bound traffic passes through the MX then only WAN bound application traffic will be tracked.
What back-end technology is MI built on?
MI was built from the ground up by Meraki to fit the Meraki ecosystem. There is nothing to install (even on the back end).
How does MI impact the performance of the MX it is running on?
The MX appliance is used as a 'collector' to gather the data, and the cloud does the heavy lifting from there and provides the analyses of the LAN, WAN, ISP, client/server stats with retrospection. The data is based on end-user HTTP/S data, so there's no need for synthetic probes, and MI leverages the MX’s deep packet inspection that's already happening, so MI has no significant performance impact on the MX itself.
Where should I enable Meraki Insight?
Scenario 1: SaaS-based (HTTP/S) applications being accessed by users are located on public cloud. (Ex: Office365, SalesForce, GSuits, Web Based Emails, etc.). This is a very common scenario where admins have limited visibility into the end-server side or into the internet service provider (ISP) side. Meraki Insight can help determine the performance of such applications and give accurate information based on the real-time client traffic.
Scenario 2: The application being accessed by users is located in the datacenter and an MX is connected as a hub in the datacenter. Clients accessing the applications are on the spoke sites which are connected via Meraki AutoVPN to the hub. This is another scenario in which admins have limited visibility due to traffic being encrypted on both ends. However, it is possible to track the performance on spoke side with Meraki Insight.