Meraki Insight Introduction
Overview
The Meraki Insight product is designed to give Meraki customers an easy way to monitor the performance of Web Applications and WAN Links on their network and easily identify if any issues are likely being caused by the network or application. The goal of Meraki Insight is to provide end-to-end visibility to the customers and make sure they have assurance for the mission-critical traffic of the network.
The Web Application information is presented in a series of easy to understand graphs and charts that can clearly show if performance issues are being introduced within the local network or if the performance issues are the result of something at the Application or WAN level.
On the other hand, WAN Health will show which uplinks are critical in terms of performance or utilization and will flag those uplinks so that users can monitor how their ISP connections across the organization are performing so users can prioritize working on the connections that need more attention.
Meraki Insight requires the MX to be running a minimum firmware build of MX 14.20 or greater (14.21 or higher is recommended). Please refer to our Managing Firmware Upgrades article for more information about upgrading firmware.
Meet the First Collector of Meraki Insight
In order for Meraki Insight to work in the network, The Meraki MX is a necessary device. Currently, MX has a built-in collector to provide Insight data.
Licensing
As part of a new initiative to evolve the Meraki network assurance offering, standalone Meraki Insight (MI) license/functionality will now be available only within SD-WAN Plus licensing tier, beginning on July 26, 2024. With this transition, all MI product functionality (WAN health, Web App health, VoIP health, active application monitoring, and internet outage monitoring) will remain active and be included with SD-WAN Plus licenses.
For more information please refer to the Meraki MX/Z Security and SD-WAN Licensing article.
Meraki Insight is currently only supported on MX series devices as well as the Z3/C, Z4/C Teleworker Gateway. This does NOT include the Z1 Teleworker Gateway, MS, or MR series of devices. Additionally, MXs that are acting as Auto VPN Hubs will not be able to analyze traffic arriving over the VPN from Spoke sites. To gather data about traffic from Auto VPN Spoke sites, Insight must be enabled on the spoke MX. Finally, traffic originating from the WAN, such as that destined for an onsite web server will not be tracked.
FAQ
Is Meraki Insight supported on all Meraki products?
Currently, it is only supported with MX series devices and Z3 / Z4 variants. Refer to the Licensing table at this top of this doc for the supported hardware models.
What is the firmware version required on MX series devices to add support for Insight?
MX devices need to be running firmware version MX 14.20 at a minimum in order to support Meraki Insight.
What are the protocols and types of applications that this product can track performance for?
Currently web-based applications (HTTP and HTTPS) only.
Does Insight send my network traffic to Meraki?
Meraki Insight aggregates network statistics on the MX and only sends those aggregates back to the Meraki Cloud, so local network traffic is still segregated on your network. These aggregated statistics are sent as TLS-SYSLOG traffic using port TCP 443.
Previously, Meraki Insight used TCP port 6514, but this port has been decommissioned. No configuration change is needed in your devices.
Can Insight track performance for VoIP traffic?
The VoIP Health feature is designed to monitor network links for the performance of the uplink for VoIP. It is a part of the Meraki Insight product line. If your organization has Meraki Insight licenses added to the dashboard, VoIP Health should be enabled by default.
Can Insight track performance for custom applications?
Custom Applications can be tracked as long as the application traffic passes through the MX and the application has been defined within MI. Custom applications can be configured from the Traffic analysis section in the Organization > Settings page by using a hostname or IP address. Once configured the custom application will be available from the list of applications.
Is Insight included with Advanced Security Edition licensing?
Meraki Insight requires additional licensing as it is a separate product. Please contact your Cisco Meraki Sales representative to inquire.
Why is my application not being tracked?
Only traffic that passes through an MX can be tracked by Meraki Insight. For example, if the MX is handling all routing for a location then both WAN bound and Inter-VLAN bound application traffic will be tracked. However, if Inter-VLAN routing is happening on a downstream device and only WAN bound traffic passes through the MX then only WAN bound application traffic will be tracked.
What back-end technology is MI built on?
MI was built from the ground up by Meraki to fit the Meraki ecosystem. There is nothing to install (even on the back end).
How does MI impact the performance of the MX it is running on?
The MX appliance is used as a 'collector' to gather the data, and the cloud does the heavy lifting from there and provides the analyses of the LAN, WAN, ISP, client/server stats with retrospection. The data is based on end-user HTTP/S data, so there's no need for synthetic probes, and MI leverages the MX’s deep packet inspection that's already happening, so MI has no significant performance impact on the MX itself.
Where should I enable Meraki Insight?
Example Scenarios:
Scenario 1: SaaS-based (HTTP/S) applications being accessed by users are located on public cloud. (Ex: Office365, SalesForce, GSuits, Web Based Emails, etc.). This is a very common scenario where admins have limited visibility into the end-server side or into the internet service provider (ISP) side. Meraki Insight can help determine the performance of such applications and give accurate information based on the real-time client traffic.
Scenario 2: The application being accessed by users is located in the datacenter and an MX is connected as a hub in the datacenter. Clients accessing the applications are on the spoke sites which are connected via Meraki AutoVPN to the hub. This is another scenario in which admins have limited visibility due to traffic being encrypted on both ends. However, it is possible to track the performance on spoke side with Meraki Insight.