The MX appliance/Z1 gateway includes an integrated Layer 7 packet inspection engine, enabling you to set QoS policies, load balancing, and prioritization based on traffic types and applications.
This section allows you to configure bandwidth settings, list update frequency, primary uplink, load balancing, and layer 3 uplink preferences.
This option allows you to configure the upload and download bandwidth of the uplinks. This information is needed for traffic load balancing between the active WAN / Internet ports as well as for limiting upload and download traffic through the WAN ports. You can configure Uplink 1, Uplink 2, and the cellular uplink individually. To configure different upload and download bandwidths for a particular uplink, click the details button next to that uplink's bandwidth slider.
This option determines which uplink should be the primary connection. VPN traffic and management traffic to the Meraki Dashboard use the primary uplink. If load balancing is disabled, all traffic will use the primary uplink unless an uplink preference is configured specifying otherwise.
When enabled, Load balancing spreads Internet traffic across both uplinks proportional to the Internet1 and Internet2 bandwidths specified above.
Example: If Internet1 bandwidth is 9 Mbps and Internet2 bandwidth is 1 Mbps, the load-balancing algorithm sends 90% of the traffic through the Internet 1 uplink and 10% of the traffic through the Internet 2 uplink.
Use this option to direct traffic matching a layer 3 definition out a particular uplink. A common use case involves sending traffic from different VLANs through different Internet uplinks, or sending a particular type of traffic such as FTP traffic out a particular uplink based on the destination port.
This setting determines how often the MX should check for updates to security lists. You can specify an Hourly, Daily, or Weekly update interval. To specify different intervals depending on which uplink is being used to download lists, click "details". This can be useful if you want to control bandwidth usage due to security list downloads on a low-bandwidth WAN link or cellular uplink.
Features affected by this setting include IDS/IPS, Top Sites Content Filtering, and Malware Scanning.
This setting allows you to put limits on each client devices total network traffic (incoming / outgoing). The minimum limit on the throughput is 20 kb/s. Click details or simple to switch between two possible modes.
Enable SpeedBurst: To provide a better user experience in bandwidth-limited environments, an administrator can enable SpeedBurst by selecting the Enable Speedburst checkbox. SpeedBurst allows users to exceed their assigned limit in a "burst" for a short period of time, providing a more satisfying Internet browsing experience while still preventing any one user from using more than his or her fair share of bandwidth over the longer term. Users are allowed up to four times their allotted bandwidth limit for a period of up to five seconds.
To optimize your network, you can create shaping policies to apply per-user controls on a per-application basis. This allows you to reduce bandwidth for recreational applications such as peer-to-peer file sharing programs, and to prioritize bandwidth for your business-critical enterprise applications.
Click Create a new rule to add a traffic shaping rule. Traffic shaping policies consist of a series of rules that are performed in the order in which they appear in the policy, similar to custom firewall rules. There are two main components to each rule: the type of traffic to be limited or shaped (rule definition), and how that traffic should be limited or shaped (rule actions).
Rules can be defined in two ways:
The rule action is enforced on all traffic that matches the specifications you select. By clicking Add an expression, you can create additional specifications for traffic that is shaped according to the same rule action.
Traffic-matching-specified rule sets can be shaped or prioritized.
Bandwidth limits can be specified to ignore any limits specified for the whole network, to obey the specified limits, or to apply more-restrictive limits than the network limits. Use the bandwidth slider control to choose the appropriate limit for each type of traffic. To specify asymmetric limits on uploads and downloads, click details next to the bandwidth slider control.
Priority can be set to High, Normal, or Low, allowing the MX series to prioritize a given network flow relative to the rest of the network traffic. The ratios are as follows:
Quality of Service (QoS) prioritization can be applied to Layer 3 traffic. To prioritize traffic at Layer 3, select a value for the DSCP tag in the IP header on all incoming and outgoing IP packets. This also affects the Wi-Fi Multimedia (WMM) priority of the traffic.
For the Priority feature to work as desired, ensure that uplink throughput settings are accurate.
For QoS prioritization to work as desired, ensure that upstream networking equipment supports QoS prioritization as well.
Here is an example of how to set up a traffic shaping policy with multiple traffic-shaping rules. (For detailed examples, refer to the Deployment Guides chapter.)
To prioritize VoIP and minimize peer-to-peer traffic and gaming, create a new traffic-shaping policy by following the steps below:
When this setting is enabled, the MX will cache web content on its local hard drive. This can improve end-user experience by reducing page load times and file download times for frequently accessed web content. This option is not available on the MX60, MX60W, MX64, MX64W, MX65, or MX65W.