MX Security Appliance FAQ

Does the MX still function in the event that the appliance is unable to communicate with the cloud?

Yes, the appliance will continue to operate on the last known good configuration and enforce all configured security policies. While disconnected from the Cisco Meraki cloud, configuration changes are limited to basic uplink and port settings accessible on the local status page until such time as the appliance reconnects to the cloud. Analytics and reporting data will also still be gathered while disconnected and will be available when connectivity is regained.

Does the MX support high availability (HA) configurations?

Yes, Active/Passive HA is supported for all MX models.

Can the MX form IPsec VPN tunnels to non-Meraki devices?

Yes, the MX supports standard IPsec VPN in addition to Meraki Auto VPN.

Does an MX have to have a publicly routable IP to be able to form IPsec tunnels using Meraki Auto VPN?

No. In most cases, MX Security Appliances will automatically discover each other and form VPN tunnels even when behind a NAT device.

Does the MX include advanced threat functionality similar to Firepower Services on ASA?

Yes, the MX includes a suite of best-in-class Cisco Security technologies such as Advanced Malware Protection, Threat Grid integration, Stealthwatch integration, Cisco Snort IPS.

Can security and traffic policies be applied using Active Directory groups?

Yes, native Active Directory integration is supported and policies can be applied to clients based on Active Directory group membership.

What is the difference between the Enterprise and Advanced Security licenses for MX?