Skip to main content
Cisco Meraki Documentation

MX Security Appliance FAQ


This article answers some frequently asked questions regarding Meraki MX Security Appliances.

Frequently Asked Questions 


Does the MX still function in the event that the appliance is unable to communicate with the cloud?

Yes, the appliance will continue to operate on the last known good configuration and enforce all configured security policies. While disconnected from the Cisco Meraki cloud, configuration changes are limited to basic uplink and port settings accessible on the local status page until such time as the appliance reconnects to the cloud. Analytics and reporting data will also still be gathered while disconnected and will be available when connectivity is regained.

Does the MX support high availability (HA) configurations?

Yes, Active/Passive HA is supported for all MX models.

Can the MX form IPsec VPN tunnels to non-Meraki devices?

Yes, the MX supports standard IPsec VPN in addition to Meraki Auto VPN.

Does an MX have to have a publicly routable IP to be able to form IPsec tunnels using Meraki Auto VPN?

No. In most cases, MX Security Appliances will automatically discover each other and form VPN tunnels even when behind a NAT device.

Does the MX include advanced threat functionality similar to Firepower Services on ASA?

Yes, the MX includes a suite of best-in-class Cisco Security technologies such as Advanced Malware Protection, Threat Grid integration, Stealthwatch integration, Cisco Snort IPS.

Can security and traffic policies be applied using Active Directory groups?

Yes, native Active Directory integration is supported and policies can be applied to clients based on Active Directory group membership.

What is the difference between the Enterprise and Advanced Security licenses for MX?


The Enterprise license includes all base functionality, including but not limited to:

  • Stateless Layer 7 Firewall
  • Site to site VPN
  • Client VPN
  • DHCP
  • Branch routing
  • Intelligent path control
  • Application visibility and control
  • Web caching (MX84 and higher only)

Advanced Security

The Advanced Security license includes all Enterprise license features, plus the following advanced threat management capabilities:

  • URL Content Filtering
  • Google SafeSearch enforcement
  • Youtube EDU enforcement
  • Intrusion Prevention
  • Advanced Malware Protection (AMP) with Threat Grid support
  • Layer 7 Geo-IP Firewall Rules


All Cisco Meraki licenses include warranty, 24x7 Enterprise support, software and feature updates, and cloud dashboard access.