Home > Security and SD-WAN > Other Topics > MX Security Appliance FAQ

MX Security Appliance FAQ


This article answers some frequently asked questions regarding Meraki MX Security Appliances.

Frequently Asked Questions 


Does the MX still function in the event that the appliance is unable to communicate with the cloud?

Yes, the appliance will continue to operate on the last known good configuration and enforce all configured security policies. While disconnected from the Cisco Meraki cloud, configuration changes are limited to basic uplink and port settings accessible on the local status page until such time as the appliance reconnects to the cloud. Analytics and reporting data will also still be gathered while disconnected and will be available when connectivity is regained.

Does the MX support high availability (HA) configurations?

Yes, Active/Passive HA is supported for all MX models.

Can the MX form IPsec VPN tunnels to non-Meraki devices?

Yes, the MX supports standard IPsec VPN in addition to Meraki Auto VPN.

Does an MX have to have a publicly routable IP to be able to form IPsec tunnels using Meraki Auto VPN?

No. In most cases, MX Security Appliances will automatically discover each other and form VPN tunnels even when behind a NAT device.

Does the MX include advanced threat functionality similar to Firepower Services on ASA?

Yes, the MX includes a suite of best-in-class Cisco Security technologies such as Advanced Malware Protection, Threat Grid integration, Stealthwatch integration, Cisco Snort IPS.

Can security and traffic policies be applied using Active Directory groups?

Yes, native Active Directory integration is supported and policies can be applied to clients based on Active Directory group membership.

What is the difference between the Enterprise and Advanced Security licenses for MX?


The Enterprise license includes all base functionality, including but not limited to:

  • Statefull Layer 7 Firewall
  • Site to site VPN
  • Client VPN
  • DHCP
  • Branch routing
  • Intelligent path control
  • Application visibility and control
  • Web caching (MX84 and higher only)

Advanced Security

The Advanced Security license includes all Enterprise license features, plus the following advanced threat management capabilities:

  • URL Content Filtering
  • Google SafeSearch enforcement
  • Youtube EDU enforcement
  • Intrusion Prevention
  • Advanced Malware Protection (AMP) with Threat Grid support
  • Layer 7 Geo-IP Firewall Rules


All Cisco Meraki licenses include warranty, 24x7 Enterprise support, software and feature updates, and cloud dashboard access.

Last modified



This page has no classifications.

Explore the Product

Click to Learn More

Article ID

ID: 5685

Explore Meraki

You can find out more about Cisco Meraki on our main site, including information on products, contacting sales and finding a vendor.

Explore Meraki

Contact Support

Most questions can be answered by reviewing our documentation, but if you need more help, Cisco Meraki Support is ready to work with you.

Open a Case

Ask the Community

In the Meraki Community, you can keep track of the latest announcements, find answers provided by fellow Meraki users and ask questions of your own.

Visit the Community