Вы находитесь на странице: 1из 36

Resilient WAN and Security for

Distributed Networks with Cisco


Meraki MX
Daghan Altas, Director of Product Management
BRKSEC-2900
Agenda

Problem
Cisco CNG
Live network creation demo (45m)
Product Brief
Q&A
How can I keep my PCI traffic isolated from guest traffic?

What if my Internet goes down?


I pay too much for MPLS!

What happens if I discover a threat?

What if my firewall dies? How do I discover a threat?


BYOM!
What about DR?
I need a solution that just works!

We have a small team responsible for 1000 store networks


WAN access needs to change

Cost Agility Security


Bandwidth costs New WAN architecture demands Security is more important than
MPLS costs Agility ever:
Increased bandwidth demands Migration to Metro-E Direct Internet Access to SaaS
Adoption of Internet (and DIA) Guest wireless access
High cost and complexity of Service creation BYOD
Intelligent QoS APT protection
network management:
Truck roles
Zero local IT
Difficulty with troubleshooting

CPE complexity
Management
Configuration
Secure and reliable
networks that are easy to
manage
Cisco CNG
Cloud-managed networking

Cisco Meraki MR Cisco Meraki MX Cisco Meraki MS Cisco Meraki SM


Wireless Security Ethernet Mobile Device
LAN Appliances Switches Management
Cloud-managed networking architecture

Network endpoints securely


connected to the cloud

Cloud-hosted centralized
management platform

Intuitive browser-based
dashboard
A complete Unified Threat Management solution

Security
NG Firewall, Client VPN,
Site to Site VPN, IPS, Geo IP

Networking
NAT/DHCP, 3G/4G failover,
Intelligent WAN (IWAN)

Application Control
Web caching, Traffic
Shaping, Content Filtering

7 models scaling from teleworker and small branch to campus / datacenter


Target customers
Why choose the Cisco Meraki MX?
Intuitive centralized management
No training, no command line
Templates to configure at-scale
Packet capture, built-in tools and
diagnostics

Designed for distributed enterprises


Single pane of glass visibility
Zero-touch provisioning
Seamless updates from the cloud
Site-to-site IPSec VPN in 3 clicks

Industry-leading visibility
Fingerprints users, applications, and devices
Network-wide monitoring and alerts
Full stack: APs, switches, Security, MDM
Ironclad security
SOURCEfire IDS / IPS,
Best IPS
updated every day

Content 4+ billions URLS, updated in


Filtering real-time

Geo-based Block attackers from rogue


security countries

AV / anti- Kaspersky AV, updated every


phishing hour

PCI PCI L1 certified cloud-based


compliance management
Rock-solid UTM for multi-site organizations
Largest diversified provider of post-
acute care in USA

2000+ locations in 46 states,


75,000+ employees

Why Cisco Meraki MX?


Lean IT staff; needed centralized remote management for easily-deployed UTMs (zero-touch)

Intuitive site-to-site VPN

HIPAA compliant

Needed single-box solution (MX60W) for security and wireless at rehabilitation centers

Guest hotspots provided with MX60W Wi-Fi and 3G/4G uplinks


Penn Mutual saves $858K

Projects / Pain Points:


Implement a BYOD platform at 50 remote sites
Managed Service Provider & MPLS costs

Solution:
Complete Meraki Stack: MR, MS, MX
Phase off MPLS to Broadband

Business Outcomes:
Reduced Telco Spend by 40%
Single platform in branch improved IT efficiency
Demo
New Features: IWAN
What is IWAN?
Intelligent WAN (IWAN) is a collection of Cisco technologies and products that enable transport independence, intelligent path
control, application optimization, and secure connectivity for multi-site deployments.

Need
screenshot

Transport Application Intelligent Path Secure


Independence Optimization Control Connectivity

IPsec overlay (Auto VPN) App visibility & control (Meraki Uplink chosen by link latency, Intuitive, automatic,
dashboard, group-based data loss, etc. (PfR, aka scalable VPN solution to
Scalable (cloud architecture) policies, traffic analytics) performance-based routing) connect remote branch
sites (Auto VPN)
Traffic distribution over Application QoS & bandwidth Uplink assigned by traffic
multiple pathways (Internet, optimization (Traffic shaping) protocol, subnet, source,
cellular, MPLS) destination, etc. (PbR, aka
policy-based routing)
New IWAN features for the Meraki MX
Dual-active path:
Active-active VPN - dual internet
Active-active Internet-VPN & MPLS
3G/4G for backup only (no active/active

Performance-based routing:
Automatic failover based on loss, latency and jitter WAN 2
WAN 1
Ensures the best uplink is used based on performance Secure VPN tunnel (active) Secure VPN tunnel (active)
Latency / loss < threshold
Latency / loss > threshold

Policy-based routing:
Dual active VPN uplinks, with automatic failover
Allows uplinks to be intelligently utilized with traffic-steering
based on protocol, subnet, source, destination, etc.

Data
Setting up dual-DC VPN
network
End goal: DC-to-DC failover and load-balancing

Active VPN Tunnel Active VPN Tunnel


Internet
Failover VPN Tunnel Failover VPN Tunnel

HA PAIR DC1 DC2 HA PAIR

Branches connected to DC1 Branches connected to DC2


Demo: Resilient WAN and security under 30 min

HA within DC
DC to DC failover
Internet
10..0.10 10.2.0.10 WAN link failover (4G)
DC1: Automated VPN between sites
10.0.0.0/16 DR: 10.0.0.0/16
Full UTM features
IPS
Content Filtering
Template:
West Template: East AV
L7 firewall rules
Branch1: 10.100.0.0/24
Demo: Resilient WAN and security under 30 min

Internet
10.2.0.1/24 10.2.0.1/24
10.2.0.2/24
10.2.0.2/24

DC1: 10.0.0.0/16 DR: 10.0.0.0/16

Template: West Template: East

Branch1: 10.100.0.0/24
Product Brief
MX64 / MX64W
Speed
Industrys first 802.11ac UTM
Dual radio
~3X speed of 11n wireless
2-3X faster than MX60 / MX60W

SKU List Price


Security
UTM provides one-stop security MX64-HW $595

IPS, content filtering, malware / anti- LIC-MX64-ENT-3Y $600


phishing LIC-MX64-SEC-3Y $1200
Seamless, automatic updates MX64W-HW $945
PCI 3.0-certified cloud backend
LIC-MX64W-ENT-3Y $650
LIC-MX64W-SEC-3Y $1300
Choosing the right MX for your environment
Where Features Throughput
Small branches
(~25 users) Wireless (MX60W) 100 Mbps
MX64/64W

Mid-size branches Large Web cache (1TB) Z1


250 Mbps
(~100 users)
MX80 For teleworkers
(1-5 users)
Mid-size branches SFP ports
(~500 users) Large Web cache (1TB) 500 Mbps Dual-radio wireless
MX100
FW throughput: 50
Large branch Mbps
Modular interface 1 Gbps
/campus
Large Web cache (1TB)
MX400 (~2,000 users)

Large branch Modular interface


/campus Large Web cache (4TB) 2 Gbps
MX600 (~10,000 users)
All devices support 3G/4G
MX Security Appliances: Licenses

Enterprise License Advanced Security


License

Stateful firewall All enterprise features, plus

Site to site VPN Content filtering (with Google SafeSearch)

Branch routing Kaspersky Anti-Virus and Anti-Phishing

Intelligent WAN (IWAN) SourceFire IPS / IDS

Application control Geo-based firewall rules


`
Web caching

Client VPN
MX Sizing Guide
Q&A
Free evaluations available

Try Cisco Meraki with no risk or commitment


Complimentary technical assistance available
Start trial at meraki.cisco.com/eval
Participate in the My Favorite Speaker Contest
Promote Your Favorite Speaker and You Could Be a Winner

Promote your favorite speaker through Twitter and you could win $200 of Cisco
Press products (@CiscoPress)
Send a tweet and include
Your favorite speakers Twitter handle @DaghanAltas
Two hashtags: #CLUS #MyFavoriteSpeaker

You can submit an entry for more than one of your favorite speakers
Dont forget to follow @CiscoLive and @CiscoPress
View the official rules at http://bit.ly/CLUSwin
Complete Your Online Session Evaluation
Give us your feedback to be
entered into a Daily Survey
Drawing. A daily winner
will receive a $750 Amazon
gift card.
Complete your session surveys
though the Cisco Live mobile
app or your computer on
Cisco Live Connect.
Dont forget: Cisco Live sessions will be available
for viewing on-demand after the event at
CiscoLive.com/Online
Continue Your Education

Demos in the Cisco campus


Walk-in Self-Paced Labs
Table Topics
Meet the Engineer 1:1 meetings
Related sessions
Thank you