Вы находитесь на странице: 1из 36

Resilient WAN and Security for

Distributed Networks with Cisco

Meraki MX
Daghan Altas, Director of Product Management

Cisco CNG
Live network creation demo (45m)
Product Brief
How can I keep my PCI traffic isolated from guest traffic?

What if my Internet goes down?

I pay too much for MPLS!

What happens if I discover a threat?

What if my firewall dies? How do I discover a threat?

What about DR?
I need a solution that just works!

We have a small team responsible for 1000 store networks

WAN access needs to change

Cost Agility Security

Bandwidth costs New WAN architecture demands Security is more important than
MPLS costs Agility ever:
Increased bandwidth demands Migration to Metro-E Direct Internet Access to SaaS
Adoption of Internet (and DIA) Guest wireless access
High cost and complexity of Service creation BYOD
Intelligent QoS APT protection
network management:
Truck roles
Zero local IT
Difficulty with troubleshooting

CPE complexity
Secure and reliable
networks that are easy to
Cisco CNG
Cloud-managed networking

Cisco Meraki MR Cisco Meraki MX Cisco Meraki MS Cisco Meraki SM

Wireless Security Ethernet Mobile Device
LAN Appliances Switches Management
Cloud-managed networking architecture

Network endpoints securely

connected to the cloud

Cloud-hosted centralized
management platform

Intuitive browser-based
A complete Unified Threat Management solution

NG Firewall, Client VPN,
Site to Site VPN, IPS, Geo IP

NAT/DHCP, 3G/4G failover,
Intelligent WAN (IWAN)

Application Control
Web caching, Traffic
Shaping, Content Filtering

7 models scaling from teleworker and small branch to campus / datacenter

Target customers
Why choose the Cisco Meraki MX?
Intuitive centralized management
No training, no command line
Templates to configure at-scale
Packet capture, built-in tools and

Designed for distributed enterprises

Single pane of glass visibility
Zero-touch provisioning
Seamless updates from the cloud
Site-to-site IPSec VPN in 3 clicks

Industry-leading visibility
Fingerprints users, applications, and devices
Network-wide monitoring and alerts
Full stack: APs, switches, Security, MDM
Ironclad security
Best IPS
updated every day

Content 4+ billions URLS, updated in

Filtering real-time

Geo-based Block attackers from rogue

security countries

AV / anti- Kaspersky AV, updated every

phishing hour

PCI PCI L1 certified cloud-based

compliance management
Rock-solid UTM for multi-site organizations
Largest diversified provider of post-
acute care in USA

2000+ locations in 46 states,

75,000+ employees

Why Cisco Meraki MX?

Lean IT staff; needed centralized remote management for easily-deployed UTMs (zero-touch)

Intuitive site-to-site VPN

HIPAA compliant

Needed single-box solution (MX60W) for security and wireless at rehabilitation centers

Guest hotspots provided with MX60W Wi-Fi and 3G/4G uplinks

Penn Mutual saves $858K

Projects / Pain Points:

Implement a BYOD platform at 50 remote sites
Managed Service Provider & MPLS costs

Complete Meraki Stack: MR, MS, MX
Phase off MPLS to Broadband

Business Outcomes:
Reduced Telco Spend by 40%
Single platform in branch improved IT efficiency
New Features: IWAN
What is IWAN?
Intelligent WAN (IWAN) is a collection of Cisco technologies and products that enable transport independence, intelligent path
control, application optimization, and secure connectivity for multi-site deployments.


Transport Application Intelligent Path Secure

Independence Optimization Control Connectivity

IPsec overlay (Auto VPN) App visibility & control (Meraki Uplink chosen by link latency, Intuitive, automatic,
dashboard, group-based data loss, etc. (PfR, aka scalable VPN solution to
Scalable (cloud architecture) policies, traffic analytics) performance-based routing) connect remote branch
sites (Auto VPN)
Traffic distribution over Application QoS & bandwidth Uplink assigned by traffic
multiple pathways (Internet, optimization (Traffic shaping) protocol, subnet, source,
cellular, MPLS) destination, etc. (PbR, aka
policy-based routing)
New IWAN features for the Meraki MX
Dual-active path:
Active-active VPN - dual internet
Active-active Internet-VPN & MPLS
3G/4G for backup only (no active/active

Performance-based routing:
Automatic failover based on loss, latency and jitter WAN 2
Ensures the best uplink is used based on performance Secure VPN tunnel (active) Secure VPN tunnel (active)
Latency / loss < threshold
Latency / loss > threshold

Policy-based routing:
Dual active VPN uplinks, with automatic failover
Allows uplinks to be intelligently utilized with traffic-steering
based on protocol, subnet, source, destination, etc.

Setting up dual-DC VPN
End goal: DC-to-DC failover and load-balancing

Active VPN Tunnel Active VPN Tunnel

Failover VPN Tunnel Failover VPN Tunnel


Branches connected to DC1 Branches connected to DC2

Demo: Resilient WAN and security under 30 min

HA within DC
DC to DC failover
10..0.10 WAN link failover (4G)
DC1: Automated VPN between sites DR:
Full UTM features
Content Filtering
West Template: East AV
L7 firewall rules
Demo: Resilient WAN and security under 30 min


DC1: DR:

Template: West Template: East

Product Brief
MX64 / MX64W
Industrys first 802.11ac UTM
Dual radio
~3X speed of 11n wireless
2-3X faster than MX60 / MX60W

SKU List Price

UTM provides one-stop security MX64-HW $595

IPS, content filtering, malware / anti- LIC-MX64-ENT-3Y $600

phishing LIC-MX64-SEC-3Y $1200
Seamless, automatic updates MX64W-HW $945
PCI 3.0-certified cloud backend
LIC-MX64W-ENT-3Y $650
LIC-MX64W-SEC-3Y $1300
Choosing the right MX for your environment
Where Features Throughput
Small branches
(~25 users) Wireless (MX60W) 100 Mbps

Mid-size branches Large Web cache (1TB) Z1

250 Mbps
(~100 users)
MX80 For teleworkers
(1-5 users)
Mid-size branches SFP ports
(~500 users) Large Web cache (1TB) 500 Mbps Dual-radio wireless
FW throughput: 50
Large branch Mbps
Modular interface 1 Gbps
Large Web cache (1TB)
MX400 (~2,000 users)

Large branch Modular interface

/campus Large Web cache (4TB) 2 Gbps
MX600 (~10,000 users)
All devices support 3G/4G
MX Security Appliances: Licenses

Enterprise License Advanced Security


Stateful firewall All enterprise features, plus

Site to site VPN Content filtering (with Google SafeSearch)

Branch routing Kaspersky Anti-Virus and Anti-Phishing

Intelligent WAN (IWAN) SourceFire IPS / IDS

Application control Geo-based firewall rules

Web caching

Client VPN
MX Sizing Guide
Free evaluations available

Try Cisco Meraki with no risk or commitment

Complimentary technical assistance available
Start trial at meraki.cisco.com/eval
Participate in the My Favorite Speaker Contest
Promote Your Favorite Speaker and You Could Be a Winner

Promote your favorite speaker through Twitter and you could win $200 of Cisco
Press products (@CiscoPress)
Send a tweet and include
Your favorite speakers Twitter handle @DaghanAltas
Two hashtags: #CLUS #MyFavoriteSpeaker

You can submit an entry for more than one of your favorite speakers
Dont forget to follow @CiscoLive and @CiscoPress
View the official rules at http://bit.ly/CLUSwin
Complete Your Online Session Evaluation
Give us your feedback to be
entered into a Daily Survey
Drawing. A daily winner
will receive a $750 Amazon
gift card.
Complete your session surveys
though the Cisco Live mobile
app or your computer on
Cisco Live Connect.
Dont forget: Cisco Live sessions will be available
for viewing on-demand after the event at
Continue Your Education

Demos in the Cisco campus

Walk-in Self-Paced Labs
Table Topics
Meet the Engineer 1:1 meetings
Related sessions
Thank you