Cisco Meraki MX Security & SD-WAN
Cloud-managed security and SD-WAN. Meraki MX appliances combine next-gen firewall, SD-WAN, content filtering, and threat protection in one cloud-managed box for branches, campuses, and the data center edge.
The Meraki MX is the cloud-managed security and SD-WAN appliance of the Meraki family. It collapses next-gen firewall, intrusion prevention, content filtering, threat protection, and SD-WAN into one box managed from the dashboard, with auto-provisioning that makes multi-site rollouts fast. The line scales from small-branch MX64/67/68 through mid-range MX75/85/95/105 to campus and data-center MX250/450, plus a virtual vMX for cloud on-ramps. We size the model to throughput, the number of sites, and the security features you actually need.
Why Cisco Meraki MX Security & SD-WAN
- Unified threat management: NGFW, IPS, content filtering, and AMP.
- Auto-provisioning SD-WAN with dynamic path selection across links.
- Models from small branch (MX64/67/68) to campus/DC (MX250/450) and vMX.
- Per-appliance license tied to the model; FedRAMP-authorized options.
What the platform brings
100% cloud-managed UTM and SD-WAN
The MX is the only fully cloud-managed solution for unified threat management and SD-WAN in a single appliance. Appliances self-provision by pulling policies and configuration from the Meraki dashboard, so installation and remote management are zero touch with no on-site staging.
Next-gen layer 7 firewall with Talos-informed security
An identity-based layer 7 firewall pairs with SNORT-based intrusion prevention, Cisco Advanced Malware Protection with sandboxing, and Talos category-based content filtering. Layer 7 fingerprinting lets administrators identify applications and block recreational traffic such as BitTorrent.
Meraki Auto VPN and SD-WAN
Auto VPN builds site-to-site IPsec tunnels automatically using IKE/IKEv2 for hub-and-spoke or mesh topologies. SD-WAN adds active/active VPN, policy-based routing, dynamic path selection, and automated MPLS-to-VPN failover within seconds of a connection failure.
Advanced quality of experience analytics
Machine-learning smart thresholds monitor end-to-end health of web applications across the LAN, WAN, and application server, and track every MX WAN link including cellular across the organization. The analytics autonomously flag true anomalies based on past behavioral patterns.
SASE, SSE, and XDR integration
The MX delivers unified SASE and SSE through Cisco Secure Access and Cisco Secure Connect, and integrates natively with Cisco XDR for AI-driven analytics and faster incident response. Additional controls include SSL decryption/inspection, data loss prevention, CASB, and SaaS tenant restrictions.
Integrated cellular, wireless, and PoE options
The MX67C and MX68CW include a SIM slot and an internal Cat 6 300 Mbps LTE modem; 5G is supported using the MG52 as a cellular gateway. Wireless models add 802.11ac Wave 2 2x2 MU-MIMO, and the MX68 line provides two 802.3at PoE+ ports delivering up to 60 W total.
Cisco Meraki MX Security & SD-WAN by the numbers
- Model range
- MX67 desktop through MX450 and C8455-G2-MX rack appliances, plus vMX virtual instances
- NGFW throughput
- 700 Mbps (MX67) up to 20 Gbps (C8455-G2-MX)
- Advanced security throughput
- 400 Mbps (MX67) up to 8 Gbps (C8455-G2-MX)
- Max site-to-site VPN throughput
- 400 Mbps (MX67) up to 10 Gbps (C8455-G2-MX)
- Max site-to-site VPN tunnels
- 50 (MX67) up to 6,000 (C8455-G2-MX)
- Recommended users per site
- Up to 50 (small branch) through up to 10,000 (campus or VPN concentrator)
- WAN/LAN interfaces
- GbE RJ45 and SFP on small models up to 25 GbE SFP28, 10 GbE SFP+, and 2.5 GbE RJ45 on larger models
- Integrated cellular
- 1x Cat 6 300 Mbps LTE modem with nano SIM on MX67C and MX68CW; 5G via MG52 gateway
- Power over Ethernet
- 2x 802.3at PoE+ LAN ports, 60 W total / 30 W per port, on MX68, MX68W, MX68CW
- Virtual MX (vMX)
- vMX-Small/Medium/Large at 250 Mbps to 1 Gbps on AWS, Azure, Google Cloud, and Alibaba Cloud
Figures are from the published family data sheet and vary by model and configuration. Confirm exact specs for your SKUs in a validated quote.
Find the Cisco Meraki MX Security & SD-WAN model that fits
Compare the models in this family. Open any datasheet to read the full specs right here.
Small branch
MX64 / MX67 / MX68
Small sites and teleworkers.
- Integrated firewall + SD-WAN
- Optional PoE/LTE
- Cloud-managed
Mid-range
MX75 / MX85 / MX95 / MX105
Mid-size branch and campus edge.
- Higher throughput
- Multiple WAN uplinks
- Advanced security
Campus / DC / cloud
MX250 / MX450 / vMX
Campus, data center, and cloud.
- High-throughput appliances
- Virtual MX for clouds
- SD-WAN hub roles
Datasheets & guides
Built for deployments like these
- Distributed branch deployment with zero-touch provisioning and cloud-managed security across many sites
- SD-WAN over broadband and cellular to reduce dependence on MPLS while monitoring application quality of experience
- Campus or data center VPN concentrator terminating thousands of Auto VPN tunnels on an MX250, MX450, or C8455-G2-MX
- Small branch or retail site using an all-in-one MX67C or MX68CW with integrated LTE for primary or backup WAN
- Extending secure SD-WAN into AWS, Azure, Google Cloud, or Alibaba Cloud using a virtual MX appliance
Cisco Meraki MX Security & SD-WAN questions, answered
How is the Meraki MX managed?
The MX is 100% cloud-managed through the Cisco Meraki dashboard, the only fully cloud-managed solution for unified threat management and SD-WAN in a single appliance. Appliances self-provision by pulling policies from the cloud, so deployment is zero touch with no on-site staging, and the dashboard handles automatic firmware and security signature updates, role-based administration, and 24x7 monitoring.
What security features are built into the MX?
The MX integrates a next-gen layer 7 firewall, SNORT-based intrusion prevention that supports PCI compliance, Cisco Advanced Malware Protection with sandboxing, and Talos CIPA-compliant content and web-search filtering. It also provides SSL decryption and inspection, data loss prevention, CASB, SaaS tenant restrictions, GeoIP-based firewalling, and native Cisco XDR integration, with signatures kept current through the cloud.
Which models fit a large campus or VPN concentrator role?
For high-scale sites the MX250 supports up to 2,000 users with 7.5 Gbps NGFW throughput and 3,000 VPN tunnels, the MX450 supports up to 10,000 users with 10 Gbps NGFW throughput and 5,000 tunnels, and the C8455-G2-MX reaches 20 Gbps NGFW throughput and 6,000 tunnels. These rack-mount appliances are positioned as campus gateways or VPN concentrators.
Can the MX extend SD-WAN into public cloud?
Yes. The virtual MX (vMX) runs as a software instance on AWS, Microsoft Azure, Google Cloud, and Alibaba Cloud and functions like a VPN concentrator with full SD-WAN capability. It is added through the cloud marketplace, managed in the Meraki dashboard like any other MX, and requires only a Meraki license, with vMX-Small, Medium, and Large options spanning 250 Mbps to 1 Gbps.
Quote Cisco Meraki MX Security & SD-WAN for your build.
Send your requirements for a procurement-ready quote, or build an instant budgetary estimate first.