Your SASE companion: Meraki Umbrella SD-WAN Connector

"With Umbrella’s Powerful Security comes Meraki's Great Simplicity"


Secure Access Service Edge (SASE) is one of the most talked about technologies in today's networking and security world. Enterprise customer priority is secure direct internet access, private access to applications and the ability to be connected to the network regardless of your location. Enterprises are migrating away from backhauling all traffic to their data center or HQ, and are enabling a more flexible and cost effective architecture, where all remote users gain secure and authenticated direct access to cloud-based applications. Branches now are able to efficiently route traffic and access applications directly from the cloud. For this architecture shift, there are many challenges:


  • The overhead of security at each branch 
  • Remote user authentication
  • Manage a diverse infrastructure spread across different as-a-service (aaS) model


Secure Access Service Edge (SASE) helps solve these challenges.


SASE was defined by Gartner in 2019 as:


"A security framework prescribing the conversions of security and network connectivity technologies into a single cloud-delivered platform to enable secure and fast cloud transformation."


 Meraki’s SASE is a full-stack solution that offers:


  • A simple and secure network fabric for connecting and managing applications, remote users, and branches from a single cloud-based solution.
  • Robust and unified cloud security for securing all your branch, remote user and application traffic to the cloud and the internet.


This robust full stack SASE solution is a combination of simplicity and security, where branch networks and remote users located anywhere can access applications behind private or public clouds and more importantly manage their security and network policies from a single pane of glass. 


Meraki Umbrella SD-WAN Connector 


The SASE journey first started with integrating Meraki's SD-WAN fabric to Cisco Umbrella's cloud security platform. It’s a simple architecture that enables your WAN traffic to be secured and controlled by a unified cloud-based security solution. Designing and managing all layers of security policies to the entire Meraki SD-WAN fabric edge is now simple and can be done from anywhere in the world with access to the Cisco Umbrella dashboard.  







An organization can design policies and secure their entire SD-WAN fabric located across multiple locations using Cisco Umbrella SIG services like:


  • Cloud Delivered Firewall (CDFW)
  • DNS Layer Security (DNS)
  • Secure Web Gateway (SWG)
  • Data Loss Prevention (DLP) and many more. 


To know more about all the different security services offered, go to Cisco Umbrella.


Extending Meraki's SD-WAN directly to Umbrella with Meraki's Auto VPN solution gives customers the flexible security options for SD-WAN traffic engineered through the Auto VPN tunnel. Organizations can have multiple branches establishing Auto VPN tunnels to a single hub located in a datacenter closer to their branch's location and at the same time have a highly available tunnel in another datacenter within the same region. 


Meraki Umbrella SD-WAN Connector is deployed in the Umbrella cloud which terminates Meraki SD-WAN (Auto VPN) tunnels.





Integrating Meraki's SD-WAN fabric with Cisco's Umbrella solution using Meraki Umbrella SD-WAN connector is as simple as 1-2-3.




The cloud onRamp feature is automatically enabled on your Meraki organization with any MX License and requires MX 14 or above firmware at the branch and MX15.37 or above firmware for the Meraki Umbrella SD-WAN connector. To connect to an Umbrella organization and deploy the connectors, you need to have an Umbrella SIG Essentials/Advanced License.

  1. A single click on this cloud onRamp gives the ability to connect to your Umbrella organization and gives you a complete choice of all the Umbrella Data Center pairs where you wish to deploy your Meraki Umbrella SD-WAN Connectors. 
  2. After choosing the best Data Center pair and deploying your deployment, just attach all your branch spokes to the Meraki Umbrella SD-WAN connector hubs and enable VPN on all subnets of the spoke branches. 
  3. An Auto VPN tunnel between your spoke branch and the Meraki Umbrella SD-WAN connector is established. Default BGP route to Umbrella SIG is advertised to all connected spokes.


The existing Auto VPN High Availability capabilities is strengthened with the introduction of Disaster Recovery DCs. Each region pair now has a fallback Disaster Recovery data center. 


A complete step by step guide of how to deploy this solution is explained in this guide.

Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.