Cisco Meraki Firewall/ VPN/ MFA

Solved
RobustMeraki
Getting noticed

Cisco Meraki Firewall/ VPN/ MFA

 

  • Which Meraki firewall model supports 3 WAN Connections?
  • Can the Meraki firewall actively block emails and send them to quarantine? Is there any basic method that the Meraki firewall can do against unwanted emails in this case? Is it possible to achieve this with Secure Connect without purchasing Cisco's Email Security? It seems that Fortinet already offers this capability.
  • Is there a way to enable two-factor authentication without purchasing Cisco Duo? Is it possible to enable this at least for admin authentication? According to the customer, Fortinet offers this as a one-time purchase without requiring ongoing licenses. Can this be achieved through Secure Connect? Do we need to buy AnyConnect if we already have Secure Connect? Which licenses of Secure Connect are required for this usecase and how many of it are needed if the customer has 50 employees, can those licenses be shared?

 

1 Accepted Solution
Gary_Geihsler1
Meraki Alumni (Retired)
Meraki Alumni (Retired)

Multi-factor Authentication is not included in Secure Connect licensing, we have an open system that can support multiple SAML 2.0 MFA providers. If you would like MFA (highly recommended) you would purchase your MFA solution separately. 

Secure Client is the new major version of AnyConnect. At AnyConnect version 5.0 (now rebranded as Secure Client) there was a major change that allowed Cisco Endpoint Security Agent to be installed as a single software client with Secure Client (on Windows only). Additional modules have been added to Secure Client such as ThousandEyes and ZTNA. The end goal is to have a single software client and child modules that fit specific use cases. 

Licenses for Secure Connect are calculated on a per named user basis. We have a user defined also as 20GB of data processed per user per month in aggregate. There are some non-standard scenarios where per-user calculations are challenging (retail, industrial) and we have guidance posted for Cisco internal and partners how to quote for those scenarios. 

View solution in original post

4 Replies 4
Shubh3738
Building a reputation

1.) For MX Family Data Sheet refer below document:

Enterprise Network Security & SD-WAN | Models | Cisco Meraki

 

2.) The Meraki firewall itself doesn’t have the capability to actively block emails and send them to quarantine. For Email Quarantine you must need Email Security or check with your Mial service provider they can help on this by put extra filter option on this.

 

3.) You can use Cisco Duo you can use 1-10 users free, refer below documents-

Pricing | Duo Security

 

 

 

 

 

RobustMeraki
Getting noticed

Thanks @Shubh3738 .

 

Can Cisco Duo for 10 users then be used for an unlimited amount of time? Or does the customer has to purchase the license seperately after a certain amount of usage?

Also if I offer him Cisco secure connect is Anyconnect already in it?

Is there no MFA Licenses in Cisco Secure Connect?

Shubh3738
Building a reputation

Yes, It's for unlimited time. Difference is only they have limited features.

You can go through below document for more details:

Pricing | Duo Security

 

Additionally, AnyConnect focuses on VPN and basic security features.

while Cisco Secure Client provides a more extensive security suite, including endpoint protection, ZTNA etc.

 

Gary_Geihsler1
Meraki Alumni (Retired)
Meraki Alumni (Retired)

Multi-factor Authentication is not included in Secure Connect licensing, we have an open system that can support multiple SAML 2.0 MFA providers. If you would like MFA (highly recommended) you would purchase your MFA solution separately. 

Secure Client is the new major version of AnyConnect. At AnyConnect version 5.0 (now rebranded as Secure Client) there was a major change that allowed Cisco Endpoint Security Agent to be installed as a single software client with Secure Client (on Windows only). Additional modules have been added to Secure Client such as ThousandEyes and ZTNA. The end goal is to have a single software client and child modules that fit specific use cases. 

Licenses for Secure Connect are calculated on a per named user basis. We have a user defined also as 20GB of data processed per user per month in aggregate. There are some non-standard scenarios where per-user calculations are challenging (retail, industrial) and we have guidance posted for Cisco internal and partners how to quote for those scenarios. 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.