Adaptive policy & SGT on MX

StefanRzepczyk
Here to help

Adaptive policy & SGT on MX

Dear community,

 

does anybody know when adaptive policies & SGT is coming to the MX? My customers need microsegmentation over VPN.

 

I'm already on BETA for these features on MS and MR, but I was told that it will be available on MX sometime.

 

Does anybody know a date or roadmap?

 

Thanks and greetings

Stefan

5 REPLIES 5
Seshu
Meraki Employee
Meraki Employee

Hello @StefanRzepczyk 

 

The Adaptive Policy on MR and MS is available on the latest firmware. I have checked internally and dont see any specific updates or ETA on if and when this feature would be available on the MX Platform. I would recommend submitting a feature request using the Make a Wish button on the dashboard, if you haven't already submitted one. 

 

Let me know if you have any questions.

 

Regards,

Meraki Team

Hello @Seshu,

 

thanks for your reply. That's too bad.

 

How would micro segmentation look like with the MX? 

 

Best regards,

Stefan

Hello @StefanRzepczyk,

 

Could you provide some more context and details on what exactly are you looking for in micro segmentation. I am not aware of any specific feature with that name. If you could provide some details, I can get back with any possible way of achieving the goal.

 

Regards,

Meraki Team

CptnCrnch
Kind of a big deal
Kind of a big deal

Micro segmentation is based on filtering endpoint traffic directly on the access port. This allows SGT-based filtering even for clients within the same L3 network.

Based on that, MX (from my point of view) is not the place where „micro“ segmentation would take place. It‘d rather fulfill firewalling based on SGTs instead of IP addresses with inter-VLAN traffic just as ASA and Firepower devices already do. It‘d be a great choice if MX could handle that too tho 😉

StefanRzepczyk
Here to help

Seems like version 18.105 now supports SGTs over the MX:

"Added support for forwarding Secure Group Tags (SGT) on traffic. This is available on Z3(C), MX64(W), MX65(W), MX67(C,W), and MX68(W,CW), MX75, MX84, MX85, MX95, MX100, MX250, and MX450 appliances and enables full stack (MR+MS+MX) Adaptive Policy operation."

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels