Hi,
right now we are using a mx60 behind a 500down 150up fiber connection.
Wired clients which are using a gigabit connection are only getting around 100Mbps at speed tests. While directly connected to the fiber full speed is available.
So the mx60 seems to be too weak to handle this connection.
As we are a small company with only 20 Clients a mx100 is too expensive.
Is there a possibility for a smaller mx which can handle up 1gbit internet speeds? Or any other recommendation for a firewall/utm?
Regards,
Christoph
Hi,
I believe the smaller hardware will have low specifications as they are meant for less load/users.
If not MX100 you may consider to upgrade to MX84 that may work out more economical.
https://meraki.cisco.com/products/appliances#models
The MX84 is rated for 500Mb. Take a look at the MX sizing guide here: https://meraki.cisco.com/lib/pdf/meraki_whitepaper_mx_sizing_guide.pdf
This topic comes up about once a month. I think we are all optimistic that Meraki will make a lower end device that supports high bandwidth for situations like yours. Many of us have small branch sites where large inexpensive pipes are available and it stinks to have that pipe limited by the MX.
I have this dilema at home, my internet has just been upgraded to 1Gb down and 500Mb up but MX unit can't handle those speeds. Do I keep using the MX or change to my pre Meraki router which can handle these speeds.
#rockandahardplace
@BlakeRichardson wrote:I have this dilema at home, my internet has just been upgraded to 1Gb down and 500Mb up but MX unit can't handle those speeds. Do I keep using the MX or change to my pre Meraki router which can handle these speeds.
#rockandahardplace
The struggle is real! Was just upgraded to 300/300 and the old MX64 just ain't up to the task 😉
Finding an Enterprise grade firewall that handles 1Gb/s with full next-gen features will be way out of the ballpark price wise and just not wise for a home deployment. I would suggest doing as I have in similar cases were people did not want to cough and arm and leg for a firewall and first keep the gear that your ISP provided. Next if you need next-gen protection use your MX to only secure the valuable assets in your home network but behind the ISP provided CPE equipment. I myself have 1Gb/s from AT&T and don't use it all so the MX84 and MX64 that I use is sufficient enough.
3 years and...
The MX75 has secretly landed!
Better now than never... right?
We will be replacing the mx 84 with the mx 95. The Mx 105 looks nicer but the jump in license cost isn't worth it for us.
The price for the 500 is just 5€ more than for the old 200 (which is the lowest available). Any other hardware recommendation except of a bigger mx? Maybe a different vendor?
So here is a question for you. you said you only have 20 people in that office now can you validate that you actually use the whole 500Mb/s for just 20 people? I've worked on numerous networks from DOD to ISP to Utilities etc... and here is my approach pay for the circuit that you need plus 25% bandwidth overhead unless you just have money to throw at such a high MRR. Find that sweet spot that meets both bandwidth needs and budget and stick with it. if you have tools to track network usage monitor that for the past 30 days to see baseline utilization and scale you equipment as such. i personally think an MX84 will suffice but EVERY network is different.
Bought a MX67 and now everything seems to be fine 🙂
Ya in this day and age all my clients get Fios Gigabit internet for so cheep. not having a MX device on the low end cost is becoming an issue.
MX67 only supports max throughput of 300M with all security enabled. The first device that can support 1G internet is the MX250 which is way to expensive for a small site. This is still painful for me to size at sites that have large pipes available with a minimal number of users.
@Adam does traffic analysis show a higher bandwidth utilization then the 300M for that site?
I only have MX64 and MX65 networks so I'm not sure. The number I provided is based off of this (see page 3) https://meraki.cisco.com/lib/pdf/meraki_whitepaper_mx_sizing_guide.pdf
Which is pretty accurate. You may get a little more bandwidth if you have certain stuff turned off.
Sorry if I wasn't clear. What I meant is have you gathered bandwidth utilization reports for those sites. Because your peak traffic utilization may not even be anywhere near the max throughput supported from the MX64/65. Hope that makes sense.
I've run speedtests at sites MX64 and 1G burstable circuits and had the 250M limit.
when I say pull bandwidth I mean look in the Meraki dashboard for a particular site click on the Security & SD-WAN tab, then Appliance Status, then under Summary you will see network usage with the graph. Click on the drop-down to change the time frame to the last month from there you will see you usage on that particular site. Now if you are actually seeing 200+Mb/s of traffic over a month then my friend you do have a scaling issue on the appliance. if you are no where near the throughput rate of the MX you should be fine and not need to upgrade the appliance, unless you just want bragging rights that you can push 1Gb/s of traffic :). Hope this helps man.
We have an MX84 and a 300/300 connection. We have thought of going to Gigabit, as it's $20/month more.
The MX84 will be the impediment and we have looked at other brands. There are other brands offering similar feature sets for similar price ranges that can do a gigabit connection.
I'm probably going to buy the gig connection anyway, as it's trivial in increased expense. It will help with cloud backups but that's about it.
in the end it depends on network requirements, and budget. For a 1gb connection if you want full security features at that rate you would need a MX250 at minimum.
So, in all of the scenarios in this thread, the Ethernet handoff from the ISP is connected directly to the MX, no traditional router needed?
I have started coming across this issue for some of my small clients that are moving to WAN links over 500Mbps as well.
One of the options I am looking at is the Cisco RV340 series for my smaller clients. They get 900Mbps throughput and have security licensing and capabilities similar to that of the MX's.
https://www.cisco.com/c/en/us/products/routers/rv345-dual-gigabit-wan-vpn-router/index.html
Hoping that Meraki eventually builds a 1Gbps MX for small clients soon, though.
Let's all just agree: GB WAN is a BASELINE. There is no excuse for not including a GB WAN in EVERY Meraki MX.
We are in 2022, the cheapest garbage from UBNT, Aerohive, Aruba, Rukus and all other prosumer crap all have GB WAN.
I understand Sticks n Muds old-timey logic... I know the "Stateful Firewall" is a thing that makes the $$... I also know that you can disable it if you want the bandwidth and there is no compelling reason to limit WAN uplink to anything less than GB. We all need to be thinking in terms of future use as well. We could easily implement 2GB or 10GB uplink as well. No harm, no foul.
We lose out in the market without GB Uplink.
I agree. If we had required faster uplinks, we would have replaced the Meraki's with another firewall. Fortunately we don't need the extra bandwidth, so it doesn't matter for our use case. But the companies that make their own chips are able to offload some CPU intensive things to ASIC chips. That is the way that all manufacturers should be headed and hopefully Cisco will instead of trying to cram everything into an intel system on a chip. Hardware $ for $ Meraki is far from competitive. But the software is what makes us stick around. Too bad the software stack can't run on another large brand's hardware, then we could FortiMeraki or MerakiGate.... UnifiMeraki....