Meraki

burnz · ‎Aug 7 2018

Hi,

right now we are using a mx60 behind a 500down 150up fiber connection.

Wired clients which are using a gigabit connection are only getting around 100Mbps at speed tests. While directly connected to the fiber full speed is available.

So the mx60 seems to be too weak to handle this connection.

As we are a small company with only 20 Clients a mx100 is too expensive.

Is there a possibility for a smaller mx which can handle up 1gbit internet speeds? Or any other recommendation for a firewall/utm?

Regards,

Christoph

AjitKumar · ‎Aug 7 2018

Hi,

I believe the smaller hardware will have low specifications as they are meant for less load/users.

If not MX100 you may consider to upgrade to MX84 that may work out more economical.

https://meraki.cisco.com/products/appliances#models

Regards,
Ajit
AjitsNW@gmail.com
www.ajit.network

MRCUR · ‎Aug 7 2018

The MX84 is rated for 500Mb. Take a look at the MX sizing guide here: https://meraki.cisco.com/lib/pdf/meraki_whitepaper_mx_sizing_guide.pdf

MRCUR | CMNO #12

Adam · ‎Aug 7 2018

This topic comes up about once a month. I think we are all optimistic that Meraki will make a lower end device that supports high bandwidth for situations like yours. Many of us have small branch sites where large inexpensive pipes are available and it stinks to have that pipe limited by the MX.

Adam R MS | CISSP, CISM, VCP, MCITP, CCNP, ITILv3, CMNO
If this was helpful click the Kudo button below
If my reply solved your issue, please mark it as a solution.

BlakeRichardson · ‎Aug 7 2018

I have this dilema at home, my internet has just been upgraded to 1Gb down and 500Mb up but MX unit can't handle those speeds. Do I keep using the MX or change to my pre Meraki router which can handle these speeds.

#rockandahardplace

If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.

mmmmmmark · ‎Aug 7 2018

@BlakeRichardson wrote:
I have this dilema at home, my internet has just been upgraded to 1Gb down and 500Mb up but MX unit can't handle those speeds. Do I keep using the MX or change to my pre Meraki router which can handle these speeds.

#rockandahardplace

The struggle is real! Was just upgraded to 300/300 and the old MX64 just ain't up to the task 😉

sLyDwAyZ · ‎Aug 7 2018

@BlakeRichardson,

Finding an Enterprise grade firewall that handles 1Gb/s with full next-gen features will be way out of the ballpark price wise and just not wise for a home deployment. I would suggest doing as I have in similar cases were people did not want to cough and arm and leg for a firewall and first keep the gear that your ISP provided. Next if you need next-gen protection use your MX to only secure the valuable assets in your home network but behind the ISP provided CPE equipment. I myself have 1Gb/s from AT&T and don't use it all so the MX84 and MX64 that I use is sufficient enough.

UARiT · ‎Jul 19 2021

3 years and...

The MX75 has secretly landed!

Warren · ‎Jul 20 2021

Better now than never... right?

We will be replacing the mx 84 with the mx 95. The Mx 105 looks nicer but the jump in license cost isn't worth it for us.

jdsilva · ‎Aug 7 2018

So I'll take the stick-in-the-mud approach here and say that if you only have 20 users on site, then I would consider downgrading the Internet and not worry about getting a bigger MX unless you are maxing out your current device. Nerd bragging rights aside, it is wasteful to have an oversized Internet pipe and security appliance for such a small number of users. I would take this as an opportunity to save your company some money by correctly sizing the pipe and fw to the actual needs.

If your 20 users are working with huge GIS-like data sets, or whatnot, then of course size according to that. But in most situations 20 users do not need a 500/150 connection, nor do they need a bigger appliance.

http://blog.brokennetwork.ca |

@jdsilva

burnz · ‎Aug 7 2018

The price for the 500 is just 5€ more than for the old 200 (which is the lowest available). Any other hardware recommendation except of a bigger mx? Maybe a different vendor?

sLyDwAyZ · ‎Aug 7 2018

@burnz

So here is a question for you. you said you only have 20 people in that office now can you validate that you actually use the whole 500Mb/s for just 20 people? I've worked on numerous networks from DOD to ISP to Utilities etc... and here is my approach pay for the circuit that you need plus 25% bandwidth overhead unless you just have money to throw at such a high MRR. Find that sweet spot that meets both bandwidth needs and budget and stick with it. if you have tools to track network usage monitor that for the past 30 days to see baseline utilization and scale you equipment as such. i personally think an MX84 will suffice but EVERY network is different.

burnz · ‎Oct 9 2018

Bought a MX67 and now everything seems to be fine 🙂

sLyDwAyZ · ‎Oct 9 2018

@burnz I am glad to hear you have seen improvements.

TechwiredCS · ‎Jan 4 2019

Ya in this day and age all my clients get Fios Gigabit internet for so cheep. not having a MX device on the low end cost is becoming an issue.

Adam · ‎Jan 4 2019

MX67 only supports max throughput of 300M with all security enabled. The first device that can support 1G internet is the MX250 which is way to expensive for a small site. This is still painful for me to size at sites that have large pipes available with a minimal number of users.

Adam R MS | CISSP, CISM, VCP, MCITP, CCNP, ITILv3, CMNO
If this was helpful click the Kudo button below
If my reply solved your issue, please mark it as a solution.

sLyDwAyZ · ‎Jan 6 2019

@Adam does traffic analysis show a higher bandwidth utilization then the 300M for that site?

Adam · ‎Jan 8 2019

I only have MX64 and MX65 networks so I'm not sure. The number I provided is based off of this (see page 3) https://meraki.cisco.com/lib/pdf/meraki_whitepaper_mx_sizing_guide.pdf

Which is pretty accurate. You may get a little more bandwidth if you have certain stuff turned off.

Adam R MS | CISSP, CISM, VCP, MCITP, CCNP, ITILv3, CMNO
If this was helpful click the Kudo button below
If my reply solved your issue, please mark it as a solution.

sLyDwAyZ · ‎Jan 8 2019

@Adam

Sorry if I wasn't clear. What I meant is have you gathered bandwidth utilization reports for those sites. Because your peak traffic utilization may not even be anywhere near the max throughput supported from the MX64/65. Hope that makes sense.

Adam · ‎Jan 8 2019

I've run speedtests at sites MX64 and 1G burstable circuits and had the 250M limit.

Adam R MS | CISSP, CISM, VCP, MCITP, CCNP, ITILv3, CMNO
If this was helpful click the Kudo button below
If my reply solved your issue, please mark it as a solution.

sLyDwAyZ · ‎Jan 17 2019

@Adam

when I say pull bandwidth I mean look in the Meraki dashboard for a particular site click on the Security & SD-WAN tab, then Appliance Status, then under Summary you will see network usage with the graph. Click on the drop-down to change the time frame to the last month from there you will see you usage on that particular site. Now if you are actually seeing 200+Mb/s of traffic over a month then my friend you do have a scaling issue on the appliance. if you are no where near the throughput rate of the MX you should be fine and not need to upgrade the appliance, unless you just want bragging rights that you can push 1Gb/s of traffic :). Hope this helps man.

Warren · ‎Jan 19 2019

We have an MX84 and a 300/300 connection. We have thought of going to Gigabit, as it's $20/month more.

The MX84 will be the impediment and we have looked at other brands. There are other brands offering similar feature sets for similar price ranges that can do a gigabit connection.

I'm probably going to buy the gig connection anyway, as it's trivial in increased expense. It will help with cloud backups but that's about it.

sLyDwAyZ · ‎Jan 19 2019

in the end it depends on network requirements, and budget. For a 1gb connection if you want full security features at that rate you would need a MX250 at minimum.

DJE · ‎Mar 27 2019

So, in all of the scenarios in this thread, the Ethernet handoff from the ISP is connected directly to the MX, no traditional router needed?

sLyDwAyZ · ‎Mar 27 2019

@DJE

That is correct you will configure the internet port of the MX with your public IP address.

RYN0 · ‎Apr 1 2019

I have started coming across this issue for some of my small clients that are moving to WAN links over 500Mbps as well.

One of the options I am looking at is the Cisco RV340 series for my smaller clients. They get 900Mbps throughput and have security licensing and capabilities similar to that of the MX's.

https://www.cisco.com/c/en/us/products/routers/rv345-dual-gigabit-wan-vpn-router/index.html

https://www.cisco.com/c/dam/en/us/td/docs/routers/csbr/RV345/Administration_Guide/EN/b_RV345_RV345P_...

Hoping that Meraki eventually builds a 1Gbps MX for small clients soon, though.

Warren · ‎Apr 1 2019

I just looked at the RV340 - it wouldn't work for our situation. But it can use Any Connect - which Meraki can't.

UARiT · ‎Sep 12 2022

Let's all just agree: GB WAN is a BASELINE. There is no excuse for not including a GB WAN in EVERY Meraki MX.

We are in 2022, the cheapest garbage from UBNT, Aerohive, Aruba, Rukus and all other prosumer crap all have GB WAN.

I understand Sticks n Muds old-timey logic... I know the "Stateful Firewall" is a thing that makes the $$... I also know that you can disable it if you want the bandwidth and there is no compelling reason to limit WAN uplink to anything less than GB. We all need to be thinking in terms of future use as well. We could easily implement 2GB or 10GB uplink as well. No harm, no foul.

We lose out in the market without GB Uplink.

Warren · ‎Sep 12 2022

I agree. If we had required faster uplinks, we would have replaced the Meraki's with another firewall. Fortunately we don't need the extra bandwidth, so it doesn't matter for our use case. But the companies that make their own chips are able to offload some CPU intensive things to ASIC chips. That is the way that all manufacturers should be headed and hopefully Cisco will instead of trying to cram everything into an intel system on a chip. Hardware $ for $ Meraki is far from competitive. But the software is what makes us stick around. Too bad the software stack can't run on another large brand's hardware, then we could FortiMeraki or MerakiGate.... UnifiMeraki....

Meraki

Community

MX for Gigabit Internet

MX for Gigabit Internet