planning to implement meraki sdwan on 15 branches, with DC to be colocated . 2 sites have more than 800 users others have 250 users on an average. for now we have firewalls at branches. please suggest what mode in should I run my MX devices and do i need a firewall at all branches along with MX devices.
Solved! Go to Solution.
As always, it depends. If your actual firewalls do all of the processing for Internet-traffic, you only need the MX-Enterprise licenses which will save you money. But you have to maintain two platforms. If you move the firewalling to the MX, you will likely go with the Advanced Security license because that will give you more security-features. Very positive with Meraki MX, for high-availability you only need an additional MX, but not an extra license.
For the sizing, the sites with 250 users will likely be a candidate for the MX95, while the sites with 800 users could use a MX250. But you should also take into account the needed throughput for internet-traffic and VPN.
Thanks for the reply. that is helpful, at the DC end i need to deploy MX in concentrator mode and at branches NAT mode as internet will terminate directly on MXs at branch.
the auto VPN will work for all MXs running either on concentrator mode or NAT mode right!
Yes, you can mix them as you want. Keep in mind that with concentrator-mode you can not have two WAN connections on the MX. That is a restriction that I typically don't like as nearly all customers have two ISPs at the HQ/DC and I want to have both active for AutoVPN.
@Avdhesh : the whole story
Thanks a lot for the response!
i have done the sizing with this document only, a bit confused over sizing for DC as no users will be there. the client is planning to move to a colocated DC with dual 100 Mb internet links.
as per BW MX67 or 68 would fit keeping in mind future scaling. what do you suggest.