Meraki SDWAN architecture

SOLVED
Avdhesh
Here to help

Meraki SDWAN architecture

Hi Team,

 

planning to implement meraki sdwan on 15 branches, with DC to be colocated . 2 sites have more than 800 users others have 250 users on an average. for now we have firewalls at branches. please suggest what mode in should I run my MX devices and do i need a firewall at all branches along with MX devices.

 

Rgerads,

 

1 ACCEPTED SOLUTION
cmr
Kind of a big deal
Kind of a big deal

@Avdhesh an MX in VPN concentrator mode only has one active port so indeed it is not connected to the WAN directly, but sits behind some other firewalls.

View solution in original post

8 REPLIES 8
KarstenI
Kind of a big deal
Kind of a big deal

As always, it depends. If your actual firewalls do all of the processing for Internet-traffic, you only need the MX-Enterprise licenses which will save you money. But you have to maintain two platforms. If you move the firewalling to the MX, you will likely go with the Advanced Security license because that will give you more security-features. Very positive with Meraki MX, for high-availability you only need an additional MX, but not an extra license.

 

For the sizing, the sites with 250 users will likely be a candidate for the MX95, while the sites with 800 users could use a MX250. But you should also take into account the needed throughput for internet-traffic and VPN.

Hey karstnel,

 

Thanks for the reply. that is helpful, at the DC end i need to deploy MX in concentrator mode and at branches NAT mode as internet will terminate directly on MXs at branch.

 

the auto VPN will work for all MXs running either on concentrator mode or NAT mode right!

 

KarstenI
Kind of a big deal
Kind of a big deal

Yes, you can mix them as you want. Keep in mind that with concentrator-mode you can not have two WAN connections on the MX. That is a restriction that I typically don't like as nearly all customers have two ISPs at the HQ/DC and I want to have both active for AutoVPN.

Hi Karsten,

 

in VPN concentrator mode we are not terminating the WAN on MX or can we?

 

cmr
Kind of a big deal
Kind of a big deal

@Avdhesh an MX in VPN concentrator mode only has one active port so indeed it is not connected to the WAN directly, but sits behind some other firewalls.

Inderdeep
Kind of a big deal
Kind of a big deal

@Avdhesh : the whole story 

https://documentation.meraki.com/Architectures_and_Best_Practices/Cisco_Meraki_Best_Practice_Design/...

 

Regards/Inder
Cisco IT Blogs awarded in 2020 & 2021
www.thenetworkdna.com
BrandonS
Kind of a big deal

You should find this informative: MX Sizing Principles

 

 

 

- Ex community all-star (⌐⊙_⊙)

Hey Brandon,

 

Thanks a lot for the response!

 

i have done the sizing with this document only, a bit confused over sizing for DC as no users will be there. the client is planning to move to a colocated DC with dual 100 Mb internet links.

 

as per BW MX67 or 68 would fit keeping in mind future scaling. what do you suggest.

 

 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels