Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Meraki Z Series in a MX Advanced Security Environment

TBee
Here to help
‎Aug 25 2020 8:20 AM
‎Aug 25 2020 8:20 AM

Meraki Z Series in a MX Advanced Security Environment

 

I am currently designing a MX Environment that will make use of the features in the Advanced Security Licence.
Specifically the following:
URL Content Filtering
Intrusion Prevention
Advanced Malware Protection (AMP) with Threat Grid support
Layer 7 Geo-IP Firewall Rules.

I believe that you can't have an MX customer environment where you are using both Enterprise an Advanced Security Licences.

However the customer has asked for an alternative device to the MX for sites with 1-2 users, where the MX64 is seen as providing over capacity. We are considering the Z series for these site types, however we have noticed that the Advanced Security Licence is not available.

I have looked into this a little, and have seen discussions that say you can mix the Z Series with an Enterprise Licence in a customer environment that is also using the MX Appliances with Advanced Security Licences.

Firstly is this correct, can you mix the Z Series and MX with Sec Licences?

Secondly, if you can mix them, do you loose the support for URL Content Filtering Intrusion Prevention
Advanced Malware Protection and Layer 7 Geo-IP Firewall Rules on the Z Series?

0 Kudos
Subscribe
4 Replies 4
BrandonS
Kind of a big deal
‎Aug 25 2020 8:23 AM
‎Aug 25 2020 8:23 AM

Yes to both questions.  You can mix them in your environment, but they don't support advanced features.

 

*However, you may still get advanced feature use if tunneling Z traffic through an MX.

 

 

- Ex community all-star (⌐⊙_⊙)
Subscribe
SoCalRacer
Kind of a big deal
‎Aug 25 2020 8:31 AM
‎Aug 25 2020 8:31 AM

I believe the recommended method for this deployment is one network for the MX and main office. Then one network for each branch/satellite office with one Z device. Then utilize AutoVPN back to MX. This should keep your security features if setup correctly.

Subscribe
In response to SoCalRacer
TBee
Here to help
‎Sep 3 2020 1:27 AM
‎Sep 3 2020 1:27 AM

Can the Remote MX's with the Advanced Security Licence connect to the same central MX as the Remote Z Series that are running the Enterprise S/w. i.e. can the same Central MX support the two networks that are running differing s/w types?

0 Kudos
Subscribe
In response to TBee
cmr
Kind of a big deal
Kind of a big deal
‎Sep 3 2020 4:42 AM
‎Sep 3 2020 4:42 AM

Yes the SD-WAN features currently available don't differ for Enterprise or Advanced licenses, though with the new SD-WAN license on top that might change.  I don't see even that change affecting the ability of Zs to connect.

0 Kudos
Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.