First of all, I am not a network administrator and security guru, just an small business owner with a distributed network who needs help in figuring out which devices to place where.
Does UKFast allow you to install network equipment? If you're allowed to do that I'd just put MX's in every location and leverage AutoVPN to establish connectivity between all of them. Take a look at the sizing guide to determine the models you would need:
https://meraki.cisco.com/lib/pdf/meraki_whitepaper_mx_sizing_guide.pdf
For the clientVPN you can use one (or several) of the MXs. The disadvantage here is that Meraki doesn't have their own VPN client. Setup of client VPN can be a bit fiddly:
https://documentation.meraki.com/MX/Client_VPN/Client_VPN_OS_Configuration
You can use VLANs to separate home and corporate networks and if you need ports than what is present on an MX, just add some switches to the network (MS120 would probably be sufficient, or MS210 if you want basic L3 features for even more segmentation). Same with Wi-Fi, just add some access points (a couple of MR33's is what I'd probably would go for in your case).
Regarding the security features. If you need advanced security (IDS/IPS, AMP, Content Filtering, Geobased Firewalling) then keep in mind you need to buy that license level for all networks (all MXs) in your organization.
Hope that helps!
I've not used a vMX100 (virtual MX security appliance), however, the situation described above sounds as if it might be a possible option, as far as UKFast is concerned. So physical and virtual appliances interact.
UKFast would not allow personal equipment but they do support IPSec VPNs. Is this where the VMx would come into play? We have two virtual servers at UKFast, a SQL Server and a Windows Application server. Would VMx run on the Windows Application server?
@ArnieC wrote:UKFast would not allow personal equipment but they do support IPSec VPNs. Is this where the VMx would come into play? We have two virtual servers at UKFast, a SQL Server and a Windows Application server. Would VMx run on the Windows Application server?
UKFast offers AWS and Azure solutions.
A virtual MX is deployed on an AWS EC2 instance or an Azure VM and then configured in the Meraki dashboard, just like any other MX. It functions like a VPN concentrator. Product Overview
@BrechtSchamp well described, this is the possible solution additionally with meraki Auto VPN you can also choose which networks you want to allow to communicate between your offices US1 <-->UK1. i think L3 switch is not required here you can perform the L3 routing at MX depend upon your end device count.