Web Proxy capabilities of MX100

AEC
Conversationalist

Web Proxy capabilities of MX100

Does the MX line (MX84 or MX100 ) provide web proxy features/services?

 

I think there may be a design documentation that states that a web proxy needs to sit behind a separate firewall

 

 

3 REPLIES 3
mmmmmmark
Building a reputation

The MX84 and higher do HTTP content caching (Security Appliance --> Configure --> Traffic Shaping and scroll down to Web Cache) but i'm not sure if the issue seen here in 2014: http://www.bhargavs.com/index.php/2014/05/05/would-you-like-an-open-proxy-with-your-firewall/ is still an issue. I'd say enable it and then see if you can configure a laptop to use it as an open proxy or if you need to authenticate to it or if you can't access it from outside at all.

 

Here's a doc that shows the storage capabilities of the various MX line: https://meraki.cisco.com/lib/pdf/meraki_datasheet_mx.pdf Look at page 7.

PhilipDAth
Kind of a big deal
Kind of a big deal

The MX units do inline content filtering.  There is seldom a reason to use old school proxy servers anymore.

I wouldn't necessarily deploy an MX as a proxy.  The MX does have HTTP caching available in the Web Cache options, but only supported in models with a physical disk (where the cache lives) and only works on static HTTP content, and is meant more for sites with low Internet bandwidth (like  under 10Mbps) and the need to cache the static content.

 

The MX is using Squid in the background, looking in the HTTP header to see if the content is cacheable or not, and if not, it won't.  So much more of the common Internet traffic is now dynamic in nature, serves up content from many different URLs, and is all generally marked as non-cacheable. 

 

But do you really need to cache dynamic content (probably complex and expensive) and/or deploy an actual proxy server (becoming antiquated except in certain use cases), or can you deploy the appropriate content filtering, L7 firewalling, IDS/IPS and traffic shaping rules (all simple and included with any MX Adv Sec license) to address the requirements?

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels