vMX100 =/= virtual MX100

HTrumbull
Conversationalist

vMX100 =/= virtual MX100

I've deployed a vMX100 through the Azure CSP workaround template method and while it is still a problematic deployment since it creates a resource group outside of the desired resource group for the Pub IP, Disk, and NIC while putting the VM resource in the desired Resource Group which breaks some of the reporting tools in Azure but I digress.

The vMX100 is not a Virtual MX100. I've never been led to believe that the vMX100 was anything but a "Virtual MX100".
The functionality is not the same, there is no "Security Center", no L7 rules for blocking by country, no L3 rules for blocking by service, the 1:1 NAT rules are not managed from the Meraki but rather through Azure (which is not made clear in the vMX documentation). Why call it a vMX100? Why is the documentation for the vMX100 linked with the MX100 when they are not deployed the same, managed the same or even share functionality?

What gives Meraki? My Cisco ASAv is a "Virtual ASA" and I can have my ASA team manage it like an ASA. I'm having a hard time finding value in the vMX100 and especially around the Meraki support around that virtual device.

2 REPLIES 2
NolanHerring
Kind of a big deal

I agree with the confusion since there is a physical MX100 and then they called their virtual one (which indeed does not provide the same functionality) vMX100. They should have called it something completely different like vMX150 or something different so people won't make the connection between the physical and virtual.

 

With that being said from the main page:

 

"Virtual MX is a virtual instance of a Meraki security appliance, dedicated specifically to providing the simple configuration benefits of site-to-site Auto VPN for customers running or migrating IT services to an Amazon Web Services or Microsoft Azure Virtual Private Cloud (VPC)."

 

I've never deployed the vMX100, but my understanding of the product when it first came out was that it is basically just a one-armed VPN Concentrator based on the description above. It is to only be used for the Auto-VPN functionality for remote sites (which is where you could apply all those policies/L3+L7 rules etc.).

 

Sorry your having this problem =(

Nolan Herring | nolanwifi.com
TwitterLinkedIn

Good point. That is indeed all it does.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels