Hi, When this post was created that was indeed the case. But now you can deploy it in routed mode and use L4-L7 features with the advanced security license as long as you run 19.1 -> If you deploy in routed mode internet access should work since the vMX will do NAT. You can also use it as a firewall on a stick for VNETS in this setup. You just need to add a route table to the spoke subnets pinning all traffic to the vMX LAN interface in the HUB VNET. Check out this FAQ for more info. I think it will give you most of the answers you seek 🙂 vMX NAT Mode Use Cases and FAQ - Cisco Meraki Documentation
... View more
