background image

Features, benefits and performance impact

UTM products come with a variety of security and networking features. Understanding the benefits  
and tradeoffs of these features is crucial to getting the maximum security benefit without unnecessary 
performance degradation.

BENEFITS

PErFOrMaNcE 
IMPacT

rEcOMMENdaTIONS

WAN opt

Minimizes latency, reduces 

amount of traffic between 
sites

High

Use only between sites that have high latency (>50ms) and low 
bandwidth (< 5 mbps). Use split-tunnel VPN and enable WAN opt only 
for specific hosts and ports

Anti-virus /  

anti-phishing

Provides flow based 
protection for Web traffic 
(port 80).

High

Consider disabling for guest VLANs and using firewall rules to isolate 

those VLANs. Also consider disabling AV/anti-phishing if you run a full 

AV client on host devices.

IDS / IPS

Provides alerts / prevention 
for suspicious network 
traffic

High

Consider not sending IDS/IPS syslog data over VPN in low-bandwidth 
networks.

VPN

Secure, encrypted traffic 
between locations

Medium

Use split-tunnel VPN and deploy security services at the edge.

Web caching

Accelerating access to Web 
content by caching locally

Medium

Ideal for repetitively accessing heavy multimedia content frequently 
for low bandwidth networks. Not recommended for high bandwidth 
networks. Please note that YouTube doesn’t support web caching.

Content filtering  
(top sites)

Category based URL 
filtering using locally 
downloaded database

Low

Choose this option if your priority is speed over coverage.

Content filtering  
(full list)

Category based URL 
filtering using the full 
database hosted at 

Brightcloud.com

Medium

Choose this option if your priority is 100% coverage and security.  
Web browsing will be slightly slower at the beginning but will improve 
as more and more URL categories are cached.

Web safe-search

Turning Google / Bing safe-

search option on

Low

Must be deployed in tandem with “disable encrypted search” option 
to be effective.

Blocking 

encrypted  
search

Disabling Google / Bing 

searches via https (port 

443), allowing Web safe-

search enforcement

Low

Must be deployed in tandem with “Web safe-search” to be effective. 
Requires a DNS setting modification, otherwise will also break 

Google apps. Check Meraki knowledge base for more.

Cisco Systems, Inc.  |  500 Terry A. Francois Blvd, San Francisco, CA 94158  |  (415) 432-1000  |  [email protected]

4

Содержание MX60

Страница 1: ... Guide March 2014 This technical document provides guidelines for choosing the right Cisco Meraki security appliance based on real world deployments industry standard benchmarks and in depth feature descriptions ...

Страница 2: ...of security features that can be deployed in any given MX device performance will vary depending on the use case Choosing the right MX depends on the use case and the deployment characteristics This technical guide is designed to help answer the following questions How do I decide which MX model I need Which features should I turn on How do MX models compare against the competition Choosing the ri...

Страница 3: ...00 500 2000 10000 Max Stateful L3 firewall throughput in passthrough mode 100Mbps 250Mbps 500Mbps 1Gbps 2Gbps Stateful L3 fw in NAT mode 100Mbps 250Mbps 500Mbps 1Gbps 2Gbps Max connections 100 000 100 000 500 000 1 000 000 2 000 000 Max connections per sec 2 500 4 500 12 000 30 000 30 000 Max VPN throughput per tunnel no WAN Opt 35Mbps 80Mbps 100Mbps 200Mbps 200Mbps Max VPN connections site to sit...

Страница 4: ... Web caching Accelerating access to Web content by caching locally Medium Ideal for repetitively accessing heavy multimedia content frequently for low bandwidth networks Not recommended for high bandwidth networks Please note that YouTube doesn t support web caching Content filtering top sites Category based URL filtering using locally downloaded database Low Choose this option if your priority is...

Страница 5: ...c pattern Traffic flowing through the MX security appliance for testing purposes was composed of the following protocols applications MX60 MX60W MX80 MX100 MX400 MX600 Max throughput 10Mbps 40Mbps 75Mbps 160Mbps 160Mbps Client count 25 100 500 2 000 10 000 10 HTTP browsing 20 HTTPS browsing 20 HTTP download 20 FTP 20 CIFS non VPN 5 HTTP over VPN 5 CIFS over VPN Throughput configuration USE CASE Ev...

Страница 6: ...00 Max throughput 20Mbps 50Mbps 100Mbps 200Mbps 200Mbps Client count 25 100 500 2 000 10 000 MX60 MX60W MX80 MX100 MX400 MX600 Max throughput 20Mbps 50Mbps 100Mbps 200Mbps 200Mbps Client count 25 100 500 2 000 10 000 YouTube for Schools Web caching not available on MX60 MX60W Throughput configuration Throughput configuration USE CASE K 12 school deployment with limited bandwidth Schools need stron...

Страница 7: ...60 MX60W MX80 MX100 MX400 MX600 Max throughput 10Mbps 40Mbps 75Mbps 160Mbps 160Mbps Client count 25 100 500 2 000 10 000 20 HTTP browsing 20 HTTPS browsing 20 HTTP download 20 FTP 20 streaming media 10 Amazon media 10 Netflix 30 HTTP browsing 30 HTTPS browsing 20 HTTP download 10 CIFS 10 VPN Throughput configuration Throughput configuration USE CASE Higher Ed firewall Higher Ed institutions tradit...

Страница 8: ...yed in the datacenter as a one armed VPN WAN optimization aggregator possibly as an Active Passive HA pair Conclusion While every network will have a unique traffic pattern this guide highlights a few common scenarios to help you choose the right Cisco Meraki MX product for your environment Consider planning for future growth by allocating buffer room in your firewall selection e g if you currentl...

Отзывы: