Meraki MX Sizing Guide: How to Choose the Right Model for Your Network
Selene Gong
The Cisco Meraki MX Security and SD-WAN appliances provide unified threat management (UTM) in a single, cloud-managed device. Device performance, especially throughput, varies depending on enabled features. Proper MX sizing ensures your network is secure, scalable, and efficient, avoiding both overspending and performance bottlenecks.
Part 1: Key Technical Factors for MX Selection
This section explains the core metrics for selecting the right MX model, including throughput, maximum users, VPN limits, and feature impact.
Throughput and Firewall Performance
Next-Generation Firewall (NGFW) throughput is the most realistic indicator for secure network performance. Throughput testing accounts for Layer 3 Firewall, QoS, DPI, IDS/IPS, AMP, and Content Filtering.
Maximum Users and Clients
Device sizing depends on flow table capacity and feature set. Each client typically generates up to 50 flows.
MX Model
Maximum Concurrent Sessions
Recommended Maximum Device Count
MX67/68
25,000
50
MX85
125,000
250
MX100
250,000
750
MX250
500,000
2,000
MX450
1,000,000
10,000
VPN & SD-WAN Tunnel Limits
The MX supports Site-to-Site VPN (AutoVPN) and client VPN simultaneously. VPN capacity and SD-WAN throughput are critical for large deployments.
MX Model
Max AnyConnect Sessions
Rec. Max Site-to-Site VPN Tunnels
VPN Throughput (EMIX)
MX67/68
100
50
300 Mbps
MX85
250
100
1 Gbps
MX100
250
500
3.5 Gbps
MX250
1,000
1,000
3.5 Gbps
MX450
1,500
1,500
6.5 Gbps
Security Features
All MX models support advanced security features including Advanced Malware Protection (AMP), IDS/IPS (SNORT), and content filtering powered by Cisco Talos intelligence.
Ports, PoE, and Connectivity
Integrated Cellular: MX67C and MX68C feature LTE modem.
Built-in Wi-Fi: MX67W and MX68W.
Built-in PoE+: MX68, MX75, MX85, MX95, MX105 (select LAN ports).
WAN Fiber (SFP/SFP+): MX75 and above.
Part 2: Typical Deployment Scenarios
Small Office / Branch Office (≤100 Users)
Recommended Models: MX67, MX68, MX75. These provide sufficient NGFW throughput and security for 50–100 devices. MX68 includes built-in PoE+, while MX75 supports higher capacity and more VPN sessions.
Medium Enterprise / Multiple Branches (100–750 Users)
Recommended Models: MX85, MX95, MX100, MX105. These models support higher NGFW throughput, VPN capacity, and large branch office connectivity.
Enterprise HQ / Data Center Edge (1,000+ Users)
Recommended Models: MX250, MX450. These are designed for maximum throughput and session capacity, suitable for core security gateways or VPN concentrators.
Part 3: MX Model Comparison Table
Feature
MX67/68
MX85
MX100
MX250
MX450
Recommended Users
50
250
750
2,000
10,000
Max Concurrent Sessions
25,000
125,000
250,000
500,000
1,000,000
NGFW Throughput (Prevention)
300 Mbps
500 Mbps
2 Gbps
2 Gbps
5 Gbps
Max AnyConnect Sessions
100
250
250
1,000
1,500
Rec. Max Site-to-Site VPN Tunnels
50
100
500
1,000
1,500
WAN Fiber (SFP/SFP+)
No
No
No
Yes
Yes
Built-in PoE+
MX68 Yes
Yes
No
No
No
Dual Power Supply
No
No
No
Yes
Yes
Part 4: Decision Guidance & Best Practices
Step-by-step approach: assess NGFW throughput, estimate users, calculate VPN load, verify required features, and allocate buffer for future growth. Consider offloading high-performance features using SD-WAN extensions to maintain throughput.
Part 5: Router-switch Advantages
For IT procurement teams, partners like Router-switch simplify sourcing with global in-stock inventory, genuine Cisco and multi-brand hardware, technical solution guidance, flexible payment options, and worldwide delivery.
Part 6: FAQ
Which MX model is suitable for 50, 100, or 200 users?
50 users: MX67 or MX68. 100 users: MX75 provides expansion headroom. 200 users: MX75 or MX85.
How to calculate MX throughput requirements?
Compare your ISP bandwidth against the MX’s NGFW Throughput (Prevention) metric with all security features enabled.
MX64 vs MX68 vs MX84 – differences and use cases?
MX64/68: desktop devices for small branches. MX68 includes PoE+. MX84 (older 100-user model) replaced by MX85.
