FAQ banner
Get the Help and Supports!

This help center can answer your questions about customer services, products tech support, network issues.
Select a topic to get started.

ICT Tech Savings Week
2025 MEGA SALE | In-Stock & Budget-Friendly for Every Project

Meraki MX Sizing Guide: How to Choose the Right Model for Your Network


The Cisco Meraki MX Security and SD-WAN appliances provide unified threat management (UTM) in a single, cloud-managed device. Device performance, especially throughput, varies depending on enabled features. Proper MX sizing ensures your network is secure, scalable, and efficient, avoiding both overspending and performance bottlenecks.

Meraki MX Sizing Guide

Part 1: Key Technical Factors for MX Selection

This section explains the core metrics for selecting the right MX model, including throughput, maximum users, VPN limits, and feature impact.

Throughput and Firewall Performance

Next-Generation Firewall (NGFW) throughput is the most realistic indicator for secure network performance. Throughput testing accounts for Layer 3 Firewall, QoS, DPI, IDS/IPS, AMP, and Content Filtering.

Maximum Users and Clients

Device sizing depends on flow table capacity and feature set. Each client typically generates up to 50 flows.

MX Model Maximum Concurrent Sessions Recommended Maximum Device Count
MX67/68 25,000 50
MX85 125,000 250
MX100 250,000 750
MX250 500,000 2,000
MX450 1,000,000 10,000

VPN & SD-WAN Tunnel Limits

The MX supports Site-to-Site VPN (AutoVPN) and client VPN simultaneously. VPN capacity and SD-WAN throughput are critical for large deployments.

MX Model Max AnyConnect Sessions Rec. Max Site-to-Site VPN Tunnels VPN Throughput (EMIX)
MX67/68 100 50 300 Mbps
MX85 250 100 1 Gbps
MX100 250 500 3.5 Gbps
MX250 1,000 1,000 3.5 Gbps
MX450 1,500 1,500 6.5 Gbps

Security Features

All MX models support advanced security features including Advanced Malware Protection (AMP), IDS/IPS (SNORT), and content filtering powered by Cisco Talos intelligence.

Ports, PoE, and Connectivity

  • Integrated Cellular: MX67C and MX68C feature LTE modem.
  • Built-in Wi-Fi: MX67W and MX68W.
  • Built-in PoE+: MX68, MX75, MX85, MX95, MX105 (select LAN ports).
  • WAN Fiber (SFP/SFP+): MX75 and above.


Part 2: Typical Deployment Scenarios

Small Office / Branch Office (≤100 Users)

Recommended Models: MX67, MX68, MX75. These provide sufficient NGFW throughput and security for 50–100 devices. MX68 includes built-in PoE+, while MX75 supports higher capacity and more VPN sessions.

Medium Enterprise / Multiple Branches (100–750 Users)

Recommended Models: MX85, MX95, MX100, MX105. These models support higher NGFW throughput, VPN capacity, and large branch office connectivity.

Enterprise HQ / Data Center Edge (1,000+ Users)

Recommended Models: MX250, MX450. These are designed for maximum throughput and session capacity, suitable for core security gateways or VPN concentrators.


Part 3: MX Model Comparison Table

Feature MX67/68 MX85 MX100 MX250 MX450
Recommended Users 50 250 750 2,000 10,000
Max Concurrent Sessions 25,000 125,000 250,000 500,000 1,000,000
NGFW Throughput (Prevention) 300 Mbps 500 Mbps 2 Gbps 2 Gbps 5 Gbps
Max AnyConnect Sessions 100 250 250 1,000 1,500
Rec. Max Site-to-Site VPN Tunnels 50 100 500 1,000 1,500
WAN Fiber (SFP/SFP+) No No No Yes Yes
Built-in PoE+ MX68 Yes Yes No No No
Dual Power Supply No No No Yes Yes


Part 4: Decision Guidance & Best Practices

Step-by-step approach: assess NGFW throughput, estimate users, calculate VPN load, verify required features, and allocate buffer for future growth. Consider offloading high-performance features using SD-WAN extensions to maintain throughput.


Part 5: Router-switch Advantages

For IT procurement teams, partners like Router-switch simplify sourcing with global in-stock inventory, genuine Cisco and multi-brand hardware, technical solution guidance, flexible payment options, and worldwide delivery.


Part 6: FAQ

Which MX model is suitable for 50, 100, or 200 users?

50 users: MX67 or MX68. 100 users: MX75 provides expansion headroom. 200 users: MX75 or MX85.

How to calculate MX throughput requirements?

Compare your ISP bandwidth against the MX’s NGFW Throughput (Prevention) metric with all security features enabled.

MX64 vs MX68 vs MX84 – differences and use cases?

MX64/68: desktop devices for small branches. MX68 includes PoE+. MX84 (older 100-user model) replaced by MX85.

How many VPN tunnels can each MX support?

MX67/68: 50 Site-to-Site VPN tunnels, 100 AnyConnect sessions. MX450: 1,500 of each.

Can MX handle SD-WAN for high-bandwidth cloud apps?

Yes, with Dynamic Path Selection and sub-second failover. Offload HTTPS Inspection if needed to maintain throughput.

How to plan MX sizing for multiple branch offices?

Size central Hub MX based on total VPN tunnels and remote users. Spoke MX based on local users and ISP speed.

What are common mistakes in MX sizing?

Using raw Firewall Throughput instead of NGFW Throughput, and ignoring performance impact of high-load features like HTTPS Inspection.

Expert

Expertise Builds Trust

20+ Years • 200+ Countries • 21500+ Customers/Projects
CCIE · JNCIE · NSE7 · ACDX · HPE Master ASE · Dell Server/AI Expert


Categories: Brand Cisco