Cisco Meraki MX84

Basic Information

• Model: MX84-HW (Hardware)
• Version: Not explicitly versioned like software; hardware appliance. Firmware updates are automatic.
• Release Date: The MX84 was positioned to replace the MX80, which was discontinued with its release.
• Minimum Requirements: Requires a valid Meraki license to operate and connect to the Meraki Dashboard. Internet connection for cloud management.
• Supported Operating Systems: Not applicable as it is a hardware appliance; managed via cloud-based Meraki Dashboard accessible from any web browser.
• Latest Stable Version (Firmware): MX18.1 firmware release is the maximum running build for the MX84. It will not run MX 18.2 and above firmware builds.
• End of Sale Date: October 31, 2021.
• End of Support Date: October 31, 2026.
• End of Life Date: October 31, 2026 (coincides with End of Support Date).
• Auto-update Expiration Date: Firmware updates cease after the End of Support Date (October 31, 2026).
• License Type: Subscription-based. Options include Enterprise, Advanced Security, and Secure SD-WAN Plus licenses, available in 1, 3, 5, 7, or 10-year terms. A license is required for the MX84 to function.
• Deployment Model: Cloud-managed security appliance, designed for distributed deployments and medium branch environments.

Analysis of Basic Information:

The Cisco Meraki MX84 is a cloud-managed security and SD-WAN appliance primarily aimed at small to medium-sized businesses and distributed branch offices. Its key differentiator is the cloud-based Meraki Dashboard, which simplifies deployment and management. The appliance has reached its End of Sale date, indicating it is no longer sold by the manufacturer, and its End of Support date is set for October 2026. This means that while it remains functional, it will no longer receive official firmware updates or manufacturer support after this date, necessitating a migration strategy for long-term use. The subscription-based licensing model is central to its operation, providing access to features and cloud management.

Technical Specifications

• Processor: A much faster CPU than its predecessor, optimized for application and content-aware security.
• RAM: Not explicitly detailed in public specifications, but sufficient for application and content-aware security at the edge.
• Storage: 1TB for web caching.
• Display: No integrated display; status indicated by LEDs.
• Ports:
  • WAN: 2x 1 Gigabit Ethernet RJ45 (dedicated uplinks).
  • LAN: 8x 1 Gigabit Ethernet RJ45.
  • Uplink Ports: 2x 1 Gigabit Ethernet SFP.
  • USB: 1x USB 2.0 for 3G/4G failover (cellular support).
• Operating System: Meraki OS (proprietary, cloud-managed).
• Dimensions (H x D x W): 1.75in x 10in x 19in (44mm x 254mm x 483mm).
• Weight: 9 lb (4.1kg).
• Power Supply: Internal 100-220V 50/60Hz AC, single 100W power supply.
• Mount Type: 1U Rack-mountable (rack mount hardware included).

Analysis of Technical Specifications:

The MX84 features a robust set of network interfaces, including multiple Gigabit Ethernet ports and SFP ports, offering flexible connectivity for various network setups. The inclusion of a USB port for 3G/4G failover enhances network resilience. The 1TB web caching is a notable feature for optimizing bandwidth. Its rack-mountable form factor and standard dimensions make it suitable for enterprise network racks. The specifications indicate a device built for reliable performance in medium-sized branch environments, emphasizing connectivity and security capabilities over raw processing power or extensive local storage.

Support & Compatibility

• Latest Version (Firmware): MX18.1 is the maximum firmware release for the MX84. Newer firmware versions (MX 18.2 and above) are not supported.
• OS Support: Managed via the cloud-based Meraki Dashboard, accessible through standard web browsers on various operating systems.
• End of Support Date: October 31, 2026. After this date, official manufacturer support, including firmware updates and troubleshooting, ceases.
• Localization: Meraki Dashboard is generally available in multiple languages, supporting global deployments.
• Available Drivers: Not applicable as it is a network appliance with integrated firmware.
• Cartridge and Ink Codes: Not applicable (not a printer).

Analysis of Overall Support & Compatibility Status:

The Cisco Meraki MX84 benefits from the centralized cloud management model, simplifying firmware updates (until EoS) and configuration across diverse environments. However, its approaching End of Support date in October 2026 is a critical factor. This means that while the device will continue to function, it will no longer receive official security patches or feature updates from Cisco Meraki. Organizations using the MX84 must plan for migration to newer hardware to maintain full support, security, and access to the latest features. Compatibility with the cloud dashboard remains as long as a valid license is active, but the lack of future firmware updates limits its long-term viability for evolving security threats and network demands.

Security Status

• Security Features: Unified Threat Management (UTM) capabilities including intrusion detection/prevention (IDS/IPS) using Cisco SNORT engine, malware protection (Advanced Malware Protection - AMP), content filtering (CIPA-compliant, Google/Bing SafeSearch, YouTube for Schools), web search filtering, anti-phishing tools, geo-IP based firewalling, IPsec VPN connectivity, Layer 7 application firewall, 1:1 and 1:Many NAT, client VPN (IPsec), and identity-based policies.
• Known Vulnerabilities: Continuously updated through the cloud, but will cease to receive updates after the End of Support Date (October 31, 2026).
• Blacklist Status: Not applicable as a hardware appliance; security features include content filtering and threat intelligence to block malicious sites.
• Certifications: PCI 3.0 compliance for intrusion prevention.
• Encryption Support: IPsec VPN connectivity, AES (128-bit) encryption.
• Authentication Methods: Active Directory integration, identity-based policies.
• General Recommendations: Requires a valid Advanced Security License for full threat protection features like IDS/IPS and AMP. Regular firmware updates are crucial for security, which will cease after EoS.

Analysis on the Overall Security Rating:

The Cisco Meraki MX84 offers a comprehensive suite of enterprise-grade security features, including advanced UTM capabilities like IDS/IPS, AMP, and content filtering. Its cloud-managed nature ensures that security definitions are continually updated, providing protection against emerging threats. The support for IPsec VPNs and Active Directory integration facilitates secure remote access and user authentication. The appliance's PCI compliance further underscores its security posture. However, the impending End of Support date means that the device will no longer receive critical security updates after October 2026, which will significantly degrade its security rating over time. Organizations must transition to newer, supported hardware to maintain an optimal security posture.

Performance & Benchmarks

• Benchmark Scores:
  • Stateful Firewall Throughput: 500 Mbps.
  • Maximum VPN Throughput: 250 Mbps.
  • Advanced Security Throughput: 320 Mbps (some sources state 200 Mbps).
  • Maximum Concurrent VPN Tunnels: 100.
• Real-World Performance Metrics:
  • Recommended Maximum Clients: Up to 200 users.
  • Consistently delivers fast and reliable internet connectivity for small to mid-sized businesses.
  • Handles demanding tasks like deep packet inspection and content filtering without reducing speed or reliability.
• Power Consumption:
  • Idle Power Load: 26W.
  • Maximum Power Load: 32W.
• Carbon Footprint: Not explicitly detailed in public specifications.
• Comparison with Similar Assets:
  • Improved significantly over its predecessor, the MX80, with a faster CPU, more WAN/LAN ports, and double the firewall throughput.
  • Positioned for medium branches, while MX65W is for up to 50 clients and MX100 for up to 500 clients.

Analysis of the Overall Performance Status:

The Cisco Meraki MX84 offers solid performance for its target audience of medium-sized branch offices and up to 200 clients. Its stateful firewall throughput of 500 Mbps and VPN throughput of 250 Mbps are adequate for many business needs, providing secure and efficient connectivity. The Advanced Security Throughput of 320 Mbps (or 200 Mbps) indicates its capability to handle advanced security features without significant performance degradation. Power consumption is relatively low, making it an energy-efficient option. While it represents a significant improvement over older models, larger enterprises or those with very high VPN usage might find its VPN throughput limiting, as noted in user feedback.

User Reviews & Feedback

• Strengths:
  • Ease of Use: Cloud-based Meraki Dashboard is user-friendly, even for less-experienced IT teams, simplifying network administration.
  • Strong Security: Robust features including UTM, AMP, IDS/IPS, content filtering, and real-time threat updates.
  • Remote Management: Ability to monitor, configure, and manage the entire network remotely, saving time and reducing the need for on-site IT staff.
  • Scalability: Easy integration of new users and locations, adaptable to changing network needs.
  • Reliability: Customers speak highly of its performance and reliability.
  • Dual Power Supplies (Power Redundancy): Adds reliability, minimizing downtime.
  • Auto VPN: Simplifies site-to-site VPN setup.
• Weaknesses:
  • Pricey Licensing: Ongoing licensing fees can add up, particularly for advanced features, making the total cost of ownership high for some.
  • Limited VPN Throughput: 250 Mbps VPN throughput may not be sufficient for businesses with high VPN usage or larger enterprises.
  • Cloud Dependency: Reliance on internet connectivity for dashboard access and management; if the internet goes down, dashboard access is lost.
  • Limited Customization: Some users find customization options frustrating.
  • Lacking Advanced Features: Compared to some competitors, it may lack certain advanced features despite high costs.
  • Limited Compatibility: Hardware compatibility can be restrictive for customized setups.
• Recommended Use Cases:
  • Small to medium-sized businesses (SMBs) with multiple branch locations or remote workers.
  • Organizations that prioritize security but have limited on-site IT resources.
  • Distributed deployments requiring remote administration.
  • Businesses needing an easy-to-manage, scalable network security solution.

Analysis of User Reviews & Feedback:

User feedback consistently highlights the MX84's ease of use and powerful cloud-based management as significant advantages, making it ideal for organizations with limited IT staff. Its comprehensive security features are also highly praised for protecting against modern threats. However, the recurring concern is the cost of the mandatory licensing, which can be a barrier for smaller organizations. The VPN throughput, while sufficient for many, can be a limitation for heavy users. The cloud-dependent management is both a strength and a potential weakness, depending on internet reliability. Overall, the MX84 is well-regarded for its simplified, secure, and scalable network management for its intended market.

Vulnerabilities

• CVE-2025-20212
  Published: 2025-04-02 - Updated: 2025-04-07 - CVSS: 7.7 - EPSS: 0.14%
  A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series devices could allow an authenticated, remote attacker to cause a denial of service (DoS) condition in the Cisco AnyConnect service on an affected device. To exploit this vulnerability, the attacker must have valid VPN user credentials on the affected device.
• This vulnerability exists because a variable is not initialized when an SSL VPN session is established. An attacker could exploit this vulnerability by supplying crafted attributes while establishing an SSL VPN session with an affected device. A successful exploit could allow the attacker to cause the Cisco AnyConnect VPN server to restart, resulting in the failure of the established SSL VPN sessions and forcing remote users to initiate a new VPN connection and reauthenticate. A sustained attack could prevent new SSL VPN connections from being established.
  Published: - Updated: - CVSS: - EPSS:
  
• Note: When the attack traffic stops, the Cisco AnyConnect VPN server recovers without manual intervention.
  Published: - Updated: - CVSS: - EPSS:
  
• CVE-2024-20513
  Published: 2024-10-02 - Updated: 2025-06-04 - CVSS: 5.8 - EPSS: 0.30%
  A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition for targeted users of the AnyConnect service on an affected device.
• This vulnerability is due to insufficient entropy for handlers that are used during SSL VPN session establishment. An unauthenticated attacker could exploit this vulnerability by brute forcing valid session handlers. An authenticated attacker could exploit this vulnerability by connecting to the AnyConnect VPN service of an affected device to retrieve a valid session handler and, based on that handler, predict further valid session handlers. The attacker would then send a crafted HTTPS request using the brute-forced or predicted session handler to the AnyConnect VPN server of the device. A successful exploit could allow the attacker to terminate targeted SSL VPN sessions, forcing remote users to initiate new VPN connections and reauthenticate.
  Published: - Updated: - CVSS: - EPSS:
  

View more

Summary

The Cisco Meraki MX84 is a cloud-managed security and SD-WAN appliance designed to provide robust network security and simplified management for small to medium-sized businesses and distributed branch offices. Its core strength lies in the intuitive Meraki Dashboard, which enables zero-touch deployment and remote administration of a comprehensive suite of network services.

Key features include a stateful firewall with 500 Mbps throughput, 250 Mbps VPN throughput, and advanced security throughput of up to 320 Mbps. It offers extensive connectivity with 10 Gigabit Ethernet ports (2 WAN, 8 LAN) and 2 SFP ports, along with a USB 2.0 port for 3G/4G failover. The device supports up to 200 clients and 100 concurrent VPN tunnels, making it suitable for medium branch environments.

Security is a major focus, with Unified Threat Management (UTM) capabilities such as intrusion detection/prevention (IDS/IPS) powered by Cisco SNORT, Advanced Malware Protection (AMP), content filtering, and IPsec VPN. It supports Active Directory integration and identity-based policies for granular control. The appliance is rack-mountable, with dimensions of 1.75in x 10in x 19in and a weight of 9 lb. Power consumption is low, with idle and maximum loads of 26W and 32W, respectively.

The MX84 operates on a subscription-based licensing model (Enterprise, Advanced Security, Secure SD-WAN Plus), which is essential for its functionality and access to cloud management and advanced features. A critical consideration is its End of Sale date of October 31, 2021, and its End of Support date of October 31, 2026. After this date, the device will no longer receive official firmware updates, security patches, or manufacturer support, which could impact its long-term security and compatibility.

Strengths: The MX84 excels in ease of deployment and management through its intuitive cloud dashboard, robust security features, and strong remote management capabilities. Its scalability and reliability are also frequently praised by users.

Weaknesses: The primary drawbacks include the high cost of ongoing licensing, potentially limited VPN throughput for high-demand scenarios, and a dependency on internet connectivity for dashboard access. Some users also note limited customization options and a perceived lack of advanced features compared to its cost.

Recommendations: The Cisco Meraki MX84 is an excellent choice for small to medium-sized businesses, especially those with distributed offices and limited IT staff, seeking a secure, easy-to-manage network solution. It is particularly well-suited for environments prioritizing simplified operations and comprehensive, cloud-managed security. However, organizations should be aware of the impending End of Support date and plan for a migration to newer hardware to ensure continued security updates and manufacturer support beyond October 2026.

The information provided is based on publicly available data and may vary depending on specific device configurations. For up-to-date information, please consult official manufacturer resources.