Cisco Meraki MX95

Basic Information

The Cisco Meraki MX95 is a cloud-managed security and SD-WAN appliance designed for medium-sized businesses and distributed environments. It functions as an all-in-one device, integrating security, SD-WAN, and routing capabilities.

• Model: MX95
• Version: Part of the "next generation" MX series, released in June 2021.
• Release Date: June 2021
• Minimum Requirements: Requires a valid Cisco Meraki license for activation and management. An internet connection is necessary for remote setup and cloud management.
• Supported Operating Systems: As a hardware appliance, it does not run a user-facing operating system. It integrates with Active Directory for identity-based policies. Client VPN supports IPsec.
• Latest Stable Version (Firmware): Firmware updates are automatic and managed through the cloud-based Meraki Dashboard.
• End of Support Date: Cisco Meraki MX appliances include a limited lifetime hardware warranty with next-day advance hardware replacement. Software upgrades and phone support are bundled with the active license.
• End of Life Date: Not publicly specified.
• Auto-update Expiration Date: Automatic firmware and security signature updates are continuous as long as a valid license is active.
• License Type: Mandatory Meraki licenses are available in three tiers: Enterprise, Advanced Security, and Secure SD-WAN Plus. Licenses are "per device, per year" and offered in 1, 3, 5, 7, and 10-year terms.
• Deployment Model: 100% cloud-managed with zero-touch provisioning, making it ideal for distributed branches, campuses, and data center locations.

Technical Specifications

The Cisco Meraki MX95 is a 1U rack-mountable appliance designed for robust network performance and security.

• Processor: Information not publicly available.
• RAM: Information not publicly available.
• Storage: Information not publicly available.
• Display: Not applicable.
• Ports:
  • WAN Uplinks: 2x 10 Gigabit Ethernet SFP+ ports, 2x 2.5 Gigabit Ethernet RJ45 ports (one with PoE+ capability).
  • LAN Ports: 4x 1 Gigabit Ethernet RJ45 ports, 2x 10 Gigabit Ethernet SFP+ ports.
  • Other: 1x USB 3.0 port (for 3G/4G cellular failover via USB modem), 1x RJ45 management port.
• Operating System: Meraki OS (proprietary, cloud-managed).
• Dimensions (H x D x W): 1.73 in x 11.23 in x 19.08 in (44 mm x 285.2 mm x 484.6 mm).
• Weight: 6.99 lb (3.17 kg).

Analysis of Technical Specifications

The MX95's technical specifications highlight its focus on high-speed connectivity and flexible deployment. The inclusion of multiple 10GbE SFP+ ports for both WAN and LAN, alongside 2.5GbE RJ45 WAN ports with PoE+, provides ample bandwidth and versatile connection options for modern enterprise networks. The USB 3.0 port for cellular failover ensures business continuity. While specific internal component details like processor, RAM, and storage are not disclosed, this is typical for cloud-managed appliances where the underlying hardware is abstracted by the service. The 1U rack-mount form factor is standard for enterprise network equipment, facilitating integration into existing data center or wiring closet setups.

Support & Compatibility

The Cisco Meraki MX95 benefits from Meraki's cloud-managed ecosystem, providing streamlined support and compatibility features.

• Latest Version: Automatic firmware upgrades are a core feature, ensuring the appliance always runs the latest stable software.
• OS Support: The appliance integrates with Active Directory for user and policy management. Client VPN functionality supports the IPsec protocol.
• End of Support Date: A limited lifetime hardware warranty is included, offering next-day advance hardware replacement. Software upgrades, centralized systems management, and 24x7 phone support are covered by the Meraki license.
• Localization: The Meraki Dashboard supports various languages. Power cords are available for different regions, including US, EU, UK, and AU.
• Available Drivers: Not applicable, as it is a self-contained network appliance.
• Cartridge and Ink Codes: Not applicable (not a printer).

Analysis of Overall Support & Compatibility Status

The MX95 offers a robust support and compatibility status, primarily driven by its cloud-managed architecture. Automatic firmware updates eliminate manual intervention and ensure the device remains current with the latest features and security patches. The lifetime hardware warranty, coupled with comprehensive software and phone support included in the licensing, provides a predictable and reliable support experience. Its compatibility with Active Directory and standard IPsec VPN protocols ensures seamless integration into most enterprise environments. The global availability of power cords also indicates broad international usability.

Security Status

The Cisco Meraki MX95 provides an extensive suite of security features, positioning it as a Unified Threat Management (UTM) solution.

• Security Features:
  • Stateful firewall (Layer 3/Layer 7)
  • SD-WAN capabilities
  • Auto VPN™ (self-configuring site-to-site VPN using IPsec/IKE/IKEv2)
  • Client VPN (IPsec)
  • Content filtering (Webroot BrightCloud CIPA-compliant URL database)
  • Web search filtering (Google SafeSearch, YouTube for Schools)
  • Intrusion Detection & Prevention (IDS/IPS) powered by Cisco SNORT® engine
  • Advanced Malware Protection (AMP) with optional Cisco Threat Grid integration
  • Geo-IP based firewalling
  • Identity-based policies and Active Directory integration
  • User and device quarantine
  • VLAN support and DHCP services
  • WAN and cellular failover
  • Dynamic path selection
  • SSL decryption/inspection (with Advanced Security license)
• Known Vulnerabilities: Not specifically detailed in general product information, but continuous security signature updates and IDS/IPS aim to address emerging threats.
• Blacklist Status: Not applicable.
• Certifications: Complies with FCC Class A digital device limits. IDS/IPS features support PCI 3.2 compliance.
• Encryption Support: Supports IPsec for VPN tunnels. Offers SSL decryption/inspection with the Advanced Security license.
• Authentication Methods: Integrates with Active Directory for identity-based authentication.
• General Recommendations: For comprehensive threat protection, utilizing the Advanced Security or Secure SD-WAN Plus license tiers is recommended.

Analysis of Overall Security Rating

The Cisco Meraki MX95 boasts a strong overall security rating, offering a comprehensive, multi-layered defense strategy. Its integrated UTM capabilities, including a stateful firewall, advanced malware protection, and intrusion detection/prevention, are informed by Cisco Talos intelligence. The cloud-managed nature ensures that security signatures and firmware are automatically updated, providing continuous protection against evolving threats. The flexible licensing options allow organizations to scale their security posture according to their specific needs, from essential firewall and VPN to advanced threat intelligence and analytics. The support for IPsec VPN and Active Directory integration further enhances secure connectivity and access control.

Performance & Benchmarks

The Cisco Meraki MX95 delivers multi-gigabit performance suitable for medium to large branch environments.

• Benchmark Scores:
  • Stateful Firewall Throughput: 2 Gbps (up to 2.5 Gbps in some configurations, or 3 Gbps in others).
  • VPN Throughput: 800 Mbps (up to 2.5 Gbps in some configurations).
  • Advanced Security Throughput (Next Generation Firewall/Threat Protection): 1 Gbps (up to 2 Gbps in some configurations).
  • Recommended Clients: Up to 500 users.
  • Maximum Site-to-Site VPN Tunnels: 500.
• Real-world Performance Metrics: Designed to provide high-performance security, advanced routing, and intelligent traffic management for locations with up to 500 users. SD-WAN capabilities optimize traffic and ensure application Quality of Experience (QoE).
• Power Consumption:
  • Idle Power Draw: 42 W.
  • Maximum Power Draw: 109 W.
  • BTU/hr (Full Load): 371.92 BTU/hr.
• Carbon Footprint: Information not publicly available.
• Comparison with Similar Assets:
  • Cisco Meraki MX84: The MX95 offers significantly higher throughput across all metrics (e.g., 2 Gbps stateful firewall vs. 500 Mbps for MX84) and supports a larger user base (500 vs. 200-250 users).
  • Cisco Meraki MX105: The MX105 is a higher-tier model, offering greater throughput (e.g., 3 Gbps stateful firewall, 1 Gbps VPN, 1.5 Gbps advanced security) and supporting more users (up to 750). The MX105 also includes dual redundant power supplies.

Analysis of Overall Performance Status

The Cisco Meraki MX95 delivers strong performance metrics, making it well-suited for its target demographic of medium to large branch offices. Its multi-gigabit firewall and VPN throughput, combined with robust advanced security capabilities, ensure that network traffic is processed efficiently even under heavy loads and with security services enabled. The appliance's ability to support up to 500 users with SD-WAN and Auto VPN features provides excellent scalability and reliability for distributed environments. Power consumption figures are within expected ranges for an enterprise-grade security appliance of this caliber, reflecting efficient operation given its performance capabilities.

User Reviews & Feedback

User reviews and feedback for the Cisco Meraki MX95 consistently highlight its ease of use and comprehensive feature set within the Meraki ecosystem.

• Strengths:
  • Simplified Management: Praised for its intuitive cloud dashboard and zero-touch provisioning, which simplifies deployment and ongoing management.
  • All-in-One Solution: Valued for consolidating multiple network services (security, SD-WAN, routing) into a single appliance, reducing complexity and hardware requirements.
  • Comprehensive Security: Users appreciate the extensive suite of integrated security features, including IDS/IPS, AMP, and content filtering.
  • Scalability: Offers flexible licensing options and performance suitable for growing networks and distributed sites.
  • Reliability: Known for stable operation and automatic firmware updates that maintain performance and security.
• Weaknesses:
  • Mandatory Licensing: The requirement for a continuous license to operate and access cloud features is a noted aspect, though it bundles support and updates.
  • Throughput Variations: Some documentation shows slight variations in throughput figures, which can lead to minor confusion.
• Recommended Use Cases:
  • Medium-sized businesses and distributed enterprise branches.
  • Organizations requiring a Unified Threat Management (UTM) solution.
  • SD-WAN hub for secure connectivity to hub locations or multi-cloud environments.
  • Environments needing PCI-compliant edge security.
  • Schools, hospitals, and institutional settings.

Vulnerabilities

• CVE-2025-20212
  Published: 2025-04-02 - Updated: 2025-04-07 - CVSS: 7.7 - EPSS: 0.14%
  A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series devices could allow an authenticated, remote attacker to cause a denial of service (DoS) condition in the Cisco AnyConnect service on an affected device. To exploit this vulnerability, the attacker must have valid VPN user credentials on the affected device.
• This vulnerability exists because a variable is not initialized when an SSL VPN session is established. An attacker could exploit this vulnerability by supplying crafted attributes while establishing an SSL VPN session with an affected device. A successful exploit could allow the attacker to cause the Cisco AnyConnect VPN server to restart, resulting in the failure of the established SSL VPN sessions and forcing remote users to initiate a new VPN connection and reauthenticate. A sustained attack could prevent new SSL VPN connections from being established.
  Published: - Updated: - CVSS: - EPSS:
  
• Note: When the attack traffic stops, the Cisco AnyConnect VPN server recovers without manual intervention.
  Published: - Updated: - CVSS: - EPSS:
  
• CVE-2024-20513
  Published: 2024-10-02 - Updated: 2025-06-04 - CVSS: 5.8 - EPSS: 0.30%
  A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition for targeted users of the AnyConnect service on an affected device.
• This vulnerability is due to insufficient entropy for handlers that are used during SSL VPN session establishment. An unauthenticated attacker could exploit this vulnerability by brute forcing valid session handlers. An authenticated attacker could exploit this vulnerability by connecting to the AnyConnect VPN service of an affected device to retrieve a valid session handler and, based on that handler, predict further valid session handlers. The attacker would then send a crafted HTTPS request using the brute-forced or predicted session handler to the AnyConnect VPN server of the device. A successful exploit could allow the attacker to terminate targeted SSL VPN sessions, forcing remote users to initiate new VPN connections and reauthenticate.
  Published: - Updated: - CVSS: - EPSS:
  

View more

Summary

The Cisco Meraki MX95 is a robust, cloud-managed security and SD-WAN appliance designed for medium to large branch environments, supporting up to 500 users. Its key strengths lie in its comprehensive feature set, combining a stateful firewall, advanced security services like IDS/IPS and Advanced Malware Protection, and SD-WAN capabilities into a single, easy-to-manage device. The appliance offers multi-gigabit throughput, with a stateful firewall throughput of 2 Gbps and VPN throughput of 800 Mbps, ensuring high-performance network security. Its 100% cloud-managed architecture enables zero-touch provisioning, automatic firmware updates, and simplified remote management via the Meraki Dashboard, which is highly valued by users for its ease of deployment and ongoing administration.

Weaknesses primarily revolve around the mandatory licensing model, which, while providing bundled support and updates, represents a continuous operational cost. However, this model is integral to the Meraki ecosystem's cloud-managed benefits. The MX95 is an excellent choice for organizations seeking a powerful, integrated, and easily deployable solution for secure connectivity, application quality of experience, and advanced threat protection across distributed locations. Its extensive port configuration, including 10GbE SFP+ and 2.5GbE RJ45 with PoE+, provides ample flexibility for modern network demands. The lifetime hardware warranty and included software/phone support further enhance its appeal as a reliable enterprise asset.

The information provided is based on publicly available data and may vary depending on specific device configurations. For up-to-date information, please consult official manufacturer resources.