Cisco Meraki Z1
Cloud-Managed Teleworker Gateway with Built-in Wireless
Sorry, this product is no longer available, replaced by the Z3-HW.
The Cisco Meraki Z-Series teleworker gateway is an enterprise class firewall, VPN gateway and router. Each model offers five gigabit ethernet ports and wireless for connectivity. Each model is designed to securely extend the power of Meraki cloud managed networking to employees, IT staff, and executives working from home.
Using Meraki’s proven and highly scalable Auto VPN technology, administrators can deploy network services including VoIP and remote endpoints with automatic, zero-touch provisioning. Additionally the Z series provides secure wired and wireless access, and increases end-user productivity through Layer 7 traffic shaping.
All models feature a high-performance stateful firewall, support for VLANs, inter-VLAN routing, and isolation to segregate corporate data from recreational traffic. The Z3 offers the latest in wireless performance with 802.11ac Wave 2 technology with MU-MIMO support to provide reliable and high speed network access for most demanding business applications and latest devices.
Z-Series and Meraki Cloud Management: A Powerful Combo
All Meraki devices are managed via the Meraki cloud, with an intuitive browser-based interface. Since the Z series is selfconfiguring and managed over the web, you can repidly deploy at remote locations without any assistance from end-users. Meraki Cloud services monitor all devices 24x7 and deliver realtime alerts if any device encounters a problem. Remote diagnostics tools enable real-time troubleshooting through any web browser. New features and enhancements are delivered seamlessly over the web, so you never have to manually download software updates or worry about missing security patches.
- 4 ports for printers, phones, and other devices
- 1 GbE WAN port, 4 GbE LAN ports
- 3G / 4G failover via USB modem
- Sleek, low profile design
- Dual-concurrent 802.11n radios
- 2x2 MIMO, up to 600 Mbps data rate
- Supports up to 4 SSIDs
Traffic shaping and application management
- Layer 7 application visibility and traffic shaping
- Application prioritization
- Stateful firewall separates corporate and personal traffic
- Extend VoIP phones over WAN
- Auto VPN™ self-configuring site-to-site VPN
- Access corporate HQ via site-to-site VPN
Cloud-based centralized management
- Managed centrally over the Web
- Classifies applications, users and devices
- Zero-touch, self-provisioning deployments
Leveraging Meraki’s cloud architecture, VPN tunnels to HQ or the data center can be enabled via a single click without any commandline configurations or multi-step key permission setups. Meraki’s patent-pending Auto VPN technology automatically tunnels, hole punches, sets up route tables, and establishes the IPsec connections, completely eliminating the complexity seen in traditional site-to-site VPN solutions.
Auto Configuring Site-to-Site VPN
Application-aware traffic shaping
The Z-Series includes an integrated layer 7 packet inspection, classification, and control engine, enabling you to set QoS policies based on traffic type. Prioritize your mission critical applications like VoIP or remote desktop, while setting limits on recreational traffic, e.g., peerto-peer and video streaming.
Application Visibility and Control
Simple, powerful security from end to end
With end-to-end VPN encryption, corporate data is always protected. Additionally the Meraki Z3 supports 802.1x wired port authentication, offering network and endpoint security no matter where the gateway may be deployed.
Self-configuring, self-optimizing, self-healing
When plugged in, the Z-Series automatically connects to the Meraki cloud, downloads its configuration, and joins your network. In case of WAN IP address changes, the Z-Series self heals by re-establishing the site-to-site VPN tunnels using the new IP address. Also, if a supported 3G/4G modem is connected and primary WAN uplink connectivity fails, the Z-Series will automatically failover to cellular.
Industry-leading cloud management
Meraki’s award-winning cloud management architecture unifies WAN, LAN, and wireless management under a web based dashboard, and scales easily from small deployments to large, multi-site deployments with tens of thousands of devices. The Meraki dashboard provides intuitive yet powerful role-based administration, firmware updates, configuration changes, email alerts, and easy to audit change logs.
Multi-Site Management via the Meraki Cloud
Cisco Meraki's cloud based management provides centralized visibility & control over Cisco Meraki's wired & wireless networking hardware, without the cost and complexity of wireless controllers or overlay management systems. Integrated with Cisco Meraki's entire product portfolio, cloud management provides feature rich, scalable, and intuitive centralized management for networks of any size.
- Unified visibility and control of the entire network via a single dashboard: wireless, switching, and security appliances
- Streamlines large networks with tens of thousands of endpoints
- Zero-touch provisioning for rapid deployment
- Built-in multi site network management tools
- Automated network monitoring and alerts
- Intuitive interface eliminates costly training or added staff
- Network tagging engine - search and sync settings by tag
- Role-based administration and auditable change logs
- Continuous feature updates delivered from the cloud
- Highly available and secure (PCI / HIPAA compliant)
Cloud Managed Networks
Cisco Meraki's hardware products are built from the ground up for cloud management. As a result, they come out of the box with centralized control, layer 7 device and application visibility, real time web-based diagnostics, monitoring, reporting, and much more.
Cisco Meraki networks deploy quickly and easily, without training or dedicated staff. Moreover, Cisco Meraki provides a rich feature set that provides complete control over devices, users, and applications, allowing for flexible access policies and rich security without added cost or complexity.
Cisco Meraki's cloud management provides the features, security, and scalability for networks of any size. Cisco Meraki scales from small sites to campuses, and even distributed networks with thousands of sites. Cisco Meraki devices, which self-provision via the cloud, can be deployed in branches without IT. Firmware and security signature updates are delivered seamlessly, over the web. With the cloud, branches can automatically establish secure VPN tunnels between one another with a single click.
With a secure, PCI and HIPAA compliant architecture and fault tolerant design that preserves local network functionality during WAN outages, Cisco Meraki is field proven in high security and mission critical network applications.
Cloud Management Architecture
Cisco Meraki's architecture provides feature rich network management without on-site management appliances or WiFi controllers.
Every Cisco Meraki device - including wirelesss access points, Ethernet switches, and security appliances - connects over the Internet to Cisco Meraki's datacenters, which run Cisco Meraki's cloud management platform. These connections, secured via SSL, utilize a patented protocol that provides real time visibility and control, yet uses minimal bandwidth overhead (typically 1 kbps or less.)
In place of traditional command-line based network configuration, Cisco Meraki provides a rich web based dashboard, providing visibility and control over up to tens of thousands of Cisco Meraki devices, anywhere in the world. Tools, designed to scale to large and distributed networks, make policy changes, firmware updates, deploying new branches, etc. simple and expedient, regardless of size or location. Cisco Meraki's real time protocols combine the immediacy of on-premise management applications with the simplicity and centralized control of a cloud application.
Every Cisco Meraki device is engineered for cloud management. Specifically, this means that Cisco Meraki devices are designed with memory and CPU resources to perform packet processing, QoS, layer 3-7 security, encryption, etc. at the network edge. As a result, no network traffic passes through the cloud, with the cloud providing management functionality out of the data path. This architecture enables networks to scale horizontally, adding capacity simply by adding more endpoints, without concern for centralized bottlenecks or chokepoints. Equally important, since all packet processing is performed on premise, end-user functionality is not compromised if the network's connection to the cloud is interrupted.
Cisco Meraki's cloud platform is designed to spread computation and storage across independent server clusters in geographically isolated datacenters. Any server or datacenter can fail without affecting customers or the rest of the system. Additionally, Cisco Meraki's datacenter design is field proven to support tens of thousands of endpoints.
Cloud Management Architecture
Powerful Insight and Troubleshooting Tools
Cisco Meraki's cloud architecture delivers powerful insight and includes live tools integrated directly into the dashboard, giving instant analysis of performance, connectivity, and more. Using live tools, network administrators no longer need to go on site to perform routine troubleshooting tests. Visibility into devices, users, and applications gives administrators the information needed to enforce security policies and enable the performance needed in today's demanding network environments.
Troubleshooting tools such as ping, traceroute, throughput, and even live packet captures are integrated directly into the Cisco Meraki dashboard, dramatically reducing resolution times and enabling troubleshooting at remote locations without on-site IT staff.
Layer 7 application visibility
Integrated multi-site management
Live Troubleshooting Tools
User and Device Fingerprints
Automatic E-mail Alerts
Scheduled Firmware Updates
Out-of-Band Control Plane
Cisco Meraki's out-of-band control plane separates network management data from user data. Management data (e.g., configuration, statistics, monitoring, etc.) flows from Cisco Meraki devices (wireless access points, switches, and security appliances) to Cisco Meraki's cloud over a secure Internet connection. User data (web browsing, internal applications, etc.) does not flow through the cloud, instead flowing directly to its destination on the LAN or across the WAN.
Advantages of an out of band control plane:
- Unlimited throughput: no centralized controller bottlenecks
- Add devices or sites without MPLS tunnels
- Add switching capacity without stacking limitations
- Redundant cloud service provides high availability
- Network functions even if management traffic is interrupted
- No user traffic passes through Cisco Meraki's datacenters
- Fully HIPAA / PCI compliant
What happens if a network loses connectivity to the Cisco Meraki cloud?
Because of Cisco Meraki's out of band architecture, most end users are not affected if Cisco Meraki wireless APs, switches, or security appliances cannot communicate with Cisco Meraki's cloud services (e.g., because of a temporary WAN failure):
- Users can access the local network (printers, file shares, etc.)
- If WAN connectivity is available, users can access the Internet
- Network policies (firewall rules, QoS, etc.) continue to be enforced
- Users can authenticate via 802.1X/RADIUS and can roam wirelessly between access points
- Users can initiate and renew DHCP leases
- Established VPN tunnels continue to operate
- Local configuration tools are available (e.g., device IP configuration)
While Cisco Meraki's cloud is unreachable, management, monitoring, and hosted services are temporarily unavailable:
- Configuration and diagnostic tools are unavailable
- Usage statistics are stored locally until the connection to the cloud is re-established, at which time they are pushed to the cloud
- Splash pages and related functionality are unavailable
Cisco Meraki Datacenter Design
Cisco Meraki's cloud management service is colocated in tier-1, SAS70 type II certified datacenters. These datacenters feature state of the art physical and cyber security and highly reliable designs. All Cisco Meraki services are replicated across multiple independent datacenters, so that customer-facing services fail over rapidly in the event of a catastrophic datacenter failure.
- Five geographically dispersed datacenters
- Every customer's data (network configuration and usage metrics) replicated across three independent datacenters
- Real-time data replication between datacenters (within 60 seconds)
- Nightly archival backups
- 24x7 automated failure detection — all servers are tested every five minutes from multiple locations
- Rapid escalation procedures across multiple operations teams
- Independent outage alert system with 3x redundancy
- Rapid failover to hot spare in event of hardware failure or natural disaster
- Out of band architecture preserves end-user network functionality, even if connectivity to Cisco Meraki's cloud services is interrupted
- Failover procedures drilled weekly
Cloud Services Security
- 24x7 automated intrusion detection
- Protected via IP and port-based firewalls
- Access restricted by IP address and verified by public key (RSA)
- Systems are not accessible via password access
- Administrators automatically alerted on configuration changes
- High security card keys and biometric readers control facility access
- All entries, exits, and cabinets are monitored by video surveillance
- Security guards monitor all traffic into and out of the datacenters 24x7, ensuring that entry processes are followed
- Only configuration and usage statistics are stored in the cloud
- End user data does not traverse through the datacenter
- All sensitive data (e.g., passwords) stored in encrypted format
- Datacenters feature sophisticated sprinkler systems with interlocks to prevent accidental water discharge
- Diesel generators provide backup power in the event of power loss
- UPS systems condition power and ensure orderly shutdown in the event of a full power outage
- Each datacenter has service from at least two top-tier carriers
- Seismic bracing for raised floor, cabinets, and support systems
- In the event of a catastrophic datacenter failure, services fail over to another geographically separate datacenter
- Over-provisioned HVAC systems provide cooling and humidity control
- Flooring systems are dedicated for air distribution
- Cisco Meraki datacenters are SAS70 type II certified
- PCI level 1 certified
Service Level Agreement
- Cisco Meraki's cloud management is backed by a 99.99% uptime SLA. See www.Cisco Meraki.com/trust for details.
Security Tools for Administrators
In addition to Cisco Meraki's secure out-of-band architecture and hardened datacenters, Cisco Meraki provides a number of tools for administrators to maximize the security of their network deployments. These tools provide optimal protection, visibility, and control over your Cisco Meraki network.
Two-factor authentication adds an extra layer of security to an organization's network by requiring access to an administrator's phone, in addition to her username and password, in order to log in to Cisco Meraki's cloud services. Cisco Meraki's two factor authentication implementation uses secure, convenient, and cost effective SMS technology: after entering their username and password, an administrator is sent an a one-time passcode via SMS, which they must enter before authentication is complete. In the event that a hacker guesses or learns an administrator's password, she still will not be able to access the organization's account, as the hacker does not have the administrator's phone. Cisco Meraki includes two-factor authentication for all enterprise users at no additional cost.
Organization-wide security policies for Cisco Meraki accounts help protect access to the Cisco Meraki dashboard. These tools allow administrators to:
- Force periodic password changes (e.g., every 90 days)
- Require minimum password length and complexity
- Lock users out after repeated failed login attempts
- Disallow password reuse
- Restrict logins by IP address
Role-based administration lets supervisors appoint administrators for specific subsets of an organization, and specify whether they have read-only access to reports and troubleshooting tools, administer managed guest access, or can make configuration changes to the network. This minimizes the chance of accidental or malicious misconfiguration, and restricts errors to isolated parts of the network.
Configuration change alerts
The Cisco Meraki system can automatically send human-readable email and text message alerts when configuration changes are made, enabling the entire IT organization to stay abreast of new policies. Change alerts are particularly important with large or distributed IT organizations.
Configuration and login audits
Cisco Meraki logs the time, IP, and approximate location (city, state) of logged in administrators. A searchable configuration change log indicates what configuration changes were made, who they were made by, and which part of the organization the change occurred in.
Cisco Meraki accounts can only be accessed via https, ensuring that all communication between an administrator's browser and Cisco Meraki's cloud services is encrypted.
30 seconds before being logged out, users are shown a notice that allows them to extend their session. Once time expires, users are asked to log in again.
|Recommended Use Cases||Teleworker||Teleworker with VoIP or PoE, IoT, and M2M||Teleworker with VoIP or PoE, IoT, and M2M|
|Recommended Clients||Up to 5 devices||Up to 5 devices||Up to 5 devices|
|Stateful Firewall Throughput||50 Mbps||100 Mbps||100 Mbps|
|Maximum VPN Throughput||10 Mbps||50 Mbps||50 Mbps|
|WAN Interfaces||1 x GbE RJ45
1 x USB (cellular failover1)
|1 x GbE RJ45
1 x USB (cellular failover1)
|1 x GbE RJ45
1 x Integrated CAT 3 LTE
Cellular Modem (cellular failover)
1 x USB (cellular failover1)
|LAN Interfaces||4 x GbE||4 x GbE||4 x GbE|
|PoE||N/A||1 x PoE enabled port (802.3af, 15.5W)||1 x PoE enabled port (802.3af, 15.5W)|
|Dimensions||6.46” × 4.55” × 1.14”
(164mm × 116mm × 29mm)
|6.83” x 4.41” x 1.04”
(173.4 mm x 112 mm x 26.3 mm)
|7.9” x 4.41” x 1.04”
(200mm x 112mm x 26 mm)
|Weight||0.9 lbs (0.408 kg)||0.85 lbs (0.386 kg)||1.1 lbs (0.487 kg)|
|Power Supply||18W (12 V / 1.5 A)
Power supply included
|50W (54 V / 0.92 A)
Power supply included
|50W (54 V / 0.92 A)
Power supply included
|Operating Temperature||32°F to 104°F (0°C to 40°C)|
|Humidity||5% to 95% non-condesing|
1 Requires separate cellular modem
- WAN interface: 1 x GbE
- LAN interfaces: 4 x GbE
- USB: 1 x USB 2.0 (for 3G/4G failover)
Network and Security Services
- Stateful firewall, 1:1 NAT, DMZ
- Auto VPN™ self-configuring site-to-site VPN
- Client VPN (IPSec L2TP), limit 2 authorized users (with Meraki-hosted authentication only)
- VLAN and DHCP services
- 802.1x wired port authentication
- Static routing
- User and device quarantine
- 4 SSIDs
- Dual-radio: 1 × 802.11b/g/n (2.4 GHz), 1 × 802.11a/n (5 GHz)
- Max data rate 600 Mbit/s
- 4 × interal dipole antennas (gain: 3 dBi @ 2.4 GHz, 4 dBi @ 5 GHz)
- WPA2-PSK authentication
- Regulatory: FCC (US), IC (Canada), C-Tick (Australia / New Zealand), RoHS
Monitoring and Reporting
- Throughput, connectivity monitoring, and email alerts
- Detailed historical per-port and per-client usage statistics
- Application usage statistics
- Org-level change logs for compliance and change management
- VPN tunnel and latency monitoring
- Network asset discovery and user identification
- Periodic emails with key utilization metrics
- Syslog integration
- Live remote packet capture
- Real-time diagnostic and troubleshooting over the web
- Aggregated event logs with instant search
- Automatic Layer 3 failover (including VPN connections)
- Application level (Layer 7) traffic analysis and shaping
- Managed via the web using the Meraki dashboard
- Single pane-of-glass management of wired and wireless networks
- Zero-touch remote deployment (no staging needed)
- Automatic firmware upgrades and security patches
- Centralized policy management
- Org-level two-factor authentication and single sign-on
- Role-based adminstration with change logging and alerts
- Stateful firewall throughput: 50 Mbps
- VPN throughput: 10 Mbps
- Recommended for teleworker (up to 5 users)
Physical and Environmental Specifications
- Dimensions: 6.46" × 4.55" × 1.14" (164mm × 116mm × 29mm)
- Weight: 0.9 lbs (0.408 kg)
- Power: single 18W (12 V / 1.5 A) power supply included
- Operating temperature: 32°F to 104°F (0°C to 40°C)
- Humidity: 5 to 95% non-condensing
- Desktop or wall mount (all standard mounting hardware included)
- Kensington lock hard point
- FCC (US)
- CB (IEC)
- CISPR (Australia / New Zealand)
- Lifetime hardware warranty with advanced replacement included
An organization must have a valid Enterprise Edition license or Advanced Security Edition license for the MX series in order to work properly. Each organization is licensed for a maximum number of security appliances for a certain amount of time (typically from one year to five years). For example, the organization may be licensed for 25 appliances with the Enterprise Edition through January 30, 2012.
In addition, each organization is required to use either the Enterprise Edition or the Advanced Security Edition uniformly. For example, you can have all 25 appliances using Enterprise Edition or Advanced Security Edition, but you cannot have 20 appliances using one edition and 5 using the other edition. If you wish to use Enterprise Edition for some appliances and Advanced Security Edition for other appliances, you need to create two organizations, one for your appliances with the Enterprise Edition, and another for the appliances with the Advanced Security Edition.
You can manage a given organization's licenses on the Organization > License info page. The page displays the following information:
- Status: OK or problem
- Expiration date
- MX Advanced Security Enabled or Disabled
- Licensed device limit for each device type
- Current device count for each device type
- License history (list of licenses that have been applied to the network)
Enterprise vs. Advance Security license
The following table provides a list of the major features and the required licensing.
|Feature||Enterprise license||Advanced Security license|
|VLAN to VLAN routing|
|Link bonding / failover|
|3G / 4G failover|
|Traffic shaping / prioritization|
|MPLS to VPN Failover|
|HTTP content caching|
|Client connectivity alerts|
|Intrusion detection / prevention|
|Anti-virus and anti-phishing|
|Youtube for Schools|
|Web Search Filtering|
You can add a license by clicking Add another license. You will then have two actions, or "operations", to choose from:
- License more devices: increases the number of devices that can exist within this Cisco Meraki Dashboard organization.
- Renew my Dashboard license: extends the licensing period of this Cisco Meraki Dashboard organization. You must renew the license for all devices in the organization. You cannot renew licensing for only certain devices within the organization.
You cannot add an Enterprise MX license to an Advanced Security organization. Adding an Advanced Security license to an Enterprise organization will convert that organization to Advanced Security. All existing Enterprise MX licenses will have their duration halved to compensate for the difference in the licensing costs, and the organization's license cotermination date will be adjusted accordingly.
Expired licenses or exceeding the licensed device limit
If an organization's license is expired or the number of devices in the organization exceeds the licensed limit, the administrator has 30 days to return the organization to a valid licensed state. During this grace period, the system reminds the administrator to add additional licenses. After 30 days, administrators are not able to access the Dashboard (except to add additional licenses) and all Cisco Meraki equipment in the organization will cease to function.
Download the Cisco Meraki Z Series Datasheet (PDF).
- Pricing and product availability subject to change without notice.