Just a quick question because I really can’t find anything in the documentation that says it definitively. Is the virtual MX an either or configuration? Either configured as a VPN concentrator or Firewall and not both? I recall a couple years ago that was the case, I was hoping that they had made improvements so that I did not have to throw another vMX or other vendor firewall in the mix.
It’s an MX that you deploy in the cloud(Azure/AWS/etc.) You can use it routed or passthrough depending on the VPC capabilities of the cloud connector.
yes but it If deployed as a Firewall its a Firewall and you can not get AutoVPN or you can deploy as AutoVPN/SWDAN device node but not as the front-line firewall. That was what was explained to me by a Meraki Rep a few years ago. Just wondering if that is still true.
Looks like it changed as of Oct 2022:
Now supports Routed/NAT mode so looks like feature-parity with the hardware appliances. Used-to only be pass-through/VPN concentrator with a single interface
It’s not comparable to a regular MX in router mode:
“NAT Mode Concentrator
In this mode, any traffic coming over auto-VPN or client VPN to the vMX will be NATed to the vMX’s IP as it egresses the vMX. Other capabilities of the NAT mode including DHCP, HA or multiple ports (LAN and WAN) are not supported. In each mode the vMX is still a one-armed appliance with one network interface.”
Good catch, missed the “not” part of that sentence 
Thanks, everyone gives me the info I need to go forward.