As far as I understand we will NOT be able to use our vMX as a firewall between Azure and the Internet - its only good for VPN - can you confirm? 🙂
Solved! Go to solution.
No you can not. Traffic will be routed to the subnet gateway and forwarded according to azure routing. The vMX can do NAT, but only for its private interface ip, not public.
My recomendation, brake internett access out localy. If that is not possible look into adding Umbrella SIG or Secure Connect Plus.
In fact, it has Firewall functionalities because it is a firewall. However, you won't have the full functionality of a physical device due to licensing limitations.
What exactly do you need? The idea of vMX is to be more like a hub to make it easier to access your resources within Azure or AWS, but it would be nice if you gave an overview of what you need.
Thanks - we were recommended a vMX-setup that should offer the same firewall-capabilities as the MX - configurable in- and out-going firewalling, which it does not do if I am not mistaken? 🙂
Again, what is the purpose of vMX? I see it more as a transit gateway to access your resources within Azure, AWS, etc.
Do you want to expose your applications to the internet and use vMX to do some type of filtering? Or is it to limit what your machines within Azure can access?
It can handle like a firewall, but it would be good to understand its purpose first.
My goal was to clarify wether or not it could do the same firewalling as a MX or not - which I think it cannot? 🙂
Not 100%, some features are not supported.
vMX Comparison Datasheet - Cisco Meraki Documentation
As far as our test shows we cannot get traffic through the vMX directly to the internet - is it something you have experience with?
No you can not. Traffic will be routed to the subnet gateway and forwarded according to azure routing. The vMX can do NAT, but only for its private interface ip, not public.
My recomendation, brake internett access out localy. If that is not possible look into adding Umbrella SIG or Secure Connect Plus.
Correct. You won't be able to use your VMX like a traditional firewall in Azure. Use network security groups for that.
Check out this document and jump down tot he "Unsupported Features" section.
https://documentation.meraki.com/MX/MX_Installation_Guides/vMX_Comparison_Datasheet