cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

How to block a port from WAN 2 on Failover

Highlighted

How to block a port from WAN 2 on Failover

Hey

 

I have a MX68 (no built in cellular)  new install with two Netgear switches each on a different lan.  Voice on one switch and data on the other.  I have fibre link coming into WAN 1 and is primary.  WAN 2 is a cellular router and is set to failover from WAN1.  

 

Data LAN (switch V1 ) carries the data for all users and connects to port 3 on the MX

 

Voice LAN (switch v2) carries the VOIP for all phones and connects to port 4 on the MX.

 

What I would like to do is if there is a failover to only allow data from V2 out WAN 2 until WAN 1 comes back on.  

 

Is this accomplished by putting a firewall a rule in the firewall that block all traffic from port 3 going to port 2?

 

Will this have any adverse affects ?

 

would it look like this: 

 

Policy           Protocol                    Source                     Src port              Destination                         Dst port Comment

DENY              ANY.                       192.168.11.0/24       3                       0.0.0.0/24                             2 

 

 

Do I need to add anything to the route table?

 

THanks 

3 REPLIES 3
Highlighted

Re: How to block a port from WAN 2 on Failover

Sorry about the poor typing. Wrote this without my glasses...
Highlighted
Here to help

Re: How to block a port from WAN 2 on Failover

Hi,

The best option for U is using the SD-WAN on your MX. 

You can set different firewall rules defining by subnet or service.

 

Security & SDWAN --> SD-WAN & Trafic Shaping

Johnfnadez_0-1581700065749.png

 

Regards

 

Kind of a big deal

Re: How to block a port from WAN 2 on Failover

If you open a support ticket you can ask them to make WAN2 act like the cellular circuit.

 

Then you can use the cellular firewall rules.

https://documentation.meraki.com/MX/Cellular/3G%2F%2F4G_Cellular_Failover_with_USB_Modems#Cellular_F... 

 

Note after doing this the cellular modem can strictly only be used for failover.

Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.