Meraki

meraki-user

I've seen inconsistent information about exactly which features are disabled in VPN concentrator mode. I know that VLANs, routing, NAT, and DHCP server are disabled. All documentation seems to agree on that, so that's not in question. But I'm not sure about firewall functionality. I initially read that all firewall services are disabled, except IDS. But now I've read other sources saying that firewall functionality is not disabled at all, and once source that says that only content filtering is disabled.

I'm looking for an exact list of which features are not available in VPN concentrator mode.

And more importantly, is this list anywhere in the Meraki online documentation?

alemabrahao

When an MX Security Appliance is switched to VPN Concentrator / Passthrough mode, the unit essentially becomes a Layer-2 bridge and no longer functions as a full router/firewall appliance.

The firewall function will work just for inbound traffic.

https://documentation.meraki.com/SASE_and_SD-WAN/MX/Design_and_Configure/Configuration_Guides/Networ...?

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

meraki-user

So, does this mean it does still support all of its firewall features (L3/L7 firewall rules, content filtering, AMP, etc.), but just without routing/VLANs/NAT/DHCP service?

alemabrahao

When in passthrough mode, the MX is best used for in-line:

Layer 3/7 firewall rules, traffic shaping, and analysis

Network asset discovery and reporting

Intrusion detection

Client and site-to-site VPN

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

Meraki

Community

VPN Concentrator mode

VPN Concentrator mode