Meraki Community

RGN · ‎Oct 30 2023

I have an MX84. ISP has provided multiple static public IP addresses.

I have WAN1 connected to the modem/gateway from ISP. All traffic bypasses modem/gateway, into MX85 through WAN1.

Is it possible to configure WAN2 with a second static public IP and have specific clients flow through WAN2?
The goal is the following: 3rd party compliance vendor wants to isolate specific web traffic.

Thanks!

DarrenOC · ‎Oct 31 2023

Hi @RGN - this configuration is indeed possible. Under SD-WAN and Traffic Shaping look for flow preferences. Here you can configure your source and destination (including ports) and specify which WAN port to traverse.

Darren OConnor | doconnor@resalire.co.uk
https://www.linkedin.com/in/darrenoconnor/

I'm not an employee of Cisco/Meraki. My posts are based on Meraki best practice and what has worked for me in the field.

alemabrahao · ‎Oct 31 2023

Refer the documentation.

https://documentation.meraki.com/MX/Firewall_and_Traffic_Shaping/MX_Load_Balancing_and_Flow_Preferen...

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

RGN · ‎Oct 31 2023

Thank you for the info. Using the link provided by @alemabrahao my layout looks like this:

I only have path going in and out provided by ISP. Still doable???

alemabrahao · ‎Oct 31 2023

Yes, but keep in mind that it is the same ISP, if any type of failure occurs you will be left without access anyway. So I don't see any advantage in configuring the second link with the same ISP, it would make much more sense if you had a different ISP.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

RGN · ‎Oct 31 2023

For sure, having a second ISP would be the key factor, but limited at the moment. Fiber from ISP, existing equipment from ISP doesn't provide an extra WAN/Internet port from their equipment. Focus is more on isolating web traffic versus having redundancy with two ISP's.

alemabrahao · ‎Oct 31 2023

I got it, and yes you definitely can try this way.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

RGN · ‎Oct 31 2023

Thank you, will share feedback later on.

PhilipDAth · ‎Oct 31 2023

>The goal is the following: 3rd party compliance vendor wants to isolate specific web traffic.

Check your compliance requirements - but if you need separation, you might need a separate MX appliance for reporting and auditing purposes.

RGN · ‎Feb 13 2024

Summary on my results:
From ISP into an unmanaged switch.

From the unmanaged switch, one patch cable to WAN1, second patch cable to WAN2 on Meraki.

Each WAN with a static IP provided by ISP.

Designated a specific VLAN for WAN2 by way of traffic flow rules.

Thank you all for the help and advice!

Meraki Community

MX84 WAN2 setup

MX84 WAN2 setup