Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

New to firewall configuration

CMT_Chris
Comes here often
‎Nov 6 2023 7:27 AM
‎Nov 6 2023 7:27 AM

New to firewall configuration

I have never configured a firewall in my 25+ years in I.T. Currently, we are using the Sonicwall product configured by the previous I.T. Admin. I bought a Meraki MX68 to replace the Sonicwall product. Need to know how I can export/import (convert, I geuss) Sonicwall to Meraki. Please keep in mind, I need simple steps in order to initially get this up and running. Any help is greatly appreciated.

0 Kudos
Subscribe
9 Replies 9
KarstenI
Kind of a big deal
Kind of a big deal
‎Nov 6 2023 7:31 AM
‎Nov 6 2023 7:31 AM

There won't be any easy export/import. These devices are completely different. You should better contact a Cisco partner to get it configured for you. This will be better for your security.

Subscribe
In response to KarstenI
CMT_Chris
Comes here often
‎Nov 6 2023 7:33 AM
‎Nov 6 2023 7:33 AM

Ok. Thank you.

0 Kudos
Subscribe
Inderdeep
Kind of a big deal
Kind of a big deal
‎Nov 6 2023 8:14 AM
‎Nov 6 2023 8:14 AM

As it is different already said by @KarstenI . you can have a look on this 

https://documentation.meraki.com/MX/Firewall_and_Traffic_Shaping/MX_Firewall_Settings 

Regards/Inder
Cisco IT Blogs awarded in 2020 & 2021
www.thenetworkdna.com
0 Kudos
Subscribe
GIdenJoe
Kind of a big deal
Kind of a big deal
‎Nov 6 2023 10:16 AM
‎Nov 6 2023 10:16 AM

The sonicwall has a quite complex NAT and policy ruleset.  You really need someone that can interpret the Sonicwall correctly to understand and implement the ruleset on your Meraki device.

0 Kudos
Subscribe
In response to GIdenJoe
CMT_Chris
Comes here often
‎Nov 6 2023 10:51 AM
‎Nov 6 2023 10:51 AM

I guess I am finding out that I will have to open both side by side and manually configure the Meraki based on the settings in SonicWall. Thanks for the response. I appreciate it.

0 Kudos
Subscribe
CMT_Chris
Comes here often
‎Nov 6 2023 11:26 AM
‎Nov 6 2023 11:26 AM

 I have started from scratch with MX68. I am using the Installation Guide. I performed the first step, Configuring the Uplink with the IP address provide by my ISP. This same IP address is configured in our Sonicwall firewall. Since I am new to the firewall config, I want to be sure I don't hinder my users. So my question is, now that I have the Uplink configured, is it safe to plug this into my network when other custom settings have been done? Will it conflict with the Sonicwall?

0 Kudos
Subscribe
In response to CMT_Chris
cmr
Kind of a big deal
Kind of a big deal
‎Nov 8 2023 9:27 AM
‎Nov 8 2023 9:27 AM

@CMT_Chris if you connect it alongside the Sonicwall with both using the same IP then you will break your network.  At the very best the Meraki firewall will just not work.

 

If most of your traffic is outbound then I'd say the easiest option is to temporarily connect the WAN port of the MX to the LAN of the Sonicwall and then start recreating the rules.  You can then connect a computer to the LAN ports on the Meraki to test your copied rules.  This won't risk service interruptions.

 

If you have internal services that external people connect to, like servers or a client VPN, then that is easy to swap over in a maintenance window.

0 Kudos
Subscribe
CMT_Chris
Comes here often
‎Nov 6 2023 11:30 AM
‎Nov 6 2023 11:30 AM

In addition to the last questions, I have not assigned a LAN IP address to the Meraki just yet. That is why I am asking before I plug it into the network. As it stands, I do have it connected to my laptop (not on the network).

 

 

0 Kudos
Subscribe
In response to CMT_Chris
GIdenJoe
Kind of a big deal
Kind of a big deal
‎Nov 11 2023 7:11 AM
‎Nov 11 2023 7:11 AM

Also when you try to add firewall rules to the Meraki firewall that do not contain any local subnets you may get an error at saving.  There is a sanity check which can get in the way especially in cloning network that wants to force only rules that would have any chance in matching source IP addresses.

0 Kudos
Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
© 2024 Cisco Systems, Inc.