On Meraki Go Firewall GX50, how to setup VLAN for internal access only & block it from the Internet?

Mak
Here to help

On Meraki Go Firewall GX50, how to setup VLAN for internal access only & block it from the Internet?

On Cisco Meraki Go Firewall Plus GX50, how do I setup a VLAN for internal access only and block it from accessing the Internet?

6 Replies 6
TyShawn
A model citizen

I have a solution but I have to ask one question before I type it up.. Are you using DHCP on this network and if so is the GX50 the DHCP server?

Mak
Here to help

Hi TyShawn-

 

Yes, I used GX50 as the sole DHCP for my entire network.  I disabled DHCP on all smart switches and access points. Thanks!

 

Regards-

 

Mak

TyShawn
A model citizen

If you have another device on that network that can hand out DHCP (if needed) then you do the following:

 

Assuming this is a M-Go full stack

1. Create the VLAN on the switch

2. Go to the uplink port on Hardware / GX20 / See All Ports / Select the switch uplink port)/ Settings / Advance Settings / Configure VLAN / Change Allowed VLANs from "all" to the VLANs you want to access the internet. 

 

If you don't have a full stack

1. Create the VLAN on your managed switch

2. Create DHCP pool on your switch or server of choice

3. Go to the uplink on you managed switch and remove the VLAN from that port

 

From my time with M-Go I did not see a firewall rules section. So to be able to be able to create a rule that says source VLAN X with destination Internet doesn't look to be available at this time. If I am wrong I am interested to be pointed in the right direction of the GUI.

TyShawn
A model citizen

@Mak did this workaround help? I see you have wish listed in the QA section.

Mak
Here to help

Hi TyShawn-

 

Sorry been busy, and no, I don’t have full stack. I only have the GX50 Firewall and I use switches from other brand.

 

I am not sure I understand your below instruction, do you mind elaborate?  Thanks in advance.

 

If you don't have a full stack

1. Create the VLAN on your managed switch

2. Create DHCP pool on your switch or server of choice

3. Go to the uplink on you managed switch and remove the VLAN from that port

TyShawn
A model citizen

What switch model?

Get notified when there are additional replies to this discussion.