Throughout my 10 career (the past 11 years) I've always been told the importance of using a DMZ but never worked for a company that made it a priority to create one. I'd really like to set one up at my current company but have not come across many people using one in the Meraki Reddit or Community forums. While did read through the Meraki DMZ guide, I'm just starting to wonder if DMZ's are still a thing in the Meraki world or is NAT/port forwarding the way of the world?
We do have a DMZ and have rules from WAN to DMZ, WAN to LAN (but only with reverse proxy) and DMZ to LAN. Ideally we shouldn't have any WAN to LAN, but nobody's perfect!
I find this so common with many companies. I don't think any of us are as secure as IT auditors would like us to be. I think the key is in the monitoring and watching out for strange activity.
We use a Meraki MX as a Firewall appliance and have DMZ networks on it. Essentially create a separate VLAN for each DMZ and in the Firewall rules, deny all access from the DMZs to the Internal network and other DMZs. We then connected the MX to a core router that has another MX handling the SD-WAN VPN. This allows you to restrict DMZ access as @cmr said.
CMNO, CCNA R+S
Welcome to the Meraki Community! To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.