Application Based Rouitng on MX

Mostafa
New here

Application Based Rouitng on MX

We have  a HUB-Spoke scenario "central site=Hub and remote sites=Spokes", from Spoke side, it's requested to route all traffic through the VPN "site-site" except Office365 traffic, it should be forwarded to the internet directly/locally.

The normal way to achieve the above setup was to get a list of IP ranges for Office365 "100+ IP and subnets", and exclude it from the VPN, but I'm looking for a more smart scenario which is Application Base Routing; if supported.

So, wish is anyone can advise, Is it supported on MXs to take the routing decision based on URL or Application?

6 Replies 6
PhilipDAth
Kind of a big deal
Kind of a big deal

If you are using a full tunnel then I don't think this will be possible.

 

The MX spoke will lookup the routing table first, see the default route via the hub, and use that.

Mostafa
New here

Hello Philip,

Thanks for your feedback. The answer is No, it's not full tunnel mode, cuz there are site-site connections between spoke and third party sites "non-Meraki".

MilesMeraki
Head in the Cloud

No. Meraki does not have the ability to route applications directly out to the "Internet" rather than over a VPN. You can configure VLAN's to not be used in the VPN, to be able to have this traffic routed directly over the "Internet".

 

In your example, why are you routing everything bar Office-365 over the site to site VPN? Why not let all traffic that's not required to go to the site to site VPN directly out to the Internet? - Kind of defeats the purpose of SD-WAN and will also cause higher latency on this traffic? 

Eliot F | Simplifying IT with Cloud Solutions
Found this helpful? Give me some Kudos! (click on the little up-arrow below)
Mostafa
New here

Hello WANKiller                              

 

Thanks for your feedback, but this is a customer request, where Meraki role is to replace an existing VPN solution, in the existing solution, all Internet Access traffic is inspected by a central Proxy located at the Central Hub. SO, he doesn't want to touch Internet Access Policies, only he wants replace a VPN solution by a more smart VPN solution.

 

In Sophos XG firewall "Cyber-roam or Astro" you can apply firewall rule based on FQDN and then select the next Hop, so Policy rule is combined with Routing Decision, I wonder how such smart handling is not included in Meraki "SDN" yet.

 

 

Guru
Conversationalist

It's amazing to see a SDWAN solution that doesn't have any option to handle office365 traffic

cyr0nk0r
New here

@Meraki, is this supported yet? It's been years people are asking for this.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels