Meraki

SSCTH · ‎Aug 6 2020

Now we change to fortinet 200E to MX250 for internet firewall in school. There are more 2000 students that use this firewall. We have only 1 public IP on MX . That i face the issue google search always show captcha on browser. i open case with meraki dashboard. the engineer tell us it's cause of malicious traffic from clients.but i think it cause of it has many port with 1 public IP to access to google then google show captcha. Do mx have feature like PAT pool for use multiple public IP to access internet for large clients.

cmr · ‎Aug 7 2020

@SSCTH unfortunately not, there is 1:1 mapping for IP addresses that are not the primary interface IP, but not interface PAT.

If my answer solves your problem please click Accept as Solution so others can benefit from it.

PhilipDAth · ‎Aug 7 2020

I think I would look at the root cause, malicious behaviour. It's really hard to address in a school environment. Perhaps impossible.

Have you got threat protection enabled and set to prefer security? That should help stop students from launching attacks on outside parties.

https://documentation.meraki.com/MX/Content_Filtering_and_Threat_Protection/Threat_Protection

I assume you are using content filtering. Make sure you also filter out things like:

Bot Nets

Illegal

Malware Sites

Proxy avoidance and anonymizers

You'll want to filter other things being a school, but include those above as they are security-related.

The MX does have two WAN interfaces. You could look at attaching an additional separate Internet connection to that and allowing the traffic to be load-balanced across the two connections. Then you could use two public IP addresses. Not a big improvement mind you.

Meraki

Community

Can we do PAT Pool for internet access ?

Can we do PAT Pool for internet access ?