Meraki Community

SSCTH · ‎Aug 6 2020

Now we change to fortinet 200E to MX250 for internet firewall in school. There are more 2000 students that use this firewall. We have only 1 public IP on MX . That i face the issue google search always show captcha on browser. i open case with meraki dashboard. the engineer tell us it's cause of malicious traffic from clients.but i think it cause of it has many port with 1 public IP to access to google then google show captcha. Do mx have feature like PAT pool for use multiple public IP to access internet for large clients.

cmr · ‎Aug 7 2020

@SSCTH unfortunately not, there is 1:1 mapping for IP addresses that are not the primary interface IP, but not interface PAT.

PhilipDAth · ‎Aug 7 2020

I think I would look at the root cause, malicious behaviour. It's really hard to address in a school environment. Perhaps impossible.

Have you got threat protection enabled and set to prefer security? That should help stop students from launching attacks on outside parties.

https://documentation.meraki.com/MX/Content_Filtering_and_Threat_Protection/Threat_Protection

I assume you are using content filtering. Make sure you also filter out things like:

Bot Nets

Illegal

Malware Sites

Proxy avoidance and anonymizers

You'll want to filter other things being a school, but include those above as they are security-related.

The MX does have two WAN interfaces. You could look at attaching an additional separate Internet connection to that and allowing the traffic to be load-balanced across the two connections. Then you could use two public IP addresses. Not a big improvement mind you.

Meraki Community

Can we do PAT Pool for internet access ?

Can we do PAT Pool for internet access ?