Can we do PAT Pool for internet access ?

SSCTH
New here

Can we do PAT Pool for internet access ?

Now we change to fortinet 200E to MX250 for internet firewall in school. There are more 2000 students that use this firewall. We have only 1 public IP on MX . That i face the issue google search always show captcha on browser. i open case with meraki dashboard. the engineer tell us it's cause of malicious traffic from clients.but  i think it cause of it has many port with 1 public IP to access to google then google show captcha. Do mx have feature like PAT pool for use multiple public IP to access internet for large clients.

 

 

2 REPLIES 2
cmr
Kind of a big deal
Kind of a big deal

@SSCTH unfortunately not, there is 1:1 mapping for IP addresses that are not the primary interface IP, but not interface PAT.

PhilipDAth
Kind of a big deal

I think I would look at the root cause, malicious behaviour.  It's really hard to address in a school environment.  Perhaps impossible.

 

Have you got threat protection enabled and set to prefer security?  That should help stop students from launching attacks on outside parties.

https://documentation.meraki.com/MX/Content_Filtering_and_Threat_Protection/Threat_Protection 

 

I assume you are using content filtering.  Make sure you also filter out things like:

Bot Nets

Illegal

Malware Sites

Proxy avoidance and anonymizers

You'll want to filter other things being a school, but include those above as they are security-related.

 

 

The MX does have two WAN interfaces.  You could look at attaching an additional separate Internet connection to that and allowing the traffic to be load-balanced across the two connections.  Then you could use two public IP addresses.  Not a big improvement mind you.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels