Can we do PAT Pool for internet access ?

SSCTH
New here

Can we do PAT Pool for internet access ?

Now we change to fortinet 200E to MX250 for internet firewall in school. There are more 2000 students that use this firewall. We have only 1 public IP on MX . That i face the issue google search always show captcha on browser. i open case with meraki dashboard. the engineer tell us it's cause of malicious traffic from clients.but  i think it cause of it has many port with 1 public IP to access to google then google show captcha. Do mx have feature like PAT pool for use multiple public IP to access internet for large clients.

 

 

2 Replies 2
cmr
Kind of a big deal
Kind of a big deal

@SSCTH unfortunately not, there is 1:1 mapping for IP addresses that are not the primary interface IP, but not interface PAT.

PhilipDAth
Kind of a big deal
Kind of a big deal

I think I would look at the root cause, malicious behaviour.  It's really hard to address in a school environment.  Perhaps impossible.

 

Have you got threat protection enabled and set to prefer security?  That should help stop students from launching attacks on outside parties.

https://documentation.meraki.com/MX/Content_Filtering_and_Threat_Protection/Threat_Protection 

 

I assume you are using content filtering.  Make sure you also filter out things like:

Bot Nets

Illegal

Malware Sites

Proxy avoidance and anonymizers

You'll want to filter other things being a school, but include those above as they are security-related.

 

 

The MX does have two WAN interfaces.  You could look at attaching an additional separate Internet connection to that and allowing the traffic to be load-balanced across the two connections.  Then you could use two public IP addresses.  Not a big improvement mind you.

Get notified when there are additional replies to this discussion.