Hi, I have 40 offices setup with MX84 and 65 firewalls connecting back to HQ Data center MX 100. Our offices are spread out all over the US and Canada Everything has worked flawless with mostly fiber internet service with cellular back up at the branches.
The problem: due to cost savings our CFO forced us to change all ATT fiber branch offices (about 20) to ATT NOD (network on demand) the way it works is the branch office gets a fiber circuit that has local network access to our data center, its just as if they were a building onsite with a fiber run.
So I would like to keep the firewall functions because its still going through ATT and who knows what other networks; that being said I don't want transparent mode?
In testing we created a Vlan that all NOD sites will come into and have the routes in the core that give access and it works but the firewall blocks access going back to the branch side? Should we just add NATs and forwards for the services that need to go back and forth?
Or are we looking at this wrong and should have the NOD come in on the WAN2 in the MX100?
We have a Meraki engineer schedule to help us with this but its a week away just wanting to see if anyone has any incite or has done this type of setup.
Thanks for any input
