Does Meraki firewall support floating static routing? Support policy routing? Who can tell me?
The short answer is yes. Static routes on the MX device require a "next hop." So through VLAN and subnetting you can essentialy "weight" or "prioritize" traffic routing to another layer 3 device. As far as policy routing goes you have the ability to control Flow Preferences under Security appliance > Configure >Traffic Shaping > Flow Preferences and define traffic using a designated uplick tagged by Protocol, Source, Src port, Destination, Dst port, and preferred uplink.
On the MX you can put in a static route that is active when the next hop responds to pings. You also have the option to manually enter a host IP to ping, the route can then be removed when that host doesnt respond.
but does the route withdraw itself or do you have to physically remove it?
Neither of these are what I would call solutions for floating static routes.
Hello There,
I am still new to Meraki, this will be the first comment from me.
I think the question referred to the original floating static routing feature, meaning to influence the AD of a static route (which is 1 by default). So far I do not find this feature, maybe I am looking at an incorrect place for it? (Security&SD-WAN-->addressing and vlans)
This topic came up for me, when I wanted to configure two default static route, and I wanted to make one of them less preferred, meaning increasing the AD of the less preferred route. But I still want a default static in the routing table, when the preferred next hop becomes unavailable.
I hope it is clear what I would like to achieve here. Maybe any suggestions? Or influencing the routing by modifying the AD is an outdated approach? 😞
Regards
Are you specifically asking for a floating Default route or something that is pointing into a Prefix within your environment?
This could be accomplished like this:
like described in https://documentation.meraki.com/MX/Networks_and_Routing/MX_Routing_Behavior#Overlapping_Routes
Nice. Thanks. But I'm pretty sure this was not an option 2.5 years ago when I asked the question. LOL