Firewall content filtering interoperability

Solved
Charlie306
Conversationalist

Firewall content filtering interoperability

Is there any recommendation for deployment where a Firewall exist on customer premises?

 

 

Past implementation window failed due to split internet was showing only Meraki´s IP request resulting on firewall unability to content filtering.

 

 

Basic requirement is as follows:

Inter-operability with the existing Firewall.
Firewall must content filter LAN traffic.
Meraki must work on Router mode (2 WAN EXITS MPLS/INTERNET)

 

 

Any help recommendation will be greatly appreciated.

1 Accepted Solution
PhilipDAth
Kind of a big deal
Kind of a big deal

You would need to use a beta feature called NO-NAT.  You would need to disable NAT to WAN1 and the existing firewall, but leave it enabled for WAN2 and the Internet circuit.

https://community.meraki.com/t5/Security-SD-WAN/MX-in-Routed-Mode-with-No-Nat/m-p/44061/highlight/tr... 

View solution in original post

4 Replies 4
PhilipDAth
Kind of a big deal
Kind of a big deal

What is it that you actually want the MX to do?  What are you trying to achieve?

 

Why must the Meraki be in "router" mode?

Charlie306
Conversationalist

Hello!
I want the MX do its network intelligence as its conceived for (SDWAN) at the same time keep the firewall doing content filtering.

I’m using router mode because customer are willing to exit traffic trough internet/MPLS as he wants for whatever reason he pleases.

P.D. Im supoosed to be polite, not english native speaker.

Regars!!

C.M.

PhilipDAth
Kind of a big deal
Kind of a big deal

You would need to use a beta feature called NO-NAT.  You would need to disable NAT to WAN1 and the existing firewall, but leave it enabled for WAN2 and the Internet circuit.

https://community.meraki.com/t5/Security-SD-WAN/MX-in-Routed-Mode-with-No-Nat/m-p/44061/highlight/tr... 

Charlie306
Conversationalist

I appreciate your help.

 

Thank you.

 

C.M.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels