Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Fortigate to Meraki... Box to Box Migration

Solved
Mahadevan
Conversationalist
‎Aug 21 2019 3:42 AM
‎Aug 21 2019 3:42 AM

Fortigate to Meraki... Box to Box Migration

A customer bought Meraki MX84 and want to migrate the existing Fortigate users to new box.. Need clarification for below points. Please share your insights fellows.

 

1) Where to check live logs for troubleshooting ? - In event log content based filter is available but not source and destination based.

 

2) MAC based authentication possible ?

 

3) Does it supports LDAP authentication ?

0 Kudos
Subscribe
1 Accepted Solution
In response to Mahadevan
CptnCrnch
Kind of a big deal
Kind of a big deal
‎Aug 21 2019 5:54 AM
‎Aug 21 2019 5:54 AM

How to check in cloud console ??

Firewall logs will not be uploaded to the cloud, so the only chance is the local syslog server

 

Nope. Can I add MAC address in local database ?? Similar to other UTM firewall..

No, and why would you do that? MAC spoofing is a piece of cake, so from a security point of view, proper authentication is the way to go here.

View solution in original post

0 Kudos
Subscribe
8 Replies 8
Nash
Kind of a big deal
‎Aug 21 2019 5:34 AM
‎Aug 21 2019 5:34 AM

1) You can send syslogs to a syslog server. Here's an example of the supported events: https://documentation.meraki.com/zGeneral_Administration/Monitoring_and_Reporting/Syslog_Event_Types...

 

2) When you say mac-based authentication, do you mean 802.1x on the ports? If so, no, not on an MX84. (https://documentation.meraki.com/MX/Access_Control_and_Splash_Page/MX_Access_Policies_(802.1X))

 

3) What do you want to authenticate? Client VPN supports RADIUS or ActiveDirectory. (I prefer RADIUS via NPS in an AD environment... simpler.) Or you can use SAML for authenticating administrators.

Windows 10 Client VPN scripts: Makes life better!
0 Kudos
Subscribe
In response to Nash
Mahadevan
Conversationalist
‎Aug 21 2019 5:49 AM
‎Aug 21 2019 5:49 AM

Thanks for the reply.

 

1) You can send syslogs to a syslog server. Here's an example of the supported - Not with external syslog. How to check in cloud console ??

 

2) When you say mac-based authentication, do you mean 802.1x on the ports? If so, no, not on an MX84. - Nope. Can I add MAC address in local database ?? Similar to other UTM firewall..

 

 

0 Kudos
Subscribe
In response to Mahadevan
CptnCrnch
Kind of a big deal
Kind of a big deal
‎Aug 21 2019 5:54 AM
‎Aug 21 2019 5:54 AM

How to check in cloud console ??

Firewall logs will not be uploaded to the cloud, so the only chance is the local syslog server

 

Nope. Can I add MAC address in local database ?? Similar to other UTM firewall..

No, and why would you do that? MAC spoofing is a piece of cake, so from a security point of view, proper authentication is the way to go here.

0 Kudos
Subscribe
In response to CptnCrnch
Mahadevan
Conversationalist
‎Aug 21 2019 6:42 AM
‎Aug 21 2019 6:42 AM

Thanks man . .

0 Kudos
Subscribe
In response to Mahadevan
Nash
Kind of a big deal
‎Aug 21 2019 6:44 AM
‎Aug 21 2019 6:44 AM

To check events in the cloud console, you go to Network -> Event Log.

 

Meraki firewalls are beginning to offer HTTPS packet inspection in a beta version of the firmware, but the performance hit is significant. AMP offers malware detection over HTTP by default, and you can use the baked in content filtering.

 

I will note that I am generally really NOT a fan of HTTPS packet inspection. We encrypt stuff for a reason. 

Windows 10 Client VPN scripts: Makes life better!
0 Kudos
Subscribe
In response to Nash
Mahadevan
Conversationalist
‎Aug 21 2019 6:43 AM
‎Aug 21 2019 6:43 AM

Thanks Nash

0 Kudos
Subscribe
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Aug 21 2019 2:30 PM
‎Aug 21 2019 2:30 PM

>MAC based authentication possible ?

 

Meraki group policies are based on MAC addresses, so in this sense, yes.

 

Also if you use a splash page for authentication then that client authentication is done based on their MAC address.

Subscribe
In response to PhilipDAth
Nicholas183
Comes here often
‎May 19 2020 9:24 PM
‎May 19 2020 9:24 PM

HI Philip,

Meraki group policies are based on MAC addresses, so in this sense, yes.

 

Also if you use a splash page for authentication then that client authentication is done based on their MAC address.

 

How can I config it on Meraki Dashboard?

 

Nicholas

0 Kudos
Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.