Solved: Heavily restricting allowed traffic on WAN2?

DR1 · ‎05-08-2021

Hello,

I'm looking for advise on how best to approach limiting WAN2 traffic in the event of a failover from WAN1.

Our WAN1 is a 1Gbps-FD fiber connection. If its online, we want all traffic types to use it inclusively.

Our WAN2 is connected to a 4G LTE modem with limited speeds and expensive bandwidth. If WAN1 goes offline, we only want to allow some VoIP, Point-of-Sale transactions, and dashboard control traffic to pass over it.

This would be really easy if we were able to use the 4G LTE fail-over USB port. It has a dedicated IP table for limiting traffic types.

I however can't find anything similar that allows for specific restrictions on WAN2.

There must be more than one way to do this right?

Bruce · ‎05-08-2021

Log a support case, they should be able to configure your network so that the Cellular firewall rules apply to WAN2 for exactly this purpose - allowing you to restrict what goes out WAN2.

View solution in original post

ww · ‎05-08-2021

https://community.meraki.com/t5/Security-SD-WAN/Restrict-traffic-on-the-failover-WAN/m-p/105666#M267...

Bruce · ‎05-08-2021

Log a support case, they should be able to configure your network so that the Cellular firewall rules apply to WAN2 for exactly this purpose - allowing you to restrict what goes out WAN2.

Crocker · ‎05-10-2021

Chiming in with a learned lession. If you're using a full-tunnel AutoVPN (or if any of the traffic you want to limit traverses the AutoVPN, to be specific), cellular firewall rules will not apply even with the bodge from support.

DR1 · ‎05-19-2021

As was suggested by a few members, all it took was a call to support. They switched the Cellular firewall rules so they would apply to WAN2.

Thank you