Meraki

Community

High Availability (HA) mode, with their operational mode set to "Passthrough or VPN Concentrator."

jOMeraki2
Getting noticed
10 hours ago
10 hours ago

High Availability (HA) mode, with their operational mode set to "Passthrough or VPN Concentrator."


I have two Meraki firewalls configured in High Availability (HA) mode, with their operational mode set to "Passthrough or VPN Concentrator."

When I connect devices to both the primary and secondary firewalls simultaneously, the devices work normally and receive IP addresses without any issues. It seems that the secondary firewall does not block any ports or interfere with the traffic in this setup.

I would like to confirm if this behavior is normal for such a configuration, or if there might be an issue with the setup.

I appreciate any insights or guidance from the community.

Thank you!

ha1.PNGha2.PNG

Labels:
0 Kudos
3 Replies 3
rhbirkelund
Kind of a big deal
Kind of a big deal
7 hours ago
7 hours ago

If the MX'es are in Passthrough Mode, you should only connect one port to the network. In Passthrough mode the concept of Internet port and LAN port goes away, as both MX'es are only connected to the network via the Internet port. Any other port connected to the network besides the internet port, would result in some unexpected behaviour, and should be avoided.

 

In the first screenshot that yo've shared I see port 2 as up. You should disconnect this port.

LinkedIn ::: https://blog.rhbirkelund.dk/

Like what you see? - Give a Kudo ## Did it answer your question? - Mark it as a Solution 🙂

All code examples are provided as is. Responsibility for Code execution lies solely your own.
In response to rhbirkelund
jOMeraki2
Getting noticed
3 hours ago
3 hours ago

I was surprised because, usually, in this setup, only one firewall is active, and the other takes over during failover. Even if something is connected to it, the port is supposed to remain inactive.

 

0 Kudos
In response to jOMeraki2
rhbirkelund
Kind of a big deal
Kind of a big deal
50m ago
50m ago

It depends on what kind of HA you’re expecting.

 

The MX’es are using VRRP.

LinkedIn ::: https://blog.rhbirkelund.dk/

Like what you see? - Give a Kudo ## Did it answer your question? - Mark it as a Solution 🙂

All code examples are provided as is. Responsibility for Code execution lies solely your own.
0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2025 Cisco Systems, Inc.