Meraki

Community

How to Configure a DMZ on a MX100-HA

JPScolar
Here to help
‎Oct 2 2023 2:20 PM
‎Oct 2 2023 2:20 PM

How to Configure a DMZ on a MX100-HA

Hello, I have this MX-100 HA  site and I need to adda DMZ (services to be advertised on a public IP which s behind the MXs).  How should this be configured and wired?  I have the Meraki doc t set up a DMZ but this assumes only one WAN connection.   Thank you very much for your advice. 

 

MX-HA.gif

Juan-Carlos Perez
Labels:
0 Kudos
4 Replies 4
alemabrahao
Kind of a big deal
Kind of a big deal
‎Oct 2 2023 3:24 PM
‎Oct 2 2023 3:24 PM

Here is the documentation.

 

https://documentation.meraki.com/MX/Firewall_and_Traffic_Shaping/Creating_a_DMZ_with_the_MX_Security...

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
JPScolar
Here to help
‎Oct 2 2023 3:54 PM
‎Oct 2 2023 3:54 PM

I went through that document but it doesn't show how to to do for a Warm Stand-by system  (HA).  Also, I have a question with this setup. Assuming my DMZ server has a public IP which Im  NAT'ing 1:1 to my active MX public IP. This will be ok for sessions initiated from the DMZ server towards the Internet but for outside sessions trying to reach the public IP Address of my DMZ server, and assuming  my MX Public IP is provided by a different ISP from the ISP providing the DMZ server public IP,  then sites out on the INterenet will never be able to reach my DMZ Web server. 

 

Juan-Carlos Perez
0 Kudos
In response to JPScolar
alemabrahao
Kind of a big deal
Kind of a big deal
‎Oct 2 2023 6:47 PM
‎Oct 2 2023 6:47 PM

You need to use the VIP.

 

https://documentation.meraki.com/MX/Deployment_Guides/MX_Warm_Spare_-_High_Availability_Pair#WAN_Vir...

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
RaphaelL
Kind of a big deal
Kind of a big deal
‎Oct 2 2023 4:01 PM
‎Oct 2 2023 4:01 PM

The section about WAN IPs covers most of your questions : https://documentation.meraki.com/MX/Deployment_Guides/MX_Warm_Spare_-_High_Availability_Pair

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.