Hi all -
I have a hub and spoke VPN configuration - one core MX-450 at our main datacenter, and three or four remote sites with one or more subnets at each site.
I'd like to control access to a few of those remote subnets that contain secure infrastructure.
I've put rules into the remote MX-67, but they don't seem to be taking effect -- as if the VPN tunnel/subnets routed over the VPN are "bypassing" the ACLs applied.
Do I need to do those ACLs to filter access to the remote subnets at the host side on the MX-450 instead of the remote side MX-67?
If there's documentation on Meraki's site regarding the behaviour of firewall ACLs with VPN tunnels, I've not found it.
Seems like there's documentation on VPNs, and then separate documentation on firewall rules.
Thanks Tim