We're looking to re-do most of our network firewall and network configurations. Combining separate MX, MS and MR networks into one combined network and re-evaluating our content filtering at the same time.
To do this, I've made a new combined network. Thought was to put all the routing rules, most of which won't change, into the new network and then add in the desired setup for the L3/L7 firewall and Content filtering. Once that is all setup, during off-hours, we can move the MX and other equipment from the other networks into this one and be up quickly as all the "hard" work has already been done.
Details...details...always the details...
Is there a way to "fake" a L3 capable switch so we can add the L3 interfaces and such? Apparently, one can't set any of those until an L3 device is added to the network. We're looking at almost the same setup as this: MX and MS Basic Recommended Layer 3 Topology - Cisco Meraki only most of our "downstream" setup isn't Meraki.
I suppose I could do most of the L3/L7 firewall rules and such, but then only add the Layer 3 interfaces & routing during the change over, but really didn't want to fight that at the same time we're taking the bulk of our network down.