Limit applications or bandwidth when on Cellular failover connection.

MIFA
Here to help

Limit applications or bandwidth when on Cellular failover connection.

I have a lot of MX67C with cellular failover connections. It works great, but when the cellular connection goes active and all the data on the SIM card is used, the site still goes down.

Is it possible to limit bandwidth or disable streaming when Cellular connection is active? I can make some special firewall rules which is enabled when Cellular connection is active, but they are working on layer3, so they can only block ip ranges.

Traffic shaping seems only to be between "real" WAN connection, which the cellular connect not is treated as. 

Thank you.

Michael

3 Replies 3
bmehta
Meraki Alumni (Retired)
Meraki Alumni (Retired)

Hello,
I believe  this should be possible

 

https://documentation.meraki.com/MX/Cellular/3G%2F%2F4G_Cellular_Failover_with_USB_Modems#Cellular_F...

You should be able to block non essential traffic from cellular here

Under Security & SDWAN > Firewall > cellular firewall rules

 

You should be able to limit the uplink cellular bandwidth here

Under Security & SDWAN > SD-WAN & traffic shaping > Uplink configuration > Cellular limit

https://documentation.meraki.com/MX/Firewall_and_Traffic_Shaping/SD-WAN_and_Traffic_Shaping#Uplink_c...

Hi bmehta.

 

Thanks for your reply, but I don't think it's correct. Well the first part is, but as I wrote it's only L3/L4 so not of any use in my scenario. I need L7 rules.

 

Regarding bandwidth limit on celluar. Are you sure that the celluar setting is limiting the bandwidth and not indented to make some policy based decision on with connection to use?

 

MIFA_0-1603975173923.png

 

Anyway, the ability to make some L7 firewall rules, which could come into play when celluar interface is active, should be the right way to go, and not only L3/L4 rules.

 

PhilipDAth
Kind of a big deal
Kind of a big deal

As you've noted and @bmehta has pointed two, only layer 3/4 rules are available for cellular connections.

 

To do anything more sophisticated would require using the API and regularly checking the state of all the connections and then dynamically updating the layer 7 firewall rules (or traffic shaping rules).

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels