MX 65 Secure Install

Brendan5inaRow
Conversationalist

MX 65 Secure Install

I have a need to install a MX65 Firewall appliance at a sensitive location that is difficult ti guarantee physical security.

For  that reason, I want to secure the device as best as possible.

The device will have a Site to Site VPN giving it access to the Corporate network.

I have already disabled the non active interfaces on the firewall and left active only 1 interface.

 

I would like to lock that interface to only allow a single MAC address to connect to it. Is this possible and how?

 

Thanks,

Brendan

3 Replies 3
Aaron_Wilson
A model citizen

You need to setup radius if you want to do MAB on the MX65 ports. You cannot do an internal MAB list.

If you are running ISE you can use that to create a MAB list. There is also the cloud radius provided by Meraki, but I do not have experience with that
PhilipDAth
Kind of a big deal
Kind of a big deal

You can create a firewall rule to blocked everything, and then whitelist the one client you want to have access.

 

The most secure method is to require 802.1x port based authentication, but this does require you to have a RADIUS server.

https://documentation.meraki.com/MX/Access_Control_and_Splash_Page/MX_Access_Policies_(802.1X) 

Nick
Head in the Cloud

I would second the whitelisting approach. This works well in this sort of scenario
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels