Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

MX 65 Secure Install

Brendan5inaRow
Conversationalist
‎Sep 23 2019 12:16 PM
‎Sep 23 2019 12:16 PM

MX 65 Secure Install

I have a need to install a MX65 Firewall appliance at a sensitive location that is difficult ti guarantee physical security.

For  that reason, I want to secure the device as best as possible.

The device will have a Site to Site VPN giving it access to the Corporate network.

I have already disabled the non active interfaces on the firewall and left active only 1 interface.

 

I would like to lock that interface to only allow a single MAC address to connect to it. Is this possible and how?

 

Thanks,

Brendan

0 Kudos
Subscribe
3 Replies 3
Aaron_Wilson
A model citizen
‎Sep 23 2019 6:19 PM
‎Sep 23 2019 6:19 PM

You need to setup radius if you want to do MAB on the MX65 ports. You cannot do an internal MAB list.

If you are running ISE you can use that to create a MAB list. There is also the cloud radius provided by Meraki, but I do not have experience with that
Subscribe
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Sep 23 2019 9:23 PM
‎Sep 23 2019 9:23 PM

You can create a firewall rule to blocked everything, and then whitelist the one client you want to have access.

 

The most secure method is to require 802.1x port based authentication, but this does require you to have a RADIUS server.

https://documentation.meraki.com/MX/Access_Control_and_Splash_Page/MX_Access_Policies_(802.1X) 

Subscribe
In response to PhilipDAth
Nick
Head in the Cloud
‎Sep 25 2019 12:12 AM
‎Sep 25 2019 12:12 AM

I would second the whitelisting approach. This works well in this sort of scenario
Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.