It was a cold, cold winter night when I finished setting up my Meraki MX-84, but I was excited, because this is the first firewall I've ever configured on my own.
Here is what I would like to accomplish:
- Personal devices like LT, PC, and phone (iOS) are able to seperately connect to a VPN provider without interrupting local network traffic. (Mullvad)
- Playstation 4 is able to connect whenever I please, and facilitate gaming bandwidth.
- Workstations are able to seperately connect to both Cloudflare DNS + LT2P for server management on one client, and corporate network (using GlobalProtect) exclusively on the other. (both of these devices are Lenovo LT)
All on the same subnet IP
Cutting to the chase - I have WAN access, have a few layer 3 and layer 7 firewall rules to block out obvious spam and services I do not use, and also have a few countries blacklisted due to the nature of my work with a multinational corporation.
The devices I am having issue with are a Playstation 4 Pro, it is set to auto-DHCP and auto-DNS and I have an upstream DHCP server pool that it is able to get address assignment from. DNS points out to default Meraki name servers, and I have an established subnet 192.168.128.xxx The second is a Lenovo T14 that uses a company buiilt and supply-chain secure operating system that I also must use VPN for in order to connect to my corporate network at home.
I did not have issues before running a very barebones setup of a Spectrum provided modem and one of their routers, which sat behind a Catalyst 3560-CG PoE switching device. I realize support for the switch is now depricated but due to cost and stubborness cannot get rid of it yet.
Additionally was able to route to NordVPN for the Playstation but very quickly learned that is not a viable solution for enhanced security from behind this [MX-84] device, so I swapped out ot a more compatible provider and that has helped tremendously with my personal devices.
The curious part, I am able to see that the Meraki can see these devices, their MACs, and their assigned IPs, they are able to make DNS requests, but do not seem to be able to get name resolution from this.
All of this is wired via Cat6
I have set the IP address for the Gi/01 interface to be the gateway out of my local network at .2, which is then downstream of the network IP at .1.
Forgive my ramblings but why is it that every other device follows the routing table except for these two troublemakers? Do I need to establish some port forwarding rules for the PS4? What about whitelisting the device's MACs? I saw the othe post regarding this matter, but it was on the WiFi topic forum and I didn't feel this fit since my network is AP-less. Follow up question, would an AP solve this issue? If so what's compatible, secure, and won't break my bank as a (very) jr. sysadmin? I have also not been able to find very much information on either how the PS4 connects to the network outside of some port forwarding guide for a completely different service, or how the Meraki Cloud interacts with it.
Thank you for your time, any help is appreciated.
