MX65 New Deployment - Small Network

ZCarter1954
New here

MX65 New Deployment - Small Network

Good Afternoon, I was hoping to get some assistance.

 

I have a brand new MX65 Im trying to deploy on a very small network.  The current flow is as follows:

 

Modem -> Router -> Switch -> Clients

 

I want to deploy as follows (This is for a single retail store with minimal data to protect):

 

Modem -> Firewall -> Router -> Switch -> Clients

 

Im looking to ensure basic port forwarding, firewall rules, and client VPN.  What is the best way to configure this?  It appears I have an option to make it either L2 pass-through or L3 routable.

 

Can I do L2 and have it work with basic firewall functions and Client VPN setup?  Or do I have to do it L3?

 

Also, is there any cabling differences between the two?  I have WAN going to the model, and port 1 on the firewall going to the router.

4 REPLIES 4
BrechtSchamp
Kind of a big deal

Firewalling and client vpn are possible in passthrough mode. But port forwarding makes no sense as the MX is not actually routing in this mode. Take a look at this link:

https://documentation.meraki.com/MX/Networks_and_Routing/Passthrough_Mode_on_the_MX_Security_Applian...

 

Have you thought about outright replacing the router by the mx?

Ive seen that page, but most of them seem to lack significant detail. 

 

Anyway, I was reading a section that mentioned I should make the MX65 the default gateway for all of my client's.  Is that correct?  

That's only the case if it's in router mode and if it's the first router passed on the path to the internet. If you would deploy it Internet -> MX -> Router -> Switch then the router would be the default gateway.

kordm
Getting noticed

The MX65 is a router. You don't need a separate one.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels