Meraki

Community

Meraki Dynamic Flow Preference

Alex413
Here to help
3 weeks ago
3 weeks ago

Meraki Dynamic Flow Preference

Hi, im working with a client that wants to achieve the below. I'm pretty sure this is not possible with any of the MX licenses tiers

 

Corp traffic to go out out of WAN1 - default

Guest traffic to go out of WAN 2 - flow preference rule 

If WAN 1 fails Corp traffic to automatically fail to WAN 2 - default automatic 

if WAN 1 fails automatically block Guest from breaking out of WAN2 - from my experience, not possible. 

 

is there any other way this can be achieved? 

 

thanks in advanced

 

Labels:
0 Kudos
6 Replies 6
alemabrahao
Kind of a big deal
Kind of a big deal
3 weeks ago
3 weeks ago

I can only think of two ways.

1 - Create some kind of automation via API.

2 - Use a router or other firewall in conjunction with the MX since this type of configuration is not possible.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
GIdenJoe
Kind of a big deal
Kind of a big deal
3 weeks ago
3 weeks ago

You could indeed try out the new workflows feature to build a simple automation that is triggered when the primary WAN fails (webhook) that then applies a deny all rule group policy on the guest subnet and removes it when it is restored.

So it would require some testing but I do see a possibilty here.

In response to GIdenJoe
PhilipDAth
Kind of a big deal
Kind of a big deal
3 weeks ago
3 weeks ago

That is inspired thinking.

0 Kudos
PhilipDAth
Kind of a big deal
Kind of a big deal
3 weeks ago
3 weeks ago

I am very grey on this one.

 

I *think* support has an option to configure WAN2 as a "cellular" interface (or perhaps it was the other way around).  You still use WAN2 like normal - just the MX thinks it is a cellular interface in the dashboard now.

You can then use the cellular firewall rules.

https://documentation.meraki.com/SASE_and_SD-WAN/MX/Design_and_Configure/Configuration_Guides/Firewa...

 

0 Kudos
In response to PhilipDAth
Ryan_Miles
Meraki Employee All-Star Meraki Employee All-Star
Meraki Employee All-Star
3 weeks ago
3 weeks ago

Yes. But that wouldn't specifically address the OP's scenario of wanting to use WAN 2 for Guest while WAN 1 is up, but then deny it when WAN 1 is down. 

 

Screenshot 2025-12-01 at 15.16.02.png

 

That feature would work as long as the OP wants Guest to use WAN 1 normally then deny it when WAN 2 is active.

MilesMeraki
Head in the Cloud
3 weeks ago
3 weeks ago

Although not achieving what you are wanting, why not just rate limit the guest internet traffic regardless of it's "Internet" connectivity. 

Eliot F | Simplifying IT with Cloud Solutions
Found this helpful? Give me some Kudos! (click on the little up-arrow below)
0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
Labels
© 2025 Cisco Systems, Inc.