Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Meraki MX L7 features behind Firewall

Solved
Blink
New here
Tuesday
Tuesday

Meraki MX L7 features behind Firewall

MX85 MX 18.211.2

 

We are soon changing internet service provider and the new ISP will have a standard L3-L7 firewall policy on all outbound internet access.

 

Could be a non issue, but will MX L7 features work ok behind a firewall. URL filtering, AMP, IPS...

 

It's also a VPN hub but apparently this will work (via cloud brokering) on high UDP ports which are allowed through standard ISP policy.

 

I do understand that we will obviously only see what the external FW allows through but would any functionality on the MX actually break due to any L7 packet manipulation on the outside ISP FW? I have casually asked about whitelisting this device completely but might be a pain to do for all devices in the future.

0 Kudos
Subscribe
1 Accepted Solution
KarstenI
Kind of a big deal
Kind of a big deal
Tuesday
Tuesday

The "?" in the top right corner of the dashboard has a section "Firewall Info". Just make sure that the ISP isn't blocking any of this communication and at least the Meraki Part will be fine.

View solution in original post

Subscribe
6 Replies 6
KarstenI
Kind of a big deal
Kind of a big deal
Tuesday
Tuesday

The "?" in the top right corner of the dashboard has a section "Firewall Info". Just make sure that the ISP isn't blocking any of this communication and at least the Meraki Part will be fine.

Subscribe
Blink
New here
Tuesday
Tuesday

Thanks very much I'll get this verified

0 Kudos
Subscribe
Blink
New here
Tuesday
Tuesday

Might sound like a stupid question but would these IPs in the Firewall Info section be susceptible to URL category blocking? ..for example they could be load balanced by URL and DNS mechanisms and resolved to either of these IPs. Or they maybe programmed in as IPs directly in the Meraki software which I would then assume would not be susceptible to URL category blocking.

0 Kudos
Subscribe
KarstenI
Kind of a big deal
Kind of a big deal
Tuesday
Tuesday

Theoretically, they can be subject to any filtering. But I wouldn't expect any ISP to do that.

0 Kudos
Subscribe
Blink
New here
Tuesday
Tuesday

Well there is this on their outbound policy but we'd be unlucky to be categorised as Malware.

Blocks by URL from Malware Categories - silent
0 Kudos
Subscribe
In response to Blink
Brash
Kind of a big deal
Kind of a big deal
Tuesday
Tuesday

Yeah I wouldn't expect it to be categorized as malware.

They would likely pull from the same sources that other security vendors/firewalls pull from anyhow.

0 Kudos
Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.