Meraki failover scenario for 2 Primary and secondary with 2 wan ports

Here to help

Meraki failover scenario for 2 Primary and secondary with 2 wan ports

Hi All

Can anyone tell me how the Meraki firewalls should failover if we have 2 WAN uplinks on each and 2 firewalls.

Does the standby firewall only take over if both WAN links on the primary fail?


2 Replies 2
Kind of a big deal
Kind of a big deal

Underlying Concepts and Technologies
VRRP Heartbeats
Failure detection for an MX warm spare pair uses VRRP heartbeat packets. These heartbeat packets are sent from the primary MX to the secondary MX on all configured VLANs in order to indicate that the primary is online and functioning properly. As long as the secondary is receiving these heartbeat packets, it functions in the spare state. If the secondary stops receiving these heartbeat packets, it will assume that the primary is offline and will transition into the active state. When the MX is in routed mode, VRRP heartbeats are not sent over the WAN and there is no guarantee that the WAN interfaces can communicate with each other. See Connection Monitoring below to understand how the WAN interface can also impact how VRRP packets are sent through the LAN on routed mode.

For more in-depth information regarding the VRRP mechanics on the MX, please see the Routed HA Failover Behavior documentation.

Connection Monitoring
Connection monitor is an uplink monitoring engine built into every MX security appliance. The mechanics of the engine are described in this article. When all uplinks of a primary MX are marked as failed by connection monitor, that MX will stop sending VRRP heartbeat packets, which will initiate a warm spare failover. Once there is at least one working uplink, the primary returns to a working state and resumes sending heartbeat packets and the secondary relinquishes the active role back to the primary. More information can be found in the Connection Monitoring for WAN Failover documentation.


For more look this article:

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
Kind of a big deal
Kind of a big deal

In addition of the great resume that alemabrahao provided , this document also explains the failover :

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.