Meraki vMX with vs without Firewall

SOLVED
UmutYasar
Here to help

Meraki vMX with vs without Firewall

Hi All,

 

I have a project deploying vMX to Azure cloud that we need to move customer servers to the cloud. I am considering Meraki vMX deployment secure enough to deploy without Firewall. I did some research and find that the Meraki MX in one-armed concentrator mode doesn't support Firewall features. And if I want RDP and inbound/outbound ACLs/NAT and IPS features I need to go for deploying Azure (or any VNF) firewall before it. But I saw deployments without Firewall as well only with vMX. If someone has vMX deployment experience can you please share your thoughts on best practice, considering Firewall cost does it really worth it?

How can I handle security concerns without Firewall deployment?

 

I think RDP/inbound/outbound rules can be configured on the Azure VM network interface or security groups. And also with Azure Public IP NAT to vMX LAN Ip can be security some level.

1 ACCEPTED SOLUTION
PhilipDAth
Kind of a big deal
Kind of a big deal

I deploy VMX in Azure in VPN concentrator mode and allow all inbound access to it.

 

Your servers go into a separate VNET, and you use Azure to control access to them from the Internet

View solution in original post

2 REPLIES 2
PhilipDAth
Kind of a big deal
Kind of a big deal

I deploy VMX in Azure in VPN concentrator mode and allow all inbound access to it.

 

Your servers go into a separate VNET, and you use Azure to control access to them from the Internet

in VPN concentrator mode, how vMX forwards the traffic to Azure LAN ? it will just passthrough traffic to next hop  in cloud ?

Is it safe to keep "passthrough (Layer 2 Hub kind of) device" with Public IP at perimeter ?

Get notified when there are additional replies to this discussion.