I'm looking to add local ISP to one of our offices to compliment our existing MPLS service. The carrier we're talking with wants to drop in a MX100 to provide ISP service for us. In order for this to work in our environment, I would have to set it up to be a proxy server so we can direct local users to it via PAC file update. The carrier can't tell me if the MX100 can be an explicit proxy, or if it is just transparent. Can someone confirm if the MX100 can be configured as an explicit proxy?
Thanks!
The MX100 is not a proxy server. It is transparent.
You could give out option 252 (WPAD) in DHCP to give out a WPAD file.
I misread this slightly.
In your PAC file simply use the "DIRECT" method, which tells the machines not to use a proxy server.
I just had another brilliant idea. Why don't you use the Cisco Umbrella proxy service?
https://umbrella.cisco.com/products/features/intelligent-proxy
This is a cloud based proxy server (no proxy server needed on site). It gives you excellent visibility of what is happening, and is a great first line of defence. And it also protects notebooks when they are not in the office.
Transparent mode to my knowledge. Are you deploying the MX in NAT mode with the internet connection directly terminating on the MX or will there be a border router upstream with the MX in passthrough mode?
I think I'm stuck then. Our office is connected to the corporate network using MPLS and default route is supplied from the corporate backbone. If we divert default to point to the Meraki, we'd have a lot of re-engineering to do on our backbone. In an ideal world, I would do this as described, but on my particular time frame I don't believe this will work for me. Thanks for the quick replies!
directly on the MX