Meraki

Jyrki_Halonen

I can't use VLANs as an object in MX firewall rules. I only get potion to create new objects or use CIDR.
I would like to use VLANs as source and destination on the firewall rule.

I have used those in many organisations, but now for one new Meraki organisation I can't do that for some reason.

Any tips?

Jyrki_Halonen

IPv6 LAN capabilities are a requirement for VLAN Objects. VLAN objects and HA MXs (warm spare) do not work together since HA pair does not currently support IPv6. When a warm spare is added to a network, you will lose the ability to use VLAN objects and any existing L3 rules utilizing VLAN objects will be removed.

View solution in original post

MartinLL

The VLAN object feature only works if your VLAN is only enabled for IPv4 last i checked. Try to disable IPv6 on the VLAN and see if it allows you to use VLAN objects then.

MLL

Jyrki_Halonen

VLAN can have both IPv4 and IPv6 and still VLAN rula can be used.

But I found the answer for this: it is related to MX with warm spare:
"IPv6 LAN capabilities are a requirement for VLAN Objects. VLAN objects and HA MXs (warm spare) do not work together since HA pair does not currently support IPv6. When a warm spare is added to a network, you will lose the ability to use VLAN objects and any existing L3 rules utilizing VLAN objects will be removed."

Jyrki_Halonen

IPv6 LAN capabilities are a requirement for VLAN Objects. VLAN objects and HA MXs (warm spare) do not work together since HA pair does not currently support IPv6. When a warm spare is added to a network, you will lose the ability to use VLAN objects and any existing L3 rules utilizing VLAN objects will be removed.

Jyrki_Halonen

This is quite annoying feature

Meraki

Community

Not able to add VLANs to firewall rule

Not able to add VLANs to firewall rule