Meraki

Jyrki_Halonen · ‎Oct 28 2024

I can't use VLANs as an object in MX firewall rules. I only get potion to create new objects or use CIDR.
I would like to use VLANs as source and destination on the firewall rule.

I have used those in many organisations, but now for one new Meraki organisation I can't do that for some reason.

Any tips?

Jyrki_Halonen · ‎Oct 28 2024

IPv6 LAN capabilities are a requirement for VLAN Objects. VLAN objects and HA MXs (warm spare) do not work together since HA pair does not currently support IPv6. When a warm spare is added to a network, you will lose the ability to use VLAN objects and any existing L3 rules utilizing VLAN objects will be removed.

View solution in original post

MartinLL · ‎Oct 28 2024

The VLAN object feature only works if your VLAN is only enabled for IPv4 last i checked. Try to disable IPv6 on the VLAN and see if it allows you to use VLAN objects then.

MLL

Jyrki_Halonen · ‎Oct 28 2024

VLAN can have both IPv4 and IPv6 and still VLAN rula can be used.

But I found the answer for this: it is related to MX with warm spare:
"IPv6 LAN capabilities are a requirement for VLAN Objects. VLAN objects and HA MXs (warm spare) do not work together since HA pair does not currently support IPv6. When a warm spare is added to a network, you will lose the ability to use VLAN objects and any existing L3 rules utilizing VLAN objects will be removed."

Jyrki_Halonen · ‎Oct 28 2024

IPv6 LAN capabilities are a requirement for VLAN Objects. VLAN objects and HA MXs (warm spare) do not work together since HA pair does not currently support IPv6. When a warm spare is added to a network, you will lose the ability to use VLAN objects and any existing L3 rules utilizing VLAN objects will be removed.

Jyrki_Halonen · ‎Oct 28 2024

This is quite annoying feature

Meraki

Community

Not able to add VLANs to firewall rule

Not able to add VLANs to firewall rule