Outbound NAT an Object Group to IP

XtremeBaseT
Here to help

Outbound NAT an Object Group to IP

I'm close to moving to Meraki as our primary firewall solution, but there's one feature holding us back. We need to be able to NAT a group of internal IP's (preferably a Group) that are destined for a certain protocol/port to a single IP. There doesn't seem to be an ability to do that currently and was wondering if that is something Meraki would be able to do in the future?

 

 

6 Replies 6
RoshanS
Meraki Employee
Meraki Employee

Greetings,

 

The 1:M NAT feature may be the answer you are looking for. Please review the document below and let us know if you have questions or concerns!

 

https://documentation.meraki.com/MX/NAT_and_Port_Forwarding/Port_Forwarding_and_NAT_Rules_on_the_MX#...

 

As always, please don't hesitate to reach out to support and open a case if any other issues arise. 

XtremeBaseT
Here to help

Close, but the wrong direction.

 

I'm trying to have all my internal servers that send e-mail, be able to go outbound to the public SMTP server,  from one Public IP address.

JohnT
Getting noticed

You are looking for SNAT, which Meraki can't do for some reason even though most $100 firewalls can do it.  We are considering leaving Meraki because of this.  It makes it really difficult to do IP allow-listing because your guest network goes out the same IP as your corporate network.  It's embarrassing that this hasn't been implemented yet.

XtremeBaseT
Here to help

It's so weird that Meraki has made so many strides on the switching, routing and VPN side and left their firewalling features below even basic. It's clear the only usefulness of their MX series is in site-to-site connectivity via SD-WAN/VPN. 

JohnT
Getting noticed

I'm hoping someone from Meraki can comment on this feature.  It's crazy that it does not exist yet.

andynaw
Conversationalist

Hi John. I hope Meraki will reply to limit of SNAT. I have the same issue with routing and unfortunately Meraki is a very basic device. I was told by Meraki support to achieve a separate IP presentation by creating a separate WAN interface from my WAN IP subnet. This approach is quite unsustainable making the whole hardware and availability setup a nightmare. 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels