Hi Meraki folks
My first post! I'm a network engineer for a UK charity who're about to embark on a rollout of MXs to all our sites, moving from MPLS and centralised firewall to direct internet access and distributed security/SD-WAN. It's a big project with tight timescales but it's a real opportunity to optimise the network for our migration of all our applications to the cloud. All to be completed in 2019 - no pressure then! But we're excited to be joining the Meraki family.
My question is - can the MX only support one Content Policy? If I want to provide different content controls on a per-VLAN basis, is Layer 7 firewall group policies and a VLAN to group mapping the only way to do it?
Also, it would be really handy to apply more than one IP address to an MX internal L3 interface to aid transition from our old to new WAN termination - what would be a secondary IP address in traditional Cisco. Does the MX support anything like that?
Thanks in advance.
Hey @AndyGray ,
You can create custom policies via a Group Policy, and apply the GP to a VLAN to do what you're asking.
You can't do secondary addresses on an MX. Only just create multiple VLANs with their own IP addresses.
can the MX only support one Content Policy? - Yes
apply more than one IP address to an MX internal L3 interface -No No No
A workaround you can try is "1:1 NAT or 1:many NAT to internal addresses"