cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Per VLAN Content Policies

Highlighted
Here to help

Per VLAN Content Policies

Hi Meraki folks

 

My first post!  I'm a network engineer for a UK charity who're about to embark on a rollout of MXs to all our sites, moving from MPLS and centralised firewall to direct internet access and distributed security/SD-WAN. It's a big project with tight timescales but it's a real opportunity to optimise the network for our migration of all our applications to the cloud. All to be completed in 2019 - no pressure then! But we're excited to be joining the Meraki family.

 

My question is - can the MX only support one Content Policy?   If I want to provide different content controls on a per-VLAN basis, is Layer 7 firewall group policies and a VLAN to group mapping the only way to do it?

 

Also, it would be really handy to apply more than one IP address to an MX internal L3 interface to aid transition from our old to new WAN termination - what would be a secondary IP address in traditional Cisco.   Does the MX support anything like that?


Thanks in advance.


Andy Gray

3 REPLIES 3
Highlighted
Kind of a big deal

Re: Per VLAN Content Policies

Hey @AndyGray ,

 

You can create custom policies via a Group Policy, and apply the GP to a VLAN to do what you're asking.

 

https://documentation.meraki.com/MX/Group_Policies_and_Blacklisting/Creating_and_Applying_Group_Poli...

 

You can't do secondary addresses on an MX. Only just create multiple VLANs with their own IP addresses. 

Highlighted
Here to help

Re: Per VLAN Content Policies

Hi Andy,

can the MX only support one Content Policy? - Yes

  1. Go to Network-wide > Configure > Group policies
  2. In "Blocked website categories" Choose override
  3. Similar for "Blocked URL patterns" and "Whitelisted URL patterns" if required
  4. click Save Changes
    >Applying above Group Policy to a VLAN
  5. Go to Security appliance > Configure > Addressing & VLANs
  6. Select the Group policy from the drop-down and save changes

 

apply more than one IP address to an MX internal L3 interface -No No No

A workaround you can try is "1:1 NAT or 1:many NAT to internal addresses" 

 

 

 

Highlighted
Building a reputation
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.