Meraki

J2RedTech

Our use case requires what other firewalls often refer to as policy based routing. With one vlan egressing out the WAN to one public static IP, and another vlan egressing out the WAN to a different public static IP in the same block. It was my understanding that Meraki couldn't do this. Though I guess Source Based Default Routing was recently added and I was told this was their answer for policy based routing, but I don't think that's the case. Can somebody clarify? And if I can do this with a Meraki, can some one explain how?

alemabrahao

Not exactly what you want, the most you will do is what is described in the document in the first link I sent.

https://documentation.meraki.com/MX/Firewall_and_Traffic_Shaping/MX_Load_Balancing_and_Flow_Preferen...

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

View solution in original post

alemabrahao

In MX this is not called PBF but rather internet traffic.

At least that is what I understand you need.

See the document.

https://documentation.meraki.com/MX/Firewall_and_Traffic_Shaping/MX_Load_Balancing_and_Flow_Preferen...

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

alemabrahao

Oh, one detail: you won't be able to specify the public IP that the given network uses, but at least you can specify the WAN to be used.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

J2RedTech

That's what I was seeing. So I HAVE to use the two WANs, and give each of them a different IP. But will that work with a single ISP router?

alemabrahao

No, you cannot have the WANs configured with the same address range.

You would have to have ISP A on WAN 1 and ISP B on WAN 2, for example.

In fact, you will only be able to specify that the Internet traffic should go out through one of the WANs, but you cannot specify that it should go out with a specific IP. Basically, you will use the address that is configured on the WAN.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

J2RedTech

So then it's as I feared. Meraki still doesn't have its own version of policy based routing within the same public address range.

alemabrahao

PBR in Meraki has another function.

Source Based Default Routing - Cisco Meraki Documentation

What you are requesting is PBF.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

J2RedTech

Ok, my bad, a difference of terminology. Then is there a way to do PBF with Meraki? Source Based Default Routing appears only able to route internally from one vlan to the gateway of another.

alemabrahao

Not exactly what you want, the most you will do is what is described in the document in the first link I sent.

https://documentation.meraki.com/MX/Firewall_and_Traffic_Shaping/MX_Load_Balancing_and_Flow_Preferen...

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

Meraki

Community

Policy Based Routing on Meraki

Policy Based Routing on Meraki