Meraki

MarcelTempelman · ‎Jun 25 2025

Hi all,

we were able to succesfully configure a Route based tunnel between a Meraki MX and a Fortigate. BGP is working as expected the only drawback is that we cannot apply any prefix filter at the MX-side (at least we were unable to find any option related to that). This results in too many routes being shared to the firewall that is peering via the VPN tunnel. Is prefix filtering going to be added ?

With kind regards,

Marcel Tempelman.

jimmyt234 · ‎Jun 25 2025

Wouldn't count on it, you should request it via the Give your feedback button on the dashboard, the more people that ask hopefully the more weight it will carry!

Can you also not filter on the FortiGate side?

MarcelTempelman · ‎Jun 25 2025

In this case it's a test setup and we control both sides but if we want to connect to 3rd parties this just looks bad. Will follow your advice and use the feedback button.

MartinLL · ‎Jun 26 2025

I have this on my wish list as well. I submited a "make a wish" a few years ago but it seems like its not a priority

MLL

GIdenJoe · ‎Jun 26 2025

That was one of the first features I asked at CLEUR this year and they confirmed that the feature would be very handy but is not implemented right now.

The idea behind it is that the BGP based non-meraki VPN is primarily used for SASE solutions where you use a non-meraki VPN tunnel to tunnel all your spoke traffic to a central cloud based security system (like secure connect, secure access, etc...).

Using the route based VPN via BGP to route to extranets or certain service providers is however problematics since you cannot filter their incoming routes or your outbound routes to the ones are relevant to that connection.

Meraki

Community

Prefix Filtering Route based VPN (Dynamic routing)

Prefix Filtering Route based VPN (Dynamic routing)