Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Preventing an IP or subnet using WAN2

Solved
Dunky
A model citizen
‎Jan 6 2023 2:18 AM
‎Jan 6 2023 2:18 AM

Preventing an IP or subnet using WAN2

I have a Boostbox at a site that is used to generate a local cellular signal which the cell phones connect to and traffic is then tunnelled over a VPN from this boostbox to the cell provider.

However, should the source public IP change, the provider locks out that box as they think it has changed location.

So the question is how can I prevent a specific IP and/or subnet from using WAN2 (i.e. when WAN1 fails).

.

 

0 Kudos
Subscribe
1 Accepted Solution
ww
Kind of a big deal
Kind of a big deal
‎Jan 6 2023 2:27 AM
‎Jan 6 2023 2:27 AM

Contact support. They can provide seperate L3 fw config for wan2

 

https://community.meraki.com/t5/Security-SD-WAN/MX-Feature-Request-Separate-Firewall-SD-WAN-Rules-fo...

 

View solution in original post

Subscribe
4 Replies 4
ww
Kind of a big deal
Kind of a big deal
‎Jan 6 2023 2:27 AM
‎Jan 6 2023 2:27 AM

Contact support. They can provide seperate L3 fw config for wan2

 

https://community.meraki.com/t5/Security-SD-WAN/MX-Feature-Request-Separate-Firewall-SD-WAN-Rules-fo...

 

Subscribe
In response to ww
Dunky
A model citizen
‎Jan 6 2023 2:39 AM
‎Jan 6 2023 2:39 AM

Thanks, I'll open a ticket and see what they say.

0 Kudos
Subscribe
In response to ww
Dunky
A model citizen
‎Jan 10 2023 3:09 AM
‎Jan 10 2023 3:09 AM

Support say this cannot be done.

I have clicked on "Give your feedback" and sebmitted:

 

"I need the ability to block a specific IP or subnet from using WAN2. This is because we have Cell Boosters that form a VPN to the cell provider and they whitelist the public IP. If the public IP changes (which it does when MX fails over to WAN2), they blacklist the box. Same could be achieved by allowing us to specify the WAN Interface or ALL on each of the L3 firewall rules (so I can deny the devices outbound traffic on WAN2)"

0 Kudos
Subscribe
In response to ww
Dunky
A model citizen
‎Jan 27 2023 2:32 AM
‎Jan 27 2023 2:32 AM

Meraki did indeed come back and say they can make the Cellular Failover ruleset apply when failover to WAN2.

However, there is no indication on the page that this is in force, and given that we use the L3 rules to provided VLAN segregation then I declined the offer.

What is really needed is on the L3 ruleset to have a dropdown on each rule where you can specify which WAN interface it should apply to (1, 2 or All)

0 Kudos
Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.