Meraki

Community

Preventing an IP or subnet using WAN2

Solved
Dunky
Head in the Cloud
‎Jan 6 2023 2:18 AM
‎Jan 6 2023 2:18 AM

Preventing an IP or subnet using WAN2

I have a Boostbox at a site that is used to generate a local cellular signal which the cell phones connect to and traffic is then tunnelled over a VPN from this boostbox to the cell provider.

However, should the source public IP change, the provider locks out that box as they think it has changed location.

So the question is how can I prevent a specific IP and/or subnet from using WAN2 (i.e. when WAN1 fails).

.

 

0 Kudos
1 Accepted Solution
ww
Kind of a big deal
Kind of a big deal
‎Jan 6 2023 2:27 AM
‎Jan 6 2023 2:27 AM

Contact support. They can provide seperate L3 fw config for wan2

 

https://community.meraki.com/t5/Security-SD-WAN/MX-Feature-Request-Separate-Firewall-SD-WAN-Rules-fo...

 

View solution in original post

4 Replies 4
ww
Kind of a big deal
Kind of a big deal
‎Jan 6 2023 2:27 AM
‎Jan 6 2023 2:27 AM

Contact support. They can provide seperate L3 fw config for wan2

 

https://community.meraki.com/t5/Security-SD-WAN/MX-Feature-Request-Separate-Firewall-SD-WAN-Rules-fo...

 

In response to ww
Dunky
Head in the Cloud
‎Jan 6 2023 2:39 AM
‎Jan 6 2023 2:39 AM

Thanks, I'll open a ticket and see what they say.

0 Kudos
In response to ww
Dunky
Head in the Cloud
‎Jan 10 2023 3:09 AM
‎Jan 10 2023 3:09 AM

Support say this cannot be done.

I have clicked on "Give your feedback" and sebmitted:

 

"I need the ability to block a specific IP or subnet from using WAN2. This is because we have Cell Boosters that form a VPN to the cell provider and they whitelist the public IP. If the public IP changes (which it does when MX fails over to WAN2), they blacklist the box. Same could be achieved by allowing us to specify the WAN Interface or ALL on each of the L3 firewall rules (so I can deny the devices outbound traffic on WAN2)"

0 Kudos
In response to ww
Dunky
Head in the Cloud
‎Jan 27 2023 2:32 AM
‎Jan 27 2023 2:32 AM

Meraki did indeed come back and say they can make the Cellular Failover ruleset apply when failover to WAN2.

However, there is no indication on the page that this is in force, and given that we use the L3 rules to provided VLAN segregation then I declined the offer.

What is really needed is on the L3 ruleset to have a dropdown on each rule where you can specify which WAN interface it should apply to (1, 2 or All)

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.