Protecting servers group with MX unit

Solved
Ahmad_Qattan
Here to help

Protecting servers group with MX unit

Hi, I've an MX 84 and it is working fine as configured. i am thinking of getting benefit of "Advanced Malware Protection (AMP)" and "Intrusion detection and prevention" features available on MX. i am thinking of getting my servers on a separate non-meraki switch, and to connect an uplink from this switch to any LAN port on the MX unit. and another uplink to the LAN non-meraki switches. will this setting trigger any intrusion attack from my LAN to the servers? Thanks
1 Accepted Solution
PhilipDAth
Kind of a big deal
Kind of a big deal

No, you wont be able to plug it in that Internet port and operate in transparent mode.  Transparent mode operates between a single Internet port and the LAN ports.

 

Take a look at this article for more information.

https://documentation.meraki.com/MX-Z/Networks_and_Routing/Passthrough_Mode_on_the_MX_Security_Appli...

View solution in original post

4 Replies 4
PhilipDAth
Kind of a big deal
Kind of a big deal

No.  How things plug together will not trigger any rules.

 

Devices creating attack traffic will.  So as long as none of your devices are doing this you will be fine.

Ahmad_Qattan
Here to help

Hi Philip, thanks for the reply, what about i connect the server's switch to a Internet Port, but with transparent mode. not nating mode. will this be any good. thanks
PhilipDAth
Kind of a big deal
Kind of a big deal

No, you wont be able to plug it in that Internet port and operate in transparent mode.  Transparent mode operates between a single Internet port and the LAN ports.

 

Take a look at this article for more information.

https://documentation.meraki.com/MX-Z/Networks_and_Routing/Passthrough_Mode_on_the_MX_Security_Appli...

Ahmad_Qattan
Here to help

Hi Philip, loud and clear. many thanks
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels