Meraki

Brucer · ‎Mar 5 2024

I'm unclear about the distinction between SD-WAN Internet policies vs Local Internet Breakout on the MX. If I define an SD-WAN Internet policy, does that on it's own cause matching traffic to be locally routed directly to the Internet (DIA), or do I also need a Local Internet Breakout Policy.

If not, then what is the difference between the two?

My understanding (that I am trying to confirm via this post) is that DIA/local breakout REQUIRES a local breakout policy, but if you also want to define which WAN link to use (or load balance) then the SD-WAN policy provides this additional functionality when combined with local breakout.

Do I have it right? Thanks.

alemabrahao · ‎Mar 5 2024

Local internet breakout is used when you do not want traffic to a certain destination to be sent over SD-WAN.

The SD-WAN internet policy is used when you want traffic to a destination on the internet to go through one of the specific WANs.

They are different features.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

Brucer · ‎Mar 5 2024

thanks.. what i'm asking is whether you need both (as I think you are saying) or are SD-WAN Internet policies used on their own (without corresponding local breakout policy)?

ww · ‎Mar 5 2024

Sd internet works for traffic outside the tunnel.

If you dont use a default route in your tunnel you dont need vpn exclusions

If you do have a default route in the tunnel you can use vpn exclusions