SD-WAN PLACEMENT

Firewall-Dude
Comes here often

SD-WAN PLACEMENT

I am struggling with where to place an MX SD-WAN on the network when I already have a L7 Firewall in place. It's initials are PA. I can come up with strong arguments for in front, behind and even as a hair-pin solution! Thoughts? Wondering what others are doing in this type of scenario.

2 REPLIES 2
jdsilva
Kind of a big deal

If you don't want to get rid of your existing then putting the MX in a one arm concentrator configuration behind the existing would be the easiest and least disruptive IMHO.

PhilipDAth
Kind of a big deal
Kind of a big deal

Check out this deployment guide for one armed mode.

https://documentation.meraki.com/MX/Deployment_Guides/VPN_Concentrator_Deployment_Guide 

 

The other option is to run it n NAT mode.  Plug the WAN interface outside of your firewall so it is direct internet access and a public IP address, and then a LAN interface on the inside.  This option is likely to be the most reliable.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels