Security Context support

KapilA
Conversationalist

Security Context support

Hello,

 

I would like to know if Security context are supported on Meraki MX series firewalls.

 

i have a use case where customer would like to pass through the north-south traffic through the IPS on their MX appliances. The servers are not part of DMZ and the interVLAN routing is being handled by the Core switches.

 

thanks,

kapil

 

5 REPLIES 5
MerakiDave
Meraki Employee

Re: Security Context support

Not sure if I can quite picture the design you described or if there's another way to do what you need, but no, the MX appliances today do not have the feature to divide the appliance into multiple separate virtual device contexts, as if there were separate physical firewalls.  You can do per-physical-port VLAN configurations, but everything is a single security context.

KapilA
Conversationalist

Re: Security Context support

Thanks for your reply.

My design is very simple.

 

User VLAN --------CORE SW--------Meraki MX /w IPS ----- Internet

                                   |                          |

                                   |                          |

                                   |                          |

                       Server VLAN          DMZ (Server Farm).

 

Now, I have to pass the North-south traffic (user VLAN / server VLAN) through the IPS where all inter VLAN routing is being handled by the core SW.

 

 

MRCUR
Kind of a big deal

Re: Security Context support

I think to accomplish what you're looking for you'd need to have the MX do all your L3 routing, but even then I'm not sure any of the IDS rules are applied to traffic that isn't WAN to LAN. 

MRCUR | CMNO #12
PhilipDAth
Kind of a big deal

Re: Security Context support

In short no - even with a network design, no.

 

The Meraki IPS is done between a LAN and WAN interface.  It does not get done between internal VLANs.

NathanW
Meraki Employee

Re: Security Context support

That's not quite true. Traffic between VLANs on the MX does go through the IPS engine.

 

https://documentation.meraki.com/MX-Z/Content_Filtering_and_Threat_Protection/Threat_Protection#Intr...

Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.