cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Security Context support

KapilA
Conversationalist
‎12-18-2017 08:46 AM
‎12-18-2017 08:46 AM

Security Context support

Hello,

 

I would like to know if Security context are supported on Meraki MX series firewalls.

 

i have a use case where customer would like to pass through the north-south traffic through the IPS on their MX appliances. The servers are not part of DMZ and the interVLAN routing is being handled by the Core switches.

 

thanks,

kapil

 

0 Kudos
Subscribe
5 REPLIES 5
MerakiDave
Meraki Employee
Meraki Employee
‎12-18-2017 09:12 AM
‎12-18-2017 09:12 AM

Not sure if I can quite picture the design you described or if there's another way to do what you need, but no, the MX appliances today do not have the feature to divide the appliance into multiple separate virtual device contexts, as if there were separate physical firewalls.  You can do per-physical-port VLAN configurations, but everything is a single security context.

0 Kudos
Subscribe
In response to MerakiDave
KapilA
Conversationalist
‎12-18-2017 10:27 AM
‎12-18-2017 10:27 AM

Thanks for your reply.

My design is very simple.

 

User VLAN --------CORE SW--------Meraki MX /w IPS ----- Internet

                                   |                          |

                                   |                          |

                                   |                          |

                       Server VLAN          DMZ (Server Farm).

 

Now, I have to pass the North-south traffic (user VLAN / server VLAN) through the IPS where all inter VLAN routing is being handled by the core SW.

 

 

0 Kudos
Subscribe
In response to KapilA
MRCUR
Kind of a big deal
‎12-18-2017 11:33 AM
‎12-18-2017 11:33 AM

I think to accomplish what you're looking for you'd need to have the MX do all your L3 routing, but even then I'm not sure any of the IDS rules are applied to traffic that isn't WAN to LAN. 

MRCUR | CMNO #12
0 Kudos
Subscribe
In response to KapilA
PhilipDAth
Kind of a big deal
Kind of a big deal
‎12-18-2017 07:20 PM
‎12-18-2017 07:20 PM

In short no - even with a network design, no.

 

The Meraki IPS is done between a LAN and WAN interface.  It does not get done between internal VLANs.

0 Kudos
Subscribe
In response to PhilipDAth
NathanW
Meraki Employee
Meraki Employee
‎12-19-2017 07:45 PM
‎12-19-2017 07:45 PM

That's not quite true. Traffic between VLANs on the MX does go through the IPS engine.

 

https://documentation.meraki.com/MX-Z/Content_Filtering_and_Threat_Protection/Threat_Protection#Intr...

0 Kudos
Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2023 Meraki