Meraki

GarageLand42 · ‎Mar 30 2023

Our MX WAN 1 port currently has a /29 subnet mask, and is using one of the IP's.

It is running the VLAN and DHCP for our internal network. I need to statically assign 1 of the available numbers from the WAN side so I can hook up one an internet facing server. The server cannot have access access to our internet network. Is this possible ? I wanna place a small switch bewtween the ISP and the MX, and connect my statically assign IP address server to that. switch.

Existing

Proposed

Or is there a better way.

PhilipDAth · ‎Mar 30 2023

Yes that would work.

To build on @BlakeRichardson's response, you could create a DMZ behind the MX. Create a firewall rule so it can not talk to the internal network, and then just NAT one of the static IP addresses through to it.

Or - host it in a public cloud provider like Amazon AWS.

View solution in original post

BlakeRichardson · ‎Mar 30 2023

What you propose is not very secure at all. Why not put the server on its own VLAN so that you can enable external access to it while keeping it segregated from your main LAN.

If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.

PhilipDAth · ‎Mar 30 2023

Yes that would work.

To build on @BlakeRichardson's response, you could create a DMZ behind the MX. Create a firewall rule so it can not talk to the internal network, and then just NAT one of the static IP addresses through to it.

Or - host it in a public cloud provider like Amazon AWS.

Meraki

Community

Statis IP on Wan Port

Statis IP on Wan Port