Test firewall connected to LAN

chwhite
Just browsing

Test firewall connected to LAN

We are testing an MX 450 for a new firewall. How do I connect the firewall from its WAN port to a LAN switch? I physically do that, but it doesn't' have an internet connection. I configured a Static private IP on the WAN port. Is there something that I should be doing. The uplink WAN port is connected to an access interface on the switch. 

10 Replies 10
PhilipDAth
Kind of a big deal
Kind of a big deal

If you configure a notebook with the same settings and plug it into the same port on the switch is it able to access the Internet?

chwhite
Just browsing

Yes. I am able to connect my laptop to the same interface on the switch, get an IP address and access to the internet. The WAN port on the firewall will not get an ip address via DHCP that is on our LAN. 

TheITWay
Getting noticed

If the WAN of the MX is not getting an IP, probably something with DHCP is not good. I would reboot the MX to trigger the DHCP process again. If that does not work, you can take pcaps upstream to identify if the MX is sending DHCP discovers to the switch requesting an IP address. If you do not see those packets after a reboot or factory reset, it is time to call Support.

TheITWay
Getting noticed

Hello chwhite,

 

The MX450 can work as a firewall depending on how you are connecting it to the network. You have two options in the Addressing and VLANs section ( Routed or Passthrough). Could you please mention which option you have?

Additionally, all the MXs need an internet connection to talk to the cloud and be managed on the dashboard. The MX will use the WAN interface to get an IP address to reach out to the cloud. You should ensure that the WAN interface is connected to the internet. 

 

After that the MX can act as a firewall from all the traffic that is traversing the device, could be from the LAN side to WAN or inter-VLAN traffic. 

To help you in this one, we need to bring the MX online first.After that, we can continue talking on how to setup the firewall 🙂

chwhite
Just browsing

Screen capture for setupScreen capture for setup

 

Above is the configuration tab for the firewall. I changed from DHCP to Static, entered an internal IP with gateway. No joy. Cannot get this thing connected to internet to configure. 

PhilipDAth
Kind of a big deal
Kind of a big deal

Hold on.  An MX450 has 10Gbe WAN ports.  Notebooks usually do not.

 

How are you connecting the 10Gbe WAN port to the switch?

chwhite
Just browsing

We purchased a RJ-45 to SFP. Plugged the ethernet into the SFP then the SFP to the WAN\Internet port. I think the SFP was a cheap $15 variety QSFPTEK 1Gb to RJ45 type. 

 

No link activity on the SFP

PhilipDAth
Kind of a big deal
Kind of a big deal

The SFP you have is not compatible then.

 

You are going to need to go and get a proper Meraki 1000BaseT SFP.  You should be able to get one as part of the same trial.

chwhite
Just browsing

Ok. Thank you for all of your help. 

cmr
Kind of a big deal
Kind of a big deal

If you need an alternative, a Cisco GLC-T works fine, they are readily available for not much second hand.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels