Showing results for 
Show  only  | Search instead for 
Did you mean: 

VPN firewall use case


VPN firewall use case


We want to apply a firewall filtering for a vlan in branches. Each branch has 5 vlans and there are hundreds of branches. We are using a template to manage them all.

Because regular firewall doesn't check packets which go through VPN, we can't apply a firewall rule for a vlan. However VPN firewall which works organization-wide does only support IP/subnet which means i have to configure every vlan seperately which is not feasible. Is there any easier way to do this?



Kind of a big deal

Re: VPN firewall use case

No doubt about it, this is a painful situation.


If you are lucky you might be able to put in rules like any -> destination set of subnets, if the destination set is not too large.


If the branches weren't deployed yet sometimes it is better to allocate VLAN"x" subnets from a larger supernet, like 10.x.branch.0/24.


But on the whole, there is no nice Cisco Meraki solution for this situation.


Re: VPN firewall use case



I think I have a similar set-up. Our sites have 4 additional vlans, which I've named, so these can be and pre-configured as part of the template. However , like you I have to configure each individual MX as and when it's deployed. Which will become a pain, I'm sure. 



Here to help

Re: VPN firewall use case

My new Wish regarding this 🙂

"We wish for a button that could make the global firewall also work on the VPN traffic.
Creating rules in the global firewall, and not being able to see / use those on the VPN traffic is just not optimal.
This would be a major thing."



Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.