VPN firewall use case

Meraki Employee
Meraki Employee

VPN firewall use case


We want to apply a firewall filtering for a vlan in branches. Each branch has 5 vlans and there are hundreds of branches. We are using a template to manage them all.

Because regular firewall doesn't check packets which go through VPN, we can't apply a firewall rule for a vlan. However VPN firewall which works organization-wide does only support IP/subnet which means i have to configure every vlan seperately which is not feasible. Is there any easier way to do this?



3 Replies 3
Kind of a big deal
Kind of a big deal

No doubt about it, this is a painful situation.


If you are lucky you might be able to put in rules like any -> destination set of subnets, if the destination set is not too large.


If the branches weren't deployed yet sometimes it is better to allocate VLAN"x" subnets from a larger supernet, like 10.x.branch.0/24.


But on the whole, there is no nice Cisco Meraki solution for this situation.




I think I have a similar set-up. Our sites have 4 additional vlans, which I've named, so these can be and pre-configured as part of the template. However , like you I have to configure each individual MX as and when it's deployed. Which will become a pain, I'm sure. 



Head in the Cloud

My new Wish regarding this 🙂

"We wish for a button that could make the global firewall also work on the VPN traffic.
Creating rules in the global firewall, and not being able to see / use those on the VPN traffic is just not optimal.
This would be a major thing."



Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.