Meraki

Community

Z3 throughput / disable FW

HTS
Conversationalist
‎Sep 12 2018 2:11 PM
‎Sep 12 2018 2:11 PM

Z3 throughput / disable FW

We were looking at Z3 as potentially a reasonable option for staff who work from home periodically to have a more reliable VPN back to the office.  While it looks like it would be ideal for this purpose the throughput is a problem.  We are in an area of the country where Verizon has been really aggressive pushing out gigabit connections and it's just not reasonable to tell out staff if you want to connect back to the office you have to sacrifice 90% of the bandwidth you are paying for to do this.  

 

My question is - can the fw functionality be bypassed / turned off so that the device provides the easy to use VPN for traffic destined for the office but doesn't kill their ability to take advantage of the bandwidth they are paying for with internet traffic? 

0 Kudos
4 Replies 4
NSGuru
Getting noticed
‎Sep 12 2018 2:22 PM
‎Sep 12 2018 2:22 PM

Does their current firewall have the ability to do routing? If so why not set the device behind the network. LAN and WAN (do not prefer to double NAT but it works.)

 

After that give the Z3 a LAN IP address and setup a static route in current firewall for any traffic destined to the local LAN on remote office to the Z3 LAN IP address. 

 

Make sure site to site VPN is on for the Z3 and the other site as well. 

 

Voila you still are using your Verizon internet connection with the current firewall that is able to utilize the throughput verizon gives and if the client needs to reach their office they are able to as well as all traffic to the clients other office will be destined to the Z3. 

 

 

 

 

Cloud Network Engineer | cloudIT
Certified Meraki Networking Associate

Kudo this if it helped! 🙂
In response to NSGuru
NSGuru
Getting noticed
‎Sep 12 2018 2:27 PM
‎Sep 12 2018 2:27 PM

It appears with Passthrough mode the same manner of what i mentioned before applies. 

 

You will build a route on the edge router to point back to the IP address of the Z and it will send the traffic over the remote site afterwards. Difference is that you will not be doing any NAT from the Z. 

 

Meraki documentation link for passthrough: https://documentation.meraki.com/MX/Networks_and_Routing/Passthrough_Mode_on_the_MX_Security_Applian...

Cloud Network Engineer | cloudIT
Certified Meraki Networking Associate

Kudo this if it helped! 🙂
In response to NSGuru
jdsilva
Kind of a big deal
‎Sep 12 2018 3:27 PM
‎Sep 12 2018 3:27 PM

Your users can put the Z3 behind their existing home router. They don't need to throw away their own device just to be a teleworker. Personally, if I was deploying Z3's I wouldn't want my people to be using it as their home router (and that was my position in a previous job deploying Aruba RAPs). 

http://blog.brokennetwork.ca | @jdsilva
0 Kudos
In response to NSGuru
HTS
Conversationalist
‎Sep 12 2018 4:51 PM
‎Sep 12 2018 4:51 PM

This looks like it would accomplish what we want. I'll give this a try. Thank you.
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.