routed Mode with Firewall (SDWAN)

Solved
kima25
Here to help

routed Mode with Firewall (SDWAN)

Hello, 

 

I am working on a SDWAN project, the customer has firewalls on all sites, I propose a one-armed architecture for the Hubs, my question is how can I connect the MX on the remote sites with the customer firewalls? in routed mode by positioning the Mx in front of the firewall? or MX behind the customer firewall?

 

Thank you for your help.

 

BR

1 Accepted Solution
ww
Kind of a big deal
Kind of a big deal

In case the fw needs to see the traffic before its encypted in vpn.

 you need the mx in front. So Internet-mx-fw. 

 

View solution in original post

3 Replies 3
ww
Kind of a big deal
Kind of a big deal

In case the fw needs to see the traffic before its encypted in vpn.

 you need the mx in front. So Internet-mx-fw. 

 

kima25
Here to help

thank you for your reponse 🙂

GreenMan
Meraki Employee
Meraki Employee

As @ww hints, the question here is;    what role is the extra non-MX firewall there to perform?   Most customers will, at branches, just have a/the routed mode MX.   With the right license level, it's usually all the branch firewall you need.   Except if you really have to perform https decrypt, in which case, pairing up the MX with Umbrella is probably the most scalable approach

 

Hopefully you found this already but, for your DCs, go with one-armed VPN Concentrator MXs behind your DC firewalls, as per https://documentation.meraki.com/MX/Deployment_Guides/VPN_Concentrator_Deployment_Guide

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels