Meraki

kima25 · ‎Dec 12 2022

Hello,

I am working on a SDWAN project, the customer has firewalls on all sites, I propose a one-armed architecture for the Hubs, my question is how can I connect the MX on the remote sites with the customer firewalls? in routed mode by positioning the Mx in front of the firewall? or MX behind the customer firewall?

Thank you for your help.

BR

ww · ‎Dec 12 2022

In case the fw needs to see the traffic before its encypted in vpn.

you need the mx in front. So Internet-mx-fw.

View solution in original post

ww · ‎Dec 12 2022

In case the fw needs to see the traffic before its encypted in vpn.

you need the mx in front. So Internet-mx-fw.

kima25 · ‎Dec 12 2022

thank you for your reponse 🙂

GreenMan · ‎Dec 12 2022

As @ww hints, the question here is; what role is the extra non-MX firewall there to perform? Most customers will, at branches, just have a/the routed mode MX. With the right license level, it's usually all the branch firewall you need. Except if you really have to perform https decrypt, in which case, pairing up the MX with Umbrella is probably the most scalable approach

Hopefully you found this already but, for your DCs, go with one-armed VPN Concentrator MXs behind your DC firewalls, as per https://documentation.meraki.com/MX/Deployment_Guides/VPN_Concentrator_Deployment_Guide

Meraki

Community

routed Mode with Firewall (SDWAN)

routed Mode with Firewall (SDWAN)