Meraki

AM1065 · ‎Jul 5 2022

Good Afternoon,

We have client with an Azure tenant running a few IaaS services generally on Microsoft Windows VMs.

The Azure tenant is across three regions - West Europe, Central US & Australia East.

We would like to propose a vMX appliance to act as a perimeter Layer 7 firewall which will allow for site to site VPNs between the client's geo-located offices and this vMX appliance. Client VPN is also a requirement.

Currently the client has physical offices in London (most of the users are based here) with smaller offices in Colombia, LA, Melbourne, Sydney, New York.

We are trying to understand if

a) we need to have SD-WAN in place to accomplish this design,

b) we need to have a vMX appliance for each Azure region or will a single vMX appliance suffice

c) How can we achieve HA in this design if there is only one vMX appliance.

Any help will be appreciated.

Many thanks

AsangaB · ‎Jul 5 2022

I found this document useful for me. Hope it helps you to get your network designed.

Deploying Highly Available vMX in Azure

https://documentation.meraki.com/MX/Other_Topics/Deploying_Highly_Available_vMX_in_Azure

AM1065 · ‎Jul 5 2022

Thank you @AsangaB - that is very useful. The issue we have though is we will not be able to use Layer 7 Firewall Capabilities as after posting my question, I went through a few more posts and speaking to our Meraki Rep, their appears to be no ETA for the same at the moment. So we will have to abandon this for now.

AsangaB · ‎Jul 5 2022

Integrating cisco Umbrella would get you what you need for L7 firewall capability.

However, I have not tested it yet, after creating a group policy you will see the L7 firewall option on the vMX side. Also, in the cisco Umbrella side for more DNS level security options.

Cisco Umbrella Policy option:

Cisco Meraki vMX Group Policy option.

Using the Cisco Umbrella would get you what you need for L7 security. It is worth trying/testing, ask for a trial account.