Meraki Switches to WatchGuard Firewall

NCS_Comm
Here to help

Meraki Switches to WatchGuard Firewall

Hello All
Just putting it out there to see if anyone has configured Meraki Layer 3 switches with a WatchGuard Firewall and if there were any issues.

We are shortly going to swap out some old HP switches with new Meraki Switches (MS425's, MS225's)

Thanks 🙂

5 Replies 5
CptnCrnch
Kind of a big deal
Kind of a big deal

What kind of speciality should Meraki switches have in this regard that should let you run into any issues?

NCS_Comm
Here to help

I'm not expecting any issues but you never know just trying to do due diligence beforehand to minimize outage as whole network will be down while we replace to new ones

DarrenOC
Kind of a big deal
Kind of a big deal

We’ve not had any issues with routing from

 Meraki switches to Watchguards.  With one of our customers they had one at each location. Simple default route on each layer 3 switch to each watchguard as they were the dfg to the Internet. Simples.

 

I’ll just add that we’ve now replaced all those Watchguards to Meraki MX’s 😁

Darren OConnor | doconnor@resalire.co.uk
https://www.linkedin.com/in/darrenoconnor/

I'm not an employee of Cisco/Meraki. My posts are based on Meraki best practice and what has worked for me in the field.
PhilipDAth
Kind of a big deal
Kind of a big deal

If the firewall policy is tight you might need to add rules to allow the Meraki switches to talk to the cloud.  From the Meraki Dashboard you can go "Help/Firewall" Info to see what firewall rules might need to be added.

 

Also BEFORE you deploy the switches add them to the network in the Meraki dashboard, power them up, and plug them into the network so they can have Internet access, and leave them for 24 hours.

The very first time they can take quite a while to complete their firmware upgrade process.  I have seen it again and again where people think something is wrong and power cycle the switches causing the whole process to start again.  It then adds on hours to the cut over.

 

Do the above and you can just plug them in and power them up and they'll be in a state to start taking your config and start working.

 

 

Also note for layer 3 switches doing actual layer 3 routing, the switch management IP addresses (the ones that talk to the cloud) MUST be in the uplink VLAN to your firewall, and must use the firewall as their default gateway.  They CAN NOT use themselves as the default gateway.

https://documentation.meraki.com/MS/Layer_3_Switching/MS_Layer_3_Switching_and_Routing#Notes_regardi... 

NCS_Comm
Here to help

Thanks for the info
I have had them powered on and off for testing purposes on a separate isolated internet connection so I can get them on the cloud.

Cheers

Get notified when there are additional replies to this discussion.