Meraki

Community

Meraki WiFi - Applying SDWAN / Umbrella Policies

HE1
New here
16 hours ago
16 hours ago

Meraki WiFi - Applying SDWAN / Umbrella Policies

We are currently planning a deployment of Umbrella SIG and are looking at the best options for applying Umbrella Policies to un-managed devices. We will be using the Umbrella Secure Client for managed / roaming devices.

 

We currently use a Guest WiFi network with Meraki AP assigned (NAT mode). Is there a best practice for applying Umbrella to this? We are thinking of going down an IPSEC / SDWAN tunnel route for this however Meraki AP assigned doesn't support VLAN Tagging.

 

Does applying the SDWAN policies or IPSEC Tunnel to the Native VLAN that the AP's also inherit that to the Guest Wifi? I believe the Meraki AP Assigned will use the Native VLAN.

 

Or are we just overcomplicating it and should migrate a away from Meraki AP assigned and try replicate the isolation within a bridged SSID for better control. If so is there any guidance out there on replication the inbuilt Meraki Isolation that comes with the AP Assigned mode. 

 

0 Kudos
5 Replies 5
RWelch
Head in the Cloud
16 hours ago
16 hours ago

Manually Integrating Cisco Umbrella with Meraki Networks 

If you found this post helpful, please give it Kudos. If my answer solves your problem please click Accept as Solution so others can benefit from it.
0 Kudos
In response to RWelch
HE1
New here
16 hours ago
16 hours ago

Thanks for this, however to my understanding this is limited to DNS Policies, I think we want to go down the full Web Policies route. It also doesn't seem to be compatible with Meraki AP Assigned DHCP. Perhaps we are just limiting ourselves by sticking with this idea that we can use Meraki AP Assigned DHCP for a guest wifi solution.

0 Kudos
In response to HE1
RWelch
Head in the Cloud
13 hours ago
13 hours ago

MX and Umbrella SIG IPSec Tunnel 
Not sure if this might help answer some of your questions.

If you found this post helpful, please give it Kudos. If my answer solves your problem please click Accept as Solution so others can benefit from it.
0 Kudos
PhilipDAth
Kind of a big deal
Kind of a big deal
12 hours ago
12 hours ago

>We currently use a Guest WiFi network with Meraki AP assigned (NAT mode).

 

If you change to using bridged mode you'll be able to use VLAN tagging.

0 Kudos
Brash
Kind of a big deal
Kind of a big deal
7 hours ago
7 hours ago

 

Personally, I wouldn't setup SIG tunnels for guest traffic. You'll have to deal with guests accessing weird and wonderful websites that are blocked or encounter issues with the policies you've set.

It also adds additional complexity as to utilize the SIG tunnel, your client VLAN has to be setup for SD-WAN, so you'll have to add appropriate firewall rules to prevent communication across L3 boundaries, as well as across the SD-WAN.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.