Meraki

Community

NAT Visibility

RichardDeckart
New here
‎Nov 28 2017 1:27 PM
‎Nov 28 2017 1:27 PM

NAT Visibility

Our guest network is Meraki NAT (DHCP). We have an upstream Palo Alto, but all the traffic is NAT'D with the AP IP to the firewall. Is there any work around other than to use bridge mode and our DHCP server?

0 Kudos
2 Replies 2
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Nov 28 2017 1:31 PM
‎Nov 28 2017 1:31 PM

There is no work around.  You either use NAT mode or bridged mode.  I can't even think of any other option that could even be created.

0 Kudos
MilesMeraki
Head in the Cloud
‎Nov 29 2017 2:07 AM
‎Nov 29 2017 2:07 AM

You could attempt to create a specific VLAN for guest users off the firewall and obviously control what they can talk to within your network from the firewall itself using firewall rules. That way you gain full visibility of Guest clients at the firewall.

 

Never the less, visibility of guest clients can be seen from the Mearki dashboard. IMO if you can implement security closer to the edge of the network the better. I'd stick with your Meraki Guest NAT SSID. 

Eliot F | Simplifying IT with Cloud Solutions
Found this helpful? Give me some Kudos! (click on the little up-arrow below)
0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.