Hi everyone, I’m looking for advice on the best way to connect and secure an MS-130-8 WAN switch in our network. The network diagram is attached at the bottom of the post. Network Overview MS-130-8 Role: The switch serves as a WAN breakout switch, distributing internet connectivity between the corporate and guest networks. Internet Lines: Internet A: Dedicated for the corporate network. Internet B: Serves as a backup for corporate traffic and primary for guest internet. Firewalls: Corporate Firewalls: Primary Firewall: Connected to Internet A. Backup Firewall: Connected to Internet B. Guest Firewalls: Primary and Backup Firewalls: Both connected to Internet B. Current Connection: The MS-130-8 is connected to the core switch (C9300-M), which aggregates traffic from the corporate and guest firewalls and routes it to downstream devices, including the access switch (MS225). We aim to securely connect the MS-130-8 to the Meraki dashboard for management while adhering to best practices for security and reliability. Additionally, we would like to avoid assigning a public IP address to the MS-130-8 unless there is a compelling reason to do so. Questions Secure Dashboard Connectivity: What is the best way to securely connect the MS-130-8 to the Meraki dashboard without using a public IP address? Core Switch Connection: Is it advisable to keep the MS-130-8 connected to the core switch, or should it be connected directly to the firewalls instead? Best Practice Configurations: How should VLANs and firewall rules be configured to isolate management traffic while allowing dashboard communication (e.g., HTTPS on port 443)? Should we use separate physical connections for management and WAN breakout traffic, or is a single trunk link with tagged VLANs sufficient? We’d greatly appreciate any insights, recommendations, or references to Meraki best practices. Thanks in advance for your help! Network Diagram
... View more
