cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
  • About FrederiqueC

Re: Why CVE-2016-7189 vulnerability in MS Edge is not reported by MX67 ?

by in Security / SD-WAN
‎02-28-2022 06:08 AM
‎02-28-2022 06:08 AM
Hi CptnCrnch. Yes, IPS is enabled and the ruleset is set to "Balanced".  Actually I've checked the snort trule list, and I am not sure if there is one for this particular vulnerability. Do you think we should try with "security" ruleset even if connectivity is essential to our organisation ? Thanks F.   ... View more

Why CVE-2016-7189 vulnerability in MS Edge is not reported by MX67 ?

by in Security / SD-WAN
‎02-28-2022 02:25 AM
‎02-28-2022 02:25 AM
Greetings,    I am receiving alarms from the border FW (Stormshield SN) to inform that packets coming from the meraki MX (used as internal FW, with Advanced Security License) are blocked because of CVE-2016-7189 vulnerability in MS Edge. The Meraki is performing NAT and because of NAT, I am not able to detect which end user is using an internet browser which is not up to date. Which leads me to that question : how come that this vulnerability has not been flagged by the Meraki beforehand  ?   Thank you for sharing your knowledge on this matter. Frederique ... View more
Labels:

Re: Future configuration : NAT question, Several uplinks for several vlans

by in Security / SD-WAN
‎09-10-2021 01:14 AM
‎09-10-2021 01:14 AM
  I was hoping that Merakis were able to route by source IP... Thank you though @cmr    ... View more

Future configuration : NAT question, Several uplinks for several vlans

by in Security / SD-WAN
‎09-07-2021 07:15 AM
‎09-07-2021 07:15 AM
Hello,   I have a configuration question prior to implementation : I have several IPs (let's say 1.1.1.52/29) and I would like to map several uplinks on each of the available IPs and be able to do port forwarding to internal hosts (which are in different vlans). I also need that each individual vlan to be mapped to different public IP Example Port forwarding 1.1.1.52:3389 -> vlan 1:host1 1.1.1.53:3389 -> Vlan 2:host 1 1.1.1.54:3389 -> vlan 3:host 1 Translation to public IPs : Vlan 1 -> 1.1.1.52 Vlan2 -> 1.1.1.53 Vlan 3 -> 1.1.1.54   Is there a way to set this up on the Meraki ? I am used to IOS Cisco Routers and never used wan on same subnet. Thank you. F. ... View more

Re: Passthrough or VPN Concentrator

by in Security / SD-WAN
‎09-25-2020 05:03 AM
‎09-25-2020 05:03 AM
@merakichampThank you for that info. I have a follow up question though. In MX's documentation it is written : "When using an MX as a site-to-site VPN peer, it will only be able to send client traffic over the VPN tunnel if that traffic has been directed to it. As such, a router or L3 switch on the network will need to have static routes configured, such that VPN-bound traffic is sent to the MX. This traffic will then be encrypted and sent through the site-to-site VPN tunnel. Traffic bound to the Internet or other destinations will simply pass through the appliance:"   Let's say that I have that kind of topology Internet -Edge FW - DMZ - MX L2/VPN concentrator - Router - LAN   if I have a layer 3 functionality to ensure routing, if I set the MX in passthrough mode, is it possible for it to deal with S2S VPN, Client VPN AND to still pass all internet traffic (incoming and outgoing) through the MX using filtrering, IPS and AMP functionalities ? if it's not clear, i can ce more specific. thanks for your help. FrederiqueC   ... View more

Re: Topology question : MX64 behind ISP gateway router (client VPN requeste...

by in Security / SD-WAN
‎05-17-2019 03:04 AM
‎05-17-2019 03:04 AM
Hello, Thank you for yuour answer. I usually use this method with Cisco 800 routers (setting it as a DMZ host on the ISP router) but I was not sure that I could do  it with the meraki since I was not sure that NAT would not be in the way.   I'm quite new to Meraki config. and not used to these plus and Play interfaces 🙂 since I'm usually using 800/1900 Cisco Routers.So, correct me if I understood incorrectly, I can do whait I usually do : set the Meraki as he DMZ host of the ISP router and configure the Client VPN on the Meraki as if the Meraki was on the edge.   Thank you for your help, Frederique   ... View more

Topology question : MX64 behind ISP gateway router (client VPN requested)

by in Security / SD-WAN
‎05-13-2019 02:46 AM
‎05-13-2019 02:46 AM
Greetings.   I'm having this topology question. One of my customers is changing ISP and getting a new edge router which cannot be configured in bridged mode.  Behind it, I have a MX64 router which is currently configured in Routed Mode that ensures client VPN functionalities among other things. Unfortunately, the ISP's router can not be changed since it also performs proprietary functionalities that are mandatory. My question is : Do I need to switch to Passthrough Mode in order to get the Client VPN to work ? Or remaining in Routed Mode (with a static WAN RFC 1918 IP address ) and using "double NAT" (since it seems that Routed mode with no NAT is not possible on a Meraki) will suffice ?   Thanks you all for you insights on that matter. Frederique C.       ... View more
© 2022 Meraki