Meraki

Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

About Paul2zl

Re: Azure vMX HA pair - can both be in same VNet?

by in Cloud Security & SD-WAN (vMX)
‎Mar 8 2021 2:57 AM
1 Kudo
‎Mar 8 2021 2:57 AM
1 Kudo
Yes exactly, that is my thinking, I see no reason from an Azure perspective why they can't be in the same vnet.   With the Azure UDR (dynamically updated by the Azure Function based upon the availability of the primary instance) we would specify the IP address of the active vMX.   It was the first diagram in the guide that was causing me to question this, and think there might be something intrinsic about the vMXs that means that the 2 of them (in an HA pair) couldn't share the same VNet.     ... View more

Azure vMX HA pair - can both be in same VNet?

by in Cloud Security & SD-WAN (vMX)
‎Mar 8 2021 1:51 AM
‎Mar 8 2021 1:51 AM
Hi   If a want a resilient pair of vMXs in Azure can they/should they be in the same Azure VNet and subnet?   On the one hand this page is showing 2 VNets, but there is then another diagram showing them both in the same VNet.   https://documentation.meraki.com/MX/Other_Topics/Deploying_Highly_Available_vMX_in_Azure   Many thanks   Paul ... View more

Re: vMX in Azure - should it/could it be behind an Azure Firewall?

by in Cloud Security & SD-WAN (vMX)
‎Jan 5 2021 2:22 PM
‎Jan 5 2021 2:22 PM
Within the Managed Application resource group there is a public ip address that is assigned to the vMX vm. I presume that has to remain there as the resource group is locked?   Thanks. ... View more

vMX in Azure - should it/could it be behind an Azure Firewall?

by in Cloud Security & SD-WAN (vMX)
‎Jan 5 2021 8:57 AM
1 Kudo
‎Jan 5 2021 8:57 AM
1 Kudo
Hi   I notice the deployment of the vMX into Azure associates an Azure Public IP address with the vMX/Managed Application.   Presumably it is this public IP address that is used for inbound and outbound vMX connectivity. This vMX is therefore on the perimiter of the Azure network directly exposed via a public ip address.   I have a couple of questions: Is this considered best practice, or are they scenarios where one would want the vMX to sit behind an Azure Firewall (or third party firewall device)? I.e. so inbound azure traffic flows throught a firewall device before reaching the vMX. I ask this because some organizations may already have (or wish to have) an Azure Firewall at the perimeter of their Azure virtual network. Is it even possible to make the vMX sit behind a firewall? For example, the deployment creates a managed application that contains a public ip address associated with the vmx VM. This suggests to me that you don't have much choice other than having it diretly exposed via the public ip address attached to the vMX VM (as opposed to forwarding traffic from an Azure Firewall to a private ip address associated with the vMX say).   Of course, if we were using the native Azure VPN Gateway (and not Cisco vMX say) then that would sit right at the perimeter. So it may be that it's the same principle with vMX, in which case that's fine. I really just need a view on this though to sanity check this.   Many thanks for any help in advance.   Paul   ... View more
© 2024 Cisco Systems, Inc.