Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Firewall Controller

Apirtle
New here
‎Oct 9 2023 2:08 PM
‎Oct 9 2023 2:08 PM

Firewall Controller

I have 18 locations and have one firewall MX84 at the main IT location. I need to move the controller from this firewall to another firewall at a different location. How can this be done? 


Labels:
0 Kudos
Subscribe
6 Replies 6
DarrenOC
Kind of a big deal
Kind of a big deal
‎Oct 9 2023 2:15 PM
‎Oct 9 2023 2:15 PM

Hi @Apirtle , could you please explain your requirement in a little more detail please?

 

Are you saying you have 18 different sites and you need to move your MX from its current physical location to another site?

Darren OConnor | doconnor@resalire.co.uk
https://www.linkedin.com/in/darrenoconnor/

I'm not an employee of Cisco/Meraki. My posts are based on Meraki best practice and what has worked for me in the field.
0 Kudos
Subscribe
In response to DarrenOC
Apirtle
New here
‎Oct 9 2023 2:26 PM
‎Oct 9 2023 2:26 PM

DarrenOC, 

 

I have 18 locations all with MX firewalls and 1 location with Fortinet firewall. My plan is to remove the firewall that currently has the controller and replace it with a Fortinet. However, to do this I need to make one of the other firewalls the controller. 

The reason for this is that current location that has the Fortinet can't be changed and the 1 location that I want to replace has connection issues only with the Fortinet and not the other Meraki locations.   

Please keep in mind that all locations connect to the Fortinet currently however only one has issues. It will "drop" the connection for about 30 seconds at a time and reconnect. When this happens the meraki and fortinet dashboards both show the connection is active. The meraki logs shows that it is negotiating about every second. 

I'm at a loss on how to get this to work.

Thank you 

0 Kudos
Subscribe
In response to Apirtle
alemabrahao
Kind of a big deal
Kind of a big deal
‎Oct 9 2023 2:30 PM
‎Oct 9 2023 2:30 PM

When you say.  "I need to make one of the other firewalls the controller." Are you talking about HUB?

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
Subscribe
In response to alemabrahao
Apirtle
New here
‎Oct 9 2023 2:33 PM
‎Oct 9 2023 2:33 PM

Yes. I don't use Meraki's every often, but I'm told our firewall is the main HUB\controller and we can't remove it without breaking our other firewalls. Without the HUB we won't have access to change the config file on each firewall.  

0 Kudos
Subscribe
In response to Apirtle
alemabrahao
Kind of a big deal
Kind of a big deal
‎Oct 9 2023 2:37 PM
‎Oct 9 2023 2:37 PM

You can have multiple HUBs in fact, the biggest question in your case is, if you choose another MX as a HUB and remove the current HUB, will you be able to access all the Auto VPN features?

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
Subscribe
In response to alemabrahao
alemabrahao
Kind of a big deal
Kind of a big deal
‎Oct 9 2023 2:39 PM
‎Oct 9 2023 2:39 PM

Here you can find some helpfull documentation.

 

https://documentation.meraki.com/Architectures_and_Best_Practices/Auto_VPN_Hub_Deployment_Recommenda...

 

https://documentation.meraki.com/MX/Site-to-site_VPN/Configuring_Hub-and-spoke_VPN_Connections_on_th...

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.