Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Become a member of the Cisco Meraki Community today
Get answers from our community of experts in record time.
Join now- About Gordon
About Gordon
Gordon
Getting noticed
Member since Jan 12, 2018
Apr 19 2023
Community Record
49
Posts
10
Kudos
0
Solutions
Badges
Jun 19 2020
11:58 AM
I am wondering how the dynamic DNS on the MX works if you are using the MG21. Will DDNS use the public IP address on the MG or will it use the IP address assigned to it by the MG. We want to be able to do the following. We have enabled DDNS on the MX. I want to use a cname on GoDaddy to point our DNS to the DDNS address. This will update the DNS automatically and keep our websites available. It may be slow but they will work.
... View more
Jun 1 2020
7:53 AM
2 Kudos
Well I finally found out how to verify the firewall rules. It is possible. The syslog entry contains a keyword called pattern. After pattern it details the firewall rule that applied to the log entry so you can match it against the actual rule. It would have been nicer to have something like rule ## but I can work with this.
... View more
May 20 2020
9:39 AM
We have 8 internal subnets. Plus we have 30 routed subnets from our clients. These are controlled by approximately 60 firewall rules. It is very easy to make a mistake and end up with traffic going unintended places. Add to that our syslog server is handling over 300,000 message an hour. It is very easy to miss something. I have worked with a number of different firewalls and this is the first time I have had a firewall that I could not through a report, the dashboard find see what traffic was being handled by which firewall rule.
... View more
May 20 2020
9:28 AM
Yeah. This just doesn't work for me. I have about 60 rules on my firewalls. So when things are not working right I need to know why. We have a number of subnets on our network plus a number of clients that connect directly to us with a large number of subnets. So it is essential that I can verify that my firewall rules are working as they are. This means I need to be able to look at a rule and see what traffic it is allowing or blocking. Seeing it on my syslog server without any way to determine which rule it came from is not acceptable to us or our clients. To me this is a huge security issue. I need to positively verify a rule is working as intended.
... View more
May 20 2020
7:28 AM
I understand that. But what if there is a bug in their firewall. We have no way of knowing. I already know there is one bug because the rule I have specifically for syslog does not generate any hits and there are literally thousands of packets that should be hitting that rule. So if there is one bug there is a good chance there is another. I also realize that with any device or software there can be bugs but without a way to verify it is not good.
... View more
May 20 2020
7:16 AM
The issue is that it doesn't verify that the rule was the one that generated the log entry. It just says "a" rule in the list generated the log entry. So if you have a mistake in your rules you have no way of checking it to make sure it is the correct rule.
... View more
May 20 2020
5:38 AM
1 Kudo
I opened a ticket with support and their answer does not make sense. I have been working on tightening up my firewall rules. In doing so I noticed I had two rules that were not showing any hits and I know there should be. They are two rules allowing my log messages to go to my syslog server and they come different subnets. The response I got back was that the hit counter was not reliable to use my syslogs. The problem is the logs do not tell me which firewall rule triggered the log entry. So now my question becomes - how do I know that the rules are working the way I think they are supposed to be. It wouldn't be the first time I created a rule and then realized it wasn't exactly what I expected or wanted. So if I am not getting hits on those rules how do I know it is not another rule further down in the list that is allowing the traffic. This seems to be a big issue not being able to verify that your rules are working the way they are supposed to.
... View more
May 15 2018
10:52 AM
1 Kudo
I emailed the person who emailed my but I don't think I tried that one. I will do so. Thanks
... View more
May 15 2018
10:18 AM
I did. I can not even get a response from them. Makes me wonder if that is the way they treat their customers.
... View more
May 15 2018
9:54 AM
I attended a number of Meraki webinars. A number of them indicate that if you attend you can get a free switch, or firewall or access point. After attending the webinars I answered the email request to verify my address. I have even tried contacting someone there (not easy). In the end I never did receive anything.
... View more
Mar 22 2018
5:13 AM
OK. So the answer is no, that there is not a way to have multiple subnets. I have looked at group policy and it is not going to work in our case for a number of reasons. Thanks for the replies
... View more
Mar 21 2018
1:00 PM
Yep. And sometimes I need to create a temporary rule for some project that we have. It is just easier sometimes to be able to click disable. Same with NAT. I have done it with those as well at times. Put in a Wish for it. Maybe if they get enough they will add it. It should be fairly simple to do.
... View more
Mar 21 2018
12:51 PM
The only way I can figure how to do it, is to assign them static IPs to use and then I can filter by them. Not the best option but this is for a client not general public.
... View more
Mar 21 2018
11:33 AM
I have been looking but I don't see an option for this. Is there a way to temporarily disable a firewall or NAT rule. We have to do that occasionally and right now the only option I see is to delete the rule. Thanks, Gordon
... View more
Mar 21 2018
11:24 AM
Is it possible to have multiple subnets for client VPNs? I have a need for different access and permissions for different groups that VPN in. One is for a client and one is for our own employees. I want to be able to limit the client to be able to access one server only but I don't see how to do that with the MX. Thanks, Gordon
... View more
Mar 2 2018
8:31 AM
1 Kudo
Thanks for the quick reply I read this before but I missed some of it. Just so I know how the underlying system works. WAN - I can assign a VIP to it to be used as the default gateway which will follow the active firewall LANs - Since the LANs do not get assigned a VIP, do they both get the same IP (active and passive) so that the default gateway on the LAN does not change.
... View more
Mar 2 2018
7:29 AM
I am trying to understand how these firewalls work with HA. Part of the issue is how my current firewalls work. On my current firewalls I have the following WAN Firewall-1 11.11.11.02 Firewall-2 11.11.11.03 Firewall VIP 11.11.11.01 LAN Firewall-1 22.22.22.02 Firewall-2 22.22.22.03 Firewall VIP 22.22.22.01 So the VIP gets assigned to the active firewall so that the default gateway does not change. How does this work with Meraki? I don't see where I can enter VIPs for the LANs
... View more
Feb 25 2018
2:39 PM
Thanks but not what I am looking for. I want to be able to only allow certain people to access www.website.com/login A blacklist blocks everyone.
... View more
Feb 23 2018
1:11 PM
I have been playing in the devnet sandbox in anticipation of getting our new firewalls next week. One of the things I would like to do is block access to a website using the following pattern www.website.com/login so that only certain users can access that particular page. When I try entering this in any of the different types of rules I get an invalid destination address. Does anyone know if I can do this? Thanks
... View more
Jan 30 2018
11:48 AM
@PhilipDAth wrote: You only use templates when you have lots of sites. You would not use a template if you only had a single site. I realize that now. I was hoping to use the template to pre-program my firewalls as we haven't received them yet. After reading the document recommended by ww I realize that is not the best approach.
... View more
Jan 30 2018
10:27 AM
Thanks for the response. Reading this about templates, I realize I probably don't want to use them.
... View more
Jan 30 2018
8:42 AM
I am new to Meraki firewalls. I am in the process of configuring a template for our MX84 that is on order. What I am trying to figure out and I have read the online documentation is setting up a VLAN with a unique subnet. I see how to do that under Addressing and VLANs. What I am trying to determine is, what is the purpose of this. I currently use pfSense for my firewalls and I didn't have to do anything like that. I used IPSEC and pointed to the subnets at each end that I wanted to be able to converse. Thanks
... View more
Jan 12 2018
6:27 AM
We are looking at ordering a pair of MX84s in the near future. I have been reading the documentation online and I really don't see much information on the ports. What I would like to know is the unit shows 10 -rj45 ports and two SFP+ ports. Are all ports usable or when using the SFP ports does it disable any of the other ports. Thanks
... View more
My Top Kudoed Posts
| Subject | Kudos | Views |
|---|---|---|
| 2 | 9770 | |
| 1 | 10253 | |
| 1 | 4862 | |
| 1 | 3822 |
© 2025 Cisco Systems, Inc.
