Buy or Renew
Buy or Renew
NEW: Try the Beta AI Summary feature on posts in the Routing and SD-WAN forum. Click to go to the forum.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2110
Views
3
Helpful
2
Replies

Limiting Internal traffic between two subnets

Go to solution
bpinet
Community Member

‎11-17-2022 07:12 AM

New to the Meraki and I have been reading documentation but do not feel I have found the right solution, hoping for some clearer direction here.

After a security breach, we bought new Meraki MX-95 and MS125-48 to build out an entirely new network on a 172 network. Our old network was a 192. We will need to do a one-way trust to transition users over. The original plan was to dedicate one port on the MX-95 for the old 192 network then limit traffic to just let in the needed ports and protocols for the one way trust to come in to the new 172, but exclude all other traffic as we feel there is probably still issues on the old network. We currently use Sonicwall and are finding the new Meraki rules a whole new way of thinking.

I guess the question we have is are we on the right track using the firewall rules to exclude incoming traffic on one port. If we are, any suggestions are appreciated. We are still educating ourselves on the MX-95. Thank You.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Karsten Iwen
VIP
VIP

‎11-17-2022 07:19 AM

I think you are basically on the right track:

  1. Configure multiple VLANs on the MX, at least one for the legacy 192 network, one for the new 172 network. Or directly implement multiple different new VLANs for Servers, Users, Printers, IoT, Voice, and so on.
  2. Either assign the VLANs to two of the ports where you use your old and your new infrastructure, or use a Trunk for the connection to the switch and implement VLANs on the switch.

If you are quite new to networking, I would hire a consultant to design you a new secure environment based on your needs.

--
If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.

View solution in original post

2 Replies 2

Go to solution
Karsten Iwen
VIP
VIP

‎11-17-2022 07:19 AM

I think you are basically on the right track:

  1. Configure multiple VLANs on the MX, at least one for the legacy 192 network, one for the new 172 network. Or directly implement multiple different new VLANs for Servers, Users, Printers, IoT, Voice, and so on.
  2. Either assign the VLANs to two of the ports where you use your old and your new infrastructure, or use a Trunk for the connection to the switch and implement VLANs on the switch.

If you are quite new to networking, I would hire a consultant to design you a new secure environment based on your needs.

--
If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.

Go to solution
bpinet
Community Member
In response to Karsten Iwen

‎11-17-2022 09:37 AM

Great, I do have a VLAN for both networks and the old 192 is isolated to one port. Glad to know I got that part right. I think the rest I need to do with Network Objects and Rulesets. I think I found better documentation to clarify the rules/policy part. We are used to using inbound rules which is where I think we were confused as Meraki has a different way of looking at firewall rules. Thank You for verifying I am not wasting my time trying to do something I cant do with the firewall. We were trying to apply rules to the port versus the subnet. I think I am good.

0 Helpful
Customers Also Viewed These Support Documents